Merge pull request #526 from psiinon/release/2.14-headline

Update 2.14 page with headline changes

Author: thc202

addOns/help/src/main/javahelp/contents/releases/2.14.0.html

@@ -12,6 +12,78 @@ <H1>Release 2.14.0</H1>
 This is a bug fix and enhancement release.
 <br>
 These release notes do not include all of the changes included in add-ons updated since 2.13.0.
+<p>
+This release was made possible thanks to our Platinum Sponsor, the <a href="https://softwaresecurityproject.org/">Software Security Project</a>.
+<p>
+Some of the more significant enhancements include:
+
+<H3>Rebranding and Docker Hub Move</H3>
+
+ZAP has had some minor rebranding changes as a result of the <a href="https://www.zaproxy.org/blog/2023-08-01-zap-is-joining-the-software-security-project/">move to the Software Security Project</a>.
+<p>
+As part of that move the official ZAP Docker images are being published to the 
+<a href="https://hub.docker.com/u/softwaresecurityproject">Software Security Project Docker Hub Organisation</a>. 
+The OWASP images should continue to work for now but we recommend you change to use the new ones ASAP.
+<p>
+Note that you can also pull the ZAP Docker images from <a href="https://github.com/zaproxy/zaproxy/pkgs/container/zaproxy/versions?filters%5Bversion_type%5D=tagged">GitHub Container Registry</a>.
+
+<H3>Host Header Manipulation</H3>
+
+Host headers can now be manipulated in ZAP - we know many of you have been waiting for this for a long time!
+
+The Break, Manual Request and Requester dialogs all have a new "Update Host Header" button.
+This is enabled by default (to keep backwards compatibility) but if you turn this off then you will be able to specify your own host headers which will be sent to the target site.
+
+<H3>ZAPit</H3>
+
+This release adds a new `-zapit` command line option to perform a quick ‘reconnaissance’ scan of the URL specified.
+
+For more details see the <a href="https://www.zaproxy.org/docs/desktop/addons/quick-start/zapit/">ZAPit help page</a>
+
+<H3>API File Transfers</H3>
+
+You can now upload and download files to and from ZAP via the API.
+Note that this feature is disabled by default as a security measure.
+
+For more details, including how to enable it, see the <a href="https://www.zaproxy.org/docs/desktop/start/features/api/#filexfer">API</a> help page.
+
+<H3>Graal JS Add-on Access</H3>
+
+Since Oracle removed removed the Nashorn JavaScript engine from Java 15 anyone using Java 15+ has had to rely on the Graal JS add-on for JavaScript support.
+Unfortunately due to classloader issues it was not able to access add-on classes, which significantly limited its functionality.
+<p>
+These issues have now been resolved which means that Graal JS is the recommended JavaScript engine to use in ZAP.
+Note that existing Nashorn scripts may need changes to work with Graal JS.
+
+<H3>Postman Support</H3>
+
+ZAP can now import Postman collections thanks to the new <a href="https://www.zaproxy.org/docs/desktop/addons/postman-support/">Postman</a> add-on.
+
+<H3>SBOMs</H3>
+
+ZAP includes a runtime Software Bill of Materials (SBOM) generated by <a href="https://cyclonedx.org/">CycloneDX</a> 
+for both the ZAP core and all of the add-ons maintained by the ZAP team. 
+
+For more details see the <a href="https://www.zaproxy.org/docs/desktop/start/features/sbom/">Software Bill of Materials</a> help page.
+
+<H3>ZAP API OpenAPI Definition</H3>
+
+An <a href="https://swagger.io/">OpenAPI definition</a> for the ZAP API is <a href="https://raw.githubusercontent.com/zaproxy/zap-api-docs/main/openapi.yaml">available in the main repository</a>, which can be used to generate custom API clients.
+This definition is planned to be kept up to date for the latest core and add-on releases.
+<p>
+Note that currently the definition does not declare the most appropriate types for the parameters and does not contain the responses.
+
+<H3>ZAP Browser Extensions</H3>
+
+The eagle-eyed among you may have noticed that there are now ZAP Firefox and Chrome extensions: https://github.com/zaproxy/browser-extension
+
+These are included in the new <a href="https://www.zaproxy.org/docs/desktop/addons/client-side-integration/">Client Side Integration</a> add-on which supports:
+
+* <a href="https://www.zaproxy.org/blog/2023-09-11-browser-recorder/">Browser Recording</a>
+* Streaming client side events to ZAP
+
+This is not (yet) included in the main ZAP releases so you will need to download it from the 
+<a href="https://www.zaproxy.org/addons/">Marketplace</a>.
 
 <h3>Dependency Updates</h3>
 
@@ -57,6 +129,9 @@ <H2>Enhancements</H2>
 <li><a href="https://github.com/zaproxy/zaproxy/issues/8067">Issue 8067</a> : Allow to disable modification of multiple options</li>
 <li><a href="https://github.com/zaproxy/zaproxy/issues/8070">Issue 8070</a> : Prevent concurrent usage of ZAP home</li>
 <li><a href="https://github.com/zaproxy/zaproxy/issues/8089">Issue 8089</a> : Break: Allow host header manipulation</li>
+<li><a href="https://github.com/zaproxy/zaproxy/issues/8101">Issue 8101</a> : Extend ScanEventPublisher to support params</li>
+<li><a href="https://github.com/zaproxy/zaproxy/issues/8109">Issue 8109</a> : Make SBOM zip available via GUI, cmdline and API.</li>
+<li><a href="https://github.com/zaproxy/zaproxy/issues/8118">Issue 8118</a> : Record config stats</li>
 </ul>
 
 <H2>Bug fixes</H2>
@@ -67,6 +142,7 @@ <H2>Bug fixes</H2>
 <li><a href="https://github.com/zaproxy/zaproxy/issues/8028">Issue 8028</a> : Set the view to `ExtensionAdaptor` sooner</li>
 <li><a href="https://github.com/zaproxy/zaproxy/issues/8055">Issue 8055</a> : Include country name for duplicated languages</li>
 <li><a href="https://github.com/zaproxy/zaproxy/issues/8068">Issue 8068</a> : Use the current database body size values</li>
+<li><a href="https://github.com/zaproxy/zaproxy/issues/8111">Issue 8111</a> : Raw HTML displayed in options panels for search matches</li>
 </ul>