Release 2.1.0

The following changes were made in this release:

Minor changes:

Issue 355: Allow Positional Fuzzing

Issue 484: Check java version in zap.sh

Issue 496: Allow to see the request and response at the same time in the main window

Issue 505: Http Session API Implementation

Issue 515: Change add-ons to make use of automatic load of messages

Issue 516: Change add-ons messages keys to have unique prefix

Issue 518: Add OData support

Issue 537: Option to Force Browse files/resources with user-defined extensions

Issue 538: Allow non sequential lines to be selected in the history log

Issue 542: browse api - prompt window to enable

Issue 551: Add csrfmiddlewaretoken to list of default Anti csrf tokens

Issue 552: Make ZapPortNumberSpinner a subclass of ZapNumberSpinner

Issue 553: Add option to filter alerts by scope

Issue 561: Copy URLs right click option

Issue 566: Abstract class for creating generic popups

Issue 568: Allow extensions to run from the command line

Issue 569: Allow Spider Scan to start without prior visit

Issue 587: Upgrade to JBroFuzz 2.5

Issue 592: Do not show the main pop up menu if it doesn’t have visible pop up menu items

Issue 597: Shown “Author” field on available add-ons (“Marketplace” tab)

Issue 602: Allow to (explicitly) choose the file type when exporting URLs to file

Issue 605: Force intercepts via header

Issue 621: Handle requests to the proxy URL (and generate a PAC file)

Issue 638: Persist and snapshot sessions instead of saving them

Bug Fixes:

Issue 150: java.io.IOException at org.owasp.jbrofuzz.system.Logger.checkOrCreateDirs

Issue 205: A previously saved option (Toolbar) is not set on start up when “Prompt for proxy credentials on start up” is checked.

Issue 317: Move (or protect) the ‘Bin’ button

Issue 452: API - shutdown asynchronously

Issue 488: Fuzz categories available for the default category not updated after installing/uninstalling an add-on (with fuzz files)

Issue 490: Re-authentication only works with the active scanner

Issue 499: NullPointerException while uninstalling an add-on with a manual request editor

Issue 500: NullPointerException while uninstalling an add-on manually installed

Issue 501: ExtensionFactory keeps references to uninstalled add-ons (with extensions)

Issue 502: Manually installed add-ons don’t remain installed

Issue 504: Table of installed add-ons may not update after manually installing an add-on

Issue 507: Quick start tab doesnt have a scroll pane

Issue 508: Some add-ons are not unloading all its components when uninstalled

Issue 509: Remove add-on ResourceBundle when an add-on is uninstalled

Issue 510: Remove add-on HelpSet when an add-on is uninstalled

Issue 517: Add-ons are added to “main” class loader when installed

Issue 520: MissingResourceException when generating “Alerts” report

Issue 524: Host authentication is used even when disabled

Issue 525: “Report / Export all URLs to File …” fails

Issue 528: Scan progress dialog can show negative progress times

Issue 533: Default ports 80 and 443 are appended to sites in site tree

Issue 540: Maximised work tabs hidden when response tab position changed

Issue 548: Diff messages are appended to the “Diff” dialogue

Issue 549: Diff menu item enabled when “Sites” tree root node and a child node are selected

Issue 550: Fuzzer - Buffer Overflow stops because of java.sql.SQLDataException: data exception: string data, right truncation

Issue 558: Auto tagging broken

Issue 564: Active scanner can hang if dependencies used

Issue 565: Marketplace: Downloads won’t use configured upstream Proxy

Issue 567: Spelling mistake

Issue 574: Spider fails when invoked via the API

Issue 579: Some (build) targets are incorrectly relying on the platform default encoding

Issue 582: NullPointerException while opening a session in daemon mode

Issue 583: NullPointerException while managing a session in daemon mode with “WebSockets” add-on installed

Issue 588: ExtensionHistory.historyIdToRef should be cleared when changing session

Issue 593: Quick Start may start the active scan before waiting for the spider to finish

Issue 614: SessionFixation labels wrong

Issue 616: Spider handles incorrectly form actions containing fragments (#)

Issue 617: NullPointerException when spidering a context

Issue 622: Local proxy unable to correctly detect requests to itself

Issue 626: Scroll bar of alert text areas is always at the bottom

Issue 627: Allow add-ons to remove main tool bar buttons/separators

Issue 628: Allow add-ons to remove the registered API

Issue 632: Manual Request Editor dialogue (HTTP) configurations not saved correctly

Issue 633: Auto tag scanners are shown in passive scanners table

Issue 634: Empty passive scanner shown in the passive scanners table

See also

Introduction the introduction to ZAP
Releases the full set of releases
Credits the people and groups who have made this release possible