Releases: OWASP/wrongsecrets
Releases · OWASP/wrongsecrets
1.6.1: UI extended, OpenSSF compliance, improved Q/A, and Challenge28
What's Changed
UI Changes:
- Add a link to our OWASP Project page and add a Donate link for cloud cost coverage by @commjoen in #691
- feat(#707): Initial overhaul for ui, licenses to be included by @commjoen in #708
Bugfixes:
- Fix(#701): ui rendering on XS screens (stack not rendering) fixed: empty collumn filled again on mobile in portraid by @commjoen in #704
Improved Q/A and OpenSSF Compliance:
- Feat(#683): fix codeql build and a fix for detected issues by @commjoen in #693
- feat(#696): add pre-commit auto-fix by @bendehaan in #703
- feat(#684): add DAST with ZAP by @bendehaan in #705
- 698 Integrate spotbugs and fix many potential java bugs by @commjoen in #700
New Challenge:
- Adding Challenge 28 by @puneeth072003 in #690
Special thanks to:
Special thanks to @bendehaan , @puneeth072003, @nbaars , and @commjoen for making this release a reality!
Full Changelog: 1.6.0...1.6.1
Contributors
nbaars, commjoen, and 2 other contributors
Assets 3
1.6.0: Kubernetes 1.25, big development support update, new License, Okteto environment update, bug fixes, and LCM
What's Changed
Key Changes
the following items where the core of this release:
- BREAKING CHANGE: re-license project under AGPLv3 by @bendehaan in #627
- Upgrade to kubernetes 1.25 for all K8s environments by @commjoen in #652
- Enable CTF party in Okteto as we no longer always have heroku. Try https://wrongsecrets-ctf-commjoen.cloud.okteto.net/ . By @commjoen in #675
Bug fixes
The following bug fixes were introduced in order to have a smooth experience with the challenges as a user:
- Update challenge13.yml so that the workflow is triggered every month so you can do the challenge by @commjoen in #620
- fix(#676): replaced thymeleaf unwrapped expressions and updated contributing.md by @commjoen in #677
- Fix for challenge 19 and 20 on ARM: now all challenges work on (Linux/Mac OS) with ARM (aarch64) again.
- Updated with #649 RBAC detailed description reason by @madhuakula in #672
Development support updates
We had a lot of work in this release done to make it easier for you to contribute to the project:
- fix: improve PR template by @bendehaan so that PR checklists are more complete in #622
- feat: add CODEOWNERS by @bendehaan so that PRs are better automated in #629
- feat: add commitlint by @bendehaan in #628
- feat: add issue templates for three categories by @bendehaan in #655
- Create SECURITY.md by @commjoen in #656
- Beginner Guide Submission by @puneeth072003 in #653
- Extended support for ARM on linux and Musl based development environments: Feat(#618) detect musl by @commjoen in #664
- Adding the Table of contents by @puneeth072003 in #668
- doc(x): added @puneeth072003 as contributor by @commjoen in #669
- Change in code for windows users and adding remark in contributing.md by @puneeth072003 in #678
- feat: add eslint to pre-commit by @bendehaan in #688
- feat(#631):first podman and Colima test by @commjoen in #651
- include spring boot baeldung tutorial by @commjoen in #621
- Reduce confusion on slack channel links by @commjoen in #626
- Small cleanups from spring boot3 migration by @commjoen in #674
LCM/Patches:
- Bump class-validator and javascript-obfuscator in /js by @dependabot in #623
- Bump s4u/setup-maven-action from 1.6.0 to 1.7.0 by @dependabot in #633
- Bump lycheeverse/lychee-action from 1.5.4 to 1.6.1 by @dependabot in #63
- Bump cyclonedx-maven-plugin from 2.7.4 to 2.7.5 by @dependabot in #636
- Bump spring-boot-starter-parent from 3.0.2 to 3.0.3 by @dependabot in #643
- Bump spring-cloud-gcp-dependencies from 4.0.0 to 4.1.1 by @dependabot in #644
- Bump aws.sdk.version from 2.19.33 to 2.20.12 by @dependabot in #641
- Bump datatables from 1.13.1 to 1.13.2 by @dependabot in #645
- Update hashicorp/google requirement from ~> 4.52.0 to ~> 4.54.0 in /gcp by @dependabot in #642
- Bump terraform-aws-modules/eks/aws from 19.7.0 to 19.10.0 in /aws by @dependabot in #638
- Update aws requirement from ~> 4.53.0 to ~> 4.56.0 in /aws by @dependabot in #639
- Update hashicorp/google-beta requirement from ~> 4.52.0 to ~> 4.54.0 in /gcp by @dependabot in #637
- Update azurerm requirement from ~> 3.42.0 to ~> 3.45.0 in /azure by @dependabot in #635
- build(deps): bump cyclonedx-core-java from 7.3.1 to 7.3.2 by @dependabot in #662
- build(deps): bump checkstyle from 10.7.0 to 10.8.0 by @dependabot in #657
- build(deps): bump erzz/codeclimate-standalone from 0.0.4 to 0.0.5 by @dependabot in #671
- build(deps): bump minimatch from 6.1.6 to 7.3.0 in /js by @dependabot in #658
- build(deps): bump aws.sdk.version from 2.20.12 to 2.20.14 by @dependabot in #661
- build(deps): update hashicorp/google requirement from ~> 4.54.0 to ~> 4.55.0 in /gcp by @dependabot in #660
- build(deps): update hashicorp/google-beta requirement from ~> 4.54.0 to ~> 4.55.0 in /gcp by @dependabot in #659
New Contributors
- @puneeth072003 made their first contribution in #653
Special thanks to
Special thanks to @madhuakula , @bendehaan , @puneeth072003, @MarcinNowak-codes, and @commjoen for making this release a reality!
Full Changelog: 1.5.14...1.6.0
Contributors
commjoen, drnow4u, and 4 other contributors
Assets 3
1.5.14: LCM, Windows binaries, webtop improvements & bugfixes
What's Changed
- Fixing Heroku test redirection to HTTPS based on suggestion from Spring community by @MarcinNowak-codes in #570
- Fixing bootstrap application by removing PortMapper from production configuration by @MarcinNowak-codes in #572
- Fix for #569 : Adding Windows Binaries and a detection method by @commjoen in #571
- limit windows development by @commjoen in #575
- Bump maven-checkstyle-plugin from 3.2.0 to 3.2.1 by @dependabot in #577
- Bump spring-boot-starter-parent from 3.0.1 to 3.0.2 by @dependabot in #578
- Bump cyclonedx-maven-plugin from 2.7.3 to 2.7.4 by @dependabot in #582
- Bump spring-cloud-gcp-dependencies from 3.4.1 to 3.4.2 by @dependabot in #583
- Bump aws.sdk.version from 2.19.8 to 2.19.21 by @dependabot in #584
- Bump minimatch from 5.1.2 to 6.1.5 in /js by @dependabot in #579
- Bump spring-cloud-azure-dependencies from 4.5.0 to 5.0.0 by @dependabot in #580
- Bump thymeleaf-layout-dialect from 3.1.0 to 3.2.0 by @dependabot in #585
- Bump checkstyle from 10.6.0 to 10.7.0 by @dependabot in #598
- Bump aws.sdk.version from 2.19.21 to 2.19.28 by @dependabot in #591
- Bump system-stubs-jupiter from 2.0.1 to 2.0.2 by @dependabot in #596
- Bump minimatch from 6.1.5 to 6.1.6 in /js by @dependabot in #600
- Revise docker images to have less & only relevant executables by @commjoen in #601
- Bump spring-cloud-gcp-dependencies from 3.4.2 to 4.0.0 by @dependabot in #597
- Bump terraform-aws-modules/eks/aws from 19.4.2 to 19.7.0 in /aws by @dependabot in #606
- Update hashicorp/google requirement from ~> 4.47.0 to ~> 4.52.0 in /gcp by @dependabot in #605
- Update hashicorp/google-beta requirement from ~> 4.47.0 to ~> 4.52.0 in /gcp by @dependabot in #604
- Update azurerm requirement from ~> 3.37.0 to ~> 3.42.0 in /azure by @dependabot in #603
- Update terraform-aws-modules/vpc/aws requirement from ~> 3.18.1 to ~> 3.19.0 in /aws by @dependabot in #595
- Update aws requirement from ~> 4.48.0 to ~> 4.53.0 in /aws by @dependabot in #602
- Bump jquery from 3.6.1 to 3.6.3 by @dependabot in #581
- Bump lombok from 1.18.24 to 1.18.26 by @dependabot in #607
- Bump spring-cloud-dependencies from 2022.0.0 to 2022.0.1 by @dependabot in #608
- Bump aws.sdk.version from 2.19.28 to 2.19.33 by @dependabot in #609
- Bump jruby-complete from 9.4.0.0 to 9.4.1.0 by @dependabot in #610
Full Changelog: 1.5.13...1.5.14
Thanks
We would like to thank @MarcinNowak-codes & @commjoen for their work on this release
Contributors
commjoen, drnow4u, and dependabot
Assets 3
1.5.13: Spring Boot 3, LCM, and Okteto support
What's Changed
- spring boot 3.0.0 by @MarcinNowak-codes in #518
- Add scanners (Trufflehog) by @commjoen in #531
- Go back in base image as newer ones don't always seem to work on aws? by @commjoen in #533
- Bump azure/setup-helm from 3.4 to 3.5 by @dependabot in #534
- Bump aws.sdk.version from 2.18.28 to 2.18.41 by @dependabot in #539
- Bump spring-cloud-azure-dependencies from 4.4.1 to 4.5.0 by @dependabot in #537
- Setup develop @ okteto button #535 by @commjoen in #542
- Bump bootstrap from 5.2.2 to 5.2.3 by @dependabot in #541
- Bump spring-cloud-gcp-dependencies from 3.4.0 to 3.4.1 by @dependabot in #538
- Bump datatables from 1.12.1 to 1.13.1 by @dependabot in #540
- fix: add envsubst to okteto by @bendehaan in #545
- Add a share-to-mastodon-button by @commjoen in #544
- Update pom.xml to make versioning consistent by @commjoen in #551
- fix: typo in readme by @bendehaan in #554
- Update readme to have intelliJ IDEA instructions by @commjoen in #552
- Bump cyclonedx-core-java from 7.2.0 to 7.3.1 by @dependabot in #550
- Bump thymeleaf-extras-springsecurity6 from 3.1.0.RELEASE to 3.1.1.RELEASE by @dependabot in #546
- Bump aws.sdk.version from 2.18.41 to 2.19.6 by @dependabot in #557
- Bump spring-boot-starter-parent from 3.0.0 to 3.0.1 by @dependabot in #549
- Bump spring-cloud-dependencies from 2021.0.4 to 2022.0.0 by @dependabot in #548
- Bump checkstyle from 10.5.0 to 10.6.0 by @dependabot in #565
- Bump minimatch from 5.1.1 to 5.1.2 in /js by @dependabot in #560
- Bump aws.sdk.version from 2.19.6 to 2.19.8 by @dependabot in #566
- Update hashicorp/google requirement from ~> 4.44.1 to ~> 4.47.0 in /gcp by @dependabot in #562
- Update aws requirement from ~> 4.45.0 to ~> 4.48.0 in /aws by @dependabot in #561
- Update hashicorp/google-beta requirement from ~> 4.44.1 to ~> 4.47.0 in /gcp by @dependabot in #564
- Bump terraform-aws-modules/eks/aws from 18.31.2 to 19.4.2 in /aws by @dependabot in #563
- Update azurerm requirement from ~> 3.33.0 to ~> 3.37.0 in /azure by @dependabot in #559
- Fixes for new TF provider in AWS by @commjoen in #567
Full Changelog: 1.5.12...1.5.13
Special thanks
Special thanks to @bendehaan , @MarcinNowak-codes , @nhumblot & @commjoen for their hard work on this release.
Contributors
commjoen, drnow4u, and 3 other contributors
Assets 3
1.5.12: New Azure SDK & LCM
What's Changed
- Fix for kubernetes minikube tests by @commjoen in #516
- First attempt to migrate to azure its new SDKs for #490 & solve challenge 11 on azure again #225 by @commjoen in #500
- Bump aws.sdk.version from 2.18.24 to 2.18.28 by @dependabot in #523
- Bump checkstyle from 10.4 to 10.5.0 by @dependabot in #521
- Bump jruby-complete from 9.3.9.0 to 9.4.0.0 by @dependabot in #522
- Bump minimatch from 5.1.0 to 5.1.1 in /js by @dependabot in #519
- Replace depreciated security configuration by @MarcinNowak-codes in #526
- #525 Replace Asciidoctor::convert() and OptionsBuilder::options() dep… by @nhumblot in #528
- Spring Security 5.8.0 by @MarcinNowak-codes in #529
- Update aws requirement from ~> 4.41.0 to ~> 4.45.0 in /aws by @dependabot in #527
New Contributors
Full Changelog: 1.5.11...1.5.12
##Special Thanks
Special thanks to @nhumblot , @MarcinNowak-codes , @commjoen & @saragluna for their work on this release.
Special thanks from the Azure SDK team for their support during this release.
Contributors
commjoen, drnow4u, and 3 other contributors
Assets 3
1.5.11b Fix a few TF items
This release is a patch to fix some of the TF related issues as a deprecation for the http provider was not fixed properly in 1.5.11.
1.5.11: LCM, UI, and small updates
What's Changed
- first thank you to sponsors by @commjoen in #487
- Bump lycheeverse/lychee-action from 1.5.1 to 1.5.2 by @dependabot in #488
- Update README.md by @commjoen in #491
- Bump lycheeverse/lychee-action from 1.5.2 to 1.5.3 by @dependabot in #493
- Fix for CTFD issue (start with 0 instead of 1) by @commjoen in #492
- Add russian info by @commjoen in #495
- Adding Juiceshop links in FE challenges by @commjoen in #489
- Bump lycheeverse/lychee-action from 1.5.3 to 1.5.4 by @dependabot in #496
- Bump s4u/setup-maven-action from 1.5.1 to 1.6.0 by @dependabot in #498
- GCP: Migrate to new springboot SDK & update azure identity to 1.7.0 and mvn dependency-check 7.3.0 by @commjoen in #499
- Bump terraform-linters/setup-tflint from 2 to 3 by @dependabot in #503
- Datatable implementation (#415) by @commjoen in #450
- Added git and a clone for the k8s container. by @commjoen in #505
- Bump aws.sdk.version from 2.18.11 to 2.18.24 by @dependabot in #506
- Bump cyclonedx-maven-plugin from 2.7.2 to 2.7.3 by @dependabot in #515
- Update aws requirement from ~> 4.37.0 to ~> 4.41.0 in /aws by @dependabot in #507
- Bump terraform-aws-modules/eks/aws from 18.30.2 to 18.31.2 in /aws by @dependabot in #510
- Update hashicorp/google-beta requirement from ~> 4.42.0 to ~> 4.44.1 in /gcp by @dependabot in #509
- Update hashicorp/google requirement from ~> 4.42.0 to ~> 4.44.1 in /gcp by @dependabot in #511
- Update azurerm requirement from ~> 3.29.1 to ~> 3.33.0 in /azure by @dependabot in #508
- Bump azure-security-keyvault-secrets from 4.5.1 to 4.5.2 by @dependabot in #513
Full Changelog: 1.5.10...1.5.11
Contributors
commjoen and dependabot
Assets 3
1.5.10: LCM, OWASP Migration & challenge text updates
What's Changed
- Bump azure/setup-helm from 3.3 to 3.4 by @dependabot in #464
- Move all references to the new location as part of #453 by @commjoen in #481
- Bump checkstyle from 10.3.4 to 10.4 by @dependabot in #479
- Bump spring.security.version from 5.7.4 to 5.7.5 by @dependabot in #471
- Bump libraries-bom from 26.1.3 to 26.1.4 by @dependabot in #480
- Bump aws.sdk.version from 2.17.285 to 2.18.7 by @dependabot in #483
- Bump azure-identity from 1.6.0 to 1.6.1 by @dependabot in #476
- Bump azure-security-keyvault-secrets from 4.5.0 to 4.5.1 by @dependabot in #478
- Update hashicorp/google-beta requirement from ~> 4.39.0 to ~> 4.42.0 in /gcp by @dependabot in #484
- Update hashicorp/google requirement from ~> 4.39.0 to ~> 4.42.0 in /gcp by @dependabot in #482
- Update http requirement from ~> 3.1.0 to ~> 3.2.0 in /gcp by @dependabot in #475
- Update terraform-aws-modules/vpc/aws requirement from ~> 3.16.0 to ~> 3.18.1 in /aws by @dependabot in #466
- Update terraform-aws-modules/iam/aws requirement from ~> 4.12 to ~> 5.5 in /aws by @dependabot in #472
- Update aws requirement from ~> 4.33.0 to ~> 4.37.0 in /aws by @dependabot in #473
- Bump terraform-aws-modules/eks/aws from 18.30.0 to 18.30.2 in /aws by @dependabot in #469
- Update http requirement from ~> 3.1.0 to ~> 3.2.0 in /azure by @dependabot in #468
- Fix minimatch vuln by @commjoen in #485
- fix for minimatch -2 by @commjoen in #486
Full Changelog: 1.5.9...1.5.10
** Special thanks **:
Special thanks to @bendehaan and @hblankenship for their work on this release!
Contributors
commjoen, dependabot, and 2 other contributors
Assets 3
1.5.9: LCM & Challenge text updates
What's Changed
- Bump s4u/setup-maven-action from 1.5.0 to 1.5.1 by @dependabot in #455
- Updated challenge texts for kubernetes and vault challenges for CTF-party by @commjoen in #456
- Bump cyclonedx-maven-plugin from 2.7.1 to 2.7.2 by @dependabot in #458
- Bump asciidoctorj.version from 2.5.6 to 2.5.7 by @dependabot in #459
- Bump jruby-complete from 9.3.8.0 to 9.3.9.0 by @dependabot in #461
- Bump libraries-bom from 26.1.2 to 26.1.3 by @dependabot in #463
- Bump spring.security.version from 5.7.3 to 5.7.4 by @dependabot in #457
- Bump spring-boot-starter-parent from 2.7.4 to 2.7.5 by @dependabot in #462
- Bump bootstrap from 5.2.0 to 5.2.2 by @dependabot in #460
Full Changelog: 1.5.8...1.5.9
Contributors
commjoen and dependabot
Assets 3
1.5.8: Migration to K8S 1.23, extended CTF documentation & hardened CTF deployments in k8s
Contributors
commjoen