v0.22.0

What's Changed

• Breaking change: junit: The Lifecycle.PER_EXECUTION mode of @FuzzTest now provides a new test instance for each fuzz test, with support for TestInstancePostProcessor's (#867)
• Experimental feature (subject to change in a future version): junit: Dictionaries can be added to fuzz tests via @DirectoryEntries and @DictionaryFile (#862)
• Bugfix: Hooks can now also instrument classes on the extension classpath (#869)

Full Changelog: v0.21.1...v0.22.0

v0.21.1

What's Changed

No functional changes to the Maven artifacts.

• Bugfix: jazzer_standalone.jar in the release archives can be executed with java -jar (#858)

See v0.21.0 for the full release notes.

Full Changelog: v0.21.0...v0.21.1

v0.21.0

What's Changed

• Breaking change: Bugfixes for edge cases in FuzzedDataProvider can result in altered behavior when reproducing old findings (ed7e7b2)
• Feature: junit: The new lifecycle parameter of @FuzzTest can be set to PER_EXECUTION to run "before each" and "after each" lifecycle methods and extension callbacks for each individual execution of a fuzz test rather than just once per test (#833, #851)
• Feature: junit: @FuzzTest can now be applied to other annotations as a meta-annotation, allowing for the creation of custom reusable fuzz test annotations (#849)
• Feature: Improved Map instrumentation (#845)
• Bugfix: junit: Only create .cifuzz-corpus if it is the generated corpus (#855)

Full Changelog: v0.20.1...v0.21.0

v0.20.1

What's Changed

• Bugfix: Fixed a release process issue that corrupted the jazzer Maven artifact (#838)

See v0.20.0 for the full release notes.

Full Changelog: v0.20.0...v0.20.1

v0.20.0

What's Changed

• Breaking change: Boolean-valued JAZZER_* environment variables are parsed more strictly and fail on values that aren't obviously truthy or falsy (#815)
• Feature: Compatibility with JDK 21 (#785 by @cushon, #820)
• Feature: Comparison instrumentation for Clojure standard library functions (#805, #827)
• Feature: junit: @Timeout can now be used to configure per-class and per-test timeouts for individual fuzz test executions (#825)
• Feature: junit: @FuzzTest#maxExecutions can be used to limit the number of executions of a fuzz test during fuzzing
• Feature: junit: Jazzer command-line options can be set via JUnit configuration parameters
• Bugfix: LibFuzzer options that use subprocesses are supported more reliably and in the docker container (#748 by @svenkeidel, #793, #824)
• Bugfix: Instrumented Byte#compare and Short#compare calls no longer throw an exception (#792, reported by @jarnokie)
• Bugfix: junit: Fixed running on individual files from the command line (#819)
• Error messages for JUnit 5 fuzz test setup issues have been improved

New Contributors

• @WillRoque made their first contribution in #782
• @cushon made their first contribution in #785
• @svenkeidel made their first contribution in #784

Full Changelog: v0.19.0...v0.20.0

v0.19.0

What's Changed

• Feature: Rework Opt value handling (#767)
• Feature: Generate temporary seeds with deterministic names (#744)

Full Changelog: v0.18.0...v0.19.0

v0.18.0

What's Changed

• Feature: Add script engine injection sanitizer with real life example by @gdemarcsek (#531)
• Feature: Add equals-hook for Clojure (clojure.lang.Util.equiv) (#765)
• Bugfix: Do not prepare for a subprocess for -fork=0 (#758)
• Bugfix: Honor explicitly stated corpus directory (#761)
• Bugfix: Ignore JetBrains classes during instrumentation (#763)

New Contributors

• @zgtm made their first contribution in #751
• @gdemarcsek made their first contribution in #531

Full Changelog: v0.17.1...v0.18.0

v0.17.1

What's Changed

This release fixes an issue with a corrupted upload to Maven Central.
No changes since v0.17.0 except for the patch version bump.

Full Changelog: v0.17.0...v0.17.1

v0.17.0

What's Changed

• Feature: Added an SSRF detector (#643)
• Feature: junit: Inputs directories are now maintained per test method, not just per test class (#710)
• Feature: junit: A default for jazzer.instrument is set based on the packages containing .class files on the class path (#732)
• Bugfix: Updated instrumentation order to fix coverage reports by @kmnls (#711)
• Bugfix: Windows release binaries have the .exe extension restored (#723)
• Bugfix: Added support for Java 17 in Jazzer docker image (#698)
• Bugfix: autofuzz: Fixed logs for bug detector findings (#699)
• Bugfix: Fixed rare NPEs in sanitizers and runtime (#748)

New Contributors

• @marktefftech made their first contribution in #717
• @hadi88 made their first contribution in #731

Full Changelog: v0.16.1...v0.17.0

v0.16.1

What's Changed

• Bugfix: Reenabled RCE reports for readObject calls (#684)
• Bugfix: Jazzer finds its .jar when executed from PATH (#676)
• Bugfix: JUnit fuzz tests using Autofuzz are executed on the JUnit-provided rather than a new test class instance (#687)

Full Changelog: v0.16.0...v0.16.1