HelpReleases2_2_0

Release 2.2.0

The following changes were made in this release:

Major changes:

Issue 717 : Scripts: support multiple scripts and embedding within ZAP components

Support for Mozilla Zest: https://developer.mozilla.org/en-US/docs/Zest

Support for Mozilla Plug-n-Hack: https://developer.mozilla.org/en-US/docs/Plug-n-Hack

Support for scanning headers as well as JSON and XML formats

Minor changes:

Issue 711 : Support scanning of XML requests

Issue 713 : Add CWE and WASC numbers to issues

Issue 719 : Custom http break points with more options

Issue 738 : Options to hide tabs / windows

Issue 750 : Upgrade script console to support non textbased scripting languages

Issue 752 : Create a new root CA when first run

Issue 775 : Allow host to be set via the command line

Bug Fixes:

Issue 555 : Http panels default to hex view

Issue 599 : The save session api does not allow to overwrite session already has same name

Issue 630 : URLCanonicalizer.getCanonicalURL produces URIs "half" decoded

Issue 631 : URLCanonicalizer.buildCleanedParametersURIRepresentation returns URIs in percent-encoded form and decoded

Issue 652 : Shutdown after a big scan takes too long (deleting ascan records)

Issue 655 : API encoding issues

Issue 665 : NullPointerException while proxying with a URI with an empty path component

Issue 666 : JSONException while calling an API action without the required parameter(s)

Issue 669 : Certificate algorithm constraints in Java 1.7

Issue 674 : Add HttpSessionAPI to ApiGeneratorUtils

Issue 685 : Add dummy file to "fuzzers" directory

Issue 686 : Log HttpException (as error) in the ProxyThread

Issue 687 : Change HTTP response header parser to be less strict

Issue 690 : Context Authentication URLs don't fail manual overwriting.

Issue 691 : Handle old plugins

Issue 692 : Report the version of java found by zap.sh

Issue 693 : Command line should show all options

Issue 694 : API UI fails on IE

Issue 695 : Sites tree doesnt clear on new session created by API

Issue 696 : Change "Ajax Spider" add-on options to use ZapNumberSpinner

Issue 697 : API action "proxy.pac" might return wrong domain/port

Issue 698 : Passive Scanner API view "recordsToScan" returns -1 after finish scanning the messages

Issue 699 : Fix HTML errors in the help pages

Issue 702 : Do not load newer add-on versions if they are not targeted for the running ZAP version

Issue 703 : Add-on ZAP version constraints "not-before-version" and "not-from-version" are not respected for already "installed" add-ons

Issue 706 : ZAP API doesn't parse correctly query parameters with "&" characters

Issue 710 : URLCanonicalizer.getCanonicalURL fails to correctly parse query parameters with "&" and "=" characters

Issue 712 : HttpSessions API action "setSessionTokenValue" should add the session token name to the site's session tokens

Issue 720 : Cannot send non standard http methods

Issue 721 : Non POST and PUT requests receive a 504 when server expects a request body

Issue 724 : Do not clone the alert's message that will be shown in message panels

Issue 725 : Clear alert's panel fields

Issue 726 : Catch active scanner variants' exceptions

Issue 727 : Name of automatically created HTTP sessions is always in English

Issue 728 : Allow to create a session with a given name through the HttpSessions API

Issue 729 : Update NTLM authentication code

Issue 730 : MissingResourceException while selecting a disabled extension (from an add-on) in the "Extensions" options panel

Issue 731 : MissingResourceException with ExtensionFuzz enabled and ExtensionBruteForce disabled

Issue 736 : Change add-on class loading strategy to parent-last

Issue 737 : Restore "Ajax spider" add-on dependencies

Issue 756 : Allow Context Panels intercommunication

Issue 763 : XML report empty when used in daemon mode

Issue 764 : HTTP fuzz results dont support right click menus

Issue 766 : Searching fuzz results doesnt include the header

Issue 767 : HTTP Session API could be less strict

Issue 772 : Restructuring of Saving/Loading Context Data

Issue 774 : Build doesnt include scripts directory

Issue 776 : Allow add-ons to warn user if they're closing ZAP with unsaved resources open

Issue 777 : Unable to cancel changes when using Include in/Exclude from Context

Issue 782 : NoSuchMethodError when excluding a WebSocket channel URL from context

Issue 785 : Change zap.sh to cope with Java 1.8

Issue 786 : Snapshot session menu item not working

ZAP User Guide
- Introduction
- Getting Started
- The User Interface
  - Overview
  - The Top Level Menu
  - The Top Level Toolbar
  - The Tabs
    - Sites
    - Request
    - Response
    - Break
    - History
    - Search
    - Break Points
    - Alerts
    - Active Scan
    - Spider
    - Params
    - HTTP Sessions
    - Output
    - Callbacks
  - The Dialogs
  - The Footer
- Command Line
- Add Ons
  - Active Scan Rules
  - Ajax Spider
    - Dialog
    - Options
    - Tab
  - Diff
  - Forced Browse
    - Options
    - Tab
  - Fuzzer
  - Getting Started Guide
  - Invoke Applications
    - Options
  - JxBrowser
  - Online Menu
  - Passive Scan Rules
  - Plug-n-Hack
    - Clients tab
  - Quick Start
    - Command Line
    - Launch Options
  - Reveal
  - Scripts
    - Console
    - Tree
  - Selenium
    - Options
    - API
  - Tips and Tricks
  - WebSockets
    - Tab
    - Options
    - Session Properties
    - Scripts
    - API
    - Passive Scan Rules
    - About
  - Zest
- Releases
  - 2.8.0
  - 2.7.0
  - 2.6.0
  - 2.5.0
  - 2.4.3
  - 2.4.2
  - 2.4.1
  - 2.4.0
  - 2.3.1
  - 2.3.0
  - 2.2.2
  - 2.2.1
  - 2.2.0
  - 2.1.0
  - 2.0.0
  - 1.4.1
  - 1.4.0
  - 1.3.4
  - 1.3.3
  - 1.3.2
  - 1.3.1
  - 1.3.0
  - 1.2.0
  - 1.1.0
  - 1.0.0
- Paros Proxy
- Credits

	Introduction	the introduction to ZAP
	Releases	the full set of releases
	Credits	the people and groups who have made this release possible

HelpReleases2_2_0

Release 2.2.0

Major changes:

Issue 717 : Scripts: support multiple scripts and embedding within ZAP components

Support for Mozilla Zest: https://developer.mozilla.org/en-US/docs/Zest

Support for Mozilla Plug-n-Hack: https://developer.mozilla.org/en-US/docs/Plug-n-Hack

Support for scanning headers as well as JSON and XML formats

Minor changes:

Issue 711 : Support scanning of XML requests

Issue 713 : Add CWE and WASC numbers to issues

Issue 719 : Custom http break points with more options

Issue 738 : Options to hide tabs / windows

Issue 750 : Upgrade script console to support non textbased scripting languages

Issue 752 : Create a new root CA when first run

Issue 775 : Allow host to be set via the command line

Bug Fixes:

Issue 555 : Http panels default to hex view

Issue 599 : The save session api does not allow to overwrite session already has same name

Issue 630 : URLCanonicalizer.getCanonicalURL produces URIs "half" decoded

Issue 631 : URLCanonicalizer.buildCleanedParametersURIRepresentation returns URIs in percent-encoded form and decoded

Issue 652 : Shutdown after a big scan takes too long (deleting ascan records)

Issue 655 : API encoding issues

Issue 665 : NullPointerException while proxying with a URI with an empty path component

Issue 666 : JSONException while calling an API action without the required parameter(s)

Issue 669 : Certificate algorithm constraints in Java 1.7

Issue 674 : Add HttpSessionAPI to ApiGeneratorUtils

Issue 685 : Add dummy file to "fuzzers" directory

Issue 686 : Log HttpException (as error) in the ProxyThread

Issue 687 : Change HTTP response header parser to be less strict

Issue 690 : Context Authentication URLs don't fail manual overwriting.

Issue 691 : Handle old plugins

Issue 692 : Report the version of java found by zap.sh

Issue 693 : Command line should show all options

Issue 694 : API UI fails on IE

Issue 695 : Sites tree doesnt clear on new session created by API

Issue 696 : Change "Ajax Spider" add-on options to use ZapNumberSpinner

Issue 697 : API action "proxy.pac" might return wrong domain/port

Issue 698 : Passive Scanner API view "recordsToScan" returns -1 after finish scanning the messages

Issue 699 : Fix HTML errors in the help pages

Issue 702 : Do not load newer add-on versions if they are not targeted for the running ZAP version

Issue 703 : Add-on ZAP version constraints "not-before-version" and "not-from-version" are not respected for already "installed" add-ons

Issue 706 : ZAP API doesn't parse correctly query parameters with "&" characters

Issue 710 : URLCanonicalizer.getCanonicalURL fails to correctly parse query parameters with "&" and "=" characters

Issue 712 : HttpSessions API action "setSessionTokenValue" should add the session token name to the site's session tokens

Issue 720 : Cannot send non standard http methods

Issue 721 : Non POST and PUT requests receive a 504 when server expects a request body

Issue 724 : Do not clone the alert's message that will be shown in message panels

Issue 725 : Clear alert's panel fields

Issue 726 : Catch active scanner variants' exceptions

Issue 727 : Name of automatically created HTTP sessions is always in English

Issue 728 : Allow to create a session with a given name through the HttpSessions API

Issue 729 : Update NTLM authentication code

Issue 730 : MissingResourceException while selecting a disabled extension (from an add-on) in the "Extensions" options panel

Issue 731 : MissingResourceException with ExtensionFuzz enabled and ExtensionBruteForce disabled

Issue 736 : Change add-on class loading strategy to parent-last

Issue 737 : Restore "Ajax spider" add-on dependencies

Issue 756 : Allow Context Panels intercommunication

Issue 763 : XML report empty when used in daemon mode

Issue 764 : HTTP fuzz results dont support right click menus

Issue 766 : Searching fuzz results doesnt include the header

Issue 767 : HTTP Session API could be less strict

Issue 772 : Restructuring of Saving/Loading Context Data

Issue 774 : Build doesnt include scripts directory

Issue 776 : Allow add-ons to warn user if they're closing ZAP with unsaved resources open

Issue 777 : Unable to cancel changes when using Include in/Exclude from Context

Issue 782 : NoSuchMethodError when excluding a WebSocket channel URL from context

Issue 785 : Change zap.sh to cope with Java 1.8

Issue 786 : Snapshot session menu item not working

See also

Clone this wiki locally