Download
  1. Documentation
  2. The ZAP Desktop User Guide
  3. Releases
  4. Release 2.12.0

Release 2.12.0

This is a bug fix and enhancement release, which now requires a minimum of Java 11.
As the main zaproxy/zaproxy repo has just reached 10k stars we’re calling this the ‘Ten Thousand Star’ Release!

This release fixes an HTML Injection vulnerability in the ZAP Desktop which was rated a P3 / Medium level vulnerability. While we do not think that it can be exploited in any meaningful way, desktop users are still recommended to update from older ZAP versions a.s.a.p.

These release notes do not include all of the changes included in add-ons updated since 2.11.1.

Some of the more significant enhancements include:

Network Add-On

The core networking code has been replaced by a new add-on which means changes are no longer bound to core/stable releases. This add-on uses a modern network stack which will make it much easier to support modern protocols such as HTTP/2.
In addition the following features have been added:

  • Proxy/Local Server Aliases
  • Proxy and ZAP API are no longer tied together.
  • HTTPS pass-through
  • Certificate validity period configuration

Spider Add-On

To facilitate more frequent functional enhancements and bug fixes the core Spider has been moved to an add-on which means such changes are no longer bound to core/stable releases. Other add-ons which use Traditional Spider functionality have also been re-worked to support the Spider add-on, including: Quick Start, Form Handler, GraphQL, OpenAPI, SOAP, and the Automation Framework. More details are given below.

Import/Export Add-On

The Import/Export add-on allows to import/export data (e.g. HTTP Messages, URLs) to/from ZAP, it supersedes core functionality and the following add-ons which will no longer be available in the marketplace:

  • Import files containing URLs
  • Log File Importer
  • Save Raw Message
  • Save XML Message

Database Add-On

A new add-on was introduced for database related functionality in ZAP. This add-on provides the SQLite database engine for other add-ons to use. It also adds support for the ZAP permanent database.

The permanent database allows storing information that may be used across ZAP sessions. For example, it is used by the OAST add-on to persist BOAST payloads that can be polled in future ZAP sessions to list out-of-band interactions made to the service while ZAP wasn’t running.

Multi-threaded Passive Scanner

The passive scanner has been updated to use a configurable number of threads, by default 4. This has been shown to significantly reduce the time spent processing the passive scan queue.

Bit.ly Telemetry Removal

From this release ZAP will no longer use bit.ly for any telemetry. Instead it uses our own services on the zaproxy.org domain. For full details see the FAQ: What ‘calls home’ does ZAP make?.

Scan Rule Promotions

A significant number of scan rules have been promoted in this release.

The following Active scan rules have been promoted to Release status:

The following Passive scan rules have been promoted to Release status:

The following Active scan rules have been promoted to Beta status (and will therefore now be included in the Packaged scans):

The following Passive scan rules have been promoted to Beta status (and will therefore now be included in the Packaged scans):

Dependency Updates

As usual the release includes dependency updates. Of particular note is the updated Log4j library. The previous stable release contained a Log4j library that was flagged as being vulnerable, although we believe it was not exploitable.

The following libraries were updated:

  • Commons CSV, 1.8 → 1.9.0
  • Commons Text, 1.9 → 1.10.0
  • Flatlaf 1.6 → 2.6
  • HSQLDB, 2.5.2 → 2.7.1
  • Log4j 2, 2.15.0 → 2.19.0
  • RSyntaxTextArea, 3.1.3 → 3.3.0
  • XOM, 1.3.7 → 1.3.8

The following libraries were moved out of the core and into add-ons:

  • Bouncy Castle
  • Commons Validator
  • Ice4j
  • SQLite JDBC

The following libraries were removed:

  • Commons XPath

Add-Ons

New Add-Ons

The following add-ons are included by default in this release for the first time:

  • Database - provides database engines and related infrastructure.
  • Import/Export - Import and Export functionality.
  • Requester - Allows to manually edit and send messages.
  • Spider - provides traditional spider functionality.

Updated Add-Ons

All of the add-ons included by default have been updated since the last full release.

Removed Add-Ons

The following add-ons are no longer included, having been superseded by the Import/Export add-on:

  • Import files containing URLs
  • Save Raw Message
  • Save XML Message

Desktop HTML Injection Fix

This release includes a fix to prevent HTML Injection in the ZAP Desktop GUI. Thank you to “issuefinder” for reporting this to us via our bug bounty program. The vulnerability was rated as a P3 / Medium and desktop users are recommended to update from older ZAP versions a.s.a.p.

Enhancements

  • Issue 1623 : Provide better error message when cert path validation fails
  • Issue 2280 : Import Root CA certificate via API
  • Issue 3113 : Move Spider to an add-on
  • Issue 3594 : ZAP API Ability to specify domains/addresses that API will be served from
  • Issue 4388 : Allow to configure the irrelevant parameters for the Spider
  • Issue 4673 : Allow to configure validity period of generated certificates
  • Issue 4788 : Persist column configuration in History tab
  • Issue 6001 : Context endpoint on API does not output included and excluded technologies
  • Issue 6577 : Show input vector in the alerts
  • Issue 6735 : File>Open Recent>
  • Issue 6832 : Support HTTPS pass-through
  • Issue 6916 : Add support for mandatory add-ons
  • Issue 6932 : Use new callhome add-on for CFU requests
  • Issue 6940 : Report size for installed add-ons
  • Issue 6942 : Remove parent nodes in param container panel
  • Issue 6949 : Deprecate core endpoints related to root CA cert
  • Issue 6950 : Use Network add-on to manage server certificates
  • Issue 7047 : Show source of CONNECT requests as proxy
  • Issue 7079 : Get False Positive count using alertCountsByRisk api
  • Issue 7090 : Support Info dialog user friendliness improvements (copy button)
  • Issue 7110 : Don’t allow setting invalid scan policy params
  • Issue 7135 : Spider: find more URLs in headers
  • Issue 7142 : Spider: find more URLs in HTML
  • Issue 7153 : Spider: find img longdescs
  • Issue 7159 : Spider: find applet attrs, img dynsrc/lowsrc, and input src
  • Issue 7160 : Spider: find object attrs, isindex action, audio src, and process form buttons
  • Issue 7169 : Spider: Parse Links from embed src
  • Issue 7174 : Don’t log parsing exception when request with json content type has empty body
  • Issue 7177 : Follow unencoded redirects
  • Issue 7181 : Active Scan Analyser will now be used more often
  • Issue 7190 : Populate Find dialog with selected text
  • Issue 7206 : ascan, pscan: Update enable/disable API actions
  • Issue 7207 : Add Auth. Issue Custom Page type and handling
  • Issue 7229 : Allow to generate CSRF form with custom action through the API
  • Issue 7236 : Notify listeners of all redirects followed
  • Issue 7240 : Deprecate proxy.pac core endpoint
  • Issue 7249 : Use latest proxy settings always
  • Issue 7261 : Allow to request shutdown when executing args
  • Issue 7266 : Remove single cookie request header option
  • Issue 7267 : Use latest user-agent and timeout always
  • Issue 7270 : Support passive scan threading
  • Issue 7271 : Index Alert ID in the Alert Tags Table
  • Issue 7275 : Enable reveal password functionality
  • Issue 7279 : Deprecate setproxy core endpoint
  • Issue 7291 : Use Network add-on to manage connection options
  • Issue 7299 : Spider: find table/td background, video src/poster, and img srcset
  • Issue 7300 : Confirm the deletion with the name of the context
  • Issue 7302 : Clarify History Tags vs Alert Tags
  • Issue 7304 : Use Network add-on to manage client certificates
  • Issue 7310 : Pass Control, Model, View singletons to scripts
  • Issue 7342 : Allow to hook history type info
  • Issue 7352 : Reduce passive scanner logging for messages that were deleted
  • Issue 7433 : deprecate: Core HAR API Endpoints
  • Issue 7439 : Change auth header env vars to use ScriptVars
  • Issue 7441 : Set the filename script attribute
  • Issue 7443 : Attempt to provide more script error details
  • Issue 7456 : Allow arbitrary HTTP versions
  • Issue 7459 : Disable/deprecate the Manual Request Editor
  • Issue 7463 : Add persistent callbacks
  • Issue 7473 : Remove SQLite dependency
  • Issue 7475 : Clear pscan queue option
  • Issue 7488 : L&F which disables HTML JLabels by default
  • Issue 7500 : Exclude browser/OS updates by default

Spider Add-on

The following table illustrates the differences/improvements versus the 2.11/2.11.1 release(s).

Before After
Base - Proper handling Base - Proper handling
A, Link, Area - ‘href’ attribute A, Link, Area - ‘href’ attribute
Frame, IFrame, Script, Img - ‘src’ attribute Applet, Audio, Embed, Frame, IFrame, Input, Script, Img, Video - ‘src’ attribute
Meta - ‘http-equiv’ for ’location’ and ‘refresh’ Meta - ‘http-equiv’ for ’location’, ‘refresh’ and ‘Content-Security-Policy’, ’name’ for ‘msapplication-config’
Applet - ‘codebase’, ‘archive’ attributes
Img - ’longdesc’, ’lowsrc’, ‘dynsrc’, ‘srcset’ attributes
Isindex - ‘action’ attribute
Object - ‘codebase’, ‘data’ attributes
Svg - ‘href’ and ‘xlink:href’ attributes of ‘image’ and ‘script’ elements
Table - ‘background’ attribute
Video - ‘poster’ attribute
Form - proper handling of Forms with both GET and POST method. The fields values are generated validly, including HTML 5.0 input types. Form - proper handling of Forms with both GET and POST method. The fields values are generated validly, including HTML 5.0 input types ‘form’, ‘formaction’, ‘formmethod’ attributes of buttons are also respected.
Comments - Valid tags found in comments are also analyzed, if specified in the Options Spider screen Comments - Valid tags found in comments are also analyzed, if specified in the Options Spider screen
Import - ‘implementation’ attribute
Inline string - ‘p’, ’title’, ’li’, ‘h1’, ‘h2’, ‘h3’, ‘h4’, ‘h5’, ‘h6’, and ‘blockquote’ tags
SVG image files are parsed to identify HREF attributes and extract/resolve any contained links.

Requester Add-On

The Manual Request Editor and Resend dialogues were moved to the Requester add-on. This add-on will now provide the base infrastructure for add-ons to edit and send messages, the following add-ons are now using the Requester add-on: Plug-n-Hack Configuration (Client Messages) and WebSockets.

The Requester tab was also updated to provide the same functionalities that the dialogues provide.

Bug fixes

  • Issue 541 : Break panel icons do not resize
  • Issue 5223 : Missing parts on Transfer-Encoding: chunked request
  • Issue 5637 : Unable to select options panel with duplicated name
  • Issue 5791 : Big messages cause GUI to freeze
  • Issue 5815 : Weird delay with chunked encoding and HTTPS status 401?
  • Issue 5935 : Path input vector not properly encoding values
  • Issue 6509 : Passive Scan tag html_mailto performance issues
  • Issue 6947 : Fix webswing detection
  • Issue 6992 : Graal Engine Issue with Multi Threaded Access
  • Issue 7059 : Fix Stats Concurrent access bug
  • Issue 7076 : Set parent of warning messages in param dialogue
  • Issue 7085 : API - Do not require Authentication Realm and use default value
  • Issue 7134 : Scan Policy Manager Policy multiplies while modifying the name
  • Issue 7171 : Loss of new line chars for GZIP HTTP responses returned by the API
  • Issue 7221 : Default policy on start up not using edited policy rules
  • Issue 7228 : Scan Rule with empty name in the Scan Progress window and Scan Policy window
  • Issue 7269 : Fix get all alert tags
  • Issue 7276 : Correct Enable/Disable All buttons enabled state
  • Issue 7280 : Fix escaping on API param desc for setContextCheckingStrategy
  • Issue 7286 : Centre dialogue on screen if no owner
  • Issue 7292 : Client connection kept open longer than it should after forwarding response
  • Issue 7332 : Fix PatternSyntaxException in Analyser
  • Issue 7423 : `File`>`Persist Session…` should be disabled with open session
  • Issue 7424 : Install/update add-ons first in automation
  • Issue 7432 : sites tree: Invalidate href cache on session open
  • Issue 7436 : Invalid session path causes ZAP to fail to start
  • Issue 7464 : Restore component/view on configuration load
  • Issue 7471 : site node: use contains check for DDN prefix
  • Issue 7484 : Using the Active Scan for GET targets sends a ‘Content-Length’ header

ZAP API Breaking Changes:

VIEW alert / alertCountsByRisk

The returned data now includes the False Positive count. This change may break existing consumers as the number of expected alerts might no longer be the same. For example, if a Medium risk alert is marked as False Positive, the structure of returned data will be:

{"High":0,"Low":3,"Medium":0,"Informational":2,"False Positive":1}

instead of:

{"High":0,"Low":3,"Medium":1,"Informational":2}

Endpoints With Response Changes

The following endpoints used to return “OK” for all inputs. They now return suitable error messages (such as “does_not_exist” or “illegal_parameter”) when the inputs are invalid.

  • ACTION ascan / enableScanners
  • ACTION ascan / disableScanners
  • ACTION ascan / setEnabledPolicies
  • ACTION pscan / enableScanners
  • ACTION pscan / disableScanners

ZAP API New Endpoints:

  • ACTION pscan / clearQueue

ZAP API Deprecated Endpoints:

The following endpoints have been superseded by the Import/Export add-on:

  • OTHER core / messageHar
  • OTHER core / messagesHar
  • OTHER core / messagesHarById
  • OTHER core / sendHarRequest

The following endpoints have been superseded by the Network add-on:

  • ACTION core / addProxyChainExcludedDomain
  • ACTION core / disableAllProxyChainExcludedDomains
  • ACTION core / enableAllProxyChainExcludedDomains
  • ACTION core / enablePKCS12ClientCertificate
  • ACTION core / disableClientCertificate
  • ACTION core / generateRootCA
  • ACTION core / modifyProxyChainExcludedDomain
  • ACTION core / removeProxyChainExcludedDomain
  • ACTION core / setOptionDefaultUserAgent
  • ACTION core / setOptionDnsTtlSuccessfulQueries
  • ACTION core / setOptionHttpStateEnabled
  • ACTION core / setOptionProxyChainName
  • ACTION core / setOptionProxyChainPassword
  • ACTION core / setOptionProxyChainPort
  • ACTION core / setOptionProxyChainPrompt
  • ACTION core / setOptionProxyChainRealm
  • ACTION core / setOptionProxyChainSkipName
  • ACTION core / setOptionProxyChainUserName
  • ACTION core / setOptionSingleCookieRequestHeader
  • ACTION core / setOptionTimeoutInSecs
  • ACTION core / setOptionUseProxyChain
  • ACTION core / setOptionUseProxyChainAuth
  • ACTION core / setOptionUseSocksProxy
  • ACTION localProxies / addAdditionalProxy
  • ACTION localProxies / removeAdditionalProxy
  • OTHER core / proxy.pac
  • OTHER core / rootCaCert
  • OTHER core / setproxy
  • VIEW core / optionDefaultUserAgent
  • VIEW core / optionDnsTtlSuccessfulQueries
  • VIEW core / optionHttpState
  • VIEW core / optionHttpStateEnabled
  • VIEW core / optionProxyChainName
  • VIEW core / optionProxyChainPassword
  • VIEW core / optionProxyChainPort
  • VIEW core / optionProxyChainPrompt
  • VIEW core / optionProxyChainRealm
  • VIEW core / optionProxyChainUserName
  • VIEW core / optionSingleCookieRequestHeader
  • VIEW core / optionTimeoutInSecs
  • VIEW core / optionUseProxyChain
  • VIEW core / optionUseProxyChainAuth
  • VIEW core / optionUseSocksProxy
  • VIEW core / proxyChainExcludedDomains
  • VIEW localProxies / additionalProxies

Binary Incompatible Changes

The following classes (all of which were deprecated more than 5 years ago) have been removed:

  • org.parosproxy.paros.common.FileXML
  • org.parosproxy.paros.core.proxy.SenderThread
  • org.parosproxy.paros.core.proxy.SenderThreadListener
  • org.parosproxy.paros.core.proxy.StreamForwarder
  • org.parosproxy.paros.core.scanner.AbstractDefaultFilePlugin
  • org.parosproxy.paros.extension.history.BrowserDialog
  • org.parosproxy.paros.extension.history.PopupMenuResend
  • org.parosproxy.paros.extension.history.PopupMenuResendSites
  • org.parosproxy.paros.model.HistoryList
  • org.parosproxy.paros.model.HttpMessageList
  • org.parosproxy.paros.network.ByteVector
  • org.parosproxy.paros.network.ProxyExcludedDomainMatcher
  • org.zaproxy.zap.extension.brk.BreakpointMessageHandler
  • org.zaproxy.zap.extension.brk.ExtensionBreak$DialogType
  • org.zaproxy.zap.extension.history.PopupMenuShowInHistory
  • org.zaproxy.zap.extension.stdmenus.PopupMenuSpiderContext
  • org.zaproxy.zap.extension.stdmenus.PopupMenuSpiderContextAsUser
  • org.zaproxy.zap.extension.stdmenus.PopupMenuSpiderDialog
  • org.zaproxy.zap.extension.stdmenus.PopupMenuSpiderScope
  • org.zaproxy.zap.extension.stdmenus.PopupMenuSpiderSite
  • org.zaproxy.zap.extension.stdmenus.PopupMenuSpiderSubtree
  • org.zaproxy.zap.extension.stdmenus.PopupMenuSpiderURL
  • org.zaproxy.zap.extension.stdmenus.PopupMenuSpiderURLAsUser
  • org.zaproxy.zap.httputils.RequestUtils
  • org.zaproxy.zap.view.HistoryReferenceTableModel
  • org.zaproxy.zap.view.MessagePanelsPositionController
  • org.zaproxy.zap.view.PopupMenuHistoryReference
  • org.zaproxy.zap.view.PopupMenuHttpMessage
  • org.zaproxy.zap.view.PopupMenuSiteNode

The following methods (all of which were deprecated more than 5 years ago) have been removed:

  • org.parosproxy.paros.CommandLine#getConfigs()
  • org.parosproxy.paros.control.Control#createAndOpenUntitledDb()
  • org.parosproxy.paros.core.proxy.ProxyParam#isModifyAcceptEncodingHeader()
  • org.parosproxy.paros.core.proxy.ProxyParam#setModifyAcceptEncodingHeader(boolean)
  • org.parosproxy.paros.core.scanner.Alert#getAlert()
  • org.parosproxy.paros.core.scanner.Alert#getReliability()
  • org.parosproxy.paros.core.scanner.Alert#setAlert(java.lang.String)
  • org.parosproxy.paros.core.scanner.Alert#setDetail(java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,org.parosproxy.paros.network.HttpMessage)
  • org.parosproxy.paros.core.scanner.Alert#setRiskReliability(int,int)
  • org.parosproxy.paros.core.scanner.HostProcess#setPluginRequestCount(int,int)
  • org.parosproxy.paros.core.scanner.HostProcess#setTestCurrentCount(org.parosproxy.paros.core.scanner.Plugin,int)
  • org.parosproxy.paros.core.scanner.PluginFactory#loadedPlugin(java.lang.String)
  • org.parosproxy.paros.core.scanner.PluginFactory#unloadedPlugin(java.lang.String)
  • org.parosproxy.paros.core.scanner.VariantAbstractQuery#setParams(int,java.util.Map)
  • org.parosproxy.paros.db.paros.ParosTableHistory#getHistoryList(long)
  • org.parosproxy.paros.db.paros.ParosTableHistory#getHistoryList(long,int)
  • org.parosproxy.paros.db.paros.ParosTableHistory#setHistoryTypeAsTemporary(int)
  • org.parosproxy.paros.db.paros.ParosTableHistory#unsetHistoryTypeAsTemporary(int)
  • org.parosproxy.paros.db.RecordAlert#getReliability()
  • org.parosproxy.paros.db.RecordAlert#setReliability(int)
  • org.parosproxy.paros.extension.ExtensionPopupMenuItem#isSuperMenu()
  • org.parosproxy.paros.extension.history.ExtensionHistory#clearLogPanelDisplayQueue()
  • org.parosproxy.paros.extension.history.LogPanel#clearDisplayQueue()
  • org.parosproxy.paros.extension.history.LogPanel#LogPanel()
  • org.parosproxy.paros.extension.history.LogPanel#setDisplayPanel(org.zaproxy.zap.extension.httppanel.HttpPanel,org.zaproxy.zap.extension.httppanel.HttpPanel)
  • org.parosproxy.paros.extension.option.OptionsParamView#getShowMainToolbar()
  • org.parosproxy.paros.extension.option.OptionsParamView#setShowMainToolbar(int)
  • org.parosproxy.paros.model.Session#addGlobalExcludeURLRegexs(java.lang.String)
  • org.parosproxy.paros.model.Session#setGlobalExcludeURLRegexs(java.util.List)
  • org.parosproxy.paros.network.ConnectionParam#getProxyChainSkipName()
  • org.parosproxy.paros.network.ConnectionParam#setProxyChainSkipName(java.lang.String)
  • org.parosproxy.paros.view.AbstractFrame#loadIconImages()
  • org.parosproxy.paros.view.MainFrame#changeDisplayOption(int)
  • org.parosproxy.paros.view.MainFrame#MainFrame(int)
  • org.parosproxy.paros.view.View#getDisplayOption()
  • org.parosproxy.paros.view.View#getMessagePanelsPositionController()
  • org.parosproxy.paros.view.View#setDisplayOption(int)
  • org.parosproxy.paros.view.WorkbenchPanel#changeDisplayOption(int)
  • org.parosproxy.paros.view.WorkbenchPanel#getTabbedOldSelect()
  • org.parosproxy.paros.view.WorkbenchPanel#getTabbedOldStatus()
  • org.parosproxy.paros.view.WorkbenchPanel#getTabbedOldWork()
  • org.parosproxy.paros.view.WorkbenchPanel#removeSplitPaneWork()
  • org.parosproxy.paros.view.WorkbenchPanel#setTabbedOldSelect(org.zaproxy.zap.view.TabbedPanel2)
  • org.parosproxy.paros.view.WorkbenchPanel#setTabbedOldStatus(org.zaproxy.zap.view.TabbedPanel2)
  • org.parosproxy.paros.view.WorkbenchPanel#setTabbedOldWork(org.zaproxy.zap.view.TabbedPanel2)
  • org.parosproxy.paros.view.WorkbenchPanel#splitPaneWorkWithTabbedPanel(org.parosproxy.paros.view.TabbedPanel,int)
  • org.parosproxy.paros.view.WorkbenchPanel#WorkbenchPanel(int)
  • org.zaproxy.zap.control.AddOn#AddOn(java.io.File)
  • org.zaproxy.zap.control.AddOn#AddOn(java.lang.String)
  • org.zaproxy.zap.control.AddOn#canLoad()
  • org.zaproxy.zap.control.AddOn#isAddOn(java.io.File)
  • org.zaproxy.zap.control.AddOn#isAddOn(java.lang.String)
  • org.zaproxy.zap.control.ControlOverrides#getConfigs()
  • org.zaproxy.zap.control.ControlOverrides#setConfigs(java.util.Hashtable)
  • org.zaproxy.zap.db.sql.SqlTableHistory#setHistoryTypeAsTemporary(int)
  • org.zaproxy.zap.db.sql.SqlTableHistory#unsetHistoryTypeAsTemporary(int)
  • org.zaproxy.zap.extension.api.DotNetAPIGenerator#generateCSharpFiles(java.util.List)
  • org.zaproxy.zap.extension.api.GoAPIGenerator#generateGoFiles(java.util.List)
  • org.zaproxy.zap.extension.api.JavaAPIGenerator#generateJavaFiles(java.util.List)
  • org.zaproxy.zap.extension.api.NodeJSAPIGenerator#generateNodeJSFiles(java.util.List)
  • org.zaproxy.zap.extension.api.PhpAPIGenerator#generatePhpFiles(java.util.List)
  • org.zaproxy.zap.extension.api.PythonAPIGenerator#generatePythonFiles(java.util.List)
  • org.zaproxy.zap.extension.api.WikiAPIGenerator#generateWikiFiles(java.util.List)
  • org.zaproxy.zap.extension.ascan.ActiveScan#updatePluginRequestCounts()
  • org.zaproxy.zap.extension.autoupdate.AddOnsTableModel#AddOnsTableModel(java.util.Comparator,org.zaproxy.zap.control.AddOnCollection,int)
  • org.zaproxy.zap.extension.brk.ExtensionBreak#canAddBreakpoint()
  • org.zaproxy.zap.extension.brk.ExtensionBreak#canEditBreakpoint()
  • org.zaproxy.zap.extension.brk.ExtensionBreak#canRemoveBreakpoint()
  • org.zaproxy.zap.extension.brk.ExtensionBreak#dialogClosed()
  • org.zaproxy.zap.extension.brk.ExtensionBreak#dialogShown(org.zaproxy.zap.extension.brk.ExtensionBreak$DialogType)
  • org.zaproxy.zap.extension.brk.ExtensionBreak#getBreakPanel()
  • org.zaproxy.zap.extension.ExtensionPopupMenu#prepareShow()
  • org.zaproxy.zap.extension.history.PopupMenuPurgeSites#purge(org.parosproxy.paros.model.SiteMap,org.parosproxy.paros.model.SiteNode)
  • org.zaproxy.zap.extension.pscan.ExtensionPassiveScan#addPassiveScanner(java.lang.String)
  • org.zaproxy.zap.extension.pscan.PassiveScanThread#PassiveScanThread( org.zaproxy.zap.extension.pscan.PassiveScannerList, org.parosproxy.paros.extension.history.ExtensionHistory, org.zaproxy.zap.extension.alert.ExtensionAlert)
  • org.zaproxy.zap.extension.search.SearchPanel#SearchPanel()
  • org.zaproxy.zap.extension.search.SearchPanel#setDisplayPanel(org.zaproxy.zap.extension.httppanel.HttpPanelRequest,org.zaproxy.zap.extension.httppanel.HttpPanelResponse)
  • org.zaproxy.zap.extension.spider.SpiderScan#SpiderScan( org.zaproxy.zap.extension.spider.ExtensionSpider, org.zaproxy.zap.spider.SpiderParam, org.zaproxy.zap.model.Target, org.apache.commons.httpclient.URI, org.zaproxy.zap.users.User, int)
  • org.zaproxy.zap.extension.spider.SpiderThread#SpiderThread( org.zaproxy.zap.extension.spider.ExtensionSpider, org.zaproxy.zap.spider.SpiderParam, java.lang.String, org.zaproxy.zap.model.ScanListenner)
  • org.zaproxy.zap.spider.Spider#Spider(org.zaproxy.zap.extension.spider.ExtensionSpider,org.zaproxy.zap.spider.SpiderParam,org.parosproxy.paros.network.ConnectionParam,org.parosproxy.paros.model.Model,org.zaproxy.zap.model.Context)
  • org.zaproxy.zap.spider.SpiderParam#getScope()
  • org.zaproxy.zap.spider.SpiderParam#getScopeText()
  • org.zaproxy.zap.spider.SpiderParam#setScopeString(java.lang.String)
  • org.zaproxy.zap.view.ContextExcludePanel#getPanelName(org.zaproxy.zap.model.Context)
  • org.zaproxy.zap.view.ContextIncludePanel#getPanelName(org.zaproxy.zap.model.Context)
  • org.zaproxy.zap.view.MainToolbarPanel#setDisplayOption(int)
  • org.zaproxy.zap.view.ScanPanel2#ScanPanel2(java.lang.String, javax.swing.ImageIcon, org.zaproxy.zap.model.ScanController, org.parosproxy.paros.common.AbstractParam)
  • org.zaproxy.zap.view.TabbedPanel2#clone(org.zaproxy.zap.view.TabbedPanel2)

The following fields (all of which were deprecated more than 5 years ago) have been removed:

  • org.parosproxy.paros.Constant#FILE_CONFIG_DEFAULT
  • org.parosproxy.paros.Constant#VULNS_BASE
  • org.parosproxy.paros.core.scanner.Alert#MSG_RELIABILITY
  • org.parosproxy.paros.core.scanner.Alert#SUSPICIOUS
  • org.parosproxy.paros.core.scanner.Alert#WARNING
  • org.parosproxy.paros.model.HistoryReference#TYPE_RESERVED_11
  • org.parosproxy.paros.view.View#DISPLAY_OPTION_BOTTOM_FULL
  • org.parosproxy.paros.view.View#DISPLAY_OPTION_LEFT_FULL
  • org.parosproxy.paros.view.View#DISPLAY_OPTION_TOP_FULL
  • org.zaproxy.zap.extension.ascan.ActiveScanPanel#PANEL_NAME
  • org.zaproxy.zap.extension.search.SearchPanel#PANEL_NAME

See Also

Introduction the introduction to ZAP
Releases the full set of releases
Credits the people and groups who have made this release possible