2.1.0

Added

• Agent: Added job_id and task_id to configuration value expansion. #481
• Agent: Broadened the availability of tools_dir to configuration value expansion. #480
• Agent: Added clarifying context to command errors. #466

Changed

• CLI/Service/Agent: Supervisor can now be fully self-contained fuzzing tasks, no longer requiring target_exe. Additionally, supervisor tasks can now optionally have managed report containers. #474
• Service: Managed nodes that are unused beyond 7 days are automatically reimaged to ensure OS patch levels are maintained. #476
• CLI/Service: Updated the default Windows VM image to MicrosoftWindowsDesktop:Windows-10:20h2-pro:latest. Existing scalesets will not be impacted by this change, only newly created scalesets using the default image. #469

Fixed

• Agent: New inputs discovered by supervisor tasks are now saved to the inputs container. #484
• CLI: The license is now properly set in the python package metadata. #472
• Agent: Failure to download files via HTTP from queues now results in a failure, rather than the HTTP error being interpreted as the requested file. #485
• Deployment: Fixed error when checking if the default CLI application exists. #488

2.0.0

Added

• Agent: Added clarifying context to file system errors. #423
• CLI/Service: Significantly expanded the events available for webhooks. #394
• Agent: Added {setup_dir} to configuration value expansion #417
• Agent: Added {tools_dir} configuration value expansion to {supervisor_options} and {supervisor_env} #444

Changed

• CLI/Service: Migrated onefuzz status top to use Webhook Events. (BREAKING CHANGE) #394
• CLI/Service: New notification secrets, such as ADO tokens, are managed in Azure KeyVault and are no longer accessible to the user once created. (BREAKING CHANGE) #326, #389
• CLI/Service: Updated multiple Python dependencies. #426, #427, #430

Fixed

• Agent: Fixed triggering condition for new unique report events #422
• Deployment: Mitigate issues related to deployments within conditional access policy scenarios. #447
• Agent: Fixed an issue where unused nodes would stop requesting new work. #459
• Service: Fixed dead node cleanup. #458
• Service: Fixed an issue logging excessively large stdout/stderr from tasks. #460

1.11.0

Added

• Service: Added support for sharding corpus storage accounts using "Premium" storage accounts for improved IOPs. #334
• CLI/Service/Agent: Added the ability to optionally colocate multiple compatible tasks on a single machine. The coverage and crash reporting tasks in the LibFuzzer template make use of this functionality by default. #402
• CLI: Added onefuzz debug log tail which enables continuously following Application Insights query results. #401
• CLI/Agent: Support verifying LibFuzzer targets at the start of a task using -help=1, which will enable identifying non-functional LibFuzzer targets. #381
• CLI/Agent: Support specifying whether to log a warning or fail the task when a LibFuzzer target exits with a non-zero status code (without also generating a crashing input). #381
• Agent: The STDOUT and STDERR for the supervisors and generators are now logged to Application Insights. #400
• Service: Enabled per-Scaleset SSH keys on Windows VMs, similar to existing Linux support, enabling onefuzz debug node ssh to both Windows and Linux nodes. #390
• Agent: Support ASAN odr-violation results. #380
• CLI/Service/Agent: Added the ability add SSH keys to nodes within scalesets. #441
• CLI: Added support for multi-tenant authentication. #346

Changed

• Service: Updating outdated nodes is now limited to 500 nodes at a time. #397
• Service: Restrict agent from accessing API endpoints not specific to the agent. #404
• Service: Increased Azure Functions runtime timeout to 15 minutes. #384
• Deployment/Agent: Updated AFL++ to 3.00c. #393
• Agent: Added randomized initial jitter to agent heartbeats, which reduce API query storms when launching large number of nodes concurrently. #387

Fixed

• CLI/Agent: Add support to verify LibFuzzer targets execute correctly at the start of a task using -help=1. #381
• Service: Re-enable API endpoint used by onefuzz nodes update. #412
• Agent: Addressed a race condition in LibFuzzer coverage analysis without initial seeds. #403
• Agent: Prevent supervisor that fatally exits from processing additional new tasks. #378
• Agent: Address issues handling LibFuzzer targets that produce non-UTF8 output to STDERR. #379

1.10.0

Added

• CLI: Added libfuzzer merge job template, which enables running performing libfuzzer input minimization as a batch operation. #282
• CLI/Service: Added the instance-specific Application Insights telemetry key to onefuzz info get, which will enable logging to the instance specific application insights from the SDK. #353
• Agent: Added support for parsing AddressSanitizer CHECK failed entries, which can occur during large amounts of memory corruption. #358
• Agent/Service: Added support for parsing the ASAN "scariness" score and description when print_scariness=1 in ASAN_OPTIONS. #359

Changed

• Agent: Mark tasks as failed if the application under test generates an ASAN log file that the agent is unable to parse. #351
• Agent: Updated the libfuzzer_merge task to merge pre-existing inputs in a single pass. #282
• CLI: Clarified the error messages when prefix-expansion fails. #342
• Service: Rendered pydantic models as JSON when logging to prevent error=None from showing up in the error logs. #350
• Deployment: Pinned the version of pyOpenssl to the version used by multiple Azure libraries. #348
• CLI/Service: (PREVIEW FEATURE) Multiple updates to job template management. #354, #360, #361

Fixed

• Agent: Fixed issue preventing the supervisor from notifying the service on some state changes. #337
• Deployment: Fixed a regression in retrying password creation during deployment #338
• Deployment: Fixed uploading tools when rolling back deployments. #347

1.9.0

Added

• CLI/Service: Added Service-Managed Job Templates as a preview feature. Enable via onefuzz config --enable_feature job_templates. #226
• Service/agent: Added internal support for unmanaged nodes. This paves the way for bring your own compute for fuzzing. #318
• CLI: Added onefuzz debug subcommands to simplify coverage and fuzzing performance for libFuzzer jobs from Application Insights. #325
• Service: Information about the user responsible for creating jobs and repro VMs is now associated with the Job and Repro VMs. #327

Changed

• Deployment: deploy.py now automatically retries on failure when deploying the Azure Function App. #330

Fixed

• Service: Address multiple minor issues previously hidden by function decorators used for caching. #322
• Agent: Fixed libFuzzer coverage support for internal builds of MSVC #324
• Agent: Address issue preventing instance-wide setup scripts from executing in some cases. #331

1.8.0

Added

• CLI/Service: Added Event-based webhooks. #296
• Service: Information about the user responsible for creating tasks is now associated with the tasks (this information is available in the task related event webhooks). #303

Changed

• Contrib: Azure Devops deployment pipeline uses the --upgrade feature added in 1.7.0. #304

Fixed

• Service: Fixed setting target_workers, used to configure the number of concurrent libfuzzer workers within a task #305

1.7.0

Added

• Deployment: deploy.py now takes --upgrade to enable simplify upgrading deployments. For now, this skips assignment of the managed identity role which only needs to be done on installation. #271
• CLI: Added Application Insights debug CLI. See onefuzz debug logs #281
• CLI: Added unique_inputs to the default container types for onefuzz reset --containers and onefuzz containers reset. #290
• CLI: Added onefuzz debug node to enable debugging a node in a scaleset without having to specify the scaleset. #298

Changed

• Service: When shutting down an individual scaleset, all of the nodes in the scaleset are now marked for shutdown. #252
• Service: The scaleset service principal IDs are now cached as part of the respective Scaleset object #255
• Service: The association from nodes that ran a task are now kept until the node is reimaged, enabling easily connecting to the node that ran a task after task completion. #273
• Deployment: Pinned urllib3 version due to an incompatible new release #292
• CLI: Removed calls to containers.list, significantly improving job template creation performance. #289
• Service: No longer use HTTP 404 response codes during agent registration. #287
• Agent: Heartbeats are now only sent as part of the execution loop. #283
• Service: Refactored handlers for agent events, including much more detailed logging. #261
• Deployment: Prevent users from enabling public access to containers. #300

Fixed

• Service: Fixed libfuzzer_merge tasks #240
• Service: Fixed an issue where scheduled tasks waiting in the queue for longer than 7 days would never get scheduled. #259
• Service: Removed stale Node references from scalesets #275

1.6.0

Added

• Service: The service now auto-scales the number of Azure Functions instances as needed #238
• CLI/Service/Agent: Added the ability to configure ensemble synchronization interval (including disabling ensemble altogether) #229
• Contrib: Added sample Azure Devops pipeline to maintain instances of OneFuzz #233
• Deployment: Added utility to create CLI application registrations #236
• Deployment/Service/Agent: Added a per-instance uniquely generated UUID to telemetry (see docs/telemetry.md for more information) #245

Changed

• CLI: The CLI now internally caches container authorization tokens #224
• Service: Moved to using user-assigned managed identities for Scalesets #219
• Agent: Added stdout to azcopy error logs #247
• Service: Increased function timeouts to 5 minutes #237

1.5.0

Added

• CLI/Service: Added the ability to prevent a VM from getting reset in order to debug tasks #201
• SDK: Add examples directory to the python package #216
• Agent: Added connection resiliency via automatic retry (with backoff) throughout the agent #153
• Deployment: Added the ability to log the application passwords during registration #214
• Agent: Libfuzzer Coverage metrics are now reported after the batch processing phase #218
• Deployment: Added a utility to assign scalesets to roles #185
• Contrib: Added a utility to automate deployment of new releases of OneFuzz via Azure Devops pipelines #208

Fixed

• Agent: Addressed a race condition syncing input seeds #204

Changed

• Agent: Instead of ignoring all AVs during libfuzzer coverage processing, stop on second-chance AVs #210
• Agent: During libfuzzer coverage, disable default symbol paths unless _NT_SYMBOL_PATH is set via target_env. #222

1.4.0

Added

• CLI: Added onefuzz containers reset to delete containers by type en masse. #198, #202
• Agent: Added missing approved telemetry as to tool names & crash report identification. #203

Changed

• Service: Enabled log sampling at the service at 20 items per second. #174

Fixed

• Service: Fixed multiple bugs in the service, including an exception due to invalid format string proxy or repro VM creation #206