惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
Check Point Blog
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
N
Netflix TechBlog - Medium
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 叶小钗
Cisco Talos Blog
Cisco Talos Blog
S
Schneier on Security
T
Threat Research - Cisco Blogs
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
Microsoft Security Blog
Microsoft Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
T
Tenable Blog
S
Secure Thoughts
T
Threatpost
V2EX - 技术
V2EX - 技术
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
罗磊的独立博客
P
Privacy & Cybersecurity Law Blog
Engineering at Meta
Engineering at Meta
小众软件
小众软件
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
Y
Y Combinator Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
P
Privacy International News Feed
H
Heimdal Security Blog
量子位
B
Blog

OWASP

Aikido and OWASP bring agentic Code Audit to the global AppSec community | OWASP Foundation Community update regarding Richard Greenberg | OWASP Foundation OWASP Dependency-Track 5.0 Is Now Generally Available | OWASP Foundation Welcome to the Google Summer of Code 2026! | OWASP Foundation OWASP Foundation Unveils Its Strategic Plan for a World Without Insecure Software | OWASP Foundation The OWASP Foundation appoints Missie Lindsey as Director of Corporate Relations | OWASP Foundation Bridging the Gap in Product Lifecycle Management: How OpenEoX and CLE Work Together | OWASP Foundation Announcing the Retirement of OWASP Meetup Platform | OWASP Foundation The OWASP Foundation appoints Stacey Ebbs as Communications & Marketing Manager | OWASP Foundation OWASP Certified Secure Software Developer | OWASP Foundation GSoC 2025 Recap | OWASP Foundation OWASP Top 10 Community Survey | OWASP Foundation OWASP Elections 2025 - Become a member today! | OWASP Foundation Help Support Sherif Mansour by donating blood today! | OWASP Foundation cdxgen and CycloneDX .NET Join GitHub Secure Open Source Fund | OWASP Foundation InfoSecMap x OWASP Collaboration | OWASP Foundation OWASP x Google Summer of Code 2025 - Enabling 15 opportunities for impact | OWASP Foundation OWASP Enables AI Regulation That Works with OWASP AI Exchange | OWASP Foundation OWASP Calls to Build a Unified Framework for Global Vulnerability Intelligence | OWASP Foundation ASVS 5.0 RC1 is ready for your review! | OWASP Foundation OWASP Education and Training Committee update | OWASP Foundation Committees Advisory on Software Bill of Materials and Real-time Vulnerability Monitoring for Open-Source Software and Third-Party Dependencies | OWASP Foundation OWASP Juice Shop leadership changes & contributor recognition | OWASP Foundation Lifecycle events are part of the secure supply chain | OWASP Foundation More than a Password Day 2024 | OWASP Foundation A workaround for OWASP Foundation emails being blocked by Microsoft Office 365 | OWASP Foundation Securing React Native Mobile Apps with OWASP MAS | OWASP Foundation
Juice Shop v20.0.0 — a fresh squeeze of features, now with AI | OWASP Foundation
Björn Kimminich · 2026-05-13 · via OWASP
image

Wednesday, May 13, 2026

Juice Shop v20.0.0 — a fresh squeeze of features, now with AI

After months of work on the develop branch, OWASP Juice Shop v20.0.0 is ready to serve. This is a major version bump packed with new challenges, a redesigned storefront, and a long list of under-the-hood improvements. Read on to learn what’s new in this release.

⚠️ Heads up before you use it: This release contains breaking changes for existing challenges and CTF setups, plus technical changes that may require updates to your customization files. Older solution guides may also need adjustments.


🤖 AI has joined the juice bar

The headline feature of v20.0.0 is a brand-new set of AI-themed challenges, exploring the security pitfalls of LLM-backed features in modern web applications:

  • Chatbot Prompt Injection ⭐⭐ — a gentle introduction to making LLMs spill the juice.
  • Greedy Chatbot Manipulation ⭐⭐⭐ — for hackers who want to coax more out of the model than intended.
  • AI Debugging ⭐⭐ — because even artificial intelligence sometimes needs a human in the loop.

The new AI-powered chatbot in action

These challenges require a configured LLM/AI endpoint to function. To make room for the new LLM-based chatbot, the legacy NLP-based chatbot has been retired, along with the “Bully Chatbot” and “Kill Chatbot” challenges.

🛠️ LLM Setup Details: The LLM setup guide explains the two main options for connecting an LLM:

  • Local Ollama model: The easiest way to run a model entirely on your own machine.
  • Remote OpenAI-compatible server: Use any cloud-based or self-hosted LLM that supports the OpenAI API format.

🛍️ A freshly pressed storefront

The shop itself got a major facelift. The product overview now uses a more compact and modern grid layout, and the Coding Challenge view has been redesigned as its own dedicated page with a more intuitive flow and modern code highlighters.

The new coding challenges UI

Other notable UI improvements:

  • Guest baskets for anonymous shoppers, with a smooth merge-on-login when users finally create an account.
  • Proper mobile scroll behavior across the app.
  • Blur effects and the new grid view extended to the photo wall, plus a generally more polished look across the board.
  • Our brand new neon-fire theme (now the default in the ctf config) will harmonize perfectly with a fancy new feature in the upcoming MultiJuicer v10 release. Stay tuned for more details about this exiting major release very soon!

The new neon-fire theme

The new neon-fire theme

Under the hood, the frontend has been upgraded to Angular 21.x, and Angular Material themes were migrated from the legacy M2 to M3.


⚡ Faster, lighter, snappier

We didn’t just add features — we trimmed the rind too:

  • ~30% faster startup time, thanks to lazy-loading heavy dependencies and batching database inserts at boot.
  • Smaller Docker image — with just over 125MB the container is now the leanest it’s been since Juice Shop v8, more than seven years and many feature additions ago.
  • Heavier pages have been split out for faster initial loads, and certain large textures were converted to .avif for a lighter payload.

Bundle analysis of the Juice Shop frontend

The net effect: noticeably quicker local starts, faster MultiJuicer instance launches, and less bandwidth burned on every deployment.


🛡️ Smarter challenges, smarter cheat detection

Behind the scenes, v20.0.0 also sharpens the rules of the game:

  • Loosely coupled challenges no longer trip cheat detection based purely on timing — a fairer outcome for legitimate solvers.
  • Direct access to tracking pixels is now treated as guaranteed cheating.
  • The “Mint the Honeypot” and “Wallet Depletion” challenges now require an ALCHEMY_API_KEY to function.
  • New Prometheus metrics track LLM token usage and tool calls (when supported by your endpoint).
  • The Internet Traffic challenge tag has been renamed and broadened to External Dependency to better reflect its scope of highlighting prerequisites for LLM and Web3 dependent challenges.

The renamed External Dependency challenge tags

Configuration also gets stricter enum validation for several options like codingChallengesEnabled and hintPlaybackSpeed, helping catch typo-induced surprises in your own yml configs.


🧪 New stock on the shelves and a healthier test kitchen

Restocking time: v20.0.0 ships with 10 new products and a new customer user inspired by a notorious British sitcom character.

The redesigned product grid featuring new juices

On the engineering side, we’ve done a deep clean of our test infrastructure:

  • The API test suite was migrated from Jest & Frisby to the Node.js test runner with Supertest.
  • The frontend test suite moved from Karma to Vitest.
  • Flaky Cypress runs were tamed with force-clicks, and stability fixes landed for the last-login-IP test.
  • New PR compliance and spam-check workflows now keep the repository tidy and protect the project leaders’ mental health.

Comment on a PR closed by out spam detection workflow

And finally, a runtime note: Node.js 20.x is no longer supported. Juice Shop now runs on Node.js 22–25, with 24 as the default.


🍹 Pour yourself a glass

That’s v20.0.0 — a release with something for trainers, CTF organizers, students, and anyone who enjoys breaking things in a safe environment. Grab the new build from the releases page or pull the latest Docker image, and let us know what you think. Happy hacking!

Updated main project logo with more vibrant colors Updated CTF logo variant with more vibrant colors

With this release, we are also officially releasing the first update of our logos in 10 years! The shape and style remain unchanged, but the colors are now noticably more vibrant and “popping”.