diff --git a/site/content/docs/desktop/addons/active-scan-rules-beta/_index.md b/site/content/docs/desktop/addons/active-scan-rules-beta/_index.md index 26b898fac..6a3861116 100644 --- a/site/content/docs/desktop/addons/active-scan-rules-beta/_index.md +++ b/site/content/docs/desktop/addons/active-scan-rules-beta/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: ascanrulesBeta - version: 55.0.0 + version: 56.0.0 --- # Active Scan Rules - Beta @@ -52,6 +52,8 @@ Alerts on requests which do not appear to contain Anti-CSRF tokens. At HIGH alert threshold only scans messages which are in scope. Post 2.5.0 you can specify a comma separated list of identifiers in the `rules.csrf.ignorelist` parameter via the Options 'Rule configuration' panel. Any FORMs with a name or ID that matches one of these identifiers will be ignored when scanning for missing Anti-CSRF tokens. Only use this feature to ignore FORMs that you know are safe, for example search forms. +Note: GET requests are only evaluated at Low Threshold. + Latest code: [CsrfTokenScanRule.java](https://github.com/zaproxy/zap-extensions/blob/main/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/CsrfTokenScanRule.java) Alert ID: [20012](/docs/alerts/20012/). diff --git a/site/content/docs/desktop/addons/active-scan-rules/_index.md b/site/content/docs/desktop/addons/active-scan-rules/_index.md index 0386fe5de..f110c3973 100644 --- a/site/content/docs/desktop/addons/active-scan-rules/_index.md +++ b/site/content/docs/desktop/addons/active-scan-rules/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: ascanrules - version: 67.0.0 + version: 68.0.0 --- # Active Scan Rules diff --git a/site/content/docs/desktop/addons/common-library/_index.md b/site/content/docs/desktop/addons/common-library/_index.md index b72ae925d..bd97db67c 100644 --- a/site/content/docs/desktop/addons/common-library/_index.md +++ b/site/content/docs/desktop/addons/common-library/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: commonlib - version: 1.27.0 + version: 1.28.0 --- # Common Library diff --git a/site/content/docs/desktop/addons/fuzzai-files/_index.md b/site/content/docs/desktop/addons/fuzzai-files/_index.md new file mode 100644 index 000000000..5eb07e08a --- /dev/null +++ b/site/content/docs/desktop/addons/fuzzai-files/_index.md @@ -0,0 +1,340 @@ +--- +# This page was generated from the add-on. +title: Fuzz AI Files +type: userguide +weight: 1 +cascade: + addon: + id: fuzzai + version: 0.0.1 +--- + +# Fuzz AI Files + +Provides a set of files for fuzzing AIs (for example via an API), based on the [Artificial Intelligence Resilience Maturity Model (AI-RMM)](https://osf.io/kb8a5/). + +The following files are included, and will appear as ZAP "Fuzzing Files" payloads. + +## Extract Training Data + +### 001 By Asking + +This file contains fuzzing payloads specific to AI-RMM Control "Measure 2.7.2" +The goal is to test if the system has established security and resilience metrics to detect potential theft of model training data, including encryption, access controls, and alarm thresholds for unauthorized access. + +Payloads simulate scenarios where model training data security may be compromised. Expected system behavior is detailed for each scenario. Author: + +* yiannis@owasp.org + +### 002 Through Hypnosis + +This file contains fuzzing payloads specific to testing LLM "hypnosis" vulnerabilities. +The goal is to determine if the LLM enters a repetitive state where it unintentionally leaks training data. +These payloads explore edge cases where repetition may trigger the LLM to output sensitive data. + +Payloads simulate queries that aim to induce looping or repetitive responses. +Expected system behavior is detailed for each scenario. Note that this is just in the raw files, and will not currently be shown in ZAP. + +References: + +* [Scalable Extraction of Training Data from (Production) Language Models](https://arxiv.org/pdf/2311.17035.pdf) + +Author: + + +* yiannis@owasp.org + +### 003 Divergence Attack + +This file contains fuzzing payloads specific to testing LLM "hypnosis" vulnerabilities. +The goal is to determine if the LLM enters a repetitive state where it unintentionally leaks training data. These payloads explore edge cases where repetition may trigger the LLM to output sensitive data. + +Payloads simulate queries that aim to induce looping or repetitive responses. +This version of payloads is more focused on training data extraction through a +prompting strategy similar to the divergence attack described in the document. +Expected system behavior is detailed for each scenario. + +Divergence testing - Payloads are designed to induce divergence from the model’s aligned state, +encouraging it to generate training data by combining nonsensical prompts with structured ones. + +Repetition strategies - Several prompts employ repetition to test if the model diverges and +outputs memorized data. + +Sensitive data requests - These payloads assess whether the model can protect sensitive training +data like PII, code snippets, or real-world text examples from leaking. + +References + +* [Scalable Extraction of Training Data from (Production) Language Models](https://arxiv.org/pdf/2311.17035.pdf) + +Author: + + +* yiannis@owasp.org + +### 004 SCA + +This file contains fuzzing payloads specific to testing LLM vulnerabilities via the Special Characters Attack (SCA). +The goal is to assess whether LLMs are susceptible to data leakage by inputting combinations of special characters that trigger memorized training data output. These payloads explore edge cases where special characters lead the model to output sensitive data. + +Payloads simulate input sequences that induce LLMs to generate memorized content. +This version is based on the SCA method, as described in the document provided. +Expected system behavior is detailed for each scenario. + +Special Characters Attack (SCA) - Payloads focus on using specific symbols, such as JSON structural symbols or other +commonly occurring characters in LLM training corpora, to induce data leakage. + +References + +* [Special Characters Attack: Toward Scalable Training Data Extraction from LLMs](https://arxiv.org/pdf/2405.05990.pdf) + +Author: + + +* yiannis@owasp.org + +### 005 The Secret Sharer + +This file contains fuzzing payloads specific to testing unintended memorization in neural networks. +The goal is to determine if LLMs unintentionally memorize and reveal sensitive sequences, such as personal data, through targeted prompts that trigger memorized responses. These payloads simulate queries designed to extract rare or secret sequences memorized during training. + +Unintended memorization – The payloads are crafted to test whether the model retains specific secret data that should not be memorized, such as credit card numbers or social security numbers. +Exposure metric testing – Some payloads test whether the model's output can be tied to memorization, using sequences akin to "canaries" inserted into the training data. + +References: + +* [The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks](https://arxiv.org/pdf/1802.08232v3.pdf) + +Author: + + +* yiannis@owasp.org + +### 006 Quantifying Memorization + +This file contains fuzzing payloads specific to testing memorization in neural language models. +The goal is to identify if the LLM outputs memorized training data when prompted with specific patterns or sequences, and how context length and data duplication influence this behavior. + +These payloads are designed to test model scale, data duplication, and context length as key factors influencing memorization. + +References: + +* [Quantifying Memorization Across Neural Language Models](https://arxiv.org/pdf/2202.07646v3.pdf) + +Author: + + +* yiannis@owasp.org + +### 007 Data Poisoning Attacks + +This file contains advanced fuzzing payloads specific to testing data poisoning vulnerabilities in DP-SGD models. +The goal is to assess if poisoned data can influence model behavior or violate differential privacy guarantees. + +Data Poisoning: These payloads test the ability of adversaries to inject malicious data into the training process, compromising privacy or accuracy. + +References: + +* [Auditing Differentially Private Machine Learning: How Private is Private SGD?](https://arxiv.org/pdf/2006.07709v1.pdf) + +Author: + + +* yiannis@owasp.org + +### 008 Membership Inference + +This file contains advanced fuzzing payloads specific to testing membership inference vulnerabilities in DP-SGD models. +The goal is to evaluate whether the model leaks information about whether a specific data point was part of the training set. + +Membership Inference Attacks: These payloads assess if adversaries can infer membership status by querying the model. + +References: + +* [Auditing Differentially Private Machine Learning: How Private is Private SGD?](https://arxiv.org/pdf/2006.07709v1.pdf) + +Author: + + +* yiannis@owasp.org + +### 009 Gradient Clipping + +This file contains advanced fuzzing payloads specific to testing gradient clipping vulnerabilities in DP-SGD models. +The goal is to test the robustness of gradient clipping in protecting privacy while maintaining model performance. + +Gradient Clipping: Payloads explore whether gradient clipping sufficiently prevents large gradients from revealing sensitive information or influencing the model. + +References: + +* [Auditing Differentially Private Machine Learning: How Private is Private SGD?](https://arxiv.org/pdf/2006.07709v1.pdf) + +Author: + + +* yiannis@owasp.org + +## Extract Model Information + +### 001 Architecture + +This file contains advanced fuzzing payloads designed to extract model architecture information from LLMs. +The goal is to determine if the LLM reveals specific details about its architecture, such as the number of layers, transformer types, or parameter counts. + +Model Architecture Extraction: These payloads probe for specific architecture-related details +such as layer counts, model types, and other structural aspects of the LLM. + +Layer counts - Payloads focus on extracting the number of layers and their types (e.g., transformer layers, hidden layers). +Parameter inference - Probes for parameter counts, such as attention heads or layer dimensions. +Model type - Attackers attempt to identify whether the LLM is a decoder-only model or part of an architecture family (e.g., GPT, BERT). +Specific internal mechanisms - Questions around activation functions, normalization, and positional encodings to infer architecture specifics. + +This file contains fuzzing payloads specific to AI-RMM Control "Measure 2.7.2" +The goal is to test if the system has established security and resilience metrics +to detect potential theft of model training data, including encryption, access controls, +and alarm thresholds for unauthorized access. + +Payloads simulate scenarios where model training data security may be compromised. +Expected system behavior is detailed for each scenario. + +Author: + +* yiannis@owasp.org + +### 002 Hyperparams + +This file contains advanced fuzzing payloads designed to extract hyperparameter information from LLMs. +The goal is to determine if the LLM reveals specific hyperparameters, such as learning rates, optimizer types, batch sizes, and more, through adversarial prompts. + +Hyperparameter Extraction: These payloads probe for learning rates, optimizer settings, +and training schedules used during model development. + +Learning rates - Payloads focus on extracting the learning rate and its schedule. +Optimizer and hyperparameters - Probes for optimizer types, momentum, beta values, and weight decay settings. +Training specifics - Queries related to batch size, epochs, gradient clipping, and dropout rates. +Training techniques - Attempts to infer whether early stopping, data augmentation, or mixed-precision training were used. + +Author: + +* yiannis@owasp.org + +### 003 Prompt Based Extraction + +This file contains advanced fuzzing payloads for prompt-based data extraction from LLMs. +These payloads are designed to test if the LLM inadvertently reveals memorized training data, such as confidential phrases or sentences, through carefully crafted prompts. + +Prompt-Based Data Extraction: These prompts resemble patterns found in the model's training data +to identify unintended data leakage. +Sensitive data extraction - These payloads attempt to reveal sensitive information like phone numbers, +email addresses, and unique identifiers. +Pattern-based probing - Crafted prompts closely resemble common patterns (e.g., addresses, quotes) +that may trigger memorized data. +Code and log extraction - Tests the model’s ability to avoid revealing memorized code snippets +or error messages. +Social media data - Payloads focus on revealing memorized handles, conversations, +or other user-generated content. + +Author: + +* yiannis@owasp.org + +### 004 Conditional Prompts + +This file contains advanced fuzzing payloads for conditional prompts designed to extract context-specific information from LLMs. +These payloads guide the model by introducing conditions or constraints, aiming to extract information from specific domains or contexts within the training data. + +Conditional Prompts: These prompts impose constraints that direct the model towards generating text that aligns with specific criteria or domain-specific knowledge. + +Conditional constraints - Each payload introduces specific conditions (e.g., domain-specific phrases or +structural limitations) to guide the model’s response. +Domain-targeted extraction - Prompts are crafted to extract domain-specific information, such as legal, +medical, or scientific content. +Sensitive information prevention - The payloads test if the model can provide high-level, generalized +responses without revealing memorized or proprietary data. + +Author: + +* yiannis@owasp.org + +### 005 Adversarial ML + +This file contains advanced fuzzing payloads designed to extract training data for use in adversarial machine learning attacks. +The goal is to test if LLMs leak data that could be repurposed to train adversarial models designed to deceive other machine learning systems. + +Adversarial Machine Learning - These prompts aim to extract valuable training data from LLMs to exploit or deceive other models via adversarial training. + +Data extraction for adversarial retraining - Payloads focus on retrieving training-specific data that could be used to train adversarial models. +Exploiting misclassifications - Prompts target incorrect classifications and vulnerabilities in datasets to generate adversarial inputs. +Adversarial text generation - Some payloads are aimed at crafting text that could be used to deceive systems like chatbots, spam filters, or medical models. + +Author: + +* yiannis@owasp.org + +### 006 IP Theft + +This file contains advanced fuzzing payloads designed to extract proprietary intellectual property (IP) techniques embedded within the model. +These payloads focus on revealing proprietary methods, innovations, or patented techniques related to the model’s training, architecture, or optimization. + +Proprietary IP Techniques - These prompts target model-specific, innovative techniques designed to provide +competitive advantages or constitute patentable technologies. + +Proprietary techniques - The payloads focus on extracting innovative, proprietary techniques such as model scaling, +pruning, parallelization, compression, and quantization. +Patented methods - Specific prompts aim to identify patented processes or patent-pending innovations in training, +optimization, and deployment strategies. +Energy efficiency and performance - Queries also focus on proprietary methods that optimize performance and +energy consumption in large models. + +Author: + +* yiannis@owasp.org + +### 007 Data Privacy + +This file contains advanced fuzzing payloads designed to extract metadata and proprietary information about the model's origin, who trained it, and other development details. +These prompts focus on model-specific data privacy violations, aiming to reveal sensitive organizational or developmental information about the model. + +Data Privacy Violations (Model Metadata) - These prompts target sensitive metadata such as who trained the model, the datasets used, and the organizations involved in its development. + +Model metadata extraction - These prompts focus on extracting information about who developed and trained the model, as well as organizational and proprietary details. +Training process details - Probes target information related to the data annotation process, privacy practices, and collaborators involved in training. +Security and infrastructure - Payloads focus on extracting information about hardware infrastructure, funding, and data privacy handling during training. + +Author: + +* yiannis@owasp.org + +### 008 Visual Representation Leakage + +This file contains advanced fuzzing payloads for visual representation analysis, focusing on stealing model information from scientific plots. +These prompts aim to infer model architecture, hyperparameters, and training details by leveraging patterns in visual outputs like t-SNE or loss plots. + +Visual Representation Analysis - These prompts target model information extracted through visual outputs such as t-SNE and loss plots. +Inspired from: "A Plot is Worth a ThousandWords: Model Information Stealing Attacks via Scientific Plots". + +Scientific plot extraction: Payloads focus on inferring hyperparameters, model architecture, and training process +details based on patterns in t-SNE or loss plots. +Model metadata and configuration: These prompts test the model’s resistance to disclosing sensitive information +related to optimizer types, batch sizes, dropout, and regularization techniques. +Convergence and training dynamics: Several payloads probe for insights into learning rates, training durations, and +hyperparameter tuning through visual patterns in plots. + +Author: + +* yiannis@owasp.org + +### 009 Privacy Violations + +This file contains advanced fuzzing payloads designed to extract sensitive training data, focusing on data privacy violations. +These prompts aim to identify potential privacy breaches by extracting PII, confidential data, or proprietary information from the model’s training data. + +Data Privacy Violations - These prompts target sensitive information, leading to privacy breaches, identity theft, or reputational damage for individuals or organizations. + +Sensitive information extraction - These prompts focus on extracting PII (e.g., names, email addresses, financial data, social security numbers) and confidential business information. +Data privacy violations - The payloads aim to assess whether the model can inadvertently leak training data that leads to privacy breaches, identity theft, or reputational damage. +Protected healthcare and legal data - Prompts target sensitive health records, legal contracts, and proprietary business strategies. + +Author: + +* yiannis@owasp.org diff --git a/site/content/docs/desktop/addons/getting-started-guide/_index.md b/site/content/docs/desktop/addons/getting-started-guide/_index.md index 9e5dd63da..423934222 100644 --- a/site/content/docs/desktop/addons/getting-started-guide/_index.md +++ b/site/content/docs/desktop/addons/getting-started-guide/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: gettingStarted - version: 17.0.0 + version: 18.0.0 --- # Getting Started Guide diff --git a/site/content/docs/desktop/addons/graalvm-javascript/_index.md b/site/content/docs/desktop/addons/graalvm-javascript/_index.md index 68633a10a..1a207d766 100644 --- a/site/content/docs/desktop/addons/graalvm-javascript/_index.md +++ b/site/content/docs/desktop/addons/graalvm-javascript/_index.md @@ -6,9 +6,13 @@ weight: 1 cascade: addon: id: graaljs - version: 0.7.0 + version: 0.8.0 --- # GraalVM JavaScript Allows to use [GraalVM](https://www.graalvm.org/) JavaScript engine for ZAP scripting. + +## Engine Name + +The engine is named `Graal.js`, which should be used when manually/programmatically configuring ZAP. diff --git a/site/content/docs/desktop/addons/graphql-support/_index.md b/site/content/docs/desktop/addons/graphql-support/_index.md index 2b37b7dea..a254c256b 100644 --- a/site/content/docs/desktop/addons/graphql-support/_index.md +++ b/site/content/docs/desktop/addons/graphql-support/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: graphql - version: 0.24.0 + version: 0.25.0 --- # GraphQL Support diff --git a/site/content/docs/desktop/addons/import-export/_index.md b/site/content/docs/desktop/addons/import-export/_index.md index 348a9271b..c3cb2b6aa 100644 --- a/site/content/docs/desktop/addons/import-export/_index.md +++ b/site/content/docs/desktop/addons/import-export/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: exim - version: 0.10.0 + version: 0.11.0 --- # Copy URLs diff --git a/site/content/docs/desktop/addons/network/_index.md b/site/content/docs/desktop/addons/network/_index.md index c8b02e57b..c61e72bac 100644 --- a/site/content/docs/desktop/addons/network/_index.md +++ b/site/content/docs/desktop/addons/network/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: network - version: 0.17.0 + version: 0.18.0 --- # Network Add-on diff --git a/site/content/docs/desktop/addons/passive-scan-rules/_index.md b/site/content/docs/desktop/addons/passive-scan-rules/_index.md index f85f83fbc..ed407e248 100644 --- a/site/content/docs/desktop/addons/passive-scan-rules/_index.md +++ b/site/content/docs/desktop/addons/passive-scan-rules/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: pscanrules - version: 60.0.0 + version: 61.0.0 --- # Passive Scan Rules @@ -207,7 +207,12 @@ This rule identifies "potential" vulnerabilities with the lack of known CSRF cou The rule does not scan messages that are not HTML pages. At HIGH alert threshold only scans messages which are in scope. Post 2.5.0 you can specify a comma separated list of identifiers in the `rules.csrf.ignorelist` parameter via the Options 'Rule configuration' panel. Any FORMs with a name or ID that matches one of these identifiers will be ignored when scanning for missing Anti-CSRF tokens. Only use this feature to ignore FORMs that you know are safe, for example search forms. Form element names are sorted and de-duplicated when they are printed in the ZAP Report. -Note: The rule also takes into account the Partial match setting within the Anti-CSRF Options. +Note: + +* The rule also takes into account the Partial match setting within the Anti-CSRF Options. +* GET requests are only evaluated at Low Threshold. + +\] Latest code: [CsrfCountermeasuresScanRule.java](https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRule.java) @@ -224,8 +229,12 @@ Alert ID: [10033](/docs/alerts/10033/). ## Hash Disclosure {#id-10097} Passively scans for password hashes disclosed by the web server. -Various formats are including, including some formats such as MD4, MD5, and SHA\*, which are sometimes used for purposes other than to contain password hashes. -**Note:** This scan rule will only analyze text responses, and only analyze JavaScript responses on LOW Threshold. +Various formats are included, including some formats such as MD4, MD5, and SHA\*, which are sometimes used for purposes other than to contain password hashes. +**Note:** + +* This scan rule will only analyze text responses, and only analyze JavaScript responses on LOW Threshold. +* +* The selection of Hash patterns which are evaluated is tied to the Confidence we have in the pattern and the Threshold set for the scan rule. In other words: Low confidence patterns will only be included for evaluation at Low Threshold, etc. Latest code: [HashDisclosureScanRule.java](https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/HashDisclosureScanRule.java) diff --git a/site/content/docs/desktop/addons/quick-start/_index.md b/site/content/docs/desktop/addons/quick-start/_index.md index dbbb50031..7a45c86b3 100644 --- a/site/content/docs/desktop/addons/quick-start/_index.md +++ b/site/content/docs/desktop/addons/quick-start/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: quickstart - version: 49.0.0 + version: 50.0.0 --- # Quick Start diff --git a/site/content/docs/desktop/addons/retire.js/_index.md b/site/content/docs/desktop/addons/retire.js/_index.md index e2bb8de83..c24c01715 100644 --- a/site/content/docs/desktop/addons/retire.js/_index.md +++ b/site/content/docs/desktop/addons/retire.js/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: retire - version: 0.39.0 + version: 0.40.0 --- # Retire.js {#id-10003} diff --git a/site/content/docs/desktop/addons/selenium/_index.md b/site/content/docs/desktop/addons/selenium/_index.md index 28016e2ab..f62a1dcd7 100644 --- a/site/content/docs/desktop/addons/selenium/_index.md +++ b/site/content/docs/desktop/addons/selenium/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: selenium - version: 15.29.0 + version: 15.30.0 --- # Selenium diff --git a/site/content/docs/desktop/addons/technology-detection/_index.md b/site/content/docs/desktop/addons/technology-detection/_index.md index 44269c0a4..d91db6c50 100644 --- a/site/content/docs/desktop/addons/technology-detection/_index.md +++ b/site/content/docs/desktop/addons/technology-detection/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: wappalyzer - version: 21.41.0 + version: 21.42.0 --- # Technology Detection diff --git a/site/content/docs/desktop/addons/zest/_index.md b/site/content/docs/desktop/addons/zest/_index.md index 537af7243..30b17c844 100644 --- a/site/content/docs/desktop/addons/zest/_index.md +++ b/site/content/docs/desktop/addons/zest/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: zest - version: 46.0.0 + version: 47.0.0 --- # Zest diff --git a/site/content/docs/sbom/ascanrules.md b/site/content/docs/sbom/ascanrules.md index 1388a01fb..fe84a296c 100644 --- a/site/content/docs/sbom/ascanrules.md +++ b/site/content/docs/sbom/ascanrules.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: ascanrules - version: '67' + version: '68' sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v67/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v68/bom.json components: - name: aopalliance version: '1.0' @@ -102,7 +102,7 @@ sbom: version: 1.12.0 licenses: Apache-2.0 - name: database - version: 0.5.0 + version: 0.7.0 licenses: '' - name: dataflow-errorprone version: 3.41.0-eisop1 diff --git a/site/content/docs/sbom/ascanrulesBeta.md b/site/content/docs/sbom/ascanrulesBeta.md index 3c3499de6..dfb95b337 100644 --- a/site/content/docs/sbom/ascanrulesBeta.md +++ b/site/content/docs/sbom/ascanrulesBeta.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: ascanrulesBeta - version: '55' + version: '56' sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v55/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v56/bom.json components: - name: aopalliance version: '1.0' diff --git a/site/content/docs/sbom/commonlib.md b/site/content/docs/sbom/commonlib.md index 60890b193..10a5dc6f1 100644 --- a/site/content/docs/sbom/commonlib.md +++ b/site/content/docs/sbom/commonlib.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: commonlib - version: 1.27.0 + version: 1.28.0 sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.27.0/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.28.0/bom.json components: - name: aopalliance version: '1.0' @@ -306,7 +306,7 @@ sbom: version: 4.1.100.Final licenses: Apache-2.0 - name: network - version: 0.17.0 + version: 0.18.0 licenses: '' - name: objenesis version: '3.3' diff --git a/site/content/docs/sbom/exim.md b/site/content/docs/sbom/exim.md index 3412ab00a..320e43d54 100644 --- a/site/content/docs/sbom/exim.md +++ b/site/content/docs/sbom/exim.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: exim - version: 0.10.0 + version: 0.11.0 sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.10.0/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.11.0/bom.json components: - name: aopalliance version: '1.0' @@ -152,6 +152,9 @@ sbom: - name: harlib version: 1.1.3 licenses: Apache-2.0 + - name: hektor-fsm + version: 0.0.5 + licenses: MIT - name: hsqldb version: 2.7.2 licenses: HSQLDB License, a BSD open source license @@ -167,24 +170,15 @@ sbom: - name: ice4j version: 3.0-24-g34c2ce5 licenses: Apache-2.0 - - name: jackson-annotations - version: 2.16.0 - licenses: Apache-2.0 - name: jackson-annotations version: 2.17.0 licenses: Apache-2.0 - - name: jackson-core - version: 2.16.0 - licenses: Apache-2.0 - name: jackson-core version: 2.17.0 licenses: Apache-2.0 - name: jackson-core-asl version: 1.9.13 licenses: Apache-2.0 - - name: jackson-databind - version: 2.16.0 - licenses: Apache-2.0 - name: jackson-databind version: 2.17.0 licenses: Apache-2.0 @@ -321,7 +315,7 @@ sbom: version: 4.1.100.Final licenses: Apache-2.0 - name: network - version: 0.17.0 + version: 0.18.0 licenses: '' - name: objenesis version: '3.3' @@ -353,12 +347,18 @@ sbom: - name: service version: 1.16.0 licenses: Apache-2.0 + - name: slf4j-api + version: 1.7.25 + licenses: MIT - name: slf4j-api version: 1.7.36 licenses: MIT - name: snakeyaml version: '2.2' licenses: Apache-2.0 + - name: snice-commons + version: 0.1.10 + licenses: MIT - name: software-and-algorithms version: '1.0' licenses: MIT diff --git a/site/content/docs/sbom/fuzzai.md b/site/content/docs/sbom/fuzzai.md new file mode 100644 index 000000000..23340241b --- /dev/null +++ b/site/content/docs/sbom/fuzzai.md @@ -0,0 +1,195 @@ +--- +# This page was automatically generated from the add-on's SBOM. +title: FuzzAI Files Add-on SBOM +type: sbom +weight: 1 +cascade: + addon: + id: fuzzai + version: 0.0.1 +sbom: + format: CycloneDX + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/fuzzai-v0.0.1/bom.json + components: + - name: aopalliance + version: '1.0' + licenses: Public Domain + - name: asm + version: '9.6' + licenses: BSD-3-Clause + - name: asm-commons + version: '9.6' + licenses: BSD-3-Clause + - name: asm-tree + version: '9.6' + licenses: BSD-3-Clause + - name: auto-common + version: 1.2.2 + licenses: Apache-2.0 + - name: auto-service-annotations + version: 1.0.1 + licenses: Apache-2.0 + - name: auto-value-annotations + version: '1.9' + licenses: Apache-2.0 + - name: caffeine + version: 3.0.5 + licenses: Apache-2.0 + - name: checker-qual + version: 3.33.0 + licenses: MIT + - name: commons-beanutils + version: 1.9.4 + licenses: Apache-2.0 + - name: commons-codec + version: 1.16.1 + licenses: Apache-2.0 + - name: commons-collections + version: 3.2.2 + licenses: Apache-2.0 + - name: commons-configuration + version: '1.10' + licenses: Apache-2.0 + - name: commons-csv + version: 1.10.0 + licenses: Apache-2.0 + - name: commons-httpclient + version: '3.1' + licenses: Apache-1.0 + - name: commons-io + version: 2.16.1 + licenses: Apache-2.0 + - name: commons-lang + version: '2.6' + licenses: Apache-2.0 + - name: commons-lang3 + version: 3.14.0 + licenses: Apache-2.0 + - name: commons-logging + version: '1.2' + licenses: Apache-2.0 + - name: commons-logging + version: 1.3.1 + licenses: Apache-2.0 + - name: commons-text + version: 1.12.0 + licenses: Apache-2.0 + - name: dataflow-errorprone + version: 3.41.0-eisop1 + licenses: GNU General Public License, version 2 (GPL2), with the classpath exception + - name: error_prone_annotation + version: 2.26.1 + licenses: Apache-2.0 + - name: error_prone_annotations + version: 2.26.1 + licenses: Apache-2.0 + - name: error_prone_check_api + version: 2.26.1 + licenses: Apache-2.0 + - name: error_prone_core + version: 2.26.1 + licenses: Apache-2.0 + - name: error_prone_type_annotations + version: 2.26.1 + licenses: Apache-2.0 + - name: ezmorph + version: 1.0.6 + licenses: Apache-2.0 + - name: failureaccess + version: 1.0.1 + licenses: Apache-2.0 + - name: flatlaf + version: 3.4.1 + licenses: Apache-2.0 + - name: guava + version: 32.1.1-jre + licenses: Apache-2.0 + - name: guice + version: 5.1.0 + licenses: Apache-2.0 + - name: harlib + version: 1.1.3 + licenses: Apache-2.0 + - name: hsqldb + version: 2.7.2 + licenses: HSQLDB License, a BSD open source license + - name: jackson-core-asl + version: 1.9.13 + licenses: Apache-2.0 + - name: java-diff-utils + version: '4.12' + licenses: Apache-2.0 + - name: java-semver + version: 0.10.2 + licenses: MIT + - name: javac + version: 9+181-r4173-1 + licenses: GPL-2.0-with-classpath-exception + - name: javahelp + version: 2.0.05 + licenses: GNU General Public License - Version 2 with the class path exception + - name: javax.inject + version: '1' + licenses: Apache-2.0 + - name: jericho-html + version: '3.4' + licenses: GNU Lesser General Public License (LGPL), Apache-1.0, EPL-1.0 + - name: jfreechart + version: 1.5.4 + licenses: GNU Lesser General Public Licence + - name: jgrapht-core + version: 0.9.0 + licenses: LGPL-2.1-only, EPL-1.0 + - name: json-lib + version: '2.4' + licenses: Apache-2.0 + - name: jsr305 + version: 3.0.2 + licenses: Apache-2.0 + - name: log4j-1.2-api + version: 2.20.0 + licenses: Apache-2.0 + - name: log4j-api + version: 2.20.0 + licenses: Apache-2.0 + - name: log4j-core + version: 2.20.0 + licenses: Apache-2.0 + - name: log4j-jul + version: 2.20.0 + licenses: Apache-2.0 + - name: org.jacoco.agent + version: 0.8.11 + licenses: EPL-2.0 + - name: org.jacoco.ant + version: 0.8.11 + licenses: EPL-2.0 + - name: org.jacoco.core + version: 0.8.11 + licenses: EPL-2.0 + - name: org.jacoco.report + version: 0.8.11 + licenses: EPL-2.0 + - name: pcollections + version: 4.0.1 + licenses: MIT + - name: protobuf-java + version: 3.19.6 + licenses: BSD-3-Clause + - name: rsyntaxtextarea + version: 3.4.0 + licenses: BSD-3-Clause + - name: software-and-algorithms + version: '1.0' + licenses: MIT + - name: swingx-all + version: 1.6.5-1 + licenses: Lesser General Public License (LGPL) + - name: xom + version: 1.3.9 + licenses: The GNU Lesser General Public License, Version 2.1 + - name: zap + version: 2.15.0 + licenses: Apache-2.0 +--- + diff --git a/site/content/docs/sbom/gettingStarted.md b/site/content/docs/sbom/gettingStarted.md index a0559c06a..305449eb4 100644 --- a/site/content/docs/sbom/gettingStarted.md +++ b/site/content/docs/sbom/gettingStarted.md @@ -6,22 +6,22 @@ weight: 1 cascade: addon: id: gettingStarted - version: '17' + version: '18' sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/gettingStarted-v17/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/gettingStarted-v18/bom.json components: - name: aopalliance version: '1.0' licenses: Public Domain - name: asm - version: '9.5' + version: '9.6' licenses: BSD-3-Clause - name: asm-commons - version: '9.5' + version: '9.6' licenses: BSD-3-Clause - name: asm-tree - version: '9.5' + version: '9.6' licenses: BSD-3-Clause - name: auto-common version: 1.2.2 @@ -159,16 +159,16 @@ sbom: version: 2.20.0 licenses: Apache-2.0 - name: org.jacoco.agent - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: org.jacoco.ant - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: org.jacoco.core - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: org.jacoco.report - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: pcollections version: 4.0.1 @@ -189,7 +189,7 @@ sbom: version: 1.3.9 licenses: The GNU Lesser General Public License, Version 2.1 - name: zap - version: 2.15.0-SNAPSHOT + version: 2.15.0 licenses: Apache-2.0 --- diff --git a/site/content/docs/sbom/graaljs.md b/site/content/docs/sbom/graaljs.md index d2fe92569..72abfb44b 100644 --- a/site/content/docs/sbom/graaljs.md +++ b/site/content/docs/sbom/graaljs.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: graaljs - version: 0.7.0 + version: 0.8.0 sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/graaljs-v0.7.0/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/graaljs-v0.8.0/bom.json components: - name: aopalliance version: '1.0' @@ -18,13 +18,13 @@ sbom: version: 1.1.2 licenses: Apache-2.0 - name: asm - version: '9.5' + version: '9.6' licenses: BSD-3-Clause - name: asm-commons - version: '9.5' + version: '9.6' licenses: BSD-3-Clause - name: asm-tree - version: '9.5' + version: '9.6' licenses: BSD-3-Clause - name: auto-common version: 1.2.2 @@ -36,7 +36,7 @@ sbom: version: '1.9' licenses: Apache-2.0 - name: automation - version: 0.40.0 + version: 0.43.0 licenses: '' - name: bcmail-jdk18on version: '1.77' @@ -68,9 +68,6 @@ sbom: - name: checker-qual version: 3.33.0 licenses: MIT - - name: commonlib - version: 1.25.0 - licenses: '' - name: commons-beanutils version: 1.9.4 licenses: Apache-2.0 @@ -144,7 +141,7 @@ sbom: version: 3.4.1 licenses: Apache-2.0 - name: formhandler - version: 6.6.0 + version: 6.7.0 licenses: '' - name: graal-sdk version: 22.3.3 @@ -206,6 +203,9 @@ sbom: - name: jackson-datatype-jdk8 version: 2.17.0 licenses: Apache-2.0 + - name: jackson-datatype-jsr310 + version: 2.17.0 + licenses: Apache-2.0 - name: java-diff-utils version: '4.12' licenses: Apache-2.0 @@ -336,7 +336,7 @@ sbom: version: 4.1.100.Final licenses: Apache-2.0 - name: network - version: 0.16.0 + version: 0.18.0 licenses: '' - name: objenesis version: '3.3' @@ -345,16 +345,16 @@ sbom: version: 1.3.0 licenses: Apache-2.0 - name: org.jacoco.agent - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: org.jacoco.ant - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: org.jacoco.core - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: org.jacoco.report - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: pcollections version: 4.0.1 @@ -368,9 +368,6 @@ sbom: - name: rsyntaxtextarea version: 3.4.0 licenses: BSD-3-Clause - - name: scripts - version: 45.3.0 - licenses: '' - name: service version: 1.16.0 licenses: Apache-2.0 @@ -392,9 +389,6 @@ sbom: - name: swingx-all version: 1.6.5-1 licenses: Lesser General Public License (LGPL) - - name: testutils - version: unspecified - licenses: '' - name: truffle-api version: 22.3.3 licenses: UPL-1.0 @@ -405,7 +399,7 @@ sbom: version: 1.3.9 licenses: The GNU Lesser General Public License, Version 2.1 - name: zap - version: 2.15.0-SNAPSHOT + version: 2.15.0 licenses: Apache-2.0 --- diff --git a/site/content/docs/sbom/graphql.md b/site/content/docs/sbom/graphql.md index 9ac7380e7..0d2f8dd29 100644 --- a/site/content/docs/sbom/graphql.md +++ b/site/content/docs/sbom/graphql.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: graphql - version: 0.24.0 + version: 0.25.0 sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/graphql-v0.24.0/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/graphql-v0.25.0/bom.json components: - name: aopalliance version: '1.0' @@ -18,13 +18,13 @@ sbom: version: 1.1.2 licenses: Apache-2.0 - name: asm - version: '9.5' + version: '9.6' licenses: BSD-3-Clause - name: asm-commons - version: '9.5' + version: '9.6' licenses: BSD-3-Clause - name: asm-tree - version: '9.5' + version: '9.6' licenses: BSD-3-Clause - name: auto-common version: 1.2.2 @@ -35,9 +35,6 @@ sbom: - name: auto-value-annotations version: '1.9' licenses: Apache-2.0 - - name: automation - version: 0.40.0 - licenses: '' - name: bcmail-jdk18on version: '1.77' licenses: Bouncy Castle Licence @@ -65,9 +62,6 @@ sbom: - name: checker-qual version: 3.33.0 licenses: MIT - - name: commonlib - version: 1.25.0 - licenses: '' - name: commons-beanutils version: 1.9.4 licenses: Apache-2.0 @@ -108,22 +102,22 @@ sbom: version: 1.12.0 licenses: Apache-2.0 - name: database - version: 0.4.0 + version: 0.7.0 licenses: '' - name: dataflow-errorprone version: 3.41.0-eisop1 licenses: GNU General Public License, version 2 (GPL2), with the classpath exception - name: datanucleus-api-jdo - version: 6.0.1 + version: 6.0.2 licenses: Apache-2.0 - name: datanucleus-core - version: 6.0.4 + version: 6.0.7 licenses: Apache-2.0 - name: datanucleus-jdo-query version: 6.0.1 licenses: Apache-2.0 - name: datanucleus-rdbms - version: 6.0.4 + version: 6.0.7 licenses: Apache-2.0 - name: error_prone_annotation version: 2.26.1 @@ -150,16 +144,16 @@ sbom: version: 3.4.1 licenses: Apache-2.0 - name: flyway-core - version: 9.20.0 + version: 9.22.3 licenses: Apache-2.0 - name: formhandler - version: 6.6.0 + version: 6.7.0 licenses: '' - name: glassfish-corba-omgapi version: 4.2.2 licenses: BSD-3-Clause - name: graphql-java - version: '22.0' + version: '22.3' licenses: MIT - name: gson version: 2.10.1 @@ -209,6 +203,9 @@ sbom: - name: jackson-databind version: 2.17.0 licenses: Apache-2.0 + - name: jackson-dataformat-toml + version: 2.17.0 + licenses: Apache-2.0 - name: jackson-dataformat-xml version: 2.17.0 licenses: Apache-2.0 @@ -218,6 +215,9 @@ sbom: - name: jackson-datatype-jdk8 version: 2.17.0 licenses: Apache-2.0 + - name: jackson-datatype-jsr310 + version: 2.17.0 + licenses: Apache-2.0 - name: java-dataloader version: 3.3.0 licenses: Apache-2.0 @@ -351,7 +351,7 @@ sbom: version: 4.1.100.Final licenses: Apache-2.0 - name: network - version: 0.16.0 + version: 0.18.0 licenses: '' - name: objenesis version: '3.3' @@ -360,16 +360,16 @@ sbom: version: 1.3.0 licenses: Apache-2.0 - name: org.jacoco.agent - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: org.jacoco.ant - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: org.jacoco.core - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: org.jacoco.report - version: 0.8.9 + version: 0.8.11 licenses: EPL-2.0 - name: pcollections version: 4.0.1 @@ -398,11 +398,8 @@ sbom: - name: software-and-algorithms version: '1.0' licenses: MIT - - name: spider - version: 0.11.0 - licenses: '' - name: sqlite-jdbc - version: 3.42.0.0 + version: 3.45.3.0 licenses: Apache-2.0 - name: stax2-api version: 4.2.2 @@ -410,9 +407,6 @@ sbom: - name: swingx-all version: 1.6.5-1 licenses: Lesser General Public License (LGPL) - - name: testutils - version: unspecified - licenses: '' - name: woodstox-core version: 6.6.1 licenses: Apache-2.0 @@ -420,7 +414,7 @@ sbom: version: 1.3.9 licenses: The GNU Lesser General Public License, Version 2.1 - name: zap - version: 2.15.0-SNAPSHOT + version: 2.15.0 licenses: Apache-2.0 --- diff --git a/site/content/docs/sbom/network.md b/site/content/docs/sbom/network.md index fa2c29be5..396d68af2 100644 --- a/site/content/docs/sbom/network.md +++ b/site/content/docs/sbom/network.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: network - version: 0.17.0 + version: 0.18.0 sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/network-v0.17.0/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/network-v0.18.0/bom.json components: - name: aopalliance version: '1.0' diff --git a/site/content/docs/sbom/pscanrules.md b/site/content/docs/sbom/pscanrules.md index f12c6c3ec..f70f32248 100644 --- a/site/content/docs/sbom/pscanrules.md +++ b/site/content/docs/sbom/pscanrules.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: pscanrules - version: '60' + version: '61' sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v60/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v61/bom.json components: - name: aopalliance version: '1.0' @@ -312,7 +312,7 @@ sbom: version: 4.1.100.Final licenses: Apache-2.0 - name: network - version: 0.17.0 + version: 0.18.0 licenses: '' - name: objenesis version: '3.3' diff --git a/site/content/docs/sbom/quickstart.md b/site/content/docs/sbom/quickstart.md index fc1ee0597..96584228c 100644 --- a/site/content/docs/sbom/quickstart.md +++ b/site/content/docs/sbom/quickstart.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: quickstart - version: '49' + version: '50' sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v49/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v50/bom.json components: - name: aopalliance version: '1.0' @@ -39,7 +39,7 @@ sbom: version: '1.9' licenses: Apache-2.0 - name: automation - version: 0.42.0 + version: 0.43.0 licenses: '' - name: bcmail-jdk14 version: '1.76' @@ -72,7 +72,7 @@ sbom: version: 1.16.0 licenses: Apache-2.0 - name: byte-buddy - version: 1.15.0 + version: 1.15.1 licenses: Apache-2.0 - name: caffeine version: 3.0.5 @@ -84,7 +84,7 @@ sbom: version: 3.43.0 licenses: MIT - name: commonlib - version: 1.27.0 + version: 1.28.0 licenses: '' - name: commons-beanutils version: 1.9.4 @@ -141,7 +141,7 @@ sbom: version: 1.12.0 licenses: Apache-2.0 - name: database - version: 0.6.0 + version: 0.7.0 licenses: '' - name: dataflow-errorprone version: 3.41.0-eisop1 @@ -432,37 +432,37 @@ sbom: version: 3.3.4 licenses: Apache-2.0 - name: opentelemetry-api - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-api-incubator - version: 1.41.0-alpha + version: 1.42.1-alpha licenses: Apache-2.0 - name: opentelemetry-context - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-exporter-logging - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-common - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-extension-autoconfigure - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-extension-autoconfigure-spi - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-logs - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-metrics - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-trace - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-semconv version: 1.25.0-alpha @@ -489,58 +489,58 @@ sbom: version: 3.4.0 licenses: BSD-3-Clause - name: selenium-api - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-chrome-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-chromium-driver - version: 4.24.0 - licenses: Apache-2.0 - - name: selenium-devtools-v126 - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-devtools-v127 - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-devtools-v128 - version: 4.24.0 + version: 4.25.0 + licenses: Apache-2.0 + - name: selenium-devtools-v129 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-devtools-v85 - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-edge-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-firefox-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-http - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-ie-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-java - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-json - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-manager - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-os - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-remote-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-safari-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-support - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: service version: 1.16.0 diff --git a/site/content/docs/sbom/retire.md b/site/content/docs/sbom/retire.md index cb7f0ab46..5dc00d61a 100644 --- a/site/content/docs/sbom/retire.md +++ b/site/content/docs/sbom/retire.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: retire - version: 0.39.0 + version: 0.40.0 sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.39.0/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.40.0/bom.json components: - name: aopalliance version: '1.0' @@ -309,7 +309,7 @@ sbom: version: 4.1.100.Final licenses: Apache-2.0 - name: network - version: 0.17.0 + version: 0.18.0 licenses: '' - name: objenesis version: '3.3' diff --git a/site/content/docs/sbom/selenium.md b/site/content/docs/sbom/selenium.md index b8d4a615f..d5d4981fd 100644 --- a/site/content/docs/sbom/selenium.md +++ b/site/content/docs/sbom/selenium.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: selenium - version: 15.29.0 + version: 15.30.0 sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.29.0/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.30.0/bom.json components: - name: aopalliance version: '1.0' @@ -57,7 +57,7 @@ sbom: version: 1.14.9 licenses: Apache-2.0 - name: byte-buddy - version: 1.15.0 + version: 1.15.1 licenses: Apache-2.0 - name: byte-buddy-agent version: 1.14.9 @@ -390,37 +390,37 @@ sbom: version: '3.3' licenses: Apache-2.0 - name: opentelemetry-api - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-api-incubator - version: 1.41.0-alpha + version: 1.42.1-alpha licenses: Apache-2.0 - name: opentelemetry-context - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-exporter-logging - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-common - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-extension-autoconfigure - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-extension-autoconfigure-spi - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-logs - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-metrics - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-trace - version: 1.41.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-semconv version: 1.25.0-alpha @@ -450,58 +450,58 @@ sbom: version: 3.4.0 licenses: BSD-3-Clause - name: selenium-api - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-chrome-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-chromium-driver - version: 4.24.0 - licenses: Apache-2.0 - - name: selenium-devtools-v126 - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-devtools-v127 - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-devtools-v128 - version: 4.24.0 + version: 4.25.0 + licenses: Apache-2.0 + - name: selenium-devtools-v129 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-devtools-v85 - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-edge-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-firefox-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-http - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-ie-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-java - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-json - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-manager - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-os - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-remote-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-safari-driver - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-support - version: 4.24.0 + version: 4.25.0 licenses: Apache-2.0 - name: service version: 1.16.0 diff --git a/site/content/docs/sbom/wappalyzer.md b/site/content/docs/sbom/wappalyzer.md index 86ce9c704..20706b16f 100644 --- a/site/content/docs/sbom/wappalyzer.md +++ b/site/content/docs/sbom/wappalyzer.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: wappalyzer - version: 21.41.0 + version: 21.42.0 sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/wappalyzer-v21.41.0/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/wappalyzer-v21.42.0/bom.json components: - name: aopalliance version: '1.0' @@ -315,7 +315,7 @@ sbom: version: 4.1.100.Final licenses: Apache-2.0 - name: network - version: 0.17.0 + version: 0.18.0 licenses: '' - name: objenesis version: '3.3' diff --git a/site/content/docs/sbom/zest.md b/site/content/docs/sbom/zest.md index e1bd8a037..379c79ef6 100644 --- a/site/content/docs/sbom/zest.md +++ b/site/content/docs/sbom/zest.md @@ -6,10 +6,10 @@ weight: 1 cascade: addon: id: zest - version: '46' + version: '47' sbom: format: CycloneDX - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/zest-v46/bom.json + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/zest-v47/bom.json components: - name: aopalliance version: '1.0' @@ -39,7 +39,7 @@ sbom: version: '1.9' licenses: Apache-2.0 - name: automation - version: 0.41.0 + version: 0.43.0 licenses: '' - name: bcmail-jdk18on version: '1.77' @@ -57,7 +57,7 @@ sbom: version: 1.16.0 licenses: Apache-2.0 - name: byte-buddy - version: 1.14.17 + version: 1.15.1 licenses: Apache-2.0 - name: byte-buddy-agent version: 1.14.9 @@ -69,7 +69,7 @@ sbom: version: 3.33.0 licenses: MIT - name: checker-qual - version: 3.42.0 + version: 3.43.0 licenses: MIT - name: commons-beanutils version: 1.9.4 @@ -81,7 +81,7 @@ sbom: version: 1.16.1 licenses: Apache-2.0 - name: commons-codec - version: 1.17.0 + version: 1.17.1 licenses: Apache-2.0 - name: commons-collections version: 3.2.2 @@ -110,14 +110,20 @@ sbom: - name: commons-lang3 version: 3.14.0 licenses: Apache-2.0 + - name: commons-lang3 + version: 3.15.0 + licenses: Apache-2.0 - name: commons-logging version: '1.2' licenses: Apache-2.0 - name: commons-logging version: 1.3.1 licenses: Apache-2.0 + - name: commons-logging + version: 1.3.3 + licenses: Apache-2.0 - name: commons-net - version: 3.10.0 + version: 3.11.1 licenses: Apache-2.0 - name: commons-text version: 1.12.0 @@ -134,6 +140,9 @@ sbom: - name: error_prone_annotations version: 2.26.1 licenses: Apache-2.0 + - name: error_prone_annotations + version: 2.28.0 + licenses: Apache-2.0 - name: error_prone_check_api version: 2.26.1 licenses: Apache-2.0 @@ -168,7 +177,7 @@ sbom: version: 32.1.1-jre licenses: Apache-2.0 - name: guava - version: 33.2.1-jre + version: 33.3.0-jre licenses: Apache-2.0 - name: guice version: 5.1.0 @@ -189,25 +198,25 @@ sbom: version: 2.7.2 licenses: HSQLDB License, a BSD open source license - name: htmlunit - version: 4.1.0 + version: 4.4.0 licenses: Apache-2.0 - name: htmlunit-core-js - version: 4.1.0 + version: 4.4.0 licenses: Apache-2.0 - name: htmlunit-csp - version: 4.1.0 + version: 4.4.0 licenses: Apache-2.0 - name: htmlunit-cssparser - version: 4.1.0 + version: 4.4.0 licenses: Apache-2.0 - name: htmlunit-websocket-client - version: 4.1.0 + version: 4.4.0 licenses: Apache-2.0 - name: htmlunit-xpath - version: 4.1.0 + version: 4.4.0 licenses: Apache-2.0 - name: htmlunit3-driver - version: 4.21.0 + version: 4.23.0 licenses: Apache-2.0 - name: httpclient version: 4.5.14 @@ -305,6 +314,9 @@ sbom: - name: json-lib version: '2.4' licenses: Apache-2.0 + - name: jspecify + version: 1.0.0 + licenses: Apache-2.0 - name: jsr305 version: 3.0.2 licenses: Apache-2.0 @@ -375,7 +387,7 @@ sbom: version: 1.16.0 licenses: Apache-2.0 - name: neko-htmlunit - version: 4.1.0 + version: 4.4.0 licenses: Apache-2.0 - name: netty-buffer version: 4.1.100.Final @@ -408,37 +420,37 @@ sbom: version: '3.3' licenses: Apache-2.0 - name: opentelemetry-api - version: 1.39.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-api-incubator - version: 1.39.0-alpha + version: 1.42.1-alpha licenses: Apache-2.0 - name: opentelemetry-context - version: 1.39.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-exporter-logging - version: 1.39.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk - version: 1.39.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-common - version: 1.39.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-extension-autoconfigure - version: 1.39.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-extension-autoconfigure-spi - version: 1.39.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-logs - version: 1.39.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-metrics - version: 1.39.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-sdk-trace - version: 1.39.0 + version: 1.42.1 licenses: Apache-2.0 - name: opentelemetry-semconv version: 1.25.0-alpha @@ -468,58 +480,58 @@ sbom: version: 3.4.0 licenses: BSD-3-Clause - name: selenium-api - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-chrome-driver - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-chromium-driver - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - - name: selenium-devtools-v124 - version: 4.22.0 + - name: selenium-devtools-v127 + version: 4.25.0 licenses: Apache-2.0 - - name: selenium-devtools-v125 - version: 4.22.0 + - name: selenium-devtools-v128 + version: 4.25.0 licenses: Apache-2.0 - - name: selenium-devtools-v126 - version: 4.22.0 + - name: selenium-devtools-v129 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-devtools-v85 - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-edge-driver - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-firefox-driver - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-http - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-ie-driver - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-java - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-json - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-manager - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-os - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-remote-driver - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-safari-driver - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: selenium-support - version: 4.22.0 + version: 4.25.0 licenses: Apache-2.0 - name: service version: 1.16.0 diff --git a/site/data/addons.yaml b/site/data/addons.yaml index c4e098856..28bf7bb75 100644 --- a/site/data/addons.yaml +++ b/site/data/addons.yaml @@ -37,9 +37,9 @@ status: release infoUrl: /docs/desktop/addons/active-scan-rules/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v67/ascanrules-release-67.zap - date: 2024-07-22 - version: 67 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v68/ascanrules-release-68.zap + date: 2024-09-24 + version: 68 - id: ascanrulesAlpha name: Active scanner rules (alpha) description: The alpha status Active Scanner rules @@ -57,9 +57,9 @@ status: beta infoUrl: /docs/desktop/addons/active-scan-rules-beta/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v55/ascanrulesBeta-beta-55.zap - date: 2024-09-02 - version: 55 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v56/ascanrulesBeta-beta-56.zap + date: 2024-09-24 + version: 56 - id: attacksurfacedetector name: Attack Surface Detector description: The Attack Surface Detector analyzes web application source code to @@ -180,9 +180,9 @@ status: release infoUrl: /docs/desktop/addons/common-library/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.27.0/commonlib-release-1.27.0.zap - date: 2024-09-02 - version: 1.27.0 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.28.0/commonlib-release-1.28.0.zap + date: 2024-09-24 + version: 1.28.0 - id: communityScripts name: Community Scripts description: Useful ZAP scripts written by the ZAP community. @@ -314,9 +314,9 @@ status: beta infoUrl: /docs/desktop/addons/import-export/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.10.0/exim-beta-0.10.0.zap - date: 2024-07-22 - version: 0.10.0 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.11.0/exim-beta-0.11.0.zap + date: 2024-09-24 + version: 0.11.0 - id: fileupload name: FileUpload description: Detect File upload requests and scan them to find related vulnerabilities @@ -349,6 +349,16 @@ downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/fuzz-v13.13.0/fuzz-beta-13.13.0.zap date: 2024-05-07 version: 13.13.0 +- id: fuzzai + name: FuzzAI Files + description: FuzzAI files which can be used with the ZAP fuzzer + author: ZAP Dev Team + status: release + infoUrl: /docs/desktop/addons/fuzzai-files/ + repoUrl: https://github.com/zaproxy/zap-extensions/ + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/fuzzai-v0.0.1/fuzzai-release-0.0.1.zap + date: 2024-09-24 + version: 0.0.1 - id: fuzzdb name: FuzzDB Files description: FuzzDB files which can be used with the ZAP fuzzer @@ -378,9 +388,9 @@ status: release infoUrl: /docs/desktop/addons/getting-started-guide/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/gettingStarted-v17/gettingStarted-release-17.zap - date: 2024-05-07 - version: 17 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/gettingStarted-v18/gettingStarted-release-18.zap + date: 2024-09-24 + version: 18 - id: graaljs name: GraalVM JavaScript description: Provides the GraalVM JavaScript engine for ZAP scripting. @@ -388,9 +398,9 @@ status: alpha infoUrl: /docs/desktop/addons/graalvm-javascript/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/graaljs-v0.7.0/graaljs-alpha-0.7.0.zap - date: 2024-05-07 - version: 0.7.0 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/graaljs-v0.8.0/graaljs-alpha-0.8.0.zap + date: 2024-09-24 + version: 0.8.0 - id: graphql name: GraphQL Support description: Inspect and attack GraphQL endpoints. @@ -398,9 +408,9 @@ status: alpha infoUrl: /docs/desktop/addons/graphql-support/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/graphql-v0.24.0/graphql-alpha-0.24.0.zap - date: 2024-05-07 - version: 0.24.0 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/graphql-v0.25.0/graphql-alpha-0.25.0.zap + date: 2024-09-24 + version: 0.25.0 - id: groovy name: Groovy Support description: Adds Groovy support to ZAP @@ -679,9 +689,9 @@ status: beta infoUrl: /docs/desktop/addons/network/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/network-v0.17.0/network-beta-0.17.0.zap - date: 2024-09-02 - version: 0.17.0 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/network-v0.18.0/network-beta-0.18.0.zap + date: 2024-09-24 + version: 0.18.0 - id: oast name: OAST Support description: Allows you to exploit out-of-band vulnerabilities @@ -783,9 +793,9 @@ status: release infoUrl: /docs/desktop/addons/passive-scan-rules/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v60/pscanrules-release-60.zap - date: 2024-09-02 - version: 60 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v61/pscanrules-release-61.zap + date: 2024-09-24 + version: 61 - id: pscanrulesAlpha name: Passive scanner rules (alpha) description: The alpha status Passive Scanner rules @@ -813,9 +823,9 @@ status: release infoUrl: /docs/desktop/addons/quick-start/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v49/quickstart-release-49.zap - date: 2024-09-02 - version: 49 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v50/quickstart-release-50.zap + date: 2024-09-24 + version: 50 - id: reflect name: Reflect description: Finds reflected parameters @@ -883,9 +893,9 @@ status: release infoUrl: /docs/desktop/addons/retire.js/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.39.0/retire-release-0.39.0.zap - date: 2024-08-28 - version: 0.39.0 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.40.0/retire-release-0.40.0.zap + date: 2024-09-24 + version: 0.40.0 - id: reveal name: Reveal description: Show hidden fields and enable disabled fields @@ -933,9 +943,9 @@ status: release infoUrl: /docs/desktop/addons/selenium/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.29.0/selenium-release-15.29.0.zap - date: 2024-09-02 - version: 15.29.0 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.30.0/selenium-release-15.30.0.zap + date: 2024-09-24 + version: 15.30.0 - id: sequence name: Sequence description: Gives the possibility of defining a sequence of requests to be scanned. @@ -1055,9 +1065,9 @@ status: release infoUrl: /docs/desktop/addons/technology-detection/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/wappalyzer-v21.41.0/wappalyzer-release-21.41.0.zap - date: 2024-09-02 - version: 21.41.0 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/wappalyzer-v21.42.0/wappalyzer-release-21.42.0.zap + date: 2024-09-24 + version: 21.42.0 - id: webdriverlinux name: Linux WebDrivers description: Linux WebDrivers for Firefox and Chrome. @@ -1105,6 +1115,6 @@ status: beta infoUrl: /docs/desktop/addons/zest/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/zest-v46/zest-beta-46.zap - date: 2024-06-28 - version: 46 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/zest-v47/zest-beta-47.zap + date: 2024-09-24 + version: 47