Wrongsecrets Versions Save

What's Changed

Bugfixes and Improvements

• Simplified intigration test for K8s in cypress by @Shubham-Patel07 in https://github.com/OWASP/wrongsecrets/pull/1235
• Update toggle switch by @Shubham-Patel07 in https://github.com/OWASP/wrongsecrets/pull/1239
• Various fixes: eslint, broken animation, contributors, and more challenges links by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1242
• Fix typo on CONTRIBUTING.md by @za in https://github.com/OWASP/wrongsecrets/pull/1244
• Fix typo on CONTRIBUTING.md by @za in https://github.com/OWASP/wrongsecrets/pull/1245
• Fix for challenge 16 FE/BE alignment and fix for showing the minimal needed tech. by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1272
• fix: fix AWS for new EKS module and K8s 1.29 by @bendehaan in https://github.com/OWASP/wrongsecrets/pull/1273
• enable challenge 46 in cloud by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1274

LCM

• Bump hashicorp/google from 5.13.0 to 5.14.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1234
• Bump hashicorp/google-beta from 5.13.0 to 5.14.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1233
• Bump pre-commit-ci/lite-action from 1.0.1 to 1.0.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1237
• Bump pre-commit/action from 3.0.0 to 3.0.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1238
• Bump flat and mocha in /src/test/e2e by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1241
• Bump com.h3xstream.findsecbugs:findsecbugs-plugin from 1.12.0 to 1.13.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1246
• Bump io.gatling.highcharts:gatling-charts-highcharts from 3.10.3 to 3.10.4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1247
• Bump com.puppycrawl.tools:checkstyle from 10.13.0 to 10.14.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1250
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.3.0 to 4.8.3.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1255
• Bump org.springframework.boot:spring-boot-starter-parent from 3.2.2 to 3.2.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1248
• Bump org.codehaus.mojo:exec-maven-plugin from 3.1.1 to 3.2.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1269
• Bump com.azure.spring:spring-cloud-azure-dependencies from 5.8.0 to 5.9.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1249
• Bump hashicorp/http from 3.4.1 to 3.4.2 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1268
• Bump hashicorp/azurerm from 3.89.0 to 3.94.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1267
• Bump hashicorp/http from 3.4.1 to 3.4.2 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1266
• Bump hashicorp/google from 5.14.0 to 5.18.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1264
• Bump hashicorp/google-beta from 5.14.0 to 5.18.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1263
• Bump hashicorp/http from 3.4.1 to 3.4.2 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1259
• Bump terraform-aws-modules/eks/aws from 19.21.0 to 20.5.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1258
• Bump hashicorp/aws from 5.34.0 to 5.39.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1265
• Bump @commitlint/config-conventional from 18.6.0 to 19.0.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1262
• Bump org.jruby:jruby-complete from 9.4.5.0 to 9.4.6.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1251
• Bump aws.sdk.version from 2.23.15 to 2.25.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1252
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 5.0.1 to 5.0.4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1256
• Bump eslint-plugin-jest from 27.6.3 to 27.9.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1261
• Bump eslint from 8.56.0 to 8.57.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1260
• Bump io.gatling:gatling-maven-plugin from 4.7.0 to 4.8.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1257
• Bump org.webjars:bootstrap from 5.3.2 to 5.3.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1254
• Bump org.asciidoctor:asciidoctor-maven-plugin from 2.2.5 to 3.0.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1253

New Contributors

• @Shubham-Patel07 made their first contribution in https://github.com/OWASP/wrongsecrets/pull/1235

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.8.3...1.8.4

Special Thanks

Special thanks to @Shubham-Patel07 , @bendehaan , @za , @nbaars , @commjoen for their hard work on this release!

What's Changed

Bugfixes, improvements, and docs:

• Fix typo on Vaultpassword.java by @za in https://github.com/OWASP/wrongsecrets/pull/1190
• attempt to fix surefire perm issue for non fork by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1197
• Update readme with contributors and more by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1194
• Issue 1193: update trufflehog command on the challenge 1 hint doc by @za in https://github.com/OWASP/wrongsecrets/pull/1195
• Sort alphabetically while importing Python modules by @za in https://github.com/OWASP/wrongsecrets/pull/1199
• Format Python script using Black formatter by @za in https://github.com/OWASP/wrongsecrets/pull/1202
• Update main.yml to no longer contain test uploads to the PR by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1226

New challenges:

• New Challenge - Vault Template Injection by @nwolniak in https://github.com/OWASP/wrongsecrets/pull/1189

LCM:

• Bump actions/cache from 3 to 4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1192
• Bump zaproxy/action-baseline from 0.10.0 to 0.11.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1203
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1204
• Bump org.springframework.boot:spring-boot-starter-parent from 3.2.1 to 3.2.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1205
• Bump org.asciidoctor:asciidoctor-maven-plugin from 2.2.4 to 2.2.5 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1207
• Bump org.springframework.vault:spring-vault-core from 3.1.0 to 3.1.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1212
• Update main.yml to fix #1198 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1223
• Bump eslint-plugin-jest from 27.6.0 to 27.6.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1209
• Bump uk.org.webcompere:system-stubs-jupiter from 2.1.5 to 2.1.6 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1206
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 5.0.0 to 5.0.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1208
• Bump @commitlint/config-conventional from 18.4.3 to 18.6.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1211
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.2.0 to 4.8.3.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1215
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.3 to 3.2.5 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1216
• Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1217
• Bump lycheeverse/lychee-action from 1.9.1 to 1.9.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1227
• Bump eLco/setup-vault from 1.0.2 to 1.0.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1225
• Bump amazoncorretto from 21.0.1-alpine to 21.0.2-alpine by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1222
• Update terraform-aws-modules/vpc/aws requirement from ~> 5.4.0 to ~> 5.5.1 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1221
• Bump hashicorp/aws from 5.31.0 to 5.34.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1220
• Bump hashicorp/google-beta from 5.10.0 to 5.13.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1218
• Bump hashicorp/google from 5.10.0 to 5.13.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1213
• Bump hashicorp/azurerm from 3.85.0 to 3.89.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1219
• Bump com.puppycrawl.tools:checkstyle from 10.12.7 to 10.13.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1231
• Bump eslint-plugin-n from 16.6.0 to 16.6.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1214
• Bump aws.sdk.version from 2.22.9 to 2.23.15 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1232

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.8.2...1.8.3

Special thanks

Special thanks to @za , @commjoen , @bendehaan and @nwolniak for their hard work on this release!

What's Changed

• Challenge 44&45: Vault Metadata challenge by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1147

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.8.1...1.8.2

Special Thanks

Thanks to @nbaars , @commjoen , and @bendehaan for their hard work on this release

What's Changed

Improvements and bug fixes

• feat: run Cypress test against pre-compiled HTML by @nbaars in https://github.com/OWASP/wrongsecrets/pull/1141

• Fix Webtop again by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1146

• refactor: simplify challenges when answer is fixed by @nbaars in https://github.com/OWASP/wrongsecrets/pull/1125

• Fix cypress related docs by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1168

• fix reporting: give junit job the right permissions by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1169

• fix reporting for mochatests by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1170

New challenges

• Challenge 43: new challenge for secret shared on social media. by @djvinnie in https://github.com/OWASP/wrongsecrets/pull/1144

Documentation

• Update main.py: give Nanne a special recognition for his work on the … by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1148

Goodbye Okteto

• Update README.md to remove okteto references by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1188

LCM

• Bump com.github.spotbugs:spotbugs-annotations from 4.8.2 to 4.8.3 by @dependabot in
• Bump github/codeql-action from 2 to 3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1143
• Bump actions/upload-artifact from 3 to 4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1145
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1151
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1152
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1153
• Bump asciidoctorj.version from 2.5.10 to 2.5.11 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1155
• Bump aws.sdk.version from 2.21.42 to 2.22.5 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1156 https://github.com/OWASP/wrongsecrets/pull/1157
• Bump eslint-plugin-import from 2.29.0 to 2.29.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1158
• Bump eslint from 8.55.0 to 8.56.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1160
• Bump io.gatling.highcharts:gatling-charts-highcharts from 3.9.5 to 3.10.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1159
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.8.4 to 5.0.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1161
• Bump io.gatling:gatling-maven-plugin from 4.6.0 to 4.7.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1162
• Bump eslint-plugin-n from 16.3.1 to 16.5.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1163
• Bump com.azure.spring:spring-cloud-azure-dependencies from 5.7.0 to 5.8.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1164
• Bump com.github.spotbugs:spotbugs from 4.8.2 to 4.8.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1165
• Bump org.springframework.boot:spring-boot-starter-parent from 3.2.0 to 3.2.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1166
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.2 to 3.2.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1167
• Bump hashicorp/http from 3.4.0 to 3.4.1 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1184
• Bump hashicorp/google from 5.7.0 to 5.10.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1183
• Bump hashicorp/google-beta from 5.7.0 to 5.10.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1182
• Bump hashicorp/random from 3.5.1 to 3.6.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1181
• Bump hashicorp/random from 3.5.1 to 3.6.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1179
• Bump terraform-aws-modules/eks/aws from 19.20.0 to 19.21.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1178
• Bump hashicorp/aws from 5.29.0 to 5.31.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1177
• Update terraform-aws-modules/vpc/aws requirement from ~> 5.2.0 to ~> 5.4.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1176
• Bump hashicorp/random from 3.5.1 to 3.6.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1173
• Bump hashicorp/http from 3.4.0 to 3.4.1 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1172
• Bump hashicorp/azurerm from 3.83.0 to 3.85.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1171
• Bump hashicorp/http from 3.4.0 to 3.4.1 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1180
• Bump aws.sdk.version from 2.22.5 to 2.22.9 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1174
• Bump com.puppycrawl.tools:checkstyle from 10.12.6 to 10.12.7 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1175
• Bump eslint-plugin-n from 16.5.0 to 16.6.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1185
• Bump lycheeverse/lychee-action from 1.8.0 to 1.9.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1186
• Bump lycheeverse/lychee-action from 1.9.0 to 1.9.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1187

Special Thanks

Special thanks to @nbaars , @djvinnie , @bendehaan , and @commjoen for their hard work on this release!

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.8.0...1.8.1

What's Changed

This is a new major release, as we have done a very big refactor! Thank you, @nbaars, for enabling parallel challenge development! We also migrated to Spring Boot 3.2. Just so you know, from here on, you can remove challenges from the app relatively easily by updating the config.

Let's group the changes below:

Documentation:

• Doc fix: explain and correct the local container creation by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1082
• Adding alternative text in the pictures to the contribution file by @CaduRoriz in https://github.com/OWASP/wrongsecrets/pull/1066

Refactor:

• Introduce separate configuration for challenges by @nbaars in https://github.com/OWASP/wrongsecrets/pull/1083

New challenge:

• [Challenge 42] Spring boot actuator hiding api key by @nwolniak in https://github.com/OWASP/wrongsecrets/pull/1107

Fixes:

• Fix link checker by moving lycheeignore to root of folder again by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1109
• Hotfixes k8s defs, terratest and initial testing on okteto ctf by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1123
• Fix for arm at golang by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1126
• Fix docs and udpate nodejs version by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1127
• Fix image with new parameters for launching the app by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1128
• Challenge38 hint fix. by @djvinnie in https://github.com/OWASP/wrongsecrets/pull/1129
• Bugfix: enable all challenges in cloud envs again by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1131
• fix: aws lb and gke by @bendehaan in https://github.com/OWASP/wrongsecrets/pull/1137
• fix: fix gcp ingress by @bendehaan in https://github.com/OWASP/wrongsecrets/pull/1138
• Fix for issues regarding challenge rendering by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1133
• fix: move gcp ingress to consul/vault script by @bendehaan in https://github.com/OWASP/wrongsecrets/pull/1140

LCM:

• Bump org.webjars:bootstrap from 5.3.1 to 5.3.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1011
• Bump amazoncorretto from 21.0.0-alpine to 21.0.1-alpine by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1065
• Bump com.github.eirslett:frontend-maven-plugin from 1.14.0 to 1.14.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1064
• Bump org.springframework.boot:spring-boot-starter-parent from 3.1.4 to 3.1.5 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1059
• Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.0 to 3.3.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1061
• Bump org.cyclonedx:cyclonedx-core-java from 8.0.1 to 8.0.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1060
• Bump hashicorp/setup-terraform from 2 to 3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1067
• Bump org.jruby:jruby-complete from 9.4.3.0 to 9.4.4.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1058
• Bump hashicorp/google from 4.84.0 to 5.4.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1077
• Bump hashicorp/google-beta from 4.84.0 to 5.4.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1076
• Bump terraform-aws-modules/eks/aws from 19.16.0 to 19.17.4 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1069
• Bump hashicorp/azurerm from 3.75.0 to 3.78.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1068
• Bump eslint-plugin-import from 2.28.1 to 2.29.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1071
• Bump eslint from 8.50.0 to 8.52.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1073
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.9 to 2.7.10 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1080
• Bump hashicorp/aws from 5.19.0 to 5.23.1 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1070
• Bump eslint-plugin-jest from 27.4.2 to 27.6.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1074
• Bump zaproxy/action-baseline from 0.9.0 to 0.10.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1078
• Bump eslint-plugin-n from 16.1.0 to 16.2.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1075
• Bump @commitlint/config-conventional from 17.7.0 to 18.1.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1072
• Bump aws.sdk.version from 2.21.2 to 2.21.13 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1081
• Bump com.azure.spring:spring-cloud-azure-dependencies from 5.5.0 to 5.6.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1063
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.8.2 to 4.8.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1062
• Update terraform-aws-modules/vpc/aws requirement from ~> 5.1.1 to ~> 5.2.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1099
• Bump terraform-aws-modules/eks/aws from 19.17.4 to 19.20.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1098
• Bump hashicorp/google-beta from 5.4.0 to 5.7.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1096
• Bump hashicorp/google from 5.4.0 to 5.7.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1095
• Bump hashicorp/azurerm from 3.78.0 to 3.83.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1085
• Bump @commitlint/config-conventional from 18.1.0 to 18.4.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1100
• Bump hashicorp/aws from 5.23.1 to 5.29.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1097
• Bump actions/setup-java from 3 to 4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1084
• chore(deps): bump actions/setup-python from 4 to 5 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1110
• Bump com.github.spotbugs:spotbugs from 4.8.0 to 4.8.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1086
• chore(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.6 to 4.8.2.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1108
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.12.4 to 10.12.6 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1111
• Bump eslint from 8.52.0 to 8.55.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1104
• Bump com.github.spotbugs:spotbugs-annotations from 4.8.0 to 4.8.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1089
• Bump com.azure.spring:spring-cloud-azure-dependencies from 5.6.0 to 5.7.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1093
• chore(deps): bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.2.0 to 2.3.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1117
• chore(deps-dev): bump com.tngtech.archunit:archunit-junit5 from 1.1.0 to 1.2.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1118
• Bump com.github.eirslett:frontend-maven-plugin from 1.14.2 to 1.15.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1090
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.8.3 to 4.8.4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1092
• Bump uk.org.webcompere:system-stubs-jupiter from 2.1.3 to 2.1.5 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1091
• chore(deps): bump aws.sdk.version from 2.21.13 to 2.21.42 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1119
• chore(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to 3.1.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1120
• chore(deps): bump com.diffplug.spotless:spotless-maven-plugin from 2.40.0 to 2.41.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1122
• chore(deps): bump org.jruby:jruby-complete from 9.4.4.0 to 9.4.5.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1121
• chore(deps): bump org.springframework.cloud:spring-cloud-dependencies from 2022.0.4 to 2023.0.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1116

New Contributors

• @CaduRoriz made their first contribution in https://github.com/OWASP/wrongsecrets/pull/1066
• @nwolniak made their first contribution in https://github.com/OWASP/wrongsecrets/pull/1107

Special Thanks

Special thanks to @CaduRoriz, @nwolniak , @nbaars , @bendehaan , and @djvinnie for their hard work on this release!

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.7.2...1.8.0

What's Changed

Process

• Added github actions to un-assigned issues after 90 days of inactivity by @za in https://github.com/OWASP/wrongsecrets/pull/1050

Required UI Fixes

• Remove negative margin on larger screens by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1054
• Fixing ui by moving blocks around by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1055

###LCM

• Bump google.golang.org/grpc from 1.51.0 to 1.56.3 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1053
• Bump google.golang.org/grpc from 1.51.0 to 1.56.3 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1051
• Bump google.golang.org/grpc from 1.51.0 to 1.56.3 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1052

New Contributors

• @za made their first contribution in https://github.com/OWASP/wrongsecrets/pull/1050

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.7.1...1.7.2

What's Changed

This is the second Hacktoberfest release with small ui updates and some very cool new challenges!

New Challenges

• feat: Challenge 39 based on filename as encryption key by @adarsh-a-tw in https://github.com/OWASP/wrongsecrets/pull/1023
• feat: Challenge 40 based on storing encryption key and secret in the same file by @adarsh-a-tw in https://github.com/OWASP/wrongsecrets/pull/1027
• feat: Challenge 41 based on Password shucking by @adarsh-a-tw in https://github.com/OWASP/wrongsecrets/pull/1037

Updates and fixes

• Heroku documentation update by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1024

• Prep release 1.7.0 ctf party by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1025

• Contributor rankings by @roddas in https://github.com/OWASP/wrongsecrets/pull/1022

• Add the documentation of main.py script for contributor generation by @roddas in https://github.com/OWASP/wrongsecrets/pull/1026

• Updated dockerfiles to include new challenge files and css layout by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1028

• Railway documentation addition. by @alphasecio in https://github.com/OWASP/wrongsecrets/pull/1035

• Cleanup by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1036

• Fix menu ui on mobile by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1045

• release 1.7.1 final fixes (ui and contributors), minor node update by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1047

LCM

• Bump golang.org/x/net from 0.8.0 to 0.17.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1029
• Bump golang.org/x/net from 0.8.0 to 0.17.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1030
• Bump golang.org/x/net from 0.8.0 to 0.17.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1031
• Bump jeroenwillemsen/wrongsecrets from 1.7.0RC4-no-vault to 1.7.0-no-vault by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1032
• Bump urllib3 from 2.0.6 to 2.0.7 in /scripts/sort_contibutors by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1038
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.8.0 to 4.8.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1041
• Bump org.cyclonedx:cyclonedx-core-java from 7.3.2 to 8.0.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1043
• Bump com.puppycrawl.tools:checkstyle from 10.12.3 to 10.12.4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1044
• Bump com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1039
• Bump aws.sdk.version from 2.20.157 to 2.21.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1042
• Bump com.github.spotbugs:spotbugs from 4.7.3 to 4.8.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1040
• Bump actions/setup-node from 3 to 4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1048

New Contributors

• @adarsh-a-tw made their first contribution in https://github.com/OWASP/wrongsecrets/pull/1023
• @alphasecio made their first contribution in https://github.com/OWASP/wrongsecrets/pull/1035

Special thanks

We would like to thank @adarsh-a-tw , @alphasecio , @commjoen , @bendehaan , @mikewoudenberg, and @roddas for their hard work on this release!

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.7.0...1.7.1

Project upgrade

This is another big release as part of #Hacktoberfest! and we have loads of great news:

• we have many #Hacktoberfest PRs which are part of this release.
• our project got upgraded to "Production Status" in OWASP!
• this release includes upgrades of K8S to 1.28 and Java to 21(LTS), which means we can easily deploy this project to various cloud providers for at least another year without the need for a lot of maintenance & we can continue development of the Java app as we are now compatible with a new LTS version of Java.

What's Changed

Major upgrades

• Upgrade to Java 21 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/987
• Upgrade to K8s 1.28 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/991

New challenges:

• Add challenge36: Advanced reverse engineering game by @roddas in https://github.com/OWASP/wrongsecrets/pull/947
• Add challenge 37 for ZAP configuration with authenticated endpoint by @commjoen in https://github.com/OWASP/wrongsecrets/pull/941
• Feature(#614): Challenge38 - Git notes challenge by @RemakingEden in https://github.com/OWASP/wrongsecrets/pull/903

Other changes:

• Remove fly.io from readme and prepare deployment for fly v2 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/986
• Update README.md by @commjoen in https://github.com/OWASP/wrongsecrets/pull/985
• Update README.md: adding @roddas as contributor by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1013
• Add missing files in container for challenge 36 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1014
• feat: add terratest for AWS, Azure and GCP by @bendehaan in https://github.com/OWASP/wrongsecrets/pull/1015
• Update contributing.md: Change image to use java 21 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1017
• first fix for missing step on setting java to 21 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1018
• Tests clean up by @drnow4u in https://github.com/OWASP/wrongsecrets/pull/1021
• Update dependabot.yml to have 10 mrs on Java by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1008
• Pre-release of 1.7.0 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1020

LCM:

• Bump s4u/setup-maven-action from 1.9.0 to 1.10.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/988
• Bump terraform-linters/setup-tflint from 3 to 4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/989
• Bump eslint-plugin-jest from 27.2.3 to 27.4.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1007
• Bump com.diffplug.spotless:spotless-maven-plugin from 2.39.0 to 2.40.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1001
• Bump aws.sdk.version from 2.20.139 to 2.20.157 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/999
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.5 to 4.7.3.6 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1010
• Bump eslint from 8.48.0 to 8.50.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1006
• Bump eslint-plugin-n from 16.0.2 to 16.1.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1005
• Bump cypress from 13.1.0 to 13.3.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1004
• Bump eslint-plugin-cypress from 2.14.0 to 2.15.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1003
• Bump hashicorp/azurerm from 3.71.0 to 3.75.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/995
• Bump hashicorp/google from 4.80.0 to 4.84.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/994
• Bump hashicorp/google-beta from 4.80.0 to 4.84.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/993
• Bump hashicorp/aws from 5.15.0 to 5.19.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/997
• Bump com.github.eirslett:frontend-maven-plugin from 1.13.4 to 1.14.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1002
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.7.2 to 4.8.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1009
• Bump javascript-obfuscator from 4.0.2 to 4.1.0 in /js by @dependabot in https://github.com/OWASP/wrongsecrets/pull/996
• Bump uk.org.webcompere:system-stubs-jupiter from 2.0.2 to 2.1.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1012
• Bump nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect from 3.2.1 to 3.3.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/998

New Contributors

• @roddas made their first contribution in https://github.com/OWASP/wrongsecrets/pull/947

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.10...1.7.0

Special Thanks:

Special thanks to @roddas , @nbaars , @bendehaan , @drnow4u , @RemakingEden , and @commjoen for their hard work on this release!

What's Changed

Features

• Create render.yaml for render.io deployment by @commjoen in https://github.com/OWASP/wrongsecrets/pull/983

Small fixes

• Docker exercises changes in readme.md by @djvinnie in https://github.com/OWASP/wrongsecrets/pull/964
• Update README.md as GitHub Id changed by @commjoen in https://github.com/OWASP/wrongsecrets/pull/979
• Added star'ing message by @djvinnie in https://github.com/OWASP/wrongsecrets/pull/980

LCM

• Bump eslint-plugin-import from 2.28.0 to 2.28.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/955
• Bump eslint from 8.46.0 to 8.48.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/952
• Bump com.puppycrawl.tools:checkstyle from 10.12.2 to 10.12.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/961
• Bump com.diffplug.spotless:spotless-maven-plugin from 2.38.0 to 2.39.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/958
• Bump org.springframework.boot:spring-boot-starter-parent from 3.1.2 to 3.1.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/960
• Bump aws.sdk.version from 2.20.116 to 2.20.139 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/972
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.7.0 to 4.7.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/971
• Bump @commitlint/config-conventional from 17.6.7 to 17.7.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/953
• Bump eslint-plugin-cypress from 2.13.3 to 2.14.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/969
• Bump eslint-plugin-n from 16.0.1 to 16.0.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/956
• Bump azurerm from 3.67.0 to 3.71.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/967
• Bump hashicorp/google-beta from 4.76.0 to 4.80.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/966
• Bump hashicorp/google from 4.76.0 to 4.80.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/965
• Bump terraform-aws-modules/eks/aws from 19.15.4 to 19.16.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/963
• Bump aws from 5.10.0 to 5.15.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/962
• Bump org.linguafranca.pwdb:KeePassJava2 from 2.1.4 to 2.2.1 and fix local run issue with challenge14 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/970
• Update container-alts-test.yml bumping Colima setup by @commjoen in https://github.com/OWASP/wrongsecrets/pull/945
• Update container-alts-test.yml to alpha.v10 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/976
• Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/977
• Feature: update node to version 20 as checkout v4 standard operates with v20 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/978
• Bump org.webjars:jquery from 3.7.0 to 3.7.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/959
• Bump com.azure.spring:spring-cloud-azure-dependencies from 5.3.0 to 5.5.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/973
• Bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.1.0 to 2.2.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/957
• Bump cypress from 12.17.2 to 13.1.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/954

New Contributors

• @djvinnie made their first contribution in https://github.com/OWASP/wrongsecrets/pull/964

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.9...1.6.10

Special Thanks

Special thanks to @djvinnie , @nbaars , @bendehaan , and @commjoen for their work on this release!

What's Changed

Docs:

• Update README.md by @commjoen in https://github.com/OWASP/wrongsecrets/pull/940

Bugfixes:

• Update Challenge35 as there as a bug in the component ordering by @commjoen in https://github.com/OWASP/wrongsecrets/pull/942
• Update challenge32 to explain external website usage by @commjoen in https://github.com/OWASP/wrongsecrets/pull/948
• Replace Challenge32 with another prompting game (Gandalf) as the old prompting game is shut down by @commjoen in https://github.com/OWASP/wrongsecrets/pull/950
• Fix for challenge29 as there was an issue with decyrpting the actual answer by @commjoen in https://github.com/OWASP/wrongsecrets/pull/949
• Fixes for Challenge17 generation by @commjoen in https://github.com/OWASP/wrongsecrets/pull/951

LCM:

• Bump s4u/setup-maven-action from 1.8.0 to 1.9.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/944

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.8...1.6.9

Special Thanks

Special thanks to @bendehaan , @commjoen, and @djvinnie for their hard work on this release!