On Tuesday, May 23, 2023, Ashlen <d...@anthes.is> wrote: > Release notes: > https://www.zaproxy.org/blog/2022-10-27-zap-2-12-0-the-ten- > thousand-star-release/ > > JVM 11+ is now a requirement. log4j was updated from 2.15.0[!] to > 2.19.0. An HTML injection vulnerability is patched in this release. > > Builds and runs OK for the most part. zaproxy.sh was a bit broken, so I > changed some things around. Brief summary: > > - Tilde expansion doesn't happen inside quotes, so `[ -f ${JVMPROPS} ]` > would always fail. Fixed ${JVMPROPS} to use ${HOME} instead. > - The provided path for ${JVMPROPS} isn't the one used on OpenBSD[1] so I > fixed that as well. > - Quoted variables to avoid unexpected word splitting and globbing. > - Consistency and readability improvements. > - The last line now uses `-dir "${HOME}/OWASP ZAP"`. > > I wasn't sure whether to try adding a do-build target with > BUILD_DEPENDS=java/gradle so NO_BUILD can get removed. I don't have much > experience with that stuff, but if upstream makes a change in the future > that warrants downstream patches, it seems like it'd be easier to fix if > that shift has already happened. > > Thoughts/feedback? :) > > [1]: https://github.com/zaproxy/zaproxy/blob/v2.12.0/zap/src/ > main/java/org/parosproxy/paros/Constant.java#L408 >
-- Kind regards, Mike
