OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
null
pointer while checking Database Schema solution#1876: Bypass isGitpod()
check to prevent unintended disabling of dangerous challenges in any environment (workaround until https://github.com/dword-design/is-gitpod/issues/94 is resolved)
latest-arm
, snapshot-arm
and vX.Y.Z-arm
images are no longer built for linux/arm64
(โ ๏ธ)application.securityTxt.hiring
property as hiring
field in security.txt
and as X-Recruiting
HTTP headeralpine
to distroless
runtime image276.02 MiB
โ 175.59 MiB
(uncompressed: 762MB
โ 509MiB
)This release brings technical breaking changes or renamings (โ ๏ธ) which might require migrating to a newer Node.js version or updating existing customization files.
hackingInstructor.hintPlaybackSpeed
property to faster
/slower
(ยฑ50%), fast
/slow
(ยฑ25%) or leaving it normal
test
into test
(for unit tests), api-test
(for Frisby.js) and coverage-report
(for Codeclimate merge and upload)sequelize
ORM models have been migrated to TypeScript (kudos to @ShubhamPalriwala)insecurity.js
into TypeScript (kudos to @ShubhamPalriwala)frontend/src/
to frontend/dist/frontend/
as the source folder should never be referencedhttp://192.168.56.110
to avoid issues on MacOS and Linux with IPs not in 192.168.56.0/21 network (โ ๏ธ)localhost:3000
, localhost:4200
, 127.0.0.1:3000
,127.0.0.1:4200
, 192.168.99.100:3000
, juice-shop.wtf
and penguin.termina.linux.test:3000
by proxying via a subdomain of https://owasp-juice.shop with HTTPS7ms
, addo
, mozilla
and oss
now explicitly set expected EXIF meta data for "Retrieve Blueprint" challenge to null