Release 2.16.1$$$This is a bug fix release; along with some minor enhancements.$$$$$$This release was made possible thanks to Checkmarx who employ 3 of the Core Team to work on ZAP.$$$$$$These release notes do not include all of the changes included in add-ons updated since 2.16.0.$$$$$$The enhancements include:$$$$$$Use Main Output Tab for Scripts $$$The Script Console no longer includes its own “Script Output” panel. Instead it uses the main Output tab.$$$$$$Support Sub-tabs in Output Tab $$$The Output tab now supports sub-tabs. The Script Console add-on will add one tab for each script that generates any output; making it much easier to see where output messages come from.$$$$$$API Support for Plugable Authentication and Session Management $$$The API now supports plugable Authentication and Session Management methods; which means you can configure modern options like Browser Based Authentication.$$$$$$Authentication Enhancements $$$Many enhancements have been made to ensure ZAP handles authentication more easily and effectively; including support for TOTP.$$$$$$Windows Native Decorations Support $$$ZAP now supports Native Decorations on Windows systems; providing a more unified and visually pleasing experience.$$$$$$AJAX Spider URL Count $$$The AJAX Spider no longer counts URLs that are out of scope. This may affect any tests you have in place.$$$$$$Dependency Updates $$$As usual the release includes dependency updates.$$$$$$The following libraries were updated:$$$$$$Commons Beanutils; 1.9.4 ? 1.10.1$$$Commons Codec; 1.17.1 ? 1.18.0$$$Commons Logging; 1.3.4 ? 1.3.5$$$Commons Text; 1.12.0 ? 1.13.0$$$log4j-1.2-api; 2.24.2 ? 2.24.3$$$log4j-api; 2.24.2 ? 2.24.3$$$log4j-core; 2.24.2 ? 2.24.3$$$log4j-jul; 2.24.2 ? 2.24.3$$$Rsyntaxtextarea; 3.5.3 ? 3.6.0$$$Enhancements $$$Issue 8843 : Support CakePHP CSRF Token name$$$Issue 8868 : Adjust Footer Status Icons Label$$$Issue 8872 : Tag verification requests$$$Issue 8879 : Look and feel: Use native decorations on Windows$$$Issue 8885 : Allow API access to dynamically added Authn & Session Mgmt Method Types$$$Issue 8886 : Provide DB details and notify close$$$Issue 8892 : Add TOTP to credentials$$$Bug fixes $$$Issue 8760 : Links are unreadable in the Flat Darcula theme$$$Issue 8819 : Fix error when no Java version is found in zap.sh$$$Issue 8862 : Fix alert editing through the GUI

Release 2.16.0$$$This is a bug fix and enhancement release. Look out for new Blog Posts and Videos which will cover some of these new features in much more depth in the coming days and weeks.$$$$$$This release was made possible thanks to Checkmarx who employ 3 of the Core Team to work on ZAP.$$$$$$These release notes do not include all of the changes included in add-ons updated since 2.15.0.$$$$$$Some of the more significant enhancements include:$$$$$$Update to a Minimum of Java 17 $$$ZAP now requires a minimum of Java 17 to run. This allows us to use more modern Java features in the ZAP codebase.$$$$$$As a result of this move scripts which use the Nashorn JavaScript engine may no longer work; this is because the engine is no longer present in Java 17. Any scripts configured to use Nashorn will automatically be changed to use the Graal.js JavaScript engine. However you may still need to migrate these scripts; see the Migration Guide from Nashorn to GraalJS.