From df51e271dbde5d905543b53062619329250129ae Mon Sep 17 00:00:00 2001
From: zapbot <12745184+zapbot@users.noreply.github.com>
Date: Wed, 24 Jan 2024 11:53:09 +0000
Subject: [PATCH] Release add-on(s)
Release the following add-ons:
- Active scanner rules version 61
- Linux WebDrivers version 70
- MacOS WebDrivers version 70
- Windows WebDrivers version 70
Signed-off-by: zapbot <12745184+zapbot@users.noreply.github.com>
---
ZapVersions-2.14.xml | 88 ++++++++++++++++----------------------------
ZapVersions-dev.xml | 88 ++++++++++++++++----------------------------
2 files changed, 62 insertions(+), 114 deletions(-)
diff --git a/ZapVersions-2.14.xml b/ZapVersions-2.14.xml
index 8ae34067..bbd6cdfd 100644
--- a/ZapVersions-2.14.xml
+++ b/ZapVersions-2.14.xml
@@ -131,54 +131,28 @@
Active scanner rules
The release status Active Scanner rules
ZAP Dev Team
- 60
- ascanrules-release-60.zap
+ 61
+ ascanrules-release-61.zap
release
<h3>Changed</h3>
<ul>
-<li>Leave data empty instead of adding "N/A" for the scan rules:
-<ul>
-<li>Cross Site Scripting (Persistent) - Prime</li>
-<li>Cross Site Scripting (Persistent) - Spider</li>
-</ul>
-</li>
-<li>Update reference for Server Side Code Injection (Issue 8262).</li>
-<li>Now depends on minimum Common Library version 1.21.0.</li>
+<li>Update reference for Server Side Include (Issue 8262)</li>
</ul>
<h3>Fixed</h3>
<ul>
-<li>Threshold handling in the Hidden File Finder scan rule.</li>
-<li>Improved the following scan rules by using time-based linear regression tests:
-<ul>
-<li>Server Side Template Injection (Blind)</li>
-<li>SQL Injection - Hypersonic SQL</li>
-<li>SQL Injection - MsSQL</li>
-<li>SQL Injection - MySQL</li>
-</ul>
-</li>
-</ul>
-<h3>Added</h3>
+<li>False positives on redirects for:
<ul>
-<li>Help entry for the Spring Actuators scan rule (missed during previous promotion).</li>
-<li>Website alert links to the help page (Issue 8189).</li>
-<li>The following scan rules now include example alert functionality for documentation generation purposes (Issue 6119) and in some cases updated references (Issue 8262).
-<ul>
-<li>CRLF Injection</li>
-<li>Remote OS Command Injection</li>
-<li>GET for POST</li>
-<li>ELMAH Information Leak</li>
-<li>.env Information Leak</li>
-<li>.htaccess Information Leak</li>
-<li>Trace.axd Information Leak</li>
+<li>Cloud Metadata (Issue 7710)</li>
+<li>Hidden Files</li>
</ul>
</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v60/ascanrules-release-60.zap
- SHA-256:b65d4c64753c4891ee8a79432ec5e884493c55c849f4e17a6c41b9b2cd545214
+ https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v61/ascanrules-release-61.zap
+ SHA-256:d4da0e3df9985b439833987ad5515f27d7ce8a2110b1bcc6cb6b6431921b6525
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules/
https://github.com/zaproxy/zap-extensions/
- 2024-01-16
- 3279485
+ 2024-01-24
+ 3279826
2.14.0
@@ -2919,19 +2893,19 @@
Linux WebDrivers
Linux WebDrivers for Firefox and Chrome.
ZAP Dev Team
- 69
- webdriverlinux-release-69.zap
+ 70
+ webdriverlinux-release-70.zap
release
<h3>Changed</h3>
<ul>
-<li>Update geckodriver to 0.34.0. Previous version included 0.33.0.</li>
+<li>Update ChromeDriver to 121.0.6167.85.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v69/webdriverlinux-release-69.zap
- SHA-256:6d12ff0b40a65c43a96c868db3a15944a9b899c660297a09c3df0125be0d7940
+ https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v70/webdriverlinux-release-70.zap
+ SHA-256:0ca532c378a2b0eaf10be513f5026d82aef29bf15c62bd4b4019e25f6cc40220
https://www.zaproxy.org/docs/desktop/addons/linux-webdrivers/
https://github.com/zaproxy/zap-extensions/
- 2024-01-03
- 17981066
+ 2024-01-24
+ 17969025
2.14.0
webdrivermacos
@@ -2939,19 +2913,19 @@
MacOS WebDrivers
MacOS WebDrivers for Firefox and Chrome.
ZAP Dev Team
- 69
- webdrivermacos-release-69.zap
+ 70
+ webdrivermacos-release-70.zap
release
<h3>Changed</h3>
<ul>
-<li>Update geckodriver to 0.34.0. Previous version included 0.33.0.</li>
+<li>Update ChromeDriver to 121.0.6167.85.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v69/webdrivermacos-release-69.zap
- SHA-256:47b695779afa8e71131fb26039fbaa70697b5e8deaa8a596d4b5c75191ca6546
+ https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v70/webdrivermacos-release-70.zap
+ SHA-256:65c6926fb111fed3b1bd26728bf9ef841b277de40382c5c12c15af6d0bb77d76
https://www.zaproxy.org/docs/desktop/addons/macos-webdrivers/
https://github.com/zaproxy/zap-extensions/
- 2024-01-03
- 20818666
+ 2024-01-24
+ 20784691
2.14.0
webdriverwindows
@@ -2959,19 +2933,19 @@
Windows WebDrivers
Windows WebDrivers for Firefox and Chrome.
ZAP Dev Team
- 69
- webdriverwindows-release-69.zap
+ 70
+ webdriverwindows-release-70.zap
release
<h3>Changed</h3>
<ul>
-<li>Update geckodriver to 0.34.0. Previous version included 0.33.0.</li>
+<li>Update ChromeDriver to 121.0.6167.85.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v69/webdriverwindows-release-69.zap
- SHA-256:7b4ecc0356f8499769285f5dea99036eec6df1ac962eec0ba443f9056737c851
+ https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v70/webdriverwindows-release-70.zap
+ SHA-256:c5a4b707161dd7c35feaf23d2b0c1bff267ddd586270e2b214b1891811b3473c
https://www.zaproxy.org/docs/desktop/addons/windows-webdrivers/
https://github.com/zaproxy/zap-extensions/
- 2024-01-03
- 18399434
+ 2024-01-24
+ 19613288
2.14.0
websocket
diff --git a/ZapVersions-dev.xml b/ZapVersions-dev.xml
index 91f34a49..f4faee8a 100644
--- a/ZapVersions-dev.xml
+++ b/ZapVersions-dev.xml
@@ -131,54 +131,28 @@
Active scanner rules
The release status Active Scanner rules
ZAP Dev Team
- 60
- ascanrules-release-60.zap
+ 61
+ ascanrules-release-61.zap
release
<h3>Changed</h3>
<ul>
-<li>Leave data empty instead of adding "N/A" for the scan rules:
-<ul>
-<li>Cross Site Scripting (Persistent) - Prime</li>
-<li>Cross Site Scripting (Persistent) - Spider</li>
-</ul>
-</li>
-<li>Update reference for Server Side Code Injection (Issue 8262).</li>
-<li>Now depends on minimum Common Library version 1.21.0.</li>
+<li>Update reference for Server Side Include (Issue 8262)</li>
</ul>
<h3>Fixed</h3>
<ul>
-<li>Threshold handling in the Hidden File Finder scan rule.</li>
-<li>Improved the following scan rules by using time-based linear regression tests:
-<ul>
-<li>Server Side Template Injection (Blind)</li>
-<li>SQL Injection - Hypersonic SQL</li>
-<li>SQL Injection - MsSQL</li>
-<li>SQL Injection - MySQL</li>
-</ul>
-</li>
-</ul>
-<h3>Added</h3>
+<li>False positives on redirects for:
<ul>
-<li>Help entry for the Spring Actuators scan rule (missed during previous promotion).</li>
-<li>Website alert links to the help page (Issue 8189).</li>
-<li>The following scan rules now include example alert functionality for documentation generation purposes (Issue 6119) and in some cases updated references (Issue 8262).
-<ul>
-<li>CRLF Injection</li>
-<li>Remote OS Command Injection</li>
-<li>GET for POST</li>
-<li>ELMAH Information Leak</li>
-<li>.env Information Leak</li>
-<li>.htaccess Information Leak</li>
-<li>Trace.axd Information Leak</li>
+<li>Cloud Metadata (Issue 7710)</li>
+<li>Hidden Files</li>
</ul>
</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v60/ascanrules-release-60.zap
- SHA-256:b65d4c64753c4891ee8a79432ec5e884493c55c849f4e17a6c41b9b2cd545214
+ https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v61/ascanrules-release-61.zap
+ SHA-256:d4da0e3df9985b439833987ad5515f27d7ce8a2110b1bcc6cb6b6431921b6525
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules/
https://github.com/zaproxy/zap-extensions/
- 2024-01-16
- 3279485
+ 2024-01-24
+ 3279826
2.14.0
@@ -2919,19 +2893,19 @@
Linux WebDrivers
Linux WebDrivers for Firefox and Chrome.
ZAP Dev Team
- 69
- webdriverlinux-release-69.zap
+ 70
+ webdriverlinux-release-70.zap
release
<h3>Changed</h3>
<ul>
-<li>Update geckodriver to 0.34.0. Previous version included 0.33.0.</li>
+<li>Update ChromeDriver to 121.0.6167.85.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v69/webdriverlinux-release-69.zap
- SHA-256:6d12ff0b40a65c43a96c868db3a15944a9b899c660297a09c3df0125be0d7940
+ https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v70/webdriverlinux-release-70.zap
+ SHA-256:0ca532c378a2b0eaf10be513f5026d82aef29bf15c62bd4b4019e25f6cc40220
https://www.zaproxy.org/docs/desktop/addons/linux-webdrivers/
https://github.com/zaproxy/zap-extensions/
- 2024-01-03
- 17981066
+ 2024-01-24
+ 17969025
2.14.0
webdrivermacos
@@ -2939,19 +2913,19 @@
MacOS WebDrivers
MacOS WebDrivers for Firefox and Chrome.
ZAP Dev Team
- 69
- webdrivermacos-release-69.zap
+ 70
+ webdrivermacos-release-70.zap
release
<h3>Changed</h3>
<ul>
-<li>Update geckodriver to 0.34.0. Previous version included 0.33.0.</li>
+<li>Update ChromeDriver to 121.0.6167.85.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v69/webdrivermacos-release-69.zap
- SHA-256:47b695779afa8e71131fb26039fbaa70697b5e8deaa8a596d4b5c75191ca6546
+ https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v70/webdrivermacos-release-70.zap
+ SHA-256:65c6926fb111fed3b1bd26728bf9ef841b277de40382c5c12c15af6d0bb77d76
https://www.zaproxy.org/docs/desktop/addons/macos-webdrivers/
https://github.com/zaproxy/zap-extensions/
- 2024-01-03
- 20818666
+ 2024-01-24
+ 20784691
2.14.0
webdriverwindows
@@ -2959,19 +2933,19 @@
Windows WebDrivers
Windows WebDrivers for Firefox and Chrome.
ZAP Dev Team
- 69
- webdriverwindows-release-69.zap
+ 70
+ webdriverwindows-release-70.zap
release
<h3>Changed</h3>
<ul>
-<li>Update geckodriver to 0.34.0. Previous version included 0.33.0.</li>
+<li>Update ChromeDriver to 121.0.6167.85.</li>
</ul>
- https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v69/webdriverwindows-release-69.zap
- SHA-256:7b4ecc0356f8499769285f5dea99036eec6df1ac962eec0ba443f9056737c851
+ https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v70/webdriverwindows-release-70.zap
+ SHA-256:c5a4b707161dd7c35feaf23d2b0c1bff267ddd586270e2b214b1891811b3473c
https://www.zaproxy.org/docs/desktop/addons/windows-webdrivers/
https://github.com/zaproxy/zap-extensions/
- 2024-01-03
- 18399434
+ 2024-01-24
+ 19613288
2.14.0
websocket