Releases: OWASP/wrongsecrets
1.6.4: performance improvements, LCM, and 3 new challenges (LocalStorage, AI/LLM and documentation)
What's Changed
New challenges
- Feature(#648): Add the localstorage challenge by @Novice-expert in #716
- Feature(#816): first LLM based challenge by @commjoen in #817
- Feature(#423): Addition of Challenge 31 (third documentation challenge) by @puneeth072003 in #757
Small updates
- Code tidying, challenge difficulty refactor, removal of unnecessary code by @nbaars in #789
- fix: wire challenges to compute size dynamically. by @nbaars in #820
Other features
- Optimize performance of the app by means of JS minification and enabling GZIP compression by @commjoen in #805
- Fixes for docs and challenges by @commjoen in #806
- Update to add new contributor Novice-Expert by @commjoen in #807
Dependency updates
- build(deps): bump asciidoctorj.version from 2.5.7 to 2.5.8 by @dependabot in #777
- build(deps): bump checkstyle from 10.9.3 to 10.10.0 by @dependabot in #792
- build(deps): bump cyclonedx-maven-plugin from 2.7.7 to 2.7.8 by @dependabot in #794
- build(deps): bump aws.sdk.version from 2.20.53 to 2.20.56 by @dependabot in #797
- build(deps): bump spring-cloud-azure-dependencies from 5.0.0 to 5.1.0 by @dependabot in #800
- build(deps): bump aws from 4.64.0 to 4.65.0 in /aws by @dependabot in #801
- build(deps): bump hashicorp/google from 4.62.1 to 4.63.1 in /gcp by @dependabot in #799
- build(deps): bump hashicorp/google-beta from 4.62.1 to 4.63.1 in /gcp by @dependabot in #791
- build(deps): bump azurerm from 3.53.0 to 3.54.0 in /azure by @dependabot in #796
- build(deps): bump http from 3.2.1 to 3.3.0 in /gcp by @dependabot in #793
- build(deps): bump http from 3.2.1 to 3.3.0 in /azure by @dependabot in #798
- build(deps): bump http from 3.2.1 to 3.3.0 in /aws by @dependabot in #795
- build(deps): bump minimatch from 8.0.3 to 9.0.0 in /js by @dependabot in #779
- build(deps): bump lycheeverse/lychee-action from 1.7.0 to 1.8.0 by @dependabot in #819
New Contributors
- @Novice-expert made their first contribution in #716
Full Changelog: 1.6.3...1.6.4
Special Thanks
Special thanks to @nbaars , @bendehaan , @Novice-expert , @puneeth072003 , @commjoen, @mikewoudenberg , and @h43z for their hard work on this release!
1.6.3: Http caching, bugfixes and LCM
What's Changed
New features
- Disabling springdoc on heroku by @commjoen in #761
- Performance improvement 1: Enable Http caching of js/css resources. by @commjoen and @nbaars in #763
- build(deps): bump lycheeverse/lychee-action from 1.6.1 to 1.7.0 by @dependabot in #764
- build(deps-dev): bump @commitlint/config-conventional from 17.4.4 to 17.6.1 by @dependabot in #768
- build(deps-dev): bump eslint from 8.37.0 to 8.39.0 by @dependabot in #767
- build(deps): bump spring-boot-starter-parent from 3.0.5 to 3.0.6 by @dependabot in #771
- build(deps): bump maven-checkstyle-plugin from 3.2.1 to 3.2.2 by @dependabot in #774
- build(deps): bump cyclonedx-maven-plugin from 2.7.6 to 2.7.7 by @dependabot in #786
- build(deps): bump spotbugs-maven-plugin from to by @dependabot in #785
- build(deps): bump spring-cloud-gcp-dependencies from 4.1.3 to 4.2.0 by @dependabot in #770
- build(deps): bump aws.sdk.version from 2.20.39 to 2.20.53 by @dependabot in #787
- build(deps): bump hashicorp/google-beta from 4.59.0 to 4.62.1 in /gcp by @dependabot in #769
- build(deps): update terraform-aws-modules/vpc/aws requirement from ~> 3.19.0 to ~> 4.0.1 in /aws by @dependabot in #783
- build(deps): bump random from 3.4.3 to 3.5.1 in /aws by @dependabot in #781
- build(deps): bump aws from 4.61.0 to 4.64.0 in /aws by @dependabot in #780
- build(deps): bump terraform-aws-modules/eks/aws from 19.12.0 to 19.13.1 in /aws by @dependabot in #782
- build(deps): bump azurerm from 3.50.0 to 3.53.0 in /azure by @dependabot in #773
- build(deps): bump random from 3.4.3 to 3.5.1 in /gcp by @dependabot in #778
- build(deps): bump random from 3.4.3 to 3.5.1 in /azure by @dependabot in #776
- build(deps): bump hashicorp/google from 4.59.0 to 4.62.1 in /gcp by @dependabot in #775
- Update by @commjoen in #766
Full Changelog: 1.6.2...1.6.3
Special Thanks
Special thanks to @commjoen and @nbaars for their hard work on this release!
1.6.2: Improved UI, big doc update, LCM, and Challenge29
What's Changed
This is a big documentation update, with which we are now at 100% passing of the OpenSSF: .
Next, we have a new challenge added, and are preparing to add a few more in a couple of weeks ;-).
- Fix: Small fix in by @puneeth072003 in #712
- fix: fix link in pre-commit badge by @bendehaan in #711
- feat(#680): first swagger api setup by @commjoen in #710
- fix: add new challenge label to issue template by @bendehaan in #720
- Feat(#695): mention AWS as a sponsor by @commjoen in #722
- Updates the Javadocs and required docs for OpenSSF by @commjoen in #718
- Add missing period by @szh in #725
- feat(#680): added more javadoc by @commjoen in #739
- Make readme more inviting by @commjoen in #759
- (noticket): adding missing contributors by @commjoen in #760
- Update readme with badge locations and setup linkedin post by @commjoen in #741
- build(deps-dev): bump eslint from 8.36.0 to 8.37.0 by @dependabot in #733
- build(deps-dev): bump eslint-plugin-n from 15.6.1 to 15.7.0 by @dependabot in #735
- build(deps): bump spring-boot-starter-parent from 3.0.4 to 3.0.5 by @dependabot in #726
- build(deps): bump cyclonedx-maven-plugin from 2.7.5 to 2.7.6 by @dependabot in #730
- build(deps): bump checkstyle from 10.8.0 to 10.9.3 by @dependabot in #744
- build(deps): bump spotbugs-maven-plugin from to by @dependabot in #745
- build(deps): bump aws.sdk.version from 2.20.23 to 2.20.37 by @dependabot in #728
- build(deps): bump spring-cloud-dependencies from 2022.0.1 to 2022.0.2 by @dependabot in #748
- build(deps): bump spring-cloud-gcp-dependencies from 4.1.1 to 4.1.3 by @dependabot in #729
- build(deps): bump jruby-complete from to by @dependabot in #731
- build(deps): bump asciidoctor-maven-plugin from 2.2.2 to 2.2.3 by @dependabot in #746
- build(deps): bump thymeleaf-layout-dialect from 3.2.0 to 3.2.1 by @dependabot in #749
- build(deps): bump springdoc-openapi-starter-webmvc-ui from 2.0.4 to 2.1.0 by @dependabot in #747
- build(deps): bump aws.sdk.version from 2.20.37 to 2.20.38 by @dependabot in #750
- build(deps): bump spotbugs-annotations from 4.6.0 to 4.7.3 by @dependabot in #753
- build(deps): bump aws.sdk.version from 2.20.37 to 2.20.39 by @dependabot in #752
- build(deps): bump hashicorp/google from 4.55.0 to 4.59.0 in /gcp by @dependabot in #732
- build(deps): bump hashicorp/google-beta from 4.55.0 to 4.59.0 in /gcp by @dependabot in #734
- build(deps): bump azurerm from 3.45.0 to 3.50.0 in /azure by @dependabot in #736
- build(deps): bump terraform-aws-modules/eks/aws from 19.10.0 to 19.12.0 in /aws by @dependabot in #738
- build(deps): bump aws from 4.56.0 to 4.61.0 in /aws by @dependabot in #737
- build(deps): bump minimatch from 7.3.0 to 8.0.3 in /js by @dependabot in #754
- build(deps): bump jquery from 3.6.3 to 3.6.4 by @dependabot in #751
- fix: save selected theme by @turjoc120 in #715
New Challenges
- Addition of Challenge 29 by @puneeth072003 in #697
New Contributors
- @szh made their first contribution in #725
- @turjoc120 made their first contribution in #715
Special thanks to
Special thanks to: @bendehaan , @puneeth072003 , @szh , @turjoc120, @nbaars , and @commjoen for their hard work on this release!
Full Changelog: 1.6.1...1.6.2
1.6.1: UI extended, OpenSSF compliance, improved Q/A, and Challenge28
What's Changed
UI Changes:
- Add a link to our OWASP Project page and add a Donate link for cloud cost coverage by @commjoen in #691
- feat(#707): Initial overhaul for ui, licenses to be included by @commjoen in #708
- Fix(#701): ui rendering on XS screens (stack not rendering) fixed: empty collumn filled again on mobile in portraid by @commjoen in #704
Improved Q/A and OpenSSF Compliance:
- Feat(#683): fix codeql build and a fix for detected issues by @commjoen in #693
- feat(#696): add pre-commit auto-fix by @bendehaan in #703
- feat(#684): add DAST with ZAP by @bendehaan in #705
- 698 Integrate spotbugs and fix many potential java bugs by @commjoen in #700
New Challenge:
- Adding Challenge 28 by @puneeth072003 in #690
Special thanks to:
Special thanks to @bendehaan , @puneeth072003, @nbaars , and @commjoen for making this release a reality!
Full Changelog: 1.6.0...1.6.1
1.6.0: Kubernetes 1.25, big development support update, new License, Okteto environment update, bug fixes, and LCM
What's Changed
Key Changes
the following items where the core of this release:
- BREAKING CHANGE: re-license project under AGPLv3 by @bendehaan in #627
- Upgrade to kubernetes 1.25 for all K8s environments by @commjoen in #652
- Enable CTF party in Okteto as we no longer always have heroku. Try . By @commjoen in #675
Bug fixes
The following bug fixes were introduced in order to have a smooth experience with the challenges as a user:
- Update challenge13.yml so that the workflow is triggered every month so you can do the challenge by @commjoen in #620
- fix(#676): replaced thymeleaf unwrapped expressions and updated by @commjoen in #677
- Fix for challenge 19 and 20 on ARM: now all challenges work on (Linux/Mac OS) with ARM (aarch64) again.
- Updated with #649 RBAC detailed description reason by @madhuakula in #672
Development support updates
We had a lot of work in this release done to make it easier for you to contribute to the project:
- fix: improve PR template by @bendehaan so that PR checklists are more complete in #622
- feat: add CODEOWNERS by @bendehaan so that PRs are better automated in #629
- feat: add commitlint by @bendehaan in #628
- feat: add issue templates for three categories by @bendehaan in #655
- Create by @commjoen in #656
- Beginner Guide Submission by @puneeth072003 in #653
- Extended support for ARM on linux and Musl based development environments: Feat(#618) detect musl by @commjoen in #664
- Adding the Table of contents by @puneeth072003 in #668
- doc(x): added @puneeth072003 as contributor by @commjoen in #669
- Change in code for windows users and adding remark in by @puneeth072003 in #678
- feat: add eslint to pre-commit by @bendehaan in #688
- feat(#631):first podman and Colima test by @commjoen in #651
- include spring boot baeldung tutorial by @commjoen in #621
- Reduce confusion on slack channel links by @commjoen in #626
- Small cleanups from spring boot3 migration by @commjoen in #674
- Bump class-validator and javascript-obfuscator in /js by @dependabot in #623
- Bump s4u/setup-maven-action from 1.6.0 to 1.7.0 by @dependabot in #633
- Bump lycheeverse/lychee-action from 1.5.4 to 1.6.1 by @dependabot in #63
- Bump cyclonedx-maven-plugin from 2.7.4 to 2.7.5 by @dependabot in #636
- Bump spring-boot-starter-parent from 3.0.2 to 3.0.3 by @dependabot in #643
- Bump spring-cloud-gcp-dependencies from 4.0.0 to 4.1.1 by @dependabot in #644
- Bump aws.sdk.version from 2.19.33 to 2.20.12 by @dependabot in #641
- Bump datatables from 1.13.1 to 1.13.2 by @dependabot in #645
- Update hashicorp/google requirement from ~> 4.52.0 to ~> 4.54.0 in /gcp by @dependabot in #642
- Bump terraform-aws-modules/eks/aws from 19.7.0 to 19.10.0 in /aws by @dependabot in #638
- Update aws requirement from ~> 4.53.0 to ~> 4.56.0 in /aws by @dependabot in #639
- Update hashicorp/google-beta requirement from ~> 4.52.0 to ~> 4.54.0 in /gcp by @dependabot in #637
- Update azurerm requirement from ~> 3.42.0 to ~> 3.45.0 in /azure by @dependabot in #635
- build(deps): bump cyclonedx-core-java from 7.3.1 to 7.3.2 by @dependabot in #662
- build(deps): bump checkstyle from 10.7.0 to 10.8.0 by @dependabot in #657
- build(deps): bump erzz/codeclimate-standalone from 0.0.4 to 0.0.5 by @dependabot in #671
- build(deps): bump minimatch from 6.1.6 to 7.3.0 in /js by @dependabot in #658
- build(deps): bump aws.sdk.version from 2.20.12 to 2.20.14 by @dependabot in #661
- build(deps): update hashicorp/google requirement from ~> 4.54.0 to ~> 4.55.0 in /gcp by @dependabot in #660
- build(deps): update hashicorp/google-beta requirement from ~> 4.54.0 to ~> 4.55.0 in /gcp by @dependabot in #659
New Contributors
- @puneeth072003 made their first contribution in #653
Special thanks to
Special thanks to @madhuakula , @bendehaan , @puneeth072003, @MarcinNowak-codes, and @commjoen for making this release a reality!
Full Changelog: 1.5.14...1.6.0
1.5.14: LCM, Windows binaries, webtop improvements & bugfixes
What's Changed
- Fixing Heroku test redirection to HTTPS based on suggestion from Spring community by @MarcinNowak-codes in #570
- Fixing bootstrap application by removing PortMapper from production configuration by @MarcinNowak-codes in #572
- Fix for #569 : Adding Windows Binaries and a detection method by @commjoen in #571
- limit windows development by @commjoen in #575
- Bump maven-checkstyle-plugin from 3.2.0 to 3.2.1 by @dependabot in #577
- Bump spring-boot-starter-parent from 3.0.1 to 3.0.2 by @dependabot in #578
- Bump cyclonedx-maven-plugin from 2.7.3 to 2.7.4 by @dependabot in #582
- Bump spring-cloud-gcp-dependencies from 3.4.1 to 3.4.2 by @dependabot in #583
- Bump aws.sdk.version from 2.19.8 to 2.19.21 by @dependabot in #584
- Bump minimatch from 5.1.2 to 6.1.5 in /js by @dependabot in #579
- Bump spring-cloud-azure-dependencies from 4.5.0 to 5.0.0 by @dependabot in #580
- Bump thymeleaf-layout-dialect from 3.1.0 to 3.2.0 by @dependabot in #585
- Bump checkstyle from 10.6.0 to 10.7.0 by @dependabot in #598
- Bump aws.sdk.version from 2.19.21 to 2.19.28 by @dependabot in #591
- Bump system-stubs-jupiter from 2.0.1 to 2.0.2 by @dependabot in #596
- Bump minimatch from 6.1.5 to 6.1.6 in /js by @dependabot in #600
- Revise docker images to have less & only relevant executables by @commjoen in #601
- Bump spring-cloud-gcp-dependencies from 3.4.2 to 4.0.0 by @dependabot in #597
- Bump terraform-aws-modules/eks/aws from 19.4.2 to 19.7.0 in /aws by @dependabot in #606
- Update hashicorp/google requirement from ~> 4.47.0 to ~> 4.52.0 in /gcp by @dependabot in #605
- Update hashicorp/google-beta requirement from ~> 4.47.0 to ~> 4.52.0 in /gcp by @dependabot in #604
- Update azurerm requirement from ~> 3.37.0 to ~> 3.42.0 in /azure by @dependabot in #603
- Update terraform-aws-modules/vpc/aws requirement from ~> 3.18.1 to ~> 3.19.0 in /aws by @dependabot in #595
- Update aws requirement from ~> 4.48.0 to ~> 4.53.0 in /aws by @dependabot in #602
- Bump jquery from 3.6.1 to 3.6.3 by @dependabot in #581
- Bump lombok from 1.18.24 to 1.18.26 by @dependabot in #607
- Bump spring-cloud-dependencies from 2022.0.0 to 2022.0.1 by @dependabot in #608
- Bump aws.sdk.version from 2.19.28 to 2.19.33 by @dependabot in #609
- Bump jruby-complete from to by @dependabot in #610
Full Changelog: 1.5.13...1.5.14
We would like to thank @MarcinNowak-codes & @commjoen for their work on this release
1.5.13: Spring Boot 3, LCM, and Okteto support
What's Changed
- spring boot 3.0.0 by @MarcinNowak-codes in #518
- Add scanners (Trufflehog) by @commjoen in #531
- Go back in base image as newer ones don't always seem to work on aws? by @commjoen in #533
- Bump azure/setup-helm from 3.4 to 3.5 by @dependabot in #534
- Bump aws.sdk.version from 2.18.28 to 2.18.41 by @dependabot in #539
- Bump spring-cloud-azure-dependencies from 4.4.1 to 4.5.0 by @dependabot in #537
- Setup develop @ okteto button #535 by @commjoen in #542
- Bump bootstrap from 5.2.2 to 5.2.3 by @dependabot in #541
- Bump spring-cloud-gcp-dependencies from 3.4.0 to 3.4.1 by @dependabot in #538
- Bump datatables from 1.12.1 to 1.13.1 by @dependabot in #540
- fix: add envsubst to okteto by @bendehaan in #545
- Add a share-to-mastodon-button by @commjoen in #544
- Update pom.xml to make versioning consistent by @commjoen in #551
- fix: typo in readme by @bendehaan in #554
- Update readme to have intelliJ IDEA instructions by @commjoen in #552
- Bump cyclonedx-core-java from 7.2.0 to 7.3.1 by @dependabot in #550
- Bump thymeleaf-extras-springsecurity6 from 3.1.0.RELEASE to 3.1.1.RELEASE by @dependabot in #546
- Bump aws.sdk.version from 2.18.41 to 2.19.6 by @dependabot in #557
- Bump spring-boot-starter-parent from 3.0.0 to 3.0.1 by @dependabot in #549
- Bump spring-cloud-dependencies from 2021.0.4 to 2022.0.0 by @dependabot in #548
- Bump checkstyle from 10.5.0 to 10.6.0 by @dependabot in #565
- Bump minimatch from 5.1.1 to 5.1.2 in /js by @dependabot in #560
- Bump aws.sdk.version from 2.19.6 to 2.19.8 by @dependabot in #566
- Update hashicorp/google requirement from ~> 4.44.1 to ~> 4.47.0 in /gcp by @dependabot in #562
- Update aws requirement from ~> 4.45.0 to ~> 4.48.0 in /aws by @dependabot in #561
- Update hashicorp/google-beta requirement from ~> 4.44.1 to ~> 4.47.0 in /gcp by @dependabot in #564
- Bump terraform-aws-modules/eks/aws from 18.31.2 to 19.4.2 in /aws by @dependabot in #563
- Update azurerm requirement from ~> 3.33.0 to ~> 3.37.0 in /azure by @dependabot in #559
- Fixes for new TF provider in AWS by @commjoen in #567
Full Changelog: 1.5.12...1.5.13
Special thanks
Special thanks to @bendehaan , @MarcinNowak-codes , @nhumblot & @commjoen for their hard work on this release.
1.5.12: New Azure SDK & LCM
What's Changed
- Fix for kubernetes minikube tests by @commjoen in #516
- First attempt to migrate to azure its new SDKs for #490 & solve challenge 11 on azure again #225 by @commjoen in #500
- Bump aws.sdk.version from 2.18.24 to 2.18.28 by @dependabot in #523
- Bump checkstyle from 10.4 to 10.5.0 by @dependabot in #521
- Bump jruby-complete from to by @dependabot in #522
- Bump minimatch from 5.1.0 to 5.1.1 in /js by @dependabot in #519
- Replace depreciated security configuration by @MarcinNowak-codes in #526
- #525 Replace Asciidoctor::convert() and OptionsBuilder::options() dep… by @nhumblot in #528
- Spring Security 5.8.0 by @MarcinNowak-codes in #529
- Update aws requirement from ~> 4.41.0 to ~> 4.45.0 in /aws by @dependabot in #527
New Contributors
Full Changelog: 1.5.11...1.5.12
##Special Thanks
Special thanks to @nhumblot , @MarcinNowak-codes , @commjoen & @saragluna for their work on this release.
Special thanks from the Azure SDK team for their support during this release.
1.5.11b Fix a few TF items
This release is a patch to fix some of the TF related issues as a deprecation for the http provider was not fixed properly in 1.5.11.
1.5.11: LCM, UI, and small updates
What's Changed
- first thank you to sponsors by @commjoen in #487
- Bump lycheeverse/lychee-action from 1.5.1 to 1.5.2 by @dependabot in #488
- Update by @commjoen in #491
- Bump lycheeverse/lychee-action from 1.5.2 to 1.5.3 by @dependabot in #493
- Fix for CTFD issue (start with 0 instead of 1) by @commjoen in #492
- Add russian info by @commjoen in #495
- Adding Juiceshop links in FE challenges by @commjoen in #489
- Bump lycheeverse/lychee-action from 1.5.3 to 1.5.4 by @dependabot in #496
- Bump s4u/setup-maven-action from 1.5.1 to 1.6.0 by @dependabot in #498
- GCP: Migrate to new springboot SDK & update azure identity to 1.7.0 and mvn dependency-check 7.3.0 by @commjoen in #499
- Bump terraform-linters/setup-tflint from 2 to 3 by @dependabot in #503
- Datatable implementation (#415) by @commjoen in #450
- Added git and a clone for the k8s container. by @commjoen in #505
- Bump aws.sdk.version from 2.18.11 to 2.18.24 by @dependabot in #506
- Bump cyclonedx-maven-plugin from 2.7.2 to 2.7.3 by @dependabot in #515
- Update aws requirement from ~> 4.37.0 to ~> 4.41.0 in /aws by @dependabot in #507
- Bump terraform-aws-modules/eks/aws from 18.30.2 to 18.31.2 in /aws by @dependabot in #510
- Update hashicorp/google-beta requirement from ~> 4.42.0 to ~> 4.44.1 in /gcp by @dependabot in #509
- Update hashicorp/google requirement from ~> 4.42.0 to ~> 4.44.1 in /gcp by @dependabot in #511
- Update azurerm requirement from ~> 3.29.1 to ~> 3.33.0 in /azure by @dependabot in #508
- Bump azure-security-keyvault-secrets from 4.5.1 to 4.5.2 by @dependabot in #513
Full Changelog: 1.5.10...1.5.11