v4.38.0

Feature

• FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
• TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
• Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
• Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.

Chore

• Fixed two typo in comments. Thanks @U-v-U

Security Advisory

• TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.37.3

Feature

• DNS: hosts support multiple addresses (#884 #886 #888) Docs

Fix

• Cannot load geoip & geosite (#889)

Chore

• Use Go v1.16.3
• Use Go v1.16 to build Debian package (#890)
• Update Debian package (098bf4b #894)

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.37.2

Features

• Websocket: support browser forwarder (#818)
  • Docs: Websocket & BrowserForwarder
  • Thanks @RPRX
• Websocket: support Websocket 0-RTT early data (#818)
  • Docs: Websocket
  • Thanks @RPRX
• Shadowsocks: add replay protection for Shadowsocks proxy (#777) @oif
• DNS: add queryStrategy option for DNS (#794)
  • Docs: DNS
  • Thanks @Loyalsoldier
• DNS: add disableFallback & skipFallback option for DNS client (#864)
  • Docs: DNS
  • Thanks @Loyalsoldier
• GeoIP: add inversed GeoIP matching (#860)
  • Docs: Routing & DNS
  • Thanks @Loyalsoldier

Fixes

• gRPC: add grpcSettings & gunSettings to streamSettings (00879c4) @RPRX
• Protobuf: vprotogen loop dependency (#797) @Loyalsoldier @U-v-U
• DNS: tests timeout due to network instability (#805) @Loyalsoldier
• DNS: remove AA header flag in DNS query (#817) @Loyalsoldier
• TProxy: cannot find IPv6 destination in redirect mode (#815) @mzz2017
• Context: ctx initialization for core.functions (#841) @rurirei
• FakeDNS: set FakeEnable option dynamically (#879) @sixg0000d @Loyalsoldier
• Websocket: Websocket early data 404 bug (#859) @k79e
• Browser Forwarder: cannot load resources on Windows (#849) @dyhkwong
• QUIC: disconnect due to timeout (#850) @bhoppi

Chores

• Log: remove package path prefix in logs (#840 0138017 78c1993) @kslr
• Update protobuf & dependencies & workflows & lint @Loyalsoldier
• Use Go v1.16.3

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.37.1

Fixes

• Websocket: Websocket early data 404 bug (#859) @k79e
• Browser Forwarder: cannot load resources on Windows (#849) @dyhkwong @kslr
• QUIC: disconnect due to timeout (#850) @bhoppi

v4.37.0

Features

• Websocket: support browser forwarder (#818)
  • Docs: Websocket & BrowserForwarder
  • Thanks @RPRX
• Websocket: support Websocket 0-RTT early data (#818)
  • Docs: Websocket
  • Thanks @RPRX
• DNS: add queryStrategy option for DNS (#794)
  • Docs: DNS
  • Thanks @Loyalsoldier
• Shadowsocks: add replay protection for Shadowsocks proxy (#777)
  • Docs: Shadowsocks
  • Thanks @oif

Fixes

• gRPC: add grpcSettings & gunSettings to streamSettings (00879c4) @RPRX
• Protobuf: vprotogen loop dependency (#797) @Loyalsoldier @U-v-U
• DNS: tests timeout due to network instability (#805) @Loyalsoldier
• DNS: remove AA header flag in DNS query (#817) @Loyalsoldier
• TProxy: cannot find IPv6 destination in redirect mode (#815) @mzz2017
• Context: ctx initialization for core.functions (#841) @rurirei

Chores

• Log: remove package path prefix in logs (#840 0138017 78c1993) @kslr
• VMess: move non-VMessAEAD warning to startup (e87e3d6) @kslr
• Update protobuf & dependencies & workflows & lint @Loyalsoldier

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.36.2

Fixes

• gRPC: fix gRPC max delay unintentionally low (1eaec68) @xiaokangwang
• DomainMatcher: fix core panics when zero domain/full type of rule (#786) @darsvador

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.36.1

⚠️ Do NOT use this release. ⚠️ Bugs are fixed in v4.36.2

Features

• Transport: add gRPC / gun transport. This transport's connections can be relayed over Nginx and other supported CDNs, have an ALPN of h2 and a built-in mux. (#757 #783)
  • Docs: Transport & gRPC transport
  • Thanks @DuckSoft, @xiaokangwang, @RPRX, @kslr, @maskedeken and an anonymous contributor.
• Proxy: add loopback proxy. This proxy allows you to send connections back to router to be routed again. It is a drop-in replacement for modded outbound address and dokodemo-door setup while using less system resources. (#770)
  • Docs: Loopback
  • Thanks @xiaokangwang @kslr
• Routing: add a faster and more memory-efficient routing rule matcher MphDomainMatcher that uses minimal perfect hash. (#743)
  • Docs: Routing
  • Thanks @darsvador

Fixes

• DNS: refine DNS default setting logics in Android (#767) @CalmLong
• FakeDNS: use 198.18.0.0/15 as default FakeDNS IP pool (#779)

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.36.0

Features

• Added gRPC/gun transport. This transport's connections can be relayed over nginx and other supported CDNs, have an ALPN of h2 and a built-in mux. The documents for transport, gRPC transport have been updated. Thanks @DuckSoft, @RPRX, @kslr and an anonymous contributor.
• Added loopback proxy. This proxy allows you to send connections back to router to be routed again. It is a drop-in replacement for modded outbound address and dokodemo-door setup while using less system resources. The document for loopback proxy has been updated. Thanks @kslr, @Loyalsoldier.

Fixes

• Refined DNS default setting logics in Android. Thanks @CalmLong.

Chores

• Various maintenance and improvements. Thanks @Loyalsoldier.

v4.35.1

Features

• Support Apple Silicon: add pre-built binary for Apple Silicon named v2ray-macos-arm64-v8a.zip (#686) @Loyalsoldier
• FakeDNS: add support for FakeDNS. FakeDNS will not take effect on Routing and Freedom outbound (#395 #406 #696) @yuhan6665
• Outbound: add streamSetting / transport support for outbound front proxy
• VMess: add zero pseudo encryption for better performance
• VMess: add support to disable compatibility for legacy VMess MD5 (#596) @dyhkwong
• Routing: add a faster and more memory-efficient routing rule matcher HybridDomainMatcher (#587 #639) @darsvador
• DNS: add support to disable DNS cache (#699 #705) @CalmLong

Fixes

• Test: HTTP/2 dial timeout (#570) @kslr
• Trojan: do not panic when UDP dispatcher fails to write response (#599) @maskedeken
• Transport: TCP default ALPN (#716) @AkinoKaede
• DNS: rule index out of range (#727) @Loyalsoldier

Chores

• Use Go v1.16 (#686)
• Refine issue templates (#630)
• Update dependencies
• Change module name to github.com/v2fly/v2ray-core/v4 (#677)

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default.
• VMess: Only use zero pseudo encryption in trusted transport such as TLS.
• FakeDNS: FakeDNS will NOT take effect on Routing and Freedom outbound.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

Documents about new features

• FakeDNS:
  1. Enable fakedns for destOverride and set metadataOnly: https://www.v2fly.org/config/inbounds.html#sniffingobject
  2. Add fakedns to dns servers section: https://www.v2fly.org/config/dns.html#dnsobject
  3. [Optional] Add fakedns section to config: https://www.v2fly.org/config/fakedns.html
• VMess MD5 认证信息淘汰机制
• VMess zero pseudo encryption
• New routing rule matcher HybridDomainMatcher
• ProxySetting for Outbound
• Disable DNS cache

Change log

1. An improved version of domain matcher implementation ACAutomatonDomainMatcher(#639) (Hybrid AC Matcher) is added. You can enable it with configuration. The document for routing have been updated. You could expect improvement on both shorter matching time and less memory usage. Thanks @darsvador.
2. The support for FakeDNS (#395 #406 #696) is added. It will return a synthetic DNS response when clients try to resolve domain name, and restore the domain name when clients connect to the returned address. Documents for DNS, FakeDNS, Sniffer is updated. Thanks @yuhan6665.
3. Added streamSetting/transport support for outbound front proxy. Document for outbound have been updated.
4. The cache of V2Ray's internal DNS can be disabled now(#699). Document for DNS is updated. Thanks @CalmLong.
5. You can disable compatibility for legacy VMess MD5(#596). Document for VMess have been updated. From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Thanks @dyhkwong.
6. You can now completely disable VMess's content encryption and protection, and may achieve better performance than none pseudo encryption. The document for VMess is updated. This is a non-breaking change on client side.
7. Added binary release of ARM Mac(#686). Thanks @Loyalsoldier.
8. /opt/share/v2ray/ have been added to asset search path(#715). Thanks @kidonng.
9. Fixed TCP's default ALPN(#716). Thanks @AkinoKaede.
10. Other minor stability and internal code quality improvements. Thanks @Loyalsoldier.
11. Fixed a bug cause enabling chained proxy crash the instance. Thanks @database64128.
12. Allow user to set domain matching policy for all rules.
13. Renamed HybridDomainMatcher's name to hybrid .

v4.34.0

Release Notes

• TLS Session Resumption is now disabled by default (#569). See #557 for more information.
• Support for the legacy Shadowsocks protocol with stream ciphers has been removed (#566). If you are still using the unsecure stream ciphers, migrate to Shadowsocks AEAD (ChaCha20Poly1305 and AES-GCM) immediately.
• We have added preliminary support for DNS over QUIC (#534). Currently only non-proxied lookup is supported.
• Binaries of the following architectures are no longer a part of the release: s390x, ppc64, ppc64le, mips softfloat.

Changes

• DNS: refactoring DNS (#169)
• DNS: support DNS over QUIC (#534) (currently only non-proxied lookup)
• DNS: add clientIp feature support for every nameserver (#504)
• Release: add Android release (#512)
• Android: default dns set to 8.8.8.8:53 (#572)
• TLS Session Resumption is now disabled by default (#569). See #557 for more information.
• SessionTicketsDisabled is now true by default. See #557 for more information.
• SOCKS: Refine socks5 server UdpAssociate response behavior (#523)
• SOCKS: Fix socks client UDP outbound's wrong destination (#522)
• HTTP2: listen port failed use error level log (#576)
• DNS: refine skipRoutePick (#558)
• DNS: compatible with localhost nameserver (#530)
• DNS & Routing: refine rule parsing process (#528)
• Config: multi-JSON config overide (#409)- Release: migrate release from Azure Pipelines to GitHub Actions (#453 #468)
• Logging: Prevent trailing whitespaces in logs (#526)
• Test: add race detector
• Minor changes and fixes by @U-v-U, @CalmLong, @dyhkwong

Notices

You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.