1*33edd672SMark# Changelog 2*33edd672SMark 3*33edd672SMark**Note:** Before version 1.0.0, every release may contain breaking changes. 4*33edd672SMark 5*33edd672SMark## Version 0.12.0 6*33edd672SMark 7*33edd672SMark* **Breaking change**: Autofuzz API methods (`consume` and `autofuzz`) have moved from the 8*33edd672SMark `Jazzer` class to the dedicated `Autofuzz` class 9*33edd672SMark* **Major feature**: Added JUnit 5 integration for fuzzing and regression tests using the 10*33edd672SMark `@FuzzTest` annotation (available as `com.code-intelligence:jazzer-junit`) 11*33edd672SMark* Feature: Added sanitizer for SQL injections 12*33edd672SMark* Feature: Hooks can be selectively disabled by specifying their full class name using the new 13*33edd672SMark `--disabled_hooks` flag 14*33edd672SMark* Fix: Remove memory leaks in native code 15*33edd672SMark* Fix: Don't instrument internal Azul JDK classes 16*33edd672SMark* Fix: Classes with local variable annotations are now instrumented without errors 17*33edd672SMark 18*33edd672SMarkThis release also includes smaller improvements and bugfixes, as well as a major refactoring and 19*33edd672SMarkJava rewrite of native components. 20*33edd672SMark 21*33edd672SMark## Version 0.11.0 22*33edd672SMark 23*33edd672SMark* Feature: Add sanitizer for context lookups 24*33edd672SMark* Feature: Add sanitizer for OS command injection 25*33edd672SMark* Feature: Add sanitizer for regex injection 26*33edd672SMark* Feature: Add sanitizer for LDAP injections 27*33edd672SMark* Feature: Add sanitizer for arbitrary class loading 28*33edd672SMark* Feature: Guide fuzzer to generate proper map lookups keys 29*33edd672SMark* Feature: Generate standalone Java reproducers for autofuzz 30*33edd672SMark* Feature: Hooks targeting interfaces and abstract classes hook all implementations 31*33edd672SMark* Feature: Enable multiple BEFORE and AFTER hooks for the same target 32*33edd672SMark* Feature: Greatly improve performance of coverage instrumentation 33*33edd672SMark* Feature: Improve performance of interactions between Jazzer and libFuzzer 34*33edd672SMark* Feature: Export JaCoCo coverage dump using `--coverage_dump` flag 35*33edd672SMark* Feature: Honor `JAVA_OPTS` 36*33edd672SMark* API: Add `exploreState` to help the fuzzer maximize state coverage 37*33edd672SMark* API: Provide `additionalClassesToHook` field in `MethodHook` annotation to hook dependent classes 38*33edd672SMark* Fix: Synchronize coverage ID generation 39*33edd672SMark* Fix: Support REPLACE hooks for constructors 40*33edd672SMark* Fix: Do not apply REPLACE hooks in Java 6 class files 41*33edd672SMark 42*33edd672SMarkThis release also includes smaller improvements and bugfixes. 43*33edd672SMark 44*33edd672SMark## Version 0.10.0 45*33edd672SMark 46*33edd672SMark* **Breaking change**: Use OS-specific classpath separator to split jvm_args 47*33edd672SMark* Feature: Add support to "autofuzz" targets without the need to manually write fuzz targets 48*33edd672SMark* Feature: Add macOS and Windows support 49*33edd672SMark* Feature: Add option to generate coverage report 50*33edd672SMark* Feature: Support multiple hook annotations per hook method 51*33edd672SMark* Feature: Support hooking internal classes 52*33edd672SMark* Feature: Add sanitizer for insecure deserialization 53*33edd672SMark* Feature: Add sanitizer for arbitrary reflective calls 54*33edd672SMark* Feature: Add sanitizer for expression language injection 55*33edd672SMark* Feature: Provide Jazzer and Jazzer Autofuzz docker images 56*33edd672SMark* Feature: Add a stand-alone replayer to reproduce findings 57*33edd672SMark* API: Add `reportFindingFromHook(Throwable finding)` to report findings from hooks 58*33edd672SMark* API: Add `guideTowardsEquality(String current, String target, int id)` and `guideTowardsContainment(String haystack, String needle, int id)` to guide the fuzzer to generate more useful inputs 59*33edd672SMark* API: Add `consume(FuzzedDataProvider data, Class<T> type)` to create an object instance of the given type from the fuzzer input 60*33edd672SMark* API: Add multiple `autofuzz()` methods to invoke given functions with arguments automatically created from the fuzzer input 61*33edd672SMark* Fixed: Prevent dependency version conflicts in fuzzed application by shading internal dependencies 62*33edd672SMark* Fixed: Make initialized `this` object available to `<init>` AFTER hooks 63*33edd672SMark* Fixed: Allow instrumented classes loaded by custom class loaders to find Jazzer internals 64*33edd672SMark 65*33edd672SMarkThis release also includes smaller improvements and bugfixes. 66*33edd672SMark 67*33edd672SMark## Version 0.9.1 68*33edd672SMark 69*33edd672SMark* **Breaking change**: The static `fuzzerTestOneInput` method in a fuzz target now has to return `void` instead of `boolean`. Fuzz targets that previously returned `true` should now throw an exception or use `assert`. 70*33edd672SMark* Fixed: `jazzer` wrapper can find `jazzer_driver` even if not in the working directory 71*33edd672SMark* Fixed: Switch instrumentation no longer causes an out-of-bounds read in the driver 72*33edd672SMark* Feature: `assert` can be used in fuzz targets 73*33edd672SMark* Feature: Coverage is now collision-free and more fine-grained (based on [JaCoCo](https://www.eclemma.org/jacoco/)) 74*33edd672SMark* API: Added `pickValue(Collection c)` and `consumeChar(char min, char max)` to `FuzzedDataProvider` 75*33edd672SMark* API: Added `FuzzerSecurityIssue*` exceptions to allow specifying the severity of findings 76*33edd672SMark 77*33edd672SMark## Version 0.9.0 78*33edd672SMark 79*33edd672SMark* Initial release 80