Version 1.6.0

Release Notes

Changes

• Explicitly disable HTTP caching, to always obtain a fresh response from ZAP.

New APIs

• WebSockets ("websocket").

Available Libraries

The following libraries are available in this release:

• zap-api-1.6.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
• zap-clientapi-1.6.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
• zap-clientapi-ant-1.6.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.7.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Version 1.5.0

Release Notes

Updated APIs

• Core APIs updated for ZAP version 2.7.0.

Available Libraries

The following libraries are available in this release:

• zap-api-1.5.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
• zap-clientapi-1.5.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
• zap-clientapi-ant-1.5.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.7.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Version 1.4.0

Release Notes

Ant Tasks

• New task to create ZAP reports:

  <!-- Defined the task: -->
  <taskdef name="reportTask" classname="org.zaproxy.clientapi.ant.ReportTask" />
  <!-- Call the task: -->
  <reportTask zapAddress="localhost" zapPort="8080" apikey="API-KEY"
      type="html" file="report.html" overwrite="true" />
      <!--
          type - the type/format of the report (e.g. HTML, XML, MD), defaults to HTML.
          file - where the report should be created (can be an absolute path, if relative it is resolved against the build directory).
          overwrite - if the file should be overwritten.
      -->

Available Libraries

The following libraries are available in this release:

• zap-clientapi-ant-1.4.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.6.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Version 1.3.0

Release Notes

New APIs

• Import files containing URLs ("importurls").
• OpenAPI Support ("openapi").
• Replacer ("replacer").

Ant Tasks

• Update scan tasks to wait for the corresponding scan to finish.

Available Libraries

The following libraries are available in this release:

• zap-api-1.3.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
• zap-clientapi-1.3.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
• zap-clientapi-ant-1.3.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.6.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Version 1.2.0

Release Notes

Updated APIs

• Core APIs updated for ZAP version 2.6.0.
• AJAX Spider API
  • Allows to obtain the full results of a scan, messages in/out of scope and message with I/O errors.

Available Libraries

The following libraries are available in this release:

• zap-api-1.2.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
• zap-clientapi-1.2.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
• zap-clientapi-ant-1.2.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.6.0 and above (while it's compatible with older ZAP versions new APIs/features will not work).

Version 1.1.1

Release Notes

Bug Fixes

• Fixed a bug that prevented the new API methods (that don't require the API key) from being used with ZAP versions <= 2.5.0.

Available Libraries

The following libraries are available in this release:

• zap-api-1.1.1.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
• zap-clientapi-1.1.1.jar - contains just the Java API client implementation (similar to library available in Maven Central);
• zap-clientapi-ant-1.1.1.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.5.0 and above.

Version 1.1.0

Release Notes

Enhancements

• The ClientApi now allows to set the API key through the constructor, which ensures that the API key is sent whenever required. The API methods that allowed to pass the API key were deprecated in favour of using the new constructor.
• It's now possible to specify the API key in all Ant tasks.
• It's now possible to obtain the keys of the values of an ApiResponseSet (also, deprecated unused/unnecessary constructor and method).
• The Alert now exposes the alert ID, message ID and scanner ID.
• Added confidence "False Positive" (enum Alert.Confidence).
• Alert and AlertTask now use name instead of alert for the name of the alert (zaproxy/zaproxy#1341), older methods were deprecated.

Bug Fixes

• ApiResponseSet now has as values ApiResponse (zaproxy/zaproxy#3228).

New APIs

• Context Alert Filters API, for more information refer to the help page: https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAlertFiltersAlertFilter

Updated APIs

• AJAX Spider API
  • Allows to scan a context, as a user and just a subtree.
• Selenium API
  • Allows to choose which Firefox binary is used and set the path to geckodriver.

Available Libraries

The following libraries are available in this release:

• zap-api-1.1.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
• zap-clientapi-1.1.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
• zap-clientapi-ant-1.1.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.5.0 and above.

Version 1.0.0

The following libraries are available in this release:

• zap-api-1.0.0.jar - contains Java API client implementation and its dependencies, ideally to run as standalone library;
• zap-clientapi-1.0.0.jar - contains just the Java API client implementation (similar to library available in Maven Central);
• zap-clientapi-ant-1.0.0.jar - contains just the Ant tasks that wrap Java API client implementation.

Intended for use with OWASP ZAP version 2.5.0 and above.