Download

Retire.js Add-on Changelog

Docs > Retire.js > Changelog

Changelog

All notable changes to this add-on will be documented in this file.

The format is based on Keep a Changelog.

0.56.0 - 2026-04-14

Changed

  • Updated with upstream retire.js pattern changes.
  • The scan rule now has new tags for the OWASP Top 10 2025, and API Top 10 2023.
  • Depends on an updated version of the Common Library add-on.

0.55.0 - 2026-03-31

Changed

  • Updated with upstream retire.js pattern changes.

0.54.0 - 2026-02-24

Changed

  • Updated with upstream retire.js pattern changes.
  • Now only loads the data once (Issue 9103).

0.53.0 - 2026-01-08

Changed

  • Updated with upstream retire.js pattern changes.
  • Update minimum ZAP version to 2.17.0.

0.52.0 - 2025-12-04

Changed

  • Updated with upstream retire.js pattern changes.

0.51.0 - 2025-12-03

Changed

  • Updated with upstream retire.js pattern changes.

0.50.0 - 2025-11-04

Changed

  • Updated with upstream retire.js pattern changes.
  • Reduced usage of error level logging.

0.49.0 - 2025-09-18

Changed

  • Updated with upstream retire.js pattern changes.

0.48.0 - 2025-07-29

Changed

  • Updated with upstream retire.js pattern changes.

0.47.0 - 2025-06-20

Changed

  • Updated with upstream retire.js pattern changes.
  • Depends on an updated version of the Common Library add-on.
  • Maintenance changes.

Added

  • The scan rule as been tagged of interest to Penetration Testers, as well as adding tags associated with DEV or QA applicability.

0.46.0 - 2025-03-13

Changed

  • Updated with upstream retire.js pattern changes.

0.45.0 - 2025-03-04

Changed

  • Updated with upstream retire.js pattern changes.
  • Make Alert’s Description, Solution, and References generic, and provide finding specific details via Other Info.

0.44.0 - 2025-01-10

Changed

  • Updated with upstream retire.js pattern changes.
  • Update minimum ZAP version to 2.16.0.

0.43.0 - 2024-12-23

Fixed

  • An issue that was resulting in False Positives.

Changed

  • Updated with upstream retire.js pattern changes.
  • The scan rule now uses a more specific CWE (Issue 8732).

0.42.0 - 2024-11-25

Changed

  • Updated with upstream retire.js pattern changes.
  • The Risk level associated with Alerts raised by this scan rule are mapped to the severity ratings provided in the Retire.js data. If no severity is matched then a default of Medium Risk is used (Issue 7926).
  • Maintenance changes.

0.41.0 - 2024-10-07

Changed

  • Performance improvements (Issue 8659).
  • Updated with upstream retire.js pattern changes.

0.40.0 - 2024-09-24

Changed

  • Updated with upstream retire.js pattern changes.

0.39.0 - 2024-08-28

Changed

  • Updated with upstream retire.js pattern changes.

Added

  • A helpful description for the add-on.

0.38.0 - 2024-08-05

Changed

  • Updated with upstream retire.js pattern changes.

0.37.0 - 2024-07-04

Changed

  • Updated with upstream retire.js pattern changes.

0.36.0 - 2024-06-03

Changed

  • Updated with upstream retire.js pattern changes.

0.35.0 - 2024-05-07

Changed

  • Update minimum ZAP version to 2.15.0.
  • Updated with upstream retire.js pattern changes.

0.34.0 - 2024-04-02

Changed

  • Updated with upstream retire.js pattern changes.

0.33.0 - 2024-03-21

Changed

  • Updated with upstream retire.js pattern changes.

Fixed

  • Version matching was improved to address some false positives (Issue 8384 & 8398).

0.32.0 - 2024-03-04

Changed

  • Updated with upstream retire.js pattern changes.

0.31.0 - 2024-02-12

Changed

  • Updated with upstream retire.js pattern changes.

Added

  • Website alert links (Issue 8189).

0.30.0 - 2024-01-29

Changed

  • Updated with upstream retire.js pattern changes.
  • Now only targets relevant responses (HTML and JS).

0.29.0 - 2024-01-03

Changed

  • Updated with upstream retire.js pattern changes.

0.28.0 - 2023-12-04

Changed

  • Updated with upstream retire.js pattern changes.

0.27.0 - 2023-11-03

Changed

  • Updated with upstream retire.js pattern changes.

0.26.0 - 2023-10-12

Changed

  • Update minimum ZAP version to 2.14.0.
  • Updated with upstream retire.js pattern changes.

0.25.0 - 2023-08-14

Changed

  • Updated with upstream retire.js pattern changes.
  • Maintenance changes.

0.24.0 - 2023-07-11

Changed

  • Update minimum ZAP version to 2.13.0.
  • Updated with upstream retire.js pattern changes.

0.23.0 - 2023-06-02

Changed

  • Updated with upstream retire.js pattern changes.

0.22.0 - 2023-05-03

Changed

  • Updated with upstream retire.js pattern changes.

0.21.0 - 2023-04-04

Changed

  • Updated with upstream retire.js pattern changes.

0.20.0 - 2023-03-03

Changed

  • Updated with upstream retire.js pattern changes.
  • Alert Tags for CVEs now include standardized links.

0.19.0 - 2023-01-10

Changed

  • Updated with upstream retire.js pattern changes.
  • Maintenance changes.

0.18.0 - 2022-12-02

Changed

  • Updated with upstream retire.js pattern changes.

0.17.0 - 2022-11-14

Changed

  • Updated with upstream retire.js pattern changes.

0.16.0 - 2022-10-27

Changed

  • Update minimum ZAP version to 2.12.0.

Fixed

  • NPE in example alert generation.

0.15.0 - 2022-09-22

Changed

  • Updated with upstream retire.js pattern changes.

0.14.0 - 2022-08-15

Changed

  • Updated with upstream retire.js pattern changes.

0.13.0 - 2022-08-02

Changed

  • Updated with upstream retire.js pattern changes.
  • Performance improvements (Issue 6959).
  • Add Retire.js reference to the Rule name to make it more obvious in the options panel.

0.12.0 - 2022-05-26

Changed

  • Updated with upstream retire.js pattern changes.
  • Relevant CVEs will now be added as Alert Tags when available.

0.11.0 - 2022-05-03

Changed

  • Updated with upstream retire.js pattern changes.

0.10.0 - 2022-02-02

Changed

  • Updated with upstream retire.js pattern changes.
  • Update minimum ZAP version to 2.11.1.
  • Maintenance changes.

0.9.0 - 2021-10-06

Added

  • OWASP Top Ten 2021/2017 mappings.

Fixed

  • Version extraction pattern was fixed to reduce false positives (Issue 6818).

Changed

  • Maintenance changes.
  • Update minimum ZAP version to 2.11.0.
  • Dependency updates.

0.8.0 - 2021-08-25

Changed

  • Updated with upstream retire.js pattern changes.
  • Update link to repository.
  • Maintenance changes.

0.7.0 - 2021-03-24

Changed

  • Updated with upstream retire.js pattern changes.
  • Maintenance changes.

0.6.0 - 2020-12-15

Changed

  • Updated with upstream retire.js pattern changes.
  • Update minimum ZAP version to 2.10.0.

0.5.0 - 2020-10-29

Changed

  • Updated with upstream retire.js pattern changes.
  • Add-on promoted to Release.
  • Added example alert.

0.4.0 - 2020-08-04

Changed

  • Updated with upstream retire.js pattern changes.

[0.3.1] - 2020-06-18

Changed

  • Updated from upstream with new identifications, including: CVE-2020-7676 for angular < 1.8.0

0.3.0 - 2020-06-15

Changed

  • Add-on promoted to Beta.

0.2.0 - 2020-06-01

Changed

  • URLs which were previously included as ‘other info’ are now properly included as alert ‘references’.
  • CVE numbers are now included as part of ‘other info’.

0.1.0 - 2020-05-20

Changed

  • First release.