Release 1.3.4

The following changes were made in this release:

Minor changes:

Issue 146: Inverse regex on search plus fuzz match highlighting

Issue 202: Option to turn off brute force recursion

Issue 215: Allow custom brute force files to be added easily

Also added the ability to set the default brute force file.

Issue 217: Invoke apps - add support for cookies and post data params

Issue 218: Allow users to easily add their own fuzzer files

Also added the option to append the output to a Note related to the relevant entry.

Bug fixes:

Issue 56: Disable POST reqs in Spider

Issue 186: Connection Options - Prompt for proxy credentials on start up / Address validation not empty

Issue 188: Problem upgrading ZAP on linux and Windows

Issue 191: Exception when the URL contains escaped characters

Issue 196: Multiple dialogs of the same option, opened simultaneously, do not work properly.

Issue 199: Vulnerabilities with texts truncated

Issue 204: Search on headers only finds regex in requests

Issue 206: Exception in “Alerts” tab when choosing a popup option

Issue 214: No alert message when saving report in a read only location

Issue 216: Exception when an URI doesn't have the path component

Issue 219: Break and ignore urls by detault include GET/POST

Issue 220: Incorrect message: Password (stored in clear text)

See also

Introduction the introduction to ZAP
Releases the full set of releases
Credits the people and groups who have made this release possible