Challenges
- Added GDPR Compliance Tier 1 challenge (:star::star::star:) asking to log in with an erased user account
- Added GDPR Compliance Tier 2 challenge (:star::star::star::star:) where personal data must be stolen
- Changed solution paths for Redirect Tier 1 challenge to use crypto currency links over Gratipay page (:zap:)
- Removed Lost in Recycling challenge as its underlying vulnerability was fixed in the used ORM library (:zap:)
🆕 Features
- Added Data Erasure Request (Art. 17 GDPR) form to Privacy & Security section
- User profile now allows uploading different image types instead of only JPG (kudos to @natmchugh)
🐛 Bugfixes
- #803: Do not allow
null
forBasketItem.id
any longer to prevent issues with Basket Access Tier 2 (:zap:)
🛅 Miscellaneous
- Frontend dependencies are checked before server startup if
frontend/src
folder is found - Existence of essential compiled frontend files (
index.html
,main.js
etc.) is checked before server startup - Add
http://juice-shop.wtf
to supported Google OAuth URLs to make it work in OWASP SamuraiWTF - Remove all private sponsorship service and crypto currency links