Releases: zaproxy/zap-extensions
Releases · zaproxy/zap-extensions
Ajax Spider version 23.24.0
Added
- Allow to configure how the scope is checked, either Flexible or Strict, to allow or not access to out of scope domains.
- Allow to avoid logout elements.
Changed
- Maintenance changes.
Fixed
- Allow access to domains out of context (e.g. SSO) when using Client Script and Browser Based Authentication.
Spider version 0.15.0
Changed
- Include anti-csrf tokens as part of irrelevant parameters.
- Ignore irrelevant parameters in request bodies (
x-www-form-urlencoded) (Related to Issue 7771). - Skip all URIs with
javascriptschemes. - Changed to title caps on the Irrelevant Parameters table "title" in the Options dialog (Issue 2000).
Added
- Add an option to allow users to indicate the Spider should attempt to avoid logout related paths/functionality.
Fixed
- An incorrect column name in the Irrelevant Parameters table used by the Options dialog (Domain should have been Name).
SOAP Support version 25
Added
- The WSDL passive scan rule has been tagged of interest to Penetration Testers and QA.
- The included active scan rules have been tagged of interest to Penetration Testers.
Changed
- Depends on an updated version of the Common Library add-on.
Script Console version 45.12.0
Changed
- Maintenance changes.
Fixed
- Loop when trying to extract an underlying script exception.
Scan Policies version 0.3.0
Changed
- Updated based on Rules' Policy Tag assignments.
- Updated help to cover the PENTEST Policy Tag.
Revisit version 6
Changed
- Update minimum ZAP version to 2.16.0.
- Maintenance changes.
- Minor fix in help content.
Reveal version 10
Fixed
- The content length is now properly set on responses which have been modified (Issue 8947).
Changed
- Maintenance changes.
Retire.js version 0.47.0
Changed
- Updated with upstream retire.js pattern changes.
- Depends on an updated version of the Common Library add-on.
- Maintenance changes.
Added
- The scan rule as been tagged of interest to Penetration Testers, as well as adding tags associated with DEV or QA applicability.
Report Generation version 0.39.0
Changed
- Caps fixed for Section Selections of the Risk and Confidence HTML report (Issue 2000).
Added
- The Automation Framework progress to the report data when run via an AF job.
- Statistics to the traditional extended JSON and XML reports.
Fixed
- Correct error messages of the Automation Framework job.
Passive scanner rules (beta) version 44
Changed
- Dropped period from extension name used in the GUI.
- Depends on an updated version of the Common Library add-on.
Fixed
- A false positive with the Sub Resource Integrity Attribute Missing scan rule with regard to which link tags it raises alerts on (Issue 8938).
Added
- All rules have been tagged of interest to Penetration Testers, as well as adding tags associated with DEV or QA applicability.