Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update data #1969

Merged
merged 1 commit into from
Jul 11, 2023
Merged

Update data #1969

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion site/content/docs/desktop/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ weight: 1
cascade:
addon:
id: help
version: 15.0.0
version: 16.0.0
---

# OWASP ZAP Desktop User Guide
Expand Down
19 changes: 14 additions & 5 deletions site/content/docs/desktop/cmdline.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ All options below can be passed to any of these.

## Options

ZAP supports the following command line options:
ZAP (core) supports the following command line options:

| | | |
|---|-----------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
Expand All @@ -50,8 +50,6 @@ ZAP supports the following command line options:
| | -help | The same as -h |
| | -newsession \<path\> | Creates a new session at the given location |
| | -session \<path\> | Opens the given session after starting ZAP |
| | -host \<host\> | Overrides the host used for proxying specified in the configuration file |
| | -port \<port\> | Overrides the port used for proxying specified in the configuration file |
| | -lowmem | Use the database instead of memory as much as possible - this is still experimental |
| | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental |
| | -nostdout | Disables the default logging through standard output |
Expand All @@ -73,8 +71,6 @@ Configuration keys should be specified using the dot notation based their locati
<zap-script> -config api.key=12345
```

Note that add-ons can add extra command line options.


Examples:

Expand All @@ -90,9 +86,22 @@ Examples:
<zap-script> -session /full/path/to/existing/session -script /full/path/to/script.js -cmd
```

## Add-ons

Add-ons can add extra command line options which are described in their own help pages.


For the command line options that allow to configure the main local proxy, refer to the [Network Command Line](/docs/desktop/addons/network/cmdline/) help page.

## See also

| | | |
|---|------------------------------------------|---------------------------------|
| | [Introduction](/docs/desktop/) | the introduction to ZAP |
| | [API](/docs/desktop/start/features/api/) | to control ZAP programmatically |

## Official Videos

| | |
|---|-----------------------------------------------------------------------------------------------------|
| | [ADDO Automation: Automation Command Line](https://play.vidyard.com/g97SccHH52RXnAcBYBmDGA) (14:03) |
14 changes: 14 additions & 0 deletions site/content/docs/desktop/credits.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,13 @@ People who have made contributions to ZAP over the years, in alphabetical order:
| | Tushar Aggarwal |
| | Amro Alolaqi |
| | [Matthias Altmann](https://secf00tprint.github.io/blog) ([@secf00tprint](https://twitter.com/secf00tprint)) |
| | André Alves ([@andrealvesdev](https://twitter.com/andrealvesdev)) |
| | Mário Areias |
| | Matt Austin ([@mattaustin](https://twitter.com/mattaustin)) |
| | Abdelhadi Azouni |
| | Mennouchi Islam Azeddine |
| | Ahmed Bahajjaj ([@madanalogy](https://github.com/madanalogy)) |
| | Yang Bai ([@Geekby](https://www.geekby.site/)) |
| | Florent Baillais ([@flocurity](https://twitter.com/flocurity)) |
| | Adam Baldwin ([@adamhawkbaldwin](https://twitter.com/adamhawkbaldwin)) |
| | Jay Ball |
Expand All @@ -52,24 +54,32 @@ People who have made contributions to ZAP over the years, in alphabetical order:
| | Ailton Caetano |
| | Kim Carter ([@binarymist](https://twitter.com/binarymist)) |
| | Eranda Chandrika |
| | [ciceroff](https://github.com/ciceroff) |
| | Jonathan Claudius ([@claudijd](https://twitter.com/claudijd)) |
| | Adrian Clay |
| | Baptiste Crépin - AXA Group Security |
| | Johanna Curiel |
| | Chris Dailey ([@dailz-c](https://github.com/dailz-c)) |
| | Karl Dalley ([@gnirlos](https://github.com/gnirlos)) |
| | Anamika Das ([@AnamikaD](https://twitter.com/AnamikaD)) |
| | Patrick Double ([@double16](https://github.com/double16)) |
| | Mike Emery - Portcullis Security |
| | Leandro Ferrari - Talsoft SRL |
| | Freakyclown - Portcullis Security |
| | Michael Gabriel ([shamashel](https://github.com/shamashel)) |
| | Patrick Galley |
| | Lakshya Garg ([@LakiG](https://www.linkedin.com/in/lakshyaagarg/)) |
| | Scott Gerlach ([@sgerlach](https://twitter.com/sgerlach)) - StackHawk |
| | Giothysham |
| | Thiago Gomes |
| | Mark Goodwin |
| | Chris Grieger |
| | Daniel Grunwell (grunny) |
| | [GRVial](https://github.com/GRVial) |
| | Aryan Gupta ([LinkedIn](https://www.linkedin.com/in/aryan-gupta-78273a1b6)) |
| | Houcem Hachicha |
| | Wil Hadden ([@WilHadden](https://twitter.com/WilHadden)) |
| | David Hall |
| | Keith Hamasaki - TeamPraxis |
| | Niranjan Hegde (nhegde610) |
| | Omer Levi Hevroni |
Expand Down Expand Up @@ -99,6 +109,7 @@ People who have made contributions to ZAP over the years, in alphabetical order:
| | Robert Koch |
| | Savva Kodeikin |
| | Christian Koidl |
| | Chandaluri Vamsi Krishna ([@Vamsikrishna99C](https://twitter.com/Vamsikrishna99C)) |
| | Lars Kristensen |
| | Erik de Kuijper ([@edkpr](https://github.com/edkpr)) |
| | Gwilym Lewis – Appsecco |
Expand Down Expand Up @@ -129,6 +140,7 @@ People who have made contributions to ZAP over the years, in alphabetical order:
| | David Petrasovic |
| | Yvan Phélizot |
| | Pierre-David ([@ouaibe](https://github.com/ouaibe)) |
| | PlainUrban |
| | Paul Pollack |
| | Andrea Pompili (Yhawke), |
| | Prasad N. Shenoy |
Expand All @@ -154,6 +166,7 @@ People who have made contributions to ZAP over the years, in alphabetical order:
| | Alessandro Secco |
| | Nirojan Selvanathan ([@sshniro](https://twitter.com/sshniro)) |
| | Bill Sempf - Columbus OWASP |
| | Sparsh Sethi ([@code-sparsh](https://github.com/code-sparsh)) |
| | Chaitanya Sharma ([@phoenix24](https://twitter.com/phoenix24)) |
| | Zainab Al Showely |
| | Raul Siles - DinoSec |
Expand All @@ -163,6 +176,7 @@ People who have made contributions to ZAP over the years, in alphabetical order:
| | Benjamin Slack of <http://www.nimajneb.com/> |
| | Yannic Smeets |
| | Andreas Sommer |
| | Vitika Soni ([@VitikaSoni](https://github.com/VitikaSoni)) |
| | David Sopas ([@dsopas](https://twitter.com/dsopas)) |
| | Josh Soref ([@jsoref](https://github.com/jsoref/)) |
| | Cosmin Stefan-Dobrin |
Expand Down
6 changes: 6 additions & 0 deletions site/content/docs/desktop/releases/2.12.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ weight: 1
This is a bug fix and enhancement release, which now requires a minimum of Java 11.
As the main [zaproxy/zaproxy](https://github.com/zaproxy/zaproxy) repo has just reached 10k stars we're calling this the 'Ten Thousand Star' Release!

This release fixes an HTML Injection vulnerability in the ZAP Desktop which was rated a P3 / Medium level vulnerability. While we do not think that it can be exploited in any meaningful way, desktop users are still recommended to update from older ZAP versions a.s.a.p.

These release notes do not include all of the changes included in add-ons updated since 2.11.1.

Some of the more significant enhancements include:
Expand Down Expand Up @@ -172,6 +174,10 @@ The following add-ons are no longer included, having been superseded by the Impo
* Save Raw Message
* Save XML Message

## Desktop HTML Injection Fix

This release includes a fix to prevent HTML Injection in the ZAP Desktop GUI. Thank you to “issuefinder” for reporting this to us via our [bug bounty](https://bugcrowd.com/owaspzap) program. The vulnerability was rated as a P3 / Medium and desktop users are recommended to update from older ZAP versions a.s.a.p.

## Enhancements

* [Issue 1623](https://github.com/zaproxy/zaproxy/issues/1623) : Provide better error message when cert path validation fails
Expand Down
Loading