Mitmproxy

* Fix a bug where errors during startup would not be displayed when running mitmproxy.
([6719](https://github.com/mitmproxy/mitmproxy/pull/6719), mhils)
* Use newer cryptography APIs to avoid CryptographyDeprecationWarnings.
This bumps the minimum required version to cryptography 42.0.
([6718](https://github.com/mitmproxy/mitmproxy/pull/6718), mhils)

* Fix a regression where `allow_hosts`/`ignore_hosts` would break with IPv6 connections.
([6614](https://github.com/mitmproxy/mitmproxy/pull/6614), dqxpb)
* Fix bug where failed CONNECT request URLs are saved to HAR files incorrectly.
([6599](https://github.com/mitmproxy/mitmproxy/pull/6599), basedBaba)
* Add an arm64 variant for the precompiled macOS app.
([6633](https://github.com/mitmproxy/mitmproxy/pull/6633), mhils)
* Fix duplicate answers being returned in DNS queries.
([6648](https://github.com/mitmproxymitmproxy/pull/6648), sujaldev)
* Fix bug where wireguard config is generated with incorrect endpoint when two or more NICs are active.
([6659](https://github.com/mitmproxy/mitmproxy/pull/6659), basedBaba)
* Fix a regression when leaf cert creation would fail with intermediate CAs in `ca_file`.
([6666](https://github.com/mitmproxy/mitmproxy/pull/6666), manselmi)
* Add `content_view_lines_cutoff` option to mitmdump
([6692](https://github.com/mitmproxy/mitmproxy/pull/6692), errorxyz)
* Allow runtime modifications of HTTP flow filters for server replays
([6695](https://github.com/mitmproxy/mitmproxy/pull/6695), errorxyz)
* Fix bug view options menu in case of overflow
([6697](https://github.com/mitmproxy/mitmproxy/pull/6697), lups2000)
* Allow --allow-hosts and --ignore-hosts to work together
([6711](https://github.com/mitmproxy/mitmproxy/pull/6711), dstd)

* Fix a regression where clientplayback would break due to eager task execution.
([6605](https://github.com/mitmproxy/mitmproxy/pull/6605), mhils)
* Fix a regression where WebSocket connections would break due to eager task execution.
([6609](https://github.com/mitmproxy/mitmproxy/pull/6609), mhils)
* Fix bug where insecure HTTP requests are saved incorrectly when exporting to HAR files.
([6578](https://github.com/mitmproxy/mitmproxy/pull/6578), DaniElectra)
* `allow_hosts`/`ignore_hosts` option now matches against the full `host:port` string.
([6594](https://github.com/mitmproxy/mitmproxy/pull/6594), LouisAsanaka)

* Fix a regression introduced in mitmproxy 10.2.0: WireGuard servers
now bind to all interfaces again.
([6587](https://github.com/mitmproxy/mitmproxy/pull/6587), mhils)
* Remove stale reference to `ctx.log` in addon documentation.
([6552](https://github.com/mitmproxy/mitmproxy/pull/6552), brojonat)
* Fix a bug where a traceback is shown during shutdown.
([6581](https://github.com/mitmproxy/mitmproxy/pull/6581), mhils)

* *Local Redirect Mode* is now officially available on
[macOS](https://mitmproxy.org/posts/local-redirect/macos/)
and [Windows](https://mitmproxy.org/posts/local-redirect/windows/).
See the linked blog posts for details. (emanuele-em, mhils)
* UDP streams are now backed by a new implementation in `mitmproxy_rs`.
This represents a major API change as UDP traffic is now exposed as streams
instead of a callback for each packet. (mhils)
* Fix a regression from mitmproxy 10.1.6 where `ignore_hosts` would terminate requests
instead of forwarding them.
([6559](https://github.com/mitmproxy/mitmproxy/pull/6559), mhils)
* `ignore_hosts` now waits for the entire HTTP headers if it suspects the connection to be HTTP.
([6559](https://github.com/mitmproxy/mitmproxy/pull/6559), mhils)

* Fix compatibility with Windows Schannel clients, which previously got
confused by CA and leaf certificate sharing the same Subject Key Identifier.
([6549](https://github.com/mitmproxy/mitmproxy/pull/6549), driuba and mhils)
* Change keybinding for exporting flow from "e" to "x" to avoid conflict with "edit" keybinding.
([6225](https://github.com/mitmproxy/mitmproxy/issues/6225), Llama1412)
* Fix bug where response flows from HAR files had incorrect `content-length` headers
([6548](https://github.com/mitmproxy/mitmproxy/pull/6548), zanieb)
* Improved handling for `allow_hosts`/`ignore_hosts` options in WireGuard mode (5930).
([6513](https://github.com/mitmproxy/mitmproxy/pull/6513), dsphper)
* Fix a bug where TCP connections were not closed properly.
([6543](https://github.com/mitmproxy/mitmproxy/pull/6543), mhils)
* DNS resolution is now exempted from `ignore_hosts` in WireGuard Mode.
([6513](https://github.com/mitmproxy/mitmproxy/pull/6513), dsphper)
* Fix case sensitivity of URL added to blocklist
([6493](https://github.com/mitmproxy/mitmproxy/pull/6493), emanuele-em)
* Fix a bug where logging was stopped prematurely during shutdown.
([6541](https://github.com/mitmproxy/mitmproxy/pull/6541), mhils)
* For plaintext traffic, `ignore_hosts` now also takes HTTP/1 host headers into account.
([6513](https://github.com/mitmproxy/mitmproxy/pull/6513), dsphper)
* Fix empty cookie attributes being set to `Key=` instead of `Key`
([5084](https://github.com/mitmproxy/mitmproxy/pull/5084), Speedlulu)
* Scripts with relative paths are now loaded relative to the config file and not where the command is ran
([4860](https://github.com/mitmproxy/mitmproxy/pull/4860), Speedlulu)
* Fix `mitmweb` splitter becoming drag and drop.
([6492](https://github.com/mitmproxy/mitmproxy/pull/6492), xBZZZZ)
* Enhance documentation and add alert log messages when stream_large_bodies and modify_body are set
([6514](https://github.com/mitmproxy/mitmproxy/pull/6514), rosydawn6)

Breaking Changes

* Subject Alternative Names are now represented as `cryptography.x509.GeneralNames` instead of `list[str]`
across the codebase. This fixes a regression introduced in mitmproxy 10.1.1 related to punycode domain encoding.
([6537](https://github.com/mitmproxy/mitmproxy/pull/6537), mhils)