• fix: Fix for #142 - add Cookie header in the list of authorization headers
• fix: Fix issue when query parameters have empty name
• fix: Fix issue of matching reponse content types when content type was invalid
• fix: Fix issue when oneOf/anyOf could be different vairants of arrays in root path
• feat: Add fuzzer name in console for current running path
• fix: Escape json keys like key.subkey.[anotherKey]
• fix Fix NPE when apiresponse schema was null
• fix: Fix issue when request body had a reference to a schema that was referencing another schema
• fix: Default to static value when header value fails to be parsed from Parameter schema
• fix: Limit xxxOf combinations when linting
• fix: Improve handling of complex regexes through call chains and report regexes which could not be translate into concrete strings
• feat: Add custom generator for timestamps
• fix: Fix for #141 regexes with starting and ending with .*
• fix: Fix for #140 NPE when running cats fuzz sub-command
• fix: Improve handling of allOf schemas with single child
• feat: Consider properties with name 'link' as candidates for URIGenerator
• fix: Fix issue when request content type doesn't have a schema
• feat: Improve openapi parser to consider schemas having additionalProperties false and type string as string schemas
• fix: Fix issue when oneOf/anyOf could be array or simple schemas
• fix: Fix cases when generated examples are too large to be stored in memory
• fix: Properly generate strings when regex doesn't have quantifiers, but has min length
• feat: Improve handling of complex regexes like email, password or uri
• fix: Improve detection of self-refence properties and properly stop generation after --selfReferenceDepth
• fix: Fix issue when json key was '*'
• fix: Improve handling of regex that have length in their definition
• fix: Improve self-references detection
• fix: Generate examples for parameters that have content-type
• fix: Escape json keys like @idempotency_key
• fix: Fix issue when nested oneOf/anyOf combinations was considering duplicate payload structures
• fix: Fix issue with escaped URLs not being properly replaced with ref data and url params
• feat: Make NewFieldsFuzzer run for empty payloads
• fix: Fix issue with dark mode not displaying well on test case page
• fix: Update cats list sub-command description to reflect all usages
• fix: Bold and underline Usage header from help
• feat: Add --skipPath for linting
• fix: Fix issue with request payload not being selected by default in test case page

• feat: Display current path/total paths in command line
• feat: Add possibility to specify run order of paths
• fix: Cache additionalProperties in order to avoid cyclic calls
• fix: Decrease size for OverflowMapSizeFuzzer as it lead to outofmemory
• fix: Fix issue with cyclic dependencies on additionalProperties
• feat: After CATS runs, print number of errors by error reason
• fix: Fix issue in swagger-parser with array query params with inline schemas
• fix: Fix parsing JSON issues for keys like filters[]
• fix: Query parameters that have cross path references to inline array schemas are now properly solved
• feat: Add additional data to be displayed in the summary report: number of paths and average execution time
• feat: Properly parse strings which are actually escaped JSONs
• fix: Prevent stackoverflow issue when schema was referring itself
• feat: Reorganize summary page to include tests execution chart and additional details
• fix: Fix issues with cross-path param reference and empty title inline schemas
• fix: Improve cross-path reference solving for ApiResponses
• feat: Introduce support for cross-path components references like #/paths/~1v2~11-clicks/get/responses/200/headers/ratelimit-limit

• feat: Make help consistent across all arguments
• fix: Don't mutate field if it's not part of the current payload
• fix: Fix --dryRun not properly displaying number of test to be run
• fix: Fix padding for banner and logo on summary page
• feat: Add additional data to be displayed in the summary report
• feat: Add new generator for content types
• feat: Add new argument to cache generated payloads instead of generating them every time
• feat: Display path and http method when showing processing errors at the end of the run
• fix: Fix serialization of DateTime objects when fuzzers where replacing fields
• fix: Improve regex generator to deal with fix length patterns
• feat: Print errors during fuzzer processing at the end of execution
• fix: When OpenAPI schema doesn't have min/max default to -1/-1
• fix: Escape json keys like $idempotency_key
• fix: Return default alphanumeric pattern for empty patterns
• fix: Fix HttpStatusCodeInRangeLinter to conside 1xx,2xx,3xx,4xx,5xx codes
• fix: Accomodate additional regexes with fixed length in definition and also having minLength and maxLength defined
• fix: Ignore root schema names from cyclic references check
• fix: Escape json keys like key[inner]
• fix: Change default min length for headers to 1 when no constraint defined in OpenAPI
• feat: Change PhoneNumberGenerator to also match phone1, phone2, etc.
• feat: Add http method when printing that a param does not have a defined schema
• fix: Make sure total string size does not exceed max possible on jvm
• fix: Fix issues when content type is not Json and logic for param replacement was relying on json formatting
• fix: When schema length is Integer.MAX_VALUE use only MAX_VALUE / 100 to generate exact length values
• fix: Fix some edge cases for string generation
• fix: When NewFieldsFuzzer cannot add new fields skip the test
• fix: When payloads are not valid jsons compare them as strings
• fix: Update StringGenerator to try to generate twice for each generator to increase chances of generating a value matching the pattern
• fix: When path variable is not defined in OpenAPI print error instead of throwing exception
• fix: When path variable is not defined in OpenAPI print error instead of throwing exception
• fix: Fix issue with NewFieldsFuzzer to be skipped for primitives and better interpret arrays
• fix: Fix issue with DefaultValuesInFieldsFuzzer to do simple replace instead of merge fuzzing
• fix: When an exception happens before running the fuzzer make sure contract path is recorded

• feat: Change display progress to unknown progress instead of percentage as percentages were unreliable
• fix: When field is enum consider left boundary as length of element at position 0
• fix: Escape zero width char to properly be displayed in the report
• fix: ZeroWidthCharsInNamesHeadersFuzzer should not match response content type and body
• fix: Split ZeroWidthCharacters fuzzers based on sanitization logic

• fix: Fix issue with progress not being displayed when request payload contained many fields
• fix: Fix issue when UUIDs could not be generated in native binaries
• fix: Fix for #128 for case insensitive regexes
• feat: Add new linter to check relevant response codes have response bodies
• fix: Fix for #125 caused by pattern also allowing empty strings
• feat: Add new generator for state codes
• feat: Add new generator for sort codes
• feat: Add new generator for nationality
• feat: Add new generator for bank account numbers
• fix: Improve phone number generator to accommodate regexes starting with +
• fix: Add lineOne as possible field name for line1 generator
• feat: cats generate ... will output single json instead of array when one type of request possible
• fix: Fix for #127 when contentType is declared globally
• feat: Add new linter to detect duplicate operationIds
• feat: Add new linter to detect empty path elements
• fix: Mark null responses as matching schema
• feat: Include additional potential monitoring endpoints to be displayed by cats stats sub-command
• feat: Add 2 new fields fuzzers that are fuzzing field names and field values with zero length characters
• fix: Add env. prefix to RELEASE_URL

• Include additional characters in the zero width chars small list
• Allow -X for http method in main command
• Add two new header fuzzers to cover basic zero width characters test cases
• Enable debug logging earlier in GenerateCommand
• Proper display stacktraces in CatsCommand
• Update javadoc to reflect that RandomResourceFuzzer runs for all http methods
• Add new command to generate valid response templates
• Change logic for phone generator to select from 10 and 11 length numbers only
• Exclude citizenship from the IP generator match condition
• Make method return empty list when urlParams are null
• When responses have binary content such as pdf or csv, assume the body matches
• Change argument help to remove TemplateFuzzer reference

Release Notes:

• Improve cyclic schema dependencies detection to avoid infinite loops
• Add new arguments that deal with anyOf/oneOf generation
• Fix NPE when pattern was empty
• Filter out request payloads that are not fully created and still include ONE_OF/ANY_OF
• If --targetFields are not supplied, compute all fields combinations from --data for cats fuzz
• If --urlParams are not supplied for http methods with body, generate random values
• Fix issue with lookahead regex operators causing strings not to be generated
• Fix for #122
• Several improvements for the cats fuzz subcommand
• Add 2 new arguments for --simpleReplace and --printProgress for cats fuzz sub-command
• Make cats fuzz sub-command render findings in console as it progresses
• When running in summary mode don't prefix log lines with stars
• Fix issue with refData from all not adding keys that were not on the path entry
• Make matchXXX arguments required for cats fuzz
• Fix issues with default values for boolean arguments and their negatable values
• Make cats fuzz do fuzzing based on the FUZZ keyword

Release notes:

• Change generator logic to consider enum and default values first
• Fix several possible NPEs
• Fix #117
• Fix #119
• Fix #116
• Fix an issue where path specific headers were overriden by all level headers
• Flag when a test case result is switched from error/warn to success based on --ignoreXXX arguments
• Add default value for xxxOf combinations as they grow exponentially and some OpenAPI specs abuse this
• Fix self-reference detection by keeping full qualified property names
• Add multiple generators
• Increase limit for yaml file size
• Fix issue when OpenAPI parser was adding an empty schema
• Fail gracefully when schema definitions are not part of the contract
• Accomodate additional cases for allOf composition with root oneOf schemas
• Improve oneOf/anyOf combination generation to avoid stackoverflow on circular references
• Add additional arguments to configure interaction with anyOf/oneOf schemas

Release notes:

• Only apply custom generators for String schemas
• Make very large fuzzer not check content type and response schema
• Make RandomResourcesFuzzer expect 404,400,422 not just 400

Release notes:

• Handle IOException cases when parsing fails during response streaming
• Consistently handle non-json responses and empty responses
• Make Abugida fuzzer expect both 4xx and 2xx as not all services might proper sanitize data
• Make fields totally skippable for fuzzing using a !field syntax
• Fix issue with data generator that was not considering the fully qualified name
• Add new generator for cardholdername
• Check that --server is a valid URL in all commands
• Improve error reporting for FunctionalFuzzer and SecurityFuzzer for cases when custom file was empty or required keywords were not present