SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python312-mitmproxy-11.1.2-1.1.noarch.rpm :

* Mon Feb 10 2025 Steve Kowalik - Update to 11.1.2:
* CVE-2025-23217: mitmweb\'s API now requires an authentication token by default. The mitmweb API is bound to localhost only, but AATTgronke found that an attacker can circumvent that restriction by tunneling requests through the proxy server itself in an SSRF-style attack. (fa89055, AATTmhils) (bsc#1236890)
* Add (optional) password protection for mitmweb. The web_password option replaces the randomly-generated token authentication with a fixed secret that survives mitmproxy restarts. (0bd573a, AATTmhils)
* mitmweb can now be hosted under arbitrary domains, the previously-used DNS rebind protection is not required anymore. (62693af, AATTmhils)
* Security Hardening: mitmweb\'s xsrf_token cookie is now HttpOnly; SameSite=Strict. (#7491, AATTmhils)
* Fix console freezing due to DNS queries with an empty question section. (#7497, AATTsujaldev)
* Fixed a bug that caused mitmproxy to crash when loading prior knowledge h2 flows. (#7514, AATTsujaldev)
* Fix a bug where mitmproxy would get stuck in secure web proxy mode when using ignore_hosts or allow_hosts. (#7519, AATTmhils)
* Copy request/response data to the clipboard in mitmweb (#7352, AATTlups2000)
* Fix a bug where exporting a curl or httpie command with escaped characters would lead to different data being sent. (#7520, AATTproteusvacuum)
* Local Capture Mode is now available on Linux as well. (#7440, AATTmhils)
* mitmproxy now requires Python 3.12 or above. (#7440, AATTmhils)
* Add cache-busting for mitmweb\'s front end code. (#7386, AATTmhils)
* Clicking the URL in mitmweb now places the cursor at the current position instead of selecting the entire URL. (#7385, AATTlups2000)
* Add missing status codes (#7455, AATTjwadolowski)
* All filter expressions are now case-insensitive by default. Users can opt into case-sensitive filters by setting MITMPROXY_CASE_SENSITIVE_FILTERS=1 as an environment variable. (#7458, AATTmhils, AATTAdityaPatadiya)
* Remove filter expression lowercasing in block_list addon (#7456, AATTjwadolowski)
* Remove check for status codes in the blocklist add-on. (#7453, AATTlups2000, AATTAdityaPatadiya)
* Prompt user before clearing screen (#7445, AATTerrorxyz)
* Stop sorting keys in JSON contentview (#7346, AATTinjust)
* Fix a bug where a custom CA would raise an error. (#7355, AATTnneonneo)
* Fix a bug where the mitmproxy UI would crash on negative durations. (#7358, AATTmhils)
* Allow technically invalid HTTP transfer encodings in requests if validate_inbound_headers is disabled. (#7361, #7373, AATTmhils)
* Fix a bug in windows management in mitmproxy TUI whereby the help window does not appear if \"?\" is pressed within the overlay (#6500, AATTemanuele-em)
* Tighten HTTP detection heuristic to better support custom TCP-based protocols. (#7228, AATTfatanugraha)
* Implement stricter validation of HTTP headers to harden against request smuggling attacks. (#7345, AATTmhils)
* Increase HTTP/2 default flow control window size, fixing performance issues. (#7317, AATTsujaldev)
* Fix a bug where mitmproxy would incorrectly report that TLS 1.0 and 1.1 are not supported with the current OpenSSL build. (#7241, AATTmhils)
* Add a tun proxy mode that creates a virtual network device on Linux for transparent proxying. (#7278, AATTmhils)
* browser.start command now supports Firefox. (#7239, AATTsujaldev)
* Fix interaction of the modify_headers and stream_large_bodies options. This may break users of modify_headers that rely on filters referencing the message body. We expect this to be uncommon, but please make yourself heard if that\'s not the case. (#7286, AATTlukant)
* Fix a crash when handling corrupted compressed body in savehar addon and its tests. (#7320, AATT8192bytes)
* Remove dependency on protobuf library as it was no longer being used. (#7327, AATTmatthew16550)
* Fri Oct 18 2024 Joshua Smith - Update to version 11.0.0:
* mitmproxy now supports transparent HTTP/3 proxying.
* Add HTTP3 support in HTTPS reverse-proxy mode.
* mitmproxy now officially supports Python 3.13.
* Tighten HTTP detection heuristic to better support custom TCP-based protocols.
* Add show_ignored_hosts option to display ignored flows in the UI. This option is implemented as a temporary workaround and will be removed in the future.
* Fix slow tnetstring parsing in case of very large tnetstring.
* Add getaddrinfo-based fallback for DNS resolution if we are unable to determine the operating system\'s name servers.
* Improve the error message when users specify the certs option without a matching private key.
* Fix a bug where intermediate certificates would not be transmitted when using QUIC.
* Fix a bug where fragmented QUIC client hellos were not handled properly.
* Emit a warning when users configure a TLS version that is not supported by the current OpenSSL build.
* Fix a bug where mitmproxy would crash when receiving STOP_SENDING QUIC frames.
* Fix error when unmarking all flows.
* Add addon to update the alt-svc header in reverse mode.
* Do not send unnecessary empty data frames when streaming HTTP/2.
* Fix of measurement unit in HAR import, duration is in milliseconds.
* Connection.tls_version now is QUICv1 instead of QUIC for QUIC.
* Add support for full mTLS with client certs between client and mitmproxy.
* Update documentation adding a list of all possibile web_columns.- Updates from version 10.4.2:
* Fix a crash on startup when mitmproxy is unable to determine the OS\' DNS servers- Updates from version 10.4.1:
* Fix a bug where macOS local mode would not start up on macOS.
* Fix UDP error handling when we learn that the remote has disconnected.- Updates from version 10.4.0:
* Add support for DNS over TCP.
* Add first MVP new Capture Tab in mitmweb
* Add HttpConnectedHook and HttpConnectErrorHook.
* Fix non-linear growth in processing time for large HTTP bodies.
* Fix a bug where connections would be incorrectly ignored with allow_hosts.
* Fix zstd decompression to read across frames.
* Handle certificates we cannot parse more gracefully.
* Parse compressed domain names in ResourceRecord data.
* Fix a bug where mitmweb\'s flow list would not stay at the bottom.
* Fix a bug where SSH connections would be incorrectly handled as HTTP.
* Skip UTF-8 byte-order marks (BOM) when loading HAR files.
* Allow typing.Sequence[str] to be an editable option.
* Add Host header to CONNECT requests.
* Support all query types in DNS mode.
* Fix a bug where mitmproxy would crash for pipelined HTTP flows.
* Add an optional \"index\" column for mitmweb.- Updates from version 10.3.1:
* Release tags are now prefixed with v again.
* Fix a bug where mitmproxy would not exit when -n is passed.
* Set the unbuffered (stdout/stderr) flag for the mitmdump PyInstaller build.
* Fix a bug where client replay would not work with proxyauth.
* Fix slowdown when sending large amounts of data over HTTP/2.
* Add an option to strip HTTPS records from DNS responses to block encrypted ClientHellos.
* Add an API to parse HTTPS records from DNS RDATA.
* Releases now come with a Sigstore attestations file to demonstrate build provenance.- Updates from version 10.3.0:
* Add support for editing non text files in a hex editor
* Add server_connect_error hook that is triggered when connection establishment fails.
* Add section in mitmweb for rendering, adding and removing a comment
* Fix multipart form content view being unusable.
* Documentation Improvements on CA Certificate Generation
* Make it possible to read flows from stdin with mitmweb.
* Update aioquic dependency to >= 1.0.0, < 2.0.0.
* Fix a bug where async client_connected handlers would crash mitmproxy.
* Add button to close flow details panel
* Ignore SIGPIPE signals when there is lots of traffic. Socket errors are handled directly and do not require extra signals that generate noise.
* Add primitive websocket interception and modification
* Add support for exporting websocket messages when using \"raw\" export.
* The \"save body\" feature now also includes WebSocket messages.
* Fix compatibility with older cryptography versions and silence a DeprecationWarning on Python <3.11.
* Fix a bug when proxying unicode domains.- Updates from version 10.2.4:
* Fix a bug where errors during startup would not be displayed when running mitmproxy.
* Use newer cryptography APIs to avoid CryptographyDeprecationWarnings. This bumps the minimum required version to cryptography 42.0.- Updates from version 10.2.3:
* Fix a regression where allow_hosts/ignore_hosts would break with IPv6 connections.
* Fix bug where failed CONNECT request URLs are saved to HAR files incorrectly.
* Add an arm64 variant for the precompiled macOS app.
* Fix duplicate answers being returned in DNS queries.
* Fix bug where wireguard config is generated with incorrect endpoint when two or more NICs are active.
* Fix a regression when leaf cert creation would fail with intermediate CAs in ca_file.
* Add content_view_lines_cutoff option to mitmdump
* Allow runtime modifications of HTTP flow filters for server replays
* Fix bug view options menu in case of overflow
* Allow --allow-hosts and --ignore-hosts to work together
* Tue Feb 27 2024 Markéta Machová - Update to version 10.2.2:
* The onboarding_port option has been removed. The onboarding app now responds to all requests for the hostname specified in onboarding_host.
* connection.Client and connection.Server now accept keyword arguments only. This is a breaking change for custom addons that use these classes directly.
* Add experimental support for HTTP/3 and QUIC.
* ASGI/WSGI apps can now listen on all ports for a specific hostname.
* Add replay.server.add command for adding flows to server replay buffer.
* Remove string escaping in raw view.
* mitmproxy now requires Python 3.10 or above.
* Add support for reading and writing HAR files.
* UDP streams are now backed by a new implementation in mitmproxy_rs.
* ignore_hosts now waits for the entire HTTP headers if it suspects the connection to be HTTP.
* Mon Jan 29 2024 Dirk Müller - switch to python311 build
* Thu Dec 15 2022 Daniel Garcia - Skip broken tests in different architectures
* Thu Dec 15 2022 Daniel Garcia - Remove fix-big-integer.patch- Update to version 9.0.1: - The precompiled binaries now ship with OpenSSL 3.0.7, which resolves CVE-2022-3602 and CVE-2022-3786. - Performance and stability improvements for WireGuard mode. (#5694, AATTmhils, AATTdecathorpe) - Fix a bug where the standalone Linux binaries would require libffi to be installed. (#5699, AATTmhils) - Hard exit when mitmproxy cannot write logs, fixes endless loop when parent process exits. (#4669, AATTPrinzhorn) - Fix a permission error affecting the Docker images. (#5700, AATTmhils)- 9.0.0 [#] Major Features - Add Raw UDP support. (#5414, AATTmeitinger) - Add WireGuard mode to enable transparent proxying via WireGuard. (#5562, AATTdecathorpe, AATTmhils) - Add DTLS support. (#5397, AATTkckeiks). - Add a quick help bar to mitmproxy. (#5381, #5652, AATTkckeiks, AATTmhils). [#] Deprecations - Deprecate add_log event hook. Users should use the builtin logging module instead. See the docs for details and upgrade instructions. (#5590, AATTmhils) - Deprecate mitmproxy.ctx.log in favor of Python\'s builtin logging module. See the docs for details and upgrade instructions. (#5590, AATTmhils) [#] Breaking Changes - The mode option is now a list of server specs instead of a single spec. The CLI interface is unaffected, but users may need to update their config.yaml. (#5393, AATTmhils) [#] Full Changelog - Mitmproxy binaries now ship with Python 3.11. (#5678, AATTmhils) - One mitmproxy instance can now spawn multiple proxy servers. (#5393, AATTmhils) - Add syntax highlighting to JSON and msgpack content view. (#5623, AATTSapiensAnatis) - Add MQTT content view. (#5588, AATTnikitastupin, AATTabbbe) - Setting connection_strategy to lazy now also disables early upstream connections to fetch TLS certificate details. (#5487, AATTmhils) - Fix order of event hooks on startup. (#5376, AATTmeitinger) - Include server information in bind/listen errors. (#5495, AATTmeitinger) - Include information about lazy connection_strategy in related errors. (#5465, AATTmeitinger, AATTmhils) - Fix tls_version_server_min and tls_version_server_max options. (#5546, AATTmhils) - Added Magisk module generation for Android onboarding. (#5547, AATTjorants) - Update Linux binary builder to Ubuntu 20.04, bumping the minimum glibc version to 2.31. (#5547, AATTjorants) - Add \"Save filtered\" button in mitmweb. (#5531, AATTrnbwdsh, AATTmhils) - Render application/prpc content as gRPC/Protocol Buffers (#5568, AATTselfisekai) - Mitmweb now supports content_view_lines_cutoff. (#5548, AATTsanlengjingvv) - Fix a mitmweb crash when scrolling down the flow list. (#5507, AATTLIU-shuyi) - Add HTTP/3 binary frame content view. (#5582, AATTmhils) - Fix mitmweb not properly opening a browser and being stuck on some Linux. (#5522, AATTPrinzhorn) - Fix race condition when updating mitmweb WebSocket connections that are closing. (#5405, #5686, AATTmhils) - Fix mitmweb crash when using filters. (#5658, #5661, AATTLIU-shuyi, AATTmhils) - Fix missing default port when starting a browser. (#5687, AATTrbdixon) - Add docs for transparent mode on Windows. (#5402, AATTstephenspol)
* Fri Oct 07 2022 Daniel Garcia - Update to version 8.1.1:
* Support specifying the local address for outgoing connections (#5364, AATTmeitinger)
* Fix a bug where an excess empty chunk has been sent for chunked HEAD request. (#5372, AATTjixunmoe)
* Drop pkg_resources dependency. (#5401, AATTPavelICS)
* Fix huge (>65kb) http2 responses corrupted. (#5428, AATTdhabensky)
* Remove overambitious assertions in the HTTP state machine, fix some error handling. (#5383, AATTmhils)
* Use default_factory for parser_options. (#5474, AATTrathann)- mitmproxy 8.1.0
* DNS support (#5232, AATTmeitinger)
* Mitmproxy now requires Python 3.9 or above. (#5233, AATTmhils)
* Fix a memory leak in mitmdump where flows were kept in memory. (#4786, AATTmhils)
* Replayed flows retain their current position in the flow list. (#5227, AATTmhils)
* Periodically send HTTP/2 ping frames to keep connections alive. (#5046, AATTEndUser509)
* Console Performance Improvements (#3427, AATTBkPHcgQL3V)
* Warn users if server side event responses are received without streaming. (#4469, AATTmhils)
* Add flatpak support to the browser addon (#5200, AATTpauloromeira)
* Add example addon to dump contents to files based on a filter expression (#5190, AATTredraw)
* Fix a bug where the wrong SNI is sent to an upstream HTTPS proxy (#5109, AATTmhils)
* Make sure that mitmproxy displays error messages on startup. (#5225, AATTmhils)
* Add example addon for domain fronting. (#5217, AATTrandomstuff)
* Improve cut addon to better handle binary contents (#3965, AATTmhils)
* Fix text truncation for full-width characters (#4278, AATTkjy00302)
* Fix mitmweb export copy failed in non-secure domain. (#5264, AATTPactortester)
* Add example script for manipulating cookies. (#5278, AATTWillahScott)
* When opening an external viewer for message contents, mailcap files are not considered anymore.
* This preempts the upcoming deprecation of Python\'s mailcap module. (#5297, AATTKORraNpl)
* Fix hostname encoding for IDNA domains in upstream mode. (#5316, AATTnneonneo)
* Fix hot reloading of contentviews. (#5319, AATTnneonneo)
* Ignore HTTP/2 information responses instead of raising an error. (#5332, AATTmhils)
* Improve performance and memory usage by reusing OpenSSL contexts. (#5339, AATTmhils)
* Fix handling of multiple Cookie headers when proxying HTTP/2 to HTTP/1 (#5337, AATTrinsuki)
* Improve http_manipulate_cookies.py example. (#5578, AATTinsilications)- Add fix-big-integer.patch to fix tests with modern python versions based on gh#mitmproxy/mitmproxyAATT780adbaf9b13
* Tue Mar 22 2022 Ferdinand Thiessen - Update to 8.0.0
* mitmweb improvements
* Now renders TCP and WebSocket flows
* Offers direct cURL/HTTPie/raw HTTP export
* Added Experimental command bar
* Added Async Event Hooks
* Added event hooks to signal TLS handshake success and failure for client and server connections
* Support proxy authentication for SOCKS v5 mode
* CVE-2022-24766: Fix request smuggling vulnerability, boo#1197381
* Thu Jan 06 2022 Ben Greiner - Register obs hypothesis profile for slow test executions
* Wed Dec 08 2021 Ferdinand Thiessen - Update to 7.0.4
* Compatibility with Python 3.10
* Supports proxying raw TCP connections
* Support TCP connections that start with a server-side greeting
* Support SMTP
* Accept HTTP/2 requests from the client and forward them to an HTTP/1 server
* Displays WebSocket messages also in a dedicated UI tab
* Clients can now establish TLS with the proxy right from the start, which can add a significant layer of defense in public networks.
* Removed pathoc and pathod, see https://github.com/mitmproxy/mitmproxy/issues/4273
  
ICM