v0.13.0

What's Changed

• Breaking change: A JUnit @FuzzTest now runs on inputs in a ClassNameInputs rather than a ClassNameSeedCorpus directory.
• Breaking change: Removed the seedCorpus attribute from @FuzzTest. Following the ClassNameInputs convention allows for better integration with the fuzzer.
• Breaking change: --autofuzz no longer enables --keep_going by default, but instead prints suggestions on how to skip uninteresting findings.
• Major feature: JUnit @FuzzTests can now take any parameters and will use Autofuzz if not using the standard byte[] or FuzzedDataProvider signatures (#476)
• Major feature: Jazzer is now available as a jar, using the native launcher is no longer required. (#492)
• Major feature: Jazzer now supports native library fuzzing with release builds. See Fuzzing with Native Libraries. (#500)
• junit: Do not leak fuzzer startup into first seed test (#491)
• junit: Fixed Windows failure when running with corpus (#467)
• Fixed Java reproducer not compiling when referencing non-visible superclasses or interfaces (#471)
• Fixed DEDUP_TOKEN and --ignore behavior (#472)
• Fixed JaCoCo coverage measurements (#479)
• Improved fuzz test class not found error message (#481)
• Cleaned up stack traces (#485)
• Added docs and source JAR for jazzer-junit (#477)
• Ignore regex pattern syntax exceptions caused by stack overflows (#488)
• Added --version flag (#502)
• Improved @FuzzTest docs and increased default duration (#509)
• Improved jar stripping to fix various packaging issues (#515)

Full Changelog: v0.12.0...v0.13.0

v0.12.0

What's Changed

• Breaking change: Autofuzz API methods (consume and autofuzz) have moved from the
  Jazzer class to the dedicated Autofuzz class
• Major feature: Added JUnit 5 integration for fuzzing and regression tests using the
  @FuzzTest annotation (available as com.code-intelligence:jazzer-junit)
• Feature: Added sanitizer for SQL injections
• Feature: Hooks can be selectively disabled by specifying their full class name using the new
  --disabled_hooks flag
• Fix: Remove memory leaks in native code
• Fix: Don't instrument internal Azul JDK classes
• Fix: Classes with local variable annotations are now instrumented without errors

This release also includes smaller improvements and bugfixes, as well as a major refactoring and
Java rewrite of native components.

New Contributors

• @vargen made their first contribution in #416
• @henryrneh made their first contribution in #439

Full Changelog: v0.11.0...v0.12.0

v0.11.0

• Feature: Add sanitizer for context lookups
• Feature: Add sanitizer for OS command injection
• Feature: Add sanitizer for regex injection
• Feature: Add sanitizer for LDAP injections
• Feature: Add sanitizer for arbitrary class loading
• Feature: Guide fuzzer to generate proper map lookups keys
• Feature: Generate standalone Java reproducers for autofuzz
• Feature: Hooks targeting interfaces and abstract classes hook all implementations
• Feature: Enable multiple BEFORE and AFTER hooks for the same target
• Feature: Greatly improve performance of coverage instrumentation
• Feature: Improve performance of interactions between Jazzer and libFuzzer
• Feature: Export JaCoCo coverage dump using --coverage_dump flag
• Feature: Honor JAVA_OPTS
• API: Add exploreState to help the fuzzer maximize state coverage
• API: Provide additionalClassesToHook field in MethodHook annotation to hook dependent classes
• Fix: Synchronize coverage ID generation
• Fix: Support REPLACE hooks for constructors
• Fix: Do not apply REPLACE hooks in Java 6 class files

This release also includes smaller improvements and bugfixes.

v0.10.0

• Added support for macOS and Windows (both x64)
• Added an --autofuzz flag that allows fuzzing a method without writing a fuzz target
• Added bug detectors for insecure reflective calls, deserialization, and validation expression language injection
• Improved compilation time and fuzzing performance

v0.9.1

• Breaking change: The static fuzzerTestOneInput method in a fuzz target now has to return void instead of boolean. Fuzz targets that previously returned true should now throw an exception or use assert.
• Fixed: jazzer wrapper can find jazzer_driver even if not in the working directory
• Fixed: Switch instrumentation no longer causes an out-of-bounds read in the driver
• Feature: assert can be used in fuzz targets
• Feature: Coverage is now collision-free and more fine-grained (based on JaCoCo)
• API: Added pickValue(Collection c) and consumeChar(char min, char max) to FuzzedDataProvider
• API: Added FuzzerSecurityIssue* exceptions to allow specifiying the severity of findings

v0.9

This is the initial release of Jazzer.