[JIRA] [zaproxy-plugin] (JENKINS-29687) From ZAP 2.4.1 an API key is added by default, which will break the API calls
Title: Message Title SCM/JIRA link daemon commented on JENKINS-29687 Re: From ZAP 2.4.1 an API key is added by default, which will break the API calls Code changed in jenkins User: ludovicRoucoux Path: src/main/java/fr/novia/zaproxyplugin/ZAProxy.java http://jenkins-ci.org/commit/zaproxy-plugin/d882682d077d56774b0cd7bf19da868666ef9079 Log: Fix JENKINS-29687 issue Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [zaproxy-plugin] (JENKINS-29687) From ZAP 2.4.1 an API key is added by default, which will break the API calls
Title: Message Title Ludovic Roucoux resolved as Fixed Jenkins / JENKINS-29687 From ZAP 2.4.1 an API key is added by default, which will break the API calls Change By: Ludovic Roucoux Status: Open Resolved Resolution: Fixed Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [zaproxy-plugin] (JENKINS-29687) From ZAP 2.4.1 an API key is added by default, which will break the API calls
Title: Message Title Simon Bennetts commented on JENKINS-29687 Re: From ZAP 2.4.1 an API key is added by default, which will break the API calls Hi Ludovic, Yes, the latest weekly release does include the random key generation. The API key is one of the means we use to protect the ZAP API from malicious sites. It might be less important in an 'safe' environment, but there are attacks that can be made against ZAP if a malicious site is visited - details will be published after 2.4.1 has been released. Cheers, Simon Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [zaproxy-plugin] (JENKINS-29687) From ZAP 2.4.1 an API key is added by default, which will break the API calls
Title: Message Title Ludovic Roucoux commented on JENKINS-29687 Re: From ZAP 2.4.1 an API key is added by default, which will break the API calls Hi Simon, Thanks for the feedback. Does the ZAP weekly release integrates the random API key, so I could test that ? And into ZAP, what is the use of the API key ? Is it important ? Regards, Ludovic. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [zaproxy-plugin] (JENKINS-29687) From ZAP 2.4.1 an API key is added by default, which will break the API calls
Title: Message Title Simon Bennetts created an issue Jenkins / JENKINS-29687 From ZAP 2.4.1 an API key is added by default, which will break the API calls Issue Type: Bug Assignee: Ludovic Roucoux Components: zaproxy-plugin Created: 28/Jul/15 3:34 PM Priority: Critical Reporter: Simon Bennetts ZAP 2.4.1 will be released very soon (probably this week). A random API key will now be created by default, meaning that the API calls will fail. There are 2 options for getting around this. One is to set the key to a known value that you use in the script using a command line option like -config api.key=12345 The other option is to disable use of the API key using -config api.disablekey=true Note that we generally recommend against this in most situations as it can make ZAP vulnerable to attacks from malicious web sites. In this particular case the risks might be less than in other cases. Add Comment
