@Nick-- The whole point is that the security dialogs are pointless. An attacker that has the ability to modify Fiddler's configuration to have their extension loaded can ALSO modify Fiddler's code to remove the security check, or modify the registry to "pre-approve" their own extensions.

This feature never should have been implemented, and it worries me that it was because it suggests that the security team does not understand the threat model.

I agree this needs to be fixed.  I use Fiddler Classic daily for dev troubleshooting, and I reflexively clicked the download now on the new version.  After it finished installing, I started getting the prompts for dll's even though I have no custom plugins installed that I know of.  At first I thought the product had been compromised and malware was being distributed, so immediately began searching online for information about this version - nothing is documented, not even on the release notes on Telerik, which really made me think we had just downloaded a compromised version from some foreign source.  Only when I stumbled on a Twitter/Bluesky post from Eric Law which pointed me to this Bug Report, did I realize that this product update was indeed intentional.  This is very dangerous and confusing to make a product suddenly appear like Malware.  I have manually downgraded to 20245 from an old installer exe and am concerned about any future updates.

The failure to load the Transcoder is caused by this block inside the new `fiddler.exe.config` file:

    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.IO.Compression" publicKeyToken="b77a5c561934e089" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0" />
      </dependentAssembly>
    </assemblyBinding>

 
When this is present, there's a File Not Found exception when trying to load the non-existent 4.2 version.