OWASP · commjoen · Mar 6, 2026 · Mar 6, 2026 · Mar 6, 2026 · Mar 6, 2026
@@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb
 git rebase -i main
 git rebase -i master
 git stash
-export tempPassword="OeyxzcLdUbln0KxnhlQaT2wQKfpJpV/A7/ach+erH4M="
+export tempPassword="mVskm4vj9tBf4BqqQEyPaFtTAFJ+K9csVbQkwF3Kj04="
 mvn run tempPassword
 k6
 npx k6

@@ -1,7 +1,7 @@
 FROM bellsoft/liberica-openjre-debian:25-cds AS builder
 WORKDIR /builder
 
-ARG argBasedVersion="1.13.1-alpha5"
+ARG argBasedVersion="1.13.1-alpha6"
 
 COPY --chown=wrongsecrets target/wrongsecrets-${argBasedVersion}-SNAPSHOT.jar application.jar
 RUN java -Djarmode=tools -jar application.jar extract --layers --destination extracted
@@ -59,7 +59,7 @@ RUN mkdir -p /var/run/secrets/kubernetes.io/serviceaccount && \
     chmod 600 /var/run/secrets/kubernetes.io/serviceaccount/token
 
 # Create a dynamic archive
-RUN java --add-modules=jdk.unsupported -XX:ArchiveClassesAtExit=application.jsa -Dspring.context.exit=onRefresh -jar application.jar
+RUN java -XX:ArchiveClassesAtExit=application.jsa -Dspring.context.exit=onRefresh -jar application.jar
 
 # Clean up the mocked token
 RUN rm -rf /var/run/secrets/kubernetes.io
@@ -71,5 +71,4 @@ RUN rm -rf /var/run/secrets/kubernetes.io
 RUN adduser -u 2000 -D wrongsecrets
 USER wrongsecrets
 
-CMD java -Xms128m -Xmx128m -Xss512k -jar -Dserver.port=$PORT -XX:MaxRAMPercentage=75 -XX:MinRAMPercentage=25 -Dspring.profiles.active=without-vault -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} application.jar
-# CMD java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=$(echo ${SPRING_PROFILES_ACTIVE}) -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} -D application.jar
+CMD java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=$(echo ${SPRING_PROFILES_ACTIVE}) -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} -D application.jar
@@ -1,5 +1,5 @@
-FROM jeroenwillemsen/wrongsecrets:1.13.1-alpha5-no-vault
-ARG argBasedVersion="1.13.1-alpha5-no-vault"
+FROM jeroenwillemsen/wrongsecrets:1.13.1-alpha6-no-vault
+ARG argBasedVersion="1.13.1-alpha6-no-vault"
 ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
 ARG CTF_ENABLED=false
 ARG HINTS_ENABLED=true
@@ -21,6 +21,7 @@ ENV K8S_ENV=Heroku(Docker)
 ENV canarytokenURLs=$CANARY_URLS
 ENV ctf_enabled=$CTF_ENABLED
 ENV ctf_key=$CTF_KEY
+ENV SPRING_PROFILES_ACTIVE=without-vault
 ENV hints_enabled=$HINTS_ENABLED
 ENV challengedockermtpath="/var/helpers"
 ENV keepasspath="/var/helpers/alibabacreds.kdbx"
@@ -36,8 +37,9 @@ ENV default_aws_value_challenge_10=$CHALLENGE_10_VALUE
 ENV default_aws_value_challenge_11=$CHALLENGE_11_VALUE
 ENV BASTIONHOSTPATH="/home/wrongsecrets/.ssh"
 ENV PROJECTSPECPATH="/var/helpers/project-specification.mdc"
+ENV funnybunny="This is a funny bunny"
 COPY .github/scripts/ /var/helpers
 COPY src/test/resources/alibabacreds.kdbx /var/helpers
 COPY src/test/resources/RSAprivatekey.pem /var/helpers
 COPY .ssh/ /home/wrongsecrets/.ssh/
-CMD java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=$(echo ${SPRING_PROFILES_ACTIVE}) -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} -D application.jar
+CMD java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=without-vault -Dserver.port=${PORT} -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} application.jar
@@ -58,7 +58,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-aws-secretsmanager"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           command: ["/bin/sh"]

@@ -61,7 +61,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "azure-wrongsecrets-vault"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           command: ["/bin/sh"]

@@ -12,9 +12,9 @@ The project maintains version consistency between:
 ## Version Schema
 
 ```
-pom.xml version:        1.13.1-alpha5-SNAPSHOT
-Dockerfile version:     1.13.1-alpha5
-Dockerfile.web version: 1.13.1-alpha5-no-vault
+pom.xml version:        1.13.1-alpha6-SNAPSHOT
+Dockerfile version:     1.13.1-alpha6
+Dockerfile.web version: 1.13.1-alpha6-no-vault
 ```
 
 ## Automated Solutions

@@ -8,7 +8,7 @@ app = "wrongsecrets"
 primary_region = "ams"
 
 [build]
-  image = "docker.io/jeroenwillemsen/wrongsecrets:1.13.1-alpha5-no-vault"
+  image = "docker.io/jeroenwillemsen/wrongsecrets:1.13.1-alpha6-no-vault"
 
 [env]
   K8S_ENV = "Fly(Docker)"

@@ -58,7 +58,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-gcp-secretsmanager"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           command: ["/bin/sh"]

@@ -1,4 +1,3 @@
 build:
   docker:
     web: Dockerfile.web
-    worker: Dockerfile
@@ -1,5 +1,5 @@
 
  function secret() {
- var password = "t5K69iQ=" + 9 + "IoOL" + 6 + "jYE=" + 2 + "/i5I" + 7;
+ var password = "m2/lkfE=" + 9 + "DsPI" + 6 + "2yc=" + 2 + "BcHo" + 7;
  return password;
  }
@@ -21,7 +21,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-      - image: jeroenwillemsen/wrongsecrets-challenge53:1.13.1-alpha5
+      - image: jeroenwillemsen/wrongsecrets-challenge53:1.13.1-alpha6
         name: secret-challenge-53
         imagePullPolicy: IfNotPresent
         resources:
@@ -45,7 +45,7 @@ spec:
         command: ["/bin/sh", "-c"]
         args:
           - cp /home/wrongsecrets/* /shared-data/ && exec /home/wrongsecrets/start-on-arch.sh
-      - image: jeroenwillemsen/wrongsecrets-challenge53-debug:1.13.1-alpha5
+      - image: jeroenwillemsen/wrongsecrets-challenge53-debug:1.13.1-alpha6
         name: sidecar
         imagePullPolicy: IfNotPresent
         command: ["/bin/sh", "-c", "while true; do ls /shared-data; sleep 10; done"]

@@ -21,7 +21,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-      - image: jeroenwillemsen/wrongsecrets-challenge53:1.13.1-alpha5
+      - image: jeroenwillemsen/wrongsecrets-challenge53:1.13.1-alpha6
         name: secret-challenge-53
         imagePullPolicy: IfNotPresent
         resources:

@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-no-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           ports:

@@ -50,7 +50,7 @@ spec:
           type: RuntimeDefault
       serviceAccountName: vault
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           command: ["/bin/sh"]

@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-no-vault
           name: secret-challenge-ctf
           imagePullPolicy: IfNotPresent
           securityContext:

@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-no-vault
           name: secret-challenge
           imagePullPolicy: IfNotPresent
           securityContext:

@@ -80,7 +80,7 @@ <h5 class="alert-heading">🎯 Learning Objectives</h5>
                         <li>(The MIT License (MIT)) Spring Cloud Azure Starter Key Vault Secrets (com.azure.spring:spring-cloud-azure-starter-keyvault-secrets:5.22.0 - https://microsoft.github.io/spring-cloud-azure)</li>
                         <li>(The Apache Software License, Version 2.0) Simple XML (safe) (com.carrotsearch.thirdparty:simple-xml-safe:2.7.1 - https://github.com/dweiss/simplexml)</li>
                         <li>(3-Clause BSD License) MinLog (com.esotericsoftware:minlog:1.3.1 - https://github.com/EsotericSoftware/minlog)</li>
-                        <li>(Apache License, Version 2.0) Internet Time Utility (com.ethlo.time:itu:1.13.1-alpha5 - https://github.com/ethlo/itu)</li>
+                        <li>(Apache License, Version 2.0) Internet Time Utility (com.ethlo.time:itu:1.13.1-alpha6 - https://github.com/ethlo/itu)</li>
                         <li>(The Apache Software License, Version 2.0) aalto-xml (com.fasterxml:aalto-xml:1.3.3 - https://github.com/FasterXML/aalto-xml)</li>
                         <li>(Apache License, Version 2.0) ClassMate (com.fasterxml:classmate:1.7.0 - https://github.com/FasterXML/java-classmate)</li>
                         <li>(The Apache Software License, Version 2.0) Jackson-annotations (com.fasterxml.jackson.core:jackson-annotations:2.19.1 - https://github.com/FasterXML/jackson)</li>