Little Snitch 4.0.5

What's new in this version:

Bug Fixes:
- Fixed a kernel panic introduced in Little Snitch 4.0.4 that would occur when a single process established more than two billion outgoing connections
- Fixed multiple issues causing a Connection Alert indicating an internal error related to a code signature mismatch from being shown
- Fixed an issue where scrolling in Little Snitch Network Monitor’s inspector would not work
- Fixed incorrect sorting of Time Machine Backups in Little Snitch Configuration’s “Import from Backup…” sheet

Improvements:
- The Connection Alert now points out if a connection is to or from the local network and offers a new option to create a rule for “Only local network”. Creating such a rule was possible in Little Snitch Configuration, but now you can do this in the Connection Alert, too
- For hostnames that end in .local, the Connection Alert will now create host rules, not domain rules. These rules worked as intended, but it makes more sense to create host rules instead
- A Connection Alert informing about a code signature mismatch is now shown even if Silent Mode is active. This is to prevent processes with an invalid code signature from communicating even in Silent Mode
- If an app changes its bundle identifier in an update, Little Snitch will update any existing rules for that app if the new version is located at the same path and is signed by the same developer. Previously, a Connection Alert indicating a code signature mismatch was shown
- Improved a button label in Connection Alert in case of a code signature mismatch to avoid possible confusion. Previously, it read “Require New Code Signature…” and now it’s “Accept New Code Signature…”
- Improved alert when macOS blocks Little Snitch’s kernel extension from being loaded. In addition to opening the “Security & Privacy” preferences panel, it also switches to the “General” tab, where it must be allowed
- Prevented multiple notifications about incoming connections from the local network to processes without a code signature being shown. Details: In earlier versions, if “Ignore code signature for local network connections” was enabled (in Little Snitch Configuration > Preferences > Security), an allow rule for only the specific IP address of the connecting peer was created and a notification was shown each time this happened. With this change, an allow rule for any incoming connection for the local network will be created and only a single notification will be shown. Note that this does not change what connections are accepted, only how many notifications are shown
- Improved performance when duplicating a large number of rules in Little Snitch Configuration
- Double-clicking an unapproved rule in Little Snitch Configuration to show the rule inspector now only approves the rule if the inspector is closed with the “OK” button, not with the “Cancel” button
- Fixed Little Snitch Network Monitor sometimes showing incorrect hostnames for incoming UDP data. Note that only the names shown were incorrect – the network filter and rules were not affected by this

Internet Access Policy:
- Developers can now specify their name that will be shown to users as the source of the IAP information. Previous versions of Little Snitch used the name as defined in the code signing certificate, but this does not work for apps downloaded from the App Store. See the specification of keys for details
- If the developer’s name is read from the app’s code signing certificate, Little Snitch now shows the name without the country. For example, it’s now “Objective Development”, not “Objective Development, AT”
- Added support for Internet Access Policy files written in JSON format (in addition to the Property List format). See section File format for more information
- Added support for Internet Access Policy files embedded in XPC services. See the section Support for XPC services in the developer documentation for details
- Fixed an issue where developers testing the Internet Access Policy in their apps would not see up-to-date information in Little Snitch, specifically in localizations. Cache invalidation is hard