[ https://issues.apache.org/jira/browse/JXPATH-199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17616742#comment-17616742 ]
ChenYuwang commented on JXPATH-199: ----------------------------------- Looking forward to the community to fix this vulnerability as soon as possible > OSS-Fuzz Integration of JXPath > ------------------------------ > > Key: JXPATH-199 > URL: https://issues.apache.org/jira/browse/JXPATH-199 > Project: Commons JXPath > Issue Type: Improvement > Reporter: Roman Wagner > Priority: Major > > Hi all, > I have prepared the initial integration > [https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/77378631c5593c7538193ecbff4f6edf8338ffe8] > of JXPath into [google oss-fuzz|https://github.com/google/oss-fuzz]. This > will enable continuous fuzzing of this project, which will be conducted by > Google. Bugs that will be found by fuzzing will be reported to you. After the > initial integration of this project into oss-fuzz, I will continue to add > additional fuzz tests to improve the code coverage over time. > The integration requires a primary contact, someone to deal with the bug > reports submitted by oss-fuzz. The email address needs to belong to an > established project committer and be associated with a Google account as per > [here|https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/]. > When a bug is found, you will receive an email that will provide you with > access to ClusterFuzz, crash reports, and fuzzer statistics. More than 1 > person can be included. Please let me know who I should include, if anyone. > [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer] is used for > fuzzing Java applications. Jazzer is a coverage-guided, in-process fuzzer for > the JVM platform developed by Code Intelligence. It is based on libFuzzer and > brings many of its instrumentation-powered mutation features to the JVM. > Jazzer has already found several bugs in JVM applications: [Jazzer > Findings|https://github.com/CodeIntelligenceTesting/jazzer#findings] > Please let me know if you have any questions regarding fuzzing or the > oss-fuzz integration. -- This message was sent by Atlassian Jira (v8.20.10#820010)