- Release date: 2017-01-02

- SHA-256: ec27d4e74e9ce0f78066389a70724afd07f10761009322dc020656704ad5296d

This release fixes several security-relevant bugs in the MessagePack and CBOR parsers. The fixes are backwards compatible.

- :bug: Fixed a lot of **bugs in the CBOR and MesssagePack parsers**. These bugs occurred if invalid input was parsed and then could lead in buffer overflows. These bugs were found with Google's [OSS-Fuzz](https://github.com/google/oss-fuzz), see #405, #407, #408, #409, #411, and #412 for more information.
- :construction_worker: We now also use the **[Doozer](https://doozer.io) continuous integration platform**.
- :construction_worker: The complete test suite is now also run with **Clang's address sanitizer and undefined-behavior sanitizer**.
- :white_check_mark: Overworked **fuzz testing**; CBOR and MessagePack implementations are now fuzz-tested. Furthermore, all fuzz tests now include a round trip which ensures created output can again be properly parsed and yields the same JSON value.
- :memo: Clarified documentation of `find()` function to always return `end()` when called on non-object value types.
- :hammer: Moved thirdparty test code to `test/thirdparty` directory.