Releases: MetaCubeX/mihomo
Releases · MetaCubeX/mihomo
Release list
Prerelease-Alpha
Release created at Wed Jul 1 19:06:15 CST 2026
Synchronize Alpha branch code updates, keeping only the latest version
我应该下载哪个文件? / Which file should I download?
二进制文件筛选 / Binary file selector
查看文档 / Docs
What's Changed
- feat: convert support session-table and session-length for xhttp-opts fields by @legiz-ru in #2889
- feat: add
rematchoutbound type andREMATCH-NAMErule type by @Medium1992 in #2862 - fix: guard snell pooled connection reuse state by @xream in #2878
- chore: bump mieru version to 3.34.0 by @enfein in #2899
- feat: support custom peer-info for openvpn outbound by @Easy-Ez in #2926
New Contributors
- @Medium1992 made their first contribution in #2862
- @Easy-Ez made their first contribution in #2926
Full Changelog: v1.19.27...Prerelease-Alpha
v1.19.27
What's Changed
- 90b1066 feat: add ping keepalive support for OpenVPN (#2859) by @puppywang
- fd2112e feat: add built-in proxy PASS-RULE (#2873) by @echsfxy
- 1e62d55 feat: add
empty-fallbackto group options allows for customization instead of hardcodingCOMPATIBLEby @wwqgtxx - 317bfc2 feat: add
allow-insecureconfig to anytls/trojan/vless listeners for nginx/caddy front users by @wwqgtxx - 358fa5e feat: add
age-secret-keyfor proxy-provider and-age-secret-keyfor cmdline to support age armor format config decryption by @wwqgtxx - bd72c65 feat: remove
global-client-fingerprint, please setclient-fingerprintdirectly on the proxy instead by @wwqgtxx - e928ef5 feat: add
path-in-bundleto rule-providers to support extract from BundleMRS.7z when the local file does not exist by @wwqgtxx
BUG & Fix
- 1184850 fix: quic sniffer out-of-bounds read causes process crash via single UDP packet by @guanni Qu
- 1abd126 fix: validation error handling for age-secret-key by @wwqgtxx
- 5184081 fix: socks4 readUntilNull unbounded memory allocation by @guanni Qu
- 5bdb1cc fix: trojan protocol WaitReadFrom panic via oversized UDP relay length field by @guanni Qu
- 9761bcd fix: exchangeQUIC not fully respecting context by @wwqgtxx
- c710025 fix: readMsg in doq out-of-bounds access by @wwqgtxx
- dafdd06 fix: variable capture in dns outbound by @wwqgtxx
- dbaf85b fix: vision TLS filter out-of-bounds read via crafted session_id length by @guanni Qu
Maintenance
- 01edf45 chore: improve internal api by @wwqgtxx
- 316f5df chore: add WithDialer option to component/http for api user by @wwqgtxx
- ab56858 chore: sync sudoku v0.4.7 optimizations (#2879) by @saba-futai
- b60e687 chore: support convert age-secret-key to age-public-key for build-in age tool by @wwqgtxx
- d7ac7b5 chore: support std input/output for age encrypt/decrypt tool by @wwqgtxx
- f99d4e1 chore: adjust internal age component api by @wwqgtxx
Full Changelog: v1.19.26...v1.19.27
v1.19.26
What's Changed
- 52edebd feat: add snell version 4/5 outbound and inbound (#2817) by @xream
- 7a6a650 feat: support OpenVPN CBC ciphers (#2818) by @romanov Caesar
- ff98700 feat: support CHACHA20-POLY1305 data cipher for OpenVPN (#2798) by @Lanlan13-14
- fc8c5a2 feat: support comp-lzo for OpenVPN (#2841) by @zhiqiang Zhang
- 2dd7d59 feat: support MD5/SHA384/SHA512 OpenVPN auth methods by @wwqgtxx
- f1c3656 feat: support AES-192-GCM/AES-192-CBC OpenVPN data ciphers by @wwqgtxx
- f30a64f feat: support hysteria2 gecko obfs by @wwqgtxx
BUG & Fix
- 03e1f44 fix: interface structs do not copy correctly by @wwqgtxx
- 301d580 fix: compile issue of tailscale-wireguard-go dependency by @wwqgtxx
- 3809a03 fix: stack panic after dispatcher attach nil by @wwqgtxx
- 38cb06d fix: hysteria2 realm stun domain resolve by @wwqgtxx
- 4065583 fix: masque retry condition by @wwqgtxx
- 5639e93 fix: improve OpenVPN transport reliability (#2824) by @romanov Caesar
- 8c26d61 fix: tproxy did not pass the additions correctly by @wwqgtxx
- a2aca02 fix: pinger in tailscale not under our control by @wwqgtxx
- a52a27e fix: errors.ErrUnsupported backport by @wwqgtxx
- a531449 fix: missing param passing in vless listener config by @wwqgtxx
- b230c90 fix: shadowtls v3 client HMAC handling for TLS 1.3 HelloRetryRequest by @wwqgtxx
- d2fcf71 fix: tailscale panic when working with dialer-proxy by @wwqgtxx
- f69331f fix: config struct not exported by @wwqgtxx
Maintenance
- 060711f chore: more netip.AddrPort using in tproxy by @wwqgtxx
- 0ddf4bb chore: update sing-tun by @wwqgtxx
- 0dec35e chore: always dial tcp on netstack for tailscale by @wwqgtxx
- 31ece04 chore: upgrade the embedded xsync.Map to v4.5.0 by @wwqgtxx
- 5b28a0e chore: optimize sudoku packed hot paths (#2833) by @saba-futai
- 6e15299 chore: remove AF_ALG in tailscale-wireguard-go by @wwqgtxx
- 72f133f chore: more logging for tailscale debug by @wwqgtxx
- 8f2d84f chore: update mieru version to v3.33.0 (#2840) by @enfein
- a05c94b chore: make the proxydialer module no longer directly depend on the tunnel module by @wwqgtxx
- b1a07d2 chore: remove unnecessary member variables added by xsync/v3 by @wwqgtxx
- cb652dd chore: make the handler-related SNAT key in NewPacket by @wwqgtxx
- d27f320 chore: use pre-go1.27 tls.QUICConfig.ClientHelloInfoConn API for quic-go to avoid cloning tls.Config by @wwqgtxx
- d60b336 chore: use mihomo name & ver to tailscale reported ver to avoid update prompts (#2801) by @ayanamist
- d610afe chore: clear parameter passing by @wwqgtxx
- e9e23c4 chore: tailscale must be compiled under the
with_gvisorbuild tag by @wwqgtxx - f2da5b7 chore: reduce internal circular dependencies by @wwqgtxx
Full Changelog: v1.19.25...v1.19.26
v1.19.25
What's Changed
- 571925d feat: add Tailscale outbound support (#2786) by @汐殇
- 7af9eeb feat: add OpenVPN outbound support (#2785) by @romanov Caesar
- 6ea4373 feat: support auth-user-pass and AES-256-GCM for OpenVPN (#2787) by @ekko
- 5e22035 feat: add GOST relay outbound proxy type (#2795) by @ztywyj
- 98aa7e6 feat: support
realm-optsfor hysteria2 outbound and listener by @wwqgtxx - 787dbfc feat: support setting
realm-opts.proxyfor hysteria2 listener by @wwqgtxx - 2ffd962 feat: support hysteria2-realm listener by @wwqgtxx
- 8b8eae5 feat: support simple-obfs for shadowsocks listener by @wwqgtxx
BUG & Fix
- 0003e14 fix: trusttunnel listener panic by @wwqgtxx
- 17bed79 fix: tsnet panic for tailscale by @wwqgtxx
- 2f51cb0 fix: conn maybe not closed in error handling by @wwqgtxx
- 2f6ce20 fix: tailscale not use configured dialer for captive detection by @wwqgtxx
- 35d5d4e fix: CVE-2026-39825 for net/http by @wwqgtxx
- 388d958 fix: remove unstable warning for tailscale by @wwqgtxx
- 5df45b2 fix: typo in default alpn by @wwqgtxx
- 7a646e8 fix: correctly configure the HTTP/2 scheduled ping parameters in masque h2 mode by @wwqgtxx
- 802b0b2 fix: netlink permission denied on android for tailscale by @wwqgtxx
- 8a28dce fix: validate Linux process netlink matches by @xream
- 95946a5 fix: net/http.Transport's UnencryptedHTTP2 does not work TLS without ALPN by @wwqgtxx
- 98aa42e fix: convert place disguise host in h2-opts.host for legacy base64-JSON VMess (#2739) by @wangwei354
- 9e97dc0 fix: tailscale not use configured dialer for netstack forwardTCP by @wwqgtxx
- aae5812 fix: net/http.Server's UnencryptedHTTP2 does not work TLS without ALPN by @wwqgtxx
- b3104a5 fix: panic in vless xhttp h3 mode when quic dial fails (#2736) by @beck
- cc376ac fix: skip TTL update for OPT records by @wwqgtxx
- d2acf45 fix: hysteria2 realm server reaper loop by @wwqgtxx
- e933ca8 fix: netlink permission denied on android for tailscale by @wwqgtxx
- f5cfb8d fix: convert emit HTTP2Options-shaped h2-opts for share-link HTTP/2 transport (#2737) by @wangwei354
- fd31419 fix: wrong function call in SetWriteDeadline (#2790) by @aaron Chen
- ffe6e42 fix: conn maybe not closed in error handling by @wwqgtxx
Maintenance
- 00e6df5 chore: close http2 connections when closing client in doh by @wwqgtxx
- 028b480 chore: remove unused http server code by @wwqgtxx
- 163ce6a chore: add mlkem768x25519-sha256 key exchange algorithm to ssh outbound by @wwqgtxx
- 1fea551 chore: verify adapter can parse convert's result in its test by @wwqgtxx
- 263d06d chore: allow passing tunnel when creating the proxy by @wwqgtxx
- 2a8da25 chore: handle the possibility of multiple ClientTrace.GotConn calls by @wwqgtxx
- 2d94970 chore: using new net/http api in masque h2 mode by @wwqgtxx
- 2f11d96 chore: use our internal DNS resolution logic for tailscale by @wwqgtxx
- 3d3af1f chore: respect outbound dns prefer when resolve UDP by @wwqgtxx
- 3fb93bd chore: using new net/http api in gun and xhttp listener by @wwqgtxx
- 44c9423 chore: code cleanup by @wwqgtxx
- 81bea65 chore: using new net/http api in vmess h2 client by @wwqgtxx
- 82621cd chore: always safe UUID generation by @wwqgtxx
- 8bc7d3e chore: using new net/http api in doh client by @wwqgtxx
- 8d53952 chore: remove unused xhttp options in download-settings by @wwqgtxx
- 8f69ad9 chore: better uuid generation by @wwqgtxx
- 993d1b6 chore: add stun retry and lazy server start for realm by @wwqgtxx
- a1c68a4 chore: using new net/http api in reality client fallback by @wwqgtxx
- ac6f6d0 chore: tailscale using ListenPacket for UDP by @wwqgtxx
- b03aa5d chore: remove race code in wireguard implementation by @wwqgtxx
- b8b4439 chore: using new net/http api in trusttunnel listener by @wwqgtxx
- bb2f57b chore: using new net/http api in xhttp client by @wwqgtxx
- c27446a chore: using new net/http api in gun client by @wwqgtxx
- c59c99a chore: handle context cancellation in xhttp client dialing by @wwqgtxx
- c98e67a chore: using new net/http api in trusttunnel client by @wwqgtxx
- df1c5e5 chore: relax sudoku user configuration (#2757) by @saba-futai
- f333359 chore: move magic close http2 connections function to own fork by @wwqgtxx
- f5f9e59 chore: update sing-tun by @wwqgtxx
- faa58f2 chore: add some comments for using the new net/http API by @wwqgtxx
Full Changelog: v1.19.24...v1.19.25
v1.19.24
What's Changed
- cacd01a feat: add h3 mode support for xhttp client (#2686) by @Hanahime
- 61dc7b1 feat: add http1.1 mode support for xhttp client by @wwqgtxx
- 2337d70 feat: support xhttp new options for bypassing CDN's potential detection by @wwqgtxx
- 6791df1 feat: support
h-keep-alive-periodto xhttp reuse-settings by @wwqgtxx - 700e25f feat: support
sc-max-buffered-postsfor xhttp listener by @wwqgtxx - f109b8b feat: support range format for xhttp
sc-max-each-post-bytesby @wwqgtxx - ad91303 feat: support upload packet merging in packet-up mode and
sc-min-posts-interval-mssettings for xhttp transport by @wwqgtxx - a847246 feat: convert support new xhttp-opts fields (#2734) by @legiz-ru
- 80072eb feat: support range format for hysteria2
hop-intervalby @wwqgtxx - 1b2ea14 feat: support ipv6 dual stack fallback for masque/trusttunnel/xhttp h3 mode by @wwqgtxx
- 808c0d6 feat: support ipv6 dual stack fallback for hysteria2 by @wwqgtxx
- fdafea3 feat: support ipv6 dual stack fallback for tuic by @wwqgtxx
- 885244a feat: support
network: h2for masque outbound by @wwqgtxx - db25932 feat: support
bbr-profilefor hysteria2/tuic/trusttunnel/masque by @wwqgtxx - d701d1c feat: add
-post-upand-post-downflags for cmdline by @wwqgtxx - 8a029da feat: add
/storageendpoint with Get, Put, and Delete methods for restful api by @Zephyruso
BUG & Fix
- 0495d29 fix: convert normalize VLESS share-link transport mapping (#2694) by @slackworker
- 0f71808 fix: masque h2 conn lifecycle management by @wwqgtxx
- 299a63f fix: quic underlay packetConn maybe not closed in doh3/doq by @wwqgtxx
- 299fd33 fix: race in websocket with early data by @wwqgtxx
- 2fbed16 fix: don't add ":80" to Host for vmess http obfs by @wwqgtxx
- 4387c67 fix: race for hysteria2 salamander by @wwqgtxx
- 4f927ca fix: CVE-2026-33814 for net/http by @wwqgtxx
- 6fb9d9e fix: max payload size estimation on datagram queueing for quic-go by @wwqgtxx
- 83ac220 fix: convert accept obfs/obfs-host as aliases for mode/host in ss v2ray-plugin URL (#2712) by @beck
- 9613f02 fix: random panic by race in proxy id init by @wwqgtxx
- 96a6962 fix: quic underlay packetConn maybe not closed in masque by @wwqgtxx
- acc4f62 fix: quic underlay packetConn not closed in trusttunnel h3 mode by @wwqgtxx
- b00c985 fix: race in h2mux read by @wwqgtxx
- d4b3d23 fix: race in trusttunnel read by @wwqgtxx
- db63ffb fix: quic underlay packetConn not closed in xhttp h3 mode by @wwqgtxx
- e4099f0 fix: prevert body not close where conn is already closed before setup for sing-mux and trusttunnel by @wwqgtxx
- ec664a5 fix: option name typo in listener by @wwqgtxx
- f0ad835 fix: BBR scale window for datagram size by @wwqgtxx
- fcbcd10 fix: race in quic get congestion by @wwqgtxx
Maintenance
- 0325361 chore: add test for xhttp over vless encryption by @wwqgtxx
- 0e0265f chore: simplify gotConn handling by @wwqgtxx
- 1bee590 chore: reduce data copy in read packet for masque by @wwqgtxx
- 20cb280 chore: simplify error handling code by @wwqgtxx
- 2247c0e chore: async xhttp RoundTrip to let some CDN/reverse proxy happy (#2719) by @kyber1024
- 2cfff83 chore: let xhttp server passing stream-one and stream-up mode test under http1 by @wwqgtxx
- 37942ce chore: remove unused timeout in socks5 over tls by @wwqgtxx
- 3d6add3 chore: align internal logic by @wwqgtxx
- 3f2b0ba chore: test dialer should be created by test tunnel by @wwqgtxx
- 4814c72 chore: add mode restrictions test back by @wwqgtxx
- 4985802 chore: add test for packet upload queue by @wwqgtxx
- 5b013f2 chore: code cleanup by @wwqgtxx
- 6b07683 chore: better DialQuic interface by @wwqgtxx
- 6c407f0 chore: rebuild upload queue logic by @wwqgtxx
- 7ab4eed chore: handling edge cases where the transport may dial more than once in test by @wwqgtxx
- 7abf290 chore: update quic congestion pacer by @wwqgtxx
- 7b73775 chore: add short circuit logic for dual stack dial to decrease unnecessary goroutine by @wwqgtxx
- 7e83399 chore: update comments to clarify why need retry in TestDialer by @wwqgtxx
- 8c1b1a3 chore: check
sc-max-each-post-bytesgreater than zero if set by @wwqgtxx - a450080 chore: skip sudoku http mask test on windows again by @wwqgtxx
- ab3746a chore: update mieru version (#2687) by @enfein
- b0ea75b chore: using NewClientConn directly instead of the built-in connection pool for masque h2 mode by @wwqgtxx
- c39b680 chore: remove unused limit on concurrent dialing in xhttp client by @wwqgtxx
- cac4891 chore: add deadline wrapper for trusttunnel server by @wwqgtxx
- d4c4b28 chore: allow overriding sing-mux internal tcpTimeout value for testing by @wwqgtxx
- d801e6b chore: align with trusttunnel's official session reuse logic (#2683) by @maxim
- d8cb32b chore: move tuic special types to a new package by @wwqgtxx
- d9c447a chore: remove unneeded copy in uploadQueue by @wwqgtxx
- df6a5d3 chore: add TestDialer to retry when dial fails for local testing by @wwqgtxx
- dfc888d chore: update default headers in xhttp by @wwqgtxx
- e0a42d4 chore: remove strict timeout restrictions in test for slow github action by @wwqgtxx
- e1bdfba chore: update dlclark/regexp2 by @wwqgtxx
- e38aa82 chore: don't force bind interface when using fd for tun by @wwqgtxx
- ebc41ea chore: update mieru version (#2721) by @enfein
- f425c81 chore: read as much data as possible from the reader by @wwqgtxx
- f5183da chore: correct the xhttp reuse-settings item order by @wwqgtxx
- fa081fb chore: rebuild masque h2 conn read logic by @wwqgtxx
- fe7f3d6 chore: rebuild
max-connectionslogic inreuse-settingsby @wwqgtxx
Full Changelog: v1.19.23...v1.19.24
v1.19.23
What's Changed
- d131991 feat: add
reuse-settingssupport for vless xhttp (aka xmux) (#2670) by @Nemu-x - f3b0581 feat: convert support xhttp subscriptions (#2671) by @legiz-ru
- 4f5ad97 feat: convert support xhttp reuse-settings (aka xmux) (#2675) by @legiz-ru
- 7709554 feat: add
max-connections,min-streamsandmax-streamsoptions togrpc-optsby @wwqgtxx - 7f6ac1d feat: support
sc-stream-up-server-secsandno-sse-headerfor xhttp listener by @wwqgtxx - 8b37e99 feat: support
sc-max-each-post-bytesfor xhttp client and listener by @wwqgtxx - caacf7a feat: add
max-connections,min-streamsandmax-streamsoptions to trusttunnel client by @wwqgtxx - Updated to the Golang 1.26.2 toolchain, fixing some security CVEs.
BUG & Fix
- 49e5854 fix: CVE-2026-32283 for crypto/tls by @wwqgtxx
- 5d8e2d2 fix: gun reader error handling by @wwqgtxx
Maintenance
- 0cb5141 chore: respect mode restrictions for xhttp listener by @wwqgtxx
- 3db64d0 chore: add get tls connection state function in component/tls by @wwqgtxx
- 428b7ad chore: remove unneeded io.ReadFull in gun reader by @wwqgtxx
- 4730f67 chore: update sing-tun by @wwqgtxx
- 5e8bd85 chore: skip kcptun test on windows go1.20 by @wwqgtxx
- 6687ae1 chore: better stream-up server implement by @wwqgtxx
- 6a2b0db chore: optimized sudoku read/write performance (#2678) by @saba-futai
- 78e4b84 chore: remove unused code in h2ConnWrapper by @wwqgtxx
- 7923f1a chore: rebuild reuseManager code by @wwqgtxx
- 871e6d1 chore: rebuild xhttp inbound test by @wwqgtxx
- 979305d chore: cleanup condition for authentication by @wwqgtxx
- 97c526f chore: add TLSConn interface and not depend on *tls.Conn type for our net/http fork by @wwqgtxx
- 98b2499 chore: align internal logic by @wwqgtxx
- 9f38a26 chore: follow upstream server's keepalive settings for http proxy by @wwqgtxx
- c48f592 chore: merge duplicate code by @wwqgtxx
- e5f05aa chore: don't need to close connection if content length is positive numbers for http proxy by @wwqgtxx
Full Changelog: v1.19.23...v1.19.22
v1.19.22
What's Changed
- 18fcfc3 feat: support parsing mierus subscription link (#2657) by @enfein
- 357f1ad feat: implement xhttp stream-up and download-settings support (#2655) by @Nemu-x
- 530c6b4 feat: add xhttp transport support (#2645) by @Nemu-x
- 56379b7 feat: implement download-settings for packet-up mode by @wwqgtxx
- 61c1358 feat: add
ping-intervaltogrpc-optsby @wwqgtxx
BUG & Fix
- 0a05ef8 fix: custom grpc-user-agent not working (#2620) by @alex
- 2d34ecf fix: panic on trojan dial error by @wwqgtxx
- 3148643 fix: close conn after peek failed in mixed listener (#2621) by @hunshcn
- 416f769 fix: default xhttp padding to 100-1000 when not set (#2647) by @Nemu-x
- 576a442 fix: remove unused sc-max-concurrent-posts option (#2654) by @Nemu-x
- 60f3205 fix: conceal the h2-special typed error for gun server by @wwqgtxx
- 719d3eb fix: prevent deadlock in gun.Conn.Close when initReader is in progress (#2651) by @beck
- 7e6a7d7 fix: incorrect use the request context in trusttunnel client by @wwqgtxx
- 7fdc122 fix: remove incomplete xhttp config options (#2648) by @Nemu-x
- 809aee8 fix: crash on armv7 synology's linux by @wwqgtxx
- ba42eb4 fix: multiple hosts unsupported by net/url after go1.26 by @wwqgtxx
- c36090a fix: download servername override by @wwqgtxx
- d0f3312 fix: incorrect OPT RR filter order (#2634) by @woaihsw
- dd3a149 fix: transport not closed in xhttp client by @wwqgtxx
- e28fe24 fix: incorrect use of hyphen by @wwqgtxx
- f82a365 fix: correct inverted error check in getTunnelName (#2659) by @rulong Chen(陈汝龙)
Maintenance
- 0120b1d chore: add logging for get tun name from fd by @wwqgtxx
- 018a291 chore: better lifecycle management by @wwqgtxx
- 08a3aaa chore: rebuild gun code by @wwqgtxx
- 132800e chore: more code sharing by @wwqgtxx
- 29fed6e chore: rebuild packet up writer by @wwqgtxx
- 3a3a5b6 chore: move xhttp configuration checks to proxy created by @wwqgtxx
- 4500802 chore: update proxygroup interface by @wwqgtxx
- 45587c5 chore: adjust sing-mux test by @wwqgtxx
- 6517d2a chore: align with legacy behavior by @wwqgtxx
- 73465fe chore: align to sudoku v0.4.0 (#2661) by @saba-futai
- 77a4cc4 chore: code cleanup by @wwqgtxx
- 7d6ee8d chore: move sharing code to common/httputils by @wwqgtxx
- 7fd9860 chore: unify internal coding style by @wwqgtxx
- 8795cd6 chore: clean up unused function args by @wwqgtxx
- 8c6c6d5 chore: align the way of getting addr and deadline in conn by @wwqgtxx
- 9664ca2 chore: add procfs fallback for android findProcess (#2639) by @alexandr Andreev
- ae374f6 chore: remove unreachable code by @wwqgtxx
- b3c8160 chore: reduce the inherent 1rtt in httpmask mode for sudoku (#2610) by @saba-futai
- c3dc85e chore: rebuild xhttp stream-up and download-settings code by @wwqgtxx
- c9bc2d3 chore: don't modify msg when getting minimalTTL by @wwqgtxx
- db36787 chore: update patch file for goissue77975 by @wwqgtxx
- dd4eb63 chore: avoid the request context never being canceled in trusttunnel client by @wwqgtxx
Full Changelog: v1.19.21...v1.19.22
v1.19.21
What's Changed
- 20bf57c feat: add
disable-reuseparams for DoT by @wwqgtxx - 4ca5158 feat: support trusttunnel inbound and outbound by @wwqgtxx
- 9033717 feat: sudoku support ws transport (#2589) by @saba-futai
- c251e41 feat: support mieru traffic pattern configuration (#2585) by @enfein
BUG & Fix
- 05fbf55 fix: make User-Agent check case-insensitive (#2566) by @panda
- 3035ae8 fix: correct typo in ProxyGroup health check log message (#2575) by @hung-i Wang
- 3752cb0 fix: CVE-2026-26958 of filippo.io/edwards25519 by @wwqgtxx
- 445083b fix: override interface-name broken by @wwqgtxx
- 4c35436 fix: race condition in mieru inbound test (#2606) by @enfein
- 5048040 fix: rollback sing-tun commit by @wwqgtxx
- 5eaf5d1 fix: quic gso maybe not working with pppoe by @wwqgtxx
- 68ca83f fix: windows crash for golang1.26 on WSARecvFrom syscall by @wwqgtxx
- 7bdeaab fix: update patch file for go1.26.1 by @wwqgtxx
- 9dee264 fix: udp/icmp not work on gso with system stack by @wwqgtxx
- a2bf158 fix: protobuf cause various binaries are significantly bigger when building with Go 1.26 by @wwqgtxx
- b7b05e0 fix: udp/icmp not work on gso with mixed stack by @wwqgtxx
- c68af86 fix: update patch file for go1.25.8 by @wwqgtxx
- dda1d52 fix: unable to start mieru inbound when traffic-pattern is not set (#2590) by @enfein
- df1a244 fix: regression segfault on linux 3.4 on mipsle by @wwqgtxx
- e4143cf fix: tun doesn't clean up the DNS setting in systemd-resolved when closed by @wwqgtxx
Maintenance
- 002e457 chore: rollback to the generic method for handling UTLS fingerprints by @wwqgtxx
- 0045935 chore: add some UTLS fingerprint names that explicitly do not contain X25519MLKEM768 by @wwqgtxx
- 30391b4 chore: unified UA settings method by @wwqgtxx
- 3aa668c chore: update patch file for goissue77975 by @wwqgtxx
- 43509da chore: simplify gun code by @wwqgtxx
- 60a9312 chore: structure support remain-tagged field by @wwqgtxx
- 6eb27ac chore: align with legacy behavior by @wwqgtxx
- 7f772de chore: simplify masque certificate verification by @wwqgtxx
- 836c972 chore: cleanup unreachable code by @wwqgtxx
- 9fda032 chore: structure unifies the way to handle top-level and sub structs by @wwqgtxx
- a48da7d chore: simplify reality verifier code by @wwqgtxx
- a949ad8 chore: update golang to 1.26 by @wwqgtxx
- bf610c3 chore: update dependencies by @wwqgtxx
- c3399fd chore: better logging for removed configurations by @wwqgtxx
- fcf780a chore: reopen mieru inbound windows test by @wwqgtxx
Full Changelog: v1.19.20...v1.19.21
v1.19.20
What's Changed
- 828fd30 chore: support connection reuse for DoT by @H1JK
- 3c526ae feat: add
query-server-nameforech-optsby @wwqgtxx - dede56f feat: add
proxy-server-nameserver-policytodnssection by @wwqgtxx - e45c896 feat: support masque outbound by @wwqgtxx
- f94da9f chore: fingerprint verifier handle non-leaf certificate will check the SNI matches the certificate's DNS name by @wwqgtxx
BUG & Fix
- 2cfc4ba fix: CVE-2025-68121 for crypto/tls again and again by @wwqgtxx
- 3279966 fix: quic data race for crypto/tls by @wwqgtxx
- 3ac6215 fix: race condition of tcpConcurrent in dialer (#2556) by @chenx Dust
- 75a0cd5 fix: file exists when tun start by @wwqgtxx
- 85c024a fix: snat key in sudoku packet listener by @wwqgtxx
- d18a14a fix: snat key in trojan packet listener by @wwqgtxx
- e3b8fc2 fix: hy2 listener panic with http/https masquerade by @wwqgtxx
- f52c935 fix: CVE-2025-68121 for crypto/tls again by @wwqgtxx
Maintenance
- 022f677 chore: cleanup hostValue code by @wwqgtxx
- 034f1d1 chore: disallow empty
proxy-server-nameserverwhenproxy-server-nameserver-policyis set by @wwqgtxx - 0c995a2 chore: move proxiesWithProviders to hub/route internal to disallow external usage of this poorly implemented function by @wwqgtxx
- 18d139a chore: rollback tls to restore the session resumption functionality in quic-go by @wwqgtxx
- 1e1434d chore: remove an unnecessary variable by @wwqgtxx
- 26052ba chore: remove confused varbin using in sing by @wwqgtxx
- 27a3ca6 chore: converter support fingerprint for vmess/vless/trojan by @wwqgtxx
- 3bca69c chore: add some comments for the fingerprint verifier by @wwqgtxx
- 46ee164 chore: hy2 listener fellow hysteria2's code skip verify in https masquerade by @wwqgtxx
- 5516ca1 chore: code cleanup by @wwqgtxx
- 5e1b133 chore: more callback support for utls by @wwqgtxx
- 5fda87d chore: update sing-tun by @wwqgtxx
- 65c3d3e chore: remove unreachable code in sudoku by @wwqgtxx
- 6aaabc9 chore: decrease unneeded string convert in socks5 addr parsing by @wwqgtxx
- 707fe8b chore: remove auto IDNA conversion in domain rules by @wwqgtxx
- 710772f chore: add simple validation for static dialer-proxy config (#2551) by @sleshep
- 7573aff chore: better logging in masque outbound by @wwqgtxx
- 86257fc chore: remove reflect-based provider override code by @wwqgtxx
- 8b0bcb6 chore: better generator by @wwqgtxx
- 97f2525 chore: code cleanup by @wwqgtxx
- 98b3060 chore: optimize timeout control in DoH TLS probe by @wwqgtxx
- 993595d chore: switch to our own common/orderedmap package, remove two unneeded json dependence by @wwqgtxx
- b901006 chore: using mihomo's global pool in DoQ by @wwqgtxx
- c33c90d chore: clean up duplicate code in sudoku by @wwqgtxx
- d36b024 chore: align sudoku with upstream v0.2.0 (#2549) by @saba-futai
- e03ba23 chore: update logrus by @wwqgtxx
- f2222b5 chore: code cleanup by @wwqgtxx
Full Changelog: v1.19.19...v1.19.20
v1.19.19
What's Changed
- 06387d5 feat: support
fake-ip-filter-mode: rulemode (#2469) by @david - 06f5fba feat: add
path-rootfor sudoku (#2511) by @saba-futai - 0ad9ac3 feat: support aes-128-gcm,
ratelimitandframesizefor kcptun by @wwqgtxx - 19a6b5d feat: support rule disabling and hit/miss count/at tracking in restful api (#2502) by @potoo0
- 487de9b feat: add
PROCESS-NAME-WILDCARDandPROCESS-PATH-WILDCARDby @wwqgtxx - 498f81a feat: add header support for rule provider (#2463) by @joshua
- 4d76703 feat: all dns client support
disable-qtype-<int>params by @wwqgtxx - 7daf37b feat: support
http-mask-mode,http-mask-tlsandhttp-mask-hostfor sudoku (#2456) by @saba-futai - d6b1263 feat: support
http-mask-multiplexfor suduko (#2482) by @saba-futai - f38fc20 feat: add
grpc-user-agenttogrpc-opts(#2512) by @shaw - 97bce45 chore: deprecated
global-client-fingerprint, please setclient-fingerprintdirectly on the proxy instead by @wwqgtxx - Note: This version includes fixes for several security vulnerabilities in the utls and Golang tls standard libraries.
BUG & Fix
- 10f4beb fix: only clear dstIP if it is confirmed to be a fake IP by @wwqgtxx
- 1a6230e chore: update mieru version (#2484) by @enfein
- 4f0a6fa fix: gvisor panic by @wwqgtxx
- c393e91 fix: gvisor compatibility on go1.26 by @wwqgtxx
- c456370 fix: missing context cancel in pullLoop by @wwqgtxx
- c5b0f00 fix: logic issues with BBR impl by @toby
- e6bf56b fix: os.(*Process).Wait not working on Windows7 by @wwqgtxx
- e6c0e3b fix: handle
geoip:lanwhen GetRecodeSize() (#2460) by @HolgerHuo - edbfebe fix: CVE-2025-68121 for crypto/tls by @wwqgtxx
- ee37a35 fix: incorrect timestamp conversion in brutal by @wwqgtxx
Maintenance
- 0818aa5 chore: provider a common entrance for YAML package by @wwqgtxx
- 0cf37de chore: better time storage in rule wrapper by @wwqgtxx
- 0cffc8d chore: revert "chore: update quic-go to 0.58.0" by @wwqgtxx
- 0f2baca chore: refactored the implementation of suduko mux (#2486) by @saba-futai
- 10ef29f chore: apply global ca in sudoku code by @wwqgtxx
- 11000dc chore: add common/deque package by @wwqgtxx
- 1a6230e chore: update mieru version (#2484) by @enfein
- 1f8bee9 chore: force to disable mptcp for tproxy by @wwqgtxx
- 287f9e5 chore: temporarily skip mieru inbound test in go1.26 on windows by @wwqgtxx
- 4f9bfd2 chore: add some comments for the finalizer by @wwqgtxx
- 64015b7 chore: update quic-go to 0.58.0 by @wwqgtxx
- 85ba7f6 chore: change import paths in sudoku code by @wwqgtxx
- 9168bee chore: align internal logic by @wwqgtxx
- 94c8d60 chore: simplified logic rule parsing by @wwqgtxx
- ae6069c chore: moving rules disabled and hit/miss counts data to
extrafor restful api (#2503) by @potoo0 - b18a335 chore: remove unused pointer in rules implements by @wwqgtxx
- c128d23 chore: update quic-go to 0.59.0 by @wwqgtxx
- c8e33a4 chore: decrease rule wrapper memory usage by @wwqgtxx
- cdabd1e chore: update utls by @wwqgtxx
- eb30d3f chore: add a code comment for tproxy listener by @wwqgtxx
- efb8008 chore: update quic-go to 0.58.1 by @wwqgtxx
Full Changelog: v1.19.18...v1.19.19