OWASP Juice Shop Files

This release brings significant changes to existing challenges (⚡) which might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop!

🅰️ Frontend

• Updated frontend to Angular 17.x and Angular Material 17.x (kudos to @martinakraus, @thomasbreland, @hxrshxz, @ayushrajparihar and @alekszivko for the help and hard work on this 🙌)

🎯 Challenges

• Added new Memory Bomb ⭐⭐⭐⭐⭐ -challenge
• Cross-Site Imaging challenge now uses http://placecats.com instead of abandoned http://placekitten.com service (⚡)

🔧 Configuration

• Added blueSkyUrl and mastodonUrl to social section of configuration

🎨 User Interface

• Added BlueSky and Mastodon links to About Us screen

🐛 Bugfixes

• [#2341]: Fixed "Product Tampering" challenge verification to work in any selected language
• [#2365]: Restored prevention of unintentional RCE in NoSQL challenges (kudos to @KapilSareen)
• [#2384]: Now checking challenge continue code for invalid characters before processing (kudos to @drwtsn95)
• [#2404]: Fixed "Upload Size" challenge verification to trigger properly in all situations (kudos to @criticic)
• [#2317]: Hacking Instructor script is now again lazy-loaded into the browser (kudos to @alekszivko)