| Version | Supported |
|---|---|
| 2.0.x | ✅ |
| < 2.0 | ❌ |
If you discover a security vulnerability in mzap, please report it responsibly.
- Do not open a public GitHub issue for security vulnerabilities.
- Email the maintainer at hahwul@gmail.com with:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- You can expect an initial response within 72 hours.
- A fix will be prioritized and released as a patch version once confirmed.
mzap is a CLI tool that communicates with OWASP ZAP API instances. Security concerns include:
- Command injection via crafted target URLs or configuration files
- Path traversal in report output paths
- Sensitive data exposure (API keys in logs or process arguments)
We appreciate responsible disclosure and will credit reporters in release notes (unless anonymity is requested).