f6c7a54931 
					 
					
						
						
							
							docs: add screenshot to README and add Docker WebGoat desktop text  
						
						
						
						
							
						
					 
					
						2023-02-17 12:56:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f1012c85d6 
					 
					
						
						
							
							feat: add Docker desktop version of WebGoat with all tools installed  
						
						... 
						
						
						
						The new Docker image uses linuxserver/webtop giving users the opportunity
to run a Linux desktop in their browser without installing any tools
on their local machine. 
						
						
							
						
					 
					
						2023-02-17 12:56:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ecfc321f14 
					 
					
						
						
							
							feature: Add extra feedback once someone solves JWT refresh lesson differently  
						
						... 
						
						
						
						One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback. 
						
						
							
						
					 
					
						2023-02-16 20:32:27 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						73b8c431fc 
					 
					
						
						
							
							chore: use constructor instead of field dependency injection  
						
						
						
						
							
						
					 
					
						2023-02-16 20:32:27 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b68adfbc7c 
					 
					
						
						
							
							Bump devops-infra/action-pull-request from 0.5.3 to 0.5.5  
						
						... 
						
						
						
						Bumps [devops-infra/action-pull-request](https://github.com/devops-infra/action-pull-request ) from 0.5.3 to 0.5.5.
- [Release notes](https://github.com/devops-infra/action-pull-request/releases )
- [Commits](https://github.com/devops-infra/action-pull-request/compare/v0.5.3...v0.5.5 )
---
updated-dependencies:
- dependency-name: devops-infra/action-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com > 
						
						
							
						
					 
					
						2023-02-16 14:09:05 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1a2855afcd 
					 
					
						
						
							
							chore: set directories explicitly when running IT tests  
						
						
						
						
							
						
					 
					
						2023-02-16 12:24:02 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						693771220c 
					 
					
						
						
							
							fix: change url in JavaScript for JWT endpoint  
						
						... 
						
						
						
						The JavaScript pointed to the context root /WebWolf/ which is no longer in use. 
						
						
							
						
					 
					
						2023-02-16 12:24:02 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						075b1ab30a 
					 
					
						
						
							
							Fix WebWolf JWT tool  
						
						
						
						
							
						
					 
					
						2023-02-15 22:40:24 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						390ff39f19 
					 
					
						
						
							
							chore: format src/test/it as well  
						
						
						
						
							
						
					 
					
						2023-02-15 19:01:06 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3ec34b0df5 
					 
					
						
						
							
							fix: challenge test fails sometimes when calling scoreboard endpoint  
						
						
						
						
							
						
					 
					
						2023-02-15 19:01:06 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						eb4c8388f8 
					 
					
						
						
							
							Update Dockerfile  
						
						
						
						
							
						
					 
					
						2023-02-15 12:11:12 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ae081ce319 
					 
					
						
						
							
							Add fileserver location (test)  
						
						
						
						
							
						
					 
					
						2023-02-15 12:00:54 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bd398e4c09 
					 
					
						
						
							
							#1396  Fix templates path for views  
						
						
						
						
							
						
					 
					
						2023-02-15 11:58:49 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c9d1653d4f 
					 
					
						
						
							
							Bump docker/build-push-action from 3.2.0 to 4.0.0  
						
						... 
						
						
						
						Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.2.0 to 4.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v3.2.0...v4.0.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com > 
						
						
							
						
					 
					
						2023-02-10 21:39:35 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						77c91b8df8 
					 
					
						
						
							
							Bump actions/cache from 3.2.3 to 3.2.5  
						
						... 
						
						
						
						Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.3 to 3.2.5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.2.3...v3.2.5 )
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com > 
						
						
							
						
					 
					
						2023-02-10 21:38:56 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f9b810c5ee 
					 
					
						
						
							
							Fix formatting issue  
						
						
						
						
							
						
					 
					
						2023-01-14 18:29:24 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dc0fc09679 
					 
					
						
						
							
							Move to main and skip develop  
						
						... 
						
						
						
						Using main and develop imposes a complicated release process with Gitflow etc. To simplify our release process we move our development to the main branch skipping develop. 
						
						
							
						
					 
					
						2023-01-14 18:24:35 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a0173fd8f8 
					 
					
						
						
							
							Merge branch 'develop'  
						
						
						
						
							
						
					 
					
						2023-01-14 17:07:37 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						58e7e9d4ef 
					 
					
						
						
							
							Bump actions/cache from 3.2.2 to 3.2.3  
						
						... 
						
						
						
						Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.2.2...v3.2.3 )
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com > 
						
						
							
						
					 
					
						2023-01-11 20:59:09 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c7a41d1b17 
					 
					
						
						
							
							Merge branch 'release/v2023.3' into develop  
						
						
						
						
							
						
					 
					
						2023-01-05 21:59:37 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						edd9aa36c2 
					 
					
						
						
							
							Merge branch 'release/v2023.3'  
						
						
						
						
							
 
						
					 
					
						2023-01-05 21:59:29 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						27fe1850de 
					 
					
						
						
							
							Preparing new release  
						
						
						
						
							
						
					 
					
						2023-01-05 21:59:01 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5c2bbd1227 
					 
					
						
						
							
							Fix jar path while creating a release  
						
						
						
						
							
						
					 
					
						2023-01-05 21:57:08 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						683b629663 
					 
					
						
						
							
							Back to snapshot  
						
						
						
						
							
						
					 
					
						2023-01-05 21:52:40 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						04908a81e7 
					 
					
						
						
							
							Add change log URL  
						
						
						
						
							
						
					 
					
						2023-01-05 21:51:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						701de68ef2 
					 
					
						
						
							
							Merge branch 'release/v2023.2' into develop  
						
						
						
						
							
						
					 
					
						2023-01-05 21:37:28 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						81ed738493 
					 
					
						
						
							
							Merge branch 'release/v2023.2'  
						
						
						
						
							
 
						
					 
					
						2023-01-05 21:37:21 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c03d153978 
					 
					
						
						
							
							New release  
						
						
						
						
							
						
					 
					
						2023-01-05 21:36:48 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6ab04db2ee 
					 
					
						
						
							
							Merge branch 'release/v2023.1' into develop  
						
						
						
						
							
						
					 
					
						2023-01-05 21:06:36 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a108a937b5 
					 
					
						
						
							
							Merge branch 'release/v2023.1'  
						
						
						
						
							
 
						
					 
					
						2023-01-05 21:06:22 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6d5ea57606 
					 
					
						
						
							
							New release  
						
						
						
						
							
						
					 
					
						2023-01-05 21:02:26 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						79fd88eeb6 
					 
					
						
						
							
							Use Java 17  
						
						
						
						
							
						
					 
					
						2023-01-05 21:00:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						64b10c1a59 
					 
					
						
						
							
							Merge branch 'release/v2023.0' into develop  
						
						
						
						
							
						
					 
					
						2023-01-05 20:52:02 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6398d31c14 
					 
					
						
						
							
							Merge branch 'release/v2023.0'  
						
						
						
						
							
 
						
					 
					
						2023-01-05 20:51:53 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						716a7dd9ea 
					 
					
						
						
							
							Preparing release 2023.0  
						
						
						
						
							
						
					 
					
						2023-01-05 20:51:34 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						323daae578 
					 
					
						
						
							
							Vulnerable components only work in a Docker container  
						
						
						
						
							
						
					 
					
						2023-01-05 20:51:15 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bdbf66c8e1 
					 
					
						
						
							
							Merge branch 'release/v2023.1' into develop  
						
						
						
						
							
						
					 
					
						2023-01-05 20:38:54 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						174a59c35a 
					 
					
						
						
							
							Preparing release 2023.1  
						
						
						
						
							
						
					 
					
						2023-01-05 20:38:20 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a08e515f6d 
					 
					
						
						
							
							Merge branch 'release/v2023.0' into develop  
						
						
						
						
							
						
					 
					
						2023-01-05 20:35:02 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f766edcfcb 
					 
					
						
						
							
							Preparing release 2023.0  
						
						
						
						
							
						
					 
					
						2023-01-05 20:31:24 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3901814363 
					 
					
						
						
							
							Fix documentation link for XXE mitigation.  
						
						
						
						
							
						
					 
					
						2023-01-05 19:00:12 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						59bfd7c6d4 
					 
					
						
						
							
							Move XXE to A05 - Security Misconfiguration  
						
						
						
						
							
						
					 
					
						2023-01-05 19:00:12 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						11776e1d6a 
					 
					
						
						
							
							Remove explicit goal for code formatting  
						
						... 
						
						
						
						`mvn verify` already checks formatting, having a separate step is not necessary. We now also check Markdown files for correct formatting. 
						
						
							
						
					 
					
						2023-01-05 18:18:52 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7664625afa 
					 
					
						
						
							
							Add documentation about reusing the container.  
						
						... 
						
						
						
						The documentation now contains a description to reuse the initially create container. This way the user can start where they left off. The documentation only described creating a new container each and every time leaving users to create a new login each and every time.
Add documentation about reusing the container.
The documentation now contains a description to reuse the initially create container. This way the user can start where they left off. The documentation only described creating a new container each and every time leaving users to create a new login each and every time. 
						
						
							
						
					 
					
						2023-01-05 18:18:52 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dca415099f 
					 
					
						
						
							
							Remove unused JavaScript function  
						
						
						
						
							
						
					 
					
						2023-01-05 11:33:00 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						54e115aff0 
					 
					
						
						
							
							Update the solution with WebWolf URLs  
						
						... 
						
						
						
						The new solution uses WebWolf paths as these will change automatically when a user start WebGoat on a different port. It no longer depends on the hardcoded port `8080`. 
						
						
							
						
					 
					
						2023-01-05 11:02:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fcaa2d8589 
					 
					
						
						
							
							Fix zip slip lesson.  
						
						... 
						
						
						
						The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.
The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.
The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat. 
						
						
							
						
					 
					
						2023-01-05 11:02:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9666597164 
					 
					
						
						
							
							- Add reference to the WebWolf icon in the top right corner.  
						
						... 
						
						
						
						- Format all text of the lesson 
						
						
							
						
					 
					
						2023-01-04 08:07:51 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d2a1546dff 
					 
					
						
						
							
							Apply formatting  
						
						... 
						
						
						
						This will make sure we have a consistent style across our project and the PRs are only concerned with actual changes and no longer about style. 
						
						
							
						
					 
					
						2023-01-04 08:07:23 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b03777d39b 
					 
					
						
						
							
							Support boolean when parsing the token.  
						
						... 
						
						
						
						When the admin json element passes as a `boolean`:
```
{
 "admin": true
}
```
the parsing is now successful. 
						
						
							
						
					 
					
						2023-01-04 07:43:18 +01:00