diff --git a/CHANGELOG.md b/CHANGELOG.md index dce13fadb..b3222190f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,9 +2,22 @@ ## Unreleased: mitmproxy next +### Major Changes + +* Major improvements to the web interface (@gorogoroumaru) +* Event hooks can now be async (@nneonneo, [#5106](https://github.com/mitmproxy/mitmproxy/issues/5106)) +* New [`tls_{established,failed}_{client,server}` event hooks](https://docs.mitmproxy.org/dev/api/events.html#TLSEvents) + to record negotiation success/failure (@mhils, [#4790](https://github.com/mitmproxy/mitmproxy/pull/4790)) + +### Security Fixes + +* [CVE-2022-24766](https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3): + Fix request smuggling vulnerability reported by @zeyu2001 (@mhils) + +### Full Changelog + * Support proxy authentication for SOCKS v5 mode (@starplanet) * Make it possible to ignore connections in the tls_clienthello event hook (@mhils) -* Add `tls_established/failed_client/server` event hooks to record negotiation success/failure (@mhils) * fix some responses not being decoded properly if the encoding was uppercase (#4735, @Mattwmaster58) * Trigger event hooks for flows with semantically invalid requests, for example invalid content-length headers (@mhils) * Improve error message on TLS version mismatch (@mhils) @@ -28,7 +41,6 @@ * Add example addon for saving streamed data to individual files (@EndUser509) * Change connection event hooks to be blocking. Processing will only resume once the event hook has finished. (@Prinzhorn) -* Allow addon hooks to be async (@nneonneo, #4207) * Reintroduce `Flow.live`, which signals if a flow belongs to a currently active connection. (#4207, @mhils) * Speculative fix for some rare HTTP/2 connection stalls (#5158, @EndUser509) * Add ability to specify custom ports with LDAP authentication (#5068, @demonoidvk) @@ -38,6 +50,7 @@ * Lowercase user-added header names and emit a log message to notify the user when using HTTP/2 (#4746, @mhils) * Exit early if there are errors on startup (#4544, @mhils) * Fixed encoding guessing: only search for meta tags in HTML bodies (##4566, @Prinzhorn) +* Binaries are now built with Python 3.10 (@mhils) ## 28 September 2021: mitmproxy 7.0.4 diff --git a/mitmproxy/version.py b/mitmproxy/version.py index ffaffc731..686fdf134 100644 --- a/mitmproxy/version.py +++ b/mitmproxy/version.py @@ -2,7 +2,7 @@ import os import subprocess import sys -VERSION = "8.0.0.dev" +VERSION = "8.0.0" MITMPROXY = "mitmproxy " + VERSION # Serialization format version. This is displayed nowhere, it just needs to be incremented by one diff --git a/release/README.md b/release/README.md index fbb6820d6..b14737122 100644 --- a/release/README.md +++ b/release/README.md @@ -3,7 +3,7 @@ These steps assume you are on the correct branch and have a git remote called `origin` that points to the `mitmproxy/mitmproxy` repo. If necessary, create a major version branch starting off the release tag (e.g. `git checkout -b v4.x v4.0.0`) first. - Update CHANGELOG. -- Verify that the compiled mitmweb assets are up-to-date. +- Verify that the compiled mitmweb assets are up-to-date (`npm start prod`). - Verify that all CI tests pass. - Verify that `mitmproxy/version.py` is correct. Remove `.dev` suffix if it exists. - Tag the release and push to GitHub.