These tasks use checkboxes so that they can be copied into an issue.
- Update dependencies - these can be checked using the zaproxy
dependencyUpdates
gradle task - Update the gettingStarted ODT document and regenerate the PDF.
- Update the MacOS JRE.
- Update the MacOS Copyright statement.
- Update Constant#VERSION_TAG.
- Add and use a Constant.upgradeFrom
<version>
() method. - Update common-user-agents.txt and DEFAULT_DEFAULT_USER_AGENT.
- Create help release page
- Development / bug fix issue links can be generated using the zap-admin
generateReleaseNotes
task. - Library changes can be determined by diffing LEGALNOTICE.md with the version at the previous release.
- Development / bug fix issue links can be generated using the zap-admin
- Create the zap-admin version and news files
- Prepare blog post
- Run the workflow Prepare Release Main Version, to prepare the release. It creates a pull request updating the version;
- Finish the following tasks in the pull request:
- Release add-ons.
- Update main add-ons declared in main-add-ons.yml:
- Add new add-ons.
- Remove add-ons no longer needed.
- Update add-ons with the task mentioned in
main-add-ons.yml
.
- Update SECURITY.md to mention the latest version.
- Update the version of the snap and the source file in snapcraft.yaml.
- Merge the pull request, to create the tag and the draft release (done by Release Main Version);
- Create the macOS release on a Mac (requires
hdiutil
):- Check out the tag: e.g.
git checkout tags/v2.12.0
- Run
./gradlew :zap:distMac
- Verify it locally
- Upload it to the release and update the README with the hash
- Check out the tag: e.g.
- Verify the draft release.
- Publish the release.
- Regenerate and publish the Weekly and Live releases.
- Update the Linux Repos
Once published the Handle Release workflow will trigger the update of the marketplace with the new release, it will also create a pull request preparing the next development iteration.
The resources that require localization (e.g. Messages.properties
, vulnerabilities.xml
) are uploaded to the OWASP ZAP projects in
Crowdin when the main release is released, if required (for pre-translation) the resources can be uploaded manually
at any time by running the workflow Crowdin Upload Files.
The resulting localized resources are added/updated in the repository periodically (through a workflow in the zap-admin repository).
- Publish blog post
- Update latest News file to point to blog / release notes?
- Announce on
- ZAP User and Dev groups
- @zaproxy twitter account
- OWASP Slack
- Release client APIs
- Update major projects using ZAP
- Kali - new issue
- Flathub
- Snap
- Run the workflow Release Snap.
- Update 3rd Party Package Managers
- Homebrew - owasp-zap.rb
- Scoop - zaproxy.json
- Chocolatey - zap
- Update bugcrowd scope
The following steps should be followed to release the weekly:
- Run the workflow Release Weekly, to create the tag and the draft release;
- Verify the draft release;
- Publish the release.
Once published the Handle Release workflow will trigger the update of the marketplace with the new release.
The image owasp/zap2docker-live
is automatically built from the default branch.
The images owasp/zap2docker-weekly
, owasp/zap2docker-stable
, and owasp/zap2docker-bare
are automatically built
after the corresponding release to the marketplace.
The images owasp/zap2docker-stable
and owasp/zap2docker-bare
are built at the same time.
They can still be manually built by running the corresponding workflow: