Coverage-guided, in-process fuzzing for the JVM
readObject
calls (https://github.com/CodeIntelligenceTesting/jazzer/pull/684).jar
when executed from PATH
(https://github.com/CodeIntelligenceTesting/jazzer/pull/676)Full Changelog: https://github.com/CodeIntelligenceTesting/jazzer/compare/v0.16.0...v0.16.1
jaz.Zer
is initialized but not instantiated. This could result in findings that are now considered false positives for lack of exploitability no longer reproducing. (https://github.com/CodeIntelligenceTesting/jazzer/pull/574)org.junit.platform:junit-platform-launcher
(https://github.com/CodeIntelligenceTesting/jazzer/pull/654)Full Changelog: https://github.com/CodeIntelligenceTesting/jazzer/compare/v0.15.0...v0.16.0
assert
statements are no longer automatically enabled in @FuzzTest
s executed via JUnit as it is not possible to do so reliably. If you want your @FuzzTest
s to execute these statements, use the -ea
JVM flag.@FuzzTest
s now use the JUnit-provided test instance, which improves support for mocks (https://github.com/CodeIntelligenceTesting/jazzer/pull/604)@FuzzTest
s executed using the Jazzer CLI now use the JUnit
launcher API and thus support all JUnit lifecycle hooks (https://github.com/CodeIntelligenceTesting/jazzer/pull/612)@FuzzTest
is now created automatically if a test resource directory exists (https://github.com/CodeIntelligenceTesting/jazzer/pull/585)Full Changelog: https://github.com/CodeIntelligenceTesting/jazzer/compare/v0.14.0...v0.15.0
@FuzzTest
s is now implemented within JUnit Jupiter and thus supports lifecycle hooks (https://github.com/CodeIntelligenceTesting/jazzer/pull/556)@FuzzTest
on Windows (https://github.com/CodeIntelligenceTesting/jazzer/pull/578)@FuzzTest
s no longer interfere with regular unit tests in certain edge cases (https://github.com/CodeIntelligenceTesting/jazzer/pull/575)CONTRIBUTING.md
and restructured docs (https://github.com/CodeIntelligenceTesting/jazzer/pull/549, https://github.com/CodeIntelligenceTesting/jazzer/pull/553, https://github.com/CodeIntelligenceTesting/jazzer/pull/551, https://github.com/CodeIntelligenceTesting/jazzer/pull/550, https://github.com/CodeIntelligenceTesting/jazzer/pull/560)Full Changelog: https://github.com/CodeIntelligenceTesting/jazzer/compare/v0.13.3...v0.14.0
Full Changelog: https://github.com/CodeIntelligenceTesting/jazzer/compare/v0.13.2...v0.13.3
jazzer_standalone.jar
executable without the launcher (https://github.com/CodeIntelligenceTesting/jazzer/pull/537)"jazzer"
(https://github.com/CodeIntelligenceTesting/jazzer/pull/540)Full Changelog: https://github.com/CodeIntelligenceTesting/jazzer/compare/v0.13.1...v0.13.2
Full Changelog: https://github.com/CodeIntelligenceTesting/jazzer/compare/v0.13.0...v0.13.1
@FuzzTest
now runs on inputs in a ClassNameInputs
rather than a ClassNameSeedCorpus
directory.seedCorpus
attribute from @FuzzTest
. Following the ClassNameInputs
convention allows for better integration with the fuzzer.--autofuzz
no longer enables --keep_going
by default, but instead prints suggestions on how to skip uninteresting findings.@FuzzTest
s can now take any parameters and will use Autofuzz if not using the standard byte[]
or FuzzedDataProvider
signatures (https://github.com/CodeIntelligenceTesting/jazzer/pull/476)DEDUP_TOKEN
and --ignore
behavior (https://github.com/CodeIntelligenceTesting/jazzer/pull/472)jazzer-junit
(https://github.com/CodeIntelligenceTesting/jazzer/pull/477)--version
flag (https://github.com/CodeIntelligenceTesting/jazzer/pull/502)@FuzzTest
docs and increased default duration (https://github.com/CodeIntelligenceTesting/jazzer/pull/509)Full Changelog: https://github.com/CodeIntelligenceTesting/jazzer/compare/v0.12.0...v0.13.0
consume
and autofuzz
) have moved from the
Jazzer
class to the dedicated Autofuzz
class@FuzzTest
annotation (available as com.code-intelligence:jazzer-junit
)--disabled_hooks
flagThis release also includes smaller improvements and bugfixes, as well as a major refactoring and Java rewrite of native components.
Full Changelog: https://github.com/CodeIntelligenceTesting/jazzer/compare/v0.11.0...v0.12.0
--coverage_dump
flagJAVA_OPTS
exploreState
to help the fuzzer maximize state coverageadditionalClassesToHook
field in MethodHook
annotation to hook dependent classesThis release also includes smaller improvements and bugfixes.