Merge pull request #2815 from zapbot/update-data

Update data

site/content/docs/desktop/addons/active-scan-rules-beta/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: ascanrulesBeta
- version: 55.0.0
+ version: 56.0.0
 ---
 
 # Active Scan Rules - Beta
@@ -52,6 +52,8 @@ Alerts on requests which do not appear to contain Anti-CSRF tokens.
 At HIGH alert threshold only scans messages which are in scope. 
 Post 2.5.0 you can specify a comma separated list of identifiers in the `rules.csrf.ignorelist` parameter via the Options 'Rule configuration' panel. Any FORMs with a name or ID that matches one of these identifiers will be ignored when scanning for missing Anti-CSRF tokens. Only use this feature to ignore FORMs that you know are safe, for example search forms.
 
+Note: GET requests are only evaluated at Low Threshold.
+
 Latest code: [CsrfTokenScanRule.java](https://github.com/zaproxy/zap-extensions/blob/main/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/CsrfTokenScanRule.java)
 
 Alert ID: [20012](/docs/alerts/20012/).

site/content/docs/desktop/addons/active-scan-rules/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: ascanrules
- version: 67.0.0
+ version: 68.0.0
 ---
 
 # Active Scan Rules

site/content/docs/desktop/addons/common-library/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: commonlib
- version: 1.27.0
+ version: 1.28.0
 ---
 
 # Common Library

site/content/docs/desktop/addons/getting-started-guide/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: gettingStarted
- version: 17.0.0
+ version: 18.0.0
 ---
 
 # Getting Started Guide

site/content/docs/desktop/addons/graalvm-javascript/_index.md

@@ -6,9 +6,13 @@ weight: 1
 cascade:
  addon:
  id: graaljs
- version: 0.7.0
+ version: 0.8.0
 ---
 
 # GraalVM JavaScript
 
 Allows to use [GraalVM](https://www.graalvm.org/) JavaScript engine for ZAP scripting.
+
+## Engine Name
+
+The engine is named `Graal.js`, which should be used when manually/programmatically configuring ZAP.

site/content/docs/desktop/addons/graphql-support/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: graphql
- version: 0.24.0
+ version: 0.25.0
 ---
 
 # GraphQL Support

site/content/docs/desktop/addons/import-export/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: exim
- version: 0.10.0
+ version: 0.11.0
 ---
 
 # Copy URLs

site/content/docs/desktop/addons/network/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: network
- version: 0.17.0
+ version: 0.18.0
 ---
 
 # Network Add-on

site/content/docs/desktop/addons/passive-scan-rules/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: pscanrules
- version: 60.0.0
+ version: 61.0.0
 ---
 
 # Passive Scan Rules
@@ -207,7 +207,12 @@ This rule identifies "potential" vulnerabilities with the lack of known CSRF cou
 The rule does not scan messages that are not HTML pages. 
 At HIGH alert threshold only scans messages which are in scope. 
 Post 2.5.0 you can specify a comma separated list of identifiers in the `rules.csrf.ignorelist` parameter via the Options 'Rule configuration' panel. Any FORMs with a name or ID that matches one of these identifiers will be ignored when scanning for missing Anti-CSRF tokens. Only use this feature to ignore FORMs that you know are safe, for example search forms. Form element names are sorted and de-duplicated when they are printed in the ZAP Report. 
-Note: The rule also takes into account the Partial match setting within the Anti-CSRF Options.
+Note:
+
+* The rule also takes into account the Partial match setting within the Anti-CSRF Options.
+* GET requests are only evaluated at Low Threshold.
+
+\]
 
 Latest code: [CsrfCountermeasuresScanRule.java](https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRule.java)
 
@@ -224,8 +229,12 @@ Alert ID: [10033](/docs/alerts/10033/).
 ## Hash Disclosure {#id-10097}
 
 Passively scans for password hashes disclosed by the web server. 
-Various formats are including, including some formats such as MD4, MD5, and SHA\*, which are sometimes used for purposes other than to contain password hashes. 
-**Note:** This scan rule will only analyze text responses, and only analyze JavaScript responses on LOW Threshold.
+Various formats are included, including some formats such as MD4, MD5, and SHA\*, which are sometimes used for purposes other than to contain password hashes. 
+**Note:**
+
+* This scan rule will only analyze text responses, and only analyze JavaScript responses on LOW Threshold.
+* 
+* The selection of Hash patterns which are evaluated is tied to the Confidence we have in the pattern and the Threshold set for the scan rule. In other words: Low confidence patterns will only be included for evaluation at Low Threshold, etc.
 
 Latest code: [HashDisclosureScanRule.java](https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/HashDisclosureScanRule.java)
 

site/content/docs/desktop/addons/quick-start/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: quickstart
- version: 49.0.0
+ version: 50.0.0
 ---
 
 # Quick Start

site/content/docs/desktop/addons/retire.js/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: retire
- version: 0.39.0
+ version: 0.40.0
 ---
 
 # Retire.js {#id-10003}

site/content/docs/desktop/addons/selenium/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: selenium
- version: 15.29.0
+ version: 15.30.0
 ---
 
 # Selenium

site/content/docs/desktop/addons/technology-detection/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: wappalyzer
- version: 21.41.0
+ version: 21.42.0
 ---
 
 # Technology Detection

site/content/docs/desktop/addons/zest/_index.md

@@ -6,7 +6,7 @@ weight: 1
 cascade:
  addon:
  id: zest
- version: 46.0.0
+ version: 47.0.0
 ---
 
 # Zest

site/content/docs/sbom/ascanrules.md

@@ -6,10 +6,10 @@ weight: 1
 cascade:
  addon:
  id: ascanrules
- version: '67'
+ version: '68'
 sbom:
  format: CycloneDX
- downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v67/bom.json
+ downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v68/bom.json
  components:
  - name: aopalliance
  version: '1.0'
@@ -102,7 +102,7 @@ sbom:
  version: 1.12.0
  licenses: Apache-2.0
  - name: database
- version: 0.5.0
+ version: 0.7.0
  licenses: ''
  - name: dataflow-errorprone
  version: 3.41.0-eisop1

site/content/docs/sbom/ascanrulesBeta.md

@@ -6,10 +6,10 @@ weight: 1
 cascade:
  addon:
  id: ascanrulesBeta
- version: '55'
+ version: '56'
 sbom:
  format: CycloneDX
- downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v55/bom.json
+ downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v56/bom.json
  components:
  - name: aopalliance
  version: '1.0'

site/content/docs/sbom/commonlib.md

@@ -6,10 +6,10 @@ weight: 1
 cascade:
  addon:
  id: commonlib
- version: 1.27.0
+ version: 1.28.0
 sbom:
  format: CycloneDX
- downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.27.0/bom.json
+ downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.28.0/bom.json
  components:
  - name: aopalliance
  version: '1.0'
@@ -306,7 +306,7 @@ sbom:
  version: 4.1.100.Final
  licenses: Apache-2.0
  - name: network
- version: 0.17.0
+ version: 0.18.0
  licenses: ''
  - name: objenesis
  version: '3.3'

site/content/docs/sbom/exim.md

@@ -6,10 +6,10 @@ weight: 1
 cascade:
  addon:
  id: exim
- version: 0.10.0
+ version: 0.11.0
 sbom:
  format: CycloneDX
- downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.10.0/bom.json
+ downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.11.0/bom.json
  components:
  - name: aopalliance
  version: '1.0'
@@ -152,6 +152,9 @@ sbom:
  - name: harlib
  version: 1.1.3
  licenses: Apache-2.0
+ - name: hektor-fsm
+ version: 0.0.5
+ licenses: MIT
  - name: hsqldb
  version: 2.7.2
  licenses: HSQLDB License, a BSD open source license
@@ -167,24 +170,15 @@ sbom:
  - name: ice4j
  version: 3.0-24-g34c2ce5
  licenses: Apache-2.0
- - name: jackson-annotations
- version: 2.16.0
- licenses: Apache-2.0
  - name: jackson-annotations
  version: 2.17.0
  licenses: Apache-2.0
- - name: jackson-core
- version: 2.16.0
- licenses: Apache-2.0
  - name: jackson-core
  version: 2.17.0
  licenses: Apache-2.0
  - name: jackson-core-asl
  version: 1.9.13
  licenses: Apache-2.0
- - name: jackson-databind
- version: 2.16.0
- licenses: Apache-2.0
  - name: jackson-databind
  version: 2.17.0
  licenses: Apache-2.0
@@ -321,7 +315,7 @@ sbom:
  version: 4.1.100.Final
  licenses: Apache-2.0
  - name: network
- version: 0.17.0
+ version: 0.18.0
  licenses: ''
  - name: objenesis
  version: '3.3'
@@ -353,12 +347,18 @@ sbom:
  - name: service
  version: 1.16.0
  licenses: Apache-2.0
+ - name: slf4j-api
+ version: 1.7.25
+ licenses: MIT
  - name: slf4j-api
  version: 1.7.36
  licenses: MIT
  - name: snakeyaml
  version: '2.2'
  licenses: Apache-2.0
+ - name: snice-commons
+ version: 0.1.10
+ licenses: MIT
  - name: software-and-algorithms
  version: '1.0'
  licenses: MIT