Skip to content


psiinon edited this page Jun 3, 2015 · 1 revision

Release 2.2.0

The following changes were made in this release:

Major changes:

Issue 717 : Scripts: support multiple scripts and embedding within ZAP components

Support for Mozilla Zest:

Support for Mozilla Plug-n-Hack:

Support for scanning headers as well as JSON and XML formats

Minor changes:

Issue 711 : Support scanning of XML requests

Issue 713 : Add CWE and WASC numbers to issues

Issue 719 : Custom http break points with more options

Issue 738 : Options to hide tabs / windows

Issue 750 : Upgrade script console to support non textbased scripting languages

Issue 752 : Create a new root CA when first run

Issue 775 : Allow host to be set via the command line

Bug Fixes:

Issue 555 : Http panels default to hex view

Issue 599 : The save session api does not allow to overwrite session already has same name

Issue 630 : URLCanonicalizer.getCanonicalURL produces URIs "half" decoded

Issue 631 : URLCanonicalizer.buildCleanedParametersURIRepresentation returns URIs in percent-encoded form and decoded

Issue 652 : Shutdown after a big scan takes too long (deleting ascan records)

Issue 655 : API encoding issues

Issue 665 : NullPointerException while proxying with a URI with an empty path component

Issue 666 : JSONException while calling an API action without the required parameter(s)

Issue 669 : Certificate algorithm constraints in Java 1.7

Issue 674 : Add HttpSessionAPI to ApiGeneratorUtils

Issue 685 : Add dummy file to "fuzzers" directory

Issue 686 : Log HttpException (as error) in the ProxyThread

Issue 687 : Change HTTP response header parser to be less strict

Issue 690 : Context Authentication URLs don't fail manual overwriting.

Issue 691 : Handle old plugins

Issue 692 : Report the version of java found by

Issue 693 : Command line should show all options

Issue 694 : API UI fails on IE

Issue 695 : Sites tree doesnt clear on new session created by API

Issue 696 : Change "Ajax Spider" add-on options to use ZapNumberSpinner

Issue 697 : API action "proxy.pac" might return wrong domain/port

Issue 698 : Passive Scanner API view "recordsToScan" returns -1 after finish scanning the messages

Issue 699 : Fix HTML errors in the help pages

Issue 702 : Do not load newer add-on versions if they are not targeted for the running ZAP version

Issue 703 : Add-on ZAP version constraints "not-before-version" and "not-from-version" are not respected for already "installed" add-ons

Issue 706 : ZAP API doesn't parse correctly query parameters with "&" characters

Issue 710 : URLCanonicalizer.getCanonicalURL fails to correctly parse query parameters with "&" and "=" characters

Issue 712 : HttpSessions API action "setSessionTokenValue" should add the session token name to the site's session tokens

Issue 720 : Cannot send non standard http methods

Issue 721 : Non POST and PUT requests receive a 504 when server expects a request body

Issue 724 : Do not clone the alert's message that will be shown in message panels

Issue 725 : Clear alert's panel fields

Issue 726 : Catch active scanner variants' exceptions

Issue 727 : Name of automatically created HTTP sessions is always in English

Issue 728 : Allow to create a session with a given name through the HttpSessions API

Issue 729 : Update NTLM authentication code

Issue 730 : MissingResourceException while selecting a disabled extension (from an add-on) in the "Extensions" options panel

Issue 731 : MissingResourceException with ExtensionFuzz enabled and ExtensionBruteForce disabled

Issue 736 : Change add-on class loading strategy to parent-last

Issue 737 : Restore "Ajax spider" add-on dependencies

Issue 756 : Allow Context Panels intercommunication

Issue 763 : XML report empty when used in daemon mode

Issue 764 : HTTP fuzz results dont support right click menus

Issue 766 : Searching fuzz results doesnt include the header

Issue 767 : HTTP Session API could be less strict

Issue 772 : Restructuring of Saving/Loading Context Data

Issue 774 : Build doesnt include scripts directory

Issue 776 : Allow add-ons to warn user if they're closing ZAP with unsaved resources open

Issue 777 : Unable to cancel changes when using Include in/Exclude from Context

Issue 782 : NoSuchMethodError when excluding a WebSocket channel URL from context

Issue 785 : Change to cope with Java 1.8

Issue 786 : Snapshot session menu item not working

See also

     Introduction the introduction to ZAP
     Releases the full set of releases
     Credits the people and groups who have made this release possible
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.