From fc8e93769f3bdfc2691486d5bb9b61da023c49da Mon Sep 17 00:00:00 2001
From: zapbot <12745184+zapbot@users.noreply.github.com>
Date: Mon, 22 Jul 2024 16:15:07 +0000
Subject: [PATCH] Release add-on(s)
Release the following add-ons:
- Active scanner rules (beta) version 54
- Active scanner rules version 67
- Ajax Spider version 23.20.0
- Dev Add-on version 0.6.0
- Import/Export version 0.10.0
- Script Console version 45.5.0
- Selenium version 15.27.0
Signed-off-by: zapbot <12745184+zapbot@users.noreply.github.com>
---
ZapVersions-2.15.xml | 147 ++++++++++++++++++++++---------------------
ZapVersions-dev.xml | 147 ++++++++++++++++++++++---------------------
2 files changed, 152 insertions(+), 142 deletions(-)
diff --git a/ZapVersions-2.15.xml b/ZapVersions-2.15.xml
index aa1f3da5..7679471e 100644
--- a/ZapVersions-2.15.xml
+++ b/ZapVersions-2.15.xml
@@ -124,19 +124,30 @@
Active scanner rules
The release status Active Scanner rules
ZAP Dev Team
- 66
- ascanrules-release-66.zap
+ 67
+ ascanrules-release-67.zap
release
<h3>Changed</h3>
<ul>
-<li>Update minimum ZAP version to 2.15.0.</li>
+<li>The following rules now includes example alert functionality for documentation generation purposes (Issue 6119), as well as now including Alert Tags (OWASP Top 10, WSTG, and updated CWE):
+<ul>
+<li>Server Side Template Injection</li>
+<li>Server Side Template Injection (Blind)</li>
+</ul>
+</li>
+</ul>
+<h3>Fixed</h3>
+<ul>
+<li>False positives in the Path Traversal rule.</li>
+<li>Alert text for various rules has been updated to more consistently use periods and spaces in a uniform manner.</li>
+<li>False Positives in the Remote File Inclusion rule (Issue 8561).</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v66/ascanrules-release-66.zap
- SHA-256:6c63ac358a5a183a757cb63ac13040e58eb3087aa9ca25bf40a02fab83f3736f
+ https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v67/ascanrules-release-67.zap
+ SHA-256:32c72168aa7a5ecf5fc896b3e7ab38274289259af60a30ce6a86d52b0b511d18
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules/
https://github.com/zaproxy/zap-extensions/
- 2024-05-07
- 3302394
+ 2024-07-22
+ 3307267
2.15.0
@@ -188,20 +199,26 @@
Active scanner rules (beta)
The beta status Active Scanner rules
ZAP Dev Team
- 53
- ascanrulesBeta-beta-53.zap
+ 54
+ ascanrulesBeta-beta-54.zap
beta
<h3>Changed</h3>
<ul>
-<li>Change links to use HTTPS in other info of Insecure HTTP Method (Issue 8262).</li>
+<li>Update minimum ZAP version to 2.15.0.</li>
+<li>Maintenance changes.</li>
+</ul>
+<h3>Fixed</h3>
+<ul>
+<li>Fixed regex for Relative Path Confusion, which detected absolute url as relative</li>
+<li>Alert text for various rules has been updated to more consistently use periods and spaces in a uniform manner.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v53/ascanrulesBeta-beta-53.zap
- SHA-256:719db8dba4c3f3bec0360e55c46105910fb44aa6c1b97eb6ac00277a0a8c5151
+ https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v54/ascanrulesBeta-beta-54.zap
+ SHA-256:9b37cbe49f5dbf2ea0fd8b270ce78e2105c397cc46c3590fa37b161b6e33045a
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-beta/
https://github.com/zaproxy/zap-extensions/
- 2024-03-28
- 1743045
- 2.14.0
+ 2024-07-22
+ 1768968
+ 2.15.0
@@ -708,20 +725,24 @@ to find and add subdomains to the Sites Tree.</li>
Dev Add-on
An add-on to help with development of ZAP.
ZAP Dev Team
- 0.5.0
- dev-alpha-0.5.0.zap
+ 0.6.0
+ dev-alpha-0.6.0.zap
alpha
<h3>Added</h3>
<ul>
-<li>Auth page which uses header and a cookie set via JavaScript.</li>
+<li>Page protected by auth in order to provide a simple test for authenticated spidering.</li>
+</ul>
+<h3>Changed</h3>
+<ul>
+<li>Update minimum ZAP version to 2.15.0.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/dev-v0.5.0/dev-alpha-0.5.0.zap
- SHA-256:182b597916a24f98376b61de7c38220a8eaf525e2721ce352343a4fc79699217
+ https://github.com/zaproxy/zap-extensions/releases/download/dev-v0.6.0/dev-alpha-0.6.0.zap
+ SHA-256:a0899a42ef4c32a850622df619e23657dc475301246bab2f12713c43b5db9c47
https://www.zaproxy.org/docs/desktop/addons/dev-add-on/
https://github.com/zaproxy/zap-extensions/
- 2024-01-10
- 132875
- 2.14.0
+ 2024-07-22
+ 145053
+ 2.15.0
@@ -944,25 +965,19 @@ to find and add subdomains to the Sites Tree.</li>
Import/Export
Import and Export functionality
ZAP Dev Team & thatsn0tmysite
- 0.9.0
- exim-beta-0.9.0.zap
+ 0.10.0
+ exim-beta-0.10.0.zap
beta
- <h3>Added</h3>
-<ul>
-<li>Initial PCAP import support (Issue 4812).</li>
-<li>Support for menu weights (Issue 8369)</li>
-</ul>
-<h3>Changed</h3>
+ <h3>Changed</h3>
<ul>
-<li>Update minimum ZAP version to 2.15.0.</li>
-<li>Maintenance changes.</li>
+<li>HAR importing now uses Sebastian Stöhr's har-reader library. It should be much more tolerant of 'weird' HAR things, and thus be able to import more samples. (If you come across HAR that won't import please open an issue and provide a sample so we can work on further improvements!)</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.9.0/exim-beta-0.9.0.zap
- SHA-256:ff31251b7bdbd364c8912eed27c24c09b25b96e4cf007aec734f852fd7974a79
+ https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.10.0/exim-beta-0.10.0.zap
+ SHA-256:605d3293521cc7f9d6f3c70a08b8d99e27bc9c627ebd17bc7954919bed668a50
https://www.zaproxy.org/docs/desktop/addons/import-export/
https://github.com/zaproxy/zap-extensions/
- 2024-05-07
- 481231
+ 2024-07-22
+ 2807556
2.15.0
@@ -2510,23 +2525,23 @@ to find and add subdomains to the Sites Tree.</li>
Script Console
Supports all JSR 223 scripting languages
ZAP Dev Team
- 45.4.0
- scripts-release-45.4.0.zap
+ 45.5.0
+ scripts-release-45.5.0.zap
release
<h3>Added</h3>
<ul>
-<li>Support for Automtion Framework loaddir action, which loads all of the scripts under the specified directory.</li>
+<li>Provide the <code>script</code> API on newer ZAP versions.</li>
</ul>
-<h3>Changed</h3>
+<h3>Fixed</h3>
<ul>
-<li>File parameter to <code>source</code>, <code>file</code> will still work.</li>
+<li>Handle missing "references" field in the script metadata correctly.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/scripts-v45.4.0/scripts-release-45.4.0.zap
- SHA-256:06473f8e627526e9eecd16c75d2d3bd1831f33a0b20321b4f8f8883e4eae9fb6
+ https://github.com/zaproxy/zap-extensions/releases/download/scripts-v45.5.0/scripts-release-45.5.0.zap
+ SHA-256:b9964606065993b7d01906755ac2cb123a34d00deb5419664e36481f57d3a02d
https://www.zaproxy.org/docs/desktop/addons/script-console/
https://github.com/zaproxy/zap-extensions/
- 2024-05-16
- 5135216
+ 2024-07-22
+ 5161213
2.15.0
@@ -2542,19 +2557,19 @@ to find and add subdomains to the Sites Tree.</li>
Selenium
WebDriver provider and includes HtmlUnit browser
ZAP Dev Team
- 15.26.0
- selenium-release-15.26.0.zap
+ 15.27.0
+ selenium-release-15.27.0.zap
release
<h3>Changed</h3>
<ul>
-<li>Update Selenium to version 4.22.0.</li>
+<li>Update Selenium to version 4.23.0.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.26.0/selenium-release-15.26.0.zap
- SHA-256:2cdb05de434d4e0fbff30deb573ed1dfc64c4311b66b1003966aeedce9888db4
+ https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.27.0/selenium-release-15.27.0.zap
+ SHA-256:a34ba462a6fc348561e46707048cf965f87bac305d4a21eb7184cd7be0d4c743
https://www.zaproxy.org/docs/desktop/addons/selenium/
https://github.com/zaproxy/zap-extensions/
- 2024-06-21
- 31109788
+ 2024-07-22
+ 31215698
2.15.0
@@ -2677,29 +2692,19 @@ to find and add subdomains to the Sites Tree.</li>
Ajax Spider
Allows you to spider sites that make heavy use of JavaScript using Crawljax
ZAP Dev Team
- 23.19.0
- spiderAjax-release-23.19.0.zap
+ 23.20.0
+ spiderAjax-release-23.20.0.zap
release
- <h3>Added</h3>
-<ul>
-<li>Video link in help for Automation Framework job.</li>
-<li>Support for menu weights (Issue 8369)</li>
-</ul>
-<h3>Changed</h3>
-<ul>
-<li>Update minimum ZAP version to 2.15.0.</li>
-<li>Maintenance changes.</li>
-</ul>
-<h3>Fixed</h3>
+ <h3>Fixed</h3>
<ul>
-<li>A typo in an API end-point description.</li>
+<li>Issue with browser based auth.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.19.0/spiderAjax-release-23.19.0.zap
- SHA-256:660f7dba00dcc4e9fcff093320d83aecad55813137b81bc7254d20fa072d6b33
+ https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.20.0/spiderAjax-release-23.20.0.zap
+ SHA-256:5baee17b6d06da1816fcc1023cf067c2a5842b5d23fa314fe7202d4cf87c67d7
https://www.zaproxy.org/docs/desktop/addons/ajax-spider/
https://github.com/zaproxy/zap-extensions/
- 2024-05-07
- 7564067
+ 2024-07-22
+ 7569111
2.15.0
diff --git a/ZapVersions-dev.xml b/ZapVersions-dev.xml
index c667256e..ccfa10ac 100644
--- a/ZapVersions-dev.xml
+++ b/ZapVersions-dev.xml
@@ -124,19 +124,30 @@
Active scanner rules
The release status Active Scanner rules
ZAP Dev Team
- 66
- ascanrules-release-66.zap
+ 67
+ ascanrules-release-67.zap
release
<h3>Changed</h3>
<ul>
-<li>Update minimum ZAP version to 2.15.0.</li>
+<li>The following rules now includes example alert functionality for documentation generation purposes (Issue 6119), as well as now including Alert Tags (OWASP Top 10, WSTG, and updated CWE):
+<ul>
+<li>Server Side Template Injection</li>
+<li>Server Side Template Injection (Blind)</li>
+</ul>
+</li>
+</ul>
+<h3>Fixed</h3>
+<ul>
+<li>False positives in the Path Traversal rule.</li>
+<li>Alert text for various rules has been updated to more consistently use periods and spaces in a uniform manner.</li>
+<li>False Positives in the Remote File Inclusion rule (Issue 8561).</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v66/ascanrules-release-66.zap
- SHA-256:6c63ac358a5a183a757cb63ac13040e58eb3087aa9ca25bf40a02fab83f3736f
+ https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v67/ascanrules-release-67.zap
+ SHA-256:32c72168aa7a5ecf5fc896b3e7ab38274289259af60a30ce6a86d52b0b511d18
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules/
https://github.com/zaproxy/zap-extensions/
- 2024-05-07
- 3302394
+ 2024-07-22
+ 3307267
2.15.0
@@ -188,20 +199,26 @@
Active scanner rules (beta)
The beta status Active Scanner rules
ZAP Dev Team
- 53
- ascanrulesBeta-beta-53.zap
+ 54
+ ascanrulesBeta-beta-54.zap
beta
<h3>Changed</h3>
<ul>
-<li>Change links to use HTTPS in other info of Insecure HTTP Method (Issue 8262).</li>
+<li>Update minimum ZAP version to 2.15.0.</li>
+<li>Maintenance changes.</li>
+</ul>
+<h3>Fixed</h3>
+<ul>
+<li>Fixed regex for Relative Path Confusion, which detected absolute url as relative</li>
+<li>Alert text for various rules has been updated to more consistently use periods and spaces in a uniform manner.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v53/ascanrulesBeta-beta-53.zap
- SHA-256:719db8dba4c3f3bec0360e55c46105910fb44aa6c1b97eb6ac00277a0a8c5151
+ https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v54/ascanrulesBeta-beta-54.zap
+ SHA-256:9b37cbe49f5dbf2ea0fd8b270ce78e2105c397cc46c3590fa37b161b6e33045a
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-beta/
https://github.com/zaproxy/zap-extensions/
- 2024-03-28
- 1743045
- 2.14.0
+ 2024-07-22
+ 1768968
+ 2.15.0
@@ -708,20 +725,24 @@ to find and add subdomains to the Sites Tree.</li>
Dev Add-on
An add-on to help with development of ZAP.
ZAP Dev Team
- 0.5.0
- dev-alpha-0.5.0.zap
+ 0.6.0
+ dev-alpha-0.6.0.zap
alpha
<h3>Added</h3>
<ul>
-<li>Auth page which uses header and a cookie set via JavaScript.</li>
+<li>Page protected by auth in order to provide a simple test for authenticated spidering.</li>
+</ul>
+<h3>Changed</h3>
+<ul>
+<li>Update minimum ZAP version to 2.15.0.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/dev-v0.5.0/dev-alpha-0.5.0.zap
- SHA-256:182b597916a24f98376b61de7c38220a8eaf525e2721ce352343a4fc79699217
+ https://github.com/zaproxy/zap-extensions/releases/download/dev-v0.6.0/dev-alpha-0.6.0.zap
+ SHA-256:a0899a42ef4c32a850622df619e23657dc475301246bab2f12713c43b5db9c47
https://www.zaproxy.org/docs/desktop/addons/dev-add-on/
https://github.com/zaproxy/zap-extensions/
- 2024-01-10
- 132875
- 2.14.0
+ 2024-07-22
+ 145053
+ 2.15.0
@@ -944,25 +965,19 @@ to find and add subdomains to the Sites Tree.</li>
Import/Export
Import and Export functionality
ZAP Dev Team & thatsn0tmysite
- 0.9.0
- exim-beta-0.9.0.zap
+ 0.10.0
+ exim-beta-0.10.0.zap
beta
- <h3>Added</h3>
-<ul>
-<li>Initial PCAP import support (Issue 4812).</li>
-<li>Support for menu weights (Issue 8369)</li>
-</ul>
-<h3>Changed</h3>
+ <h3>Changed</h3>
<ul>
-<li>Update minimum ZAP version to 2.15.0.</li>
-<li>Maintenance changes.</li>
+<li>HAR importing now uses Sebastian Stöhr's har-reader library. It should be much more tolerant of 'weird' HAR things, and thus be able to import more samples. (If you come across HAR that won't import please open an issue and provide a sample so we can work on further improvements!)</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.9.0/exim-beta-0.9.0.zap
- SHA-256:ff31251b7bdbd364c8912eed27c24c09b25b96e4cf007aec734f852fd7974a79
+ https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.10.0/exim-beta-0.10.0.zap
+ SHA-256:605d3293521cc7f9d6f3c70a08b8d99e27bc9c627ebd17bc7954919bed668a50
https://www.zaproxy.org/docs/desktop/addons/import-export/
https://github.com/zaproxy/zap-extensions/
- 2024-05-07
- 481231
+ 2024-07-22
+ 2807556
2.15.0
@@ -2510,23 +2525,23 @@ to find and add subdomains to the Sites Tree.</li>
Script Console
Supports all JSR 223 scripting languages
ZAP Dev Team
- 45.4.0
- scripts-release-45.4.0.zap
+ 45.5.0
+ scripts-release-45.5.0.zap
release
<h3>Added</h3>
<ul>
-<li>Support for Automtion Framework loaddir action, which loads all of the scripts under the specified directory.</li>
+<li>Provide the <code>script</code> API on newer ZAP versions.</li>
</ul>
-<h3>Changed</h3>
+<h3>Fixed</h3>
<ul>
-<li>File parameter to <code>source</code>, <code>file</code> will still work.</li>
+<li>Handle missing "references" field in the script metadata correctly.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/scripts-v45.4.0/scripts-release-45.4.0.zap
- SHA-256:06473f8e627526e9eecd16c75d2d3bd1831f33a0b20321b4f8f8883e4eae9fb6
+ https://github.com/zaproxy/zap-extensions/releases/download/scripts-v45.5.0/scripts-release-45.5.0.zap
+ SHA-256:b9964606065993b7d01906755ac2cb123a34d00deb5419664e36481f57d3a02d
https://www.zaproxy.org/docs/desktop/addons/script-console/
https://github.com/zaproxy/zap-extensions/
- 2024-05-16
- 5135216
+ 2024-07-22
+ 5161213
2.15.0
@@ -2542,19 +2557,19 @@ to find and add subdomains to the Sites Tree.</li>
Selenium
WebDriver provider and includes HtmlUnit browser
ZAP Dev Team
- 15.26.0
- selenium-release-15.26.0.zap
+ 15.27.0
+ selenium-release-15.27.0.zap
release
<h3>Changed</h3>
<ul>
-<li>Update Selenium to version 4.22.0.</li>
+<li>Update Selenium to version 4.23.0.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.26.0/selenium-release-15.26.0.zap
- SHA-256:2cdb05de434d4e0fbff30deb573ed1dfc64c4311b66b1003966aeedce9888db4
+ https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.27.0/selenium-release-15.27.0.zap
+ SHA-256:a34ba462a6fc348561e46707048cf965f87bac305d4a21eb7184cd7be0d4c743
https://www.zaproxy.org/docs/desktop/addons/selenium/
https://github.com/zaproxy/zap-extensions/
- 2024-06-21
- 31109788
+ 2024-07-22
+ 31215698
2.15.0
@@ -2677,29 +2692,19 @@ to find and add subdomains to the Sites Tree.</li>
Ajax Spider
Allows you to spider sites that make heavy use of JavaScript using Crawljax
ZAP Dev Team
- 23.19.0
- spiderAjax-release-23.19.0.zap
+ 23.20.0
+ spiderAjax-release-23.20.0.zap
release
- <h3>Added</h3>
-<ul>
-<li>Video link in help for Automation Framework job.</li>
-<li>Support for menu weights (Issue 8369)</li>
-</ul>
-<h3>Changed</h3>
-<ul>
-<li>Update minimum ZAP version to 2.15.0.</li>
-<li>Maintenance changes.</li>
-</ul>
-<h3>Fixed</h3>
+ <h3>Fixed</h3>
<ul>
-<li>A typo in an API end-point description.</li>
+<li>Issue with browser based auth.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.19.0/spiderAjax-release-23.19.0.zap
- SHA-256:660f7dba00dcc4e9fcff093320d83aecad55813137b81bc7254d20fa072d6b33
+ https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.20.0/spiderAjax-release-23.20.0.zap
+ SHA-256:5baee17b6d06da1816fcc1023cf067c2a5842b5d23fa314fe7202d4cf87c67d7
https://www.zaproxy.org/docs/desktop/addons/ajax-spider/
https://github.com/zaproxy/zap-extensions/
- 2024-05-07
- 7564067
+ 2024-07-22
+ 7569111
2.15.0