Changelog
All notable changes to this add-on will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
48.14.0 - 2026-07-06
Added
- Browser screenshots are now automatically captured on Zest client step failures, and script print output is included in the diagnostics report. For chain runs, each output is clearly attributed to the specific script that produced it.
Changed
- Update minimum
scriptsadd-on version to 45.19.0. - Chained scripts now have provenance information preserved for troubleshooting purposes.
- Update Zest library to 0.36.0:
- Update dependencies.
- Restore JSON deserialization behaviour.
- Handle text (and similar) input elements which only become visible when interacted with.
- Maintenance changes.
Fixed
- Fix exception when adding/editing Zest non-standalone type scripts through the GUI.
- Prevent exception with scripts when their engine isn’t installed or present, which may be encountered when the zest add-on is uninstalled/updated.
48.13.0 - 2026-03-31
Added
- Internal support for creating a single runnable chain script from multiple Zest scripts.
- Support for import and export.
48.12.0 - 2026-02-13
Added
- UI support for Zest script options.
- Now supports authentication for client side scripts.
Fixed
- Bug which prevented client side scripts from being recorded in ZAP.
Changed
- Update Zest library to 0.35.0:
- Migrate JSON serialization from Gson to Jackson.
48.11.0 - 2025-12-15
Changed
- Update minimum ZAP version to 2.17.0.
- Use lowercase credential parameters in the Authentication default template.
- Update Zest library to 0.33.0:
- Support for script level
statementDelay. - Update Selenium to version 4.39.0.
- Support for script level
Fixed
- Address deadlock when adding scripts.
48.10.0 - 2025-10-29
Added
- Support for Edge in scripts run from the script console.
Changed
- Deprecate the
UsernameandPasswordcredential parameters in favor of the lowercaseusernameandpasswordvariants, aligning them with the naming convention of the other authentication credentials. - Update Zest library to 0.32.0.
Removed
- Support for Internet Explorer.
48.9.0 - 2025-09-02
Changed
- Allow to keep auhtenticator’s proxy running after the authentication.
48.8.0 - 2025-07-03
Added
- New extension level method for recording client scripts.
Changed
- Fail fast on client errors.
- Update Zest library to 0.31.0:
- Update Selenium to version 4.34.0.
48.7.0 - 2025-06-10
Changed
- Update Zest library to 0.30.0:
- Update Selenium to version 4.33.0.
- Send RETURN key if submit fails for input elements not in a form.
48.6.0 - 2025-05-20
Added
- Client element waitForMsec parameter.
Changed
- Update Zest library to 0.29.0:
- Allow to access the
WebElementreferenced by aZestClientElement. - Add new
waitForMsecparameter to all client elements. - Change
ZestClientElementClick,ZestClientElementSendKeys, andZestClientElementSubmitto wait for the element to also be enabled when usingwaitForMsec. - Update Selenium to version 4.32.0.
- Change
ZestClientElementClickto click on the position of the element instead of the element itself when obscured, to better reproduce a manual click. - Change
ZestClientElementScrollToto only scroll to the element when not already in view and to scroll withnearestvertical alignment, to ensure the element is kept visible.
- Allow to access the
- Allow to copy the script’s file system path from the Edit Zest Script dialogue.
Fixed
- Print statements should print to the relevant script Output tab.
- Recording client Zest scripts.
48.5.0 - 2025-03-25
Changed
- Use TOTP data defined under user credentials during authentication when available.
- Update Zest library to 0.25.0:
- Update Selenium to version 4.30.0.
- Depend on newer version of Common Library add-on.
48.4.0 - 2025-02-27
Changed
- Update Zest library to 0.24.0:
- Update Selenium to version 4.29.0.
- Remove workaround that was now causing exceptions.
48.3.0 - 2025-02-07
Changed
- Enable ZAP API in the authentication runner so ZAP browser extension callbacks work.
48.2.0 - 2025-02-04
Added
- Firefox to recorder.
- Added support for custom script authentication.
Changed
- Record script order to be alphabetical.
Fixed
- Record Client Submit statement.
48.1.0 - 2025-01-23
Changed
- Use ZAP for launching Firefox and Chrome.
- Update Zest library to 0.23.0:
- Update Selenium to version 4.28.0.
- Update minimum Java version to 17.
48.0.0 - 2025-01-10
Added
- Allow other add-ons to create a Zest script from a list of messages.
Changed
- Update minimum ZAP version to 2.16.0.
- Use Semantic Version.
- Maintenance changes.
- Depend on Passive Scanner add-on (Issue 7959).
47 - 2024-09-24
Fixed
- Correctly handle added scripts with no engine name.
46 - 2024-06-28
Added
- Document the engine name in the help page.
Changed
- Use script engines from ZAP when executing scripts.
- Update Zest library to 0.22.0:
- Update Selenium to version 4.22.0.
45 - 2024-05-07
Changed
- Update minimum ZAP version to 2.15.0.
- Update Zest library to 0.21.0:
- Update Selenium to version 4.20.0.
- Update HtmlUnit to major version 3.
44 - 2024-04-11
Added
- Support for menu weights (Issue 8369)
Changed
- Update minimum
scriptsadd-on version to 45.1.0. - Maintenance changes.
43 - 2023-12-19
Changed
- Move “Zest” under “Scripts > Engine” in the Options panel list.
42 - 2023-10-12
Changed
- Update minimum ZAP version to 2.14.0.
- Update Zest library to 0.20.0:
- Update Selenium to version 4.14.0.
41 - 2023-09-26
Added
- Allow rendering Zest scripts in YAML. The format (JSON/YAML) may be changed via the Zest Options screen.
Changed
- Depend on Common Library add-on.
- Maintenance changes.
40 - 2023-09-11
Added
- Client support to record Zest scripts.
Changed
- Maintenance changes.
Fixed
- Resolved the browser window focus loss problem during the recording of Zest scripts.
39 - 2023-07-11
Added
- Dialogs for scroll, scrollTo, window resize and mouse over.
Changed
- Update minimum ZAP version to 2.13.0.
- Update Zest library to 0.18.0:
- Update Selenium to version 4.
- jBrowserDriver (JBD), Opera, and PhantomJS are no longer supported (no longer being actively maintained).
- Add client statements for Scroll, MouseOver, and Window Resize events.
- Maintenance changes.
38 - 2023-01-03
Changed
- Maintenance changes.
Fixed
- Prevent exception if no display (Issue 3978).
37 - 2022-10-27
Changed
- Update minimum ZAP version to 2.12.0.
- Update Zest library to 0.16.0:
- Search script engines also by extension not just by name when invoking scripts otherwise it could miss some engines (e.g. Jython).
- Maintenance changes.
36 - 2022-09-23
Changed
- Update minimum ZAP version to 2.11.1.
- Use Network add-on to proxy client authentication requests.
- Maintenance changes.
35 - 2021-10-06
Changed
- Maintenance changes.
- Update minimum ZAP version to 2.11.0.
34 - 2021-04-22
Changed
- Depend on Script Console add-on, it’s required to work with Zest scripts (Issue 2656).
- Clear Zest Results Panel when new script is added.
- Update minimum ZAP version to 2.10.0.
Fixed
- Track modifications done to the scripts to refresh the cached ones (Issue 6558).
33 - 2020-11-27
Added
- Allow to create a screenshot from the browser, using the context menu
Add Zest Client>Screenshot.
Changed
- Update minimum ZAP version to 2.9.0.
- Update Zest library to 0.15.0:
- Do not follow redirects when disabled;
- Reduce the changes done to the requests sent.
- Maintenance changes.
Fixed
- Make sure the header fields are separated with CRLF when edited in the UI.
- Handle client requests when authenticating (Issue 5940).
32 - 2020-01-24
Changed
- Update Zest library to 0.14.2, to correctly ignore cert checks.
31 - 2020-01-17
Added
- Add info and repo URLs.
Changed
- Update Zest library to 0.14.1 to restore proxying capability, in the previous version the proxy settings were ignored.
30 - 2019-12-06
Added
- Allow to set, remove, and get global variables (Issue 3512), using the context menus:
Add Zest Action>Action - Global Variable - SetAdd Zest Action>Action - Global Variable - RemoveAdd Zest Assignment>Assign variable to Global Variable
- Allow to start browsers (e.g. Chrome, Firefox) headless, enabled by default (Related to Issue 3866).
- Add new assignment which can filter the parsed DOM by element or attributes and select the content of an element or the value of an attribute.
Changed
- Update Zest library to 0.14.0 (Issue 4797). Refer to its CHANGELOG for full set of changes.
- Send sequence messages with ZAP so that they make use of ZAP features e.g. authentication, HTTP Sender scripts. (Issue 5590)
- Set timestamp from/to Zest requests.
Fixed
- Send PUT request with its body (Issue 4337).
- Launch browsers with capability
acceptInsecureCertsset to true (Issue 4870). - Proxy localhost with Chrome 72+ and Firefox 67+.
29 - 2019-06-07
- Rely on script context writer for script output.
- Correct message handling in HTTP Sender scripts.
- Remove Scripts tree selection listener when add-on is uninstalled.
- Depend on newer version of Selenium add-on.
28 - 2018-11-07
- Display HTTP message also when request statement is selected with keyboard.
- Update Content-Length of proxied responses (Issue 4613).
- Added input for Variable Name in Client Element Assign dialog.
- Allow to clear the Zest panel.
- Allow to access the options through Zest panel.
- Title caps adjustments (Issue 2000).
- Use selected text when adding assignments from the request/response.
- Show expression’s inverse state in more tree nodes.
- Correct dialogue titles of client statements.
- Allow to invoke the context menu in text fields also with keyboard.
- Correct fields’ state in Switch To Frame dialogue.
- Correct request conversion that dropped the topmost header (Issue 5100).
27 - 2018-01-19
- Fix exception when editing Action - Script with unsaved scripts.
- Allow to select more HTTP methods in Zest Request dialogue.
26 - 2017-11-27
- Use custom plugin ID for fail actions.
- Updated for 2.7.0.
25 - 2017-10-17
- Address exception when adding calc assign statement.
- Validate cookie name not empty.
- Code changes for Java 9 (Issue 2602).
- Default ’load on start’ to true in all cases.
- Re-enabled parameterize option.
- Cope with parameterizing strings in the URL.
- Correct drag-and-drop in loop statements.
24 - 2017-08-18
- Update Zest library to version 0.13.
- Update to support Selenium version 3.4.0 (Issue 3509).
- Replace variables when running Action Invoke (Issue 3511).
- Execute scripts before programs when running Action Invoke (Issue 3488).
- Fix exceptions when running scripts (Issue 2859 and 2871).
- Bugfix in ZestScript Ui: When more than one ‘Assign variable to a form field’ node is below a RequestNode then the RequestNode is now correctly determined.
- Correct operation set in calc assigns.
- Allow to loop files even if fuzzers.jbrf does not exist (Issue 3400).
- Properly remove Zest scripts (Issue 3401).
- Allow to select the case on assign replacements.
- Show/select the correct script in the Edit Zest Action dialogue (Issue 3489).
- Ensure recorded Sequence scripts can be scanned through context menu (Issue 3536).
- Updated to support latest selenium addon.
23 - 2017-04-03
- Always show the expected URL in request statements (Issue 2854).
- Add HTTP requests to Sequence scripts when recording (Issue 3044).
- Execute nodes’ mouse click action just once (Issue 3099).
- Clear Zest Results panel on session changes.
22 - 2016-08-05
- Change Sequence scripts to not use Sites tree nodes directly.
- Correct assertion of response body length when using charset (Issue 2669).
- Require just the parameters defined in the Authentication script (Issue 2734).
21 - 2016-06-02
- Fix (UI) exceptions related to Zest Results tab.
20 - 2016-03-07
- Add missing error messages for ‘Assign variable via string delimiters’.
- Add missing field (operand B) in ‘Assign variable to a calculation’ dialogue.
- Send authentication requests with ZAP’s configurations (Issue 2114).
- Fix “Active scan sequence” (Issue 2120).
- Fix exception while opening a dialogue.
- Cannot use auth script in daemon mode (Issue 2294).
- Support httpsender scripts (Issue 2293).
- Can’t paste variable into new request dialog (Issue 2007).
- Script context menu has duplicated items (Issue 2106).
- Exception while adding Zest Condition (Issue 2296).
- Should not be able to delete THEN statement (Issue 2295).
- Statement lost after drag and drop (Issue 2299).
- It’s possible to drag the script node (Issue 2302).
19 - 2015-08-23
- Updated add-on’s info URL.
- Correct the message shown in failed asserts (Issue 1647).
- Other code changes.
18 - 2015-04-13
- ZAP Issue 1411: Missing authentication handling for Zest scripts called from scanner
- ZAP Issue 1501: Add “Inverse” option in all the expression dialog boxes.
- ZAP Issue 1507: Unload all components when uninstalling.
- ZAP Issue 1536: Change “Zest” add-on to depend on “Selenium” add-on.
- Zest Issue 66: Zest scripts cant be invoked from Zest scripts on Windows
- Zest Issue 67: Multipart/form-data request failed
- Zest Issue 68: ZestExpressionURL fails to initialise regex patterns
- Zest Issue 69: Added support for AssignCalc and ExpressionIsInteger
- Updated for ZAP 2.4
- Removed fuzzing code - will need to be re-implemented for new adv fuzzing
17 - 2014-09-10
- ZAP Issue 600: Add option to include response details or not
- ZAP Issue 658: define which headers to be included by default
- ZAP Issue 1248: ZestRequest always follow redirects, fails to match redirect responses
- ZAP Issue 1327: Support drag and drop
- ZAP Issue 1329: support commenting in/out statements
- ZAP Issue 1331: Update selenium jar to fix issue working with firefox 32.0
- ZAP Issue 1278: Safe menu items not available in protected and safe modes.
16 - 2014-07-09
- ZAP Issue 1259: Zest exception when adding request to Zest script
15 - 2014-07-02
- ZAP issue 1235: Support client side scripting
- ZAP issue 1250: Zest proxy scripts can break binary content
- ZAP Issue 1254: Allow adding and pasting statements after other statements
14 - 2014-06-02
- ZAP issue 1218: ZEST Record button broken in Toolbar
- ZAP issue 1230: Changes to Zest scripts lost after the top level script node is changed
13 - 2014-05-21
12 - 2014-04-10
- Moved templates from core
- Updated to use the latest core changes, other minor code changes (Issues 416, 609, 503, 1085, 1104 and 1105).
- Changed help file structure to support internationalisation (Issue 981).
- Added content-type to help pages (Issue 1080).
- Updated add-on dir structure (Issue 1113).
11 - 2013-12-20
- Changed to depend on core ExtensionScript to avoid NullPointerException (Issue 848)
- Fixed to allow Loops to use Custom fuzzers (Issue 916)
- Changed to show the correct selected message when the results are sorted in “Zest Results” tab (Issue 942)
- Added a ‘Record new Zest script’ toolbar button (Issue 953)
10 - 2013-11-17
- Misc bug fixes
9 - 2013-09-27
- Misc bug fixes
8 - 2013-09-11
- Promoted to beta (provisionally) and plug into script console ** Not ready for release yet!! ***
7 - 2013-05-03
- Added support for cut and paste in the scripts tree
6 - 2013-05-02
- Load and save passive scripts, added fail priorities, fixed some related bugs
5 - 2013-05-02
- Load and save passive scripts and added fail priorities
4 - 2013-04-24
- Added support for passive scripts and URL conditionals
3 - 2013-04-18
- Updated for 2.1.0