Releases: v2fly/v2ray-core
Releases · v2fly/v2ray-core
v4.39.0
7506395
This commit was signed with the committer’s verified signature.
xiaokangwang
Xiaokang Wang (Shelikhoo)
Features
- Websocket: support header based Websocket early data & its partial browser forwarder support
- GeoData: add a memory efficient geodata decoder called
memconservativefor memory-limited devices- docs: Environment variable
- #934 #953 #964 #965 #967 #977 Thanks @Loyalsoldier @rurirei
- HTTP/2 Transport: support to set method and headers for outgoing connections
- docs: HTTP/2
- TCP Socket Option: support to set keepalive interval on Linux operating system
- docs: Transport
- #962 Thanks @therealak12
Fixes
- BrowserForwarder panics with empty config (#954) Thanks @AkinoKaede @Loyalsoldier
- FakeDNS prints error with empty config (#955) Thanks @Loyalsoldier
- Dual stack FakeDNS Close method (#956) Thanks @Loyalsoldier
- Observatory starts with empty config & fails to close (#957) Thanks @Loyalsoldier
- Null check on alternative system dialer (#959) Thanks @rurirei
Chores
- Use Go v1.16.3
- Update dependencies
Notices
- Some unintentionally published APIs have been removed. 620d8f1
- API introduced in #966 is unsupported, and will be removed once a permanent solution is available.
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.
v4.38.3
ffc8887
This commit was signed with the committer’s verified signature.
xiaokangwang
Xiaokang Wang (Shelikhoo)
Feature
- FakeDNS: Added
fakedns+otherssniffer , based on #697 . Thanks @yuhan6665 . - TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
- Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
- Routing :
leastPingbalancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.
Fixs
- Fixed crashing in fake dns. #931 Thanks @IceCodeNew
- Added IPv6 pool in fake dns by default. #925 Thanks @Loyalsoldier
- Return ErrEmptyResponse for fakedns. #926 Thanks @sixg0000d
- Fixed UDP DNS connection cause crash. Thanks @nekohasekai
- Multi-json support for observatory, browser forwarder. #944 Thanks @ha-ku @AkinoKaede
Chore
- Fixed two typo in comments. Thanks @U-v-U
Security Advisory
- TLS connections with dangerous diagnose option
allowInsecureturn on and without certificate pin withpinnedPeerCertificateChainSha256will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess withnoneorzerosecurity, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) wheneverallowInsecureis turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.
v4.38.2
Feature
- FakeDNS: Added
fakedns+otherssniffer , based on #697 . Thanks @yuhan6665 . - TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
- Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
- Routing :
leastPingbalancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.
Fixs
- Fixed crashing in fake dns. #931 Thanks @IceCodeNew
- Added IPv6 pool in fake dns by default. #925 Thanks @Loyalsoldier
- Return ErrEmptyResponse for fakedns. #926 Thanks @sixg0000d
- Fixed UDP DNS connection cause crash. Thanks @nekohasekai
Chore
- Fixed two typo in comments. Thanks @U-v-U
Security Advisory
- TLS connections with dangerous diagnose option
allowInsecureturn on and without certificate pin withpinnedPeerCertificateChainSha256will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess withnoneorzerosecurity, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) wheneverallowInsecureis turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.
v4.38.1
Feature
- FakeDNS: Added
fakedns+otherssniffer , based on #697 . Thanks @yuhan6665 . - TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
- Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
- Routing :
leastPingbalancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.
Fixs
- Fixed crashing in fake dns. #931 Thanks @IceCodeNew
- Added IPv6 pool in fake dns by default. #925 Thanks @Loyalsoldier
- Return ErrEmptyResponse for fakedns. #926 Thanks @sixg0000d
Chore
- Fixed two typo in comments. Thanks @U-v-U
Security Advisory
- TLS connections with dangerous diagnose option
allowInsecureturn on and without certificate pin withpinnedPeerCertificateChainSha256will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess withnoneorzerosecurity, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) wheneverallowInsecureis turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.
v4.38.0
7dce725
This commit was signed with the committer’s verified signature.
xiaokangwang
Xiaokang Wang (Shelikhoo)
Feature
- FakeDNS: Added
fakedns+otherssniffer , based on #697 . Thanks @yuhan6665 . - TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
- Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
- Routing :
leastPingbalancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.
Chore
- Fixed two typo in comments. Thanks @U-v-U
Security Advisory
- TLS connections with dangerous diagnose option
allowInsecureturn on and without certificate pin withpinnedPeerCertificateChainSha256will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess withnoneorzerosecurity, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) wheneverallowInsecureis turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.
v4.37.3
Feature
Fix
- Cannot load geoip & geosite (#889)
Chore
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.
v4.37.2
Features
- Websocket: support browser forwarder (#818)
- Docs: Websocket & BrowserForwarder
- Thanks @RPRX
- Websocket: support Websocket 0-RTT early data (#818)
- Shadowsocks: add replay protection for Shadowsocks proxy (#777) @oif
- DNS: add queryStrategy option for DNS (#794)
- Docs: DNS
- Thanks @Loyalsoldier
- DNS: add disableFallback & skipFallback option for DNS client (#864)
- Docs: DNS
- Thanks @Loyalsoldier
- GeoIP: add inversed GeoIP matching (#860)
- Docs: Routing & DNS
- Thanks @Loyalsoldier
Fixes
- gRPC: add grpcSettings & gunSettings to streamSettings (00879c4) @RPRX
- Protobuf: vprotogen loop dependency (#797) @Loyalsoldier @U-v-U
- DNS: tests timeout due to network instability (#805) @Loyalsoldier
- DNS: remove AA header flag in DNS query (#817) @Loyalsoldier
- TProxy: cannot find IPv6 destination in redirect mode (#815) @mzz2017
- Context: ctx initialization for core.functions (#841) @rurirei
- FakeDNS: set FakeEnable option dynamically (#879) @sixg0000d @Loyalsoldier
- Websocket: Websocket early data 404 bug (#859) @k79e
- Browser Forwarder: cannot load resources on Windows (#849) @dyhkwong
- QUIC: disconnect due to timeout (#850) @bhoppi
Chores
- Log: remove package path prefix in logs (#840 0138017 78c1993) @kslr
- Update protobuf & dependencies & workflows & lint @Loyalsoldier
- Use Go v1.16.3
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.
v4.37.1
ec66506
This commit was signed with the committer’s verified signature.
xiaokangwang
Xiaokang Wang (Shelikhoo)
v4.37.0
f08a002
This commit was signed with the committer’s verified signature.
xiaokangwang
Xiaokang Wang (Shelikhoo)
Features
- Websocket: support browser forwarder (#818)
- Docs: Websocket & BrowserForwarder
- Thanks @RPRX
- Websocket: support Websocket 0-RTT early data (#818)
- DNS: add queryStrategy option for DNS (#794)
- Docs: DNS
- Thanks @Loyalsoldier
- Shadowsocks: add replay protection for Shadowsocks proxy (#777)
- Docs: Shadowsocks
- Thanks @oif
Fixes
- gRPC: add grpcSettings & gunSettings to streamSettings (00879c4) @RPRX
- Protobuf: vprotogen loop dependency (#797) @Loyalsoldier @U-v-U
- DNS: tests timeout due to network instability (#805) @Loyalsoldier
- DNS: remove AA header flag in DNS query (#817) @Loyalsoldier
- TProxy: cannot find IPv6 destination in redirect mode (#815) @mzz2017
- Context: ctx initialization for core.functions (#841) @rurirei
Chores
- Log: remove package path prefix in logs (#840 0138017 78c1993) @kslr
- VMess: move non-VMessAEAD warning to startup (e87e3d6) @kslr
- Update protobuf & dependencies & workflows & lint @Loyalsoldier
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.
v4.36.2
Fixes
- gRPC: fix gRPC max delay unintentionally low (1eaec68) @xiaokangwang
- DomainMatcher: fix core panics when zero domain/full type of rule (#786) @darsvador
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.