Release 2.16.1

This is a bug fix release, along with some minor enhancements.

This release was made possible thanks to Checkmarx who employ 3 of the Core Team to work on ZAP.

These release notes do not include all of the changes included in add-ons updated since 2.16.0.

The enhancements include:

Use Main Output Tab for Scripts

The Script Console no longer includes its own "Script Output" panel. Instead it uses the main Output tab.

Support Sub-tabs in Output Tab

The Output tab now supports sub-tabs. The Script Console add-on will add one tab for each script that generates any output, making it much easier to see where output messages come from.

API Support for Plugable Authentication and Session Management

The API now supports plugable Authentication and Session Management methods, which means you can configure modern options like Browser Based Authentication.

Authentication Enhancements

Many enhancements have been made to ensure ZAP handles authentication more easily and effectively, including support for TOTP.

Windows Native Decorations Support

ZAP now supports Native Decorations on Windows systems, providing a more unified and visually pleasing experience.

AJAX Spider URL Count

The AJAX Spider no longer counts URLs that are out of scope. This may affect any tests you have in place.

Dependency Updates

As usual the release includes dependency updates.

The following libraries were updated:

Commons Beanutils, 1.9.4 → 1.10.1
Commons Codec, 1.17.1 → 1.18.0
Commons Logging, 1.3.4 → 1.3.5
Commons Text, 1.12.0 → 1.13.0
log4j-1.2-api, 2.24.2 → 2.24.3
log4j-api, 2.24.2 → 2.24.3
log4j-core, 2.24.2 → 2.24.3
log4j-jul, 2.24.2 → 2.24.3
Rsyntaxtextarea, 3.5.3 → 3.6.0

Enhancements

Issue 8843 : Support CakePHP CSRF Token name
Issue 8868 : Adjust Footer Status Icons Label
Issue 8872 : Tag verification requests
Issue 8879 : Look and feel: Use native decorations on Windows
Issue 8885 : Allow API access to dynamically added Authn & Session Mgmt Method Types
Issue 8886 : Provide DB details and notify close
Issue 8892 : Add TOTP to credentials

Bug fixes

Issue 8760 : Links are unreadable in the Flat Darcula theme
Issue 8819 : Fix error when no Java version is found in zap.sh
Issue 8862 : Fix alert editing through the GUI

	Introduction	the introduction to ZAP
	Releases	the full set of releases
	Credits	the people and groups who have made this release possible