Latest pre-release

Commits

• 0a2709c: Bump virtualenv from 20.29.2 to 20.29.3 (dependabot[bot]) #1117

v2.1.1

This release contains various font fixes to ease the printing and allow for more translations. The Website App edition has been translated into Russian (see: owasp_cornucopia_webapp_2.1_ru.zip) Thanks to Andrey Danin (@Stuw ).

Commits

• 122b5c2: New post (Johan Sydseter) #1052
• d59da45: Post about the release (Johan Sydseter) #1053
• 033e067: Add em (Johan Sydseter) #1053
• 230817b: Fix em (Johan Sydseter) #1053
• 07d2aca: Update release post to also mention the new translations (Uncle Joe) #1054
• d4f86e3: Update CODEOWNERS (Uncle Joe) #1055
• a6dc7a3: Update README.md (Uncle Joe) #1056
• 873faf4: Bump mvdan/shfmt from 0eb8266 to 5593a35 (dependabot[bot]) #1057
• caf48ae: Bump python from 816feb2 to e885b40 (dependabot[bot]) #1058
• 1365e33: Bump step-security/harden-runner from 2.10.4 to 2.11.0 (dependabot[bot]) #1059
• 67d12ef: Bump flake8 from 7.1.1 to 7.1.2 (dependabot[bot]) #1060
• f3accec: Update index.md (Uncle Joe) #1061
• 1916b88: dev server is not used when publishing static projects. (Uncle Joe) #1061
• 6005869: Bump flake8 from 7.1.1 to 7.1.2 (dependabot[bot]) #1062
• 4026cf8: Support the test decks with the old QR code and fix a issue with the low case redirect. (Johan Sydseter) #1063
• 996673d: cleanup. (Johan Sydseter) #1063
• 1ae8159: Response can be const. (Johan Sydseter) #1063
• 1e90bb7: Add the also the first article here. (Johan Sydseter) #1064
• 65264fb: Rename article to match name (Johan Sydseter) #1065
• 77b0da7: Ensure text on front page has correct styling (Johan Sydseter) #1066
• 4ff1159: Fix title metadata (Johan Sydseter) #1067
• 78cd9e4: Update README.md (Uncle Joe) #1068
• f819249: Add the site to bing search (Johan Sydseter) #1069
• a976087: Bump hypothesis from 6.125.3 to 6.126.0 (dependabot[bot]) #1071
• 62a7c45: Improve seo by adding descriptions, titles and alt tags. (Johan Sydseter) #1072
• 49a0852: Add bing xml for crawling and robot.txt (Johan Sydseter) #1072
• dd491c3: Adding security.txt (Johan Sydseter) #1072
• af5d496: fix duplicate alt (Johan Sydseter) #1072
• 31ff8eb: Update +page.svelte (Uncle Joe) #1072
• b18c2d4: Add canonical links to reduce the number of pages in search results. Correct name of robots.txt and cleanup non-used csp (Johan Sydseter) #1073
• 3c783d5: Add ru files identical to en (Andrey Danin) #999
• 263e890: Add ru language to mappings (Andrey Danin) #999
• 3f7fea7: Add ru utranslation (Andrey Danin) #999
• 48e765e: Bump hypothesis from 6.126.0 to 6.127.1 (dependabot[bot]) #1074
• ba4f967: Bump mvdan/shfmt from 5593a35 to 6ec7674 (dependabot[bot]) #1075
• e6f622a: Bump actions/upload-artifact from 4.6.0 to 4.6.1 (dependabot[bot]) #1076
• 8553630: Bump github/codeql-action from 3.28.9 to 3.28.10 (dependabot[bot]) #1077
• 64f2432: Bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot]) #1078
• 92d019b: Bump hypothesis from 6.127.1 to 6.127.2 (dependabot[bot]) #1079
• 5595694: Add cre mapping for website app (Johan Sydseter) #1080
• 0929c60: Add quotes around id's prefixed with 0 (Johan Sydseter) #1080
• 0a5bf74: Removing Fivo and Adkinson font to use Noto instead to support Russian. Updating the website with the new release. (Johan Sydseter) #1081
• 0e4fbb4: Bump setuptools from 75.8.0 to 75.8.1 (dependabot[bot]) #1082
• de085fd: Adding missing fonts. Correcting README and print instructions. (Johan Sydseter) #1083
• 3693441: Adding complete whitelist for western and non-western characters. Do not use Russian word for Joker for now. (Johan Sydseter) #1084
• 205765b: Correct style (Johan Sydseter) #1084

v2.1.0

Description

This release includes the new versions of the OWASP Cornucopia Website and Mobile App Editions with QR codes on each card that takes the player to https://cornucopia.owasp.org/ where they can read more about each card in the decks. This will help scale secure design and requirement gathering activities for your development teams and empower them to do application security in a more agile way.

We would like to thank dotNET lab for donating their website code for this development. Volunteer @jefmeijvis were instrumental in making the website with the help from the rest of the project team. All the source code is located in our repository, providing a way to maintain consistency by using some of the same data sources. The website's repo is at:

https://github.com/OWASP/cornucopia/tree/master/cornucopia.owasp.org

This has allowed us to add a news section, and reinstate an extended version of the Wiki Deck, originally created by former co-leader Darío De Filippis, combining information from that and new content and code kindly donated by dotNET lab. There are now fully browsable cards for both editions (Website app and Mobile app) and which can also be examined by mapping taxonomy (e.g. OWASP ASVS, OWASP MASTG, OWASP Top Ten):

https://cornucopia.owasp.org/cards

https://cornucopia.owasp.org/taxonomy

The card URLs will be the unique end points linked from QR codes on printed cards, and which include guidance, tips and all the taxonomy lookups, making it easier to alter and extend these whenever we want. Recent new additional volunteer names have now been added in the acknowledgements.

In due course, the current site at owasp.org/www-project-cornucopia will be simplified and linked to the new custom website.

New translations

In addition to the new versions of the editions and the OWASP Cornucopia website, the new release also comes with two new translations "PT-PT" (Portuguese-Portugal) and "IT" (Italian) thanks to André Ferreira ( @AndreFerreiraMsc ) and Ruggero DallAglio ( @rdallaglio ), respectively. As with previous translations, these are also delivered in 2 sizes, bridge and tarot, both with and without QR codes in addition to also being delivered as legacy guide documents. The new translations will be available in digital formats for download and print-on-demand.

Printing of the new decks

Additionally, dotNET lab is going to sell the OWASP Cornucopia decks on their web shop (see: https://cornucopia.owap.org/webshop). Both the Website App & Mobile App editions will come with QR codes printed on them.
The new versions of the decks are currently in the process of being printed, but we will keep you informed when these are ready, in the mean time, it's possible to buy the 1.0 Mobile App Edition and 2.0 Website App edition from AgileStationary.

OWASP Cornucopia Ecosystem

Commits

• ec08623: simplify layout and remove unused styles. Fixup mobile layout. (Johan Sydseter) #992
• 93fe96e: minor fixes. (Johan Sydseter) #992
• 5dac3c4: Remove the suit from the url. (Johan Sydseter) #992
• 6e8fe9b: Ensure the mobile menu works without javascript. (Johan Sydseter) #992
• CSS adjustments, manual hero card selection, changed list indentation, external link styling, #992 (Jef Meijvis)
• Fixed external link CSS typo #992 (Jef Meijvis)
• Updated link after pseudo element method so it can match text color #992 (Jef Meijvis)
• Added message and direct youtube link for when javascript is disabled #992 (Jef Meijvis)
• c79f66a: Ensure the site works without javascript (Johan Sydseter) #992
• 3b9c646: Apply revision (Johan Sydseter) #992
• c80b849: Ensure first word is capitalized. (Johan Sydseter) #992
• Removed unused old components #992 (Jef Meijvis)
• e8b5c55: Fix conflict (Johan Sydseter) #992
• a459c28: Fix mapping (Johan Sydseter) #992
• b964c8f: fix case (Johan Sydseter) #992
• 544c532: fix case (Johan Sydseter) #992
• 5f94cfe: fix case (Johan Sydseter) #992
• 445e83c: Fix case issues (Johan Sydseter) #992
• e3f8005: Fix case (Johan Sydseter) #992
• 241ad17: Fix logo (Johan Sydseter) #992
• 16b52a9: remove disc from un ordered markup list. (Johan Sydseter) #992
• 5c87a72: fix spelling (Johan Sydseter) #992
• e344994: remove br (Johan Sydseter) #992
• e352143: use p instead of list (Johan Sydseter) #992
• Updated external link indicator #992 (Jef Meijvis)
• d960fce: correct headers. (Johan Sydseter) #992
• fc83bf3: correct test. (Johan Sydseter) #992
• 4cb686f: Fix styles in markup. (Johan Sydseter) #992
• f02ff34: Remove logging. (Johan Sydseter) #992
• 07a9c8b: Remove commenting from everywhere but the news (Johan Sydseter) #992
• 1015a78: remove sanitization (Johan Sydseter) #992
• 3933bb1: add p instead of list (Johan Sydseter) #992
• Updated opengraph from logo to dedicated image so it fits on services such as Teams, Discord, Facebook, LinkedIn, etc.. #992 (Jef Meijvis)
• adbf6aa: remove duplicate line (Johan Sydseter) #992
• 669f6d4: add csp policy (Johan Sydseter) #992
• 812d132: Ensure a strict csp policy is enforced. (Johan Sydseter) #992
• 5c83aca: fixup (Johan Sydseter) #992
• 6bea73d: fixup (Johan Sydseter) #992
• a910991: fixup (Johan Sydseter) #992
• 35e87a0: Fix revisions. (Johan Sydseter) #992
• cd54339: Add vercel to the policy (Johan Sydseter) #992
• 4652462: Add vercel to the policy (Johan Sydseter) #992
• 5f0d400: Add cso for vite preview (Johan Sydseter) #992
• 95698c6: adding vercel preview config (Johan Sydseter) #992
• 3b50013: Fix url issues. (Johan Sydseter) #992
• cf96a41: ignore missing id when card (Johan Sydseter) #992
• dac3abe: Ensure the id's for the nonscript version of the card browser card isn't navigated to (Johan Sydseter) #992
• 1e05101: Use hooks to add headers. (Johan Sydseter) #992
• b3c9eeb: Add various options for writing the headers file (Johan Sydseter) #992
• a8427ad: Add various options for writing the headers file (Johan Sydseter) #992
• 7a1d032: Fix conflict (Johan Sydseter) #992
• f966bba: Fix conflict ...

v2.0.0

Description

This release includes the Cornucopia Mobile App edition 1.0 with mapping to MASVS 2.0 and MASTG 1.7. The Ecommerce edition has been renamed Cornucopia Website App Edition 2.0 and the ASVS mapping for this edition has been updated from ASVS 3.0 to 4.0.
The card decks and leaflets now have two templates: bridge and tarot. For more information regarding the dimensions and printing possibilities see: https://github.com/OWASP/cornucopia?tab=readme-ov-file#printing
Finally the filetype and style option has been removed from the converter. Instead layout and template has been included as options. For more information regarding the converter options please read: https://github.com/OWASP/cornucopia?tab=readme-ov-file#building-the-deck.
The new Tarot version of the Website App and Mobile App editions has been printed in time for the OWASP Global AppSec 2024 in Lisbon and the final proofs that were used for printing these decks can be found in this release with "global_appsec_lisbon" included in their name.

Finally we want to thank all contributors, supporters and backers especially OWASPs hardworking employees.

Changelog

• Adding fuzzing
• Adding layouts
• Adding the tarot template
• Renaming static to bridge template
• Adding the mobile app edition.
• Remove styles as an option, use templates and layouts instead.
• Remove filetypes and introduce templates instead.
• Removing old versions prior to 1.22
• Update the ASVS mapping version to ASVS 4.0.3.

What's Changed

• Adding logo by @sydseter in #504
• Add font. by @sydseter in #506
• Update leaflet with new logo by @sydseter in #505
• Fixup attribution on the case by @sydseter in #507
• Pin version. by @sydseter in #494
• update logos and logos on leaflets. by @sydseter in #508
• Update logo on case. Fix minor issue with gradient and ensure all gra… by @sydseter in #513
• Minor fixes on the paths of the logos. Minor fixes for the case. by @sydseter in #519
• Add font listing for the leaflet by @sydseter in #520
• Add cross-references note in the readme about mobile references. by @sydseter in #521
• Update name of Mobile App Edition. by @sydseter in #526
• Adding IDs to the Mappings files by @rewtd in #531
• Corrected JokerB to Bob and updated the acknowledgements to exclude A… by @rewtd in #527
• Prepare for 2.0 release and mobile app release and shorten the build time. by @sydseter in #528
• update logos. Fix alignment issues. by @sydseter in #541
• Replace unsafe pyyaml loader with SafeLoader by @pixeebot in #548
• Use defusedxml for Parsing XML by @pixeebot in #554
• Add credits to secure delivery for copi by @sydseter in #558
• Add 3mm blead and slug to each template and add temp 80mm x 120 mm template by @sydseter in #565
• Adjusted the bottom flap. by @sydseter in #568
• Dash out where folded, solid where cut. by @sydseter in #572
• Adding leaflet for the 80mm x 120mm version by @sydseter in #573
• Increased the font size for the mobile and 80x120mm versions to make the description readable. by @sydseter in #575
• Adapt the decks to the decks to 2.25 x 3.5 (bridge) (0.300mm paper) and 2.75 x 4.75 (tarrot) (0.350mm paper) by @sydseter in #579
• Add timeout to requests calls by @pixeebot in #580
• Sandbox URL Creation by @pixeebot in #581
• Adjustments to the small box, to make sure all sides are equal. New tuck-in box case by @sydseter in #582
• Cornucopia 2.0 by @sydseter in #560
• Hardening suggestions for cornucopia / release-fix by @pixeebot in #590
• Adding tarot as a template for the leaflet. by @sydseter in #589

Full Changelog: v1.22...v2.0.0

v1.22.0

This release adds the ability to build multiple editions, leaflets, guids and languages. The docx guides have been updated to reflect the latest status of OWASP and the OWASP Cornucopia project. Together with numerous language corrections and additions, the v1.22 deck is now built in 6 languages (English, Spanish, French, Dutch, Portuguese, Norwegian). In addition, the project has also got a robust build and release pipeline