Changes
This release is a security release and is highly recommended for all users of the zap-advanced ScanType.
Big thanks to @patrykzzz for pointing out the issue and providing a fix 🙌
🔒 Security
When using the JSON authentication method in the ZAP Advanced scanner the python script configuring the ZAP was logging the credentials (username & password) used. The vulnerability is present in our secureCodeBox scripts, not in ZAP itself. Only the zap-advanced ScanType is affected, zap-baseline-scan, zap-api-scanand zap-full-scan are not affected.
- Change log level for json authentication log (closes #1497) @patrykzzz (#1500)
Distribution
Contributors
Thanks to all our contributors supporting this project 🤗
@patrykzzz