b0e3a06b50 
					 
					
						
						
							
							Password reset lesson 5 not working  #512  
						
						... 
						
						
						
						Added comment to not use OWASP ZAP 
						
						
							
						
					 
					
						2019-01-17 16:35:04 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9170dcb87f 
					 
					
						
						
							
							Fix a grammatical error  
						
						
						
						
							
						
					 
					
						2019-01-17 14:50:07 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dc5f9880af 
					 
					
						
						
							
							Full implementation of "Update Webgoat Dockerfile to use entrypoints and commands  #523 " based on the pull request of Nicklaus McClendon  
						
						
						
						
							
						
					 
					
						2019-01-17 14:49:42 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ed490a5ecf 
					 
					
						
						
							
							Fix for  #545  
						
						... 
						
						
						
						Introduced new macro to make a clear distinction between /WebWolf with
context root and without. 
						
						
							
						
					 
					
						2019-01-16 11:07:30 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						81d6e12ae1 
					 
					
						
						
							
							Spring devtools no longer work in combination with Spring and Java 11  
						
						
						
						
							
						
					 
					
						2019-01-15 16:29:49 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c3ee0b7662 
					 
					
						
						
							
							Travis build should also use Java 11  
						
						
						
						
							
						
					 
					
						2019-01-15 16:24:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						959a3c6420 
					 
					
						
						
							
							Docker images should use new jar version notation  
						
						
						
						
							
						
					 
					
						2019-01-15 16:23:21 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3fa10c4b10 
					 
					
						
						
							
							Update to Java 11  
						
						
						
						
							
						
					 
					
						2019-01-15 16:23:03 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ec225558b9 
					 
					
						
						
							
							Move to latest Spring Boot version and move to Java 11  
						
						
						
						
							
						
					 
					
						2018-12-15 13:59:54 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dd1009bc54 
					 
					
						
						
							
							Add Maven wrapper  
						
						
						
						
							
						
					 
					
						2018-12-14 12:56:21 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bf45a0a8e5 
					 
					
						
						
							
							Fix for XXE docs  
						
						
						
						
							
						
					 
					
						2018-12-14 12:43:19 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f81a6852db 
					 
					
						
						
							
							YAML structure fix, postgres version fix  
						
						... 
						
						
						
						The structure of the environment was incorrect. The postgres dialect doesn't match the postgres:latest image. 
						
						
							
						
					 
					
						2018-11-19 08:16:49 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ecbbb5258e 
					 
					
						
						
							
							encapsulated the WEBGOAT_HOME in quotes  
						
						... 
						
						
						
						Encapsulating the `WEBGOAT_HOME` variable in quotes allows for spaces to exist in the path 
						
						
							
						
					 
					
						2018-11-19 08:14:29 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1520c7571f 
					 
					
						
						
							
							HTML Tampering Mitigation Description Typo  
						
						
						
						
							
						
					 
					
						2018-11-19 08:13:17 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b6e4995d11 
					 
					
						
						
							
							Fixed Vagrant file  
						
						... 
						
						
						
						- Added correct wget urls for .jar files
- changed server address to 0.0.0.0(pointing to all interfaces) because by default it listens for connections on VM's localhost only but we want to access webgoat on NAT adapter via port forwarding 
						
						
							
						
					 
					
						2018-11-19 08:10:11 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a2f28460c0 
					 
					
						
						
							
							Update password_reset.html  
						
						... 
						
						
						
						Without this attribute it is impossible to pass the lesson "password-reset" `Email functionality with WebWolf`. 
						
						
							
						
					 
					
						2018-11-19 08:08:41 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0797c3e2bf 
					 
					
						
						
							
							Merge pull request  #519  from pingiun/patch-1  
						
						... 
						
						
						
						Fix typo 
						
						
							
						
					 
					
						2018-09-13 08:16:11 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f9a4061604 
					 
					
						
						
							
							Fix typo  
						
						
						
						
							
						
					 
					
						2018-09-12 09:54:44 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						580e50f558 
					 
					
						
						
							
							Same form post is used and with autocomplete this does not work because all fields will be posted. The endpoint could no long distinguish between the different actions (sending e-mail and checking password)  
						
						
						
						
							
						
					 
					
						2018-08-10 13:15:40 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3d58049af6 
					 
					
						
						
							
							docker-compose-local.yml now extends docker-compose.yml  
						
						... 
						
						
						
						WebWolf waits for 8 seconds after WebGoat starts so the database connection can be established 
						
						
							
						
					 
					
						2018-08-08 18:26:12 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bca8b3c650 
					 
					
						
						
							
							Fix buildscripts to wait for Docker and build snapshots  
						
						
						
						
							
						
					 
					
						2018-08-08 18:23:27 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1252e3dc21 
					 
					
						
						
							
							Update instructions to use docker-compose only  
						
						
						
						
							
						
					 
					
						2018-07-17 20:17:35 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						63a50df7a1 
					 
					
						
						
							
							Add hint to lesson users no longer have guess the complete ip address  
						
						
						
						
							
						
					 
					
						2018-07-06 18:22:29 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f9e552f1cd 
					 
					
						
						
							
							Add instructions how to run WebGoat on Java 9 or higher  
						
						
						
						
							
						
					 
					
						2018-07-04 19:15:54 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2233550fe1 
					 
					
						
						
							
							Adding more solutions for SQL order by lesson  
						
						
						
						
							
						
					 
					
						2018-06-22 14:12:37 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cb18295f9f 
					 
					
						
						
							
							Update hint  
						
						
						
						
							
						
					 
					
						2018-06-21 07:53:21 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						651698d96c 
					 
					
						
						
							
							Add different solution for XXE attack  
						
						
						
						
							
						
					 
					
						2018-06-21 07:17:27 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4d7d0058c3 
					 
					
						
						
							
							Update how to create a release document  
						
						
						
						
							
						
					 
					
						2018-06-20 18:38:16 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e3fba396de 
					 
					
						
						
							
							Merge tag 'v8.0.0.M21' into develop  
						
						
						
						
							
						
					 
					
						2018-06-20 18:24:06 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3536fd0b6d 
					 
					
						
						
							
							Merge branch 'release/v8.0.0.M21'  
						
						
						
						
							
 
						
					 
					
						2018-06-20 18:23:59 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bc84e8f207 
					 
					
						
						
							
							Build release when tag is set  
						
						
						
						
							
						
					 
					
						2018-06-20 18:22:35 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						14dbd47675 
					 
					
						
						
							
							Merge tag 'v8.0.0.M20' into develop  
						
						... 
						
						
						
						New release M20 
						
						
							
						
					 
					
						2018-06-20 18:06:26 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						898dd90c6f 
					 
					
						
						
							
							Merge branch 'release/v8.0.0.M20'  
						
						
						
						
							
 
						
					 
					
						2018-06-20 18:06:17 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ac12a009e4 
					 
					
						
						
							
							New release v8.0.0.M20  
						
						
						
						
							
						
					 
					
						2018-06-20 18:05:59 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						699b1bfd89 
					 
					
						
						
							
							Only do releases and Docker updates when building master  
						
						
						
						
							
						
					 
					
						2018-06-20 18:05:06 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ad77a7ab24 
					 
					
						
						
							
							Merge tag 'v8.0.0.M19' into develop  
						
						... 
						
						
						
						New release M19 
						
						
							
						
					 
					
						2018-06-20 16:40:44 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b7278590f5 
					 
					
						
						
							
							Merge branch 'release/v8.0.0.M19'  
						
						
						
						
							
 
						
					 
					
						2018-06-20 16:40:33 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9dd93d88d9 
					 
					
						
						
							
							New release v8.0.0.M19  
						
						
						
						
							
						
					 
					
						2018-06-20 16:40:28 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4c767cb977 
					 
					
						
						
							
							Merge tag 'v8.0.0.M18' into develop  
						
						... 
						
						
						
						New release 
						
						
							
						
					 
					
						2018-06-20 16:32:44 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						12123ef13b 
					 
					
						
						
							
							Merge branch 'release/v8.0.0.M18'  
						
						
						
						
							
 
						
					 
					
						2018-06-20 16:32:31 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c7da546249 
					 
					
						
						
							
							Improve text for lesson about CSRF login  
						
						
						
						
							
						
					 
					
						2018-06-16 17:52:18 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a41ff0083c 
					 
					
						
						
							
							Merge pull request  #479  from misfir3/develop  
						
						... 
						
						
						
						Recent updates, including Missing Function AC content & patch for Vuln Components Lesson 
						
						
							
						
					 
					
						2018-06-13 18:44:09 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						701a99cf8f 
					 
					
						
						
							
							Merge pull request  #487  from matthias-g/xssFixes  
						
						... 
						
						
						
						Small lesson improvements 
						
						
							
						
					 
					
						2018-06-13 18:42:14 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						844808bfa7 
					 
					
						
						
							
							Merge pull request  #485  from matthias-g/fixSQLInjection  
						
						... 
						
						
						
						Fix sql injection 
						
						
							
						
					 
					
						2018-06-13 18:41:05 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						81aac93dfe 
					 
					
						
						
							
							Usage base64 encoded password as expected by JJWT  
						
						
						
						
							
						
					 
					
						2018-06-13 17:58:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e5ec2c1ee0 
					 
					
						
						
							
							Fix html attribute  
						
						
						
						
							
						
					 
					
						2018-06-13 17:56:57 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b0fbeaff2c 
					 
					
						
						
							
							This improves the text of the lesson about XSS  
						
						
						
						
							
						
					 
					
						2018-06-13 17:56:23 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b47bb96534 
					 
					
						
						
							
							Update changed password in tests  
						
						
						
						
							
						
					 
					
						2018-06-13 16:11:28 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3b9b695ef1 
					 
					
						
						
							
							Check host header instead of origin which might not be present  #475  
						
						
						
						
							
						
					 
					
						2018-06-13 11:38:33 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1d2575a211 
					 
					
						
						
							
							Allow - in usernames because CSRF lesson requires username starting with prefix crsf-  #476  
						
						
						
						
							
						
					 
					
						2018-06-13 11:38:33 +02:00