:sparkles: Newer Feature

• New unrestricted file upload size vulnerability (#351) by @tkomlodi in https://github.com/SasanLabs/VulnerableApp/pull/454
• #406 Addition of secured implementations for Union SQL Injection by @x7Git in https://github.com/SasanLabs/VulnerableApp/pull/452
• Building localisation support framework by @preetkaran20 in https://github.com/SasanLabs/VulnerableApp/pull/419

:rocket: Integrations

• CodeCov intergration with VulnerableApp
• Upgrade gradle to 7.5.1 version by @SampathKumarAmex in https://github.com/SasanLabs/VulnerableApp/pull/385
• Adding reddit troubleshooting link for application by @preetkaran20 in https://github.com/SasanLabs/VulnerableApp/pull/463
• Italian Locale support by @TheZal in https://github.com/SasanLabs/VulnerableApp/pull/415
• Hindi Locale support by @garvit2435 in https://github.com/SasanLabs/VulnerableApp/pull/439
• Chinese locale support by @yuhwaa in https://github.com/SasanLabs/VulnerableApp/pull/430
• Swedish translation support by @antonsixtenson in https://github.com/SasanLabs/VulnerableApp/pull/424
• Spanish translation support by @dafarias in https://github.com/SasanLabs/VulnerableApp/pull/423

:test_tube: Addition of Tests

• Add test for PathTraversal class by @richard66033 in https://github.com/SasanLabs/VulnerableApp/pull/456
• Add test for PathTraversal class by @richard66033 in https://github.com/SasanLabs/VulnerableApp/pull/456
• Tests for Persistent XSS in HTML by @SeheX in https://github.com/SasanLabs/VulnerableApp/pull/455
• Tests for ErrorBasedSQLInjection Vulnerability @13Anthony in https://github.com/SasanLabs/VulnerableApp/pull/451
• Tests for union based sql injection by @000panther in https://github.com/SasanLabs/VulnerableApp/pull/444
• Add SSRF Vulnerability tests by @rai-sandeep in https://github.com/SasanLabs/VulnerableApp/pull/429

🐞 Fixes

• Fixed jibDockerBuild command for local testing based on Multi-Platform build in https://github.com/SasanLabs/VulnerableApp/pull/462
• Fixed file upload directory creation when system root directory is not writable by application. #449 by @tkomlodi in https://github.com/SasanLabs/VulnerableApp/pull/453
• Mocked network calls made in SSRFVulnerabilityTest fixing local build errors by @tkomlodi in https://github.com/SasanLabs/VulnerableApp/pull/447

New Contributors

• @TheZal made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/415
• @dafarias made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/423
• @antonsixtenson made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/424
• @yuhwaa made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/430
• @rai-sandeep made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/429
• @garvit2435 made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/439
• @000panther made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/444
• @tkomlodi made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/447
• @13Anthony made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/451
• @SeheX made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/455
• @richard66033 made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/456
• @x7Git made their first contribution in https://github.com/SasanLabs/VulnerableApp/pull/452

Thanks a lot for all the amazing contributions.

Full Changelog: https://github.com/SasanLabs/VulnerableApp/compare/1.11.0...1.12.0

:sparkles: Newer Feature

• Addition of SSRF vulnerability to VulnerableApp
• Addition of Newer JWT Vulnerability level to include special Authorisation header Injection

:rocket: Integrations

• Sonar Integration to VulnerableApp
• Semantic Version integration to VulnerableApp

:fire: Removed code or files

• Removed Non Vulnerable Level in Persistent XSS
• Removal of redundant VulnerabilityType and VulnerabilitySubTypes
• Removal of all the deprecated fields in VulnerableAppRequestMapping annotation and ScannerResponseBean

:test_tube: Addition of Tests

• Adding unit test for controller exception handler
• Addition of unit test and small fixes in XSSInImgTagAttribute
• Addition of unit test and various other fixes in OpenRedirect Vulnerability

:memo: Documentation update

• Updating Hint messages for SQLInjection
• Grammar update in Project usage document
• Grammer update in Readme

🐞 Fixes

• PathTraversalVulnerability issues with Spring-boot standalone builds
• SQL Injection DB connect issue
• Addition of Secure Variant in XXE
• Marking last level as Secure in CommandInjection
• OpenRedirect vulnerability bug in Spring-boot standalone build
• Updates in PersistentXSSInHTMLTagVulnerability
• Code smell fixes(https://github.com/SasanLabs/VulnerableApp/pull/372 and https://github.com/SasanLabs/VulnerableApp/pull/373)

Special thanks to contributors

• @priyanka010392
• @1411dolly0
• @Monoradioactivo
• @KelvinTran6
• @SampathKumarAmex
• @jpralle
• @ehizman
• @shammer0
• @hks1
• @Emelie4
• @merry-degaga
• @NMV01
• @gled02

Special thanks for finding crucial issues

• @massot-c
• @GitHubNull
• @collapsinghierarchy

Full Changelog: https://github.com/SasanLabs/VulnerableApp/compare/1.10.0...1.11.0

This release includes:

1. Onboarding to new User Interface for Owasp VulnerableApp-Facade
2. Addition of Content-Disposition based File Upload attack
3. Introduction to 'Secure' and 'Unsecure' marker for vulnerability levels
4. Introduction to a better descriptive payload for SQL Injections
5. Removed sample values from Annotation
6. Addition of expected_issues.csv file which contains the vulnerabilities presents in VulnerableApp and is used by SAST tools to evaluate themselves.

Special thanks to contributors:

1. @nowakkamil
2. @marcin-wrotecki
3. @o0o-v4mp1r3-o0o
4. @agigleux
5. @preetkaran20

For Docker-based installation please use the following URL: https://hub.docker.com/r/sasanlabs/owasp-vulnerableapp

Pull the image by running the following command:

docker pull sasanlabs/owasp-vulnerableapp
For running vulnerable app as docker container: docker run -p 9090:9090 --name=owasp-vulnerableapp sasanlabs/owasp-vulnerableapp:latest

This release includes:

1. Added Open Redirect Vulnerability Http Status Code 3XX based
2. Special thanks to Hacktoberfest and all the awesome contributions made by contributors, highlights: 2.1 @devabhishekpal , Designed an amazing Logo for the project 2.2 @hexxdump , First ever article on the project 2.3 @pavluchenko , Removing Maven and its related dependencies 2.4 @fengyuanyang , Introduced unit-tests to the project 2.5 @Nimanita @hritikgupta for improving error pages and documentation

Very glad to inform that we have reached a milestone of 75 Vulnerabilities with this release.

For Docker based installation please use following URL: https://hub.docker.com/r/sasanlabs/owasp-vulnerableapp

Pull the image by running following command:

docker pull sasanlabs/owasp-vulnerableapp
For running vulnerable app as docker container: docker run -p 9090:9090 --name=owasp-vulnerableapp sasanlabs/owasp-vulnerableapp:latest

This release comprise of addition of 2 new Vulnerabilities:

1. File Upload Vulnerability
2. XXE Also we have revamped the entire backend framework with more generic and easy to use approach so that new vulnerabilities addition is quite easy. Along with these, in this release we have reduced the Docker Size by 20-25 MB (using jib suggested by @hemantgs ). We have also updated the documentation and a new website is added.

This is a major release with 141 commits, with 2,853 additions and 1,709 deletions. Thanks to all the contributors:

1. @preetkaran20
2. @hemantgs
3. @hritikgupta

For Docker based installation please use following URL: https://hub.docker.com/r/sasanlabs/owasp-vulnerableapp

Pull the image by running following command:

docker pull sasanlabs/owasp-vulnerableapp
For running vulnerable app as docker container: docker run -p 9090:9090 --name=owasp-vulnerableapp sasanlabs/owasp-vulnerableapp:latest

This release comprise of addition of Persistent XSS Vulnerability.

For Docker based installation please use following URL: https://hub.docker.com/r/sasanlabs/owasp-vulnerableapp

Pull the image by running following command: docker pull sasanlabs/owasp-vulnerableapp
For running vulnerable app as docker container: docker run -p 9090:9090 --name=owasp-vulnerableapp sasanlabs/owasp-vulnerableapp:latest

Addition of 2 new vulnerabilities along with there UI.

For Docker based installation please use following URL: https://hub.docker.com/r/sasanlabs/owasp-vulnerableapp

Pull the image by running following command: docker pull sasanlabs/owasp-vulnerableapp
For running vulnerable app as docker container: docker run -p 9090:9090 --name=owasp-vulnerableapp sasanlabs/owasp-vulnerableapp:latest

This release comprise of:

1. Addition of sitemap.xml endpoint
2. Addition of scanner and scanner/metadata endpoint for Vulnerability Scanning Tools Integration.
3. Small UI fixes.

For Docker based installation please use following URL: https://hub.docker.com/r/sasanlabs/owasp-vulnerableapp

Pull the image by running following command: docker pull sasanlabs/owasp-vulnerableapp
For running vulnerable app as docker container: docker run -p 9090:9090 --name=owasp-vulnerableapp sasanlabs/owasp-vulnerableapp:latest

This release comprise of:

1. SQL Injection vulnerability
2. Few Fixes and Addition of Vulnerabilities
3. UI design modifications and Button animation
4. Spotless integration for code format

For Docker based installation please use following URL: https://hub.docker.com/r/sasanlabs/owasp-vulnerableapp

Pull the image by running following command: docker pull sasanlabs/owasp-vulnerableapp
For running vulnerable app as docker container: docker run -p 9090:9090 --name=owasp-vulnerableapp sasanlabs/owasp-vulnerableapp:latest

Very excited to announce the new version. This version is a minor release where i am adding new theme to vulnerableApp and little bit platform building at UI side is done. Hope this will give more indications on where this project is heading towards.

There are many things which are left and we are working very hard on fulfilling them.

Waheguru Guru Nanak Patshah mehar kro ... !!! Sasan On work !!!