+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
-| | 2.13.0 | bug fix and enhancement release |
+| | 2.13.0 | Corrección de errores y lanzamiento de mejoras |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
| | 2.11.1 | includes an important security fix - users are urged to upgrade asap |
| | 2.11.0 | OWASP 20th anniversary bug fix and enhancement release |
@@ -20,7 +21,7 @@ Lanzamientos
| | 2.9.0 | Corrección de errores y lanzamiento de mejoras |
| | 2.8.0 | Corrección de errores y lanzamiento de mejoras |
| | 2.7.0 | Corrección de errores y lanzamiento de mejoras |
-| | 2.6.0 | Corrección de errores y lanzamiento de mejoras |
+| | 2.6.0 | bug fix and enhancement release |
| | 2.5.0 | bug fix and enhancement release |
| | 2.4.3 | bug fix and enhancement release |
| | 2.4.2 | bug fix and minor enhancement release |
@@ -36,9 +37,9 @@ Lanzamientos
| | 1.4.1 | bug fix release |
| | 1.4.0 | includes syntax highlighting, fuzzdb integration, enhanced XSS scanner and plugable extensions |
| | 1.3.4 | bug fix and usability release |
-| | 1.3.3 | Lanzamiento con corrección de errores |
+| | 1.3.3 | bug fix release |
| | 1.3.2 | bug fix release |
-| | 1.3.1 | bug fix release |
+| | 1.3.1 | Lanzamiento con corrección de errores |
| | 1.3.0 | includes fuzzing, a new API, full internationalisation and beanshell integration |
| | 1.2.0 | includes memory leak fixes and invoking applications |
| | 1.1.0 | the first OWASP branded version, and including the brute force and port scanners |
diff --git a/addOns/help_es_ES/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_es_ES/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 80806aec0..4bab1f0da 100644
--- a/addOns/help_es_ES/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_es_ES/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Datos de Cookie
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_es_ES/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_es_ES/src/main/javahelp/contents/ui/dialogs/options/script.html
index 159b34bd2..0b49c21d8 100644
--- a/addOns/help_es_ES/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_es_ES/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Pantalla de opciones de Scripts
Esta pantalla le permite configurar las opciones de scripts:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directorios
Una lista de directorios desde los cuales se cargarán scripts. ZAP leerá (y escribirá) las secuencias de comandos utilizando la codificación de caracteres UTF-8.
Los scripts deben estar en subdirectorios nombrados después del tipo de script relevante (como 'activo', 'pasivo', 'proxy', etc.) y deben tener una extensión apropiada para el lenguaje de script utilizado.
diff --git a/addOns/help_es_ES/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_es_ES/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 7e69a9ede..253e84139 100644
--- a/addOns/help_es_ES/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_es_ES/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -22,7 +22,7 @@ Ficha de sesiones HTTP
Cada una de las entradas en la tabla de sesiones puede ser derecha clic, que activa el menú emergente, con las siguientes opciones:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_es_ES/src/main/javahelp/index.xml b/addOns/help_es_ES/src/main/javahelp/index.xml
index 7fcaf0f56..1d6b09486 100644
--- a/addOns/help_es_ES/src/main/javahelp/index.xml
+++ b/addOns/help_es_ES/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_es_ES/src/main/javahelp/toc.xml b/addOns/help_es_ES/src/main/javahelp/toc.xml
index abc38cf4c..250c4738f 100644
--- a/addOns/help_es_ES/src/main/javahelp/toc.xml
+++ b/addOns/help_es_ES/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_fa_IR/src/main/javahelp/contents/cmdline.html b/addOns/help_fa_IR/src/main/javahelp/contents/cmdline.html
index c890e16dd..23e60199d 100644
--- a/addOns/help_fa_IR/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_fa_IR/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Options
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Options
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Examples:
diff --git a/addOns/help_fa_IR/src/main/javahelp/contents/credits.html b/addOns/help_fa_IR/src/main/javahelp/contents/credits.html
index 446786d38..a1b0a6102 100644
--- a/addOns/help_fa_IR/src/main/javahelp/contents/credits.html
+++ b/addOns/help_fa_IR/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP Extended Team
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP Extended Team
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP Extended Team
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP Extended Team
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP Extended Team
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP Extended Team
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_fa_IR/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_fa_IR/src/main/javahelp/contents/releases/1.1.0.html
index badcf8bbc..4070f52e8 100644
--- a/addOns/help_fa_IR/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_fa_IR/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ تغییرات مهم:
OWASP را تغیر میدهند
ZAP عنوان پروژه OWASP پذيرفته شده است.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
نیروی بی رحم
توانایی به نیروی بی رحم فایل ها و دایرکتوری ها براساس کد از پروژه OWASP DirBuster.
diff --git a/addOns/help_fa_IR/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_fa_IR/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_fa_IR/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_fa_IR/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_fa_IR/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_fa_IR/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_fa_IR/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_fa_IR/src/main/javahelp/contents/releases/releases.html b/addOns/help_fa_IR/src/main/javahelp/contents/releases/releases.html
index 45b49932c..164db9a87 100644
--- a/addOns/help_fa_IR/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_fa_IR/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Releases
The following releases have been made:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_fa_IR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_fa_IR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 0606c0f64..f08af8c96 100644
--- a/addOns/help_fa_IR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_fa_IR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_fa_IR/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_fa_IR/src/main/javahelp/contents/ui/dialogs/options/script.html
index 2d0b1f420..961084e17 100644
--- a/addOns/help_fa_IR/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_fa_IR/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_fa_IR/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_fa_IR/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 3338e02e7..940dc48c9 100644
--- a/addOns/help_fa_IR/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_fa_IR/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_fa_IR/src/main/javahelp/index.xml b/addOns/help_fa_IR/src/main/javahelp/index.xml
index 01179c987..b9df7b17d 100644
--- a/addOns/help_fa_IR/src/main/javahelp/index.xml
+++ b/addOns/help_fa_IR/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_fa_IR/src/main/javahelp/toc.xml b/addOns/help_fa_IR/src/main/javahelp/toc.xml
index 61aabe2e8..87864d043 100644
--- a/addOns/help_fa_IR/src/main/javahelp/toc.xml
+++ b/addOns/help_fa_IR/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_fil_PH/src/main/javahelp/contents/cmdline.html b/addOns/help_fil_PH/src/main/javahelp/contents/cmdline.html
index 777cbe130..9cedd4bb0 100644
--- a/addOns/help_fil_PH/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_fil_PH/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Mga Opsyon
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Mga Opsyon
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Mga Halimbawa:
diff --git a/addOns/help_fil_PH/src/main/javahelp/contents/credits.html b/addOns/help_fil_PH/src/main/javahelp/contents/credits.html
index bb0af782d..8194596d8 100644
--- a/addOns/help_fil_PH/src/main/javahelp/contents/credits.html
+++ b/addOns/help_fil_PH/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ Pinalawig na Grupo ng ZAP
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ Pinalawig na Grupo ng ZAP
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ Pinalawig na Grupo ng ZAP
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ Pinalawig na Grupo ng ZAP
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ Pinalawig na Grupo ng ZAP
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ Pinalawig na Grupo ng ZAP
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_fil_PH/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_fil_PH/src/main/javahelp/contents/releases/1.1.0.html
index f5ddb3ccf..a4864a255 100644
--- a/addOns/help_fil_PH/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_fil_PH/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Mga makabuluhang pagbabago:
Rebranding ng OWASP
Ang ZAp ay tinanggap bilang isang proyekto ng OWASP.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Brute Force
Ang kakayahang sang-ayon sa mga brute force file at mga direktaryo batay sa code mula sa proyektong OWASP DirBuster.
diff --git a/addOns/help_fil_PH/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_fil_PH/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_fil_PH/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_fil_PH/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_fil_PH/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_fil_PH/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_fil_PH/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_fil_PH/src/main/javahelp/contents/releases/releases.html b/addOns/help_fil_PH/src/main/javahelp/contents/releases/releases.html
index 07c53d573..fa14e6561 100644
--- a/addOns/help_fil_PH/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_fil_PH/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Ang mga inilabas
Ang mga sumusunod ng mga inilabas na ginawa:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_fil_PH/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_fil_PH/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 7b722031e..555230211 100644
--- a/addOns/help_fil_PH/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_fil_PH/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie ng Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input mga Handler ng Vector
The data formats that the active scanner will target:
diff --git a/addOns/help_fil_PH/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_fil_PH/src/main/javahelp/contents/ui/dialogs/options/script.html
index 4b8b4684f..64f0cb08b 100644
--- a/addOns/help_fil_PH/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_fil_PH/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Mga opsyon sa mga panabing sa pagkaalerto
Ang panabing na ito ay pinapayagan ka na i-configure ang opsyon sa mga alerto:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Mga direktoryo
Isang listahan ng mga direktoryo mula sa kung saan ang mga script ay mai-load. Babasahin (at isulat) ang ZAP ang mga script gamit ang encoding ng character na UTF-8.
Ang iskrip ay dapat nasa subdirectories na pinangalanang matapos ang may-katuturang script uri (tulad ng 'aktibong', 'passive', 'proxy' atbp) at dapat magkaroon ng isang angkop na extension para sa ang wika ng script na ginamit.
diff --git a/addOns/help_fil_PH/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_fil_PH/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 5f38f0047..647cc7ef1 100644
--- a/addOns/help_fil_PH/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_fil_PH/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -27,7 +27,7 @@ Ang mga Sesyon ng HTTP na tab
Bawat entry ng Sesyon na table ay maaring makaliwang pindot,
na magpapagana ng Popup na Menu, na may sumusunod na mga pagpipilian:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_fil_PH/src/main/javahelp/index.xml b/addOns/help_fil_PH/src/main/javahelp/index.xml
index 85e5c244f..07e54df01 100644
--- a/addOns/help_fil_PH/src/main/javahelp/index.xml
+++ b/addOns/help_fil_PH/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_fil_PH/src/main/javahelp/toc.xml b/addOns/help_fil_PH/src/main/javahelp/toc.xml
index dccb88f71..6e4de559b 100644
--- a/addOns/help_fil_PH/src/main/javahelp/toc.xml
+++ b/addOns/help_fil_PH/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_fr_FR/src/main/javahelp/contents/cmdline.html b/addOns/help_fr_FR/src/main/javahelp/contents/cmdline.html
index c890e16dd..23e60199d 100644
--- a/addOns/help_fr_FR/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_fr_FR/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Options
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Options
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Examples:
diff --git a/addOns/help_fr_FR/src/main/javahelp/contents/credits.html b/addOns/help_fr_FR/src/main/javahelp/contents/credits.html
index 81e518992..ee7420b01 100644
--- a/addOns/help_fr_FR/src/main/javahelp/contents/credits.html
+++ b/addOns/help_fr_FR/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP équipe étendue
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP équipe étendue
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP équipe étendue
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP équipe étendue
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP équipe étendue
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP équipe étendue
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_fr_FR/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_fr_FR/src/main/javahelp/contents/releases/1.1.0.html
index 635d83b25..bb75b5ad0 100644
--- a/addOns/help_fr_FR/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_fr_FR/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Significant changes:
OWASP rebranding
ZAP has been accepted as an OWASP project.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Attaque par force brute
La possibilité de forcer par la force des fichiers et des répertoires basés sur le code du projet OWASP DirBuster.
diff --git a/addOns/help_fr_FR/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_fr_FR/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_fr_FR/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_fr_FR/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_fr_FR/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_fr_FR/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_fr_FR/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_fr_FR/src/main/javahelp/contents/releases/releases.html b/addOns/help_fr_FR/src/main/javahelp/contents/releases/releases.html
index ef8f34fa5..75112a423 100644
--- a/addOns/help_fr_FR/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_fr_FR/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Versions
Les versions suivantes ont été faites :
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_fr_FR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_fr_FR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index b39a6c5b2..bcba29783 100644
--- a/addOns/help_fr_FR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_fr_FR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_fr_FR/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_fr_FR/src/main/javahelp/contents/ui/dialogs/options/script.html
index 2d0b1f420..961084e17 100644
--- a/addOns/help_fr_FR/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_fr_FR/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_fr_FR/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_fr_FR/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 99059773b..389378cda 100644
--- a/addOns/help_fr_FR/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_fr_FR/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_fr_FR/src/main/javahelp/index.xml b/addOns/help_fr_FR/src/main/javahelp/index.xml
index 01179c987..b9df7b17d 100644
--- a/addOns/help_fr_FR/src/main/javahelp/index.xml
+++ b/addOns/help_fr_FR/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_fr_FR/src/main/javahelp/toc.xml b/addOns/help_fr_FR/src/main/javahelp/toc.xml
index 95e9cf0ae..6d31a8c49 100644
--- a/addOns/help_fr_FR/src/main/javahelp/toc.xml
+++ b/addOns/help_fr_FR/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_hi_IN/src/main/javahelp/contents/cmdline.html b/addOns/help_hi_IN/src/main/javahelp/contents/cmdline.html
index c890e16dd..23e60199d 100644
--- a/addOns/help_hi_IN/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_hi_IN/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Options
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Options
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Examples:
diff --git a/addOns/help_hi_IN/src/main/javahelp/contents/credits.html b/addOns/help_hi_IN/src/main/javahelp/contents/credits.html
index 446786d38..a1b0a6102 100644
--- a/addOns/help_hi_IN/src/main/javahelp/contents/credits.html
+++ b/addOns/help_hi_IN/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP Extended Team
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP Extended Team
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP Extended Team
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP Extended Team
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP Extended Team
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP Extended Team
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_hi_IN/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_hi_IN/src/main/javahelp/contents/releases/1.1.0.html
index f63524873..52c1cb238 100644
--- a/addOns/help_hi_IN/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_hi_IN/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Significant changes:
OWASP rebranding
ZAP has been accepted as an OWASP project.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Brute Force
The ability to brute force files and directories based on code from the OWASP DirBuster project.
diff --git a/addOns/help_hi_IN/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_hi_IN/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_hi_IN/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_hi_IN/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_hi_IN/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_hi_IN/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_hi_IN/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_hi_IN/src/main/javahelp/contents/releases/releases.html b/addOns/help_hi_IN/src/main/javahelp/contents/releases/releases.html
index 45b49932c..164db9a87 100644
--- a/addOns/help_hi_IN/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_hi_IN/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Releases
The following releases have been made:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_hi_IN/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_hi_IN/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 0606c0f64..f08af8c96 100644
--- a/addOns/help_hi_IN/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_hi_IN/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_hi_IN/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_hi_IN/src/main/javahelp/contents/ui/dialogs/options/script.html
index 2d0b1f420..961084e17 100644
--- a/addOns/help_hi_IN/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_hi_IN/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_hi_IN/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_hi_IN/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 3338e02e7..940dc48c9 100644
--- a/addOns/help_hi_IN/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_hi_IN/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_hi_IN/src/main/javahelp/index.xml b/addOns/help_hi_IN/src/main/javahelp/index.xml
index 01179c987..b9df7b17d 100644
--- a/addOns/help_hi_IN/src/main/javahelp/index.xml
+++ b/addOns/help_hi_IN/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_hi_IN/src/main/javahelp/toc.xml b/addOns/help_hi_IN/src/main/javahelp/toc.xml
index 997d47b88..4ea4111d6 100644
--- a/addOns/help_hi_IN/src/main/javahelp/toc.xml
+++ b/addOns/help_hi_IN/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_hu_HU/src/main/javahelp/contents/cmdline.html b/addOns/help_hu_HU/src/main/javahelp/contents/cmdline.html
index c890e16dd..23e60199d 100644
--- a/addOns/help_hu_HU/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_hu_HU/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Options
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Options
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Examples:
diff --git a/addOns/help_hu_HU/src/main/javahelp/contents/credits.html b/addOns/help_hu_HU/src/main/javahelp/contents/credits.html
index 89c80f330..28c28b212 100644
--- a/addOns/help_hu_HU/src/main/javahelp/contents/credits.html
+++ b/addOns/help_hu_HU/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP Extended Team
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP Extended Team
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP Extended Team
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP Extended Team
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP Extended Team
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP Extended Team
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_hu_HU/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_hu_HU/src/main/javahelp/contents/releases/1.1.0.html
index f03ec9335..099e9a5ef 100644
--- a/addOns/help_hu_HU/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_hu_HU/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Significant changes:
OWASP rebranding
ZAP has been accepted as an OWASP project.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Brute Force
The ability to brute force files and directories based on code from the OWASP DirBuster project.
diff --git a/addOns/help_hu_HU/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_hu_HU/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_hu_HU/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_hu_HU/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_hu_HU/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_hu_HU/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_hu_HU/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_hu_HU/src/main/javahelp/contents/releases/releases.html b/addOns/help_hu_HU/src/main/javahelp/contents/releases/releases.html
index 090400fb3..02ffb19de 100644
--- a/addOns/help_hu_HU/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_hu_HU/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Kiadások
A következő kiadások jelentek meg:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_hu_HU/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_hu_HU/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 0606c0f64..f08af8c96 100644
--- a/addOns/help_hu_HU/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_hu_HU/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_hu_HU/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_hu_HU/src/main/javahelp/contents/ui/dialogs/options/script.html
index 2d0b1f420..961084e17 100644
--- a/addOns/help_hu_HU/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_hu_HU/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_hu_HU/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_hu_HU/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 3338e02e7..940dc48c9 100644
--- a/addOns/help_hu_HU/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_hu_HU/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_hu_HU/src/main/javahelp/index.xml b/addOns/help_hu_HU/src/main/javahelp/index.xml
index 5d40ab337..d3862f7b9 100644
--- a/addOns/help_hu_HU/src/main/javahelp/index.xml
+++ b/addOns/help_hu_HU/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_hu_HU/src/main/javahelp/toc.xml b/addOns/help_hu_HU/src/main/javahelp/toc.xml
index 1224b0890..f0ae0a13e 100644
--- a/addOns/help_hu_HU/src/main/javahelp/toc.xml
+++ b/addOns/help_hu_HU/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_id_ID/src/main/javahelp/contents/cmdline.html b/addOns/help_id_ID/src/main/javahelp/contents/cmdline.html
index 6cb16c8e3..0960457d4 100644
--- a/addOns/help_id_ID/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_id_ID/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Pilihan
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Pilihan
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Contoh:
diff --git a/addOns/help_id_ID/src/main/javahelp/contents/credits.html b/addOns/help_id_ID/src/main/javahelp/contents/credits.html
index f4ee8ea0c..03b264577 100644
--- a/addOns/help_id_ID/src/main/javahelp/contents/credits.html
+++ b/addOns/help_id_ID/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP Diperpanjang Tim
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP Diperpanjang Tim
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP Diperpanjang Tim
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP Diperpanjang Tim
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP Diperpanjang Tim
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP Diperpanjang Tim
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_id_ID/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_id_ID/src/main/javahelp/contents/releases/1.1.0.html
index f246eaa5b..bc310c598 100644
--- a/addOns/help_id_ID/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_id_ID/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Perubahan yang signifikan:
Rebranding OWASP
ZAP sudah diterima sebagai proyek OWASP.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Kasar
Kemampuan untuk mengacak file dan direktori berdasarkan kode dari proyek DirBuster OWASP.
diff --git a/addOns/help_id_ID/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_id_ID/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_id_ID/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_id_ID/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_id_ID/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_id_ID/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_id_ID/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_id_ID/src/main/javahelp/contents/releases/releases.html b/addOns/help_id_ID/src/main/javahelp/contents/releases/releases.html
index 964559fb6..f01f4d8b2 100644
--- a/addOns/help_id_ID/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_id_ID/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Rilis
Rilis-rilis berikut telah dibuat:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_id_ID/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_id_ID/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 31945aad7..2eddfe3fd 100644
--- a/addOns/help_id_ID/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_id_ID/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Data cookie
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Membangun masukan menangani Vektor
The data formats that the active scanner will target:
diff --git a/addOns/help_id_ID/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_id_ID/src/main/javahelp/contents/ui/dialogs/options/script.html
index 72e8046b3..fe44fb2d1 100644
--- a/addOns/help_id_ID/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_id_ID/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Layar pilihan skrip
Layar ini memungkinkan kamu untuk mengkonfigurasi pilihan skrip:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Direktori
Daftar direktori dari skrip mana yang akan dimuat. ZAP akan membaca (dan menulis) skrip menggunakan pengkodean karakter UTF-8.
Skrip harus berada dalam subdirektori yang diberi nama sesuai jenis skrip yang relevan (seperti 'aktif', 'pasif', 'proxy' dll) dan harus memiliki ekstensi yang sesuai untuk bahasa skrip yang digunakan.
diff --git a/addOns/help_id_ID/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_id_ID/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 64385d372..ac3a52ad3 100644
--- a/addOns/help_id_ID/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_id_ID/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -22,7 +22,7 @@ Tab Sesi HTTP
Setiap entri dalam tabel Sesi dapat diklik dengan benar, yang mengaktifkan Menu Popup, dengan pilihan berikut:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_id_ID/src/main/javahelp/index.xml b/addOns/help_id_ID/src/main/javahelp/index.xml
index ae6298d04..fa8d31f7b 100644
--- a/addOns/help_id_ID/src/main/javahelp/index.xml
+++ b/addOns/help_id_ID/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_id_ID/src/main/javahelp/toc.xml b/addOns/help_id_ID/src/main/javahelp/toc.xml
index 9aa90ab88..9be37e1ac 100644
--- a/addOns/help_id_ID/src/main/javahelp/toc.xml
+++ b/addOns/help_id_ID/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_it_IT/src/main/javahelp/contents/cmdline.html b/addOns/help_it_IT/src/main/javahelp/contents/cmdline.html
index c890e16dd..23e60199d 100644
--- a/addOns/help_it_IT/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_it_IT/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Options
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Options
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Examples:
diff --git a/addOns/help_it_IT/src/main/javahelp/contents/credits.html b/addOns/help_it_IT/src/main/javahelp/contents/credits.html
index 446786d38..a1b0a6102 100644
--- a/addOns/help_it_IT/src/main/javahelp/contents/credits.html
+++ b/addOns/help_it_IT/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP Extended Team
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP Extended Team
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP Extended Team
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP Extended Team
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP Extended Team
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP Extended Team
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_it_IT/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_it_IT/src/main/javahelp/contents/releases/1.1.0.html
index 8babaa820..061b62cc0 100644
--- a/addOns/help_it_IT/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_it_IT/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Cambiamenti significativi:
Il rebranding di OWASP
ZAP è stato accettato come un progetto OWASP.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Forza Bruta
L'abilità di usare la forza bruta sui file e cartelle che si basano sul codice del progetto OWASP DirBuster.
diff --git a/addOns/help_it_IT/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_it_IT/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_it_IT/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_it_IT/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_it_IT/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_it_IT/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_it_IT/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_it_IT/src/main/javahelp/contents/releases/releases.html b/addOns/help_it_IT/src/main/javahelp/contents/releases/releases.html
index 45b49932c..164db9a87 100644
--- a/addOns/help_it_IT/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_it_IT/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Releases
The following releases have been made:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_it_IT/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_it_IT/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 0606c0f64..f08af8c96 100644
--- a/addOns/help_it_IT/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_it_IT/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_it_IT/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_it_IT/src/main/javahelp/contents/ui/dialogs/options/script.html
index 2d0b1f420..961084e17 100644
--- a/addOns/help_it_IT/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_it_IT/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_it_IT/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_it_IT/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 3338e02e7..940dc48c9 100644
--- a/addOns/help_it_IT/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_it_IT/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_it_IT/src/main/javahelp/index.xml b/addOns/help_it_IT/src/main/javahelp/index.xml
index 01179c987..b9df7b17d 100644
--- a/addOns/help_it_IT/src/main/javahelp/index.xml
+++ b/addOns/help_it_IT/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_it_IT/src/main/javahelp/toc.xml b/addOns/help_it_IT/src/main/javahelp/toc.xml
index f2cd0e5d0..f6f52e5f7 100644
--- a/addOns/help_it_IT/src/main/javahelp/toc.xml
+++ b/addOns/help_it_IT/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_ja_JP/src/main/javahelp/contents/cmdline.html b/addOns/help_ja_JP/src/main/javahelp/contents/cmdline.html
index 4dff0dbbb..a7d25601c 100644
--- a/addOns/help_ja_JP/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_ja_JP/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Options
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Options
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
例:
diff --git a/addOns/help_ja_JP/src/main/javahelp/contents/credits.html b/addOns/help_ja_JP/src/main/javahelp/contents/credits.html
index 874bc8de8..dcb282c18 100644
--- a/addOns/help_ja_JP/src/main/javahelp/contents/credits.html
+++ b/addOns/help_ja_JP/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP 拡張チーム
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP 拡張チーム
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP 拡張チーム
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP 拡張チーム
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP 拡張チーム
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP 拡張チーム
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_ja_JP/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_ja_JP/src/main/javahelp/contents/releases/1.1.0.html
index 727511994..2d0cfe341 100644
--- a/addOns/help_ja_JP/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_ja_JP/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ 重要な変更
OWASPにブランド変更
ZAPはOWASPのプロジェクトとして認められました。
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
ブルート攻撃
The ability to brute force files and directories based on code from the OWASP DirBuster project.
diff --git a/addOns/help_ja_JP/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_ja_JP/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_ja_JP/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_ja_JP/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_ja_JP/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_ja_JP/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_ja_JP/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_ja_JP/src/main/javahelp/contents/releases/releases.html b/addOns/help_ja_JP/src/main/javahelp/contents/releases/releases.html
index 91103bd72..2de2ef72f 100644
--- a/addOns/help_ja_JP/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_ja_JP/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ リリース
以下のリリースが行われました。
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_ja_JP/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_ja_JP/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 65cdfccfc..853aadb08 100644
--- a/addOns/help_ja_JP/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_ja_JP/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_ja_JP/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_ja_JP/src/main/javahelp/contents/ui/dialogs/options/script.html
index 2d0b1f420..961084e17 100644
--- a/addOns/help_ja_JP/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_ja_JP/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_ja_JP/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_ja_JP/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 7858affa0..e6ad2d3ca 100644
--- a/addOns/help_ja_JP/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_ja_JP/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_ja_JP/src/main/javahelp/index.xml b/addOns/help_ja_JP/src/main/javahelp/index.xml
index 034384148..d259f307a 100644
--- a/addOns/help_ja_JP/src/main/javahelp/index.xml
+++ b/addOns/help_ja_JP/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_ja_JP/src/main/javahelp/toc.xml b/addOns/help_ja_JP/src/main/javahelp/toc.xml
index 41a422e65..114bfc1f2 100644
--- a/addOns/help_ja_JP/src/main/javahelp/toc.xml
+++ b/addOns/help_ja_JP/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_ms_MY/src/main/javahelp/contents/cmdline.html b/addOns/help_ms_MY/src/main/javahelp/contents/cmdline.html
index c890e16dd..23e60199d 100644
--- a/addOns/help_ms_MY/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_ms_MY/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Options
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Options
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Examples:
diff --git a/addOns/help_ms_MY/src/main/javahelp/contents/credits.html b/addOns/help_ms_MY/src/main/javahelp/contents/credits.html
index 446786d38..a1b0a6102 100644
--- a/addOns/help_ms_MY/src/main/javahelp/contents/credits.html
+++ b/addOns/help_ms_MY/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP Extended Team
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP Extended Team
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP Extended Team
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP Extended Team
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP Extended Team
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP Extended Team
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_ms_MY/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_ms_MY/src/main/javahelp/contents/releases/1.1.0.html
index 77fbf99b5..1b0663702 100644
--- a/addOns/help_ms_MY/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_ms_MY/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Perubahan ketara:
OWASP penjenamaan semula
ZAP telah diterima sebagai satu projek OWASP.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Brute Force
Keupayaan untuk brute force fail dan direktori yang berdasarkan kod projek OWASP DirBuster.
diff --git a/addOns/help_ms_MY/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_ms_MY/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_ms_MY/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_ms_MY/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_ms_MY/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_ms_MY/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_ms_MY/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_ms_MY/src/main/javahelp/contents/releases/releases.html b/addOns/help_ms_MY/src/main/javahelp/contents/releases/releases.html
index 45b49932c..164db9a87 100644
--- a/addOns/help_ms_MY/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_ms_MY/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Releases
The following releases have been made:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_ms_MY/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_ms_MY/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 0606c0f64..f08af8c96 100644
--- a/addOns/help_ms_MY/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_ms_MY/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_ms_MY/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_ms_MY/src/main/javahelp/contents/ui/dialogs/options/script.html
index 2d0b1f420..961084e17 100644
--- a/addOns/help_ms_MY/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_ms_MY/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_ms_MY/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_ms_MY/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 3338e02e7..940dc48c9 100644
--- a/addOns/help_ms_MY/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_ms_MY/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_ms_MY/src/main/javahelp/index.xml b/addOns/help_ms_MY/src/main/javahelp/index.xml
index 01179c987..b9df7b17d 100644
--- a/addOns/help_ms_MY/src/main/javahelp/index.xml
+++ b/addOns/help_ms_MY/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_ms_MY/src/main/javahelp/toc.xml b/addOns/help_ms_MY/src/main/javahelp/toc.xml
index 997d47b88..4ea4111d6 100644
--- a/addOns/help_ms_MY/src/main/javahelp/toc.xml
+++ b/addOns/help_ms_MY/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_pl_PL/src/main/javahelp/contents/cmdline.html b/addOns/help_pl_PL/src/main/javahelp/contents/cmdline.html
index 415977d01..9ab038366 100644
--- a/addOns/help_pl_PL/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_pl_PL/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Options
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Options
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Przykłady:
diff --git a/addOns/help_pl_PL/src/main/javahelp/contents/credits.html b/addOns/help_pl_PL/src/main/javahelp/contents/credits.html
index 197699838..0600b2df4 100644
--- a/addOns/help_pl_PL/src/main/javahelp/contents/credits.html
+++ b/addOns/help_pl_PL/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP Extended Team
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP Extended Team
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP Extended Team
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP Extended Team
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP Extended Team
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP Extended Team
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_pl_PL/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_pl_PL/src/main/javahelp/contents/releases/1.1.0.html
index 2cd38f878..81ded1c6d 100644
--- a/addOns/help_pl_PL/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_pl_PL/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Istotne zmiany:
OWASP rebranding
ZAP has been accepted as an OWASP project.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Brute Force
The ability to brute force files and directories based on code from the OWASP DirBuster project.
diff --git a/addOns/help_pl_PL/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_pl_PL/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_pl_PL/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_pl_PL/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_pl_PL/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_pl_PL/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_pl_PL/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_pl_PL/src/main/javahelp/contents/releases/releases.html b/addOns/help_pl_PL/src/main/javahelp/contents/releases/releases.html
index 0ebf02a4d..5bf2fe39d 100644
--- a/addOns/help_pl_PL/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_pl_PL/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Wydania
The following releases have been made:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_pl_PL/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_pl_PL/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index cc41aeb55..46ab7876d 100644
--- a/addOns/help_pl_PL/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_pl_PL/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_pl_PL/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_pl_PL/src/main/javahelp/contents/ui/dialogs/options/script.html
index b5d198ac3..e87e5d7b2 100644
--- a/addOns/help_pl_PL/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_pl_PL/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_pl_PL/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_pl_PL/src/main/javahelp/contents/ui/tabs/httpsessions.html
index fc34f77f2..4ff92a252 100644
--- a/addOns/help_pl_PL/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_pl_PL/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_pl_PL/src/main/javahelp/index.xml b/addOns/help_pl_PL/src/main/javahelp/index.xml
index 99a3d1993..c47b07f2b 100644
--- a/addOns/help_pl_PL/src/main/javahelp/index.xml
+++ b/addOns/help_pl_PL/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_pl_PL/src/main/javahelp/toc.xml b/addOns/help_pl_PL/src/main/javahelp/toc.xml
index 31de2eaaf..09fcc5b78 100644
--- a/addOns/help_pl_PL/src/main/javahelp/toc.xml
+++ b/addOns/help_pl_PL/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_pt_BR/src/main/javahelp/contents/cmdline.html b/addOns/help_pt_BR/src/main/javahelp/contents/cmdline.html
index 8e096d3ef..369b575ac 100644
--- a/addOns/help_pt_BR/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_pt_BR/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Opções
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Opções
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Exemplos:
diff --git a/addOns/help_pt_BR/src/main/javahelp/contents/credits.html b/addOns/help_pt_BR/src/main/javahelp/contents/credits.html
index 98df920c8..d996ffac2 100644
--- a/addOns/help_pt_BR/src/main/javahelp/contents/credits.html
+++ b/addOns/help_pt_BR/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ Equipe Extensa
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ Equipe Extensa
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ Equipe Extensa
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ Equipe Extensa
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ Equipe Extensa
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ Equipe Extensa
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_pt_BR/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_pt_BR/src/main/javahelp/contents/releases/1.1.0.html
index 60aa1bfba..4d03ee9cf 100644
--- a/addOns/help_pt_BR/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_pt_BR/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Mudanças significativas:
Remarcado na OWASP
O ZAP foi aceito como projeto da OWASP.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Força Bruta
Possibilidade de fazer brute force em arquivos e diretórios baseados em código do projeto OWASP DirBuster.
diff --git a/addOns/help_pt_BR/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_pt_BR/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_pt_BR/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_pt_BR/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_pt_BR/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_pt_BR/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_pt_BR/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_pt_BR/src/main/javahelp/contents/releases/releases.html b/addOns/help_pt_BR/src/main/javahelp/contents/releases/releases.html
index 47b75e66c..c73c8210f 100644
--- a/addOns/help_pt_BR/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_pt_BR/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Releases
Estes são os releases publicados:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_pt_BR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_pt_BR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index f1d75d47f..b76148232 100644
--- a/addOns/help_pt_BR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_pt_BR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Dados do cookie
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Janelas de entrada de vetor
The data formats that the active scanner will target:
diff --git a/addOns/help_pt_BR/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_pt_BR/src/main/javahelp/contents/ui/dialogs/options/script.html
index e44101870..f3eb42300 100644
--- a/addOns/help_pt_BR/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_pt_BR/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Tela de opções de Scripts
Esta tela permite que você configure as opções de script:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Diretórios
Uma lista de diretórios dos quais os scripts serão carregados. O ZAP vai ler (e escrever) os scripts usando a codificação de caracteres UTF-8.
Os scripts devem estar em subdiretórios com os nomes de tipos de scripts relevantes (como 'ativo', 'passiva', 'proxy' etc) e deve ter uma extensão apropriada para a linguagem de script usada.
diff --git a/addOns/help_pt_BR/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_pt_BR/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 91730e7ef..502d25e73 100644
--- a/addOns/help_pt_BR/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_pt_BR/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -22,7 +22,7 @@ Aba de sessões HTTP
Cada uma das entradas na tabela de sessões pode ser examinada com clique no botão direito, o que ativa um menu pop-up com as seguintes opções:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_pt_BR/src/main/javahelp/index.xml b/addOns/help_pt_BR/src/main/javahelp/index.xml
index eede35009..8e854f586 100644
--- a/addOns/help_pt_BR/src/main/javahelp/index.xml
+++ b/addOns/help_pt_BR/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_pt_BR/src/main/javahelp/toc.xml b/addOns/help_pt_BR/src/main/javahelp/toc.xml
index cc003ed7d..826c5cb36 100644
--- a/addOns/help_pt_BR/src/main/javahelp/toc.xml
+++ b/addOns/help_pt_BR/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_ro_RO/src/main/javahelp/contents/cmdline.html b/addOns/help_ro_RO/src/main/javahelp/contents/cmdline.html
index c890e16dd..23e60199d 100644
--- a/addOns/help_ro_RO/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_ro_RO/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Options
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Options
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Examples:
diff --git a/addOns/help_ro_RO/src/main/javahelp/contents/credits.html b/addOns/help_ro_RO/src/main/javahelp/contents/credits.html
index 446786d38..a1b0a6102 100644
--- a/addOns/help_ro_RO/src/main/javahelp/contents/credits.html
+++ b/addOns/help_ro_RO/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP Extended Team
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP Extended Team
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP Extended Team
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP Extended Team
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP Extended Team
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP Extended Team
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_ro_RO/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_ro_RO/src/main/javahelp/contents/releases/1.1.0.html
index 8b2593fb6..57f597c93 100644
--- a/addOns/help_ro_RO/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_ro_RO/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Schimbări majore:
Rebranding-ul OWASP
ZAP a fost acceptat ca fiind un proiect OWASP.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Forțare brută
Reprezintă capacitatea de a forța fișierele și directoarele bazate pe cod din proiectele OWASP DirBuster.
diff --git a/addOns/help_ro_RO/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_ro_RO/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_ro_RO/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_ro_RO/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_ro_RO/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_ro_RO/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_ro_RO/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_ro_RO/src/main/javahelp/contents/releases/releases.html b/addOns/help_ro_RO/src/main/javahelp/contents/releases/releases.html
index 45b49932c..164db9a87 100644
--- a/addOns/help_ro_RO/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_ro_RO/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Releases
The following releases have been made:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_ro_RO/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_ro_RO/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 0606c0f64..f08af8c96 100644
--- a/addOns/help_ro_RO/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_ro_RO/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_ro_RO/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_ro_RO/src/main/javahelp/contents/ui/dialogs/options/script.html
index 2d0b1f420..961084e17 100644
--- a/addOns/help_ro_RO/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_ro_RO/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_ro_RO/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_ro_RO/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 3338e02e7..940dc48c9 100644
--- a/addOns/help_ro_RO/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_ro_RO/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_ro_RO/src/main/javahelp/index.xml b/addOns/help_ro_RO/src/main/javahelp/index.xml
index 01179c987..b9df7b17d 100644
--- a/addOns/help_ro_RO/src/main/javahelp/index.xml
+++ b/addOns/help_ro_RO/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_ro_RO/src/main/javahelp/toc.xml b/addOns/help_ro_RO/src/main/javahelp/toc.xml
index ffdb93bd9..72313a494 100644
--- a/addOns/help_ro_RO/src/main/javahelp/toc.xml
+++ b/addOns/help_ro_RO/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_ru_RU/src/main/javahelp/contents/cmdline.html b/addOns/help_ru_RU/src/main/javahelp/contents/cmdline.html
index fad613771..b178335d4 100644
--- a/addOns/help_ru_RU/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_ru_RU/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Параметры
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Параметры
Ключи конфигурации следует указывать с использованием точечной нотации в зависимости от их расположения в XML файла конфигурации, например:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Примеры:
diff --git a/addOns/help_ru_RU/src/main/javahelp/contents/credits.html b/addOns/help_ru_RU/src/main/javahelp/contents/credits.html
index 387fd6f1f..43e4b3f85 100644
--- a/addOns/help_ru_RU/src/main/javahelp/contents/credits.html
+++ b/addOns/help_ru_RU/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ Расширенная команда ZAP
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ Расширенная команда ZAP
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ Расширенная команда ZAP
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ Расширенная команда ZAP
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ Расширенная команда ZAP
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ Расширенная команда ZAP
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_ru_RU/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_ru_RU/src/main/javahelp/contents/releases/1.1.0.html
index 719b08ecb..f4d87b7d9 100644
--- a/addOns/help_ru_RU/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_ru_RU/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Существенные изменения:
OWASP ребрендинг
ZAP был принят как проект OWASP.
-Сейчас его домашняя страница: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Brute Force (Грубая Сила)
Возможность подбора файлов и каталогов на основе кода из проекта OWASP DirBuster.
diff --git a/addOns/help_ru_RU/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_ru_RU/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_ru_RU/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_ru_RU/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_ru_RU/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_ru_RU/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_ru_RU/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_ru_RU/src/main/javahelp/contents/releases/releases.html b/addOns/help_ru_RU/src/main/javahelp/contents/releases/releases.html
index d8ec04e98..352fe36a6 100644
--- a/addOns/help_ru_RU/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_ru_RU/src/main/javahelp/contents/releases/releases.html
@@ -11,14 +11,15 @@ Релизы
Сделаны следующие релизы:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
-| | 2.13.0 | bug fix and enhancement release |
+| | 2.13.0 | исправление ошибки и выпуск улучшения |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
| | 2.11.1 | includes an important security fix - users are urged to upgrade asap |
| | 2.11.0 | OWASP 20th anniversary bug fix and enhancement release |
| | 2.10.0 | 10 year anniversary bug fix and enhancement release |
| | 2.9.0 | исправление ошибки и выпуск улучшения |
-| | 2.8.0 | исправление ошибки и выпуск улучшения |
+| | 2.8.0 | bug fix and enhancement release |
| | 2.7.0 | bug fix and enhancement release |
| | 2.6.0 | bug fix and enhancement release |
| | 2.5.0 | bug fix and enhancement release |
diff --git a/addOns/help_ru_RU/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_ru_RU/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 28bb3c880..c8376c7f3 100644
--- a/addOns/help_ru_RU/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_ru_RU/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ Все запросы
Данные файлов cookie
Запросить файлы cookie.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Встроенные обработчики входных векторов
Форматы данных, на которые будет нацелен активный сканер:
diff --git a/addOns/help_ru_RU/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_ru_RU/src/main/javahelp/contents/ui/dialogs/options/script.html
index 7d772f2fa..a51eb7932 100644
--- a/addOns/help_ru_RU/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_ru_RU/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Экран опций скриптов
Этот экран позволяет настроить параметры сценария:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Каталоги
Список каталогов, из которых будут загружаться скрипты. ZAP будет читать (и писать) сценарии, используя кодировку символов UTF-8.
Скрипты должны находиться в подкаталогах, названных в честь соответствующего типа скрипта (например, «активный», «пассивный», «прокси» и т. д.) и должны иметь соответствующее расширение для используемого языка скрипта.
diff --git a/addOns/help_ru_RU/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_ru_RU/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 82c5e84cc..e943b3b60 100644
--- a/addOns/help_ru_RU/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_ru_RU/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -29,8 +29,8 @@ Вкладка HTTP-сеансы
Каждую из записей в таблице Sessions можно щелкнуть правой кнопкой мыши,
который активирует всплывающее меню со следующими параметрами:
- - Копировать значение маркера сеанса в буфер обмена — копирует значение
-выбранный сеанс в буфер обмена.
+ - Copy Session Token Value - copies the value of the
+ selected session to the clipboard.
- Удалить сессию - удаляет сессию
- Найти похожие сообщения. Откроется вкладка "Поиск".
чтобы стать активным, отображая результаты на основе поиска с отображаемой строкой
diff --git a/addOns/help_ru_RU/src/main/javahelp/index.xml b/addOns/help_ru_RU/src/main/javahelp/index.xml
index b8f1dce5e..e2adca79e 100644
--- a/addOns/help_ru_RU/src/main/javahelp/index.xml
+++ b/addOns/help_ru_RU/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_ru_RU/src/main/javahelp/toc.xml b/addOns/help_ru_RU/src/main/javahelp/toc.xml
index 0c619f4b0..ed0198a13 100644
--- a/addOns/help_ru_RU/src/main/javahelp/toc.xml
+++ b/addOns/help_ru_RU/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_sr_CS/src/main/javahelp/contents/cmdline.html b/addOns/help_sr_CS/src/main/javahelp/contents/cmdline.html
index c890e16dd..23e60199d 100644
--- a/addOns/help_sr_CS/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_sr_CS/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Options
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Options
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Examples:
diff --git a/addOns/help_sr_CS/src/main/javahelp/contents/credits.html b/addOns/help_sr_CS/src/main/javahelp/contents/credits.html
index 446786d38..a1b0a6102 100644
--- a/addOns/help_sr_CS/src/main/javahelp/contents/credits.html
+++ b/addOns/help_sr_CS/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP Extended Team
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP Extended Team
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP Extended Team
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP Extended Team
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP Extended Team
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP Extended Team
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_sr_CS/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_sr_CS/src/main/javahelp/contents/releases/1.1.0.html
index f63524873..52c1cb238 100644
--- a/addOns/help_sr_CS/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_sr_CS/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Significant changes:
OWASP rebranding
ZAP has been accepted as an OWASP project.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Brute Force
The ability to brute force files and directories based on code from the OWASP DirBuster project.
diff --git a/addOns/help_sr_CS/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_sr_CS/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_sr_CS/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_sr_CS/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_sr_CS/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_sr_CS/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_sr_CS/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_sr_CS/src/main/javahelp/contents/releases/releases.html b/addOns/help_sr_CS/src/main/javahelp/contents/releases/releases.html
index 45b49932c..164db9a87 100644
--- a/addOns/help_sr_CS/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_sr_CS/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Releases
The following releases have been made:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_sr_CS/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_sr_CS/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 0606c0f64..f08af8c96 100644
--- a/addOns/help_sr_CS/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_sr_CS/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_sr_CS/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_sr_CS/src/main/javahelp/contents/ui/dialogs/options/script.html
index 2d0b1f420..961084e17 100644
--- a/addOns/help_sr_CS/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_sr_CS/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_sr_CS/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_sr_CS/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 3338e02e7..940dc48c9 100644
--- a/addOns/help_sr_CS/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_sr_CS/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_sr_CS/src/main/javahelp/index.xml b/addOns/help_sr_CS/src/main/javahelp/index.xml
index 01179c987..b9df7b17d 100644
--- a/addOns/help_sr_CS/src/main/javahelp/index.xml
+++ b/addOns/help_sr_CS/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_sr_CS/src/main/javahelp/toc.xml b/addOns/help_sr_CS/src/main/javahelp/toc.xml
index 04b6bf18a..1881ea5e6 100644
--- a/addOns/help_sr_CS/src/main/javahelp/toc.xml
+++ b/addOns/help_sr_CS/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_tr_TR/src/main/javahelp/contents/cmdline.html b/addOns/help_tr_TR/src/main/javahelp/contents/cmdline.html
index a13b44933..fdbcb3d2c 100644
--- a/addOns/help_tr_TR/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_tr_TR/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Seçenekler
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Seçenekler
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Örnekler:
diff --git a/addOns/help_tr_TR/src/main/javahelp/contents/credits.html b/addOns/help_tr_TR/src/main/javahelp/contents/credits.html
index 9e96cbaeb..794155e54 100644
--- a/addOns/help_tr_TR/src/main/javahelp/contents/credits.html
+++ b/addOns/help_tr_TR/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP' ın Geniş Ekibi
| | 70işaretçi |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP' ın Geniş Ekibi
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP' ın Geniş Ekibi
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP' ın Geniş Ekibi
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP' ın Geniş Ekibi
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP' ın Geniş Ekibi
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_tr_TR/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_tr_TR/src/main/javahelp/contents/releases/1.1.0.html
index 30ada9b6f..016bfc632 100644
--- a/addOns/help_tr_TR/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_tr_TR/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Önemli değişiklikler:
OWASP yeniden markalandırma
ZAP, bir OWASP projesi olarak kabul edildi.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Kaba Kuvvet
Dosyaların ve dizinlerin OWASP DirBuster projesinin koduna bağlı olarak güç uygulama yeteneği.
diff --git a/addOns/help_tr_TR/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_tr_TR/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_tr_TR/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_tr_TR/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_tr_TR/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_tr_TR/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_tr_TR/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_tr_TR/src/main/javahelp/contents/releases/releases.html b/addOns/help_tr_TR/src/main/javahelp/contents/releases/releases.html
index 493798c83..1d47de62b 100644
--- a/addOns/help_tr_TR/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_tr_TR/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Sürümler
Aşağıdaki sürümler yapıldı:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_tr_TR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_tr_TR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 5f0953bcb..d11e071cf 100644
--- a/addOns/help_tr_TR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_tr_TR/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Çerez verisi
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Yerleşik Girdi Vektörü Yöneticileri
The data formats that the active scanner will target:
diff --git a/addOns/help_tr_TR/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_tr_TR/src/main/javahelp/contents/ui/dialogs/options/script.html
index 3eadebfdc..b60df729e 100644
--- a/addOns/help_tr_TR/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_tr_TR/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Komut Dizileri Seçenekleri ekranı
Bu ekran dil seçeneklerini yapılandırmanıza olanak sağlar:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Rehberler
Komut dosyalarının yükleneceği dillerin listesi. ZAP, komut dosyalarını UTF-8 kodlama karakterini kullanarak okuyacak (ve yazacaktır).
Scripler uygun script türünden sonra isimlendirilen alt dizinlerde olmalıdır (mesela 'active', 'passive', 'proxy' etc vs) ve script dilinin kullanımı için uygun bir uzantısı olmalıdır.
diff --git a/addOns/help_tr_TR/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_tr_TR/src/main/javahelp/contents/ui/tabs/httpsessions.html
index db9d03cd0..08463081f 100644
--- a/addOns/help_tr_TR/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_tr_TR/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -31,7 +31,7 @@ HTTP Oturumları sekmesi
Oturumlar masasındaki girilerin her biri sağ tıklanabilir,
böylece şu seçeneklerle birlikte açılır menü aktifleşir:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_tr_TR/src/main/javahelp/index.xml b/addOns/help_tr_TR/src/main/javahelp/index.xml
index bd155bf23..5721321a0 100644
--- a/addOns/help_tr_TR/src/main/javahelp/index.xml
+++ b/addOns/help_tr_TR/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_tr_TR/src/main/javahelp/toc.xml b/addOns/help_tr_TR/src/main/javahelp/toc.xml
index ae86456c2..9391ae4cb 100644
--- a/addOns/help_tr_TR/src/main/javahelp/toc.xml
+++ b/addOns/help_tr_TR/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_ur_PK/src/main/javahelp/contents/cmdline.html b/addOns/help_ur_PK/src/main/javahelp/contents/cmdline.html
index c890e16dd..23e60199d 100644
--- a/addOns/help_ur_PK/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_ur_PK/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
Options
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ Options
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
Examples:
diff --git a/addOns/help_ur_PK/src/main/javahelp/contents/credits.html b/addOns/help_ur_PK/src/main/javahelp/contents/credits.html
index 446786d38..a1b0a6102 100644
--- a/addOns/help_ur_PK/src/main/javahelp/contents/credits.html
+++ b/addOns/help_ur_PK/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP Extended Team
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP Extended Team
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP Extended Team
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP Extended Team
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP Extended Team
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP Extended Team
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_ur_PK/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_ur_PK/src/main/javahelp/contents/releases/1.1.0.html
index 2848ab474..4eb0a880d 100644
--- a/addOns/help_ur_PK/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_ur_PK/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ Significant changes:
OWASP rebranding
ZAP کو ایک او ڈبلیو ایس اے پی پروجیکٹ کے طور پر قبول کیا گیا ہے.
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Brute Force
OWASP DirBuster منصوبے سے کوڈ پر مبنی طاقت فائلوں اور ڈائرکٹریوں کو برعکس کرنے کی صلاحیت.
diff --git a/addOns/help_ur_PK/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_ur_PK/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_ur_PK/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_ur_PK/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_ur_PK/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_ur_PK/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_ur_PK/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_ur_PK/src/main/javahelp/contents/releases/releases.html b/addOns/help_ur_PK/src/main/javahelp/contents/releases/releases.html
index 45b49932c..164db9a87 100644
--- a/addOns/help_ur_PK/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_ur_PK/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ Releases
The following releases have been made:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_ur_PK/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_ur_PK/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index 0606c0f64..f08af8c96 100644
--- a/addOns/help_ur_PK/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_ur_PK/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie Data
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
Build-in Input Vector Handlers
The data formats that the active scanner will target:
diff --git a/addOns/help_ur_PK/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_ur_PK/src/main/javahelp/contents/ui/dialogs/options/script.html
index 2d0b1f420..961084e17 100644
--- a/addOns/help_ur_PK/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_ur_PK/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_ur_PK/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_ur_PK/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 3338e02e7..940dc48c9 100644
--- a/addOns/help_ur_PK/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_ur_PK/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_ur_PK/src/main/javahelp/index.xml b/addOns/help_ur_PK/src/main/javahelp/index.xml
index 01179c987..b9df7b17d 100644
--- a/addOns/help_ur_PK/src/main/javahelp/index.xml
+++ b/addOns/help_ur_PK/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_ur_PK/src/main/javahelp/toc.xml b/addOns/help_ur_PK/src/main/javahelp/toc.xml
index 793ef9d11..cc09db96b 100644
--- a/addOns/help_ur_PK/src/main/javahelp/toc.xml
+++ b/addOns/help_ur_PK/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+
diff --git a/addOns/help_zh_CN/src/main/javahelp/contents/cmdline.html b/addOns/help_zh_CN/src/main/javahelp/contents/cmdline.html
index 0fe6e3967..050f543b2 100644
--- a/addOns/help_zh_CN/src/main/javahelp/contents/cmdline.html
+++ b/addOns/help_zh_CN/src/main/javahelp/contents/cmdline.html
@@ -41,6 +41,7 @@
选项
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
+| | -loglevel <level> | Sets the log level, overriding the values specified in the log4j2.properties file in the home directory |
| | -silent | Ensures ZAP does not make any unsolicited requests, including check for updates |
| | -addoninstall <addOnId> | Installs the add-on with specified ID from the ZAP Marketplace. The IDs of the add-ons available in the marketplace can be consulted in the Marketplace tab of Manage Add-ons dialogue. |
| | -addoninstallall | Install all available add-ons from the ZAP Marketplace |
@@ -60,6 +61,8 @@ 选项
Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
<zap-script> -config api.key=12345
+The -loglevel option supports the following values: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, and ALL, in order of increasing verbosity.
+
例如:
diff --git a/addOns/help_zh_CN/src/main/javahelp/contents/credits.html b/addOns/help_zh_CN/src/main/javahelp/contents/credits.html
index 7b4e5f3dd..e9312e3cf 100644
--- a/addOns/help_zh_CN/src/main/javahelp/contents/credits.html
+++ b/addOns/help_zh_CN/src/main/javahelp/contents/credits.html
@@ -26,11 +26,13 @@ ZAP扩展团队
| | 70pointer |
| | Mostafa AbdelMoez |
| | Jean Abed |
+| | Zuhair Abid (@zuhairabid) |
| | Bilal Achahbar |
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | Matthias Altmann (@secf00tprint) |
| | André Alves (@andrealvesdev) |
+| | Sébastien Amelinckx (@Sebitosh) |
| | Mário Areias |
| | Matt Austin (@mattaustin) |
| | Abdelhadi Azouni |
@@ -48,6 +50,7 @@ ZAP扩展团队
| | Artemy Bogdanov (@Abr1k0s) |
| | Yvan Boily |
| | Rodrigo Bonifácio |
+| | Adrean Boyadzhiev (@aboyadzhiev) |
| | Glib Briia (@glib-briia) |
| | Rauf Butt |
@@ -62,10 +65,12 @@ ZAP扩展团队
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
+| | Ganesh Dagadi (LinkedIn) |
| | Chris Dailey (@dailz-c) |
| | Karl Dalley (@gnirlos) |
| | Anamika Das (@AnamikaD) |
| | Patrick Double (@double16) |
+| | @drighty |
| | Mike Emery - Portcullis Security |
@@ -98,6 +103,7 @@ ZAP扩展团队
| | Taras Ivashchenko, OWASP Russia |
| | Shershon A J (Shershon25) |
+| | Divyansh Jain (@itsdivyanshjain) - Astra Security |
| | Eswarprasath Jayaraman (ejayaraman) |
| | Jon (@flibustier) |
| | Tan Jin (@tjtanjin) |
@@ -153,6 +159,7 @@ ZAP扩展团队
| | Adrien PAILHES |
| | Anthon Pang |
+| | Amit Panwar, amitpanwar789 |
| | Alan Parkinson |
| | David Petrasovic |
| | Yvan Phélizot |
@@ -202,6 +209,7 @@ ZAP扩展团队
| | Sunny (darkowlzz) indiasuny000@gmail.com |
| | Daniel Thompson-Yvetot (@nothingismagick) |
+| | Tib3rius (https://tib3rius.com/) |
| | Stefan Tobler |
| | Ken Treimann, Cyber Ninja |
diff --git a/addOns/help_zh_CN/src/main/javahelp/contents/releases/1.1.0.html b/addOns/help_zh_CN/src/main/javahelp/contents/releases/1.1.0.html
index ffd72f935..00b1c547d 100644
--- a/addOns/help_zh_CN/src/main/javahelp/contents/releases/1.1.0.html
+++ b/addOns/help_zh_CN/src/main/javahelp/contents/releases/1.1.0.html
@@ -15,7 +15,7 @@ 重大变化:
OWASP品牌重塑
ZAP已被接受为OWASP项目。
-Its homepage is now: https://owasp.org/www-project-zap/
+Its homepage is now: https://wiki.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
暴力破解
基于OWASP DirBuster项目的代码帮助暴力破解文件和目录的能力。
diff --git a/addOns/help_zh_CN/src/main/javahelp/contents/releases/2.14.0.html b/addOns/help_zh_CN/src/main/javahelp/contents/releases/2.14.0.html
index 4b9fc4816..415413d70 100644
--- a/addOns/help_zh_CN/src/main/javahelp/contents/releases/2.14.0.html
+++ b/addOns/help_zh_CN/src/main/javahelp/contents/releases/2.14.0.html
@@ -79,8 +79,10 @@ ZAP Browser Extensions
These are included in the new Client Side Integration add-on which supports:
-* Browser Recording
-* Streaming client side events to ZAP
+
This is not (yet) included in the main ZAP releases so you will need to download it from the
Marketplace.
diff --git a/addOns/help_zh_CN/src/main/javahelp/contents/releases/2.15.0.html b/addOns/help_zh_CN/src/main/javahelp/contents/releases/2.15.0.html
new file mode 100644
index 000000000..7437b84da
--- /dev/null
+++ b/addOns/help_zh_CN/src/main/javahelp/contents/releases/2.15.0.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ Release 2.15.0
+
+
+
+Release 2.15.0
+
+This is a bug fix and enhancement release.
+
+These release notes do not include all of the changes included in add-ons updated since 2.14.0.
+
+This release was made possible thanks to our biggest supporter, the Crash Override.
+
+Some of the more significant enhancements include:
+
+
Scripts as First Class Scan Rules
+
+Active and passive scan script rules can now be treated as "first class" scan rules.
+This means that they can be individually referenced in an active scan policy, in the
+passive scan rules options, and in Automation Framework plans.
+
+In addition directories of scripts can now be added with all of the scripts enabled -
+this will make it much more straightfoward to manage script rules in automation.
+
+Menu Items Restructured
+
+The desktop context sensitive menu items have been reordered, and grouped in a more logical way.
+This should make it much easier to find the menu item you want, when you want it.
+
+Set Logging Levels
+
+A new -loglevel Command Line option allows you to set the log level,
+overriding the values specified in the log4j2.properties file in the home directory.
+
+New API calls also allow you to set and view the current logging levels:
+
+Action / core / setLogLevel : Sets the logging level for a given name
+View / core / getLogLevel : Gets the detailed logging config, optionally filtered by name
+
+
+Automation Framework GitHub Action
+
+There is a new ZAP GitHub action - the
+ZAP Automation Framework Scan.
+
+The Automation Framework provides a great balance between ease of use and flexibility + functionality.
+If you want to perform any non-trivial automation with ZAP then the
+Automation Framework is probably your best bet.
+
+New Docker Hub Organisation
+
+We have a new DockerHub organisation for the ZAP Docker images: https://hub.docker.com/u/zaproxy
+
+We are still using the softwaresecurityproject org for 2.15.0 but we will probably not use it for the following releases.
+
+We do recommend that you switch from `softwaresecurityproject` to zaproxy sooner rather than later.
+
+Dependency Updates
+
+As usual the release includes dependency updates.
+
+The following libraries were updated:
+
+
+ - Commons Codex, 1.16.0 → 1.16.1
+ - Commons IO, 2.13.0 → 2.16.1
+ - Commons Lang3, 3.13.0 → 3.14.0
+ - Commons Logging, 1.2 → 1.3.1
+ - Commons Text, 1.10.0 → 1.12.0
+ - Flatlaf, 3.2.1 → 3.4.1
+ - Java Semver, 0.9.0 → 0.10.2
+ - Rsyntaxtextarea, 3.3.4 → 3.4.0
+
+
+Add-Ons
+
+Updated Add-Ons
+All of the add-ons included by default have been updated since the last full release.
+
+Enhancements
+
+- Issue 4275 : Allow to view/change logger levels through the API
+- Issue 7105 : Scripts as First Class Scan Rules
+- Issue 7575 : Add an "Enable all scripts" option to Options->Scripts screen
+- Issue 8135 : Guard against param panels' errors during init
+- Issue 8136 : Keep Import Menu Items Sorted Alphabetically
+- Issue 8150 : Increase search border highlights
+- Issue 8162 : Add stat for uncaught exceptions
+- Issue 8179 : Drop "to Clipboard" from ZAP copy menu items (etc)
+- Issue 8188 : Allow to hook param panels with parents
+- Issue 8190 : alert: Add CWE Alert Tag when building and CWE ID has been set
+- Issue 8198 : URL Path Input Vector - attack end path too
+- Issue 8203 : Option to encode cookie values
+- Issue 8210 : Warn of root user usage and report core count and max memory on start up
+- Issue 8248 : Include cores and max memory in Support Info
+- Issue 8265 : Deprecate Script Scan Rules and related classes
+- Issue 8274 : Improve logs related to loading of pscanrules
+- Issue 8283 : Anti-CSRF Handling should always account for partial matching
+- Issue 8295 : Allow setting the log level via a CLI argument
+- Issue 8332 : tech: Add MariaDB
+- Issue 8369 : Restructure the desktop menu item order
+- Issue 8393 : Allow to search HTTP messages by Tags
+- Issue 8403 : ZAP not printing script errors to console in cmdline mode with `-script`
+- Issue 8423 : Add TAGs for yaml, xml, extended json
+- Issue 8452 : Support decode response body through the `Variant`
+- Issue 8454 : Include pluginId in alert events
+
+
+Bug fixes
+
+- Issue 6292 : Including main technology through the API does not include their specific technologies
+- Issue 8018 : Some characters not displayed in the Language combo box
+- Issue 8147 : Multipart Form Params - Extract boundary from body if not in header
+- Issue 8166 : scripts: Synchronize contents and file methods
+- Issue 8182 : Fix zap.sh for macOS
+- Issue 8252 : Use name of enum as default value for configs
+- Issue 8275 : Button Text is not fully shown in Add Note Dialog
+- Issue 8298 : Prevent NPE if no user creds
+- Issue 8302 : Fix context inclusion issues
+- Issue 8357 : Correct name of hosts without children
+- Issue 8395 : Add missing API error message
+- Issue 8419 : Prevent raising alerts on temporary messages
+- Issue 8429 : Skip deleted msgs in the messages API endpoints
+- Issue 8467 : Get resources from add-ons
+
+
+See Also
+
+| | Introduction | the introduction to ZAP |
+| | Releases | the full set of releases |
+| | Credits | the people and groups who have made this release possible |
+
+
+
diff --git a/addOns/help_zh_CN/src/main/javahelp/contents/releases/releases.html b/addOns/help_zh_CN/src/main/javahelp/contents/releases/releases.html
index 65042a29e..320c7ec03 100644
--- a/addOns/help_zh_CN/src/main/javahelp/contents/releases/releases.html
+++ b/addOns/help_zh_CN/src/main/javahelp/contents/releases/releases.html
@@ -11,6 +11,7 @@ 版本发布
已经发布了以下版本:
+| | 2.15.0 | bug fix and enhancement release |
| | 2.14.0 | bug fix and enhancement release |
| | 2.13.0 | bug fix and enhancement release |
| | 2.12.0 | ten thousand star bug fix and enhancement release |
diff --git a/addOns/help_zh_CN/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html b/addOns/help_zh_CN/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
index bd7e7f177..20d5a1ef2 100644
--- a/addOns/help_zh_CN/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
+++ b/addOns/help_zh_CN/src/main/javahelp/contents/ui/dialogs/options/ascaninput.html
@@ -39,6 +39,10 @@ All Requests
Cookie数据
Request cookies.
+Encode Cookie Values
+If selected the cookie values will be URL encoded when attacked.
+By default they will not be encoded - this is new in ZAP 2.15.0, previously they were always encoded.
+
内置输入向量处理程序
The data formats that the active scanner will target:
diff --git a/addOns/help_zh_CN/src/main/javahelp/contents/ui/dialogs/options/script.html b/addOns/help_zh_CN/src/main/javahelp/contents/ui/dialogs/options/script.html
index 2d0b1f420..961084e17 100644
--- a/addOns/help_zh_CN/src/main/javahelp/contents/ui/dialogs/options/script.html
+++ b/addOns/help_zh_CN/src/main/javahelp/contents/ui/dialogs/options/script.html
@@ -11,6 +11,10 @@ Options Scripts screen
This screen allows you to configure the script options:
+
+Enable scripts loaded from directories
+If this option is selected then all of the scripts loaded from the specified directories will be enabled by default.
+
Directories
A list of directories from which scripts will be loaded. ZAP will read (and write) the scripts using the character encoding UTF-8.
The scripts must be in subdirectories named after the relevant script type (such as 'active', 'passive', 'proxy' etc) and must have an appropriate extension for the script language used.
diff --git a/addOns/help_zh_CN/src/main/javahelp/contents/ui/tabs/httpsessions.html b/addOns/help_zh_CN/src/main/javahelp/contents/ui/tabs/httpsessions.html
index 3338e02e7..940dc48c9 100644
--- a/addOns/help_zh_CN/src/main/javahelp/contents/ui/tabs/httpsessions.html
+++ b/addOns/help_zh_CN/src/main/javahelp/contents/ui/tabs/httpsessions.html
@@ -30,7 +30,7 @@ HTTP Sessions tab
Each of the entries in the Sessions table can be right clicked,
which activates the Popup Menu, with the following options:
- - Copy Session Token Value to Clipboard - copies the value of the
+
- Copy Session Token Value - copies the value of the
selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab
diff --git a/addOns/help_zh_CN/src/main/javahelp/index.xml b/addOns/help_zh_CN/src/main/javahelp/index.xml
index 01179c987..b9df7b17d 100644
--- a/addOns/help_zh_CN/src/main/javahelp/index.xml
+++ b/addOns/help_zh_CN/src/main/javahelp/index.xml
@@ -87,6 +87,7 @@
+
diff --git a/addOns/help_zh_CN/src/main/javahelp/toc.xml b/addOns/help_zh_CN/src/main/javahelp/toc.xml
index 38df0f5bd..89e850699 100644
--- a/addOns/help_zh_CN/src/main/javahelp/toc.xml
+++ b/addOns/help_zh_CN/src/main/javahelp/toc.xml
@@ -120,6 +120,7 @@
+