diff options
| -rw-r--r-- | CHANGELOG | 8 | ||||
| -rw-r--r-- | mitmproxy/certs.py | 3 | ||||
| -rw-r--r-- | mitmproxy/contentviews/json.py | 1 | ||||
| -rw-r--r-- | mitmproxy/proxy/server.py | 2 | ||||
| -rw-r--r-- | release/README.md | 24 | ||||
| -rw-r--r-- | setup.py | 6 | ||||
| -rw-r--r-- | web/src/js/__tests__/ducks/flowsSpec.js | 2 | ||||
| -rw-r--r-- | web/src/js/ducks/flows.js | 2 |
8 files changed, 29 insertions, 19 deletions
@@ -1,3 +1,11 @@ +31 July 2018: mitmproxy 4.0.4 + + * Security: Protect mitmweb against DNS rebinding. (CVE-2018-14505, @atx) + * Reduce certificate lifetime to two years to be conformant with + the current CA/Browser Forum Baseline Requirements. (@muffl0n) + (https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/) + * Update cryptography to version 2.3. + 15 June 2018: mitmproxy 4.0.3 * Add support for IPv6 transparent mode on Windows (#3174) diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py index 9a864cbc..58aea6d5 100644 --- a/mitmproxy/certs.py +++ b/mitmproxy/certs.py @@ -15,6 +15,7 @@ from mitmproxy.coretypes import serializable # Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815 DEFAULT_EXP = 94608000 # = 24 * 60 * 60 * 365 * 3 +DEFAULT_EXP_DUMMY_CERT = 63072000 # = 2 years # Generated with "openssl dhparam". It's too slow to generate this on startup. DEFAULT_DHPARAM = b""" @@ -101,7 +102,7 @@ def dummy_cert(privkey, cacert, commonname, sans): cert = OpenSSL.crypto.X509() cert.gmtime_adj_notBefore(-3600 * 48) - cert.gmtime_adj_notAfter(DEFAULT_EXP) + cert.gmtime_adj_notAfter(DEFAULT_EXP_DUMMY_CERT) cert.set_issuer(cacert.get_subject()) if commonname is not None and len(commonname) < 64: cert.get_subject().CN = commonname diff --git a/mitmproxy/contentviews/json.py b/mitmproxy/contentviews/json.py index e045bbb0..15c624ad 100644 --- a/mitmproxy/contentviews/json.py +++ b/mitmproxy/contentviews/json.py @@ -17,6 +17,7 @@ class ViewJSON(base.View): name = "JSON" content_types = [ "application/json", + "application/json-rpc", "application/vnd.api+json" ] diff --git a/mitmproxy/proxy/server.py b/mitmproxy/proxy/server.py index 57311596..44ae5697 100644 --- a/mitmproxy/proxy/server.py +++ b/mitmproxy/proxy/server.py @@ -131,7 +131,7 @@ class ConnectionHandler: self.log(repr(e), "debug") elif isinstance(e, exceptions.InvalidServerCertificate): self.log(str(e), "warn") - self.log("Invalid certificate, closing connection. Pass --insecure to disable validation.", "warn") + self.log("Invalid certificate, closing connection. Pass --ssl-insecure to disable validation.", "warn") else: self.log(str(e), "warn") diff --git a/release/README.md b/release/README.md index 6f4e8f1a..ab15f39f 100644 --- a/release/README.md +++ b/release/README.md @@ -4,16 +4,16 @@ Make sure to run all these steps on the correct branch you want to create a new release for! The command examples assume that you have a git remote called `upstream` that points to the `mitmproxy/mitmproxy` repo. -- Verify that `mitmproxy/version.py` is correct -- Update CHANGELOG -- Verify that all CI tests pass +- Verify that `mitmproxy/version.py` is correct. +- Update CHANGELOG. +- Verify that all CI tests pass. - If needed, create a major version branch - e.g. `v4.x`. Assuming you have a remote repo called `upstream` that points to the mitmproxy/mitmproxy repo:: - `git checkout -b v4.x upstream/master` - `git push -u upstream v4.x` -- Tag the release and push to Github +- Tag the release and push to Github. - `git tag v4.0.0` - `git push upstream v4.0.0` -- Wait for tag CI to complete +- Wait for tag CI to complete. ## GitHub Release - Create release notice on Github @@ -21,11 +21,11 @@ release for! The command examples assume that you have a git remote called auto-created by the tag. - We DO NOT upload release artifacts to GitHub anymore. Simply add the following snippet to the notice: - `You can find the latest release packages on our snapshot server: https://snapshots.mitmproxy.org/v<version number here>` + `You can find the latest release packages at https://mitmproxy.org/downloads/.` ## PyPi -- The created wheel is uploaded to PyPi automatically -- Please check https://pypi.python.org/pypi/mitmproxy about the latest version +- The created wheel is uploaded to PyPi automatically. +- Please check https://pypi.python.org/pypi/mitmproxy about the latest version. ## Homebrew - The Homebrew maintainers are typically very fast and detect our new relese @@ -35,14 +35,14 @@ release for! The command examples assume that you have a git remote called ## Docker - The docker image is built on Travis and pushed to Docker Hub automatically. -- Please check https://hub.docker.com/r/mitmproxy/mitmproxy/tags/ about the latest version -- Update `latest` tag: `export VERSION=4.0.3 && docker pull mitmproxy/mitmproxy:$VERSION && docker tag mitmproxy/mitmproxy:$VERSION mitmproxy/mitmproxy:latest && docker push mitmproxy/mitmproxy:latest` +- Please check https://hub.docker.com/r/mitmproxy/mitmproxy/tags/ about the latest version. +- Update `latest` tag: `export VERSION=4.0.3 && docker pull mitmproxy/mitmproxy:$VERSION && docker tag mitmproxy/mitmproxy:$VERSION mitmproxy/mitmproxy:latest && docker push mitmproxy/mitmproxy:latest`. ## Website - Update version here: https://github.com/mitmproxy/www/blob/master/src/config.toml - - Run `./build && ./upload-test` - - If everything looks alright, run `./upload-prod` + - Run `./build && ./upload-test`. + - If everything looks alright at http://www-test.mitmproxy.org, run `./upload-prod`. ## Docs - Make sure you've uploaded the previous version's docs to archive @@ -64,7 +64,7 @@ setup( "brotlipy>=0.7.0,<0.8", "certifi>=2015.11.20.1", # no semver here - this should always be on the last release! "click>=6.2, <7", - "cryptography>=2.1.4,<2.3", + "cryptography>=2.1.4,<2.4", "h2>=3.0.1,<4", "hyperframe>=5.1.0,<6", "kaitaistruct>=0.7,<0.9", @@ -77,7 +77,7 @@ setup( "pyperclip>=1.6.0, <1.7", "ruamel.yaml>=0.13.2, <0.16", "sortedcontainers>=1.5.4,<2.1", - "tornado>=4.3,<5.1", + "tornado>=4.3,<5.2", "urwid>=2.0.1,<2.1", "wsproto>=0.11.0,<0.12.0", ], @@ -98,7 +98,7 @@ setup( "pytest-xdist>=1.22,<2", "pytest>=3.3,<4", "requests>=2.9.1, <3", - "tox>=3.0,<3.1", + "tox>=3.0,<3.2", "rstcheck>=2.2, <4.0", ], 'examples': [ diff --git a/web/src/js/__tests__/ducks/flowsSpec.js b/web/src/js/__tests__/ducks/flowsSpec.js index d749d9e1..2bc5b38e 100644 --- a/web/src/js/__tests__/ducks/flowsSpec.js +++ b/web/src/js/__tests__/ducks/flowsSpec.js @@ -159,7 +159,7 @@ describe('flows actions', () => { store.dispatch(flowActions.uploadContent(tflow, 'foo', 'foo')) // window.Blob's lastModified is always the current time, // which causes flaky tests on comparison. - expect(fetchApi).toBeCalledWith('/flows/1/foo/content', { method: 'POST', body: expect.anything()}) + expect(fetchApi).toBeCalledWith('/flows/1/foo/content.data', { method: 'POST', body: expect.anything()}) }) it('should handle clear action', () => { diff --git a/web/src/js/ducks/flows.js b/web/src/js/ducks/flows.js index 523ec396..841feeba 100644 --- a/web/src/js/ducks/flows.js +++ b/web/src/js/ducks/flows.js @@ -209,7 +209,7 @@ export function uploadContent(flow, file, type) { const body = new FormData() file = new window.Blob([file], { type: 'plain/text' }) body.append('file', file) - return dispatch => fetchApi(`/flows/${flow.id}/${type}/content`, { method: 'POST', body }) + return dispatch => fetchApi(`/flows/${flow.id}/${type}/content.data`, { method: 'POST', body }) } |