Wrongsecrets Versions Save

What's Changed

• Fixing Heroku test redirection to HTTPS based on suggestion from Spring community by @MarcinNowak-codes in https://github.com/OWASP/wrongsecrets/pull/570
• Fixing bootstrap application by removing PortMapper from production configuration by @MarcinNowak-codes in https://github.com/OWASP/wrongsecrets/pull/572
• Fix for #569 : Adding Windows Binaries and a detection method by @commjoen in https://github.com/OWASP/wrongsecrets/pull/571
• limit windows development by @commjoen in https://github.com/OWASP/wrongsecrets/pull/575
• Bump maven-checkstyle-plugin from 3.2.0 to 3.2.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/577
• Bump spring-boot-starter-parent from 3.0.1 to 3.0.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/578
• Bump cyclonedx-maven-plugin from 2.7.3 to 2.7.4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/582
• Bump spring-cloud-gcp-dependencies from 3.4.1 to 3.4.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/583
• Bump aws.sdk.version from 2.19.8 to 2.19.21 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/584
• Bump minimatch from 5.1.2 to 6.1.5 in /js by @dependabot in https://github.com/OWASP/wrongsecrets/pull/579
• Bump spring-cloud-azure-dependencies from 4.5.0 to 5.0.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/580
• Bump thymeleaf-layout-dialect from 3.1.0 to 3.2.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/585
• Bump checkstyle from 10.6.0 to 10.7.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/598
• Bump aws.sdk.version from 2.19.21 to 2.19.28 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/591
• Bump system-stubs-jupiter from 2.0.1 to 2.0.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/596
• Bump minimatch from 6.1.5 to 6.1.6 in /js by @dependabot in https://github.com/OWASP/wrongsecrets/pull/600
• Revise docker images to have less & only relevant executables by @commjoen in https://github.com/OWASP/wrongsecrets/pull/601
• Bump spring-cloud-gcp-dependencies from 3.4.2 to 4.0.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/597
• Bump terraform-aws-modules/eks/aws from 19.4.2 to 19.7.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/606
• Update hashicorp/google requirement from ~> 4.47.0 to ~> 4.52.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/605
• Update hashicorp/google-beta requirement from ~> 4.47.0 to ~> 4.52.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/604
• Update azurerm requirement from ~> 3.37.0 to ~> 3.42.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/603
• Update terraform-aws-modules/vpc/aws requirement from ~> 3.18.1 to ~> 3.19.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/595
• Update aws requirement from ~> 4.48.0 to ~> 4.53.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/602
• Bump jquery from 3.6.1 to 3.6.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/581
• Bump lombok from 1.18.24 to 1.18.26 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/607
• Bump spring-cloud-dependencies from 2022.0.0 to 2022.0.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/608
• Bump aws.sdk.version from 2.19.28 to 2.19.33 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/609
• Bump jruby-complete from 9.4.0.0 to 9.4.1.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/610

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.5.13...1.5.14

Thanks

We would like to thank @MarcinNowak-codes & @commjoen for their work on this release

What's Changed

• spring boot 3.0.0 by @MarcinNowak-codes in https://github.com/OWASP/wrongsecrets/pull/518
• Add scanners (Trufflehog) by @commjoen in https://github.com/OWASP/wrongsecrets/pull/531
• Go back in base image as newer ones don't always seem to work on aws? by @commjoen in https://github.com/OWASP/wrongsecrets/pull/533
• Bump azure/setup-helm from 3.4 to 3.5 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/534
• Bump aws.sdk.version from 2.18.28 to 2.18.41 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/539
• Bump spring-cloud-azure-dependencies from 4.4.1 to 4.5.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/537
• Setup develop @ okteto button #535 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/542
• Bump bootstrap from 5.2.2 to 5.2.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/541
• Bump spring-cloud-gcp-dependencies from 3.4.0 to 3.4.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/538
• Bump datatables from 1.12.1 to 1.13.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/540
• fix: add envsubst to okteto by @bendehaan in https://github.com/OWASP/wrongsecrets/pull/545
• Add a share-to-mastodon-button by @commjoen in https://github.com/OWASP/wrongsecrets/pull/544
• Update pom.xml to make versioning consistent by @commjoen in https://github.com/OWASP/wrongsecrets/pull/551
• fix: typo in readme by @bendehaan in https://github.com/OWASP/wrongsecrets/pull/554
• Update readme to have intelliJ IDEA instructions by @commjoen in https://github.com/OWASP/wrongsecrets/pull/552
• Bump cyclonedx-core-java from 7.2.0 to 7.3.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/550
• Bump thymeleaf-extras-springsecurity6 from 3.1.0.RELEASE to 3.1.1.RELEASE by @dependabot in https://github.com/OWASP/wrongsecrets/pull/546
• Bump aws.sdk.version from 2.18.41 to 2.19.6 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/557
• Bump spring-boot-starter-parent from 3.0.0 to 3.0.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/549
• Bump spring-cloud-dependencies from 2021.0.4 to 2022.0.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/548
• Bump checkstyle from 10.5.0 to 10.6.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/565
• Bump minimatch from 5.1.1 to 5.1.2 in /js by @dependabot in https://github.com/OWASP/wrongsecrets/pull/560
• Bump aws.sdk.version from 2.19.6 to 2.19.8 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/566
• Update hashicorp/google requirement from ~> 4.44.1 to ~> 4.47.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/562
• Update aws requirement from ~> 4.45.0 to ~> 4.48.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/561
• Update hashicorp/google-beta requirement from ~> 4.44.1 to ~> 4.47.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/564
• Bump terraform-aws-modules/eks/aws from 18.31.2 to 19.4.2 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/563
• Update azurerm requirement from ~> 3.33.0 to ~> 3.37.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/559
• Fixes for new TF provider in AWS by @commjoen in https://github.com/OWASP/wrongsecrets/pull/567

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.5.12...1.5.13

Special thanks

Special thanks to @bendehaan , @MarcinNowak-codes , @nhumblot & @commjoen for their hard work on this release.

What's Changed

• Fix for kubernetes minikube tests by @commjoen in https://github.com/OWASP/wrongsecrets/pull/516
• First attempt to migrate to azure its new SDKs for #490 & solve challenge 11 on azure again #225 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/500
• Bump aws.sdk.version from 2.18.24 to 2.18.28 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/523
• Bump checkstyle from 10.4 to 10.5.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/521
• Bump jruby-complete from 9.3.9.0 to 9.4.0.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/522
• Bump minimatch from 5.1.0 to 5.1.1 in /js by @dependabot in https://github.com/OWASP/wrongsecrets/pull/519
• Replace depreciated security configuration by @MarcinNowak-codes in https://github.com/OWASP/wrongsecrets/pull/526
• #525 Replace Asciidoctor::convert() and OptionsBuilder::options() dep… by @nhumblot in https://github.com/OWASP/wrongsecrets/pull/528
• Spring Security 5.8.0 by @MarcinNowak-codes in https://github.com/OWASP/wrongsecrets/pull/529
• Update aws requirement from ~> 4.41.0 to ~> 4.45.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/527

New Contributors

• @nhumblot made their first contribution in https://github.com/OWASP/wrongsecrets/pull/528

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.5.11...1.5.12

##Special Thanks Special thanks to @nhumblot , @MarcinNowak-codes , @commjoen & @saragluna for their work on this release. Special thanks from the Azure SDK team for their support during this release.

This release is a patch to fix some of the TF related issues as a deprecation for the http provider was not fixed properly in 1.5.11.

What's Changed

• first thank you to sponsors by @commjoen in https://github.com/OWASP/wrongsecrets/pull/487
• Bump lycheeverse/lychee-action from 1.5.1 to 1.5.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/488
• Update README.md by @commjoen in https://github.com/OWASP/wrongsecrets/pull/491
• Bump lycheeverse/lychee-action from 1.5.2 to 1.5.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/493
• Fix for CTFD issue (start with 0 instead of 1) by @commjoen in https://github.com/OWASP/wrongsecrets/pull/492
• Add russian info by @commjoen in https://github.com/OWASP/wrongsecrets/pull/495
• Adding Juiceshop links in FE challenges by @commjoen in https://github.com/OWASP/wrongsecrets/pull/489
• Bump lycheeverse/lychee-action from 1.5.3 to 1.5.4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/496
• Bump s4u/setup-maven-action from 1.5.1 to 1.6.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/498
• GCP: Migrate to new springboot SDK & update azure identity to 1.7.0 and mvn dependency-check 7.3.0 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/499
• Bump terraform-linters/setup-tflint from 2 to 3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/503
• Datatable implementation (#415) by @commjoen in https://github.com/OWASP/wrongsecrets/pull/450
• Added git and a clone for the k8s container. by @commjoen in https://github.com/OWASP/wrongsecrets/pull/505
• Bump aws.sdk.version from 2.18.11 to 2.18.24 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/506
• Bump cyclonedx-maven-plugin from 2.7.2 to 2.7.3 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/515
• Update aws requirement from ~> 4.37.0 to ~> 4.41.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/507
• Bump terraform-aws-modules/eks/aws from 18.30.2 to 18.31.2 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/510
• Update hashicorp/google-beta requirement from ~> 4.42.0 to ~> 4.44.1 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/509
• Update hashicorp/google requirement from ~> 4.42.0 to ~> 4.44.1 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/511
• Update azurerm requirement from ~> 3.29.1 to ~> 3.33.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/508
• Bump azure-security-keyvault-secrets from 4.5.1 to 4.5.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/513

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.5.10...1.5.11

What's Changed

• Bump azure/setup-helm from 3.3 to 3.4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/464
• Move all references to the new location as part of #453 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/481
• Bump checkstyle from 10.3.4 to 10.4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/479
• Bump spring.security.version from 5.7.4 to 5.7.5 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/471
• Bump libraries-bom from 26.1.3 to 26.1.4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/480
• Bump aws.sdk.version from 2.17.285 to 2.18.7 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/483
• Bump azure-identity from 1.6.0 to 1.6.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/476
• Bump azure-security-keyvault-secrets from 4.5.0 to 4.5.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/478
• Update hashicorp/google-beta requirement from ~> 4.39.0 to ~> 4.42.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/484
• Update hashicorp/google requirement from ~> 4.39.0 to ~> 4.42.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/482
• Update http requirement from ~> 3.1.0 to ~> 3.2.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/475
• Update terraform-aws-modules/vpc/aws requirement from ~> 3.16.0 to ~> 3.18.1 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/466
• Update terraform-aws-modules/iam/aws requirement from ~> 4.12 to ~> 5.5 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/472
• Update aws requirement from ~> 4.33.0 to ~> 4.37.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/473
• Bump terraform-aws-modules/eks/aws from 18.30.0 to 18.30.2 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/469
• Update http requirement from ~> 3.1.0 to ~> 3.2.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/468
• Fix minimatch vuln by @commjoen in https://github.com/OWASP/wrongsecrets/pull/485
• fix for minimatch -2 by @commjoen in https://github.com/OWASP/wrongsecrets/pull/486

Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.5.9...1.5.10

** Special thanks **: Special thanks to @bendehaan and @hblankenship for their work on this release!

What's Changed

• Bump s4u/setup-maven-action from 1.5.0 to 1.5.1 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/455
• Updated challenge texts for kubernetes and vault challenges for CTF-party by @commjoen in https://github.com/commjoen/wrongsecrets/pull/456
• Bump cyclonedx-maven-plugin from 2.7.1 to 2.7.2 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/458
• Bump asciidoctorj.version from 2.5.6 to 2.5.7 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/459
• Bump jruby-complete from 9.3.8.0 to 9.3.9.0 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/461
• Bump libraries-bom from 26.1.2 to 26.1.3 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/463
• Bump spring.security.version from 5.7.3 to 5.7.4 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/457
• Bump spring-boot-starter-parent from 2.7.4 to 2.7.5 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/462
• Bump bootstrap from 5.2.0 to 5.2.2 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/460

Full Changelog: https://github.com/commjoen/wrongsecrets/compare/1.5.8...1.5.9

What's Changed

• First iteration of the full CTF documentation for #372 by @commjoen in https://github.com/commjoen/wrongsecrets/pull/451
• Porting back wrongsecrets-ctf hardening parts, including migration to K8s 1.23 by @commjoen in https://github.com/commjoen/wrongsecrets/pull/452

Full Changelog: https://github.com/commjoen/wrongsecrets/compare/1.5.7...1.5.8

What's Changed

• fix for challenge8 by @commjoen in https://github.com/commjoen/wrongsecrets/pull/433
• Create k8s container for ctf party by @commjoen in https://github.com/commjoen/wrongsecrets/pull/435
• Challenge0 by @commjoen in https://github.com/commjoen/wrongsecrets/pull/434
• Bump checkstyle from 10.3.3 to 10.3.4 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/438
• Bump asciidoctorj.version from 2.5.5 to 2.5.6 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/440
• Bump spring-boot-starter-parent from 2.7.3 to 2.7.4 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/437
• Bump eclipse-temurin from 18-jre-focal to 19-jre-focal by @dependabot in https://github.com/commjoen/wrongsecrets/pull/436
• Bump spring-cloud-dependencies from 2021.0.3 to 2021.0.4 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/444
• Bump azure-security-keyvault-secrets from 4.4.6 to 4.5.0 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/445
• Bump terraform-aws-modules/eks/aws from 18.29.0 to 18.30.0 in /aws by @dependabot in https://github.com/commjoen/wrongsecrets/pull/442
• Bump azure-identity from 1.5.5 to 1.6.0 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/439
• Bump aws.sdk.version from 2.17.267 to 2.17.285 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/441
• Update terraform-aws-modules/vpc/aws requirement from ~> 3.14.4 to ~> 3.16.0 in /aws by @dependabot in https://github.com/commjoen/wrongsecrets/pull/443
• Bump jruby-complete from 9.3.7.0 to 9.3.8.0 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/447
• Bump libraries-bom from 26.1.1 to 26.1.2 by @dependabot in https://github.com/commjoen/wrongsecrets/pull/446
• Upgrade to java 19 by @commjoen in https://github.com/commjoen/wrongsecrets/pull/449

Full Changelog: https://github.com/commjoen/wrongsecrets/compare/1.5.6...1.5.7

What's Changed

• Challenge26: Smart Contract Challenge 2 by @neatzsche in https://github.com/commjoen/wrongsecrets/pull/430
• Challenge27: Smart Contract Challenge 3 by @neatzsche in https://github.com/commjoen/wrongsecrets/pull/431
• Textual improvements for challenge 26 & 27 by @commjoen in https://github.com/commjoen/wrongsecrets/pull/432

Full Changelog: https://github.com/commjoen/wrongsecrets/compare/1.5.5...1.5.6

Secial thanks

We would like to thank @neatzsche for his awesome work at the 2 new Web3 challenges!