Release Notes v8.4.0

19 views
Skip to first unread message

Bjoern Kimminich

unread,
Mar 8, 2019, 5:38:27 AM3/8/19
to Juice Shop Project
Release Notes v8.4.0

:godmode: Challenges

  • #730: Added XSS Tier 1.5 challenge (starstar) on a legacy page (kudos to @supra08)
  • #770: Added DLP Failure Tier 1 challenge (starstarstarstar) adding some fruity detective's work (kudos to @supra08)
  • #770: Added DLP Failure Tier 2 challenge (starstarstarstarstar) focusing on OSINT and password spraying
  • #234: Added Two Factor Authentication challenge (starstarstarstarstar)
  • (zap) Increased difficulty of Admin Access challenge from star to starstar since trivial attack stopped working

european_castle Security

  • #799: Column password is no longer part of responses from the /api/Users endpoints
  • #840: Added AdminGuard to protect admin section against unauthorized access (kudos to @agrawalarpit14)

art UI

  • Added 2FA challenge dialog after login displayed to users with Two Factor Authentication enabled
  • #729: Display user profile image as avatar in navigation bar for logged in users
  • Added Liberapay payment option to Your Basket page
  • Added Patreon payment option to Your Basket page
  • Added Leanpub merchandise button to Your Basket page
  • Profile page now uses same color scheme as selected application.theme applies to Angular Material
  • Added Reddit URL to About Us page in Social Media section

performing_arts Customization

  • #699: Introduced overwriteUrlForProductTamperingChallenge property for Product Tampering challenge (kudos to @aaryan01)
  • Customize description of Product Tampering with associated product and above URL
  • Added application.redditUrl property (defaults to https://www.reddit.com/r/owasp_juiceshop)
  • Removed sickshop.yml demo configuration as more complete alternatives (mozilla.ymlbodgeit.ymland 7ms.yml) are available

bug Bugfixes

  • Fixed visual issue with translucent overlay on Score Board when scrolling while not fully loaded (kudos to @agrawalarpit14)
  • Added caching to avoid pointless repetetive loading of configuration via API (kudos to @devanshbatra04)
  • #789: Fixed performance issues when rendering the Score Board

world_map I18N

  • Completed israel translation
  • Extended ru and estonia translations
  • #801: Fixed spelling of Hebrew in language menu into עברית

left_luggage Miscellaneous

  • (warningEnded official support and stopped providing pre-packaged releases for Node.js 9.x
  • Introduce winston for console logging and squelch info/warn logs during test suite runs on Travis-CI
  • Updated all non-breaking dependencies and devDependencies in backend and frontend
Reply all
Reply to author
Forward
0 new messages