Skip to content

Release add-on(s)#1607

Merged
thc202 merged 1 commit into
zaproxy:masterfrom
zapbot:add-on-release
Jul 9, 2026
Merged

Release add-on(s)#1607
thc202 merged 1 commit into
zaproxy:masterfrom
zapbot:add-on-release

Conversation

@zapbot

@zapbot zapbot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Release the following add-ons:

  • Linux WebDrivers version 208
  • Windows WebDrivers version 209
  • macOS WebDrivers version 208

Release the following add-ons:
 - Linux WebDrivers version 208
 - Windows WebDrivers version 209
 - macOS WebDrivers version 208

Signed-off-by: zapbot <12745184+zapbot@users.noreply.github.com>
@thc202 thc202 enabled auto-merge July 9, 2026 09:05
@psiinon

psiinon commented Jul 9, 2026

Copy link
Copy Markdown
Member

Logo
Checkmarx One – Scan Summary & Details333e9889-0f81-4368-b559-4ec2f4411038


New Issues (20) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 HIGH CVE-2025-48734 Maven-commons-beanutils:commons-beanutils-1.9.4
detailsRecommended version: 1.11.0
Description: An Improper Access Control vulnerability exists in Apache Commons. A special "BeanIntrospector" class was added in version 1.9.2. This can be used ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
2 HIGH CVE-2026-24400 Maven-org.assertj:assertj-core-3.27.3
detailsRecommended version: 3.27.7
Description: AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine (JVM). Starting in version 1.4.0 prior to 3.27.7 and 4.0.0-M1, an ...
Attack Vector: LOCAL
Attack Complexity: LOW
Vulnerable Package
3 HIGH CVE-2026-54512 Maven-com.fasterxml.jackson.core:jackson-databind-2.17.2
detailsRecommended version: 2.18.6.redhat-00001
Description: jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 prior to 2.18.8, 2....
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
4 HIGH CVE-2026-54513 Maven-com.fasterxml.jackson.core:jackson-databind-2.17.2
detailsRecommended version: 2.18.0.redhat-00001
Description: jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. In versions 2.10.0 prior to 2.1...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
5 HIGH Cx78f40514-81ff Maven-commons-collections:commons-collections-3.2.2
detailsDescription: The framework Apache Commons Collections before 4.3 is vulnerable to Stack Overflow. The function `add()` in the file `SetUniqueList.java` throws a...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
6 HIGH Cxfa47c4e4-5ef9 Maven-com.fasterxml.jackson.core:jackson-core-2.17.2
detailsRecommended version: 2.18.6
Description: The non-blocking (async) JSON parser in jackson-core bypasses the "maxNumberLength" constraint (default: 1000 characters) defined in "StreamReadCon...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
7 MEDIUM CVE-2012-5783 Maven-commons-httpclient:commons-httpclient-3.1
detailsDescription: Apache Commons HttpClient prior to 4.0-alpha1, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not ver...
Attack Vector: NETWORK
Attack Complexity: MEDIUM
Vulnerable Package
8 MEDIUM CVE-2012-6153 Maven-commons-httpclient:commons-httpclient-3.1
detailsDescription: http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain na...
Attack Vector: NETWORK
Attack Complexity: MEDIUM
Vulnerable Package
9 MEDIUM CVE-2020-13956 Maven-commons-httpclient:commons-httpclient-3.1
detailsDescription: Apache HttpClient can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong ta...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
10 MEDIUM CVE-2022-27820 Maven-org.zaproxy:zap-2.16.0
detailsDescription: OWASP Zed Attack Proxy (ZAP) does not verify the TLS certificate chain of an HTTPS server.
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
11 MEDIUM CVE-2025-46392 Maven-commons-configuration:commons-configuration-1.10
detailsDescription: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration versions 1.x. There are a number of issues in Apache Commons Confi...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
12 MEDIUM CVE-2025-48924 Maven-org.apache.commons:commons-lang3-3.17.0
detailsRecommended version: 3.18.0
Description: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
13 MEDIUM CVE-2025-48924 Maven-commons-lang:commons-lang-2.6
detailsDescription: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
14 MEDIUM CVE-2025-68161 Maven-org.apache.logging.log4j:log4j-core-2.24.2
detailsRecommended version: 2.25.2.redhat-00002
Description: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
15 MEDIUM CVE-2026-34477 Maven-org.apache.logging.log4j:log4j-core-2.24.2
detailsRecommended version: 2.25.4
Description: The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the "log4j2.sslVerifyHostName" system property,...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
16 MEDIUM CVE-2026-34478 Maven-org.apache.logging.log4j:log4j-core-2.24.2
detailsRecommended version: 2.25.4
Description: Apache Log4j Core's Rfc5424Layout https://logging\.apache\.org/log4j/2\.x/manual/layouts\.html\#RFC5424Layout , in versions 2.21.0 through 2.25.3, and ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
17 MEDIUM CVE-2026-34479 Maven-org.apache.logging.log4j:log4j-1.2-api-2.24.2
detailsRecommended version: 2.25.4
Description: The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
18 MEDIUM CVE-2026-34480 Maven-org.apache.logging.log4j:log4j-core-2.24.2
detailsRecommended version: 2.25.4
Description: Apache Log4j Core's XmlLayout https://logging\.apache\.org/log4j/2\.x/manual/layouts\.html\#XmlLayout , versions through 2.25.3, and 3.x through 3.0.0-...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
19 MEDIUM CVE-2026-54514 Maven-com.fasterxml.jackson.core:jackson-databind-2.17.2
detailsRecommended version: 2.18.0.redhat-00001
Description: jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. In versions 2.0.0 prior to 2.18...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
20 MEDIUM CVE-2026-54515 Maven-com.fasterxml.jackson.core:jackson-databind-2.17.2
detailsRecommended version: 2.18.0.redhat-00001
Description: jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 prior to 2.18.9, 2.1...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

@thc202 thc202 merged commit f87280f into zaproxy:master Jul 9, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

3 participants