Issue 3878 : Support persistent connections in the API.Issue 3871 : Default to checking for updates on start.Issue 3851 : Spider New Scan UI Consistency.Issue 3837 : Add anoncsrf as anticsrf token name.Issue 3836 : Allow IPv6 loopback address to access the API by default.Issue 3818 : Change right-click “Resend…” to “Send to Manual Request Editor”.Issue 3810 : Add JSON output support to zap-full-scan.py.Issue 3808 : added bare docker image file.Issue 3793 : Allow to filter Keyboard options panel.Issue 3787 : Added passive scan timeout.Issue 3782 : Add msg and alert count to active scans API view.Issue 3769 : Add Check for Updates toolbar button.Issue 3765 : Show alert count in Scan Progress dialogue.Issue 3739 : Allow to skip pending scanners.Issue 3733 : Ascan API - Return alert count for each scanner.Issue 3727 : Sites Tree Alpha Sort should ignore HTTP Method.Issue 3714 : Spider - report # of new endpoints discovered.Issue 3700 : Ensure panel with validation errors is visible.Issue 3691 : Modernized and refined HTML reports.Issue 3688 : Show scanner’s ID/name in Alert tab.Issue 3686 : Allow to select alert’s CWE/WASC IDs and Source.Issue 3681 : Use number spinner for connection timeout.Issue 3676 : Enhancement: Delete single Alert using the api.Issue 3626 : Allow to delete messages with keyboard shortcut.Issue 3619 : Show plugin as OFF, in policy panels, if disabled.Issue 3599 : Always attack Data Driven Nodes.Issue 3595 : Print args and error msg when failed to parse args.Issue 3587 : Allow to use system’s locale for formatting.Issue 3574 : Show the add-on name in Extensions panel.Issue 3559 : ZAP API option to output report in JSON format.Issue 3552 : Expose message’s tags through the ZAP API.Issue 3539 : Enhancement: Collect messages to scan before active scanning.Issue 3533 : Additional Table Export Buttons.Issue 3529 : Allow to add tags with Passive Rules.Issue 3527 : Update baseline script to support python 3.Issue 3521 : Enhancement Request: Add Filter To Passive Scan Rules Options Panel.Issue 3514 : Allow to obtain multiple messages by ID. Issue 3508 : Use newer ECMAScript engine if available.Issue 3500 : Allow to manage messages’ tags in multiple tabs.Issue 3498 : Minor Enhancement: Support Same Columns in as History Tab.Issue 3476 : Allow passive rules to choose the type of msgs.Issue 3461 : Enhancement: Browse API Doesn’t work when browser isn’t using ZAP as proxy.Issue 3460 : Enhancement: Provide help finding the Log directory in the UI.Issue 3457 : Allow to filter core view “urls” by base URL.Issue 3446 : Enhancement: Add ability to export a Site Map via Context Menu.Issue 3443 : Expose Alerts options through the ZAP API.Issue 3408 : Improve error handling when resetting the options.Issue 3404 : Add new Default CSRF Token for OWASP CSRF Guard.Issue 3398 : Increase limit of global script variables’ value.Issue 3395 : Add option to spider anonymously with a session.Issue 3392 : Show all messages sent by the Spider.Issue 3387 : Allow esc to close AbstractFormDialog.Issue 3374 : Adjust to more user favorable column widths.Issue 3367 : Expose ZAP’s home dir path through the ZAP API.Issue 3365 : Enhancement: Additional Global Exclude default patterns.Issue 3156 : Use G1 as default garbage collector.Issue 3101 : Allow add-ons to use Semantic Versioning.Issue 2615 : Filtering ZAP Reports to Show High Risk Items.Issue 2411 : Warn if dynamic SSL root CA certificate is expired.Issue 1681 : Change ‘Active Scan’ to show the last n requests instead of the first ones.Issue 1620 : Add endpoint to get number of alerts grouped by risk level.Issue 1604 : Import policy file via API.Issue 1313 : Spider - Allow to configure the size limit of parseable responses.Issue 1015 : Support Server Name Indication.Note that if you do have any problems with this release then there is also a new ‘Help/Support Info…’ menu item that provides essential information about your ZAP installation which you should include with any issues you raise. Lots of new API endpoints - see below for details.Updated NTLM engine implementation - this fixes the cases where the domain is being validated and improves interoperability with other (server) NTLM implementations.Allow ZAP to listen on multiple addresses/ports.Browser launch included by default - this allows you to launch browsers from ZAP that are preconfigured to proxy through ZAP and ignore the certificate warnings due to the ZAP root certificate.Some of the more significant enhancements include: This is a bug fix and enhancement release, which requires a minimum of Java 8.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |