Skip to content

v1.14.2

Compare
Choose a tag to compare
@github-actions github-actions released this 18 Feb 17:49
· 999 commits to Meta since this release

What's Changed

  • fix: skip-cert-verify is true by default by @3andero in #333
  • chore: Refine process code by @cubemaze
  • chore: adjust the case of Program names and HttpRequest UA by @cubemaze
  • Fix: TLS defaults to true for h2/grpc networks by @cubemaze
  • refactor: replace experimental.fingerprints with custom-certificates and Change the fingerprint verification logic to SSL pinning by @Skyxim
  • fix: ss converter cipher missing by @cubemaze
  • fix: config parse error by @Skyxim
  • chore: better workflow by @wwqgtxx
  • refactor: Implement extended IO by @H1JK
  • chore: tuic decrease unneeded copy by @wwqgtxx
  • chore: decrease direct depend on the sing package by @wwqgtxx
  • fix: addr panic by @wwqgtxx
  • adjust: Improve WebSocket mask by @H1JK
  • feat: gRPC gun implement extended writer by @H1JK
  • chore: Update BBR config by @Larvan2
  • fix: tuic server's SetCongestionController by @wwqgtxx
  • fix: tuic server's MaxIncomingStreams by @wwqgtxx
  • fix: tcpTracker's upload by @wwqgtxx
  • chore: new Random TLS KeyPair when empty input by @wwqgtxx
  • Fix: Remove EnableProcess from config.go and enable-process from config.yaml. FindProcess is now enabled by default when the rule set contains process-name rules by @Larvan2
  • fix: ShadowTLS header use array instead by @H1JK
  • feat: better config for sniffer by @Skyxim
  • feat: add override-destination for sniffer by @Skyxim
  • make ConvertsV2Ray more robust by @ag2s20150909 in #349
  • Chore: Decrease the default MaxUdpRelayPacketSize to 1252 to avoid the relay UDP exceeding the size of the QUIC's datagram. ClientMaxOpenStreams now follows the config.yaml option by @Larvan2
  • chore: better source address by @Skyxim
  • feat: Converter support WS early data parameters by @H1JK
  • fix: sub-rule condition don't work by @Skyxim
  • chore: better parse udp dns by @Skyxim
  • Chore: Add GEO data url configuration by @Larvan2
  • Chore: Change default latency test url to HTTPS by @Larvan2
  • Chore: Better parsing pure IPv6 UDP DNS by @Larvan2
  • chore: better parsing pure UDP DNS by @Larvan2
  • feature: geosite-based nameserver policy by @i40e
  • chore: restful api display xudp for VLESS and VMess by @cubemaze
  • chore: adjust keyword for geosite-based nameserver policy by @cubemaze
  • adjust: VLESS enable XUDP by default by @H1JK
  • docs(README.md): remove missing image link, mention Yacd-meta by @kunish in #356
  • fix: get tlsconfig err not handle, return nil pointer #358 by @tgNotHouse in #360
  • feat: Add utls for client's fingerprint. by @Larvan2 in #361
  • chore: fix mips atomic panic by @wwqgtxx
  • feat: nameserver policy support multiple server by @Skyxim
  • fix: Converter Shadowsocks password parse by @H1JK
  • chore: override-destination default value is true by @Skyxim
  • feat: add global-client-fingerprint by @Larvan2
  • fix: sniff domain don't match geosite when override-destination valuE is false by @Skyxim
  • chore: do not use extra pointer in UClient by @wwqgtxx
  • chore: avoid repeated wrapper by @Skyxim
  • fix: tun udp with 4in6 ip by @wwqgtxx
  • chore: better bind in windows by @wwqgtxx
  • fix: RoundRobin strategy of load balance when called multiple times by @Ovear in #390
  • feat: introduce a new robust approach to handle tproxy udp by @Ovear in #389
  • style: run go fmt on every .go file by @kunish in #392
  • fix: parsing ipv6 doh error by @Skyxim
  • chore: Considering remove GOAMD64=v2 of linux-amd64-compatible by @wwqgtxx
  • fix: websocket headroom by @wwqgtxx
  • fix: disable header protection in vmess server by @wwqgtxx

Config changes

#  全局TLS指纹,优先低于proxy内的 client-fingerprint
#  可选:"chrome","firefox","safari","ios","random","none" options.
#  Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
global-client-fingerprint: chrome

# DNS 分流支持 GeoSite
dns:
    #此处省略部分设置#
  nameserver-policy:
    "geosite:cn": 
      - https://doh.pub/dns-query
      - https://dns.alidns.com/dns-query
      
  nameserver:
  - https://dns.google/dns-query
  - https://dns.cloudflare.com/dns-query
  - https://doh.opendns.com/dns-query
  - https://doh.dns.sb/dns-query

# 嗅探域名 
sniffer:
  enable: false
  ## 对 redir-host 类型识别的流量进行强制嗅探
  ## 如:Tun、Redir 和 TProxy 并 DNS 为 redir-host 皆属于
  # force-dns-mapping: false
  ## 对所有未获取到域名的流量进行强制嗅探
  # parse-pure-ip: false
  # 是否使用嗅探结果作为实际访问,默认 true
  # 全局配置,优先级低于 sniffer.sniff 实际配置
  override-destination: false
  sniff:
    # TLS 默认如果不配置 ports 默认嗅探 443
    TLS:
    #  ports: [443, 8443]

    # 默认嗅探 80
    HTTP:
      # 需要嗅探的端口

      ports: [80, 8080-8880]
      # 可覆盖 sniffer.override-destination
      override-destination: true
  force-domain:
    - +.v2ex.com
  ## 对嗅探结果进行跳过
  # skip-domain:
  #   - Mijia Cloud

proxies:
  #此处省略部分设置#
  # vmess
  - name: "vmess"
    type: vmess/vless/trojan
    client-fingerprint: chrome   
    #  可选:"chrome","firefox","safari","ios","random","none" options.
    #  Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.

New Contributors

Full Changelog: v1.14.1...v1.14.2