Release Notes v13.0.0

[Bjoern Kimminich]

v13.0.0

This release brings significant changes to existing challenges (⚡) which might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop! It also contains technical breaking changes or renamings (⚠️) which might require migrating to a newer Node.js version or updating existing customization files.

🎨 User Interface

• Migrated frontend to Angular 13 and Angular Material 13
• Explicitly dropped support for Internet Explorer 11 (⚠️)
• Dropped support for legacy browsers still requiring EcmaScript 5 (⚠️)

👍👎 Feedback

• Feedback can now be given on solved hacking & coding challenges with 👍👎 buttons
  • both will open an anonymous pre-populated Google Form with an optional free text field for individual feedback
  • Google login is only required to prevent duplicates and spam, i.e. user identity is not part of the submitted form
• Challenge feedback can be configured via challenges.showFeedbackButtons: true|false property (true by default)

🎯 Challenges

• Challenge Login Support Team was redesigned to use the involved KeePass database more realistically (⚡)

👨‍🏫 Hacking Instructor

• Expected input values can now be (partially) replaced with any property from configuration
• #1715: Tutorials for "Login Jim" and "Login Bender" now expect application.domain instead of static "juice-sh.op"

🎭 Customization

• Property challenges.showCodeSnippets has been renamed into challenges.codingChallengesEnabled (⚠️)
• Listing EXIF metadata in exifForBlueprintChallenge on product used for Retrieve Blueprint is now mandatory (⚠️)

🐛 Bugfixes

• #1726: HTML characters in application.name config property will no longer break the User Profile and Promotion Video

⚙️ DevSecOps Automation

• #1731: CodeQL analysis workflow has been updated to latest recommended settings (kudos to @NickLiffen)