Skip to content

Latest commit

 

History

History
245 lines (225 loc) · 25.7 KB

CHANGELOG.md

File metadata and controls

245 lines (225 loc) · 25.7 KB
Raw

Change Log

7.1 (2016-11-18)

Full Changelog

Implemented enhancements:

  • i8n highlighting #96
  • Improve uniqueness of menu item Id's #45

Fixed bugs:

  • Stored XSS Lesson does not render message and attack does not fire #141
  • Source code is not available for this lesson. #137

Closed issues:

  • Fix lesson client side filtering #272
  • Reset lesson does not work anymore #271
  • Lesson plans not loading with manual build and easy-run jar (standalone jar) not running at all #268
  • Unable to download webgoat jar file #261
  • Developer edition build isn't working in its entirety #260
  • Amazon S3 downloadable JAR is missing #259
  • Code does not compile on dev branch #258
  • Executable jar crashes if empty .extract folder exist #251
  • Java Error Message in Lesson "How to Bypass a Path Based Access Control Scheme" #240
  • developer bootstrap says git is missing when it is installed #236
  • Application Won't Start #234
  • Restart lesson button isn't working #226
  • Navigation to start page is broken after login #218
  • Links in menu missing pointer cursor #216
  • Restart lesson button not working #213
  • WebGoat stops at DEBUG - Exit: getEngine() #211
  • Labs: Remnant files and solved stages #208
  • Labs: Navigating to Instructor java examples #206
  • WebGoat 7.0 and ZAP 2.4.3 will not proxy #204
  • Failing Build #201
  • Missing mvn package of webgoat-container in README.MD #200
  • Seems translation to Russian for "Congratulations. You have successfully completed this lesson." phrase is broken. #199
  • HtmlEncoder uses static methods but must be instantiated #195
  • webgoat-container should unpack all the lessons #192
  • Access Control Flaws, LAB stage 3: Remove the FindProfile screen #186
  • Injection Flaws | XPath Injection date file path issue #184
  • hints don't appear to work on labs #183
  • Session Management Flaws - Spoof an Authentication Cookie render issue #181
  • Challenge - Show* buttons show on initial lesson load #180
  • Http Basics - minor edits and change completion state #178
  • Lab Cross-Site Scripting Stage 1 solution #176
  • Backdoor lesson breaks menu CSS #175
  • Redirect localhost:8080 to localhost:8080/WebGoat #173
  • Session Fixation link in stage 2 does not work #170
  • A failure occurred when execute the command "sh webgoat_developer_bootstrap.sh" #145
  • Copy lessons into plugin_lessons #254
  • WebGoat // Lesson Plan and Solution are note available #242
  • Lab: Client side filtering - broken path #232
  • AXIS class not found error in Web Services / WSDL Scanning #222
  • WSDL link in SOAP Request Lesson crashing with AXIS error #221
  • Labs: RBAC stage 1 and 3 not working #209
  • How to create a Legacy Lesson - instruction edit #177
  • Can't tell when WebGoat has actually started when using: webgoat_developer_bootstrap.sh #75

Merged pull requests:

  • Add VMware fusion #264 (akiernan)
  • Remove Exception from method signature #257 (RubieV)
  • Code cleanup using @Test(expected = Exception) #256 (RubieV)
  • Added OWASP Labs badge #252 (psiinon)
  • updates from day 1 @AppSec EU #246 (misfir3)
  • Update java required version as stated in WebGoat#234 #243 (span)
  • Updates to Dev Bootstrap #239 (dilshanraja)
  • Fix broken start/home link on logo #229 (span)
  • Developer controls #228 (span)
  • Admin should also be able to see the solution, source and lesson plan. #224 (nbaars)
  • Fixed the classnames in the wsdd config file (moved to different pack… #223 (nbaars)
  • Feature/169 #220 (nbaars)
  • Update README.MD #219 (muzir)
  • Fix #213 by changing the id of the restart button to the correct id #214 (span)
  • Fixed #184 #212 (nbaars)
  • Fix shebang #210 (nxadm)
  • Enable weak authentication cookie lesson #207 (span)
  • -- Remove raw type usage, add type check parameter. #205 (muzir)
  • Update package references in readme #203 (span)
  • Develop #202 (misfir3)
  • Fixes #195 by adding static initialisation of the maps #197 (span)
  • Add stage parameter in the session to keep track of current stage #196 (span)
  • webgoat-container should unpack all the lessons #192 #193 (nbaars)

7.0.1 (2016-02-01)

Implemented enhancements:

  • SEVERE: The web application [/WebGoat] appears to have started a thread named [pool-7-thread-5] but has failed to stop it. This is very likely to create a memory leak #124
  • Cannot serialize session attribute #123
  • Overview of which lessons maps to which WebGoat-Lessons project #107
  • Remove ace js directory #103
  • Move webgoat-container UP one directory #100
  • Insecure login lesson has inline CSS background image is not applied #87
  • Re-enable/update WebGoat Info link #26
  • User Info/Logout Links #25
  • LessonInfo Service #23
  • Reload/Update Menu #22

Fixed bugs:

  • Nightly build doesn't run #150
  • Forced browsing lesson does not show success #143
  • Failed to load resource: the server responded with a status of 404 (Not Found) #139
  • Firefox and Edge miss one lesson in Menu #49
  • Lesson Plan does not toggle on/off #46
  • Clicking on 'LAB: Role Based Access Control' produces 'Invalid Session' in UI #44
  • Lesson Loading Scrolls down page in Firefox #39
  • WebGoat lessons do not load #32
  • Properties are appended when loading plugins #29

Closed issues:

  • Exceptions for all lessons in "LAB: DB SQL Injection" and "LAB: SQL Injection" #174
  • JSP Goathills lessons imports are not valid #171
  • update or remove http://webgoat.github.io/ #167
  • Provide over-rideable 'submitMethod' via AbstractLesson #165
  • Update HTTP Basics lesson #162
  • Command Injection Issue WebGoat 7 #156
  • XML Injection does not work #151
  • Plan is not available for this lesson. #138
  • Multi level login lesson works but is missing area around the form #135
  • SEVERE: The web application [/WebGoat] registered the JDBC driver [org.h2.Driver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered #134
  • hints are not refreshed when switching lessons #133
  • Sauce labs fails when running oraclejdk8 #118
  • Logging in sometimes goes to report card and misses category-menu #114
  • Order of elements in deployment descriptor #112
  • The jar snapshot doesn't run #108
  • re-enable challenge handling in LessonInfoModel #97
  • Review and cleanup releases and builds #90
  • Review and cleanup Installation Docs #89
  • Ajax Security: LAB: Client Side Filtering #86
  • Close button on about dialog does not close the dialog #81
  • Lessons Intermittently showing up in WebGoat #76
  • Order of buttons switch after submit #73
  • After login, there is no default lesson #72
  • Intermittent Startup Error #71
  • Discover Clues in HTML lesson doesn't work #70
  • Eclipse import error for webgoat-container #66
  • Reflected XSS Attacks error message error #65
  • Labs with Stages all throw exceptions #64
  • Spelling errors in: webgoat_developer_bootstrap.sh #63
  • CSRF token by-pass lesson shows stacktrace #60
  • Http Basics lessons fails to load #53
  • Null Pointer Exception on every page #47
  • Create support in client-side routing for 'stages' #42
  • Implement Loading Spinner on Menu #41
  • Lab - DOM-based cross-site scripting: Java Source produces XSS alert #38
  • DOM Injection Lesson - Java Source does not work #37
  • Lesson Interdependency #33
  • Hide menu functionality #28
  • Consume LessonInfo Service to display title #24
  • how to up webgoat to netbeans on mac os x. #14

Merged pull requests:

  • Disable cross-site scripting lab #191 (span)
  • Adding OSSRH Repository on Parent Pom #190 (dougmorato)
  • Setting GPG keyname as WebGoat in Parent Pom #189 (dougmorato)
  • Fixining all the javadoc issues preventing the release #188 (dougmorato)
  • Improving WebGoat Developer Bootstrap Script #187 (dougmorato)
  • issue #147 disabling broken lessons #185 (mayhew64)
  • #167 removing refrences to github.io in code #172 (misfir3)
  • #165 support for custom submitMethod #166 (misfir3)
  • Remove Coverity Badge from README #164 (dougmorato)
  • Forced browsing #163 (nbaars)
  • Moving lesson utilities to common project instead of AbstractLesson #155 (nbaars)
  • #133 hiding hint on change of lesson/loesson load #153 (misfir3)
  • changed back to compile phase, package phase breaks the war-exec.jar … #152 (mayhew64)
  • Fixes typo in README #149 (aravindc26)
  • #66 Fixing jar plugin lifecycle issue #148 (slavP)
  • Tidy up CSRF lessons. #147 (ilatypov)
  • Updated pom versions and cache .m2 on travis to speed build time #140 (dougmorato)
  • Update dependency version, build number and unregister DB driver #136 (dougmorato)
  • SEVERE: The web application [/WebGoat] appears to have started a thr… #132 (nbaars)
  • Do not clean before mvn cobertura and coveralls #131 (dougmorato)
  • Cannot serialize session attribute #123 #130 (nbaars)
  • Maven-tomcat plugin fix and correct typo on JS file #129 (dougmorato)
  • items ommited from menu spinner and some more clean up #127 (misfir3)
  • Coveralls should be on Parent Pom #126 (dougmorato)
  • Adding badges for Coverity, Coveralls and Codacy #125 (dougmorato)
  • Test enable Coverity SAST #122 (dougmorato)
  • Improved README instructions for Easy Run #121 (dougmorato)
  • Copy whole target folder, not just individual file #120 (dougmorato)
  • Code cleanup and menu spinner #119 (misfir3)
  • Logging in sometimes goes to report card and misses category-menu #114 #117 (nbaars)
  • Copy output and target info upload to S3 folder #116 (dougmorato)
  • Fix #81 to activate close button in the modal footer #115 (span)
  • Fix #112 deployment descriptor elements in wrong order #113 (span)
  • #103: removing ace directory, not in use #111 (misfir3)
  • The jar snapshot doesn't run #108 (2) #110 (nbaars)
  • The jar snapshot doesn't run #108 #109 (nbaars)
  • Removed credits from lessons #106 (nbaars)
  • Fixed classloading issues with Goathills lessons #105 (nbaars)
  • i8n highlighting #96 #102 (nbaars)
  • #97, updating controls for hints, source, solution and plans on lessons #101 (misfir3)
  • Button to force plugin reloading #93 #99 (nbaars)
  • #97, Hint controls for CHALLENGE Category lessons #98 (misfir3)
  • #23, #24 - LessonInfo Service now used for TitleView and HelpControsView #94 (misfir3)
  • Properties are appended when loading plugins (#29) #88 (nbaars)
  • Added a lesson restart for lesson specific restart actions #85 (mayhew64)
  • Fixing inconsistent merge issues implementing nbaars fixes #83 (dougmorato)
  • Updated contributors and sponsors #82 (mayhew64)
  • #72, defaulting to firstLesson on initial redirect #80 (misfir3)
  • Intermittent Startup Error #71 #79 (nbaars)
  • Adding Coverity Static Code Analysis Scan integration #78 (dougmorato)
  • Pom refactoring, javadocs compliance and Integration improvements #77 (dougmorato)
  • Property files are now detected while extracting the plugin #74 (nbaars)
  • Recent UI Fixes #61 (misfir3)
  • Lab - DOM-based cross-site scripting: Java Source produces XSS alert #38 #59 (nbaars)
  • Update README.MD #57 (mayhew64)
  • Do NOT run Integration tests on pull requests #56 (dougmorato)
  • Increase performance while extracting the plugins #55 (nbaars)
  • Http Basics lessons fails to load #53 #54 (nbaars)
  • Adding headless Integration Tests with Sauce Labs #50 (dougmorato)
  • Null Pointer Exception on every page #47 #48 (nbaars)
  • menu and routing work #43 (misfir3)
  • Fixes for issue #32 - lessons/menu not loading #40 (misfir3)
  • Fixed not serializable error when stopping/starting Tomcat #36 (nbaars)
  • Improved README, fixed copy lessons instructions, added developer bootstrap #35 (dougmorato)
  • Improved Travis Build and Instructions on Readme #31 (dougmorato)
  • recent modifications from my branch #30 (misfir3)
  • initial cut of paramView re-enabled #21 (misfir3)
  • Removing doc directory which contained 6 year old stale files #18 (dougmorato)
  • First pull request, minor fix #17 (silicakes)
  • cookie view re-enabled #16 (misfir3)
  • Incremental UI changes #15 (misfir3)
  • Merged changes from WebGoat-Legacy to WebGoat #13 (nbaars)
  • Merge pull request #48 from michaeldever/master #11 (nbaars)
  • restoring READMe.txt #10 (misfir3)
  • Initial cut-over of backbone port #9 (misfir3)
  • Added a method so we can fetch the absolute path of a lesson #8 (nbaars)
  • Fixed rewriting paths in the jsp/js and css resources #7 (nbaars)
  • Classloader introduced #6 (nbaars)
  • Instructions for manual deployment #5 (iammyr)
  • Renamed the jar file #4 (nbaars)
  • Fixed classloading issues when a lesson contains an inner class. The plu... #3 (nbaars)
  • Generate separate jar file to use in the lessons project #2 (nbaars)
  • Bug fix: lesson solution not showing #1 (nbaars)

* This Change Log was automatically generated by github_changelog_generator