Release 2.1.0

The following changes were made in this release:

Minor changes:

Issue 355: Allow Positional Fuzzing

Issue 475: Http Sessions custom cookie value

Issue 484: Check java version in zap.sh

Issue 496: Allow to see the request and response at the same time in the main window

Issue 505: Http Session API Implementation

Issue 515: Change add-ons to make use of automatic load of messages

Issue 516: Change add-ons messages keys to have unique prefix

Issue 518: Add OData support

Issue 537: Option to Force Browse files/resources with user-defined extensions

Issue 538: Allow non sequential lines to be selected in the history log

Issue 542: browse api - prompt window to enable

Issue 551: Add csrfmiddlewaretoken to list of default Anti csrf tokens

Issue 552: Make ZapPortNumberSpinner a subclass of ZapNumberSpinner

Issue 553: Add option to filter alerts by scope

Issue 561: Copy URLs right click option

Issue 566: Abstract class for creating generic popups

Issue 568: Allow extensions to run from the command line

Issue 569: Allow Spider Scan to start without prior visit

Issue 587: Upgrade to JBroFuzz 2.5

Issue 592: Do not show the main pop up menu if it doesn't have visible pop up menu items

Issue 597: Shown "Author" field on available add-ons ("Marketplace" tab)

Issue 602: Allow to (explicitly) choose the file type when exporting URLs to file

Issue 621: Handle requests to the proxy URL (and generate a PAC file)

Issue 638: Persist and snapshot sessions instead of saving them

Bug Fixes:

Issue 150: java.io.IOException at org.owasp.jbrofuzz.system.Logger.checkOrCreateDirs

Issue 205: A previously saved option (Toolbar) is not set on start up when "Prompt for proxy credentials on start up" is checked.

Issue 317: Move (or protect) the 'Bin' button

Issue 452: API - shutdown asynchronously

Issue 488: Fuzz categories available for the default category not updated after installing/uninstalling an add-on (with fuzz files)

Issue 490: Re-authentication only works with the active scanner

Issue 499: NullPointerException while uninstalling an add-on with a manual request editor

Issue 500: NullPointerException while uninstalling an add-on manually installed

Issue 501: ExtensionFactory keeps references to uninstalled add-ons (with extensions)

Issue 502: Manually installed add-ons don't remain installed

Issue 504: Table of installed add-ons may not update after manually installing an add-on

Issue 507: Quick start tab doesnt have a scroll pane

Issue 508: Some add-ons are not unloading all its components when uninstalled

Issue 509: Remove add-on ResourceBundle when an add-on is uninstalled

Issue 510: Remove add-on HelpSet when an add-on is uninstalled

Issue 511: Allow add-ons to remove footer status labels

Issue 512: Allow to remove the footer status label added by the ScanPanel

Issue 513: Footer status labels not immediately shown when an add-on is installed

Issue 514: Forced Browse footer status label still uses spanner icon

Issue 517: Add-ons are added to "main" class loader when installed

Issue 520: MissingResourceException when generating "Alerts" report

Issue 524: Host authentication is used even when disabled

Issue 525: "Report / Export all URLs to File ..." fails

Issue 528: Scan progress dialog can show negative progress times

Issue 533: Default ports 80 and 443 are appended to sites in site tree

Issue 540: Maximised work tabs hidden when response tab position changed

Issue 548: Diff messages are appended to the "Diff" dialogue

Issue 549: Diff menu item enabled when "Sites" tree root node and a child node are selected

Issue 550: Fuzzer - Buffer Overflow stops because of java.sql.SQLDataException: data exception: string data, right truncation

Issue 558: Auto tagging broken

Issue 564: Active scanner can hang if dependencies used

Issue 565: Marketplace: Downloads won't use configured upstream Proxy

Issue 567: Spelling mistake

Issue 574: Spider fails when invoked via the API

Issue 579: Some (build) targets are incorrectly relying on the platform default encoding

Issue 582: NullPointerException while opening a session in daemon mode

Issue 583: NullPointerException while managing a session in daemon mode with "WebSockets" add-on installed

Issue 588: ExtensionHistory.historyIdToRef should be cleared when changing session

Issue 593: Quick Start may start the active scan before waiting for the spider to finish

Issue 614: SessionFixation labels wrong

Issue 616: Spider handles incorrectly form actions containing fragments (#)

Issue 617: NullPointerException when spidering a context

Issue 622: Local proxy unable to correctly detect requests to itself

Issue 626: Scroll bar of alert text areas is always at the bottom

Issue 627: Allow add-ons to remove main tool bar buttons/separators

Issue 628: Allow add-ons to remove the registered API

Issue 632: Manual Request Editor dialogue (HTTP) configurations not saved correctly

Issue 633: Auto tag scanners are shown in passive scanners table

Issue 634: Empty passive scanner shown in the passive scanners table

See also

     Introductionthe introduction to ZAP
     Releasesthe full set of releases
     Creditsthe people and groups who have made this release possible