- Added new lessons for cryptography and path-traversal
- Extra content added to the XXE lesson
- Explanation of the assignments will be part of WebGoat, in this release we added detailed descriptions on how to solve the XXE lesson. In the upcoming releases new explanations will be added. If you want to contribute please create a pull request on Github.
- Docker improvements + docker stack for complete container with nginx
- Included JWT token decoding and generation, since jwt.io does not support None anymore
- #743 - Character encoding errors
- #811 - Flag submission fails
- #810 - Scoreboard for challenges shows csrf users
- #788 - strange copy in constructor
- #760 - Execution of standalone jar fails (Flyway migration step
- #766 - Unclear objective of vulnerable components practical assignment
- #708 - Seems like the home directory of WebGoat always use @project.version@
- #719 - WebGoat: 'Contact Us' email link in header is not correctly set
- #715 - Reset lesson doesn't reset the "HTML lesson" => forms stay succesful
- #725 - Vulnerable Components lesson 12 broken due to too new dependency
- #716 - On M26 @project.version@ is not "interpreted" #7
- #721 couldn't be able to run CSRF lesson 3: Receive Whitelabel Error Page
- #724 - Dead link in VulnerableComponents lesson 11
Special thanks to the following contributors providing us with a pull request:
- Satoshi SAKAO
- Philippe Lafoucrière
- Cotonne
- Tiago Mussi
- thegoodcrumpets
- Atharva Vaidya
- torleif
- August Detlefsen
- Choe Hyeong Jin
And everyone who provided feedback through Github.
Team WebGoat