ab88c497a4- Update to 11.1.2: * CVE-2025-23217: mitmweb's API now requires an authentication token by default. The mitmweb API is bound to localhost only, but @gronke found that an attacker can circumvent that restriction by tunneling requests through the proxy server itself in an SSRF-style attack. (fa89055, @mhils) (bsc#1236890) * Add (optional) password protection for mitmweb. The web_password option replaces the randomly-generated token authentication with a fixed secret that survives mitmproxy restarts. (0bd573a, @mhils) * mitmweb can now be hosted under arbitrary domains, the previously-used DNS rebind protection is not required anymore. (62693af, @mhils) * Security Hardening: mitmweb's xsrf_token cookie is now HttpOnly; SameSite=Strict. (#7491, @mhils) * Fix console freezing due to DNS queries with an empty question section. (#7497, @sujaldev) * Fixed a bug that caused mitmproxy to crash when loading prior knowledge h2 flows. (#7514, @sujaldev) * Fix a bug where mitmproxy would get stuck in secure web proxy mode when using ignore_hosts or allow_hosts. (#7519, @mhils) * Copy request/response data to the clipboard in mitmweb (#7352, @lups2000) * Fix a bug where exporting a curl or httpie command with escaped characters would lead to different data being sent. (#7520, @proteusvacuum) * Local Capture Mode is now available on Linux as well. (#7440, @mhils) * mitmproxy now requires Python 3.12 or above. (#7440, @mhils) * Add cache-busting for mitmweb's front end code. (#7386, @mhils) * Clicking the URL in mitmweb now places the cursor at the current position instead of selecting the entire URL. (#7385, @lups2000) * Add missing status codes (#7455, @jwadolowski) * All filter expressions are now case-insensitive by default. Users canSteve Kowalik2025-02-10 04:57:19 +00:00
2177cae9b1Accepting request 1208812 from devel:languages:pythonAna Guerrero2024-10-18 13:58:09 +00:00
a2d5a4c4e6Accepting request 1208752 from home:smolsheep:upgradesMarkéta Machová2024-10-18 08:13:39 +00:00
afcccd3c34Accepting request 1152312 from home:mcalabkova:branches:devel:languages:pythonMatej Cepl2024-02-29 08:59:25 +00:00
b344c39f22Accepting request 1142652 from devel:languages:pythonAna Guerrero2024-01-30 17:25:39 +00:00
5b825d1a7a- switch to python311 build * Deprecation of pathod and pathoc tools and modules. Future releases * Tests: Replace asynctest with stdlib mock - Update to v5.2 * Fix dev version detection with parent git repo * replace-asynctest.patchDirk Mueller2024-01-29 21:27:48 +00:00
96101cb3dc- Skip broken tests in different architecturesDaniel Garcia2022-12-15 17:33:54 +00:00
ed7bb055b5- Remove fix-big-integer.patch - Update to version 9.0.1: - The precompiled binaries now ship with OpenSSL 3.0.7, which resolves CVE-2022-3602 and CVE-2022-3786. - Performance and stability improvements for WireGuard mode. (#5694, @mhils, @decathorpe) - Fix a bug where the standalone Linux binaries would require libffi to be installed. (#5699, @mhils) - Hard exit when mitmproxy cannot write logs, fixes endless loop when parent process exits. (#4669, @Prinzhorn) - Fix a permission error affecting the Docker images. (#5700, @mhils) - 9.0.0 # Major Features - Add Raw UDP support. (#5414, @meitinger) - Add WireGuard mode to enable transparent proxying via WireGuard. (#5562, @decathorpe, @mhils) - Add DTLS support. (#5397, @kckeiks). - Add a quick help bar to mitmproxy. (#5381, #5652, @kckeiks, @mhils). # Deprecations - Deprecate add_log event hook. Users should use the builtin logging module instead. See the docs for details and upgrade instructions. (#5590, @mhils) - Deprecate mitmproxy.ctx.log in favor of Python's builtin logging module. See the docs for details and upgrade instructions. (#5590, @mhils) # Breaking Changes - The mode option is now a list of server specs instead of a single spec. The CLI interface is unaffected, but users may need to update their config.yaml. (#5393, @mhils) # Full Changelog - Mitmproxy binaries now ship with Python 3.11. (#5678, @mhils) - One mitmproxy instance can now spawn multiple proxy servers. (#5393,Daniel Garcia2022-12-15 17:21:57 +00:00
68e1079e43Accepting request 1008760 from devel:languages:pythonRichard Brown2022-10-07 23:25:34 +00:00
512733465d- Update to version 8.1.1: * Support specifying the local address for outgoing connections (#5364, @meitinger) * Fix a bug where an excess empty chunk has been sent for chunked HEAD request. (#5372, @jixunmoe) * Drop pkg_resources dependency. (#5401, @PavelICS) * Fix huge (>65kb) http2 responses corrupted. (#5428, @dhabensky) * Remove overambitious assertions in the HTTP state machine, fix some error handling. (#5383, @mhils) * Use default_factory for parser_options. (#5474, @rathann) - mitmproxy 8.1.0 * DNS support (#5232, @meitinger) * Mitmproxy now requires Python 3.9 or above. (#5233, @mhils) * Fix a memory leak in mitmdump where flows were kept in memory. (#4786, @mhils) * Replayed flows retain their current position in the flow list. (#5227, @mhils) * Periodically send HTTP/2 ping frames to keep connections alive. (#5046, @EndUser509) * Console Performance Improvements (#3427, @BkPHcgQL3V) * Warn users if server side event responses are received without streaming. (#4469, @mhils) * Add flatpak support to the browser addon (#5200, @pauloromeira) * Add example addon to dump contents to files based on a filter expression (#5190, @redraw) * Fix a bug where the wrong SNI is sent to an upstream HTTPS proxy (#5109, @mhils) * Make sure that mitmproxy displays error messages on startup. (#5225, @mhils) * Add example addon for domain fronting. (#5217, @randomstuff)Daniel Garcia2022-10-07 11:04:51 +00:00
Ana Guerrero
Steve Kowalik
Markéta Machová
Dominique Leuenberger
Matej Cepl
Dirk Mueller
Daniel Garcia
Richard Brown
Tomáš Chvátal