March Update broke Fiddler Public API

Progress® Telerik® Fiddler™ Classic Feedback Portal

Create an account Log In

Back to Feed

Request a Feature Report a Bug

Won't Fix

Last Updated: 03 Apr 2025 05:39 by ADMIN

Eric

Created on: 31 Mar 2025 15:12

Type: Bug Report

March Update broke Fiddler Public API

It appears that the latest version of Fiddler breaks Fiddler's public interface. The `Fiddler.WebFormats.JSON` interface no longer appears to be available, breaking extensions and scripts that depend upon it.

---------------------------
Failed to import NetLog
---------------------------
Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report at http://www.telerik.com/forums/fiddler.

Could not load type 'JSONParseErrors' from assembly 'Fiddler, Version=5.0.20253.3311, Culture=neutral, PublicKeyToken=null'.

Type: System.TypeLoadException
Source: FiddlerImportNetlog
at FiddlerImportNetlog.NetlogImporter..ctor(StreamReader oSR, List`1 listSessions, EventHandler`1 evtProgressNotifications)

at FiddlerImportNetlog.NetLogFormatImport.ImportSessions(String sFormat, Dictionary`2 dictOptions, EventHandler`1 evtProgressNotifications)

Fiddler v5.0.20253.3311 (x64 AMD64) [.NET 4.0.30319.42000 on Microsoft Windows NT 10.0.26100.0]
---------------------------
OK
---------------------------

3 comments

ADMIN

Nick Iliev

Posted on: 03 Apr 2025 05:39

Hey Eric,

I understand your point, but please note that we now use comprehensive security analysis tools like Veracode and Polaris. The decision was based on the results of the security scans and was not taken lightly. Given the current dynamics surrounding security concerns, using a decade-old library is not necessarily a wise choice. Since an alternative package is already available in .NET that can substitute for the third-party library, we have decided to move forward and update the dependency.

Still, the team will consider whether to expose WebFormats.JSON as an alternative public API. I will update this thread if we decide to implement that one.

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Eric

Posted on: 01 Apr 2025 20:38

While I'm very skeptical about the claim of a security problem (the code in question is managed C# and performs simple string processing), even if it was necessary to remove it, the correct way to do so would be to expose the existing WebFormats.JSON public interface with a different backing implementation.

As it stands now, you've broken an interface that's ~ a decade old, and this is really crummy.

ADMIN

Nick Iliev

Posted on: 01 Apr 2025 07:53

Hello Eric,

The extension has been removed from the latest version of Fiddler Classic because it was identified as a potential security risk during our assessment of the tool. Fiddler Classic now uses the .NET JSON parser instead of relying on a third-party dependency.

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.