From 5921a0674717ea7a76f4e52197080c8bd47469eb Mon Sep 17 00:00:00 2001
From: Omniscimus <omni@omniscimus.net>
Date: Wed, 3 Oct 2018 09:30:30 +0200
Subject: [PATCH 1/3] Fix SQL injection mitigation answer (fixes #505)

You need to submit the IP of the webgoat-prd server, not just any of the IPs.
---
 .../owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java
index b8237b8df..e54834121 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java
@@ -33,7 +33,7 @@ public class SqlInjectionLesson12a extends AssignmentEndpoint {
     @SneakyThrows
     public AttackResult completed(@RequestParam String ip) {
         Connection connection = DatabaseUtilities.getConnection(webSession);
-        PreparedStatement preparedStatement = connection.prepareStatement("select ip from servers where ip = ?");
+        PreparedStatement preparedStatement = connection.prepareStatement("select ip from servers where hostname = 'webgoat-prd' and ip = ?");
         preparedStatement.setString(1, ip);
         ResultSet resultSet = preparedStatement.executeQuery();
         if (resultSet.next()) {

From 6699456ee1fac49075ecdeb3d09df53045d1e24a Mon Sep 17 00:00:00 2001
From: malikashish8 <malikashish8@gmail.com>
Date: Fri, 26 Oct 2018 22:29:44 +1100
Subject: [PATCH 2/3] Bug fix in sample code

---
 .../main/resources/lessonPlans/en/SqlInjection_content9.adoc  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content9.adoc b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content9.adoc
index 196c958ab..996b6ac3a 100644
--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content9.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content9.adoc
@@ -11,7 +11,7 @@ PreparedStatement ps = null;
 RecordSet rs = null;
 try {
     pUserName = request.getParameter("UserName");
-    if ( isUsernameValid (pUsername);
+    if ( isUsernameValid (pUsername) ) {
         ps = conn.prepareStatement("SELECT * FROM user_table 
                                    WHERE username = ? ");
         ps.setString(1, pUsername);
@@ -22,4 +22,4 @@ try {
     } else { // handle invalid input }
 }
 catch (…) { // handle all exceptions … }
-----
\ No newline at end of file
+----

From 9be4361afc84f861ddd84b013ca0ace71bfd80ed Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanneb@gmail.com>
Date: Fri, 18 Jan 2019 08:37:26 +0100
Subject: [PATCH 3/3] New release, updating pom.xml

---
 pom.xml                                          | 2 +-
 webgoat-container/pom.xml                        | 2 +-
 webgoat-lessons/auth-bypass/pom.xml              | 2 +-
 webgoat-lessons/bypass-restrictions/pom.xml      | 2 +-
 webgoat-lessons/challenge/pom.xml                | 2 +-
 webgoat-lessons/client-side-filtering/pom.xml    | 2 +-
 webgoat-lessons/cross-site-scripting/pom.xml     | 2 +-
 webgoat-lessons/csrf/pom.xml                     | 2 +-
 webgoat-lessons/html-tampering/pom.xml           | 2 +-
 webgoat-lessons/http-basics/pom.xml              | 2 +-
 webgoat-lessons/http-proxies/pom.xml             | 2 +-
 webgoat-lessons/idor/pom.xml                     | 2 +-
 webgoat-lessons/insecure-deserialization/pom.xml | 2 +-
 webgoat-lessons/insecure-login/pom.xml           | 2 +-
 webgoat-lessons/jwt/pom.xml                      | 2 +-
 webgoat-lessons/missing-function-ac/pom.xml      | 2 +-
 webgoat-lessons/password-reset/pom.xml           | 2 +-
 webgoat-lessons/pom.xml                          | 4 ++--
 webgoat-lessons/sql-injection/pom.xml            | 2 +-
 webgoat-lessons/vulnerable-components/pom.xml    | 2 +-
 webgoat-lessons/webgoat-introduction/pom.xml     | 2 +-
 webgoat-lessons/webwolf-introduction/pom.xml     | 2 +-
 webgoat-lessons/xxe/pom.xml                      | 2 +-
 webgoat-server/pom.xml                           | 2 +-
 webwolf/pom.xml                                  | 2 +-
 25 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/pom.xml b/pom.xml
index bf6e77a90..dba2c4440 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
     <groupId>org.owasp.webgoat</groupId>
     <artifactId>webgoat-parent</artifactId>
     <packaging>pom</packaging>
-    <version>v8.0.0-SNAPSHOT</version>
+    <version>v8.0.0.M22</version>
 
     <name>WebGoat Parent Pom</name>
     <description>Parent Pom for the WebGoat Project. A deliberately insecure Web Application</description>
diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml
index 2f766037a..347f7e6b1 100644
--- a/webgoat-container/pom.xml
+++ b/webgoat-container/pom.xml
@@ -10,7 +10,7 @@
     <parent>
         <groupId>org.owasp.webgoat</groupId>
         <artifactId>webgoat-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
     <profiles>
diff --git a/webgoat-lessons/auth-bypass/pom.xml b/webgoat-lessons/auth-bypass/pom.xml
index 0cdc9ef49..0f0a1085e 100644
--- a/webgoat-lessons/auth-bypass/pom.xml
+++ b/webgoat-lessons/auth-bypass/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
 </project>
diff --git a/webgoat-lessons/bypass-restrictions/pom.xml b/webgoat-lessons/bypass-restrictions/pom.xml
index c1d0102c0..19d00f322 100755
--- a/webgoat-lessons/bypass-restrictions/pom.xml
+++ b/webgoat-lessons/bypass-restrictions/pom.xml
@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 </project>
diff --git a/webgoat-lessons/challenge/pom.xml b/webgoat-lessons/challenge/pom.xml
index f4a321fd7..565a2e6c7 100644
--- a/webgoat-lessons/challenge/pom.xml
+++ b/webgoat-lessons/challenge/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
 
diff --git a/webgoat-lessons/client-side-filtering/pom.xml b/webgoat-lessons/client-side-filtering/pom.xml
index aa1d49872..51ab26b6c 100644
--- a/webgoat-lessons/client-side-filtering/pom.xml
+++ b/webgoat-lessons/client-side-filtering/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
 </project>
diff --git a/webgoat-lessons/cross-site-scripting/pom.xml b/webgoat-lessons/cross-site-scripting/pom.xml
index 6c99401b6..b552ec05c 100644
--- a/webgoat-lessons/cross-site-scripting/pom.xml
+++ b/webgoat-lessons/cross-site-scripting/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
     <build>
        <plugins>
diff --git a/webgoat-lessons/csrf/pom.xml b/webgoat-lessons/csrf/pom.xml
index 2366e85d3..46562563c 100644
--- a/webgoat-lessons/csrf/pom.xml
+++ b/webgoat-lessons/csrf/pom.xml
@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 </project>
\ No newline at end of file
diff --git a/webgoat-lessons/html-tampering/pom.xml b/webgoat-lessons/html-tampering/pom.xml
index 2585104ca..0da8bb5d8 100755
--- a/webgoat-lessons/html-tampering/pom.xml
+++ b/webgoat-lessons/html-tampering/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
     <dependencies>
diff --git a/webgoat-lessons/http-basics/pom.xml b/webgoat-lessons/http-basics/pom.xml
index 4a2e3959b..a20459465 100644
--- a/webgoat-lessons/http-basics/pom.xml
+++ b/webgoat-lessons/http-basics/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
 </project>
diff --git a/webgoat-lessons/http-proxies/pom.xml b/webgoat-lessons/http-proxies/pom.xml
index 23c24a5dd..fa45d71a5 100644
--- a/webgoat-lessons/http-proxies/pom.xml
+++ b/webgoat-lessons/http-proxies/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
     <dependencies>
diff --git a/webgoat-lessons/idor/pom.xml b/webgoat-lessons/idor/pom.xml
index 73e18fbaa..122f12cf5 100644
--- a/webgoat-lessons/idor/pom.xml
+++ b/webgoat-lessons/idor/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
 </project>
\ No newline at end of file
diff --git a/webgoat-lessons/insecure-deserialization/pom.xml b/webgoat-lessons/insecure-deserialization/pom.xml
index 08de6cf6a..4e7e294f1 100755
--- a/webgoat-lessons/insecure-deserialization/pom.xml
+++ b/webgoat-lessons/insecure-deserialization/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
     <dependencies>
diff --git a/webgoat-lessons/insecure-login/pom.xml b/webgoat-lessons/insecure-login/pom.xml
index faf241a51..cbe489fca 100755
--- a/webgoat-lessons/insecure-login/pom.xml
+++ b/webgoat-lessons/insecure-login/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
     <dependencies>
diff --git a/webgoat-lessons/jwt/pom.xml b/webgoat-lessons/jwt/pom.xml
index e1856384d..4850d85b6 100644
--- a/webgoat-lessons/jwt/pom.xml
+++ b/webgoat-lessons/jwt/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
     <dependencies>
diff --git a/webgoat-lessons/missing-function-ac/pom.xml b/webgoat-lessons/missing-function-ac/pom.xml
index 7c2359247..12de5d3cb 100644
--- a/webgoat-lessons/missing-function-ac/pom.xml
+++ b/webgoat-lessons/missing-function-ac/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
 </project>
diff --git a/webgoat-lessons/password-reset/pom.xml b/webgoat-lessons/password-reset/pom.xml
index 37c437ce9..b6c33f442 100644
--- a/webgoat-lessons/password-reset/pom.xml
+++ b/webgoat-lessons/password-reset/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
     <dependencies>
diff --git a/webgoat-lessons/pom.xml b/webgoat-lessons/pom.xml
index c6d9f8b75..bb44f17ea 100644
--- a/webgoat-lessons/pom.xml
+++ b/webgoat-lessons/pom.xml
@@ -5,12 +5,12 @@
     <groupId>org.owasp.webgoat.lesson</groupId>
     <artifactId>webgoat-lessons-parent</artifactId>
     <packaging>pom</packaging>
-    <version>v8.0.0-SNAPSHOT</version>
+    <version>v8.0.0.M22</version>
 
     <parent>
         <groupId>org.owasp.webgoat</groupId>
         <artifactId>webgoat-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
     <modules>
diff --git a/webgoat-lessons/sql-injection/pom.xml b/webgoat-lessons/sql-injection/pom.xml
index d2e50488c..ac6e19f53 100644
--- a/webgoat-lessons/sql-injection/pom.xml
+++ b/webgoat-lessons/sql-injection/pom.xml
@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 </project>
\ No newline at end of file
diff --git a/webgoat-lessons/vulnerable-components/pom.xml b/webgoat-lessons/vulnerable-components/pom.xml
index 22411f819..e04800aee 100644
--- a/webgoat-lessons/vulnerable-components/pom.xml
+++ b/webgoat-lessons/vulnerable-components/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/webgoat-lessons/webgoat-introduction/pom.xml b/webgoat-lessons/webgoat-introduction/pom.xml
index 5e6d2ce7f..e12d7cf05 100644
--- a/webgoat-lessons/webgoat-introduction/pom.xml
+++ b/webgoat-lessons/webgoat-introduction/pom.xml
@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 </project>
\ No newline at end of file
diff --git a/webgoat-lessons/webwolf-introduction/pom.xml b/webgoat-lessons/webwolf-introduction/pom.xml
index a268b0602..afffd26bf 100644
--- a/webgoat-lessons/webwolf-introduction/pom.xml
+++ b/webgoat-lessons/webwolf-introduction/pom.xml
@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 </project>
\ No newline at end of file
diff --git a/webgoat-lessons/xxe/pom.xml b/webgoat-lessons/xxe/pom.xml
index 6d69be448..b5870e3b1 100644
--- a/webgoat-lessons/xxe/pom.xml
+++ b/webgoat-lessons/xxe/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
     <dependencies>
diff --git a/webgoat-server/pom.xml b/webgoat-server/pom.xml
index 31a304e2f..1744d990c 100644
--- a/webgoat-server/pom.xml
+++ b/webgoat-server/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat</groupId>
         <artifactId>webgoat-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
     <properties>
diff --git a/webwolf/pom.xml b/webwolf/pom.xml
index 385a0fbc5..4a2e40c0a 100644
--- a/webwolf/pom.xml
+++ b/webwolf/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat</groupId>
         <artifactId>webgoat-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
+        <version>v8.0.0.M22</version>
     </parent>
 
     <dependencies>