Download

SOAP Support Add-on Changelog

Docs > SOAP Support > Changelog

Changelog

All notable changes to this add-on will be documented in this file.

The format is based on Keep a Changelog.

30 - 2026-04-14

Changed

  • The scan rules now have new tags for the OWASP Top 10 2025, and API Top 10 2023.
  • Depends on an updated version of the Common Library add-on.

29 - 2025-12-15

Changed

  • Update minimum ZAP version to 2.17.0.
  • Update dependencies.

28 - 2025-09-18

Added

  • QA CICD policy tag to active scan rules.

27 - 2025-09-10

Fixed

  • When parsing WSDL files ensure the dateTime values are generated in UTC.

26 - 2025-09-02

Added

  • The SOAP Action Spoofing, SOAP XML Injection, and WSDL File Detection scan rules now all have CWE references.

25 - 2025-06-20

Added

  • The WSDL passive scan rule has been tagged of interest to Penetration Testers and QA.
  • The included active scan rules have been tagged of interest to Penetration Testers.

Changed

  • Depends on an updated version of the Common Library add-on.

24 - 2025-01-10

Changed

  • Update minimum ZAP version to 2.16.0.
  • Depend on newer version of Common Library add-on (Issue 8016).
  • Fields with default or missing values are omitted for the soap job in saved Automation Framework plans.

Added

  • Standardized Scan Policy related alert tags on scan rules.

23 - 2024-05-07

Changed

  • Update minimum ZAP version to 2.15.0.

22 - 2024-03-25

Added

  • Video link in help for Automation Framework job.

Changed

  • Maintenance changes.
  • Link website alert pages and help (Issue 8189).
  • Updated Alerts’ reference links (Issue 8262).

21 - 2023-12-19

Fixed

  • Use empty values as defined by the Value Generator configuration (Issue 8202).
  • Correct generation of values for date and dateTime, it would fail with warnings in previous versions.

20 - 2023-10-12

Changed

  • Update minimum ZAP version to 2.14.0.

19 - 2023-09-07

Changed

  • The “Import a WSDL file from local file system” and “Import a WSDL file from a URL” menu items were merged into one, “Import a WSDL File”. The merged dialog uses the shortcut Ctrl+J (Cmd+J on macOS).
  • The Import dialog shows the values used in the previous import when reopened.
  • Maintenance changes.
  • Depend on newer versions of Automation Framework and Common Library add-ons (Related to Issue 7961).
  • Use Common Library add-on to obtain the Value Generator (Issue 8016).
  • The SOAP Support Script has been superseded by a variant (Issue 6500).

18 - 2023-07-11

Changed

  • Update minimum ZAP version to 2.13.0.
  • Dependency updates.

17 - 2023-02-09

Added

  • Support for relative file paths and ones including vars in the Automation Framework job.

Changed

  • Maintenance changes.

16 - 2022-11-17

Changed

  • The SOAP Support.js input vector script is removed when the add-on is uninstalled.
  • Dependency updates.

15 - 2022-10-27

Changed

  • Update minimum ZAP version to 2.12.0.
  • Remove parser used for core spider (Related to Issue 3113).

14 - 2022-09-23

Changed

  • Dependency updates.
  • Maintenance changes.
  • Use Spider add-on (Issue 3113).
  • Use Form Handler add-on directly.
  • Promoted to Beta status.

13 - 2022-02-01

Changed

  • Update minimum ZAP version to 2.11.1.
  • Dependency updates.
  • When the automation Job is edited via UI Dialog then the status will be set to Not started

Fixed

  • Do not report “Unrecognised parameter” for valid parameters.

12 - 2021-11-29

Changed

  • Maintenance changes.
  • WSDL File scan rule now includes identification of URLs in the form “example.com/service?wsdl”, and specifically excludes 404s and 500s (including support for Custom Pages).
  • Import a WSDL file from a URL now logs a more specific message for some exception conditions, or when failing to convert the input ‘URL’ string into an actual URL to make the WSDL request.
  • The Import a WSDL file from a URL dialog now accepts pressing the enter key to activate the import process (instead of having to click the Import button), and the escape key to close/cancel the dialog.

11 - 2021-10-29

Changed

  • Dependency updates.

Fixed

  • NPE when detecting parameters.

10 - 2021-10-06

Added

  • OWASP Top Ten 2021/2017 alert tags.

Changed

  • Update minimum ZAP version to 2.11.0.

9 - 2021-09-16

Changed

  • Maintenance changes.

Fixed

Changed

  • Maintenance changes.

8 - 2021-08-05

Added

  • Automation Framework GUI

Changed

  • Maintenance changes.

7 - 2021-06-23

Changed

  • Now using 2.10 logging infrastructure (Log4j 2.x).
  • Import WSDL documents synchronously when not using the UI.
  • Maintenance changes.

Fixed

  • Warnings generated by add-on dependencies.

6 - 2021-03-30

Changed

  • Accept only encoded URLs.
  • Add support for the Automation Framework.
  • Add support for statistics for the number of added URLs (or SOAP Actions).
  • Maintenance changes.

Fixed

  • Fix detection of WSDL files (Issue 6440).
  • Cope with missing Nashorn engine (Issue 6500).

5 - 2021-01-04

Changed

  • Add support for ValueGenerator (Issue 3345).

4 - 2020-12-16

Changed

  • Internationalise file filter description.
  • Dynamically unload the add-on.
  • Change default accelerator for “Import a WSDL file from local file system”.
  • Update minimum ZAP version to 2.10.0.
  • Add import menus to (new) top level Import menu instead of Tools menu.
  • Add support for SOAP version 1.2 to the Action Spoofing Scan Rule.
  • Distinguish alerts by adding the SOAP version to the “Other Info” section.
  • Maintenance changes.

Fixed

  • Various fixes (related to Issue 4832 and other testing).
  • Fix exception with Java 9+ (Issue 4037).
  • SOAP operations are no longer overwritten in sites tree (Issue 1867).
  • Persist the add-on configuration required by the scan rules in the ZAP database (Issue 4866).

3 - 2017-03-31

  • Added API, help and other minor code changes.

2 - 2015-09-07

  • Fixes a problem where operations under the same location were overwritten. Other minor fixes.

1 - 2015-04-13

  • First version