Skip to content

@thc202 thc202 released this Jan 23, 2020 · 5 commits to develop since this release

Release Notes

Added

  • Core APIs.
  • APIs from add-ons:
  • Access Control Testing;
  • Export Report;
  • Revisit;
  • Wappalyzer - Technology Detection.

Changed

  • Core APIs updated for ZAP version 2.9.0.
  • Update APIs from add-ons:
  • Alert Filters;
  • OpenAPI Support;
  • Replacer.

Available Libraries

The following libraries are available in this release:

  • zap-api-1.8.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
  • zap-clientapi-1.8.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
  • zap-clientapi-ant-1.8.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.9.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Assets 5

@thc202 thc202 released this Jun 13, 2019 · 21 commits to develop since this release

Release Notes

Added

  • Add API for SOAP Scanner add-on, version 3.

Changed

  • Core APIs updated for ZAP version 2.8.0.
  • Update Replacer API, per release of version 7.
  • Update Websocket API, per release of version 19.
  • Update Selenium API, per release of version 15.0.0.
  • Add description to Importurls and AlertFilter API endpoints.

Fixed

  • Disable XXE processing when parsing ZAP API responses.
  • Ensure alerts file is always closed.

Available Libraries

The following libraries are available in this release:

  • zap-api-1.7.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
  • zap-clientapi-1.7.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
  • zap-clientapi-ant-1.7.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.8.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Assets 5

@thc202 thc202 released this Apr 10, 2018 · 76 commits to develop since this release

Release Notes

Changes

  • Explicitly disable HTTP caching, to always obtain a fresh response from ZAP.

New APIs

  • WebSockets ("websocket").

Available Libraries

The following libraries are available in this release:

  • zap-api-1.6.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
  • zap-clientapi-1.6.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
  • zap-clientapi-ant-1.6.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.7.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Assets 5

@thc202 thc202 released this Nov 30, 2017 · 97 commits to develop since this release

Release Notes

Updated APIs

  • Core APIs updated for ZAP version 2.7.0.

Available Libraries

The following libraries are available in this release:

  • zap-api-1.5.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
  • zap-clientapi-1.5.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
  • zap-clientapi-ant-1.5.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.7.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Assets 5

@thc202 thc202 released this Jul 13, 2017 · 109 commits to develop since this release

Release Notes

Ant Tasks

  • New task to create ZAP reports:
    <!-- Defined the task: -->
    <taskdef name="reportTask" classname="org.zaproxy.clientapi.ant.ReportTask" />
    <!-- Call the task: -->
    <reportTask zapAddress="localhost" zapPort="8080" apikey="API-KEY"
        type="html" file="report.html" overwrite="true" />
        <!--
            type - the type/format of the report (e.g. HTML, XML, MD), defaults to HTML.
            file - where the report should be created (can be an absolute path, if relative it is resolved against the build directory).
            overwrite - if the file should be overwritten.
        -->

Available Libraries

The following libraries are available in this release:

  • zap-clientapi-ant-1.4.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.6.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Assets 3

@thc202 thc202 released this Jun 23, 2017 · 116 commits to develop since this release

Release Notes

New APIs

  • Import files containing URLs ("importurls").
  • OpenAPI Support ("openapi").
  • Replacer ("replacer").

Ant Tasks

  • Update scan tasks to wait for the corresponding scan to finish.

Available Libraries

The following libraries are available in this release:

  • zap-api-1.3.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
  • zap-clientapi-1.3.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
  • zap-clientapi-ant-1.3.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.6.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Assets 5

@thc202 thc202 released this Mar 29, 2017 · 133 commits to develop since this release

Release Notes

Updated APIs

  • Core APIs updated for ZAP version 2.6.0.
  • AJAX Spider API
    • Allows to obtain the full results of a scan, messages in/out of scope and message with I/O errors.

Available Libraries

The following libraries are available in this release:

  • zap-api-1.2.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
  • zap-clientapi-1.2.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
  • zap-clientapi-ant-1.2.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.6.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Assets 5

@thc202 thc202 released this Mar 23, 2017 · 145 commits to develop since this release

Release Notes

Bug Fixes

  • Fixed a bug that prevented the new API methods (that don't require the API key) from being used with ZAP versions <= 2.5.0.

Available Libraries

The following libraries are available in this release:

  • zap-api-1.1.1.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
  • zap-clientapi-1.1.1.jar - contains just the Java API client implementation (similar to library available in Maven Central);
  • zap-clientapi-ant-1.1.1.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.5.0 and above.

Assets 5

@thc202 thc202 released this Mar 23, 2017 · 148 commits to develop since this release

Release Notes

Enhancements

  • The ClientApi now allows to set the API key through the constructor, which ensures that the API key is sent whenever required. The API methods that allowed to pass the API key were deprecated in favour of using the new constructor.
  • It's now possible to specify the API key in all Ant tasks.
  • It's now possible to obtain the keys of the values of an ApiResponseSet (also, deprecated unused/unnecessary constructor and method).
  • The Alert now exposes the alert ID, message ID and scanner ID.
  • Added confidence "False Positive" (enum Alert.Confidence).
  • Alert and AlertTask now use name instead of alert for the name of the alert (zaproxy/zaproxy#1341), older methods were deprecated.

Bug Fixes

New APIs

Updated APIs

  • AJAX Spider API
    • Allows to scan a context, as a user and just a subtree.
  • Selenium API
    • Allows to choose which Firefox binary is used and set the path to geckodriver.

Available Libraries

The following libraries are available in this release:

  • zap-api-1.1.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
  • zap-clientapi-1.1.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
  • zap-clientapi-ant-1.1.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.5.0 and above.

Assets 5

@thc202 thc202 released this Jun 3, 2016 · 197 commits to master since this release

The following libraries are available in this release:

  • zap-api-1.0.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
  • zap-clientapi-1.0.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
  • zap-clientapi-ant-1.0.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.5.0 and above.

Assets 5
You can’t perform that action at this time.