Releases: zaproxy/zap-extensions
Releases · zaproxy/zap-extensions
Passive scanner rules version 60
Changed
- Clarified Missing Anti-clickjacking Header description.
- Depend on Passive Scanner add-on to include it by default (Issue 7959).
- Re-examine Cache-control Directives scan rule now ignores cache-control for POST method requests (Issue 8592).
Fixed
- Polyfill scan rule running slowly.
- Only scan text responses for:
- Hash Disclosure
- Private IP Disclosure
- Username Hash Found
- Performance improvements for:
- Cross-Domain JavaScript Source File Inclusion.
- Cross-Domain Misconfiguration.
Passive Scanner version 0.0.1
Added
- Provide the Passive Rules script type (Issue 7959).
- Provide the Stats Passive Scan Rule (Issue 7959).
- Provide the scan status label (Issue 7959).
- Provide the
pscan
API on newer ZAP versions (Issue 7959). - Dynamically un/load add-on passive scan rules (Issue 7959).
Network version 0.17.0
Changed
- Maintenance changes.
Fixed
- Guard against user without authentication state.
- Fix exception after regenerating the root CA cert during ZAP startup (Issue 8499).
- Use configured timeout as default.
Common Library version 1.27.0
Fixed
- Address false positives/negatives when handling cookies without name value pair separator (Issue 8613).
Call Home version 0.13.0
Added
- Tech stats to telemetry.
Automation Framework version 0.42.0
Added
- Allow to configure the structural parameters of a context (Issue 7780).
Fixed
- NPE in GUI if the technology was not specified.
Changed
- Rely on Passive Scanner add-on for the passive scan related jobs (Issue 7959).
Deprecated
- The classes of the passive scan related jobs are now deprecated and will be removed in a following release, use the classes from the Passive Scanner add-on instead (Issue 7959).
Authentication Helper version 0.15.1
Changed
- Restored stats removed in previous release as these could be used in AF tests.
Active scanner rules (beta) version 55
Changed
- The following scan rules now include example alert functionality for documentation generation purposes (Issue 6119):
- Expression Language Injection
- Cookie Slack Detector
Fixed
- Potential false positives in the Source Code Disclosure - File Inclusion scan rule when responses are empty or the original message resulted in an error to start with (Issue 8517).
- A spacing/punctuation issue in the Cookie Slack Detector scan rule, whereby the Other Info field would not have a space after colons and before lists of cookie names.
Active scanner rules (alpha) version 48
Changed
- Update minimum ZAP version to 2.15.0.
Fixed
- Alert text for various rules has been updated to more consistently use periods and spaces in a uniform manner.
- Potential false positives in the LDAP Injection scan rule when the original message resulted in an error to start with (Issue 8519).
Windows WebDrivers version 101
Changed
- Update ChromeDriver to 128.0.6613.86.