v0.26.0

What's Changed

• feat: add linux arm64 support by @simonresch in #973
• feat: add Finite annotation by @onionpsy in #969
• feat: add additional number annotations by @florianGla in #959
• feat: dedicated options for fuzzing duration & executions by @simonresch in #956
• fix: update regex for detecting intellij coverage agent by @florianGla in #961
• fix index out of bounds when mutating empty constructor arguments by @simonresch in #962
• fix: correct multiple method descriptors in builtin hooks by @simonresch in #967
• fix: support maxSize > 1000 in map mutator by @simonresch in #986
• fix: don't apply Bean factories for proto enums by @simonresch in #963
• fix: correct descriptors for String.split methods by @simonresch in #966
• docs: restructure and improve the docs by @oetr in #958
• docs: fix wrong Java class name in mutation framework docs by @Marcono1234 in #972
• docs: fix wrong corpus dir in README by @Marcono1234 in #970
• docs: document mutation annotation AppliesTo in Javadoc by @Marcono1234 in #974
• docs: add Javadoc to mutation annotations by @Marcono1234 in #976
• docs: add link to Bazel+JUnit example; improve description by @oetr in #965
• chore: fuzz them all by @oetr in #954
• chore: update protobuf to version 32.1 by @simonresch in #985
• chore(deps): update test maven deps by @renovate[bot] in #979
• chore: write list fuzz tests command output to stdout by @florianGla in #982
• chore: fix pom.xml for junit example project by @simonresch in #960

New Contributors

• @onionpsy made their first contribution in #969

Full Changelog: v0.25.1...v0.26.0

v0.25.1

What's Changed

• chore: publish using Portal OSSRH Staging API by @oetr in #948
• docs: showcase the mutation framework in the readme by @oetr in #947
• fix(mutation): ensure maxSize >= size when using libfuzzer by @oetr in #952
• findings: add entry for aircompressor by @Marcono1234 in #953
• Update ASM dependencies to version 9.8 by @apache-hb in #950

New Contributors

• @apache-hb made their first contribution in #950

Full Changelog: v0.25.0...v0.25.1

v0.25.0

What's Changed

• feat: add Unsafe array access sanitizer by @Marcono1234 in #932
• feat: add a path traversal sanitizer by @tballison in #915
• feat: add path traversal configuration using BugDetectors API by @oetr in #943
• breaking fix: make sure ConsumeIntegralInRange is always in range [min; max] by @oetr in #945. This change might invalidate some existing crash and corpus files.
• fix: clear last finding before starting a fuzzing run by @oetr in #944
• docs: fix incorrect annotation names by @Marcono1234 in #937
• docs: improve documentation by @Marcono1234 in #929
• chore: update pom.xml examples with correct version by @marklemay in #927
• chore: remove outdated CI workflow badge from README by @Marcono1234 in #946

New Contributors

• @tballison made their first contribution in #915
• @Marcono1234 made their first contribution in #929
• @marklemay made their first contribution in #927

Full Changelog: v0.24.0...v0.25.0

v0.24.0

What's Changed

• chore(deps): bump com.google.protobuf:protobuf-java from 3.25.2 to 3.25.5 in /selffuzz by @dependabot in #910
• readme: remove obsolete note regarding the old license by @kyakdan in #923
• mutation: Add support for sealed classes by @fmeum in #922
• Fix Maven releases by @fmeum in #921
• Update rules_jvm_external to fix POM by @fmeum in #924

New Contributors

• @dependabot made their first contribution in #910

Full Changelog: v0.23.0...v0.24.0

v0.23.0

What's Changed

• tests: Restore live output of java_fuzz_target_test by @fmeum in #875
• driver: Fix startup crash when fuzzing native libraries by @fmeum in #883
• Remove cifuzz references by @bertschneider in #892
• build: update toolchains_llvm dependency by @bertschneider in #897
• docs: update readme to inform about commercial offering by @jochil in #898
• doc: Add updated links to README by @HenrichN in #900
• Jazzer Pro by @kyakdan in #906
• Adjust license to clarify the usage within OSS-Fuzz by @serj in #909
• Change license back to Apache2 by @serj in #913
• Update macOS to 14 in the CI by @kyakdan in #914
• ci: Update softprops/action-gh-release to v2.2.0 in prerelease workflow by @zgtm in #916
• Fix prerelease pipeline by @zgtm in #917
• Fix maven deployment by @zgtm in #918

New Contributors

• @jochil made their first contribution in #898
• @HenrichN made their first contribution in #900
• @serj made their first contribution in #909

Full Changelog: v0.22.1...v0.23.0

v0.22.1

What's Changed

• Feature: junit: The API of @DirectoryEntries and @DictionaryFile has changed compared to v0.22.0.

Full Changelog: v0.22.0...v0.22.1

v0.22.0

What's Changed

• Breaking change: junit: The Lifecycle.PER_EXECUTION mode of @FuzzTest now provides a new test instance for each fuzz test, with support for TestInstancePostProcessor's (#867)
• Experimental feature (subject to change in a future version): junit: Dictionaries can be added to fuzz tests via @DirectoryEntries and @DictionaryFile (#862)
• Bugfix: Hooks can now also instrument classes on the extension classpath (#869)

Full Changelog: v0.21.1...v0.22.0

v0.21.1

What's Changed

No functional changes to the Maven artifacts.

• Bugfix: jazzer_standalone.jar in the release archives can be executed with java -jar (#858)

See v0.21.0 for the full release notes.

Full Changelog: v0.21.0...v0.21.1

v0.21.0

What's Changed

• Breaking change: Bugfixes for edge cases in FuzzedDataProvider can result in altered behavior when reproducing old findings (ed7e7b2)
• Feature: junit: The new lifecycle parameter of @FuzzTest can be set to PER_EXECUTION to run "before each" and "after each" lifecycle methods and extension callbacks for each individual execution of a fuzz test rather than just once per test (#833, #851)
• Feature: junit: @FuzzTest can now be applied to other annotations as a meta-annotation, allowing for the creation of custom reusable fuzz test annotations (#849)
• Feature: Improved Map instrumentation (#845)
• Bugfix: junit: Only create .cifuzz-corpus if it is the generated corpus (#855)

Full Changelog: v0.20.1...v0.21.0

v0.20.1

What's Changed

• Bugfix: Fixed a release process issue that corrupted the jazzer Maven artifact (#838)

See v0.20.0 for the full release notes.

Full Changelog: v0.20.0...v0.20.1