RELEASING.md

Releasing

Main Release

Pre release

These tasks use checkboxes so that they can be copied into an issue.

• Update dependencies - these can be checked using the zaproxy dependencyUpdates gradle task
• Update the gettingStarted ODT document and regenerate the PDF.
• Update the MacOS JRE.
• Update the MacOS Copyright statement.
• Update Constant#VERSION_TAG.
• Add and use a Constant.upgradeFrom<version>() method.
• Update common-user-agents.txt and DEFAULT_DEFAULT_USER_AGENT.
• Publish a SNAPSHOT of core and update the main add-ons to use it.
• Create help release page
  • Development / bug fix issue links can be generated using the zap-admin generateReleaseNotes task.
  • Library changes can be determined by diffing LEGALNOTICE.md with the version at the previous release.
• Create the zap-admin version and news files
• Prepare blog post

Release Process

• Run the workflow Prepare Release Main Version, to prepare the release. It creates a pull request updating the version;
• Finish the following tasks in the pull request:
  • Update latest ZapVersions file in build.gradle.kts
  • Release add-ons.
  • Update main add-ons declared in main-add-ons.yml:
    • Add new add-ons.
    • Remove add-ons no longer needed.
    • Update add-ons with the task mentioned in main-add-ons.yml.
• Merge the pull request, to create the tag and the draft release (done by Release Main Version);
• Verify the draft release.
• Publish the release.
• Regenerate and publish the Weekly and Live releases.
• Update the Linux Repos
• Update the stats scripts github.py and zap_services.py

Once published the Handle Release workflow will trigger the update of the marketplace with the new release, it will also create a pull request preparing the next development iteration.

Localized Resources

The resources that require localization (e.g. Messages.properties, vulnerabilities.xml) are uploaded to the ZAP projects in Crowdin when the main release is released, if required (for pre-translation) the resources can be uploaded manually at any time by running the workflow Crowdin Upload Files.

The resulting localized resources are added/updated in the repository periodically (through a workflow in the zap-admin repository).

Post Release

• Publish blog post
• Update latest News file to point to blog / release notes?
• Announce on
  • ZAP User and Dev groups
  • @zaproxy twitter account
  • OWASP Slack
• Update and release client APIs
  • Java
  • Python
• Update major projects using ZAP
  • Kali - new issue
  • Flathub
  • Snap
    • Run the workflow Release Snap.
• Update 3rd Party Package Managers
  • Homebrew - zap.rb
  • Scoop - zaproxy.json
  • Chocolatey - zap
  • winget-pkgs - ZAP
• Update bugcrowd scope

Weekly Release

The following steps should be followed to release the weekly:

1. Run the workflow Release Weekly, to create the tag and the draft release;
2. Verify the draft release;
3. Publish the release.

Once published the Handle Release workflow will trigger the update of the marketplace with the new release.

Docker Images

The Nightly image is automatically built from the default branch.

The images Weekly, Stable, and Bare are automatically built after the corresponding release to the marketplace.
The images Stable and Bare are built at the same time.

They can still be manually built by running the corresponding workflow:

• Release Weekly Docker
• Release Main (and Bare) Docker