Fuzzingbook Release Notes¶
This book and its code use numbered versioning. The version numbers correspond to the version numbers in the Python pip package.
Current Version (in progress)¶
This is the version we are preparing for the next release (e.g. what you get when you check out the latest version from the GitHub repo). Major changes will show up here as we make them.
Version 1.2.2 (released 2024-11-10)¶
- Adapted the code to work with Python 3.13:
- Work around an error in the
showast
module - Extended the chapter on Compiler Testing to work with Python 3.13 and later
- Added automatic Python 3.13 tests into our workflow
- Work around an error in the
- Fix: Outputting code coverage using the
Coverage
class would prefix covered code with#
, rather than uncovered code as should be. This has been fixed. - Lots of additional typos fixed, thanks to Sergey Bronnikov.
Version 1.2.1 (released 2023-11-13)¶
- Importing book classes from third-party code would accidentally set a fixed random seed, making all further random decisions deterministic (i.e. produce the same result every time). This is now fixed.
- Minor updates to Python package requirements.
Version 1.2 (released 2023-10-23)¶
- For announcements, we now use Mastodon (@TheFuzzingBook@mastodon.social) instead of X. Follow us on Mastodon!
- We have a new chapter on Fuzzing with Constraints in which we introduce the ISLa constraint language / fuzzer / parser.
- We have a new chapter on Compiler Testing in which we use grammars to generate, parse, and evolve Python code.
We now regularly test our code on various Python versions.
- Python 3.12: all chapters work, except for Symbolic Fuzzing.
- Python 3.11: all chapters work.
- Python 3.10: all chapters work.
- Python 3.9: all chapters work, except for the two new chapters listed above. (ISLa needs 3.10 or later.)
For development, we recommend Python 3.10 or 3.11.
- We fixed several typos throughout the book, using the awesome LTeX grammar/spell checker
ProbabilisticGrammarMiner
now properly handles empty expansions (Issue #154) - thanks to Martin Eberlein!- The chapter on Fuzzing now has a more detailed computation of the probability of deleting your home directory. Thanks to mhamami-abuomar!
- We no longer support
fuzzingbook
DockerHub images.
Version 1.1 (released 2022-05-18)¶
Changes since 1.0:
- The book has lots of new material (videos, quizzes).
- The code now has static type annotations (and is type checked).
- Requirements and install procedures have been reworked.
- Apart from code fixes, code semantics stays unchanged.
Changes and fixes since 1.0.7:
- All videos are re-cut – thanks to Aman Roy!
Fuzzer.runs()
now returns a list comprehension instead of a list (Issue #106)- Code using
selenium
has been updated to the latest version. - Fixed a problem in
FasterGrammarFuzzer
(Issue #130) - thanks to CuriousGeorgiy!
Version 1.0.7 (released 2022-01-25)¶
- The
WebFuzzer
constructor now allows using a subclass ofHTMLGrammarMiner
. - The
GUIFuzzer
constructor now allows using a subclass ofGUIGrammarMiner
. - Class diagrams are now simplified, as we skip non-public methods defined in other chapters.
Version 1.0.6 (released 2022-01-18)¶
- Fixed a major performance bug in grammar fuzzing (Issue #117)
- We now work with recent versions of
z3-solver
(Issue #115) - In the chapter on configuration fuzzing, the
OptionGrammarMiner
will now capture args from external Python scripts that are protected byif __name__ == '__main__'
- Various minor fixes and documentation improvements
Version 1.0.5 (released 2022-01-10)¶
- This release increases compatibility with various Z3 versions for concolic fuzzing.
- In the chapter on symbolic fuzzing, the
AdvancedSymbolicFuzzer
is now namedSymbolicFuzzer
plain and simple. (AdvancedSymbolicFuzzer
still works as an alias).
Version 1.0.4 (released 2022-01-04)¶
Happy new year!
- This release fixes some bugs in the chapter on concolic fuzzing, notably in the
ConcolicTracer.zeval()
method.
Version 1.0.3 (released 2021-12-14)¶
- On Unix, the
ExpectTimeout
class is now much more performant - The chapter on greybox fuzzing with grammars should now run on Windows, too
Version 1.0.2 (released 2021-12-08)¶
- Minor fixes in the
AFLGoSchedule
andAFLFastSchedule
classes in the chapter on greybox fuzzing. - Minor fixes across the board.
Version 1.0.1 (released 2021-11-23)¶
- The code now passes
mypy
static type checks. - The
Coverage
class now supportsfunction_names()
and__repr__()
methods. Its__exit__()
method is no longer included in coverage. - Minor fixes across the board.
Version 1.0 (released 2021-11-04)¶
- We now support (but also require) Python 3.9 or later. Earlier versions still required Python 3.6 due to some outdated modules such as
astor
andenforce
we depended upon (and now don't anymore). - We added missing dependencies to the
fuzzingbook
pip package (Issue #44 indebuggingbook
) such thatpip install fuzzingbook
also installs all the packages it depends upon. Thanks to @TheSilvus for reporting this! - We fixed a warning '.gitignore is a symbolic link' during git checkout (Issue #43) Thanks to @rjc for reporting this!
- We identified some chapters that were using
numpy.random
rather than Pythonrandom
, resulting in, well, random results every time we'd build the book. This is now fixed, and more consistent. - Under the hood, we have adopted several more improvements from our sister project "The Debugging Book". Notably, the build process is much streamlined, and we run continuous integration tests to ensure quality of changes and pull requests.
Version 0.9.5 (released 2021-06-08)¶
- Lots of minor fixes in HTML generation, adopting new tools and tests from "The Debugging Book".
- Code functionality should be unchanged.
- The
bookutils
module is now shared with thedebuggingbook
project; some (hopefully neutral) fixes. - Several typos and other minor fixes throughout the book.
Version 0.9.0¶
- In the Web version, some not-so-critical details (typically, long implementations and logs) are only shown on demand. This is still work in progress.
- The
fuzzingbook_utils
module used by notebooks is now renamed tobookutils
. Code and notebooks usingfuzzingbook_utils
may still work, but will issue a deprecation warning. - Several minor fixes to functionality in Parsing and Recombining Inputs, Concolic Fuzzing, Symbolic Fuzzing
- Better style when printing from browser (colored text, smaller fonts)
- Avoid tracking in YouTube videos
- Several typos and other minor fixes throughout the book
Version 0.8.0 (released 2019-05-21)¶
First numbered fuzzingbook release.
- Includes Python pip package.
- Includes Synopsis sections at the beginning of each chapter, highlighting their usage in own code.
- Describes Tours through the Book.
Chapter Releases¶
Before switching to numbered releases, new chapters were coming out every Tuesday.
- Introduction to Software Testing – 2018-10-30
- Fuzzing: Breaking Things with Random Inputs – 2018-10-30
- Getting Coverage – 2018-11-06
- Mutation-Based Fuzzing – 2018-11-06
- Fuzzing with Grammars – 2018-11-13
- Efficient Grammar Fuzzing – 2018-11-20
- Grammar Coverage – 2018-11-27
- Testing Configurations – 2018-12-04
- Parsing and Recombining Inputs – 2018-12-11
- Probabilistic Grammar Fuzzing – 2018-12-18
- Fuzzing with Generators – 2019-01-08
- Fuzzing APIs – 2019-01-15
- Carving Unit Tests – 2019-01-22
- Reducing Failure-Inducing Inputs – 2019-01-29
- Web Testing – 2019-02-05
- GUI Testing – 2019-02-12
- Mining Input Grammars – 2019-02-19
- Tracking Information Flow – 2019-03-05
- Concolic Fuzzing – 2019-03-12
- Symbolic Fuzzing – 2019-03-19
- Mining Function Specifications – 2019-03-26
- Search-Based Fuzzing – 2019-04-02
- Evaluating Test Effectiveness with Mutation Analysis – 2019-04-09
- Greybox Fuzzing – 2019-04-16
- Greybox Fuzzing with Grammars – 2019-04-30
- Fuzzing in the Large – 2019-05-07
- When to Stop Fuzzing – 2019-05-14
- Tours through the Book - 2019-05-21
After all chapters were out, we switched to a release-based schedule, with numbered minor and major releases coming out when they are ready.
The content of this project is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. The source code that is part of the content, as well as the source code used to format and display that content is licensed under the MIT License. Last change: 2024-11-10 13:15:40+01:00 • Cite • Imprint