2d26a318d1
chore: bump org.owasp:dependency-check-maven from 6.5.1 to 8.4.3 ( #1671 )
...
Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck ) from 6.5.1 to 8.4.3.
- [Release notes](https://github.com/jeremylong/DependencyCheck/releases )
- [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md )
- [Commits](https://github.com/jeremylong/DependencyCheck/compare/v6.5.1...v8.4.3 )
---
updated-dependencies:
- dependency-name: org.owasp:dependency-check-maven
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 14:55:37 +01:00
dc16e9a0fb
fix: typo in WebGoad.txt ( #1667 )
...
Signed-off-by: Agustín Díaz <agustin.ramiro.diaz@gmail.com >
2023-11-17 18:59:02 +01:00
88a321c268
search box moved and jwt encode/decode with little delay ( #1664 )
2023-11-16 14:42:10 +01:00
8450c5a5be
skip validation for JWT ( #1663 )
...
* skip validation for JWT
* skip validation for JWT
* skip validation for JWT
2023-11-15 18:30:14 +01:00
ba75e10efd
fixed issue in JWT test tool and added robot test ( #1658 )
2023-11-14 18:14:48 +01:00
d1e44bbc98
Password reset link test condition more strict and move all WebWolf links to /WebWolf ( #1645 )
...
* better check on host and port for password reset and make context roots more flexible
* spotless applied
* removed hardcoded /WebGoat from js
* removed hardcoded /WebGoat from js
* fix spotless
* fix scoreboard
* upgrade WebWolf bootstrap version and icons and templates - part 1
* fixed more bootstrap 5 style issues and context path issues
* organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed)
* spotless applied
* added mock bean
* requires updates to properties - commented for now
* requires updates to properties - commented for now
* oauth secrets through env values
* user creation after oauth login
* integration test against non default context paths
* adjusted StartupMessage
* add global model element username
* conditionally show login oauth links
* fixed WebWolf login
---------
Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local >
2023-11-14 10:01:59 +01:00
5a4974f3c2
chore: bump org.apache.maven.plugins:maven-checkstyle-plugin ( #1640 )
...
Bumps [org.apache.maven.plugins:maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin ) from 3.3.0 to 3.3.1.
- [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.3.0...maven-checkstyle-plugin-3.3.1 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-02 08:13:39 +01:00
4fc1d1fb22
chore: bump org.apache.maven.plugins:maven-surefire-plugin ( #1641 )
...
Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire ) from 3.1.2 to 3.2.1.
- [Release notes](https://github.com/apache/maven-surefire/releases )
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.1.2...surefire-3.2.1 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-02 07:26:26 +01:00
084a105c69
Java 21 initial support ( #1622 )
...
* check java 17 and 21 in build
* build on regular branch push
* build on regular branch push
* build on regular branch push
* update spring boot for Java21 support
2023-10-23 20:21:00 +02:00
7485cb8b9a
chore: bump org.webjars:bootstrap from 3.3.7 to 5.3.2 ( #1624 )
...
* chore: bump org.webjars:bootstrap from 3.3.7 to 5.3.2
Bumps [org.webjars:bootstrap](https://github.com/webjars/bootstrap ) from 3.3.7 to 5.3.2.
- [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-3.3.7...bootstrap-5.3.2 )
---
updated-dependencies:
- dependency-name: org.webjars:bootstrap
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* small update and ignore major updates
* small update and ignore major updates
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com >
2023-10-23 20:09:48 +02:00
c312ae989f
chore: bump docker/setup-buildx-action from 2 to 3 ( #1628 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2 to 3.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 17:12:25 +02:00
5fde7fbf29
chore: bump docker/login-action from 2.2.0 to 3.0.0 ( #1630 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.2.0 to 3.0.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v2.2.0...v3.0.0 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com >
2023-10-23 17:03:54 +02:00
a32c56bfc7
chore: bump actions/first-interaction from 1.1.1 to 1.2.0 ( #1629 )
...
Bumps [actions/first-interaction](https://github.com/actions/first-interaction ) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/actions/first-interaction/releases )
- [Commits](https://github.com/actions/first-interaction/compare/v1.1.1...v1.2.0 )
---
updated-dependencies:
- dependency-name: actions/first-interaction
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com >
2023-10-23 16:57:16 +02:00
6fd3eb57eb
chore: bump com.google.guava:guava from 32.1.1-jre to 32.1.3-jre ( #1627 )
...
Bumps [com.google.guava:guava](https://github.com/google/guava ) from 32.1.1-jre to 32.1.3-jre.
- [Release notes](https://github.com/google/guava/releases )
- [Commits](https://github.com/google/guava/commits )
---
updated-dependencies:
- dependency-name: com.google.guava:guava
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com >
2023-10-23 16:49:02 +02:00
1743d017ff
chore: bump commons-io:commons-io from 2.13.0 to 2.14.0 ( #1626 )
...
Bumps commons-io:commons-io from 2.13.0 to 2.14.0.
---
updated-dependencies:
- dependency-name: commons-io:commons-io
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 16:25:45 +02:00
2b2638943b
chore: bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 ( #1625 )
...
Bumps [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco ) from 0.8.10 to 0.8.11.
- [Release notes](https://github.com/jacoco/jacoco/releases )
- [Commits](https://github.com/jacoco/jacoco/compare/v0.8.10...v0.8.11 )
---
updated-dependencies:
- dependency-name: org.jacoco:jacoco-maven-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 16:18:27 +02:00
45c26d8aaf
Fix servers id ( #1619 )
2023-10-22 15:25:52 +02:00
be30551850
fix: potential NPE in the stored XSS assignment
2023-08-27 14:31:35 +02:00
49862f6b90
fix: fixes the default change in trailing slash matching and address the affected assignments
2023-08-27 14:14:27 +02:00
4009785bb8
fix: crypto basics broken links
2023-08-27 13:16:08 +02:00
d8341c86a1
bug: fix hint that was breaking the template, causing hints from different assignments to mix ( #1424 )
2023-08-27 02:08:52 +02:00
055578893d
feat: improve MFAC lesson hint texts for a better user experience ( #1424 )
2023-08-27 02:08:52 +02:00
b89ebd70ad
chore: bump webdrivermanager from 5.3.2 to 5.3.3
...
Bumps [webdrivermanager](https://github.com/bonigarcia/webdrivermanager ) from 5.3.2 to 5.3.3.
- [Release notes](https://github.com/bonigarcia/webdrivermanager/releases )
- [Changelog](https://github.com/bonigarcia/webdrivermanager/blob/master/CHANGELOG.md )
- [Commits](https://github.com/bonigarcia/webdrivermanager/compare/webdrivermanager-5.3.2...webdrivermanager-5.3.3 )
---
updated-dependencies:
- dependency-name: io.github.bonigarcia:webdrivermanager
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-27 00:34:41 +02:00
7b81247dd1
fix: HijackSession lesson template deprecated Tymeleaf attribute
2023-08-26 02:57:50 +02:00
3bc2e57c9c
Fix NPE in IDOR lesson
2023-08-26 02:22:33 +02:00
c3ec168d59
Add new assignment IT tests
2023-08-26 01:30:17 +02:00
a67fbf5a5a
fix: XSS mitigation
2023-08-26 01:30:17 +02:00
3365c8d447
Remove wrong files
2023-08-25 22:50:40 +02:00
368c046779
fix: Stored Cross-Site Scripting Lesson
2023-08-25 20:55:26 +02:00
8749137d1e
chore: bump org.webjars:jquery from 3.6.4 to 3.7.0
...
Bumps [org.webjars:jquery](https://github.com/webjars/jquery ) from 3.6.4 to 3.7.0.
- [Commits](https://github.com/webjars/jquery/compare/jquery-3.6.4...jquery-3.7.0 )
---
updated-dependencies:
- dependency-name: org.webjars:jquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-25 00:31:04 +02:00
786cabd251
Make webjar dependencies version agnostic
2023-08-24 16:43:28 +02:00
dda8b10f55
chore: bump org.jruby:jruby from 9.4.2.0 to 9.4.3.0
...
Bumps org.jruby:jruby from 9.4.2.0 to 9.4.3.0.
---
updated-dependencies:
- dependency-name: org.jruby:jruby
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-19 00:20:59 +02:00
d6ca083529
chore: bump commons-io:commons-io from 2.11.0 to 2.13.0
...
Bumps commons-io:commons-io from 2.11.0 to 2.13.0.
---
updated-dependencies:
- dependency-name: commons-io:commons-io
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-18 16:15:17 +02:00
7c92d625dd
doc: fix version strings
...
Replace `2023.3` with `2023.4`
2023-08-16 15:59:23 +02:00
4ba818533c
fix: WebWolf JWT jquery webjar
2023-08-09 01:32:03 +02:00
a9b1fd66b8
feat: implement JWT jku example ( #1552 )
...
Closes #1539
2023-08-08 17:18:22 +02:00
8f6e47e6d4
chore: bump com.nulab-inc:zxcvbn from 1.7.0 to 1.8.0 ( #1542 )
...
Bumps [com.nulab-inc:zxcvbn](https://github.com/nulab/zxcvbn4j ) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/nulab/zxcvbn4j/releases )
- [Changelog](https://github.com/nulab/zxcvbn4j/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nulab/zxcvbn4j/compare/1.7.0...1.8.0 )
---
updated-dependencies:
- dependency-name: com.nulab-inc:zxcvbn
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-04 16:34:49 +02:00
61de52840f
chore: bump com.diffplug.spotless:spotless-maven-plugin from 2.33.0 to 2.38.0 ( #1535 )
...
* chore: bump com.diffplug.spotless:spotless-maven-plugin
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless ) from 2.33.0 to 2.38.0.
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md )
- [Commits](https://github.com/diffplug/spotless/compare/lib/2.33.0...lib/2.38.0 )
---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore: format code
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nanne Baars <nanne.baars@owasp.org >
2023-07-30 15:10:31 +02:00
fd3eb2451c
chore: bump guava from 31.1-jre to 32.1.1-jre ( #1530 )
...
Bumps [guava](https://github.com/google/guava ) from 31.1-jre to 32.1.1-jre.
- [Release notes](https://github.com/google/guava/releases )
- [Commits](https://github.com/google/guava/commits )
---
updated-dependencies:
- dependency-name: com.google.guava:guava
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-29 12:35:06 +02:00
32fa1ec0a6
chore: bump jquery from 3.5.1 to 3.6.4 ( #1529 )
...
Bumps [jquery](https://github.com/webjars/jquery ) from 3.5.1 to 3.6.4.
- [Commits](https://github.com/webjars/jquery/compare/jquery-3.5.1...jquery-3.6.4 )
---
updated-dependencies:
- dependency-name: org.webjars:jquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com >
2023-07-27 13:04:46 +02:00
ad00119b0d
Add Assignment7 Tests
2023-07-18 00:38:23 +02:00
25f49537e7
bug: Fix IDOR lesson
2023-07-16 17:14:27 +02:00
8cb735e623
chore: bump joonvena/robotframework-reporter-action from 2.1 to 2.2
...
Bumps [joonvena/robotframework-reporter-action](https://github.com/joonvena/robotframework-reporter-action ) from 2.1 to 2.2.
- [Release notes](https://github.com/joonvena/robotframework-reporter-action/releases )
- [Commits](https://github.com/joonvena/robotframework-reporter-action/compare/v2.1...v2.2 )
---
updated-dependencies:
- dependency-name: joonvena/robotframework-reporter-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-07-16 16:01:06 +02:00
155a40aab4
chore: bump docker/build-push-action from 4.1.0 to 4.1.1
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v4.1.0...v4.1.1 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-07-16 15:55:22 +02:00
6c4ddbbaad
chore: bump maven-surefire-plugin from 3.1.0 to 3.1.2
...
Bumps [maven-surefire-plugin](https://github.com/apache/maven-surefire ) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/apache/maven-surefire/releases )
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.1.0...surefire-3.1.2 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-07-16 15:41:25 +02:00
d704f69879
chore: bump commons-compress from 1.22 to 1.23.0 ( #1514 )
...
Bumps commons-compress from 1.22 to 1.23.0.
---
updated-dependencies:
- dependency-name: org.apache.commons:commons-compress
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-15 09:28:40 +02:00
3b2b613aa5
chore: bump asciidoctorj from 2.5.3 to 2.5.10 ( #1498 )
...
Bumps [asciidoctorj](https://github.com/asciidoctor/asciidoctorj ) from 2.5.3 to 2.5.10.
- [Release notes](https://github.com/asciidoctor/asciidoctorj/releases )
- [Changelog](https://github.com/asciidoctor/asciidoctorj/blob/v2.5.10/CHANGELOG.adoc )
- [Commits](https://github.com/asciidoctor/asciidoctorj/compare/v2.5.3...v2.5.10 )
---
updated-dependencies:
- dependency-name: org.asciidoctor:asciidoctorj
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-18 20:21:53 +02:00
934ba3e496
fix: remove steps from release script ( #1509 )
...
Closes gh-1383
2023-06-18 20:13:38 +02:00
8ec718c1ef
format
2023-06-15 19:26:33 +02:00
1df7ca61a3
Text content improvement
2023-06-15 19:26:33 +02:00
