Releases: OWASP/wrongsecrets
1.7.2 quickfix for ui
What's Changed
Process
Required UI Fixes
- Remove negative margin on larger screens by @commjoen in #1054
- Fixing ui by moving blocks around by @commjoen in #1055
###LCM
- Bump google.golang.org/grpc from 1.51.0 to 1.56.3 in /gcp by @dependabot in #1053
- Bump google.golang.org/grpc from 1.51.0 to 1.56.3 in /azure by @dependabot in #1051
- Bump google.golang.org/grpc from 1.51.0 to 1.56.3 in /aws by @dependabot in #1052
New Contributors
Full Changelog: 1.7.1...1.7.2
1.7.1: hacktoberfest 2! New challenges and changes
What's Changed
This is the second Hacktoberfest release with small ui updates and some very cool new challenges!
New Challenges
- feat: Challenge 39 based on filename as encryption key by @adarsh-a-tw in #1023
- feat: Challenge 40 based on storing encryption key and secret in the same file by @adarsh-a-tw in #1027
- feat: Challenge 41 based on Password shucking by @adarsh-a-tw in #1037
Updates and fixes
-
Add the documentation of main.py script for contributor generation by @roddas in #1026
-
Updated dockerfiles to include new challenge files and css layout by @commjoen in #1028
-
Railway documentation addition. by @alphasecio in #1035
-
release 1.7.1 final fixes (ui and contributors), minor node update by @commjoen in #1047
LCM
- Bump golang.org/x/net from 0.8.0 to 0.17.0 in /gcp by @dependabot in #1029
- Bump golang.org/x/net from 0.8.0 to 0.17.0 in /azure by @dependabot in #1030
- Bump golang.org/x/net from 0.8.0 to 0.17.0 in /aws by @dependabot in #1031
- Bump jeroenwillemsen/wrongsecrets from 1.7.0RC4-no-vault to 1.7.0-no-vault by @dependabot in #1032
- Bump urllib3 from 2.0.6 to 2.0.7 in /scripts/sort_contibutors by @dependabot in #1038
- Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.8.0 to 4.8.2 by @dependabot in #1041
- Bump org.cyclonedx:cyclonedx-core-java from 7.3.2 to 8.0.1 by @dependabot in #1043
- Bump com.puppycrawl.tools:checkstyle from 10.12.3 to 10.12.4 by @dependabot in #1044
- Bump com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.0 by @dependabot in #1039
- Bump aws.sdk.version from 2.20.157 to 2.21.2 by @dependabot in #1042
- Bump com.github.spotbugs:spotbugs from 4.7.3 to 4.8.0 by @dependabot in #1040
- Bump actions/setup-node from 3 to 4 by @dependabot in #1048
New Contributors
- @adarsh-a-tw made their first contribution in #1023
- @alphasecio made their first contribution in #1035
Special thanks
We would like to thank @adarsh-a-tw , @alphasecio , @commjoen , @bendehaan , @mikewoudenberg, and @roddas for their hard work on this release!
Full Changelog: 1.7.0...1.7.1
1.7.0: Hacktoberfest 1: Java 21, K8s 1.28 and 3 new challenges
Project upgrade
This is another big release as part of #Hacktoberfest! and we have loads of great news:
- we have many #Hacktoberfest PRs which are part of this release.
- our project got upgraded to "Production Status" in OWASP!
- this release includes upgrades of K8S to 1.28 and Java to 21(LTS), which means we can easily deploy this project to various cloud providers for at least another year without the need for a lot of maintenance & we can continue development of the Java app as we are now compatible with a new LTS version of Java.
What's Changed
Major upgrades
New challenges:
- Add challenge36: Advanced reverse engineering game by @roddas in #947
- Add challenge 37 for ZAP configuration with authenticated endpoint by @commjoen in #941
- Feature(#614): Challenge38 - Git notes challenge by @RemakingEden in #903
Other changes:
- Remove fly.io from readme and prepare deployment for fly v2 by @commjoen in #986
- Update README.md by @commjoen in #985
- Update README.md: adding @roddas as contributor by @commjoen in #1013
- Add missing files in container for challenge 36 by @commjoen in #1014
- feat: add terratest for AWS, Azure and GCP by @bendehaan in #1015
- Update contributing.md: Change image to use java 21 by @commjoen in #1017
- first fix for missing step on setting java to 21 by @commjoen in #1018
- Tests clean up by @drnow4u in #1021
- Update dependabot.yml to have 10 mrs on Java by @commjoen in #1008
- Pre-release of 1.7.0 by @commjoen in #1020
LCM:
- Bump s4u/setup-maven-action from 1.9.0 to 1.10.0 by @dependabot in #988
- Bump terraform-linters/setup-tflint from 3 to 4 by @dependabot in #989
- Bump eslint-plugin-jest from 27.2.3 to 27.4.2 by @dependabot in #1007
- Bump com.diffplug.spotless:spotless-maven-plugin from 2.39.0 to 2.40.0 by @dependabot in #1001
- Bump aws.sdk.version from 2.20.139 to 2.20.157 by @dependabot in #999
- Bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.5 to 4.7.3.6 by @dependabot in #1010
- Bump eslint from 8.48.0 to 8.50.0 by @dependabot in #1006
- Bump eslint-plugin-n from 16.0.2 to 16.1.0 by @dependabot in #1005
- Bump cypress from 13.1.0 to 13.3.0 by @dependabot in #1004
- Bump eslint-plugin-cypress from 2.14.0 to 2.15.1 by @dependabot in #1003
- Bump hashicorp/azurerm from 3.71.0 to 3.75.0 in /azure by @dependabot in #995
- Bump hashicorp/google from 4.80.0 to 4.84.0 in /gcp by @dependabot in #994
- Bump hashicorp/google-beta from 4.80.0 to 4.84.0 in /gcp by @dependabot in #993
- Bump hashicorp/aws from 5.15.0 to 5.19.0 in /aws by @dependabot in #997
- Bump com.github.eirslett:frontend-maven-plugin from 1.13.4 to 1.14.0 by @dependabot in #1002
- Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.7.2 to 4.8.0 by @dependabot in #1009
- Bump javascript-obfuscator from 4.0.2 to 4.1.0 in /js by @dependabot in #996
- Bump uk.org.webcompere:system-stubs-jupiter from 2.0.2 to 2.1.3 by @dependabot in #1012
- Bump nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect from 3.2.1 to 3.3.0 by @dependabot in #998
New Contributors
Full Changelog: 1.6.10...1.7.0
Special Thanks:
Special thanks to @roddas , @nbaars , @bendehaan , @drnow4u , @RemakingEden , and @commjoen for their hard work on this release!
1.6.10: Small updates and fixes
What's Changed
Features
Small fixes
- Docker exercises changes in readme.md by @djvinnie in #964
- Update README.md as GitHub Id changed by @commjoen in #979
- Added star'ing message by @djvinnie in #980
LCM
- Bump eslint-plugin-import from 2.28.0 to 2.28.1 by @dependabot in #955
- Bump eslint from 8.46.0 to 8.48.0 by @dependabot in #952
- Bump com.puppycrawl.tools:checkstyle from 10.12.2 to 10.12.3 by @dependabot in #961
- Bump com.diffplug.spotless:spotless-maven-plugin from 2.38.0 to 2.39.0 by @dependabot in #958
- Bump org.springframework.boot:spring-boot-starter-parent from 3.1.2 to 3.1.3 by @dependabot in #960
- Bump aws.sdk.version from 2.20.116 to 2.20.139 by @dependabot in #972
- Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.7.0 to 4.7.2 by @dependabot in #971
- Bump @commitlint/config-conventional from 17.6.7 to 17.7.0 by @dependabot in #953
- Bump eslint-plugin-cypress from 2.13.3 to 2.14.0 by @dependabot in #969
- Bump eslint-plugin-n from 16.0.1 to 16.0.2 by @dependabot in #956
- Bump azurerm from 3.67.0 to 3.71.0 in /azure by @dependabot in #967
- Bump hashicorp/google-beta from 4.76.0 to 4.80.0 in /gcp by @dependabot in #966
- Bump hashicorp/google from 4.76.0 to 4.80.0 in /gcp by @dependabot in #965
- Bump terraform-aws-modules/eks/aws from 19.15.4 to 19.16.0 in /aws by @dependabot in #963
- Bump aws from 5.10.0 to 5.15.0 in /aws by @dependabot in #962
- Bump org.linguafranca.pwdb:KeePassJava2 from 2.1.4 to 2.2.1 and fix local run issue with challenge14 by @dependabot in #970
- Update container-alts-test.yml bumping Colima setup by @commjoen in #945
- Update container-alts-test.yml to alpha.v10 by @commjoen in #976
- Bump actions/checkout from 3 to 4 by @dependabot in #977
- Feature: update node to version 20 as checkout v4 standard operates with v20 by @commjoen in #978
- Bump org.webjars:jquery from 3.7.0 to 3.7.1 by @dependabot in #959
- Bump com.azure.spring:spring-cloud-azure-dependencies from 5.3.0 to 5.5.0 by @dependabot in #973
- Bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.1.0 to 2.2.0 by @dependabot in #957
- Bump cypress from 12.17.2 to 13.1.0 by @dependabot in #954
New Contributors
Full Changelog: 1.6.9...1.6.10
Special Thanks
Special thanks to @djvinnie , @nbaars , @bendehaan , and @commjoen for their work on this release!
1.6.9: Bugfixes in challenges
What's Changed
Docs:
Bugfixes:
- Update Challenge35 as there as a bug in the component ordering by @commjoen in #942
- Update challenge32 to explain external website usage by @commjoen in #948
- Replace Challenge32 with another prompting game (Gandalf) as the old prompting game is shut down by @commjoen in #950
- Fix for challenge29 as there was an issue with decyrpting the actual answer by @commjoen in #949
- Fixes for Challenge17 generation by @commjoen in #951
LCM:
- Bump s4u/setup-maven-action from 1.8.0 to 1.9.0 by @dependabot in #944
Full Changelog: 1.6.8...1.6.9
Special Thanks
Special thanks to @bendehaan , @commjoen, and @djvinnie for their hard work on this release!
1.6.8
What's Changed
New challenges
Bugfixes
LCM
- Bump hashicorp/google-beta from 4.75.1 to 4.76.0 in /gcp by @dependabot in #933
- Bump aws.sdk.version from 2.20.115 to 2.20.116 by @dependabot in #934
- Bump hashicorp/google from 4.75.1 to 4.76.0 in /gcp by @dependabot in #932
- Bump zaproxy/action-baseline from 0.8.2 to 0.9.0 by @dependabot in #936
- Bump tough-cookie and @cypress/request by @dependabot in #937
- Bump org.webjars:bootstrap from 5.3.0 to 5.3.1 by @dependabot in #935
Full Changelog: 1.6.7...1.6.8
Special Thanks
Special thanks to @bendehaan and @commjoen for their hard work on this release!
1.6.7: Back to Java17(LTS) and other LCM
What's Changed
Bugfixes:
- Fixes in challengeUI for CTF Party by @commjoen in #900
- Downgrade to patched java17 by @commjoen in #911
LCM:
- Bump spring-cloud-azure-dependencies from 5.1.0 to 5.3.0 by @dependabot in #890
- Bump @commitlint/config-conventional from 17.6.5 to 17.6.6 by @dependabot in #895
- Bump checkstyle from 10.12.0 to 10.12.1 by @dependabot in #889
- Bump spring-boot-starter-parent from 3.0.6 to 3.1.1 by @dependabot in #874
- Bump hashicorp/google-beta from 4.70.0 to 4.71.0 in /gcp by @dependabot in #885
- Bump hashicorp/google from 4.70.0 to 4.71.0 in /gcp by @dependabot in #886
- Bump azurerm from 3.62.1 to 3.63.0 in /azure by @dependabot in #897
- Bump eslint-plugin-n from 16.0.0 to 16.0.1 by @dependabot in #892
- Bump eslint from 8.43.0 to 8.44.0 by @dependabot in #893
- Bump aws.sdk.version from 2.20.91 to 2.20.97 by @dependabot in #888
- Bump spring-cloud-gcp-dependencies from 4.5.0 to 4.5.1 by @dependabot in #891
- Bump aws from 5.5.0 to 5.6.2 in /aws by @dependabot in #896
- Bump minimatch from 9.0.1 to 9.0.2 in /js by @dependabot in #887
- Bump cypress from 12.15.0 to 12.16.0 by @dependabot in #894
- Bump frontend-maven-plugin from 1.12.1 to 1.13.3 by @dependabot in #898
- Bump zaproxy/action-baseline from 0.7.0 to 0.8.0 by @dependabot in #899
- Bump zaproxy/action-baseline from 0.8.0 to 0.8.2 by @dependabot in #902
- Bump eslint-plugin-jest from 27.2.2 to 27.2.3 by @dependabot in #910
- Bump cypress from 12.16.0 to 12.17.1 by @dependabot in #909
- Bump aws.sdk.version from 2.20.97 to 2.20.103 by @dependabot in #905
- Bump word-wrap from 1.2.3 to 1.2.4 in /js by @dependabot in #912
- Bump eslint from 8.44.0 to 8.45.0 by @dependabot in #908
- Bump frontend-maven-plugin from 1.13.3 to 1.13.4 by @dependabot in #906
- Bump minimatch from 9.0.2 to 9.0.3 in /js by @dependabot in #904
- Bump datatables from 1.13.4 to 1.13.5 by @dependabot in #907
- Bump com.diffplug.spotless:spotless-maven-plugin from 2.37.0 to 2.38.0 by @dependabot in #915
- Bump eslint-plugin-import from 2.27.5 to 2.28.0 by @dependabot in #923
- Bump org.springframework.boot:spring-boot-starter-parent from 3.1.1 to 3.1.2 by @dependabot in #929
- Bump org.springframework.cloud:spring-cloud-dependencies from 2022.0.3 to 2022.0.4 by @dependabot in #913
- Bump cypress from 12.17.1 to 12.17.2 by @dependabot in #927
- Bump azurerm from 3.63.0 to 3.67.0 in /azure by @dependabot in #918
- Bump hashicorp/google-beta from 4.71.0 to 4.75.1 in /gcp by @dependabot in #922
- Bump hashicorp/google from 4.71.0 to 4.75.1 in /gcp by @dependabot in #921
- Bump terraform-aws-modules/eks/aws from 19.15.3 to 19.15.4 in /aws by @dependabot in #920
- Update terraform-aws-modules/vpc/aws requirement from ~> 5.0.0 to ~> 5.1.1 in /aws by @dependabot in #916
- Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.5.1 to 4.7.0 by @dependabot in #917
- Bump eslint from 8.45.0 to 8.46.0 by @dependabot in #924
- Bump com.puppycrawl.tools:checkstyle from 10.12.1 to 10.12.2 by @dependabot in #930
- Bump @commitlint/config-conventional from 17.6.6 to 17.6.7 by @dependabot in #926
- Bump aws.sdk.version from 2.20.103 to 2.20.115 by @dependabot in #919
- Bump org.webjars:jquery from 3.6.4 to 3.7.0 by @dependabot in #931
- Bump org.thymeleaf.extras:thymeleaf-extras-springsecurity6 from 3.1.1.RELEASE to 3.1.2.RELEASE by @dependabot in #928
- Bump aws from 5.6.2 to 5.10.0 in /aws by @dependabot in #925
Full Changelog: 1.6.6...1.6.7
Thanks
Thanks to @commjoen for his hard work on this release!
1.6.6: Challenge 34, LCM & Doc improvements
What's Changed
New Challenges
Small Fixes
LCM:
- Bump maven-checkstyle-plugin from 3.2.2 to 3.3.0 by @dependabot in #852
- Bump spring-cloud-gcp-dependencies from 4.3.1 to 4.4.0 by @dependabot in #854
- Bump asciidoctorj.version from 2.5.8 to 2.5.9 by @dependabot in #853
- Bump checkstyle from 10.10.0 to 10.12.0 by @dependabot in #855
- Bump aws.sdk.version from 2.20.56 to 2.20.78 by @dependabot in #856
- Bump asciidoctor-maven-plugin from 2.2.3 to 2.2.4 by @dependabot in #857
- Bump jruby-complete from 9.4.2.0 to 9.4.3.0 by @dependabot in #862
- Bump aws.sdk.version from 2.20.78 to 2.20.82 by @dependabot in #861
- Bump asciidoctorj.version from 2.5.9 to 2.5.10 by @dependabot in #863
- Bump s4u/setup-maven-action from 1.7.0 to 1.8.0 by @dependabot in #864
- Bump aws.sdk.version from 2.20.82 to 2.20.85 by @dependabot in #865
- Bump spotbugs-maven-plugin from 4.7.3.4 to 4.7.3.5 by @dependabot in #875
- Bump eslint-plugin-jest from 27.2.1 to 27.2.2 by @dependabot in #868
- Bump eslint from 8.41.0 to 8.43.0 by @dependabot in #867
- Bump aws.sdk.version from 2.20.85 to 2.20.91 by @dependabot in #869
- Bump spring-cloud-gcp-dependencies from 4.4.0 to 4.5.0 by @dependabot in #872
- Bump terraform-aws-modules/eks/aws from 19.15.2 to 19.15.3 in /aws by @dependabot in #876
- Bump hashicorp/google from 4.67.0 to 4.70.0 in /gcp by @dependabot in #877
- Bump http from 3.3.0 to 3.4.0 in /gcp by @dependabot in #878
- Bump hashicorp/google-beta from 4.67.0 to 4.70.0 in /gcp by @dependabot in #880
- Bump azurerm from 3.58.0 to 3.62.1 in /azure by @dependabot in #881
- Bump aws from 5.0.1 to 5.5.0 in /aws by @dependabot in #883
- Bump http from 3.3.0 to 3.4.0 in /azure by @dependabot in #882
- Bump cypress from 12.13.0 to 12.15.0 by @dependabot in #871
- Bump eslint-plugin-n from 15.7.0 to 16.0.0 by @dependabot in #873
- Bump http from 3.3.0 to 3.4.0 in /aws by @dependabot in #879
- Bump datatables from 1.13.2 to 1.13.4 by @dependabot in #870
Full Changelog: 1.6.5...1.6.6
Special Thanks
We would like to thank @commjoen and @bendehaan for their hard work on this release.
1.6.5: Challenge 33, score-tracking on home, ui tests, small fixes & docs
What's Changed
Documentation:
- #630 Docker image jeroenwillemsen/wrongsecrets:1.5.14-no-vault hangs … by @MarcinNowak-codes in #631
- Update ctf instructions for challenge 30 by @commjoen in #821
- Update README.md (badges & screenshots), challenge1 text, and a ui-bug by @commjoen in #825
Quality updates:
- chore: add Spotless formatter by @nbaars in #790
- UI Test Framework by @RemakingEden in #808
- Automate spotless apply as part of pre-commit by @commjoen in #824
- Fix for okteto; namespace substitution in challenge33.yml by @commjoen in #827
- Scoring UI test tweaks by @RemakingEden in #828
- Pre-release fixes (docs, tests, bugfixes in challenge 33 & challenge 13, pre-commit&node upgrades) and setting up 1.6.5 release by @commjoen in #829
New Features:
New Challenges:
LCM
- Bump cyclonedx-maven-plugin from 2.7.8 to 2.7.9 by @dependabot in #834
- Bump spotless-maven-plugin from 2.36.0 to 2.37.0 by @dependabot in #833
- Bump spring-cloud-dependencies from 2022.0.2 to 2022.0.3 by @dependabot in #835
- Bump eslint-config-standard from 17.0.0 to 17.1.0 by @dependabot in #841
- Bump minimatch from 9.0.0 to 9.0.1 in /js by @dependabot in #837
- Bump cypress from 12.10.0 to 12.13.0 by @dependabot in #840
- Bump eslint from 8.39.0 to 8.41.0 by @dependabot in #842
- Bump terraform-aws-modules/eks/aws from 19.13.1 to 19.15.2 in /aws by @dependabot in #845
- Bump aws from 4.65.0 to 5.0.1 in /aws by @dependabot in #844
- Bump hashicorp/google-beta from 4.63.1 to 4.67.0 in /gcp by @dependabot in #839
- Bump hashicorp/google from 4.63.1 to 4.67.0 in /gcp by @dependabot in #838
- Update terraform-aws-modules/vpc/aws requirement from ~> 4.0.1 to ~> 5.0.0 in /aws by @dependabot in #846
- Bump spring-cloud-gcp-dependencies from 4.2.0 to 4.3.1 by @dependabot in #847
- Bump lombok from 1.18.26 to 1.18.28 by @dependabot in #849
- Bump bootstrap from 5.2.3 to 5.3.0 by @dependabot in #832
- Bump @commitlint/config-conventional from 17.6.1 to 17.6.5 by @dependabot in #843
- Bump azurerm from 3.54.0 to 3.58.0 in /azure by @dependabot in #836
- Delete secondkey.txt by @bendehaan in #850
Full Changelog: 1.6.4...1.6.5
Special Thanks
We would like to thank @bendehaan, @RemakingEden , @nbaars, @MarcinNowak-codes , @commjoen , and @devsecops
1.6.4: performance improvements, LCM, and 3 new challenges (LocalStorage, AI/LLM and documentation)
What's Changed
New challenges
- Feature(#648): Add the localstorage challenge by @Novice-expert in #716
- Feature(#816): first LLM based challenge by @commjoen in #817
- Feature(#423): Addition of Challenge 31 (third documentation challenge) by @puneeth072003 in #757
Small updates
- Code tidying, challenge difficulty refactor, removal of unnecessary code by @nbaars in #789
- fix: wire challenges to compute size dynamically. by @nbaars in #820
Other features
- Optimize performance of the app by means of JS minification and enabling GZIP compression by @commjoen in #805
- Fixes for docs and challenges by @commjoen in #806
- Update README.md to add new contributor Novice-Expert by @commjoen in #807
Dependency updates
- build(deps): bump asciidoctorj.version from 2.5.7 to 2.5.8 by @dependabot in #777
- build(deps): bump checkstyle from 10.9.3 to 10.10.0 by @dependabot in #792
- build(deps): bump cyclonedx-maven-plugin from 2.7.7 to 2.7.8 by @dependabot in #794
- build(deps): bump aws.sdk.version from 2.20.53 to 2.20.56 by @dependabot in #797
- build(deps): bump spring-cloud-azure-dependencies from 5.0.0 to 5.1.0 by @dependabot in #800
- build(deps): bump aws from 4.64.0 to 4.65.0 in /aws by @dependabot in #801
- build(deps): bump hashicorp/google from 4.62.1 to 4.63.1 in /gcp by @dependabot in #799
- build(deps): bump hashicorp/google-beta from 4.62.1 to 4.63.1 in /gcp by @dependabot in #791
- build(deps): bump azurerm from 3.53.0 to 3.54.0 in /azure by @dependabot in #796
- build(deps): bump http from 3.2.1 to 3.3.0 in /gcp by @dependabot in #793
- build(deps): bump http from 3.2.1 to 3.3.0 in /azure by @dependabot in #798
- build(deps): bump http from 3.2.1 to 3.3.0 in /aws by @dependabot in #795
- build(deps): bump minimatch from 8.0.3 to 9.0.0 in /js by @dependabot in #779
- build(deps): bump lycheeverse/lychee-action from 1.7.0 to 1.8.0 by @dependabot in #819
New Contributors
- @Novice-expert made their first contribution in #716
Full Changelog: 1.6.3...1.6.4
Special Thanks
Special thanks to @nbaars , @bendehaan , @Novice-expert , @puneeth072003 , @commjoen, @mikewoudenberg , and @h43z for their hard work on this release!