zaproxy/zaproxy issues and pull requests

#8516 - False positive with Remote Code Execution - Shell Shock

Issue - State: closed - Opened by jitendra-90 5 months ago - 7 comments
Labels: FalsePositive, add-on

#8514 - False Positive with cloud metadata due to receiving a successful response HTTP/1.1 200 OK

Issue - State: open - Opened by nuhasha 5 months ago - 5 comments
Labels: FalsePositive, add-on

#8509 - UI search not highlighting correctly

Issue - State: closed - Opened by deoktr 6 months ago - 3 comments
Labels: bug, duplicate

#8509 - UI search not highlighting correctly

Issue - State: closed - Opened by deoktr 6 months ago - 3 comments
Labels: bug, duplicate

#8508 - Failed to attack URL error appeared during autoscan specific site

Issue - State: closed - Opened by JuraLys 6 months ago - 6 comments
Labels: bug, add-on

#8506 - ZAP creates an incorrect Authorization header when testing APIs

Issue - State: closed - Opened by AlBellom 6 months ago - 8 comments

#8501 - Heartfelt thank you

Issue - State: closed - Opened by LIttleAncientForestKami 6 months ago - 5 comments

#8500 - HAR import fails silently

Issue - State: closed - Opened by LIttleAncientForestKami 6 months ago - 8 comments
Labels: bug, add-on, in:exim

#8491 - ZAP 2.15.0 installer (Windows x64) detected as malicious by Microsoft Defender Antivirus

Issue - State: closed - Opened by ksast 6 months ago - 21 comments

#8489 - OpenAPI Import vnd.api+json support

Issue - State: open - Opened by malandles 6 months ago - 3 comments
Labels: bug, add-on, in:openapi

#8487 - Getting High Alert ("SQL injection may be possible"), whie we are not using sql in the application.

Issue - State: closed - Opened by jitendra-90 6 months ago - 7 comments
Labels: bug, InsufficientEvidence, add-on

#8484 - Separate nodes for multipart/form-data POSTs to same URL with different parameters

Issue - State: open - Opened by psiinon 6 months ago
Labels: enhancement, Usability

#8477 - GraalVM JavaScript engine not loading with Java 22

Issue - State: open - Opened by SamDubYah 6 months ago - 5 comments
Labels: bug, add-on, in:graaljs, backlog

#8460 - Incomplete report for template Risk and Confidence HTML

Issue - State: closed - Opened by GunoH 7 months ago - 18 comments
Labels: bug, add-on, in:reports

#8430 - ZAP does not pause autoscan when internet connection become lost

Issue - State: closed - Opened by JuraLys 8 months ago - 4 comments
Labels: duplicate, enhancement

#8380 - False Positive - Timestamp Disclosure

Issue - State: open - Opened by njmulsqb 9 months ago - 2 comments
Labels: FalsePositive, add-on

#8379 - False Positive - Path Traversal

Issue - State: open - Opened by njmulsqb 9 months ago - 2 comments
Labels: FalsePositive, add-on

#8375 - Add telemetry to toolbar buttons

Issue - State: closed - Opened by njmulsqb 9 months ago - 2 comments
Labels: enhancement, Component-UI

#8375 - Add telemetry to toolbar buttons

Issue - State: open - Opened by njmulsqb 9 months ago - 1 comment
Labels: enhancement, Component-UI

#8356 - Add more features to Access Control Add-on

Issue - State: open - Opened by njmulsqb 9 months ago - 7 comments
Labels: enhancement, add-on, tracker, in:accessControl

#8345 - Disable report "display in browser" in docker

Issue - State: open - Opened by deltacloud9 9 months ago - 9 comments
Labels: Usability, add-on, in:reports

#8345 - Disable report "display in browser" in docker

Issue - State: open - Opened by deltacloud9 9 months ago - 9 comments
Labels: Usability, add-on, in:reports

#8329 - owasp/zap2docker-stable:2.14.0 - No manifest file causing build error on Jenkins

Issue - State: closed - Opened by deepamalik18 9 months ago - 7 comments
Labels: InsufficientEvidence, jenkins

#8321 - Update zap.sh script to get memory usage in containers

Pull Request - State: closed - Opened by yannickvr 10 months ago - 9 comments
Labels: enhancement

#8320 - SSE add-on should handle empty "id" field more gracefully

Issue - State: open - Opened by micvm 10 months ago - 17 comments
Labels: bug, add-on

#8314 - MIssing icons

Issue - State: closed - Opened by JenningsAutomation 10 months ago - 20 comments
Labels: bug, Component-UI

#8306 - ZAP Marketplace not loading

Issue - State: closed - Opened by K1ngNiel 10 months ago - 17 comments
Labels: InsufficientEvidence

#8303 - PII Disclosure false positive in GUIDs and similar hexadecimal strings.

Issue - State: closed - Opened by sarahelsaig 10 months ago - 3 comments
Labels: InsufficientEvidence, add-on

#8301 - Missing Implementation: deleteLeaf and deleteSubtree Methods

Issue - State: closed - Opened by gitgoap 10 months ago - 3 comments
Labels: Type-Task

#8278 - Switching from POST to PUT in Request Editor converts payload into URL encoding

Issue - State: open - Opened by eviltester 11 months ago - 1 comment
Labels: bug, Component-UI, Usability

#8273 - Passive scan results might leak into a different session with slow scan rules

Issue - State: open - Opened by JuraLys 11 months ago - 14 comments
Labels: bug

#8271 - ZAP should provide ability to pause autoscan and continue scan after pause

Issue - State: open - Opened by JuraLys 11 months ago - 18 comments
Labels: enhancement, add-on, good second issue

#8232 - Add application/x-x509-ca-cert to expected API content types

Pull Request - State: closed - Opened by ssthom 11 months ago - 1 comment
Labels: Type-Task

#8231 - Add application/x-x509-ca-cert to avoid Unexpected Content-Type being returned

Issue - State: closed - Opened by ssthom 11 months ago - 1 comment
Labels: wontfix, Docker

#8223 - Active scanner - Requests are being resent in case of defined "Retry-After" header

Issue - State: closed - Opened by rado-o 12 months ago - 3 comments
Labels: duplicate, enhancement, add-on, in:network

#8219 - Active scan gets prematurely terminated in automation framework

Issue - State: open - Opened by ewiodev2 12 months ago - 6 comments
Labels: bug

#8211 - Bump the base Docker image from bullseye-slim to bookworm-slim

Issue - State: closed - Opened by sastorsl 12 months ago - 1 comment
Labels: Type-Task, Docker

#8189 - Link website alert pages <-> help

Issue - State: open - Opened by psiinon about 1 year ago - 21 comments
Labels: enhancement, IdealFirstBug, add-on, good first issue, HacktoberFest

#8187 - ConcurrentModificationException in Scan rule 'Session Management Response Identified'

Issue - State: open - Opened by double16 about 1 year ago - 1 comment
Labels: bug, add-on, in:authhelper

#8170 - Option to stop/pause scans on connection problems

Issue - State: open - Opened by double16 about 1 year ago - 4 comments
Labels: enhancement

#8169 - tech detection: Technology tab add button to limit to in scope sites

Issue - State: open - Opened by double16 about 1 year ago
Labels: enhancement, add-on, in:wappalyzer

#8148 - Add sarif report generation when using zap full san script

Issue - State: closed - Opened by megalucio about 1 year ago - 3 comments
Labels: enhancement, Docker

#8140 - tech detection (wappalyzer): Raise info alerts for found tech

Issue - State: closed - Opened by double16 about 1 year ago - 5 comments
Labels: duplicate, enhancement, add-on, in:wappalyzer

#8064 - Allow to configure HSQLDB DEFRAG value

Pull Request - State: open - Opened by sjames-au about 1 year ago - 11 comments
Labels: Type-Task

#8062 - Set a sensible default for HSQL defrag

Issue - State: open - Opened by sjames-au about 1 year ago - 10 comments
Labels: enhancement, Performance

#8056 - Check that Vulnerabilities have appropriate solutions

Issue - State: open - Opened by kingthorin about 1 year ago - 15 comments
Labels: enhancement, IdealFirstBug, add-on, good first issue, HacktoberFest, in:commonlib

#8022 - Obey global excludes when importing

Issue - State: open - Opened by psiinon about 1 year ago - 4 comments
Labels: bug, add-on, tracker, in:network, in:graphql, in:openapi, in:soap, in:exim, in:postman

#8021 - Support context when importing

Issue - State: open - Opened by psiinon about 1 year ago - 2 comments
Labels: enhancement, add-on, tracker, in:graphql, in:openapi, in:soap, in:exim, in:postman

#8020 - Client add-on issue tracker

Issue - State: open - Opened by psiinon about 1 year ago - 5 comments
Labels: add-on, tracker, in:client

#7983 - ZAP first time user onboarding / user experience issues

Issue - State: open - Opened by disconnect3d over 1 year ago - 5 comments
Labels: enhancement, Usability

#7957 - 100% CPU with the passive scan rule "Session Management Response Identified"

Issue - State: open - Opened by Sad-theFaceless over 1 year ago - 9 comments
Labels: bug, Performance, add-on, in:authhelper

#7950 - Exception in thread "ZAP-ActiveScanner-0" java.lang.StackOverflowError: null

Issue - State: open - Opened by L-Shier over 1 year ago - 7 comments
Labels: bug

#7926 - Improve Vulnerable JS Library alert details

Issue - State: closed - Opened by robmro27 over 1 year ago - 21 comments
Labels: enhancement, Usability, add-on, in:retire

#7907 - TLS Failure when using ZAP as proxy for Cypress

Issue - State: open - Opened by james-luther over 1 year ago - 3 comments
Labels: bug, add-on, in:network

#7871 - Update localized resources

Pull Request - State: closed - Opened by zapbot over 1 year ago
Labels: Type-Task

#7870 - Full scan not stopping with -m parameter

Issue - State: closed - Opened by lindy63 over 1 year ago - 3 comments
Labels: Docker

#7869 - Allow to limit alerts per rule during active scan

Pull Request - State: closed - Opened by thc202 over 1 year ago - 2 comments
Labels: enhancement

#7868 - HTTP Header Path Traversal Error Timeout

Issue - State: closed - Opened by ibndias over 1 year ago - 8 comments
Labels: question, add-on, in:network

#7867 - 2.12.0 occasionally frozen on startup waiting for Session pop-up.

Issue - State: closed - Opened by c-goosen over 1 year ago - 5 comments
Labels: bug, InsufficientEvidence

#7866 - Correct macOS upload job

Pull Request - State: closed - Opened by thc202 over 1 year ago
Labels: Type-Task

#7865 - Improve release tasks

Pull Request - State: closed - Opened by thc202 over 1 year ago
Labels: Type-Task

#7864 - Update localized resources

Pull Request - State: closed - Opened by zapbot over 1 year ago
Labels: Type-Task

#7863 - Build/upload macOS dist with GitHub workflow

Pull Request - State: closed - Opened by thc202 over 1 year ago
Labels: Type-Task

#7862 - docs: Reserve ID for fetch metadata request headers scan rule

Pull Request - State: closed - Opened by aayushhyadav over 1 year ago - 1 comment
Labels: Type-Task

#7861 - Add key action badges

Pull Request - State: closed - Opened by psiinon over 1 year ago - 1 comment
Labels: Type-Task

#7860 - Integration tests - add user/next/pwd auth cases

Pull Request - State: closed - Opened by psiinon over 1 year ago - 6 comments

#7859 - Update localized resources

Pull Request - State: closed - Opened by zapbot over 1 year ago
Labels: Type-Task

#7858 - Report AF job - add support for sites

Issue - State: open - Opened by psiinon over 1 year ago - 1 comment
Labels: enhancement, add-on, in:reports

#7857 - Allow to add/remove authentication and session management methods

Pull Request - State: open - Opened by forgedhallpass over 1 year ago - 9 comments
Labels: Type-Task

#7856 - Resolve external OpenAPI references through ZAP

Issue - State: open - Opened by navzen2000 over 1 year ago - 37 comments
Labels: bug, add-on, third-party, in:openapi

#7855 - [WIP] Remove CFU checks in Docker scripts

Pull Request - State: open - Opened by thc202 over 1 year ago
Labels: Type-Task, Docker

#7854 - [NodeJS API] remove await from nodejs generator

Pull Request - State: closed - Opened by njmulsqb over 1 year ago - 5 comments
Labels: Type-Task

#7853 - Update localized resources

Pull Request - State: closed - Opened by zapbot over 1 year ago
Labels: Type-Task

#7852 - Don't install/update add-ons if '-silent' option specified

Pull Request - State: closed - Opened by psiinon over 1 year ago - 1 comment
Labels: Type-Task

#7851 - Allow ability to manage when moving to a new ZAP docker image

Issue - State: closed - Opened by midwestKC-coder over 1 year ago - 2 comments
Labels: duplicate, enhancement, Docker

#7850 - Integration tests: check verif autodetect

Pull Request - State: closed - Opened by psiinon over 1 year ago - 2 comments
Labels: Type-Task

#7849 - Update localized resources

Pull Request - State: closed - Opened by zapbot over 1 year ago
Labels: Type-Task

#7848 - Fix the integration tests

Pull Request - State: closed - Opened by psiinon over 1 year ago - 1 comment
Labels: Type-Task

#7847 - Add auto-detect checking strategy

Pull Request - State: closed - Opened by psiinon over 1 year ago - 1 comment
Labels: enhancement

#7846 - Update localized resources

Pull Request - State: closed - Opened by zapbot over 1 year ago
Labels: Type-Task

#7845 - ZapXmlConfiguration: Add unit tests & adjust list delimiter

Pull Request - State: closed - Opened by kingthorin over 1 year ago - 2 comments
Labels: Type-Task

#7844 - Retain add-on's mandatory state

Pull Request - State: closed - Opened by thc202 over 1 year ago
Labels: bug

#7843 - Deprecate `Proxy`/`ProxyServer` related methods

Pull Request - State: closed - Opened by thc202 over 1 year ago
Labels: enhancement

#7842 - Update localized resources

Pull Request - State: closed - Opened by zapbot over 1 year ago
Labels: Type-Task

#7841 - Testing script-based Authentication on DVWA failing

Issue - State: closed - Opened by preewo over 1 year ago - 7 comments

#7840 - Reserve ID for alerts raised by the GraphQL Add-on

Pull Request - State: closed - Opened by ricekot over 1 year ago - 1 comment
Labels: Type-Task

#7839 - Update localized resources

Pull Request - State: closed - Opened by zapbot over 1 year ago
Labels: Type-Task

#7838 - Concurrent HTTP/2 requests are not returning data consistently

Issue - State: closed - Opened by Jegeva over 1 year ago - 4 comments
Labels: bug, add-on, in:network

#7837 - Allow to choose to negotiate application protocols based on server capabilities

Issue - State: open - Opened by Jegeva over 1 year ago - 9 comments
Labels: enhancement, add-on, in:network

#7836 - import context: Handle duplicates more gracefully

Pull Request - State: open - Opened by kingthorin over 1 year ago - 2 comments

#7835 - Integration test fixes

Pull Request - State: closed - Opened by psiinon over 1 year ago - 1 comment
Labels: Type-Task

#7834 - ZAP does not recognize successful SQL Injection

Issue - State: open - Opened by virtualmarc over 1 year ago
Labels: add-on, FalseNegative

#7833 - alertFilter job is broken for Automation Framework

Issue - State: closed - Opened by UgniusV over 1 year ago - 8 comments
Labels: add-on, in:alertFilters

#7832 - Update localized resources

Pull Request - State: closed - Opened by zapbot over 1 year ago
Labels: Type-Task

#7831 - Add initial authentication integration tests

Pull Request - State: closed - Opened by psiinon over 1 year ago - 3 comments
Labels: Type-Task

#7828 - Fix JavaDoc issues

Pull Request - State: closed - Opened by sigee over 1 year ago - 4 comments
Labels: Type-Task

#7826 - Some ascan rules not authenticating

Issue - State: open - Opened by psiinon over 1 year ago - 4 comments
Labels: bug, add-on

#7817 - [WIP] Remove Crawljax log config

Pull Request - State: open - Opened by thc202 over 1 year ago
Labels: Type-Task

#7815 - can't connect to www.zaproxy.org but others can

Issue - State: closed - Opened by andrealbergaria over 1 year ago - 2 comments
Labels: question, InsufficientEvidence

#7802 - Scan freezes on newer macbooks (2021)

Issue - State: closed - Opened by zhannaavanesova over 1 year ago - 9 comments

GitHub / zaproxy/zaproxy issues and pull requests