Release v2.6.29

Full Changelog: v2.6.28...v2.6.29

Release v2.6.28

What's Changed

• Add link to CyberSec Games blog post about Max by @sydseter in #2508

Full Changelog: v2.6.27...v2.6.28

Release v2.6.27

Full Changelog: v2.6.26...v2.6.27

Release v2.6.26

What's Changed

• Completed Portuguese translation fro 3.0 by @pfortuna in #2496
• Refine text on security mindset and threat modeling by @Bra1nFartz in #2500

New Contributors

• @pfortuna made their first contribution in #2496

Full Changelog: v2.6.25...v2.6.26

Release v2.6.25

What's Changed

• Added aashish kharel in a volunteers list by @immortal71 in #2429
• Bump @sveltejs/kit from 2.53.2 to 2.53.3 in /cornucopia.owasp.org by @dependabot[bot] in #2416
• Bump svelte-check from 4.4.3 to 4.4.4 in /cornucopia.owasp.org by @dependabot[bot] in #2414
• Bump @types/node from 25.3.0 to 25.3.2 in /cornucopia.owasp.org by @dependabot[bot] in #2413
• Bump phoenix_live_view from 1.1.24 to 1.1.25 in /copi.owasp.org by @dependabot[bot] in #2412
• Add link to privacy notice by @sydseter in #2440
• fix: add dynamic route for /api/cre/webapp and /api/cre/mobileapp by @Mysterio-17 in #2407
• fix: add Content-Type header to CRE API response by @Mysterio-17 in #2450
• increase Test coverage to 80.8% by @muhammad7865 in #2449
• Bump wrangler from 4.68.1 to 4.69.0 in /cornucopia.owasp.org by @dependabot[bot] in #2415
• security: remove game delete handler from GameLive.Index (#2420) by @immortal71 in #2455
• Italian Translation by @ricsirigu in #2463
• fix: remove incomplete delete game test from GameLiveTest by @Adarshkumar0509 in #2480
• Fixes #2432 (Phase 1: mobile spacing and touch targets) by @Mahaboobunnisa123 in #2484

New Contributors

• @ricsirigu made their first contribution in #2463
• @Mahaboobunnisa123 made their first contribution in #2484

Full Changelog: v2.6.24...v2.6.25

Release v2.6.24

What's Changed

• feat: Add Bandit pre-commit hook + fix XML parsing vulnerability (#2417) by @khushal-winner in #2421
• Webapp cards 3.0 Dutch version. by @marysia in #2427
• fix-dropdown-design : adding previous dropdown layout design by @prakhar0x01 in #2425
• pt_br translation of 43.0 cards by @izar in #2426

New Contributors

• @marysia made their first contribution in #2427
• @izar made their first contribution in #2426

Full Changelog: v2.6.23...v2.6.24

Release v2.6.23

What's Changed

• Fix zip slip in ODT/IDML template extraction by @ashnaaseth2325-oss in #2327
• Revert "fix: prevent path prefix collision in _validate_file_paths" by @sydseter in #2410

Full Changelog: v2.6.22...v2.6.23

Release v2.6.22

What's Changed

• Add Adarsh Kumar to acknowledgements by @Adarshkumar0509 in #2402

Full Changelog: v2.6.21...v2.6.22

Release v2.6.21

What's Changed

• update contributers list by @ayman-art in #2338
• fix: use gh release upload for ZAP report upload to pre-release by @Mysterio-17 in #2339
• fixed inconsistent UTF-8 encoding by @Suresh-Krishna-P in #2330
• "poofing: 2-K, Ace" -> "Spoofing: 2-K, Ace" by @cw-owasp in #2345
• Create webapp-cards-3.0-hi.yaml by @SachinAditya in #2247
• Fix/zap max scan duration by @ayman-art in #2356
• DBD Cornucopia suits/cards by @cw-owasp in #2357
• Bump mvdan/shfmt from 67db984 to 67435ef by @dependabot[bot] in #2350
• Bump @types/node from 25.2.3 to 25.3.0 in /cornucopia.owasp.org by @dependabot[bot] in #2351
• Feature/add-dropdown : Version Routing implementation by @prakhar0x01 in #2355
• "poofing: 2-K, Ace" -> "Spoofing: 2-K, Ace" by @cw-owasp in #2344
• Replace debug IO.puts statements with Logger in PlayerLive.Show (#2287) by @immortal71 in #2298
• Fix/zap permission error by @ayman-art in #2366
• Agentic AI suit by @suvroc in #2342
• BOT suit mapping correction by @cw-owasp in #2370
• Add description for mobile app card AA9 contributes to #2108 by @10-trix in #2323
• BOT attack attack format update; AAI duplicate tidy-up by @cw-owasp in #2372
• Bump mvdan/shfmt from 67435ef to a27f723 by @dependabot[bot] in #2368
• Bump virtualenv from 20.38.0 to 20.39.0 by @dependabot[bot] in #2361
• Bump phoenix from 1.8.3 to 1.8.4 in /copi.owasp.org by @dependabot[bot] in #2362
• Bump swagger-ui-dist from 5.31.1 to 5.31.2 in /cornucopia.owasp.org by @dependabot[bot] in #2354
• Bump svelte-check from 4.4.1 to 4.4.3 in /cornucopia.owasp.org by @dependabot[bot] in #2353
• Add Norwegian translation by @sydseter in #2376
• Ensure the route to api goes to api/docs by @sydseter in #2326
• fix: prevent path prefix collision in _validate_file_paths by @ashnaaseth2325-oss in #2346

• Fix: Handle whitespace-only translations properly by @khushal-winner in #2382

• Fix/reduce max scan duration by @ayman-art in #2383
• Fix narrative inconsistency: update remaining Ryan reference to Adrian in AZK card by @Copilot in #2392
• Fix/broken pdf link :host Secure Web Development Guide PDF publicly to resolve auth requirement #2283 by @prakhar0x01 in #2395
• Added Khushal Malhotra to Volunteers list (alphabetical order) by @khushal-winner in #2394
• Bump wrangler from 4.66.0 to 4.68.1 in /cornucopia.owasp.org by @dependabot[bot] in #2391
• Bump swoosh from 1.22.0 to 1.22.1 in /copi.owasp.org by @dependabot[bot] in #2387
• Adding Adrian Sroka to AZK by @sydseter in #2385
• Add blog post: Straight to the Ace - Threat Modeling Through Gamification by @Bra1nFartz in #2373
• Bump certifi from 2026.1.4 to 2026.2.25 by @dependabot[bot] in #2369
• Fix ArithmeticError when starting game with zero players by @immortal71 in #2336
• Bump @sveltejs/kit from 2.53.0 to 2.53.2 in /cornucopia.owasp.org by @dependabot[bot] in #2389
• Fix/player-name-validation : Add length validation to Player name field to prevent DB truncation errors by @prakhar0x01 in #2308
• Fix mobile padding on news page by @khushal-winner in #2401
• Add framed privacy notices to game and player forms by @Adarshkumar0509 in #2262

New Contributors

• @ashnaaseth2325-oss made their first contribution in #2346
• @khushal-winner made their first contribution in #2382
• @Copilot made their first contribution in #2392
• @Bra1nFartz made their first contribution in #2373
• @Adarshkumar0509 made their first contribution in #2262

Full Changelog: v2.6.20...v2.6.21

Release v2.6.20

What's Changed

• SBOM generate by @ayman-art in #2331
• Adding russian to 3.0 by @sydseter in #2324

New Contributors

• @ayman-art made their first contribution in #2331

Full Changelog: v2.6.19...v2.6.20