5.4.0

Added

• Agent: Added the OneFuzz version and tool name to the Crash Report. #1635
• Agent: Added a check for missing libraries when running the LibFuzzer -help check. #1812
• Service: Added new functionality to the service port from Python to C#. #1794, #1813, #1814, #1818, #1820, #1821, #1830, #1832, #1833, #1835, #1836, #1838, #1839, #1841, #1845, #1846, #1847, #1848, #1851, #1852, #1853, #1854, #1855, #1860, #1861, #1863, #1870, #1875, #1876, #1878, #1879, #1880, #1884, #1885, #1886, #1887, #1888, #1895, #1897, #1898, #1899, #1903, #1904, #1905, #1907, #1909, #1910, #1912
• Service: Restrict node operations to administrators. #1779

Changed

• CLI/Service: Updated multiple first-party and third-party Python dependencies. #1784
• Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #1619, #1644, #1645, #1646, #1655, #1700, #1849, #1882
• Agent: Separate llvm-symbolizer setup from sanitizer environment variable initialization. #1778
• Agent: Set the TSan options based on the external symbolizer. #1787
• CLI: Added the ONEFUZZ_CLIENT_SECRET environment variable and removed the client_secret field from the configuration file. This prevents accidental misuse via persisting the secret to disk outside of confidential client environments. If you have set a client secret in your configuration file in a public client, we recommending removing and revoking it. CI scripts that currently set the client secret in the config must instead pass it via the ONEFUZZ_CLIENT_SECRET environment variable or on each CLI invocation via the --client_secret argument. #1918
• CLI: Use a SAS URL to download log files. #1920

Fixed

• Agent: Only watch directories for change events. #1859
• Agent: Switch to a smart constructor to minimize misuse. #1865
• Service: Fixed an issue where jobs that do not have logs configured failed to get scheduled. #1893

5.3.0

Deployment Note

This release includes an Azure App Function identity provider authentication update from v1 to v2. This upgrade can not be done via overwrite, and therefore, instance owners must manually delete the existing function app before upgrading from 5.2.0 to 5.3.0.

Added

• Agent: Add a compiler flag to generate debug info for the windows-libfuzzer load library test target. #1684
• Agent: Add a Rust crate to debug missing dynamic library errors on Windows. #1713
• Agent: Add support for detecting missing dynamic libraries on Linux. #1718
• Service: Connect the auto scaling diagnostics to the log analytics workspace. #1708
• Service: Handle the situation where a VM scale set instance is destroyed before we have removed scale-in protection. #1719
• Service: Add additional support for auto scaling including changes to the CLI. New scale sets will automatically be created with auto scaling enabled. #1717, #1763
• Agent/Service/CLI: Add support for generating log files that can be downloaded using the CLI. #1727, #1723, #1721
• Service: Port ARM templates to Bicep. #1724, #1732
• Service: Initial changes to port the service from Python to C#. #1734, #1733, #1736, #1737, #1738, #1742, #1744, #1749, #1750, #1753, #1755, #1760, #1761, #1762, #1765, #1757, #1780, #1782, #1783, #1777, #1791, #1801, #1805, #1804, #1803
• Service: Make sure the scale set nodes are unable to accept work while in the setup state. #1731

Changed

• Agent: Reduce the logging level down from warn to debug when we are unable to parse an ASan log. #1705
• Service: Move the creation of the event grid topic to the deployment template from the deploy.py script. #1591
• Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #1548, #1617, #1618
• Service: Consolidate the two log analytics down to one. #1679
• Service: Updated resource name in Bicep file to prevent name clash when deploying 5.3.0. #1808

Fixed

• Service: Auto scale setting log statement is not an error changed it to info. #1745
• Agent: Fixed Cobertera output so that coverage summary renders in Azure Devops correctly. #1728
• Agent: Continue after non-fatal errors during static recovery of SanCov coverage sites. #1796
• Service: Fixed name generation for a few resources in the Bicep file to increase uniqueness which prevents resource name clash. #1800

5.2.0

Added

• Service: Added additional auto-scaling support for VM scale sets. #1686, #1698

Changed

• Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #1699, #1589

5.1.0

Added

• Service: Added a new webhook message format compatible with Azure Event Grid. #1640
• Service: Added initial auto scaling support for VM scale sets. #1647, #1661
• Agent: Add an explicit timeout to setup scripts so hangs are easier to debug. #1659

Changed

• CLI/Service: Updated multiple first-party and third-party Python dependencies. #1606, #1634
• Agent: Check system-wide memory usage and fail tasks that are nearly out of memory. #1657

Fixed

• Service: Fix task field to the correct NodeTasks type so serialization works correctly. #1627
• Agent: Convert escaped characters when accessing the name of a blob in a URL. #1673
• Agent: Override runs parameter when testing inputs as we only want to test them once. #1651
• Service: Remove deprecated warn() method. #1641

5.0.0

BREAKING CHANGES

• Removal of the process_stats telemetry event.

Added

• CLI/Service: Added fuzzer_target_options argument to the libfuzzer templates to allow passing some target options only in persistent fuzzing mode #1610

Changed

• Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #1530
• CLI/Service: Updated multiple first-party and third-party Python dependencies. #1576 #1577 #1579 #1582 #1586 #1599
• CLI/Service: Begin update of scale set instances before reimaging to ensure they match the latest scale set model. #1612

Fixed

• Agent: Removed the process_stats telemetry event, which fixes a class of memory leaks on Windows libfuzzer_fuzz tasks. #1608
• CLI/Service: Fixed seven day stale node reimaging check. #1616

4.1.0

Added

• Agent: Added source line coverage data #1518 #1534 #1538 #1535 #1572
• Agent: Added Cobertura XML output for source code visualization #1533
• Service: Added auto configuration properties to the monitoring agents #1541
• Service: Added tags to scalesets and VMs #1560

Changed

• Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #1489 #1495 #1496 #1501 #1502 #1507 #1510 #1513 #1514 #1517 #1519 #1521 #1522 #1528 #1557 #1566
• Agent: Changed the function that gets the machine_id to be async to avoid runtime nesting #1468
• Service: Removed generic reset command from the CLI #1511
• Service: Updated the way we check for endpoint authorization #1472

Fixed

• Service: Increase reliability of integration tests. #1505
• Agent: Avoid leaking unused file and cache data #1539
• Agent: Fixed new clippy errors #1516

4.0.0

Added

• Agent: Added common source coverage format. #1403
• Service: Added class to store and retrieve rules associated with an API endpoint. This supports the ability to control who has access to an API. #1420
• Service: Support for NSG creation during deployment, allowing restricted access to the scaleset and repro VMs. #1331, #1340, #1358, #1385, #1393, #1395, #1400, #1404, #1406, #1410
• Service: Guest account access is disabled by default when creating the default service principal during deployment. #1425
• Service: Group membership check added. #1074
• Service: Exposed the target_timeout parameter in the radamsa basic template. #1499

Changed

• Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #1360, #1364, #1367, #1368, #1369, #1382, #1429, #1455, #1456, #1414, #1416, #1417, #1423, #1438, #1446, #1458, #1463, #1470, #1453, #1492, #1493, #1480, #1488, #1490

Fixed

• Service: Fixed Azure DevOps work item creation by adding missing client initialization. #1370
• Service: Fixed validation of the target_exe blob name, enabling nesting in a subdirectory of the setup container. #1371
• Service: Migrated to MS Graph, as azure-graphrbac is soon to be deprecated. #966
• Service: Stopped ignoring unexpected errors when authenticating the client secret. #1376
• Service: Fixed regex to correctly capture the object ID when trying to remove an invalid application ID. #1408
• Service: Added check for service principal use during user role assignment. #1479
• Service: Added support for Compute Gallery images. #1450

Changed

• Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #1301, #1302, #1310, #1312, #1332, #1335, #1336, #1337, #1341, #1342, #1343, #1344, #1353
• CLI/Service: Updated multiple first-party and third-party Python dependencies. #1346, #1348, #1355, #1356

Fixed

• Service: Fixed authentication when using a client secret. #1300
• Deployment: Fixed an issue where the wrong AppRole was assigned when creating new CLI registrations. #1308
• Deployment: Suppress a dependency's noisy logging of handled errors when deploying. #1304

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

3.1.0

Added

• Service: Added ability to configure virtual network IP ranges. #1268
• Deployment: Added flake8 to the deployment process to align with rest of the Python codebase linting. #1286
• Service: Added custom extensions to enable Microsoft Security Monitoring extensions. #1184
• CLI: Added --readonly_inputs option to the libfuzzer basic template. #1247

Changed

• CLI: Increased the default verbosity of destructive CLI commands. #1264
• Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #1239, #1240, #1236, #1238, #1245, #1246, #1252, #1253, #1254, #1257, #1261, #1262, #1276, #1278

Fixed

• Deployment: Fixed deployment in some regions by specifying widely-supported versions of Application Insights resources. #1291
• Deployment: Fixed an issue with multi-tenant deployment caused by a mismatch between the identifier used to configure the app registration and value used to authenticate the CLI client. #1270
• Service: Fixed scaleset proxy reset to reset all proxies in specified region. #1275
• CLI: Temporarily ignore type errors from azure-storage-blob due to invalid Python type signatures. #1258

Changed

• CLI/Deployment/Service: Move to using api:// for AAD Application "identifier URIs". #1243
• Agent/Supervisor/Proxy: Redact device, IP, and machine name in runtime statistics reported to Microsoft via Application Insights. #1242
• Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #1232, #1230, #1228, #1229, #1231, #1242.