Merge pull request #77 from thc202/release-1.7.0

Release 1.7.0

Author: kingthorin

.gitattributes

@@ -1,13 +1,13 @@
-* text=auto
+* text=auto eol=lf
 
 *.java text
 *.properties text
 *.md text
 *.xml text
 *.gradle text
 
-*.bat text eol=crlf
-*.sh text eol=lf
-gradlew text eol=lf
+*.bat eol=crlf
+*.sh text
+gradlew text
 
 *.jar binary

.travis.yml

@@ -1,9 +1,8 @@
 language: java
-sudo: false
 
 jdk:
   - oraclejdk8
-  - oraclejdk9
+  - openjdk11
 
 before_cache:
   - rm -f  $HOME/.gradle/caches/modules-2/modules-2.lock

CHANGELOG.md

@@ -0,0 +1,110 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.7.0] - 2019-06-13
+### Added
+- Add API for SOAP Scanner add-on, version 3.
+
+### Changed
+- Core APIs updated for ZAP version 2.8.0.
+- Update Replacer API, per release of version 7.
+- Update Websocket API, per release of version 19.
+- Update Selenium API, per release of version 15.0.0.
+- Add description to Importurls and AlertFilter API endpoints.
+
+### Fixed
+- Disable XXE processing when parsing ZAP API responses.
+- Ensure alerts file is always closed.
+
+## [1.6.0] - 2018-04-10
+### Added
+- WebSockets ("websocket").
+
+### Fixed
+- Explicitly disable HTTP caching, to always obtain a fresh response from ZAP.
+
+## [1.5.0] - 2017-11-30
+### Changed
+- Core APIs updated for ZAP version 2.7.0.
+
+## [1.4.0] - 2017-07-13
+### Added
+- New Ant task to create ZAP reports:
+  ```XML
+  <!-- Defined the task: -->
+  <taskdef name="reportTask" classname="org.zaproxy.clientapi.ant.ReportTask" />
+  <!-- Call the task: -->
+  <reportTask zapAddress="localhost" zapPort="8080" apikey="API-KEY"
+      type="html" file="report.html" overwrite="true" />
+      <!--
+          type - the type/format of the report (e.g. HTML, XML, MD), defaults to HTML.
+          file - where the report should be created (can be an absolute path, if relative it is resolved against the build directory).
+          overwrite - if the file should be overwritten.
+      -->
+  ```
+
+## [1.3.0] - 2017-06-23
+### Added
+- Import files containing URLs ("importurls").
+- OpenAPI Support ("openapi").
+- Replacer ("replacer").
+
+### Changed
+- Update scan Ant tasks to wait for the corresponding scan to finish.
+
+## [1.2.0] - 2017-03-29
+### Changed
+- Core APIs updated for ZAP version 2.6.0.
+- Update AJAX Spider API
+  - Allows to obtain the full results of a scan, messages in/out of scope
+  and message with I/O errors.
+
+## [1.1.1] - 2017-03-09
+### Fixed
+- Fixed a bug that prevented the new API methods (that don't require
+the API key) from being used with ZAP versions <= 2.5.0.
+
+## [1.1.0] - 2017-03-09
+### Added
+- Context Alert Filters API, for more information refer to the help page:
+https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAlertFiltersAlertFilter
+- The `Alert` now exposes the alert ID, message ID, and scanner ID.
+- Added confidence "False Positive" (enum `Alert.Confidence`).
+
+### Changed
+- The `ClientApi` now allows to set the API key through the constructor,
+which ensures that the API key is sent whenever required. 
+- It's now possible to obtain the keys of the values of an `ApiResponseSet`
+(also, deprecated unused/unnecessary constructor and method).
+- It's now possible to specify the API key in all Ant tasks.
+- Update AJAX Spider API
+  - Allows to scan a context, as a user and just a subtree.
+- Update Selenium API
+  - Allows to choose which Firefox binary is used and set the path to geckodriver.
+
+### Deprecated
+ - The API methods that allowed to pass the API key were deprecated in
+favour of using the new `ClientApi` constructor.
+- `Alert` and `AlertTask` now use `name` instead of `alert` for the name
+of the alert (zaproxy/zaproxy#1341), older methods were deprecated.
+
+### Fixed
+- `ApiResponseSet` now has as values `ApiResponse` (zaproxy/zaproxy#3228).
+
+## [1.0.0] - 2016-06-03
+### Added
+ - First version as "stand alone library", it was migrated from the [zaproxy repository](https://github.com/zaproxy/zaproxy)
+ and released to Maven Central.
+
+[1.7.0]: https://github.com/zaproxy/zap-api-java/compare/v1.6.0...v1.7.0
+[1.6.0]: https://github.com/zaproxy/zap-api-java/compare/v1.5.0...v1.6.0
+[1.5.0]: https://github.com/zaproxy/zap-api-java/compare/v1.4.0...v1.5.0
+[1.4.0]: https://github.com/zaproxy/zap-api-java/compare/v1.3.0...v1.4.0
+[1.3.0]: https://github.com/zaproxy/zap-api-java/compare/v1.2.0...v1.3.0
+[1.2.0]: https://github.com/zaproxy/zap-api-java/compare/v1.1.1...v1.2.0
+[1.1.1]: https://github.com/zaproxy/zap-api-java/compare/v1.1.0...v1.1.1
+[1.1.0]: https://github.com/zaproxy/zap-api-java/compare/v1.0.0...v1.1.0
+[1.0.0]: https://github.com/zaproxy/zap-api-java/compare/6c778f77a817e1ff71e9279e4759535d482e8393...v1.0.0

CHANGES.md

@@ -2,7 +2,7 @@
 
 [![Version](https://maven-badges.herokuapp.com/maven-central/org.zaproxy/zap-clientapi/badge.svg)](https://maven-badges.herokuapp.com/maven-central/org.zaproxy/zap-clientapi/)
 [![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
-[![Build Status](https://api.travis-ci.org/zaproxy/zap-api-java.svg?branch=develop)](https://travis-ci.org/zaproxy/zap-api-java)
+[![Build Status](https://api.travis-ci.com/zaproxy/zap-api-java.svg?branch=develop)](https://travis-ci.com/zaproxy/zap-api-java)
 [![Known Vulnerabilities](https://snyk.io/test/github/zaproxy/zap-api-java/badge.svg)](https://snyk.io/test/github/zaproxy/zap-api-java)
 
 The Java implementation to access the [OWASP ZAP API](https://github.com/zaproxy/zaproxy/wiki/ApiDetails). For more information
@@ -17,14 +17,14 @@ This project produces two libraries:
 
 The latest released versions can be downloaded from the [Releases page](https://github.com/zaproxy/zap-api-java/releases).
 
-Or, if using a dependency management tool, for example [Maven](https://maven.apache.org/), the `zap-clientapi` library
-can be obtained from [Maven Central](http://search.maven.org/) with following coordinates:
+Or, if using a dependency management tool, for example [Maven](https://maven.apache.org/) or [Gradle](https://gradle.org/), the `zap-clientapi` library
+can be obtained from [Maven Central](https://search.maven.org/) with following coordinates:
 
  * GroupId: `org.zaproxy`
  * ArtifactId: `zap-clientapi`
- * Version: `1.6.0`
+ * Version: `1.7.0`
 
-Previous releases are also available, more details can be found in [Maven Central](http://search.maven.org/#search|ga|1|org.zaproxy).
+Previous releases are also available, more details can be found in [Maven Central](https://search.maven.org/search?q=g:org.zaproxy%20AND%20a:zap-clientapi&core=gav).
 
 ## Getting Help
 
@@ -53,87 +53,3 @@ To install the artifacts to the local Maven repository you can run the following
     ./gradlew install
 
 The installed artifacts (`zap-clientapi`) are then available for other (local) projects to use.
-
-## Releasing
-
-In the following sections it will be explained the steps necessary to release a new version of the libraries. In all steps the
-version to be released is referred to as `<version-to-release>`, which should be replaced with appropriate version number
-(e.g. 2.1.0).
-
-### Release Branching
-
-The project follows the [git-flow branching model](http://nvie.com/posts/a-successful-git-branching-model/). To release a new version it needs to be created a new release branch, update the version, and tag:
-  1. Create a release branch:
-     `git checkout -b release-<version-to-release> develop`;
-  2. Update version in:
-     1. `build.gradle` file (e.g. remove `-SNAPSHOT`);
-     2. source code (e.g. `@since` and `@deprecated` JavaDoc tags);
-     3. `README.md` file (in `How to Obtain` section);
-  3. Review that everything is correct and commit the changes:
-     `git commit -S -m "Bump version number to <version-to-release>"`
-  4. Checkout `master` and merge the release branch:
-     1. `git checkout master`
-     2. `git merge -S --no-ff release-<version-to-release> -m "Merge branch 'release-<version-to-release>' into master"`
-  5. Tag the new version:
-     `git tag -s v<version-to-release> -m "Version <version-to-release>"`
-
-Reintegrate the changes into `develop` branch:
-  1. Checkout develop branch:
-     `git checkout develop`
-  2. Merge the `release-<version-to-release>` branch:
-     `git merge -S --no-ff release-<version-to-release> -m "Merge branch 'release-<version-to-release>' into develop"`
-     1. Resolve possible conflicts;
-         1. The version can be bumped to the next developing version (e.g. increase the minor version and add `-SNAPSHOT`);
-         2. Continue with the merge (if the version was bumped mention it in the commit message);
-  3. Bump to the next developing version now (e.g. increase the minor version and add `-SNAPSHOT`), if not done during the merge:
-     `git commit -S -m "Bump version number to <developing-version>-SNAPSHOT"`
-
-Delete the release branch:
-
-    git branch -d release-<version-to-release>
-
-Push the branches (`develop` and `master`) and tag:
-
-    git push upstream develop master v<version-to-release>
-
-(Assuming `upstream` is the zaproxy repo.)
-
-### Build for Release
-
-Checkout the tagged version:
-
-    git checkout v<version-to-release>
-
-Create the artifacts/libraries necessary for the release:
-
-    ./gradlew clean build
-
-### Release to Maven Central
-
-To upload the built artifacts to OSSRH you can run the following:
-
-    ./gradlew uploadArchives
-
-Once uploaded continue with the release process in OSSRH:
-http://central.sonatype.org/pages/releasing-the-deployment.html
-
-NOTE: The following properties must be defined (e.g. in file `GRADLE_HOME/gradle.properties` ) to successfully sign and
-upload the artifacts:
- - `signing.keyId` - the ID of the GPG key, used to sign the artifacts;
- - `ossrhUsername` - the OSSRH username;
- - `ossrhPassword` - the OSSRH password for above username.
-
-Also, the user must have permissions to upload to GroupId `org.zaproxy`.
-
-### GitHub Release
-
-Release in GitHub:
- 1. Draft a [new release](https://github.com/zaproxy/zap-api-java/releases/new):
-    - Tag: `v<version-to-release>`
-    - Title: `Version <version-to-release>`
-    - Description: (Add a summary of the changes done in the new version and mention the artifacts/libraries available.)
- 2. Upload the libraries:
-     - `zap-api-<version-to-release>.jar`
-     - `zap-clientapi-<version-to-release>.jar`
-     - `zap-clientapi-ant-<version-to-release>.jar`
- 3. Publish release.