patchletter

The current version of OWASP ZAP is 2.17.0 (as of 15/12/2025).

OWASP ZAP

ZAP-Team · current 2.17.0

OWASP ZAP at a glance

OWASP ZAP (Zed Attack Proxy) is a widely used open-source web-application security scanner, for finding vulnerabilities in web apps during authorized testing. ZAP ships regular releases plus frequently updated add-ons; keeping both current keeps its detection useful.

For admins (and security testers) ZAP is a dual-use tool: legitimate for authorized testing and CI security checks, and powerful, so use it deliberately. The update driver is detection coverage — the core and the marketplace add-ons update regularly, so keep them current. The critical caveat is authorization: only scan applications you own or are explicitly permitted to test, since active scanning can disrupt targets and unauthorized testing is unlawful. Run it from a controlled environment. It integrates into CI/CD for automated security testing — a good practice worth adopting. After updating, verify that scans run and add-ons load. Patchletter surfaces new ZAP releases so testers stay current.

Release history · as detected by patchletter

VersionChannelDateNotes
2.17.0STABLE15/12/2025Release notes →

Never miss a OWASP ZAP update

We check the source daily and email you — instantly or as a digest. Free, one-click unsubscribe.

Watch OWASP ZAP

Related tools in Firewalls & Security