diff --git a/ZapVersions-2.15.xml b/ZapVersions-2.15.xml
index 199a36d..618c3ba 100644
--- a/ZapVersions-2.15.xml
+++ b/ZapVersions-2.15.xml
@@ -569,19 +569,28 @@
Common Library
A common library, for use by other add-ons.
ZAP Dev Team
- 1.28.0
- commonlib-release-1.28.0.zap
+ 1.29.0
+ commonlib-release-1.29.0.zap
release
<h3>Changed</h3>
<ul>
-<li>Maintenance changes.</li>
+<li>Dependency updates.</li>
+<li>Let the Value Generator add-on provide the custom values through this add-on (Issue 8016).</li>
+</ul>
+<h3>Added</h3>
+<ul>
+<li>Policy tags for use with scan rules and the new Scan Policies add-on.</li>
+</ul>
+<h3>Fixed</h3>
+<ul>
+<li>Be more lenient with the input used for providing values, to prevent exceptions.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.28.0/commonlib-release-1.28.0.zap
- SHA-256:243aea9f7273c0b69621b7a6fb5a912fc8e91e2b24f34236929f87b24804cbdc
+ https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.29.0/commonlib-release-1.29.0.zap
+ SHA-256:423202fc2597edb5fa172f00dd2d6411f8ea5ec6405f08f07257e11d0f9bba07
https://www.zaproxy.org/docs/desktop/addons/common-library/
https://github.com/zaproxy/zap-extensions/
- 2024-09-24
- 15141417
+ 2024-12-23
+ 15145366
2.15.0
communityScripts
@@ -875,26 +884,37 @@ to find and add subdomains to the Sites Tree.</li>
DOM XSS Active scanner rule
DOM XSS Active scanner rule
Aabha Biyani, ZAP Dev Team
- 19
- domxss-release-19.zap
+ 20
+ domxss-release-20.zap
release
<h3>Changed</h3>
<ul>
-<li>Update minimum ZAP version to 2.15.0.</li>
-<li>Maintenance changes.</li>
+<li>Address deprecation warnings with newer Selenium version (4.27).</li>
+<li>Include the whole HTTP message in the raised alerts.</li>
+<li>Include the steps to reproduce the DOM XSS in the other info of the alert.</li>
+<li>Do not request URLs explicitly excluded from the context or global excludes</li>
+<li>Depend on newer version of Common Library add-on.</li>
+</ul>
+<h3>Fixed</h3>
+<ul>
+<li>Address false negatives through query parameters.</li>
+</ul>
+<h3>Added</h3>
+<ul>
+<li>Standardized Scan Policy related alert tags on the rule.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/domxss-v19/domxss-release-19.zap
- SHA-256:6bc85e3ced67a1e2039bdda92b9d3cc0e8e4a8abea8b49fc3685c793736b101d
+ https://github.com/zaproxy/zap-extensions/releases/download/domxss-v20/domxss-release-20.zap
+ SHA-256:69a551db6553a16462faa63a04c232ec56f80c0db1d37b0f6dccf9dc02d8db7f
https://www.zaproxy.org/docs/desktop/addons/dom-xss-active-scan-rule/
https://github.com/zaproxy/zap-extensions/
- 2024-05-07
- 271507
+ 2024-12-23
+ 275082
2.15.0
commonlib
- >= 1.17.0 & < 2.0.0
+ >= 1.29.0 & < 2.0.0
network
@@ -1878,27 +1898,23 @@ to find and add subdomains to the Sites Tree.</li>
Network
Provides core networking capabilities.
ZAP Dev Team
- 0.18.0
- network-beta-0.18.0.zap
+ 0.19.0
+ network-beta-0.19.0.zap
beta
- <h3>Added</h3>
-<ul>
-<li>Send success/failure stats.</li>
-</ul>
-<h3>Changed</h3>
-<ul>
-<li>Stop retrying 429 and 503 responses, instead of waiting for <code>retry-after</code> (Issue 8627).</li>
-</ul>
-<h3>Fixed</h3>
+ <h3>Changed</h3>
<ul>
-<li>Fix typo in log message.</li>
+<li>Configure the logging to prevent verbose log messages when using BC JSSE provider.</li>
+<li>Improve error handling on client's unknown CA TLS alert.</li>
+<li>Report available TLS providers when failed to query the TLS/SSL protocol versions.</li>
+<li>Rely on the default secure random generator when creating the Root CA certificate to use the most appropriate defined by the security provider.</li>
+<li>Update default user-agents.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/network-v0.18.0/network-beta-0.18.0.zap
- SHA-256:cfae49285ac293ac13212e772a7f651b0d244bc6bfccf73a835f82e6f9e9d2b0
+ https://github.com/zaproxy/zap-extensions/releases/download/network-v0.19.0/network-beta-0.19.0.zap
+ SHA-256:68d797708fba51da2edc4dee58130057c0d85a9c73eedde008833a24693ba12b
https://www.zaproxy.org/docs/desktop/addons/network/
https://github.com/zaproxy/zap-extensions/
- 2024-09-24
- 28118824
+ 2024-12-23
+ 28128362
2.15.0
oast
@@ -2512,21 +2528,24 @@ to find and add subdomains to the Sites Tree.</li>
Retire.js
Use Retire.js to identify vulnerable or out-dated JavaScript packages.
Nikita Mundhada and the ZAP Dev Team
- 0.42.0
- retire-release-0.42.0.zap
+ 0.43.0
+ retire-release-0.43.0.zap
release
- <h3>Changed</h3>
+ <h3>Fixed</h3>
+<ul>
+<li>An issue that was resulting in False Positives.</li>
+</ul>
+<h3>Changed</h3>
<ul>
<li>Updated with upstream retire.js pattern changes.</li>
-<li>The Risk level associated with Alerts raised by this scan rule are mapped to the severity ratings provided in the Retire.js data. If no severity is matched then a default of Medium Risk is used (Issue 7926).</li>
-<li>Maintenance changes.</li>
+<li>The scan rule now uses a more specific CWE (Issue 8732).</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.42.0/retire-release-0.42.0.zap
- SHA-256:e43d8eedc67af0ca34502cc39ad18a75043b8719ff882babd67069072fbe6bd1
+ https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.43.0/retire-release-0.43.0.zap
+ SHA-256:bba6ba79b4fca51729eb10dc5ac7d737777889eb7434b45d2665e8cb8eb2afc7
https://www.zaproxy.org/docs/desktop/addons/retire.js/
https://github.com/zaproxy/zap-extensions/
- 2024-11-25
- 994720
+ 2024-12-23
+ 1000658
2.15.0
@@ -2668,24 +2687,20 @@ to find and add subdomains to the Sites Tree.</li>
Selenium
WebDriver provider and includes HtmlUnit browser
ZAP Dev Team
- 15.30.0
- selenium-release-15.30.0.zap
+ 15.31.0
+ selenium-release-15.31.0.zap
release
<h3>Changed</h3>
<ul>
-<li>Update Selenium to version 4.25.0.</li>
-<li>Update script template:
-<ul>
-<li>selenium/Selenium default template.js - update documentation.</li>
-</ul>
-</li>
+<li>Update Selenium to version 4.27.0.</li>
+<li>Use WebDriver BiDi with Firefox.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.30.0/selenium-release-15.30.0.zap
- SHA-256:540709b714e2ed0a68fc4ff04fbc0cb3db29faf4ce1d4043f8e086c66cc083a7
+ https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.31.0/selenium-release-15.31.0.zap
+ SHA-256:3f6c03d349aa9911cf8c48a29bb419666ddd8a781f674b2324d025d256aaa5cc
https://www.zaproxy.org/docs/desktop/addons/selenium/
https://github.com/zaproxy/zap-extensions/
- 2024-09-24
- 31622033
+ 2024-12-23
+ 35281222
2.15.0
diff --git a/ZapVersions-2.16.xml b/ZapVersions-2.16.xml
index 199a36d..618c3ba 100644
--- a/ZapVersions-2.16.xml
+++ b/ZapVersions-2.16.xml
@@ -569,19 +569,28 @@
Common Library
A common library, for use by other add-ons.
ZAP Dev Team
- 1.28.0
- commonlib-release-1.28.0.zap
+ 1.29.0
+ commonlib-release-1.29.0.zap
release
<h3>Changed</h3>
<ul>
-<li>Maintenance changes.</li>
+<li>Dependency updates.</li>
+<li>Let the Value Generator add-on provide the custom values through this add-on (Issue 8016).</li>
+</ul>
+<h3>Added</h3>
+<ul>
+<li>Policy tags for use with scan rules and the new Scan Policies add-on.</li>
+</ul>
+<h3>Fixed</h3>
+<ul>
+<li>Be more lenient with the input used for providing values, to prevent exceptions.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.28.0/commonlib-release-1.28.0.zap
- SHA-256:243aea9f7273c0b69621b7a6fb5a912fc8e91e2b24f34236929f87b24804cbdc
+ https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.29.0/commonlib-release-1.29.0.zap
+ SHA-256:423202fc2597edb5fa172f00dd2d6411f8ea5ec6405f08f07257e11d0f9bba07
https://www.zaproxy.org/docs/desktop/addons/common-library/
https://github.com/zaproxy/zap-extensions/
- 2024-09-24
- 15141417
+ 2024-12-23
+ 15145366
2.15.0
communityScripts
@@ -875,26 +884,37 @@ to find and add subdomains to the Sites Tree.</li>
DOM XSS Active scanner rule
DOM XSS Active scanner rule
Aabha Biyani, ZAP Dev Team
- 19
- domxss-release-19.zap
+ 20
+ domxss-release-20.zap
release
<h3>Changed</h3>
<ul>
-<li>Update minimum ZAP version to 2.15.0.</li>
-<li>Maintenance changes.</li>
+<li>Address deprecation warnings with newer Selenium version (4.27).</li>
+<li>Include the whole HTTP message in the raised alerts.</li>
+<li>Include the steps to reproduce the DOM XSS in the other info of the alert.</li>
+<li>Do not request URLs explicitly excluded from the context or global excludes</li>
+<li>Depend on newer version of Common Library add-on.</li>
+</ul>
+<h3>Fixed</h3>
+<ul>
+<li>Address false negatives through query parameters.</li>
+</ul>
+<h3>Added</h3>
+<ul>
+<li>Standardized Scan Policy related alert tags on the rule.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/domxss-v19/domxss-release-19.zap
- SHA-256:6bc85e3ced67a1e2039bdda92b9d3cc0e8e4a8abea8b49fc3685c793736b101d
+ https://github.com/zaproxy/zap-extensions/releases/download/domxss-v20/domxss-release-20.zap
+ SHA-256:69a551db6553a16462faa63a04c232ec56f80c0db1d37b0f6dccf9dc02d8db7f
https://www.zaproxy.org/docs/desktop/addons/dom-xss-active-scan-rule/
https://github.com/zaproxy/zap-extensions/
- 2024-05-07
- 271507
+ 2024-12-23
+ 275082
2.15.0
commonlib
- >= 1.17.0 & < 2.0.0
+ >= 1.29.0 & < 2.0.0
network
@@ -1878,27 +1898,23 @@ to find and add subdomains to the Sites Tree.</li>
Network
Provides core networking capabilities.
ZAP Dev Team
- 0.18.0
- network-beta-0.18.0.zap
+ 0.19.0
+ network-beta-0.19.0.zap
beta
- <h3>Added</h3>
-<ul>
-<li>Send success/failure stats.</li>
-</ul>
-<h3>Changed</h3>
-<ul>
-<li>Stop retrying 429 and 503 responses, instead of waiting for <code>retry-after</code> (Issue 8627).</li>
-</ul>
-<h3>Fixed</h3>
+ <h3>Changed</h3>
<ul>
-<li>Fix typo in log message.</li>
+<li>Configure the logging to prevent verbose log messages when using BC JSSE provider.</li>
+<li>Improve error handling on client's unknown CA TLS alert.</li>
+<li>Report available TLS providers when failed to query the TLS/SSL protocol versions.</li>
+<li>Rely on the default secure random generator when creating the Root CA certificate to use the most appropriate defined by the security provider.</li>
+<li>Update default user-agents.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/network-v0.18.0/network-beta-0.18.0.zap
- SHA-256:cfae49285ac293ac13212e772a7f651b0d244bc6bfccf73a835f82e6f9e9d2b0
+ https://github.com/zaproxy/zap-extensions/releases/download/network-v0.19.0/network-beta-0.19.0.zap
+ SHA-256:68d797708fba51da2edc4dee58130057c0d85a9c73eedde008833a24693ba12b
https://www.zaproxy.org/docs/desktop/addons/network/
https://github.com/zaproxy/zap-extensions/
- 2024-09-24
- 28118824
+ 2024-12-23
+ 28128362
2.15.0
oast
@@ -2512,21 +2528,24 @@ to find and add subdomains to the Sites Tree.</li>
Retire.js
Use Retire.js to identify vulnerable or out-dated JavaScript packages.
Nikita Mundhada and the ZAP Dev Team
- 0.42.0
- retire-release-0.42.0.zap
+ 0.43.0
+ retire-release-0.43.0.zap
release
- <h3>Changed</h3>
+ <h3>Fixed</h3>
+<ul>
+<li>An issue that was resulting in False Positives.</li>
+</ul>
+<h3>Changed</h3>
<ul>
<li>Updated with upstream retire.js pattern changes.</li>
-<li>The Risk level associated with Alerts raised by this scan rule are mapped to the severity ratings provided in the Retire.js data. If no severity is matched then a default of Medium Risk is used (Issue 7926).</li>
-<li>Maintenance changes.</li>
+<li>The scan rule now uses a more specific CWE (Issue 8732).</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.42.0/retire-release-0.42.0.zap
- SHA-256:e43d8eedc67af0ca34502cc39ad18a75043b8719ff882babd67069072fbe6bd1
+ https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.43.0/retire-release-0.43.0.zap
+ SHA-256:bba6ba79b4fca51729eb10dc5ac7d737777889eb7434b45d2665e8cb8eb2afc7
https://www.zaproxy.org/docs/desktop/addons/retire.js/
https://github.com/zaproxy/zap-extensions/
- 2024-11-25
- 994720
+ 2024-12-23
+ 1000658
2.15.0
@@ -2668,24 +2687,20 @@ to find and add subdomains to the Sites Tree.</li>
Selenium
WebDriver provider and includes HtmlUnit browser
ZAP Dev Team
- 15.30.0
- selenium-release-15.30.0.zap
+ 15.31.0
+ selenium-release-15.31.0.zap
release
<h3>Changed</h3>
<ul>
-<li>Update Selenium to version 4.25.0.</li>
-<li>Update script template:
-<ul>
-<li>selenium/Selenium default template.js - update documentation.</li>
-</ul>
-</li>
+<li>Update Selenium to version 4.27.0.</li>
+<li>Use WebDriver BiDi with Firefox.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.30.0/selenium-release-15.30.0.zap
- SHA-256:540709b714e2ed0a68fc4ff04fbc0cb3db29faf4ce1d4043f8e086c66cc083a7
+ https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.31.0/selenium-release-15.31.0.zap
+ SHA-256:3f6c03d349aa9911cf8c48a29bb419666ddd8a781f674b2324d025d256aaa5cc
https://www.zaproxy.org/docs/desktop/addons/selenium/
https://github.com/zaproxy/zap-extensions/
- 2024-09-24
- 31622033
+ 2024-12-23
+ 35281222
2.15.0
diff --git a/ZapVersions-dev.xml b/ZapVersions-dev.xml
index 49470f5..04fd7f8 100644
--- a/ZapVersions-dev.xml
+++ b/ZapVersions-dev.xml
@@ -569,19 +569,28 @@
Common Library
A common library, for use by other add-ons.
ZAP Dev Team
- 1.28.0
- commonlib-release-1.28.0.zap
+ 1.29.0
+ commonlib-release-1.29.0.zap
release
<h3>Changed</h3>
<ul>
-<li>Maintenance changes.</li>
+<li>Dependency updates.</li>
+<li>Let the Value Generator add-on provide the custom values through this add-on (Issue 8016).</li>
+</ul>
+<h3>Added</h3>
+<ul>
+<li>Policy tags for use with scan rules and the new Scan Policies add-on.</li>
+</ul>
+<h3>Fixed</h3>
+<ul>
+<li>Be more lenient with the input used for providing values, to prevent exceptions.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.28.0/commonlib-release-1.28.0.zap
- SHA-256:243aea9f7273c0b69621b7a6fb5a912fc8e91e2b24f34236929f87b24804cbdc
+ https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.29.0/commonlib-release-1.29.0.zap
+ SHA-256:423202fc2597edb5fa172f00dd2d6411f8ea5ec6405f08f07257e11d0f9bba07
https://www.zaproxy.org/docs/desktop/addons/common-library/
https://github.com/zaproxy/zap-extensions/
- 2024-09-24
- 15141417
+ 2024-12-23
+ 15145366
2.15.0
communityScripts
@@ -875,26 +884,37 @@ to find and add subdomains to the Sites Tree.</li>
DOM XSS Active scanner rule
DOM XSS Active scanner rule
Aabha Biyani, ZAP Dev Team
- 19
- domxss-release-19.zap
+ 20
+ domxss-release-20.zap
release
<h3>Changed</h3>
<ul>
-<li>Update minimum ZAP version to 2.15.0.</li>
-<li>Maintenance changes.</li>
+<li>Address deprecation warnings with newer Selenium version (4.27).</li>
+<li>Include the whole HTTP message in the raised alerts.</li>
+<li>Include the steps to reproduce the DOM XSS in the other info of the alert.</li>
+<li>Do not request URLs explicitly excluded from the context or global excludes</li>
+<li>Depend on newer version of Common Library add-on.</li>
+</ul>
+<h3>Fixed</h3>
+<ul>
+<li>Address false negatives through query parameters.</li>
+</ul>
+<h3>Added</h3>
+<ul>
+<li>Standardized Scan Policy related alert tags on the rule.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/domxss-v19/domxss-release-19.zap
- SHA-256:6bc85e3ced67a1e2039bdda92b9d3cc0e8e4a8abea8b49fc3685c793736b101d
+ https://github.com/zaproxy/zap-extensions/releases/download/domxss-v20/domxss-release-20.zap
+ SHA-256:69a551db6553a16462faa63a04c232ec56f80c0db1d37b0f6dccf9dc02d8db7f
https://www.zaproxy.org/docs/desktop/addons/dom-xss-active-scan-rule/
https://github.com/zaproxy/zap-extensions/
- 2024-05-07
- 271507
+ 2024-12-23
+ 275082
2.15.0
commonlib
- >= 1.17.0 & < 2.0.0
+ >= 1.29.0 & < 2.0.0
network
@@ -1878,27 +1898,23 @@ to find and add subdomains to the Sites Tree.</li>
Network
Provides core networking capabilities.
ZAP Dev Team
- 0.18.0
- network-beta-0.18.0.zap
+ 0.19.0
+ network-beta-0.19.0.zap
beta
- <h3>Added</h3>
-<ul>
-<li>Send success/failure stats.</li>
-</ul>
-<h3>Changed</h3>
-<ul>
-<li>Stop retrying 429 and 503 responses, instead of waiting for <code>retry-after</code> (Issue 8627).</li>
-</ul>
-<h3>Fixed</h3>
+ <h3>Changed</h3>
<ul>
-<li>Fix typo in log message.</li>
+<li>Configure the logging to prevent verbose log messages when using BC JSSE provider.</li>
+<li>Improve error handling on client's unknown CA TLS alert.</li>
+<li>Report available TLS providers when failed to query the TLS/SSL protocol versions.</li>
+<li>Rely on the default secure random generator when creating the Root CA certificate to use the most appropriate defined by the security provider.</li>
+<li>Update default user-agents.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/network-v0.18.0/network-beta-0.18.0.zap
- SHA-256:cfae49285ac293ac13212e772a7f651b0d244bc6bfccf73a835f82e6f9e9d2b0
+ https://github.com/zaproxy/zap-extensions/releases/download/network-v0.19.0/network-beta-0.19.0.zap
+ SHA-256:68d797708fba51da2edc4dee58130057c0d85a9c73eedde008833a24693ba12b
https://www.zaproxy.org/docs/desktop/addons/network/
https://github.com/zaproxy/zap-extensions/
- 2024-09-24
- 28118824
+ 2024-12-23
+ 28128362
2.15.0
oast
@@ -2512,21 +2528,24 @@ to find and add subdomains to the Sites Tree.</li>
Retire.js
Use Retire.js to identify vulnerable or out-dated JavaScript packages.
Nikita Mundhada and the ZAP Dev Team
- 0.42.0
- retire-release-0.42.0.zap
+ 0.43.0
+ retire-release-0.43.0.zap
release
- <h3>Changed</h3>
+ <h3>Fixed</h3>
+<ul>
+<li>An issue that was resulting in False Positives.</li>
+</ul>
+<h3>Changed</h3>
<ul>
<li>Updated with upstream retire.js pattern changes.</li>
-<li>The Risk level associated with Alerts raised by this scan rule are mapped to the severity ratings provided in the Retire.js data. If no severity is matched then a default of Medium Risk is used (Issue 7926).</li>
-<li>Maintenance changes.</li>
+<li>The scan rule now uses a more specific CWE (Issue 8732).</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.42.0/retire-release-0.42.0.zap
- SHA-256:e43d8eedc67af0ca34502cc39ad18a75043b8719ff882babd67069072fbe6bd1
+ https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.43.0/retire-release-0.43.0.zap
+ SHA-256:bba6ba79b4fca51729eb10dc5ac7d737777889eb7434b45d2665e8cb8eb2afc7
https://www.zaproxy.org/docs/desktop/addons/retire.js/
https://github.com/zaproxy/zap-extensions/
- 2024-11-25
- 994720
+ 2024-12-23
+ 1000658
2.15.0
@@ -2668,24 +2687,20 @@ to find and add subdomains to the Sites Tree.</li>
Selenium
WebDriver provider and includes HtmlUnit browser
ZAP Dev Team
- 15.30.0
- selenium-release-15.30.0.zap
+ 15.31.0
+ selenium-release-15.31.0.zap
release
<h3>Changed</h3>
<ul>
-<li>Update Selenium to version 4.25.0.</li>
-<li>Update script template:
-<ul>
-<li>selenium/Selenium default template.js - update documentation.</li>
-</ul>
-</li>
+<li>Update Selenium to version 4.27.0.</li>
+<li>Use WebDriver BiDi with Firefox.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.30.0/selenium-release-15.30.0.zap
- SHA-256:540709b714e2ed0a68fc4ff04fbc0cb3db29faf4ce1d4043f8e086c66cc083a7
+ https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.31.0/selenium-release-15.31.0.zap
+ SHA-256:3f6c03d349aa9911cf8c48a29bb419666ddd8a781f674b2324d025d256aaa5cc
https://www.zaproxy.org/docs/desktop/addons/selenium/
https://github.com/zaproxy/zap-extensions/
- 2024-09-24
- 31622033
+ 2024-12-23
+ 35281222
2.15.0