Changelog
All notable changes to this add-on will be documented in this file.
The format is based on Keep a Changelog.
16 - 2026-03-31
Added
- HTTPS Configuration alerts now have tags for OWASP Top 10, WSTG, systemic, and policies.
15 - 2026-03-27
Changed
- Update to DeepViolet 6.1.1, no longer requires Java 21+.
14 - 2026-03-19
Added
- Active scan rules Info level “HTTPS Configuration” alert and a Low, Medium or High alert if any problems reported.
Changed
- Update to DeepViolet 6.1.0 with new API. Requires Java 21+.
13 - 2021-10-07
Added
- Add info and repo URLs.
- Show usage info in the HTTPS Info panel (Issue 6113).
Changed
- Update minimum ZAP version to 2.11.0.
- Updated owasp.org references (Issue 5962).
- Maintenance changes.
12 - 2019-04-26
- New tabbed UI.
- Update to DeepViolet 5.1.16.
11 - 2017-11-28
- Updated for 2.7.0.
10 - 2017-11-24
- Upgrade to use DeepViolet 5.0.3, which provides some minor logging changes.
9 - 2017-06-01
- Switch from SSLServer to OWASP DeepViolet.
8 - 2017-05-26
- Warn the user if results may be inaccurate due to ZAP being configured to use an outbound proxy.
7 - 2016-06-02
- Allow to update/uninstall the add-on without restarting ZAP.
- Issue 758 - General re-working of the extension.
6 - 2015-12-04
- Issue 1978 Uncaught NPE - Fixed.
5 - 2015-04-13
- Updated for ZAP 2.4
4 - 2014-04-03
- Updated add-on dir structure (Issue 1113).
3 - 2013-10-02
- Added threading, updated the UI and introduced ordering of ciphersuites by server preference
2 - 2013-09-11
- Updated for ZAP 2.2.0