-
Documentation
-
The ZAP by Checkmarx Desktop User Guide
-
Releases
-
Release 2.2.0
Release 2.2.0
The following changes were made in this release:
Major changes:
Issue 717 : Scripts: support multiple scripts and embedding within ZAP components
Minor changes:
Issue 711 : Support scanning of XML requests
Issue 713 : Add CWE and WASC numbers to issues
Issue 719 : Custom http breakpoints with more options
Issue 738 : Options to hide tabs / windows
Issue 750 : Upgrade script console to support non textbased scripting languages
Issue 752 : Create a new root CA when first run
Issue 775 : Allow host to be set via the command line
Bug Fixes:
Issue 555 : Http panels default to hex view
Issue 599 : The save session api does not allow to overwrite session already has same name
Issue 630 : URLCanonicalizer.getCanonicalURL produces URIs “half” decoded
Issue 652 : Shutdown after a big scan takes too long (deleting ascan records)
Issue 655 : API encoding issues
Issue 665 : NullPointerException while proxying with a URI with an empty path component
Issue 666 : JSONException while calling an API action without the required parameter(s)
Issue 669 : Certificate algorithm constraints in Java 1.7
Issue 674 : Add HttpSessionAPI to ApiGeneratorUtils
Issue 685 : Add dummy file to “fuzzers” directory
Issue 686 : Log HttpException (as error) in the ProxyThread
Issue 690 : Context Authentication URLs don’t fail manual overwriting.
Issue 691 : Handle old plugins
Issue 692 : Report the version of java found by zap.sh
Issue 693 : Command line should show all options
Issue 694 : API UI fails on IE
Issue 695 : Sites tree doesnt clear on new session created by API
Issue 696 : Change “Ajax Spider” add-on options to use ZapNumberSpinner
Issue 697 : API action “proxy.pac” might return wrong domain/port
Issue 698 : Passive Scanner API view “recordsToScan” returns -1 after finish scanning the messages
Issue 699 : Fix HTML errors in the help pages
Issue 702 : Do not load newer add-on versions if they are not targeted for the running ZAP version
Issue 703 : Add-on ZAP version constraints “not-before-version” and “not-from-version” are not respected for already “installed” add-ons
Issue 706 : ZAP API doesn’t parse correctly query parameters with “&” characters
Issue 710 : URLCanonicalizer.getCanonicalURL fails to correctly parse query parameters with “&” and “=” characters
Issue 712 : HttpSessions API action “setSessionTokenValue” should add the session token name to the site’s session tokens
Issue 720 : Cannot send non standard http methods
Issue 721 : Non POST and PUT requests receive a 504 when server expects a request body
Issue 724 : Do not clone the alert’s message that will be shown in message panels
Issue 725 : Clear alert’s panel fields
Issue 726 : Catch active scanner variants’ exceptions
Issue 727 : Name of automatically created HTTP sessions is always in English
Issue 728 : Allow to create a session with a given name through the HttpSessions API
Issue 729 : Update NTLM authentication code
Issue 730 : MissingResourceException while selecting a disabled extension (from an add-on) in the “Extensions” options panel
Issue 731 : MissingResourceException with ExtensionFuzz enabled and ExtensionBruteForce disabled
Issue 736 : Change add-on class loading strategy to parent-last
Issue 737 : Restore “Ajax spider” add-on dependencies
Issue 756 : Allow Context Panels intercommunication
Issue 763 : XML report empty when used in daemon mode
Issue 767 : HTTP Session API could be less strict
Issue 772 : Restructuring of Saving/Loading Context Data
Issue 774 : Build doesnt include scripts directory
Issue 776 : Allow add-ons to warn user if they’re closing ZAP with unsaved resources open
Issue 777 : Unable to cancel changes when using Include in/Exclude from Context
Issue 782 : NoSuchMethodError when excluding a WebSocket channel URL from context
Issue 785 : Change zap.sh to cope with Java 1.8
See also
|
|
|
|
Introduction |
the introduction to ZAP |
|
Releases |
the full set of releases |
|
Credits |
the people and groups who have made this release possible |