ZAP Updates - August 2023

Posted 940 Words

This month saw one of the biggest changes to ZAP since it was launched in 2010 - the move to a brand new foundation!

We have also published a new questionnaire to find out what you think we should focus our development efforts on - so please fill this in.

And despite all of the migration work there have been several other very significant changes this month, so read on…


ZAP Move to SSP from OWASP

The (very) big news this month was the move from OWASP to the Software Security Project.

The move means that we now have doubled the number of people able to work on ZAP full time, from 1 to 2 😁

A lot of effort this month has focused on rebranding and moving away from some of the OWASP accounts we were using.

The following URLs, services, and defaults have changed:

Docker Hub

The official ZAP Docker images are now in the Software Security Project Docker Hub Organisation. The OWASP links should continue to work but we recommend you change to use the new ones ASAP.

Note that you can also pull the ZAP Docker images from GitHub Container Registry.


The Crowdin projects used for translating ZAP have changed to:

API Clients

The Python API client is now:

WebSwing Default Certificate Names

The certificates ZAP creates when launching Webswing have changed to:

  • zap_root_ca.crt - the public ZAP Root CA certificate
  • zap_root_ca.key - the private ZAP Root CA certificate

ZAP on Winget

ZAP is now available via Winget - the official Microsoft Windows Package Manager.

Community Scripts Tips (and Tricks)

A blog post was published drawing attention to the new section added to the community-scripts repository - please submit your ideas and usage tips for ZAP and its add-ons here.

ZAP Development Focus Questionnaire

A blog post was published highlighting the new ZAP questionnaire - this is your chance to influence what we, the ZAP Core Team, focus our efforts on. Thank you to everyone who has already completed it (the current results are very revealing!) and if you have not completed it then please do so ASAP!

GraalJS Classloader Fix

We have had an ongoing problem with the GraalVM JavaScript add-on which meant that it was not possible to reference classes in ZAP add-ons. This significantly impacted its usefulness.

The good news is that following a fix in the GraalVM code and some core changes this is no longer a problem! Note that as we have to make core changes, this fix will only work in the nightly and weekly (from next week) releases until 2.14.0 is released.

API Support for File Transfers

The latest weekly release supports the ability to upload and download files to and from ZAP via the API. For more details see this post on the ZAP User Group.

GitHub Pulse

Here are some statistics for the two main ZAP repositories:

Excluding merges, 7 authors have pushed 39 commits to main and 39 commits to all branches. On main, 133 files have changed and there have been 1,677 additions and 47,904 deletions.

Excluding merges, 8 authors have pushed 74 commits to main and 74 commits to all branches. On main, 657 files have changed and there have been 8,390 additions and 2,731 deletions.

A total of 192 PRs were merged on the ZAP repos.

Ongoing Work

2.14.0 Release

We are actively working on getting ZAP 2.14.0 ready for release. You can track the progress in the 2.14.0 Milestone.

Google Summer of Code

Both of the Google Summer of Code projects are progressing well and we hope to be able to release new add-ons for them soon.

New Supporters

As per the blog: ZAP is Joining the Software Security Project the Software Security Project is now sponsoring both myself and Ricardo to work full time on ZAP!

Please find a list of all our supporters on the Supporters page.

New Contributors

A very warm welcome to the people who started to contribute to ZAP in the last 2 months (we did not have an update blog post last month)

Website Updates

The following new pages were added:

The following pages had significant changes:

Released add-ons - Full Changelog

In August 2023, we released updated versions of 10 add-ons:

Common Library (v1.16.0)


  • Provide Jackson parsing library, to reuse the library in other add-ons (Issue 7961).


  • Maintenance changes.
Linux WebDrivers (v58)


  • Update ChromeDriver to 115.0.5790.170.
Linux WebDrivers (v59)


  • Update ChromeDriver to 116.0.5845.96.
MacOS WebDrivers (v58)


  • Update ChromeDriver to 115.0.5790.170.
MacOS WebDrivers (v59)


  • Update ChromeDriver to 116.0.5845.96.
Report Generation (v0.24.0)


  • Maintenance changes.
  • The following reports now include “Other Info” for alerts:
    • Traditional HTML Report
    • Traditional HTML Report with requests and responses
    • Traditional Markdown Report
    • Traditional PDF Report
  • Depend on Common Library add-on to reuse libraries (Issue 7961).
  • Update program name in reports.
Retire.js (v0.25.0)


  • Updated with upstream retire.js pattern changes.
  • Maintenance changes.
Wappalyzer - Technology Detection (v21.23.0)


  • Maintenance changes.
  • Update minimum ZAP version to 2.13.0.
  • Updated with upstream Wappalyzer icon and pattern changes.
Windows WebDrivers (v57)


  • Update ChromeDriver to 115.0.5790.170.
Windows WebDrivers (v58)


  • Update ChromeDriver to 116.0.5845.96.