v0.15.0

What's Changed

• Breaking change: assert statements are no longer automatically enabled in @FuzzTests executed via JUnit as it is not possible to do so reliably. If you want your @FuzzTests to execute these statements, use the -ea JVM flag.
• Feature: @FuzzTests now use the JUnit-provided test instance, which improves support for mocks (#604)
• Feature: @FuzzTests executed using the Jazzer CLI now use the JUnit
  launcher API and thus support all JUnit lifecycle hooks (#612)
• Feature: The inputs directory for a @FuzzTest is now created automatically if a test resource directory exists (#585)
• Feature: Kotlin integer compares are now tracked (#593)
• Bugfix: autofuzz: Fixed handling of generic array types (#584)
• Bugfix: autofuzz: Fixed findings being reported when autofuzz fails to construct inputs (#588)
• Bugfix: autofuzz: Java reproducers enable assertions (#590)
• Bugfix: Added internal maven and gradle classes to custom hook excludes with JUnit (#601 by @florianGla)
• Native sanitizer lib location can be overriden via an environment variable (#606)

Full Changelog: v0.14.0...v0.15.0

v0.14.0

What's Changed

• Major feature: The fuzzing mode of @FuzzTests is now implemented within JUnit Jupiter and thus supports lifecycle hooks (#556)
• Major feature: Kotlin string comparison functions are instrumented (#566)
• Bugfix: Correctly emit finding inputs generated by @FuzzTest on Windows (#578)
• Bugfix: @FuzzTests no longer interfere with regular unit tests in certain edge cases (#575)
• junit: Inputs are sorted by path (#562)
• docker: Updated to OpenJDK 17 (#559)
• docs: Added CONTRIBUTING.md and restructured docs (#549, #553, #551, #550, #560)

Full Changelog: v0.13.3...v0.14.0

v0.13.3

What's Changed

• driver: Fix timeouts not being detected anymore (#544)

Full Changelog: v0.13.2...v0.13.3

v0.13.2

What's Changed

• driver: Make jazzer_standalone.jar executable without the launcher (#537)
• Add support for JDK 19 (#541)
• junit: Tag Jazzer test engine tests with "jazzer" (#540)

Full Changelog: v0.13.1...v0.13.2

v0.13.1

What's Changed

• autofuzz: Fix exclusion of Jazzer-internal classes (#528)
• deps: Update rules_jvm_external to preserve directories in JARs (#532)
• Fix sanitizers not being loaded with jazzer_standalone_deploy.jar (#533)

Full Changelog: v0.13.0...v0.13.1

v0.13.0

What's Changed

• Breaking change: A JUnit @FuzzTest now runs on inputs in a ClassNameInputs rather than a ClassNameSeedCorpus directory.
• Breaking change: Removed the seedCorpus attribute from @FuzzTest. Following the ClassNameInputs convention allows for better integration with the fuzzer.
• Breaking change: --autofuzz no longer enables --keep_going by default, but instead prints suggestions on how to skip uninteresting findings.
• Major feature: JUnit @FuzzTests can now take any parameters and will use Autofuzz if not using the standard byte[] or FuzzedDataProvider signatures (#476)
• Major feature: Jazzer is now available as a jar, using the native launcher is no longer required. (#492)
• Major feature: Jazzer now supports native library fuzzing with release builds. See Fuzzing with Native Libraries. (#500)
• junit: Do not leak fuzzer startup into first seed test (#491)
• junit: Fixed Windows failure when running with corpus (#467)
• Fixed Java reproducer not compiling when referencing non-visible superclasses or interfaces (#471)
• Fixed DEDUP_TOKEN and --ignore behavior (#472)
• Fixed JaCoCo coverage measurements (#479)
• Improved fuzz test class not found error message (#481)
• Cleaned up stack traces (#485)
• Added docs and source JAR for jazzer-junit (#477)
• Ignore regex pattern syntax exceptions caused by stack overflows (#488)
• Added --version flag (#502)
• Improved @FuzzTest docs and increased default duration (#509)
• Improved jar stripping to fix various packaging issues (#515)

Full Changelog: v0.12.0...v0.13.0

v0.12.0

What's Changed

• Breaking change: Autofuzz API methods (consume and autofuzz) have moved from the
  Jazzer class to the dedicated Autofuzz class
• Major feature: Added JUnit 5 integration for fuzzing and regression tests using the
  @FuzzTest annotation (available as com.code-intelligence:jazzer-junit)
• Feature: Added sanitizer for SQL injections
• Feature: Hooks can be selectively disabled by specifying their full class name using the new
  --disabled_hooks flag
• Fix: Remove memory leaks in native code
• Fix: Don't instrument internal Azul JDK classes
• Fix: Classes with local variable annotations are now instrumented without errors

This release also includes smaller improvements and bugfixes, as well as a major refactoring and
Java rewrite of native components.

New Contributors

• @vargen made their first contribution in #416
• @henryrneh made their first contribution in #439

Full Changelog: v0.11.0...v0.12.0

v0.11.0

• Feature: Add sanitizer for context lookups
• Feature: Add sanitizer for OS command injection
• Feature: Add sanitizer for regex injection
• Feature: Add sanitizer for LDAP injections
• Feature: Add sanitizer for arbitrary class loading
• Feature: Guide fuzzer to generate proper map lookups keys
• Feature: Generate standalone Java reproducers for autofuzz
• Feature: Hooks targeting interfaces and abstract classes hook all implementations
• Feature: Enable multiple BEFORE and AFTER hooks for the same target
• Feature: Greatly improve performance of coverage instrumentation
• Feature: Improve performance of interactions between Jazzer and libFuzzer
• Feature: Export JaCoCo coverage dump using --coverage_dump flag
• Feature: Honor JAVA_OPTS
• API: Add exploreState to help the fuzzer maximize state coverage
• API: Provide additionalClassesToHook field in MethodHook annotation to hook dependent classes
• Fix: Synchronize coverage ID generation
• Fix: Support REPLACE hooks for constructors
• Fix: Do not apply REPLACE hooks in Java 6 class files

This release also includes smaller improvements and bugfixes.

v0.10.0

• Added support for macOS and Windows (both x64)
• Added an --autofuzz flag that allows fuzzing a method without writing a fuzz target
• Added bug detectors for insecure reflective calls, deserialization, and validation expression language injection
• Improved compilation time and fuzzing performance

v0.9.1

• Breaking change: The static fuzzerTestOneInput method in a fuzz target now has to return void instead of boolean. Fuzz targets that previously returned true should now throw an exception or use assert.
• Fixed: jazzer wrapper can find jazzer_driver even if not in the working directory
• Fixed: Switch instrumentation no longer causes an out-of-bounds read in the driver
• Feature: assert can be used in fuzz targets
• Feature: Coverage is now collision-free and more fine-grained (based on JaCoCo)
• API: Added pickValue(Collection c) and consumeChar(char min, char max) to FuzzedDataProvider
• API: Added FuzzerSecurityIssue* exceptions to allow specifiying the severity of findings