Merge branch 'release/8.0.0'

Updating readme
Tagging latest Docker build with Travis as well
2017-12-30 16:50:39 +01:00 · 2017-12-30 16:25:10 +01:00 · 2017-12-30 14:13:34 +01:00 · 2017-12-29 22:20:52 +01:00 · 2017-12-29 22:12:21 +01:00 · 2017-12-28 00:27:25 +01:00
38 changed files with 740 additions and 335 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,245 @@
 # Change Log
 ## [7.1](https://github.com/WebGoat/WebGoat/tree/7.1) (2016-11-18)
 [Full Changelog](https://github.com/WebGoat/WebGoat/compare/7.0.1...7.1)
 **Implemented enhancements:**
 - i8n highlighting [\#96](https://github.com/WebGoat/WebGoat/issues/96)
 - Improve uniqueness of menu item Id's [\#45](https://github.com/WebGoat/WebGoat/issues/45)
 **Fixed bugs:**
 - Stored XSS Lesson does not render message and attack does not fire [\#141](https://github.com/WebGoat/WebGoat/issues/141)
 - Source code is not available for this lesson. [\#137](https://github.com/WebGoat/WebGoat/issues/137)
 **Closed issues:**
 - Fix lesson client side filtering [\#272](https://github.com/WebGoat/WebGoat/issues/272)
 - Reset lesson does not work anymore [\#271](https://github.com/WebGoat/WebGoat/issues/271)
 - Lesson plans not loading with manual build and easy-run jar \(standalone jar\) not running at all [\#268](https://github.com/WebGoat/WebGoat/issues/268)
 - Unable to download webgoat jar file [\#261](https://github.com/WebGoat/WebGoat/issues/261)
 - Developer edition build isn't working in its entirety [\#260](https://github.com/WebGoat/WebGoat/issues/260)
 - Amazon S3 downloadable JAR is missing [\#259](https://github.com/WebGoat/WebGoat/issues/259)
 - Code does not compile on dev branch [\#258](https://github.com/WebGoat/WebGoat/issues/258)
 - Executable jar crashes if empty .extract folder exist [\#251](https://github.com/WebGoat/WebGoat/issues/251)
 - Java Error Message in Lesson "How to Bypass a Path Based Access Control Scheme" [\#240](https://github.com/WebGoat/WebGoat/issues/240)
 - developer bootstrap says git is missing when it is installed [\#236](https://github.com/WebGoat/WebGoat/issues/236)
 - Application Won't Start [\#234](https://github.com/WebGoat/WebGoat/issues/234)
 - Restart lesson button isn't working [\#226](https://github.com/WebGoat/WebGoat/issues/226)
 - Navigation to start page is broken after login [\#218](https://github.com/WebGoat/WebGoat/issues/218)
 - Links in menu missing pointer cursor [\#216](https://github.com/WebGoat/WebGoat/issues/216)
 - Restart lesson button not working [\#213](https://github.com/WebGoat/WebGoat/issues/213)
 - WebGoat stops at  DEBUG - Exit: getEngine\(\) [\#211](https://github.com/WebGoat/WebGoat/issues/211)
 - Labs: Remnant files and solved stages [\#208](https://github.com/WebGoat/WebGoat/issues/208)
 - Labs: Navigating to Instructor java examples [\#206](https://github.com/WebGoat/WebGoat/issues/206)
 - WebGoat 7.0 and ZAP 2.4.3 will not proxy [\#204](https://github.com/WebGoat/WebGoat/issues/204)
 - Failing Build [\#201](https://github.com/WebGoat/WebGoat/issues/201)
 - Missing mvn package of webgoat-container in README.MD [\#200](https://github.com/WebGoat/WebGoat/issues/200)
 - Seems translation to Russian for "Congratulations. You have successfully completed this lesson."  phrase is broken. [\#199](https://github.com/WebGoat/WebGoat/issues/199)
 - HtmlEncoder uses static methods but must be instantiated [\#195](https://github.com/WebGoat/WebGoat/issues/195)
 - webgoat-container should unpack all the lessons [\#192](https://github.com/WebGoat/WebGoat/issues/192)
 - Access Control Flaws, LAB stage 3: Remove the FindProfile screen [\#186](https://github.com/WebGoat/WebGoat/issues/186)
 - Injection Flaws | XPath Injection date file path issue [\#184](https://github.com/WebGoat/WebGoat/issues/184)
 - hints don't appear to work on labs [\#183](https://github.com/WebGoat/WebGoat/issues/183)
 - Session Management Flaws - Spoof an Authentication Cookie render issue [\#181](https://github.com/WebGoat/WebGoat/issues/181)
 - Challenge - Show\* buttons show on initial lesson load [\#180](https://github.com/WebGoat/WebGoat/issues/180)
 - Http Basics - minor edits and change completion state [\#178](https://github.com/WebGoat/WebGoat/issues/178)
 - Lab Cross-Site Scripting Stage 1 solution [\#176](https://github.com/WebGoat/WebGoat/issues/176)
 - Backdoor lesson breaks menu CSS [\#175](https://github.com/WebGoat/WebGoat/issues/175)
 - Redirect localhost:8080 to localhost:8080/WebGoat [\#173](https://github.com/WebGoat/WebGoat/issues/173)
 - Session Fixation link in stage 2 does not work [\#170](https://github.com/WebGoat/WebGoat/issues/170)
 - A failure occurred when execute the command "sh webgoat\_developer\_bootstrap.sh" [\#145](https://github.com/WebGoat/WebGoat/issues/145)
 - Copy lessons into plugin\_lessons [\#254](https://github.com/WebGoat/WebGoat/issues/254)
 - WebGoat // Lesson Plan and Solution are note available [\#242](https://github.com/WebGoat/WebGoat/issues/242)
 - Lab: Client side filtering - broken path [\#232](https://github.com/WebGoat/WebGoat/issues/232)
 - AXIS class not found error in  Web Services / WSDL Scanning  [\#222](https://github.com/WebGoat/WebGoat/issues/222)
 - WSDL link in SOAP Request Lesson crashing with AXIS error [\#221](https://github.com/WebGoat/WebGoat/issues/221)
 - Labs: RBAC stage 1 and 3 not working [\#209](https://github.com/WebGoat/WebGoat/issues/209)
 - How to create a Legacy Lesson - instruction edit [\#177](https://github.com/WebGoat/WebGoat/issues/177)
 - Can't tell when WebGoat has actually started when using: webgoat\_developer\_bootstrap.sh [\#75](https://github.com/WebGoat/WebGoat/issues/75)
 **Merged pull requests:**
 - Add VMware fusion [\#264](https://github.com/WebGoat/WebGoat/pull/264) ([akiernan](https://github.com/akiernan))
 - Remove Exception from method signature [\#257](https://github.com/WebGoat/WebGoat/pull/257) ([RubieV](https://github.com/RubieV))
 - Code cleanup using @Test\(expected = Exception\) [\#256](https://github.com/WebGoat/WebGoat/pull/256) ([RubieV](https://github.com/RubieV))
 - Added OWASP Labs badge [\#252](https://github.com/WebGoat/WebGoat/pull/252) ([psiinon](https://github.com/psiinon))
 - updates from day 1 @AppSec EU [\#246](https://github.com/WebGoat/WebGoat/pull/246) ([misfir3](https://github.com/misfir3))
 - Update java required version as stated in webgoat/webgoat\#234 [\#243](https://github.com/WebGoat/WebGoat/pull/243) ([span](https://github.com/span))
 - Updates to Dev Bootstrap [\#239](https://github.com/WebGoat/WebGoat/pull/239) ([dilshanraja](https://github.com/dilshanraja))
 - Fix broken start/home link on logo [\#229](https://github.com/WebGoat/WebGoat/pull/229) ([span](https://github.com/span))
 - Developer controls [\#228](https://github.com/WebGoat/WebGoat/pull/228) ([span](https://github.com/span))
 - Admin should also be able to see the solution, source and lesson plan. [\#224](https://github.com/WebGoat/WebGoat/pull/224) ([nbaars](https://github.com/nbaars))
 - Fixed the classnames in the wsdd config file \(moved to different pack… [\#223](https://github.com/WebGoat/WebGoat/pull/223) ([nbaars](https://github.com/nbaars))
 - Feature/169 [\#220](https://github.com/WebGoat/WebGoat/pull/220) ([nbaars](https://github.com/nbaars))
 - Update README.MD [\#219](https://github.com/WebGoat/WebGoat/pull/219) ([muzir](https://github.com/muzir))
 - Fix \#213 by changing the id of the restart button to the correct id [\#214](https://github.com/WebGoat/WebGoat/pull/214) ([span](https://github.com/span))
 - Fixed \#184 [\#212](https://github.com/WebGoat/WebGoat/pull/212) ([nbaars](https://github.com/nbaars))
 - Fix shebang [\#210](https://github.com/WebGoat/WebGoat/pull/210) ([nxadm](https://github.com/nxadm))
 - Enable weak authentication cookie lesson  [\#207](https://github.com/WebGoat/WebGoat/pull/207) ([span](https://github.com/span))
 - -- Remove raw type usage, add type check parameter. [\#205](https://github.com/WebGoat/WebGoat/pull/205) ([muzir](https://github.com/muzir))
 - Update package references in readme [\#203](https://github.com/WebGoat/WebGoat/pull/203) ([span](https://github.com/span))
 - Develop [\#202](https://github.com/WebGoat/WebGoat/pull/202) ([misfir3](https://github.com/misfir3))
 - Fixes \#195 by adding static initialisation of the maps [\#197](https://github.com/WebGoat/WebGoat/pull/197) ([span](https://github.com/span))
 - Add stage parameter in the session to keep track of current stage  [\#196](https://github.com/WebGoat/WebGoat/pull/196) ([span](https://github.com/span))
 - webgoat-container should unpack all the lessons \#192 [\#193](https://github.com/WebGoat/WebGoat/pull/193) ([nbaars](https://github.com/nbaars))
 ## [7.0.1](https://github.com/WebGoat/WebGoat/tree/7.0.1) (2016-02-01)
 **Implemented enhancements:**
 - SEVERE: The web application \[/WebGoat\] appears to have started a thread named \[pool-7-thread-5\] but has failed to stop it. This is very likely to create a memory leak [\#124](https://github.com/WebGoat/WebGoat/issues/124)
 - Cannot serialize session attribute [\#123](https://github.com/WebGoat/WebGoat/issues/123)
 - Overview of which lessons maps to which WebGoat-Lessons project [\#107](https://github.com/WebGoat/WebGoat/issues/107)
 - Remove ace js directory [\#103](https://github.com/WebGoat/WebGoat/issues/103)
 - Move webgoat-container UP one directory [\#100](https://github.com/WebGoat/WebGoat/issues/100)
 - Insecure login lesson has inline CSS background image is not applied [\#87](https://github.com/WebGoat/WebGoat/issues/87)
 - Re-enable/update WebGoat Info link [\#26](https://github.com/WebGoat/WebGoat/issues/26)
 - User Info/Logout Links  [\#25](https://github.com/WebGoat/WebGoat/issues/25)
 - LessonInfo Service [\#23](https://github.com/WebGoat/WebGoat/issues/23)
 - Reload/Update Menu [\#22](https://github.com/WebGoat/WebGoat/issues/22)
 **Fixed bugs:**
 - Nightly build doesn't run [\#150](https://github.com/WebGoat/WebGoat/issues/150)
 - Forced browsing lesson does not show success [\#143](https://github.com/WebGoat/WebGoat/issues/143)
 - Failed to load resource: the server responded with a status of 404 \(Not Found\) [\#139](https://github.com/WebGoat/WebGoat/issues/139)
 - Firefox and Edge miss one lesson in Menu [\#49](https://github.com/WebGoat/WebGoat/issues/49)
 - Lesson Plan does not toggle on/off [\#46](https://github.com/WebGoat/WebGoat/issues/46)
 - Clicking on 'LAB: Role Based Access Control' produces 'Invalid Session' in UI [\#44](https://github.com/WebGoat/WebGoat/issues/44)
 - Lesson Loading Scrolls down page in Firefox [\#39](https://github.com/WebGoat/WebGoat/issues/39)
 - WebGoat lessons do not load [\#32](https://github.com/WebGoat/WebGoat/issues/32)
 - Properties are appended when loading plugins [\#29](https://github.com/WebGoat/WebGoat/issues/29)
 **Closed issues:**
 - Exceptions for all lessons in "LAB: DB SQL Injection" and "LAB: SQL Injection" [\#174](https://github.com/WebGoat/WebGoat/issues/174)
 - JSP Goathills lessons imports are not valid [\#171](https://github.com/WebGoat/WebGoat/issues/171)
 - update or remove http://webgoat.github.io/ [\#167](https://github.com/WebGoat/WebGoat/issues/167)
 - Provide over-rideable 'submitMethod' via AbstractLesson [\#165](https://github.com/WebGoat/WebGoat/issues/165)
 - Update HTTP Basics lesson [\#162](https://github.com/WebGoat/WebGoat/issues/162)
 - Command Injection Issue WebGoat 7 [\#156](https://github.com/WebGoat/WebGoat/issues/156)
 - XML Injection does not work [\#151](https://github.com/WebGoat/WebGoat/issues/151)
 - Plan is not available for this lesson. [\#138](https://github.com/WebGoat/WebGoat/issues/138)
 - Multi level login lesson works but is missing area around the form [\#135](https://github.com/WebGoat/WebGoat/issues/135)
 - SEVERE: The web application \[/WebGoat\] registered the JDBC driver \[org.h2.Driver\] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered [\#134](https://github.com/WebGoat/WebGoat/issues/134)
 - hints are not refreshed when switching lessons [\#133](https://github.com/WebGoat/WebGoat/issues/133)
 - Sauce labs fails when running oraclejdk8 [\#118](https://github.com/WebGoat/WebGoat/issues/118)
 - Logging in sometimes goes to report card and misses category-menu [\#114](https://github.com/WebGoat/WebGoat/issues/114)
 - Order of elements in deployment descriptor [\#112](https://github.com/WebGoat/WebGoat/issues/112)
 - The jar snapshot doesn't run [\#108](https://github.com/WebGoat/WebGoat/issues/108)
 - re-enable challenge handling in LessonInfoModel [\#97](https://github.com/WebGoat/WebGoat/issues/97)
 - Review and cleanup releases and builds [\#90](https://github.com/WebGoat/WebGoat/issues/90)
 - Review and cleanup Installation Docs [\#89](https://github.com/WebGoat/WebGoat/issues/89)
 - Ajax Security: LAB: Client Side Filtering [\#86](https://github.com/WebGoat/WebGoat/issues/86)
 - Close button on about dialog does not close the dialog [\#81](https://github.com/WebGoat/WebGoat/issues/81)
 - Lessons Intermittently showing up in WebGoat [\#76](https://github.com/WebGoat/WebGoat/issues/76)
 - Order of buttons switch after submit [\#73](https://github.com/WebGoat/WebGoat/issues/73)
 - After login, there is no default lesson [\#72](https://github.com/WebGoat/WebGoat/issues/72)
 - Intermittent Startup Error [\#71](https://github.com/WebGoat/WebGoat/issues/71)
 - Discover Clues in HTML lesson doesn't work [\#70](https://github.com/WebGoat/WebGoat/issues/70)
 - Eclipse import error for webgoat-container [\#66](https://github.com/WebGoat/WebGoat/issues/66)
 - Reflected XSS Attacks error message error [\#65](https://github.com/WebGoat/WebGoat/issues/65)
 - Labs with Stages all throw exceptions [\#64](https://github.com/WebGoat/WebGoat/issues/64)
 - Spelling errors in: webgoat\_developer\_bootstrap.sh [\#63](https://github.com/WebGoat/WebGoat/issues/63)
 - CSRF token by-pass lesson shows stacktrace [\#60](https://github.com/WebGoat/WebGoat/issues/60)
 - Http Basics lessons fails to load [\#53](https://github.com/WebGoat/WebGoat/issues/53)
 - Null Pointer Exception on every page [\#47](https://github.com/WebGoat/WebGoat/issues/47)
 - Create support in client-side routing for 'stages' [\#42](https://github.com/WebGoat/WebGoat/issues/42)
 - Implement Loading Spinner on Menu [\#41](https://github.com/WebGoat/WebGoat/issues/41)
 - Lab - DOM-based cross-site scripting: Java Source produces XSS alert [\#38](https://github.com/WebGoat/WebGoat/issues/38)
 - DOM Injection Lesson - Java Source does not work  [\#37](https://github.com/WebGoat/WebGoat/issues/37)
 - Lesson Interdependency [\#33](https://github.com/WebGoat/WebGoat/issues/33)
 - Hide menu functionality [\#28](https://github.com/WebGoat/WebGoat/issues/28)
 - Consume LessonInfo Service to display title [\#24](https://github.com/WebGoat/WebGoat/issues/24)
 - how to up webgoat to netbeans on mac os x. [\#14](https://github.com/WebGoat/WebGoat/issues/14)
 **Merged pull requests:**
 - Disable cross-site scripting lab [\#191](https://github.com/WebGoat/WebGoat/pull/191) ([span](https://github.com/span))
 - Adding OSSRH Repository on Parent Pom [\#190](https://github.com/WebGoat/WebGoat/pull/190) ([dougmorato](https://github.com/dougmorato))
 - Setting GPG keyname as WebGoat in Parent Pom [\#189](https://github.com/WebGoat/WebGoat/pull/189) ([dougmorato](https://github.com/dougmorato))
 - Fixining all the javadoc issues preventing the release [\#188](https://github.com/WebGoat/WebGoat/pull/188) ([dougmorato](https://github.com/dougmorato))
 - Improving WebGoat Developer Bootstrap Script [\#187](https://github.com/WebGoat/WebGoat/pull/187) ([dougmorato](https://github.com/dougmorato))
 - issue \#147 disabling broken lessons [\#185](https://github.com/WebGoat/WebGoat/pull/185) ([mayhew64](https://github.com/mayhew64))
 - \#167 removing refrences to github.io in code [\#172](https://github.com/WebGoat/WebGoat/pull/172) ([misfir3](https://github.com/misfir3))
 - \#165 support for custom submitMethod [\#166](https://github.com/WebGoat/WebGoat/pull/166) ([misfir3](https://github.com/misfir3))
 - Remove Coverity Badge from README [\#164](https://github.com/WebGoat/WebGoat/pull/164) ([dougmorato](https://github.com/dougmorato))
 - Forced browsing [\#163](https://github.com/WebGoat/WebGoat/pull/163) ([nbaars](https://github.com/nbaars))
 - Moving lesson utilities to common project instead of AbstractLesson [\#155](https://github.com/WebGoat/WebGoat/pull/155) ([nbaars](https://github.com/nbaars))
 - \#133 hiding hint on change of lesson/loesson load [\#153](https://github.com/WebGoat/WebGoat/pull/153) ([misfir3](https://github.com/misfir3))
 - changed back to compile phase, package phase breaks the war-exec.jar … [\#152](https://github.com/WebGoat/WebGoat/pull/152) ([mayhew64](https://github.com/mayhew64))
 - Fixes typo in README [\#149](https://github.com/WebGoat/WebGoat/pull/149) ([aravindc26](https://github.com/aravindc26))
 - \#66 Fixing jar plugin lifecycle issue [\#148](https://github.com/WebGoat/WebGoat/pull/148) ([slavP](https://github.com/slavP))
 - Tidy up CSRF lessons. [\#147](https://github.com/WebGoat/WebGoat/pull/147) ([ilatypov](https://github.com/ilatypov))
 - Updated pom versions and cache .m2 on travis to speed build time [\#140](https://github.com/WebGoat/WebGoat/pull/140) ([dougmorato](https://github.com/dougmorato))
 - Update dependency version, build number and unregister DB driver [\#136](https://github.com/WebGoat/WebGoat/pull/136) ([dougmorato](https://github.com/dougmorato))
 -  SEVERE: The web application \[/WebGoat\] appears to have started a thr… [\#132](https://github.com/WebGoat/WebGoat/pull/132) ([nbaars](https://github.com/nbaars))
 - Do not clean before mvn cobertura and coveralls [\#131](https://github.com/WebGoat/WebGoat/pull/131) ([dougmorato](https://github.com/dougmorato))
 - Cannot serialize session attribute \#123 [\#130](https://github.com/WebGoat/WebGoat/pull/130) ([nbaars](https://github.com/nbaars))
 - Maven-tomcat plugin fix and correct typo on JS file [\#129](https://github.com/WebGoat/WebGoat/pull/129) ([dougmorato](https://github.com/dougmorato))
 - items ommited from menu spinner and some more clean up [\#127](https://github.com/WebGoat/WebGoat/pull/127) ([misfir3](https://github.com/misfir3))
 - Coveralls should be on Parent Pom [\#126](https://github.com/WebGoat/WebGoat/pull/126) ([dougmorato](https://github.com/dougmorato))
 - Adding badges for Coverity, Coveralls and Codacy [\#125](https://github.com/WebGoat/WebGoat/pull/125) ([dougmorato](https://github.com/dougmorato))
 - Test enable Coverity SAST [\#122](https://github.com/WebGoat/WebGoat/pull/122) ([dougmorato](https://github.com/dougmorato))
 - Improved README instructions for Easy Run [\#121](https://github.com/WebGoat/WebGoat/pull/121) ([dougmorato](https://github.com/dougmorato))
 - Copy whole target folder, not just individual file [\#120](https://github.com/WebGoat/WebGoat/pull/120) ([dougmorato](https://github.com/dougmorato))
 - Code cleanup and menu spinner [\#119](https://github.com/WebGoat/WebGoat/pull/119) ([misfir3](https://github.com/misfir3))
 -  Logging in sometimes goes to report card and misses category-menu \#114 [\#117](https://github.com/WebGoat/WebGoat/pull/117) ([nbaars](https://github.com/nbaars))
 - Copy output and target info upload to S3 folder [\#116](https://github.com/WebGoat/WebGoat/pull/116) ([dougmorato](https://github.com/dougmorato))
 - Fix \#81 to activate close button in the modal footer [\#115](https://github.com/WebGoat/WebGoat/pull/115) ([span](https://github.com/span))
 - Fix \#112 deployment descriptor elements in wrong order  [\#113](https://github.com/WebGoat/WebGoat/pull/113) ([span](https://github.com/span))
 - \#103: removing ace directory, not in use [\#111](https://github.com/WebGoat/WebGoat/pull/111) ([misfir3](https://github.com/misfir3))
 -  The jar snapshot doesn't run \#108 \(2\) [\#110](https://github.com/WebGoat/WebGoat/pull/110) ([nbaars](https://github.com/nbaars))
 -  The jar snapshot doesn't run \#108 [\#109](https://github.com/WebGoat/WebGoat/pull/109) ([nbaars](https://github.com/nbaars))
 - Removed credits from lessons [\#106](https://github.com/WebGoat/WebGoat/pull/106) ([nbaars](https://github.com/nbaars))
 - Fixed classloading issues with Goathills lessons [\#105](https://github.com/WebGoat/WebGoat/pull/105) ([nbaars](https://github.com/nbaars))
 -  i8n highlighting \#96  [\#102](https://github.com/WebGoat/WebGoat/pull/102) ([nbaars](https://github.com/nbaars))
 - \#97, updating controls for hints, source, solution and plans on lessons [\#101](https://github.com/WebGoat/WebGoat/pull/101) ([misfir3](https://github.com/misfir3))
 -  Button to force plugin reloading \#93  [\#99](https://github.com/WebGoat/WebGoat/pull/99) ([nbaars](https://github.com/nbaars))
 - \#97, Hint controls for CHALLENGE Category lessons [\#98](https://github.com/WebGoat/WebGoat/pull/98) ([misfir3](https://github.com/misfir3))
 - \#23, \#24 - LessonInfo Service now used for TitleView and HelpControsView [\#94](https://github.com/WebGoat/WebGoat/pull/94) ([misfir3](https://github.com/misfir3))
 - Properties are appended when loading plugins \(\#29\) [\#88](https://github.com/WebGoat/WebGoat/pull/88) ([nbaars](https://github.com/nbaars))
 - Added a lesson restart for lesson specific restart actions [\#85](https://github.com/WebGoat/WebGoat/pull/85) ([mayhew64](https://github.com/mayhew64))
 - Fixing inconsistent merge issues implementing nbaars fixes [\#83](https://github.com/WebGoat/WebGoat/pull/83) ([dougmorato](https://github.com/dougmorato))
 - Updated contributors and sponsors [\#82](https://github.com/WebGoat/WebGoat/pull/82) ([mayhew64](https://github.com/mayhew64))
 - \#72, defaulting to firstLesson on initial redirect [\#80](https://github.com/WebGoat/WebGoat/pull/80) ([misfir3](https://github.com/misfir3))
 -  Intermittent Startup Error \#71  [\#79](https://github.com/WebGoat/WebGoat/pull/79) ([nbaars](https://github.com/nbaars))
 - Adding Coverity Static Code Analysis Scan integration [\#78](https://github.com/WebGoat/WebGoat/pull/78) ([dougmorato](https://github.com/dougmorato))
 - Pom refactoring, javadocs compliance and Integration improvements [\#77](https://github.com/WebGoat/WebGoat/pull/77) ([dougmorato](https://github.com/dougmorato))
 - Property files are now detected while extracting the plugin [\#74](https://github.com/WebGoat/WebGoat/pull/74) ([nbaars](https://github.com/nbaars))
 - Recent UI Fixes [\#61](https://github.com/WebGoat/WebGoat/pull/61) ([misfir3](https://github.com/misfir3))
 - Lab - DOM-based cross-site scripting: Java Source produces XSS alert \#38 [\#59](https://github.com/WebGoat/WebGoat/pull/59) ([nbaars](https://github.com/nbaars))
 - Update README.MD [\#57](https://github.com/WebGoat/WebGoat/pull/57) ([mayhew64](https://github.com/mayhew64))
 - Do NOT run Integration tests on pull requests [\#56](https://github.com/WebGoat/WebGoat/pull/56) ([dougmorato](https://github.com/dougmorato))
 - Increase performance while extracting the plugins [\#55](https://github.com/WebGoat/WebGoat/pull/55) ([nbaars](https://github.com/nbaars))
 -  Http Basics lessons fails to load \#53 [\#54](https://github.com/WebGoat/WebGoat/pull/54) ([nbaars](https://github.com/nbaars))
 - Adding headless Integration Tests with Sauce Labs [\#50](https://github.com/WebGoat/WebGoat/pull/50) ([dougmorato](https://github.com/dougmorato))
 -  Null Pointer Exception on every page \#47 [\#48](https://github.com/WebGoat/WebGoat/pull/48) ([nbaars](https://github.com/nbaars))
 - menu and routing work [\#43](https://github.com/WebGoat/WebGoat/pull/43) ([misfir3](https://github.com/misfir3))
 - Fixes for issue \#32 - lessons/menu not loading [\#40](https://github.com/WebGoat/WebGoat/pull/40) ([misfir3](https://github.com/misfir3))
 - Fixed not serializable error when stopping/starting Tomcat [\#36](https://github.com/WebGoat/WebGoat/pull/36) ([nbaars](https://github.com/nbaars))
 - Improved README, fixed copy lessons instructions, added developer bootstrap [\#35](https://github.com/WebGoat/WebGoat/pull/35) ([dougmorato](https://github.com/dougmorato))
 - Improved Travis Build and Instructions on Readme [\#31](https://github.com/WebGoat/WebGoat/pull/31) ([dougmorato](https://github.com/dougmorato))
 - recent modifications from my branch [\#30](https://github.com/WebGoat/WebGoat/pull/30) ([misfir3](https://github.com/misfir3))
 - initial cut of paramView re-enabled [\#21](https://github.com/WebGoat/WebGoat/pull/21) ([misfir3](https://github.com/misfir3))
 - Removing doc directory which contained 6 year old stale files [\#18](https://github.com/WebGoat/WebGoat/pull/18) ([dougmorato](https://github.com/dougmorato))
 - First pull request, minor fix [\#17](https://github.com/WebGoat/WebGoat/pull/17) ([silicakes](https://github.com/silicakes))
 - cookie view re-enabled [\#16](https://github.com/WebGoat/WebGoat/pull/16) ([misfir3](https://github.com/misfir3))
 - Incremental UI changes [\#15](https://github.com/WebGoat/WebGoat/pull/15) ([misfir3](https://github.com/misfir3))
 - Merged changes from WebGoat-Legacy to WebGoat [\#13](https://github.com/WebGoat/WebGoat/pull/13) ([nbaars](https://github.com/nbaars))
 - Merge pull request \#48 from michaeldever/master  [\#11](https://github.com/WebGoat/WebGoat/pull/11) ([nbaars](https://github.com/nbaars))
 - restoring READMe.txt [\#10](https://github.com/WebGoat/WebGoat/pull/10) ([misfir3](https://github.com/misfir3))
 - Initial cut-over of backbone port [\#9](https://github.com/WebGoat/WebGoat/pull/9) ([misfir3](https://github.com/misfir3))
 - Added a method so we can fetch the absolute path of a lesson [\#8](https://github.com/WebGoat/WebGoat/pull/8) ([nbaars](https://github.com/nbaars))
 - Fixed rewriting paths in the jsp/js and css resources [\#7](https://github.com/WebGoat/WebGoat/pull/7) ([nbaars](https://github.com/nbaars))
 - Classloader introduced [\#6](https://github.com/WebGoat/WebGoat/pull/6) ([nbaars](https://github.com/nbaars))
 - Instructions for manual deployment [\#5](https://github.com/WebGoat/WebGoat/pull/5) ([iammyr](https://github.com/iammyr))
 - Renamed the jar file [\#4](https://github.com/WebGoat/WebGoat/pull/4) ([nbaars](https://github.com/nbaars))
 - Fixed classloading issues when a lesson contains an inner class. The plu... [\#3](https://github.com/WebGoat/WebGoat/pull/3) ([nbaars](https://github.com/nbaars))
 - Generate separate jar file to use in the lessons project [\#2](https://github.com/WebGoat/WebGoat/pull/2) ([nbaars](https://github.com/nbaars))
 - Bug fix: lesson solution not showing  [\#1](https://github.com/WebGoat/WebGoat/pull/1) ([nbaars](https://github.com/nbaars))
 \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
--- a/README.MD
+++ b/README.MD
@ -1,4 +1,4 @@
-# WebGoat: A deliberately insecure Web Application
+# WebGoat 8: A deliberately insecure Web Application
 [![Build Status](https://travis-ci.org/WebGoat/WebGoat.svg?branch=develop)](https://travis-ci.org/WebGoat/WebGoat)
 [![Coverage Status](https://coveralls.io/repos/WebGoat/WebGoat/badge.svg?branch=develop&service=github)](https://coveralls.io/github/WebGoat/WebGoat?branch=master)
@ -6,10 +6,6 @@
 [![Dependency Status](https://www.versioneye.com/user/projects/562da95ae346d7000e0369aa/badge.svg?style=flat)](https://www.versioneye.com/user/projects/562da95ae346d7000e0369aa)
 [![OWASP Labs](https://img.shields.io/badge/owasp-labs-orange.svg)](https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Labs_Projects)
 # Important
 This is the development version of WebGoat 8, if you are looking for a released stable version please go to: https://github.com/WebGoat/WebGoat/wiki/Running-WebGoat
 # Introduction
@ -68,6 +64,20 @@ Download the latest WebWolf release from [https://github.com/WebGoat/WebGoat/rel
 java -jar webgoat-server-<<version>>.jar
 ```
 By default WebGoat starts at port 8080 in order to change this use the following property:
 ```Shell
 java -jar webgoat-server-<<version>>.jar --server.port=9090
 ```
 You can specify one of the following arguments when starting WebGoat:
 ```Shell
 java -jar webgoat-server-<<version>>.jar --server.port=9090 --server.address=x.x.x.x
 ```
 This will start WebGoat on a different port and/or different address.
 ## 3. Run from the sources
@ -88,20 +98,22 @@ Now let's start by compiling the project.
 ```Shell
 cd WebGoat
-git checkout develop
+git checkout <<branch_name>>
 mvn clean install
 ```
 Now we are ready to run the project. WebGoat 8.x is using Spring-Boot.
 ```Shell
-mvn -pl webwolf spring-boot:run
+mvn -pl webgoat-server spring-boot:run
 ```
 ... you should be running webgoat on localhost:8080/WebGoat momentarily
 To change IP addresss add the following variable to WebGoat/webgoat-container/src/main/resources/application.properties file
-```server.address=x.x.x.x
+To change IP address add the following variable to WebGoat/webgoat-container/src/main/resources/application.properties file
 ```
 server.address=x.x.x.x
 ```
 # Vagrant
@ -119,6 +131,8 @@ The source code will be available in the home directory.
 # Building a new Docker image
 NOTE: Travis will create a new Docker image automatically when making a new release.
 WebGoat now has Docker support for x86 and ARM (raspberry pi).
 ### Docker on x86
 On x86 you can build a container with the following commands:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,25 +1,11 @@
 version: '2.0'
 services:
  mongo:
    image: mongo:latest
    expose:
      - "27017"
    volumes:
      - './mongo-data:/data/db'
  webgoat:
    build: webgoat-server/
    command: "sh /home/webgoat/start.sh"
    ports:
      - "8080:8080"
    depends_on:
      [mongo, activemq]
    environment:
      WG_MONGO_PORT: 27017
      WG_MONGO_HOST: mongo
      WG_MQ_HOST: activemq
      WG_MQ_PORT: 61616
      WG_INTERNAL_MONGO: "false"
  webwolf:
    build: webwolf/
    command: "sh /home/webwolf/start.sh"
@ -27,8 +13,3 @@ services:
      - webgoat
    ports:
      - "8081:8081"
    environment:
      WG_MONGO_PORT: 27017
      WG_MONGO_HOST: mongo
      WG_MQ_HOST: activemq
      WG_MQ_PORT: 61616
--- a/scripts/deploy-webgoat.sh
+++ b/scripts/deploy-webgoat.sh
@ -12,7 +12,7 @@ if [ "${BRANCH}" == "master" ] && [ ! -z "${TRAVIS_TAG}" ]; then
  docker push $REPO
 elif [ ! -z "${TRAVIS_TAG}" ]; then
  # Creating a tag build we push it to Docker with that tag
-  docker build --build-arg webgoat_version=${TRAVIS_TAG:1} -f Dockerfile -t $REPO:${TRAVIS_TAG} .
+  docker build --build-arg webgoat_version=${TRAVIS_TAG:1} -f Dockerfile -t $REPO:${TRAVIS_TAG} -t $REPO:latest .
  docker push $REPO
 elif [ "${BRANCH}" == "develop" ]; then
  docker build -f Dockerfile -t $REPO:snapshot .
--- a/webgoat-container/pom.xml
+++ b/webgoat-container/pom.xml
@ -36,16 +36,6 @@
    </profiles>
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>de.flapdoodle.embed</groupId>
                <artifactId>de.flapdoodle.embed.mongo</artifactId>
                <version>2.0.0</version>
            </dependency>
        </dependencies>
    </dependencyManagement>
    <build>
        <resources>
            <resource>
@ -127,7 +117,7 @@
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-mongodb</artifactId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.apache.commons</groupId>
@ -202,12 +192,6 @@
            <version>${junit.version}</version>
            <type>jar</type>
        </dependency>
        <dependency>
            <groupId>com.github.fakemongo</groupId>
            <artifactId>fongo</artifactId>
            <version>2.1.0</version>
            <scope>test</scope>
        </dependency>
        <!-- ************* END: Dependencies for Unit and Integration Testing ************** -->
        <!-- ************* END: <dependencies> ************** -->
    </dependencies>
--- a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
@ -42,6 +42,7 @@ import org.thymeleaf.templateresolver.TemplateResolver;
 import java.io.*;
 import java.util.Map;
 import static org.apache.commons.lang3.CharEncoding.UTF_8;
 import static org.asciidoctor.Asciidoctor.Factory.create;
 /**
@ -82,7 +83,7 @@ public class AsciiDoctorTemplateResolver extends TemplateResolver {
                } else {
                    StringWriter writer = new StringWriter();
                    asciidoctor.convert(new InputStreamReader(is), writer, createAttributes());
-                    return new ByteArrayInputStream(writer.getBuffer().toString().getBytes());
+                    return new ByteArrayInputStream(writer.getBuffer().toString().getBytes(UTF_8));
                }
            } catch (IOException e) {
                //no html yet
--- a/webgoat-container/src/main/java/org/owasp/webgoat/CleanupLocalProgressFiles.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/CleanupLocalProgressFiles.java
@ -23,11 +23,5 @@ public class CleanupLocalProgressFiles {
    @PostConstruct
    public void clean() {
        File dir = new File(webgoatHome);
        //do it safe, check whether the subdir mongodb is available as subdirectory
        File[] mongoDir = dir.listFiles(f -> f.isDirectory() && f.getName().contains("mongodb"));
        if (mongoDir != null && mongoDir.length == 1) {
            FileSystemUtils.deleteRecursively(dir);
        }
    }
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java
@ -2,6 +2,10 @@ package org.owasp.webgoat.lessons;
 import lombok.*;
 import javax.persistence.Entity;
 import javax.persistence.Id;
 import javax.persistence.OneToMany;
 import javax.persistence.Transient;
 import java.util.List;
 /**
@ -38,11 +42,14 @@ import java.util.List;
@NoArgsConstructor
@Getter
@EqualsAndHashCode
@Entity
 public class Assignment {
    @NonNull
    @Id
    private String name;
    @NonNull
    private String path;
    @Transient
    private List<String> hints;
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java
@ -7,6 +7,7 @@ import lombok.Getter;
 import org.owasp.webgoat.lessons.AbstractLesson;
 import org.owasp.webgoat.lessons.Assignment;
 import javax.persistence.*;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@ -44,16 +45,20 @@ import java.util.stream.Collectors;
 * @version $Id: $Id
 * @since October 29, 2003
 */
@Entity
 public class LessonTracker {
    @Getter
    @Id
    private String lessonName;
    @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
    private final Set<Assignment> solvedAssignments = Sets.newHashSet();
    @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
    private final List<Assignment> allAssignments = Lists.newArrayList();
    @Getter
    private int numberOfAttempts = 0;
-    protected LessonTracker() {
+    private LessonTracker() {
-        //Mongo
+        //JPA
    }
    public LessonTracker(AbstractLesson lesson) {
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java
@ -1,6 +1,6 @@
 package org.owasp.webgoat.users;
-import org.springframework.data.mongodb.repository.MongoRepository;
+import org.springframework.data.jpa.repository.JpaRepository;
 import java.util.List;
@ -8,7 +8,7 @@ import java.util.List;
 * @author nbaars
 * @since 3/19/17.
 */
-public interface UserRepository extends MongoRepository<WebGoatUser, String> {
+public interface UserRepository extends JpaRepository<WebGoatUser, String> {
    WebGoatUser findByUsername(String username);
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java
@ -5,8 +5,8 @@ import com.google.common.collect.Lists;
 import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.lessons.AbstractLesson;
 import org.owasp.webgoat.lessons.Assignment;
 import org.springframework.data.annotation.Id;
 import javax.persistence.*;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@ -44,12 +44,16 @@ import java.util.stream.Collectors;
 * @since October 29, 2003
 */
@Slf4j
@Entity
 public class UserTracker {
    @Id
-    private final String user;
+    private String user;
    @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
    private List<LessonTracker> lessonTrackers = Lists.newArrayList();
    private UserTracker() {}
    public UserTracker(final String user) {
        this.user = user;
    }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java
@ -1,12 +1,12 @@
 package org.owasp.webgoat.users;
-import org.springframework.data.mongodb.repository.MongoRepository;
+import org.springframework.data.jpa.repository.JpaRepository;
 /**
 * @author nbaars
 * @since 4/30/17.
 */
-public interface UserTrackerRepository extends MongoRepository<UserTracker, String> {
+public interface UserTrackerRepository extends JpaRepository<UserTracker, String> {
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java
@ -1,13 +1,14 @@
 package org.owasp.webgoat.users;
 import lombok.Getter;
 import org.springframework.data.annotation.Id;
 import org.springframework.data.annotation.Transient;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import javax.persistence.Entity;
 import javax.persistence.Id;
 import javax.persistence.Transient;
 import java.util.Collection;
 import java.util.Collections;
@ -16,6 +17,7 @@ import java.util.Collections;
 * @since 3/19/17.
 */
@Getter
@Entity
 public class WebGoatUser implements UserDetails {
    public static final String ROLE_USER = "WEBGOAT_USER";
--- a/webgoat-container/src/main/resources/application.properties
+++ b/webgoat-container/src/main/resources/application.properties
@ -4,6 +4,9 @@ server.session.timeout=600
 server.contextPath=/WebGoat
 server.port=8080
 spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/data/webgoat
 spring.jpa.hibernate.ddl-auto=update
 logging.level.org.springframework=WARN
 logging.level.org.springframework.boot.devtools=WARN
@ -28,7 +31,6 @@ webgoat.feedback.address.html=<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org
 webgoat.database.driver=org.hsqldb.jdbcDriver
 webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
 webgoat.default.language=en
 webgoat.embedded.mongo=${WG_INTERNAL_MONGO:true}
 webwolf.host=${WEBWOLF_HOST:localhost}
 webwolf.port=${WEBWOLF_PORT:8081}
@ -39,10 +41,5 @@ webwolf.url.mail=http://${webwolf.host}:${webwolf.port}/mail
 spring.jackson.serialization.indent_output=true
 spring.jackson.serialization.write-dates-as-timestamps=false
 spring.data.mongodb.host=${WG_MONGO_HOST:localhost}
 spring.data.mongodb.port=${WG_MONGO_PORT:27017}
 spring.data.mongodb.database=webgoat
 spring.mongodb.embedded.storage.databaseDir=${webgoat.user.directory}/mongodb/
 #For static file refresh ... and faster dev :D
 spring.devtools.restart.additional-paths=webgoat-container/src/main/resources/static/js,webgoat-container/src/main/resources/static/css
--- a/webgoat-container/src/test/java/org/owasp/webgoat/plugins/TestConfig.java
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/plugins/TestConfig.java
@ -1,23 +0,0 @@
 package org.owasp.webgoat.plugins;
 import com.github.fakemongo.Fongo;
 import com.mongodb.MongoClient;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.mongodb.config.AbstractMongoConfiguration;
 /**
 * Using Fongo for embedded in memory MongoDB testing
 */
@Configuration
 public class TestConfig extends AbstractMongoConfiguration {
    @Override
    protected String getDatabaseName() {
        return "test";
    }
    @Override
    public MongoClient mongo() throws Exception {
        return new Fongo(getDatabaseName()).getMongo();
    }
 }
--- a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserRepositoryTest.java
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserRepositoryTest.java
@ -0,0 +1,29 @@
 package org.owasp.webgoat.users;
 import org.assertj.core.api.Assertions;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
 import org.springframework.test.context.junit4.SpringRunner;
@DataJpaTest
@RunWith(SpringRunner.class)
 public class UserRepositoryTest {
    @Autowired
    private UserRepository userRepository;
    @Test
    public void userShouldBeSaved() {
        WebGoatUser user = new WebGoatUser("test", "password");
        userRepository.saveAndFlush(user);
        user = userRepository.findByUsername("test");
        Assertions.assertThat(user.getUsername()).isEqualTo("test");
        Assertions.assertThat(user.getPassword()).isEqualTo("password");
    }
 }
--- a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java
@ -0,0 +1,101 @@
 package org.owasp.webgoat.users;
 import org.assertj.core.api.Assertions;
 import org.assertj.core.util.Lists;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.owasp.webgoat.lessons.Assignment;
 import org.owasp.webgoat.lessons.Category;
 import org.owasp.webgoat.lessons.NewLesson;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
 import org.springframework.test.context.junit4.SpringRunner;
 import java.util.List;
@DataJpaTest
@RunWith(SpringRunner.class)
 public class UserTrackerRepositoryTest {
    private class TestLesson extends NewLesson {
        @Override
        public Category getDefaultCategory() {
            return Category.AJAX_SECURITY;
        }
        @Override
        public List<String> getHints() {
            return Lists.newArrayList();
        }
        @Override
        public Integer getDefaultRanking() {
            return 12;
        }
        @Override
        public String getTitle() {
            return "test";
        }
        @Override
        public String getId() {
            return "test";
        }
        @Override
        public List<Assignment> getAssignments() {
            Assignment assignment = new Assignment("test", "test", Lists.newArrayList());
            return Lists.newArrayList(assignment);
        }
    }
    @Autowired
    private UserTrackerRepository userTrackerRepository;
    @Test
    public void saveUserTracker() {
        UserTracker userTracker = new UserTracker("test");
        LessonTracker lessonTracker = userTracker.getLessonTracker(new TestLesson());
        userTrackerRepository.save(userTracker);
        userTracker = userTrackerRepository.findOne("test");
        Assertions.assertThat(userTracker.getLessonTracker("test")).isNotNull();
    }
    @Test
    public void solvedAssignmentsShouldBeSaved() {
        UserTracker userTracker = new UserTracker("test");
        TestLesson lesson = new TestLesson();
        userTracker.getLessonTracker(lesson);
        userTracker.assignmentFailed(lesson);
        userTracker.assignmentFailed(lesson);
        userTracker.assignmentSolved(lesson, "test");
        userTrackerRepository.saveAndFlush(userTracker);
        userTracker = userTrackerRepository.findOne("test");
        Assertions.assertThat(userTracker.numberOfAssignmentsSolved()).isEqualTo(1);
    }
    @Test
    public void saveAndLoadShouldHaveCorrectNumberOfAttemtps() {
        UserTracker userTracker = new UserTracker("test");
        TestLesson lesson = new TestLesson();
        userTracker.getLessonTracker(lesson);
        userTracker.assignmentFailed(lesson);
        userTracker.assignmentFailed(lesson);
        userTrackerRepository.saveAndFlush(userTracker);
        userTracker = userTrackerRepository.findOne("test");
        userTracker.assignmentFailed(lesson);
        userTracker.assignmentFailed(lesson);
        userTrackerRepository.saveAndFlush(userTracker);
        Assertions.assertThat(userTracker.getLessonTracker(lesson).getNumberOfAttempts()).isEqualTo(4);
    }
 }
--- a/webgoat-container/src/test/resources/application-test.properties
+++ b/webgoat-container/src/test/resources/application-test.properties
@ -1 +1,4 @@
 webgoat.user.directory=${java.io.tmpdir}
 spring.datasource.url=jdbc:hsqldb:mem:test
 spring.jpa.hibernate.ddl-auto=create-drop
--- a/webgoat-images/vagrant-training/Vagrantfile
+++ b/webgoat-images/vagrant-training/Vagrantfile
@ -0,0 +1,35 @@
 # Setup a Linux box headless which will start WebGoat and WebWolf helpful image to give away during training
 Vagrant.configure(2) do |config|
  config.vm.box = "ubuntu/trusty64"
  config.vm.network :forwarded_port, guest: 8080, host: 8080
  config.vm.network :forwarded_port, guest: 8081, host: 8081
  config.vm.provider "virtualbox" do |vb|
  	vb.gui = false
  	vb.memory = "4096"
  	vb.cpus = 2
  	vb.name = "WebGoat-Training"
 	vb.customize ["modifyvm", :id, "--nictype1", "virtio"]
  end
  config.vm.provider "vmware_fusion" do |vf|
    vf.gui = false
    vf.vmx["memsize"] = 4096
    vf.vmx["numvcpus"] = 2
    vf.vmx["displayname"] = "WebGoat-Training"
  end
  config.vm.provision "shell", inline: <<-SHELL
    wget https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M5/webgoat-server-8.0.0.M6.jar
    wget https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M5/webwolf-8.0.0.M6.jar
    sudo add-apt-repository ppa:openjdk-r/ppa
    sudo apt-get update
    sudo apt-get install openjdk-8-jre -y
    SHELL
  config.vm.provision "shell", run: "always", privileged: false, inline: <<-SHELL
    java -jar webgoat-server-8.0.0.M6.jar &
    sleep 40s
    java -jar webwolf-8.0.0.M6.jar
    SHELL
 end
--- a/webgoat-lessons/pom.xml
+++ b/webgoat-lessons/pom.xml
@ -43,34 +43,13 @@
            <version>${project.version}</version>
            <scope>provided</scope>
            <type>jar</type>
            <!-- Exclude Mongo embedded so testcases do not start it automatically, seems to be
                 the easiest way to stop the autoconfiguration of Spring Boot -->
            <exclusions>
                <exclusion>
                    <groupId>de.flapdoodle.embed</groupId>
                    <artifactId>de.flapdoodle.embed.mongo</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <!--<dependency>-->
        <!--<groupId>org.apache.commons</groupId>-->
        <!--<artifactId>commons-exec</artifactId>-->
        <!--<version>1.3</version>-->
        <!--</dependency>-->
        <dependency>
            <groupId>org.owasp.webgoat</groupId>
            <artifactId>webgoat-container</artifactId>
            <version>${project.version}</version>
            <classifier>tests</classifier>
            <scope>test</scope>
            <!-- Exclude Mongo embedded so testcases do not start it automatically, seems to be
                 the easiest way to stop the autoconfiguration of Spring Boot -->
            <exclusions>
                <exclusion>
                    <groupId>de.flapdoodle.embed</groupId>
                    <artifactId>de.flapdoodle.embed.mongo</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>junit</groupId>
@ -96,12 +75,6 @@
            <version>4.1.3.RELEASE</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.github.fakemongo</groupId>
            <artifactId>fongo</artifactId>
            <version>2.1.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.owasp.encoder</groupId>
            <artifactId>encoder</artifactId>
--- a/webgoat-server/Dockerfile
+++ b/webgoat-server/Dockerfile
@ -10,7 +10,5 @@ COPY start.sh /home/webgoat/start.sh
 RUN chmod +x /home/webgoat/start.sh
 USER webgoat
 RUN mkdir -p /home/webgoat/.embedmongo/linux
 RUN curl -o /home/webgoat/.embedmongo/linux/mongodb-linux-x86_64-3.2.2.tgz https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.2.2.tgz
 RUN cd /home/webgoat/; mkdir -p .webgoat
 COPY target/webgoat-server-${webgoat_version}.jar /home/webgoat/webgoat.jar
--- a/webgoat-server/pom.xml
+++ b/webgoat-server/pom.xml
@ -90,11 +90,6 @@
            <scope>test</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>de.flapdoodle.embed</groupId>
            <artifactId>de.flapdoodle.embed.mongo</artifactId>
            <version>2.0.0</version>
        </dependency>
        <dependency>
            <groupId>org.owasp.webgoat</groupId>
            <artifactId>webgoat-container</artifactId>
--- a/webgoat-server/src/main/java/org/owasp/webgoat/ExternalMongoConfiguration.java
+++ b/webgoat-server/src/main/java/org/owasp/webgoat/ExternalMongoConfiguration.java
@ -1,40 +0,0 @@
 package org.owasp.webgoat;
 import com.mongodb.MongoClient;
 import com.mongodb.MongoClientOptions;
 import de.flapdoodle.embed.mongo.MongodExecutable;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.mongo.MongoProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.env.Environment;
 import org.springframework.data.mongodb.MongoDbFactory;
 import org.springframework.data.mongodb.core.SimpleMongoDbFactory;
 import java.io.IOException;
 /**
 * If we run
 */
@Configuration
@ConditionalOnProperty(value = "webgoat.embedded.mongo", havingValue = "false")
 public class ExternalMongoConfiguration {
    @Autowired
    private MongoProperties properties;
    @Autowired(required = false)
    private MongoClientOptions options;
    @Bean
    public MongodExecutable mongodExecutable() throws IOException {
        return null;
    }
    @Bean
    public MongoDbFactory mongoDbFactory(Environment env) throws Exception {
        MongoClient client = properties.createMongoClient(this.options, env);
        return new SimpleMongoDbFactory(client, properties.getDatabase());
    }
 }
--- a/webgoat.env
+++ b/webgoat.env
@ -1,4 +0,0 @@
 WG_MONGO_PORT=27017
 WG_MONGO_HOST=mongo
 WG_MQ_HOST=activemq
 WG_MQ_PORT=61616
--- a/webgoat_developer_bootstrap.sh
+++ b/webgoat_developer_bootstrap.sh
@ -1,146 +0,0 @@
 #!/bin/bash
 # Bootstrap the setup of WebGoat for developer use in Linux and Mac machines
 # This script will clone the necessary git repositories, call the maven goals
 # in the order the are needed and launch tomcat listening on localhost:8080
 # Happy hacking !
 # Find out what is our terminal size
 COLS="$(tput cols)"
 if (( COLS <= 0 )) ; then
    COLS="${COLUMNS:-80}"
 fi
 # Colors
 ESC_SEQ="\x1b["
 COL_RESET=$ESC_SEQ"39;49;00m"
 COL_RED=$ESC_SEQ"31;01m"
 COL_GREEN=$ESC_SEQ"32;01m"
 COL_YELLOW=$ESC_SEQ"33;01m"
 COL_BLUE=$ESC_SEQ"34;01m"
 COL_MAGENTA=$ESC_SEQ"35;01m"
 COL_CYAN=$ESC_SEQ"36;01m"
 # Horizontal Rule function
 horizontal_rule() {
    local WORD
    for WORD in "#"
    do
        hr "$WORD"
    done
 }
 hr() {
    local WORD="$1"
    if [[ -n "$WORD" ]] ; then
        local LINE=''
        while (( ${#LINE} < COLS ))
        do
            LINE="$LINE$WORD"
        done
        echo -e "${LINE:0:$COLS}"
    fi
 }
 ## test if command exists
 ftest() {
  echo -e "$COL_CYAN  info: Checking if ${1} is installed $COL_RESET"
  if ! type "${1}" > /dev/null 2>&1; then
    return 1
  else
    return 0
  fi
 }
 ## feature tests
 features() {
  for f in "${@}"; do
    ftest "${f}" || {
      echo -e >&2 "***$COL_RED ERROR: Missing \`${f}'! Make sure it exists and try again. $COL_RESET"
      return 1
    }
  done
  return 0
 }
 tomcat_started () {
    STAT=`netstat -na | grep 8080 | awk '{print $6}'`
    if [ "$STAT" = "LISTEN" ]; then
        echo -e "$COL_GREEN WebGoat has started successfully! Browse to the following address. $COL_RESET"
        echo -e "$COL_CYAN Happy Hacking! $COL_RESET"
        return 0
    elif [ "$STAT" = "" ]; then
        echo -e "$COL_RED WebGoat failed to start up.... please wait run the following command for debugging : $COL_RESET"
        echo -e "$COL_MAGENTA  mvn -q -file WebGoat/pom.xml -pl webgoat-container tomcat7:run-war"
    fi
    return 1
 }
 ## main setup
 developer_bootstrap() {
    horizontal_rule
    echo -e "$COL_RED
    ██╗    ██╗███████╗██████╗  ██████╗  ██████╗  █████╗ ████████╗
    ██║    ██║██╔════╝██╔══██╗██╔════╝ ██╔═══██╗██╔══██╗╚══██╔══╝
    ██║ █╗ ██║█████╗  ██████╔╝██║  ███╗██║   ██║███████║   ██║
    ██║███╗██║██╔══╝  ██╔══██╗██║   ██║██║   ██║██╔══██║   ██║
    ╚███╔███╔╝███████╗██████╔╝╚██████╔╝╚██████╔╝██║  ██║   ██║
     ╚══╝╚══╝ ╚══════╝╚═════╝  ╚═════╝  ╚═════╝ ╚═╝  ╚═╝   ╚═╝
    $COL_RESET"
    horizontal_rule
    echo -e "Welcome to the WebGoat Developer Bootstrap script for Linux/Mac."
    echo -e "Now checking if all the required software to run WebGoat is already installed."
    echo -e "FYI: This Developer Bootstrap Script for WebGoat requires: Git, Java JDK and Maven accessible on the path"
    ## test for require features
    features git mvn java || return $?
    # Clone WebGoat from github
    if [ ! -d "WebGoat" ]; then
        echo -e "Cloning the WebGoat container repository"
        git clone https://github.com/WebGoat/WebGoat.git
    else
        horizontal_rule
        (
            echo -e "$COL_YELLOW The WebGoat container repo has already been clonned before, pulling upstream changes. $COL_RESET"
            cd WebGoat || {
                echo -e >&2 "$COL_RED *** ERROR: Could not cd into the WebGoat Directory. $COL_RESET"
                return 1
            }
            git pull origin develop
        )
    fi
    # Start the embedded Tomcat server
    echo -e "$COL_MAGENTA"
    horizontal_rule
    horizontal_rule
    horizontal_rule
    horizontal_rule
    echo "$COL_MAGENTA"
    echo "$COL_CYAN ***** Starting WebGoat using the embedded Tomcat ***** $COL_RESET"
    echo " Please be patient.... The startup of the server takes about 5 seconds..."
    echo " WebGoat will be ready for you when you see the following message on the command prompt:"
    echo "$COL_YELLOW INFO: Starting ProtocolHandler ["http-bio-8080"] $COL_RESET"
    echo "$COL_CYAN When you see the message above, open a web browser and navigate to http://localhost:8080/WebGoat/ $COL_RESET"
    echo " To stop the WebGoat and Tomcat Execution execution, press CTRL + C"
    echo "$COL_RED If you close this terminal window, Tomcat and WebGoat will stop running $COL_RESET"
    echo "$COL_MAGENTA"
    horizontal_rule
    horizontal_rule
    horizontal_rule
    horizontal_rule
    echo -e "$COL_RESET"
    sleep 5
    # Starting WebGoat
    mvn -q -pl webgoat-container spring-boot:run
 }
 # Start main script
 developer_bootstrap
--- a/webwolf/pom.xml
+++ b/webwolf/pom.xml
@ -55,7 +55,7 @@
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-mongodb</artifactId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
@ -73,6 +73,11 @@
            <artifactId>jquery</artifactId>
            <version>3.2.1</version>
        </dependency>
        <dependency>
            <groupId>org.hsqldb</groupId>
            <artifactId>hsqldb</artifactId>
            <version>${hsqldb.version}</version>
        </dependency>
    </dependencies>
    <build>
--- a/webwolf/src/main/java/org/owasp/webwolf/mailbox/Email.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/mailbox/Email.java
@ -4,10 +4,9 @@ import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 import org.springframework.data.annotation.Id;
 import org.springframework.data.mongodb.core.index.Indexed;
 import org.springframework.data.mongodb.core.mapping.Document;
 import javax.persistence.Entity;
 import javax.persistence.Id;
 import java.io.Serializable;
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;
@ -18,7 +17,7 @@ import java.time.format.DateTimeFormatter;
 */
@Builder
@Data
-@Document
+@Entity
@NoArgsConstructor
@AllArgsConstructor
 public class Email implements Serializable {
@ -29,7 +28,6 @@ public class Email implements Serializable {
    private String contents;
    private String sender;
    private String title;
    @Indexed
    private String recipient;
    public String getSummary() {
--- a/webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxRepository.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxRepository.java
@ -1,7 +1,6 @@
 package org.owasp.webwolf.mailbox;
-import org.bson.types.ObjectId;
+import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.mongodb.repository.MongoRepository;
 import java.util.List;
@ -9,7 +8,7 @@ import java.util.List;
 * @author nbaars
 * @since 8/17/17.
 */
-public interface MailboxRepository extends MongoRepository<Email, ObjectId> {
+public interface MailboxRepository extends JpaRepository<Email, String> {
    List<Email> findByRecipientOrderByTimeDesc(String recipient);
--- a/webwolf/src/main/java/org/owasp/webwolf/user/RegistrationController.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/RegistrationController.java
@ -0,0 +1,47 @@
 package org.owasp.webwolf.user;
 import lombok.AllArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PostMapping;
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
 /**
 * @author nbaars
 * @since 3/19/17.
 */
@Controller
@AllArgsConstructor
@Slf4j
 public class RegistrationController {
    private UserValidator userValidator;
    private UserService userService;
    private AuthenticationManager authenticationManager;
    @GetMapping("/registration")
    public String showForm(UserForm userForm) {
        return "registration";
    }
    @PostMapping("/register.mvc")
    @SneakyThrows
    public String registration(@ModelAttribute("userForm") @Valid UserForm userForm, BindingResult bindingResult, HttpServletRequest request) {
        userValidator.validate(userForm, bindingResult);
        if (bindingResult.hasErrors()) {
            return "registration";
        }
        userService.addUser(userForm.getUsername(), userForm.getPassword());
        request.login(userForm.getUsername(), userForm.getPassword());
        return "redirect:/WebWolf/home";
    }
 }
--- a/webwolf/src/main/java/org/owasp/webwolf/user/UserForm.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/UserForm.java
@ -0,0 +1,28 @@
 package org.owasp.webwolf.user;
 import lombok.Getter;
 import lombok.Setter;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
 /**
 * @author nbaars
 * @since 3/19/17.
 */
@Getter
@Setter
 public class UserForm {
    @NotNull
    @Size(min=6, max=20)
    private String username;
    @NotNull
    @Size(min=6, max=10)
    private String password;
    @NotNull
    @Size(min=6, max=10)
    private String matchingPassword;
    @NotNull
    private String agree;
 }
--- a/webwolf/src/main/java/org/owasp/webwolf/user/UserRepository.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/UserRepository.java
@ -1,12 +1,12 @@
 package org.owasp.webwolf.user;
-import org.springframework.data.mongodb.repository.MongoRepository;
+import org.springframework.data.jpa.repository.JpaRepository;
 /**
 * @author nbaars
 * @since 3/19/17.
 */
-public interface UserRepository extends MongoRepository<WebGoatUser, String> {
+public interface UserRepository extends JpaRepository<WebGoatUser, String> {
    WebGoatUser findByUsername(String username);
 }
--- a/webwolf/src/main/java/org/owasp/webwolf/user/UserService.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/UserService.java
@ -27,4 +27,9 @@ public class UserService implements UserDetailsService {
    }
    public void addUser(String username, String password) {
        userRepository.save(new WebGoatUser(username, password));
    }
 }
--- a/webwolf/src/main/java/org/owasp/webwolf/user/UserValidator.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/UserValidator.java
@ -0,0 +1,35 @@
 package org.owasp.webwolf.user;
 import lombok.AllArgsConstructor;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.Errors;
 import org.springframework.validation.Validator;
 /**
 * @author nbaars
 * @since 3/19/17.
 */
@Component
@AllArgsConstructor
 public class UserValidator implements Validator {
    private final UserRepository userRepository;
    @Override
    public boolean supports(Class<?> aClass) {
        return UserForm.class.equals(aClass);
    }
    @Override
    public void validate(Object o, Errors errors) {
        UserForm userForm = (UserForm) o;
        if (userRepository.findByUsername(userForm.getUsername()) != null) {
            errors.rejectValue("username", "username.duplicate");
        }
        if (!userForm.getMatchingPassword().equals(userForm.getPassword())) {
            errors.rejectValue("matchingPassword", "password.diff");
        }
    }
 }
--- a/webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java
@ -1,13 +1,14 @@
 package org.owasp.webwolf.user;
 import lombok.Getter;
 import org.springframework.data.annotation.Id;
 import org.springframework.data.annotation.Transient;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import javax.persistence.Entity;
 import javax.persistence.Id;
 import javax.persistence.Transient;
 import java.util.Collection;
 import java.util.Collections;
@ -16,6 +17,7 @@ import java.util.Collections;
 * @since 3/19/17.
 */
@Getter
@Entity
 public class WebGoatUser implements UserDetails {
    public static final String ROLE_USER = "WEBGOAT_USER";
--- a/webwolf/src/main/resources/application.properties
+++ b/webwolf/src/main/resources/application.properties
@ -5,6 +5,10 @@ server.session.timeout=6000
 server.port=8081
 server.session.cookie.name = WEBWOLFSESSION
 spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/data/webwolf
 spring.jpa.hibernate.ddl-auto=update
 spring.messages.basename=i18n/messages
 logging.level.org.springframework=INFO
 logging.level.org.springframework.boot.devtools=WARN
 logging.level.org.owasp=DEBUG
@ -25,12 +29,9 @@ multipart.location=${java.io.tmpdir}
 multipart.max-file-size=1Mb
 multipart.max-request-size=1Mb
 webgoat.server.directory=${user.home}/.webgoat/
 webwolf.fileserver.location=${java.io.tmpdir}/webwolf-fileserver
 spring.data.mongodb.host=${WG_MONGO_HOST:}
 spring.data.mongodb.port=${WG_MONGO_PORT:27017}
 spring.data.mongodb.database=webgoat
 spring.jackson.serialization.indent_output=true
 spring.jackson.serialization.write-dates-as-timestamps=false
--- a/webwolf/src/main/resources/i18n/messages.properties
+++ b/webwolf/src/main/resources/i18n/messages.properties
@ -0,0 +1,40 @@
 #
 # This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 # please see http://www.owasp.org/
 # <p>
 # Copyright (c) 2002 - 2017 Bruce Mayhew
 # <p>
 # This program is free software; you can redistribute it and/or modify it under the terms of the
 # GNU General Public License as published by the Free Software Foundation; either version 2 of the
 # License, or (at your option) any later version.
 # <p>
 # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 # even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 # General Public License for more details.
 # <p>
 # You should have received a copy of the GNU General Public License along with this program; if
 # not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 # 02111-1307, USA.
 # <p>
 # Getting Source ==============
 # <p>
 # Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
 # projects.
 # <p>
 #
 register.new=Register new user
 sign.up=Sign up
 register.title=Register 
 password=Password
 password.confirm=Confirm password
 username=Username
 not.empty=This field is required.
 username.size=Please use between 6 and 10 characters.
 username.duplicate=User already exists.
 password.size=Password should at least contain 6 characters
 password.diff=The passwords do not match.
--- a/webwolf/src/main/resources/templates/login.html
+++ b/webwolf/src/main/resources/templates/login.html
@ -45,6 +45,7 @@
                        <div class="col-xs-6 col-sm-6 col-md-6">
                        </div>
                    </div>
                    <div><b><a th:href="@{/registration}" th:text="#{register.new}"></a></b></div>
                </fieldset>
            </form>
        </div>
--- a/webwolf/src/main/resources/templates/registration.html
+++ b/webwolf/src/main/resources/templates/registration.html
@ -0,0 +1,89 @@
 <!DOCTYPE HTML>
 <html xmlns:th="http://www.thymeleaf.org">
 <head>
    <div th:replace="fragments/header :: header-css"/>
 </head>
 <body>
 <div th:replace="fragments/header :: header"/>
 <div class="container">
    <br/><br/>
    <fieldset>
        <legend th:text="#{register.title}">Please Sign Up</legend>
        <form class="form-horizontal" action="#" th:action="@{/register.mvc}" th:object="${userForm}"
              method='POST'>
            <div class="form-group" th:classappend="${#fields.hasErrors('username')}? 'has-error'">
                <label for="username" class="col-sm-2 control-label" th:text="#{username}">Username</label>
                <div class="col-sm-4">
                    <input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control"
                           th:field="*{username}"
                           id="username" placeholder="Username" name='username'/>
                </div>
                <span th:if="${#fields.hasErrors('username')}" th:errors="*{username}">Username error</span>
            </div>
            <div class="form-group" th:classappend="${#fields.hasErrors('password')}? 'has-error'">
                <label for="password" class="col-sm-2 control-label" th:text="#{password}">Password</label>
                <div class="col-sm-4">
                    <input type="password" class="form-control" id="password" placeholder="Password"
                           name='password' th:value="*{password}"/>
                </div>
                <span th:if="${#fields.hasErrors('password')}" th:errors="*{password}">Password error</span>
            </div>
            <div class="form-group" th:classappend="${#fields.hasErrors('matchingPassword')}? 'has-error'">
                <label for="matchingPassword" class="col-sm-2 control-label" th:text="#{password.confirm}">Confirm
                    password</label>
                <div class="col-sm-4">
                    <input type="password" class="form-control" id="matchingPassword" placeholder="Password"
                           name='matchingPassword' th:value="*{matchingPassword}"/>
                </div>
                <span th:if="${#fields.hasErrors('matchingPassword')}"
                      th:errors="*{matchingPassword}">Password error</span>
            </div>
            <div class="form-group" th:classappend="${#fields.hasErrors('agree')}? 'has-error'">
                <label class="col-sm-2 control-label">Terms of use</label>
                <div class="col-sm-6">
                    <div style="border: 1px solid #e5e5e5; height: 200px; overflow: auto; padding: 10px;">
                        <p>
                            While running this program your machine will be extremely
                            vulnerable to attack. You should disconnect from the Internet while using
                            this program. WebGoat's default configuration binds to localhost to minimize
                            the exposure.
                        </p>
                        <p>
                            This program is for educational purposes only. If you attempt
                            these techniques without authorization, you are very likely to get caught. If
                            you are caught engaging in unauthorized hacking, most companies will fire you.
                            Claiming that you were doing security research will not work as that is the
                            first thing that all hackers claim.
                        </p>
                    </div>
                </div>
            </div>
            <div class="form-group" th:classappend="${#fields.hasErrors('agree')}? 'has-error'">
                <div class="col-sm-6 col-sm-offset-2">
                    <div class="checkbox">
                        <label>
                            <input type="checkbox" name="agree" value="agree"/>Agree with the terms and
                            conditions
                        </label>
                    </div>
                </div>
            </div>
            <div class="form-group">
                <div class="col-sm-offset-2 col-sm-6">
                    <button type="submit" class="btn btn-primary" th:text="#{sign.up}">Sign up</button>
                </div>
            </div>
        </form>
    </fieldset>
 </div>
 </body>
 </html>
Author	SHA1	Message	Date
nbaars	114fbc5760	Merge branch 'release/8.0.0'	2017-12-30 16:50:39 +01:00
nbaars	32311a80da	Updating readme	2017-12-30 16:25:10 +01:00
nbaars	d3ee9431d8	Tagging latest Docker build with Travis as well	2017-12-30 14:13:34 +01:00
nbaars	4811a9d563	Removed Mongodb, so we do not have issues with downloading the embedded Mongodb. Moved back to JPA and use HSQLDB for storing user information. WebWolf now has its own user management (will move to separate Github repo)	2017-12-29 22:20:52 +01:00
nbaars	c6e86861fe	Removed Mongodb, so we do not have issues with downloading the embedded Mongodb. Moved back to JPA and use HSQLDB for storing user information.	2017-12-29 22:12:21 +01:00
nbaars	b64aa43760	Updated bootstrap script to use webgoat-server for starting spring-boot	2017-12-28 00:27:25 +01:00
nbaars	dd7f4074cd	Added encoding for asciidoc	2017-12-28 00:16:16 +01:00
Nanne Baars	8c10000e4e	Updating documentation for run of the sources	2017-11-23 03:01:09 +01:00
Nanne Baars	45d48a8776	Update README.MD	2016-12-23 15:58:09 +01:00
Doug Morato	50904cf69b	Adding Changelog Adding Changelog file for WebGoat releases Signed-off-by: Doug Morato <dm@corp.io>	2016-11-18 21:32:41 -05:00