Releases: v2fly/v2ray-core
v4.38.0
Feature
- FakeDNS: Added
fakedns+others
sniffer , based on #697 . Thanks @yuhan6665 . - TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
- Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
- Routing :
leastPing
balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.
Chore
- Fixed two typo in comments. Thanks @U-v-U
Security Advisory
- TLS connections with dangerous diagnose option
allowInsecure
turn on and without certificate pin withpinnedPeerCertificateChainSha256
will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess withnone
orzero
security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) wheneverallowInsecure
is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.37.3
Feature
Fix
- Cannot load geoip & geosite (#889)
Chore
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.37.2
Features
- Websocket: support browser forwarder (#818)
- Docs: Websocket & BrowserForwarder
- Thanks @RPRX
- Websocket: support Websocket 0-RTT early data (#818)
- Shadowsocks: add replay protection for Shadowsocks proxy (#777) @oif
- DNS: add queryStrategy option for DNS (#794)
- Docs: DNS
- Thanks @Loyalsoldier
- DNS: add disableFallback & skipFallback option for DNS client (#864)
- Docs: DNS
- Thanks @Loyalsoldier
- GeoIP: add inversed GeoIP matching (#860)
- Docs: Routing & DNS
- Thanks @Loyalsoldier
Fixes
- gRPC: add grpcSettings & gunSettings to streamSettings (00879c4) @RPRX
- Protobuf: vprotogen loop dependency (#797) @Loyalsoldier @U-v-U
- DNS: tests timeout due to network instability (#805) @Loyalsoldier
- DNS: remove AA header flag in DNS query (#817) @Loyalsoldier
- TProxy: cannot find IPv6 destination in redirect mode (#815) @mzz2017
- Context: ctx initialization for core.functions (#841) @rurirei
- FakeDNS: set FakeEnable option dynamically (#879) @sixg0000d @Loyalsoldier
- Websocket: Websocket early data 404 bug (#859) @k79e
- Browser Forwarder: cannot load resources on Windows (#849) @dyhkwong
- QUIC: disconnect due to timeout (#850) @bhoppi
Chores
- Log: remove package path prefix in logs (#840 0138017 78c1993) @kslr
- Update protobuf & dependencies & workflows & lint @Loyalsoldier
- Use Go v1.16.3
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.37.1
v4.37.0
Features
- Websocket: support browser forwarder (#818)
- Docs: Websocket & BrowserForwarder
- Thanks @RPRX
- Websocket: support Websocket 0-RTT early data (#818)
- DNS: add queryStrategy option for DNS (#794)
- Docs: DNS
- Thanks @Loyalsoldier
- Shadowsocks: add replay protection for Shadowsocks proxy (#777)
- Docs: Shadowsocks
- Thanks @oif
Fixes
- gRPC: add grpcSettings & gunSettings to streamSettings (00879c4) @RPRX
- Protobuf: vprotogen loop dependency (#797) @Loyalsoldier @U-v-U
- DNS: tests timeout due to network instability (#805) @Loyalsoldier
- DNS: remove AA header flag in DNS query (#817) @Loyalsoldier
- TProxy: cannot find IPv6 destination in redirect mode (#815) @mzz2017
- Context: ctx initialization for core.functions (#841) @rurirei
Chores
- Log: remove package path prefix in logs (#840 0138017 78c1993) @kslr
- VMess: move non-VMessAEAD warning to startup (e87e3d6) @kslr
- Update protobuf & dependencies & workflows & lint @Loyalsoldier
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.36.2
Fixes
- gRPC: fix gRPC max delay unintentionally low (1eaec68) @xiaokangwang
- DomainMatcher: fix core panics when zero domain/full type of rule (#786) @darsvador
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.36.1
⚠️ Do NOT use this release. ⚠️ Bugs are fixed in v4.36.2
Features
- Transport: add
gRPC
/gun
transport. This transport's connections can be relayed over Nginx and other supported CDNs, have an ALPN ofh2
and a built-in mux. (#757 #783)- Docs: Transport & gRPC transport
- Thanks @DuckSoft, @xiaokangwang, @RPRX, @kslr, @maskedeken and an anonymous contributor.
- Proxy: add
loopback
proxy. This proxy allows you to send connections back to router to be routed again. It is a drop-in replacement for modded outbound address anddokodemo-door
setup while using less system resources. (#770)- Docs: Loopback
- Thanks @xiaokangwang @kslr
- Routing: add a faster and more memory-efficient routing rule matcher
MphDomainMatcher
that uses minimal perfect hash. (#743)- Docs: Routing
- Thanks @darsvador
Fixes
- DNS: refine DNS default setting logics in Android (#767) @CalmLong
- FakeDNS: use
198.18.0.0/15
as default FakeDNS IP pool (#779)
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.36.0
Features
- Added gRPC/gun transport. This transport's connections can be relayed over nginx and other supported CDNs, have an ALPN of
h2
and a built-in mux. The documents for transport, gRPC transport have been updated. Thanks @DuckSoft, @RPRX, @kslr and an anonymous contributor. - Added loopback proxy. This proxy allows you to send connections back to router to be routed again. It is a drop-in replacement for modded outbound address and
dokodemo-door
setup while using less system resources. The document for loopback proxy has been updated. Thanks @kslr, @Loyalsoldier.
Fixes
- Refined DNS default setting logics in Android. Thanks @CalmLong.
Chores
- Various maintenance and improvements. Thanks @Loyalsoldier.
v4.35.1
Features
- Support Apple Silicon: add pre-built binary for Apple Silicon named
v2ray-macos-arm64-v8a.zip
(#686) @Loyalsoldier - FakeDNS: add support for
FakeDNS
. FakeDNS will not take effect onRouting
andFreedom
outbound (#395 #406 #696) @yuhan6665 - Outbound: add
streamSetting
/transport
support for outbound front proxy - VMess: add
zero
pseudo encryption for better performance - VMess: add support to disable compatibility for legacy VMess MD5 (#596) @dyhkwong
- Routing: add a faster and more memory-efficient routing rule matcher
HybridDomainMatcher
(#587 #639) @darsvador - DNS: add support to disable DNS cache (#699 #705) @CalmLong
Fixes
- Test: HTTP/2 dial timeout (#570) @kslr
- Trojan: do not panic when UDP dispatcher fails to write response (#599) @maskedeken
- Transport: TCP default ALPN (#716) @AkinoKaede
- DNS: rule index out of range (#727) @Loyalsoldier
Chores
- Use Go v1.16 (#686)
- Refine issue templates (#630)
- Update dependencies
- Change module name to
github.com/v2fly/v2ray-core/v4
(#677)
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default.
- VMess: Only use
zero
pseudo encryption in trusted transport such asTLS
. - FakeDNS: FakeDNS will NOT take effect on
Routing
andFreedom
outbound. - You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
Documents about new features
- FakeDNS:
- Enable
fakedns
fordestOverride
and setmetadataOnly
: https://www.v2fly.org/config/inbounds.html#sniffingobject - Add
fakedns
todns
servers section: https://www.v2fly.org/config/dns.html#dnsobject - [Optional] Add
fakedns
section to config: https://www.v2fly.org/config/fakedns.html
- Enable
- VMess MD5 认证信息淘汰机制
- VMess
zero
pseudo encryption - New routing rule matcher
HybridDomainMatcher
- ProxySetting for
Outbound
- Disable DNS cache
Change log
- An improved version of domain matcher implementation ACAutomatonDomainMatcher(#639) (Hybrid AC Matcher) is added. You can enable it with configuration. The document for routing have been updated. You could expect improvement on both shorter matching time and less memory usage. Thanks @darsvador.
- The support for
FakeDNS
(#395 #406 #696) is added. It will return a synthetic DNS response when clients try to resolve domain name, and restore the domain name when clients connect to the returned address. Documents for DNS, FakeDNS, Sniffer is updated. Thanks @yuhan6665. - Added streamSetting/transport support for outbound front proxy. Document for outbound have been updated.
- The cache of V2Ray's internal DNS can be disabled now(#699). Document for DNS is updated. Thanks @CalmLong.
- You can disable compatibility for legacy VMess MD5(#596). Document for VMess have been updated. From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Thanks @dyhkwong.
- You can now completely disable VMess's content encryption and protection, and may achieve better performance than none pseudo encryption. The document for VMess is updated. This is a non-breaking change on client side.
- Added binary release of ARM Mac(#686). Thanks @Loyalsoldier.
/opt/share/v2ray/
have been added to asset search path(#715). Thanks @kidonng.- Fixed TCP's default ALPN(#716). Thanks @AkinoKaede.
- Other minor stability and internal code quality improvements. Thanks @Loyalsoldier.
- Fixed a bug cause enabling chained proxy crash the instance. Thanks @database64128.
- Allow user to set domain matching policy for all rules.
- Renamed HybridDomainMatcher's name to
hybrid
.
v4.34.0
Release Notes
- TLS Session Resumption is now disabled by default (#569). See #557 for more information.
- Support for the legacy Shadowsocks protocol with stream ciphers has been removed (#566). If you are still using the unsecure stream ciphers, migrate to Shadowsocks AEAD (ChaCha20Poly1305 and AES-GCM) immediately.
- We have added preliminary support for DNS over QUIC (#534). Currently only non-proxied lookup is supported.
- Binaries of the following architectures are no longer a part of the release:
s390x
,ppc64
,ppc64le
,mips softfloat
.
Changes
- DNS: refactoring DNS (#169)
- DNS: support DNS over QUIC (#534) (currently only non-proxied lookup)
- DNS: add
clientIp
feature support for every nameserver (#504) - Release: add Android release (#512)
- Android: default dns set to 8.8.8.8:53 (#572)
- TLS Session Resumption is now disabled by default (#569). See #557 for more information.
- SessionTicketsDisabled is now
true
by default. See #557 for more information. - SOCKS: Refine socks5 server UdpAssociate response behavior (#523)
- SOCKS: Fix socks client UDP outbound's wrong destination (#522)
- HTTP2: listen port failed use error level log (#576)
- DNS: refine skipRoutePick (#558)
- DNS: compatible with
localhost
nameserver (#530) - DNS & Routing: refine rule parsing process (#528)
- Config: multi-JSON config overide (#409)- Release: migrate release from Azure Pipelines to GitHub Actions (#453 #468)
- Logging: Prevent trailing whitespaces in logs (#526)
- Test: add race detector
- Minor changes and fixes by @U-v-U, @CalmLong, @dyhkwong
Notices
You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.