v1.18.1

📣

预祝大家新年快乐！

What's Changed

• feat: add DSCP rule for Tproxy UDP packets (#996) by @Pretze

BUG & Fix

• fix(ntp): simplify NTP service initialization and error handling by @riolurs
• fix: Converter SIP002 parameters parse (#976) by @snakem982
• fix: exclude loopback on darwin by @wwqgtxx
• fix: flush dns cache in android and cmfa build. (#971) by @ahmad Nazari
• fix: h2mux udp not working by @wwqgtxx
• fix: hy2's rawConn not closed by @wwqgtxx
• fix: resolve IPv6 rule-set issue #959. by @Larvan2
• fix: SUB-RULE with PROCESS-NAME rule payload not working (#953) by @cesaryuan
• fix: tfo not working with smux/yamux by @wwqgtxx
• fix: trigger-cmfa-update by @Larvan2

Maintenance

• chore: add timeout option by @xishang0128
• chore: better IPSet code by @wwqgtxx
• chore: cleanup IPSet code by @wwqgtxx
• chore: dscp support range too by @wwqgtxx
• chore: generate release note automatically by @Larvan2
• chore: hysteria2 add udp-mtu option default value is 1200-3 to match old version quic-go's capability by @wwqgtxx
• chore: ipcidr direct using go4.org/netipx by @wwqgtxx
• chore: limit the default url by @xishang0128
• chore: modify initial resource update by @xishang0128
• chore: read waiter for pipe by @wwqgtxx
• chore: rebuild slowdown code by @wwqgtxx
• chore: Redundant function calls. (#956) by @Vincent.Shi
• chore: replace IpCidrTrie with binary search by @Larvan2
• chore: return more information for the api by @xishang0128
• chore: rewrite IntRanges constructor by @wwqgtxx
• chore: slowdown wireguard dial retry by @wwqgtxx
• chore: stop retry when couldn't find ip by @wwqgtxx
• chore: store latency data more reasonably (#964) by @tommy
• chore: trigger ci by @Larvan2
• chore: update dependencies by @wwqgtxx
• chore: update quic-go to 0.41.0 by @wwqgtxx
• chore: update release note by @Larvan2
• docs: README.md by @Larvan2

Full Changelog: v1.18.0...v1.18.1

v1.18.0

What's Changed

• feat: Add GeoAutoUpdate and GeoUpdateInterval to config (#857) by @Kuingsmile
• feat: Add LAN allowed and disallowed IP configurations (#861) by @Kuingsmile
• feat: Add succinct matcher support for GeoSite by @H1JK
• feat: add include-all to proxy-groups by @xishang0128
• feat: support external api extensions (#852) by @snakem982

BUG & Fix

• fix: add backgroundRead for plain http inbound (#952) by @hunshcn
• fix: avoid gobwas/ws pbytes.GetLen panic by @wwqgtxx
• fix: CopyExtendedOnce can't exit loop by @wwqgtxx
• fix: GSO support for TUN by @wwqgtxx
• fix: gvisor stack's dns hijack not working by @wwqgtxx
• fix: hy2 missing UDP timeout by @wwqgtxx
• fix: let input prefix to lower case when parsing. Fix #868 by @Larvan2
• fix: missing insertTriePolicy when process rule-set by @wwqgtxx
• fix: mount cache by @Larvan2
• fix: only using xsync with pointer to avoid unaligned 64-bit atomic operation closed #783 by @wwqgtxx
• fix: remove unneeded health check by @wwqgtxx
• fix: sing vectorised writer by @wwqgtxx
• fix: ss uot add thread safe wrapper by @wwqgtxx
• fix: stop using insert url when get urltest delay by @PuerNya
• fix: system stack's dns hijack not working by @wwqgtxx
• fix: the right way to get process in win32 format (#909) by @fakeboboliu
• fix: try fixing automatic policy by @xishang0128
• fix: udp nat handle by @PuerNya

Maintenance

• chore: adapt new ReadWait interfaces by @wwqgtxx
• chore: add a new cors response header by @PuerNya
• chore: add GSO support for TUN lwip had been dropped, also cgo build will be removed by @wwqgtxx
• chore: add leading slash to ws-path by @wwqgtxx
• chore: add loopback detect for direct outbound by @wwqgtxx
• chore: add some fields for override by @xishang0128
• chore: avoid return nil. fix #930 by @Larvan2
• chore: better Reject-Drop for UDP by @Larvan2
• chore: change DefaultTestUrl by @PuerNya
• chore: cleanup code by @Larvan2
• chore: Cleanup unused GeoSite matchers by @H1JK
• chore: code cleanup by @wwqgtxx
• chore: do not always trigger upload on PR #912 by @Larvan2
• chore: don't force output color in log but you can set CLICOLOR_FORCE=1 environment variable by @wwqgtxx
• chore: fix typo by @giveup
• chore: health check for compatible providers after startup by @Larvan2
• chore: limit max CopyExtendedOnce execute times to 10 by @wwqgtxx
• chore: modify default url by @xishang0128
• chore: Remove the use of curve25519 package by @H1JK
• chore: reslove udp host after rule matching by @PuerNya
• chore: restore function name to AliveForTestUrl by @Larvan2
• chore: support waitRead in windows by @wwqgtxx
• chore: Update bandwidth convertor by @H1JK
• chore: Update dependencies by @wwqgtxx
• chore: update docs by @xishang0128
• chore: update gvisor by @wwqgtxx
• chore: update uTLS to 1.5.4 by @wwqgtxx
• chore: using stable api by @wwqgtxx
• chore: windows process will return DOS format instead of NT format by @wwqgtxx

Full Changelog: v1.17.0...v1.18.0

v1.17.0

Breaking Changes

Binary file name changes to mihomo, along with most of the const such as default config path, check and update these file/path before update to this version.

What's Changed

• feat(sniffer): add quic sniffer by @5aaee9
• feat: Add outbound sing-mux tcp-brutal support by @H1JK
• feat: add reload signal support (#780) by @andrei Shevchuk
• feat: Add v2ray httpupgrade fast open support by @H1JK
• feat: add certificate and private-key to vmess listener by @wwqgtxx
• feat: add include-all-providers to proxy-groups by @xishang0128
• feat: add override to proxy-providers by @Larvan2
• feat: add skip-auth-prefixes by @wwqgtxx
• feat: add v2ray-http-upgrade support by @wwqgtxx
• feat: add ws-path to vmess listener by @wwqgtxx
• feat: cancel RULE-SET nested SUB-RULE restrictions by @Skyxim
• feat: share more code from android branch by @Steve Johnson
• feat: support ARC for DNS cache by @Larvan2
• feat: support clash premium's structured log stream (#735) by @NyaMisty
• feat: support REJECT-DROP by @Larvan2
• feature: add environs startup option support (#2909) by @septs
• feature: add xdg base support (#2913) by @septs
• Merge pull request #810 from 5aaee9/Alpha by @Larvan2

BUG & Fix

• fix: avoid tls panic by @wwqgtxx
• fix: BBR bandwidth estimation edge case by @wwqgtxx
• fix: BBR memory leak by @wwqgtxx
• fix: build error by @wwqgtxx
• fix: dhcp not working on windows by @wwqgtxx
• fix: DNS NCACHE TTL and OPT RRs (#2900) by @jiahao Lu
• fix: fix android-arm64 build by @Steve Johnson
• fix: fix package name rules match by @Steve Johnson
• fix: gvisor panic by @wwqgtxx
• fix: gVisor UDP 6to4 check by @wwqgtxx
• fix: health check at startup by @Skyxim
• fix: health check available for 'selector' if configured by @Larvan2
• fix: hy2/tuic inbound cert isn't path by @Larvan2
• fix: improve feature check and add missing patches by @Steve Johnson
• fix: method in vmess http-opts is not used by @sduoduo233
• fix: Mux missing sing logger & initializing race by @H1JK
• fix: only force health check compatible providers by @Skyxim
• fix: parsing override by @Larvan2
• fix: Pool panic when putting small buffer by @H1JK
• fix: quic-go min MTU by @wwqgtxx
• fix: reality panic by @wwqgtxx
• fix: remote logic rules cannot be parsed (#837) by @HolgerHuo
• Fix: should check all ips need to fallback (#2915) by @yaling888
• fix: sing listener panic by @wwqgtxx
• fix: socks5 udp associate by @Dreamacro
• fix: ssr panic by @wwqgtxx
• fix: Trojan websocket header panic by @H1JK
• fix: unmap 4in6 ip by @wwqgtxx
• fix: v2ray http upgrade Hosts header not working by @wwqgtxx

Maintenance

• chore: add android feature and patch by @Steve Johnson
• chore: add CMFA auto update-dependencies trigger by @Steve Johnson
• chore: add labels to issue template by @Steve Johnson
• chore: add new bbr implementation by @wwqgtxx
• chore: add route exclude support by @wwqgtxx
• chore: add SetupContextForConn for common/net by @wwqgtxx
• chore: add some warning log by @wwqgtxx
• chore: better atomic using by @wwqgtxx
• chore: better bufio.Reader warp by @wwqgtxx
• chore: better dns batchExchange by @wwqgtxx
• chore: better tls handshake by @wwqgtxx
• chore: Cleanup code by @H1JK
• chore: cleanup error using of dialer.DefaultInterface by @wwqgtxx
• chore: code cleanup by @wwqgtxx
• chore: decrease goroutine used in core tunnel by @wwqgtxx
• chore: decrease memory copy in quic sniffer by @wwqgtxx
• chore: decrease memory copy in sing listener by @wwqgtxx
• chore: direct append data to bufio.Reader's internal buffer as much as possible by @wwqgtxx
• chore: do websocket client upgrade directly instead of gobwas/ws by @wwqgtxx
• chore: fix bbr bugs by @wwqgtxx
• chore: fix sniffer log error by @xishang0128
• chore: fix subscription_info by @xishang0128
• chore: geo link replaced with github by @xishang0128
• chore: improve subscription userinfo parsing (#781) by @septs
• chore: inMemoryAuthenticator unneed sync map by @wwqgtxx
• chore: listeners can set mux-option by @wwqgtxx
• chore: merge some quic-go fix by @wwqgtxx
• chore: migrate from gorilla/websocket to gobwas/ws by @wwqgtxx
• chore: modify configuration fields by @xishang0128
• chore: modify some fields by @xishang0128
• chore: modify ua by @xishang0128
• chore: NameServerPolicy will match inorder by @wwqgtxx
• chore: netip.Prefix should not using pointer by @wwqgtxx
• chore: Pool allocate arrays instead of slices by @H1JK
• chore: print colored log by @Larvan2
• chore: reduce memory alloc by @Larvan2
• chore: reduce string split immediately after string concat (#773) by @kiva
• chore: reorder atomic TypedValue see: https://gfw.go101.org/article/unofficial-faq.html#final-zero-size-field by @wwqgtxx
• chore: Replace stack collection with list by @H1JK
• chore: revert default global ua by @Steve Johnson
• chore: share dnsClient in NewResolver by @wwqgtxx
• chore: share some code by @wwqgtxx
• chore: Shrink allocator pool range by @H1JK
• chore: simplify fast open code by @wwqgtxx
• chore: support reject proxy type by @wwqgtxx
• chore: support relative path for hy2/tuic inbound cert by @Larvan2
• chore: support v2ray http upgrade server too by @wwqgtxx
• chore: system resolver can autoupdate by @wwqgtxx
• chore: temporary seal by @Larvan2
• chore: Update dependencies by @H1JK
• chore: update dependencies by @Larvan2
• chore: Update dependencies by @wwqgtxx
• chore: update gvisor by @wwqgtxx
• chore: update quic-go to 0.39.0 by @wwqgtxx
• chore: Update quic-go to v0.40.0 by @wwqgtxx
• chore: update sing-tun by @wwqgtxx
• chore: upgrade xsync to v3 by @wwqgtxx
• chore: using wk8/go-ordered-map/v2 replace internal StringMapSlice by @wwqgtxx
• docs: support reload in service by @Larvan2
• docs: update about quic sniffer by @5aaee9
• docs: update readme.md by @Larvan2

Full Changelog: v1.16.0...v1.17.0

v1.16.0

What's Changed

• feat: Add disable quic-go GSO to experimental by @H1JK
• feat: add provider proxies api by @xishang0128
• feat: add udp-over-stream for tuic only work with meta tuic server or sing-box 1.4.0-beta.6 by @wwqgtxx
• feat: bump restls to v0.1.6 (utls v1.4.3) (#692) by @3andne
• feat: configurable TCPKeepAlive interval by @Larvan2
• feat: converter support hysteria2 by @Larvan2
• feat: Converter unofficial TUIC share link support by @H1JK
• feat: download/upgrade XD to external-ui by @Larvan2
• feat: inbound support Hysteria2 by @wwqgtxx
• feat: ntp service by @riolu.rs
• feat: proxies support direct type by @wwqgtxx
• feat: recovering preHandleMetadata failure from sniffing (#769) by @kiva
• feat: support Hysteria2 by @wwqgtxx
• feat: support users to customize download ua by @xishang0128
• feat: update external-ui by @Larvan2

BUG & Fix

• fix: caceh dns result by @Skyxim
• fix: call shutdown before restart (#709) by @Alpha
• fix: concurrent map writes #707 by @Larvan2
• fix: dualStack confusing error on ipv4 failed connect by @Mitt
• fix: fail to set KeepAliveIntervall #715 by @Larvan2
• fix: hy2 udp not working by @wwqgtxx
• fix: ntp service panic by @riolu.rs
• fix: ntp service panic by @wwqgtxx
• fix: RESTful api missing TunConf.device by @YanceyChiew
• fix: sing-vmess panic by @wwqgtxx
• fix: socks5 udp not working on loopback by @wwqgtxx
• fix: TLS ALPN support by @H1JK
• fix: tuicv5 panic in ReadFrom by @wwqgtxx
• fix: uot read failed by @wwqgtxx

Maintenance

• chore: cleanup code by @Larvan2
• chore: cleanup codes by @Larvan2
• chore: DNS cache policy follow upstream by @Larvan2
• chore: fix typo by @Larvan2
• chore: handle provider proxies in proxies api by @PuerNya
• chore: ignore PR when Pre-releasing by @Larvan2
• chore: limit tuicv5's maxUdpRelayPacketSize up to 1200-PacketOverHead by @wwqgtxx
• chore: ntp service dep with sing, optional synchronize system time by @riolu.rs
• chore: ntp service support dialer-proxy by @wwqgtxx
• chore: rebuild ca parsing by @wwqgtxx
• chore: rename func name by @Larvan2
• chore: resolver read system hosts file by @wwqgtxx
• chore: Restore go1.20 support by @wwqgtxx
• chore: restore unselected by @Larvan2
• chore: share N.dialer code by @wwqgtxx
• chore: support set cwnd for hy2 too by @wwqgtxx
• chore: TCPKeepAlive interval set to 15s by default by @Larvan2
• chore: Update android-ndk by @汐殇
• chore: Update dependencies by @H1JK
• chore: Update dependencies by @wwqgtxx
• chore: update external-ui by @xishang0128
• Chore: update github issue template by @xishang0128
• chore: update provider proxies api by @xishang0128
• chore: update quic-go to 0.38.0 by @wwqgtxx
• chore: updateUI API return 501 when config incomplete by @Larvan2
• chore: use cmp in go 1.21 by @Larvan2
• chore: use WaitGroup in dualStackDialContext by @Larvan2
• chore: Use xsync provided map size calculation by @H1JK
• chore: using xsync.MapOf replace sync.Map by @wwqgtxx
• docs(README): update dashboard section by @kunish
• Merge pull request #767 from PuerNya/fix-delay by @汐殇
• refactor: Decouple .Cleanup from ReCreateTun by @YanceyChiew

Full Changelog: v1.15.1...v1.16.0

v1.15.1

What's Changed

• feat: Add Meta-geoip V0 database support by @H1JK
• feat: Add RCode DNS client by @H1JK
• feat: Add sing-geoip database support by @H1JK
• feat: Add XUDP migration support by @H1JK
• feat: add inbound-mptcp for listeners by @wwqgtxx
• feat: add mptcp for all proxy by @wwqgtxx
• feat: optional provider path (#624) by @汐殇
• feat: support tuicV5 by @wwqgtxx
• feat: tuic outbound allow set an empty ALPN array by @wwqgtxx

BUG & Fix

• fix geodata-mode by @xishang0128
• fix hysteria faketcp lookback in TUN mode (#601) by @Mars160
• fix: parse nested sub-rules failed by @Skyxim
• fix: Disable XUDP global ID if source address invalid by @H1JK
• fix: discard http unsuccessful status by @Skyxim
• fix: DNS cache by @H1JK
• fix: dns concurrent not work by @Skyxim
• fix: go1.19 compile by @wwqgtxx
• fix: handle manually select in url-test by @Larvan2
• fix: hysteria faketcp loopback in tun mode by @wwqgtxx
• Fix: mapping dns should not stale (#675) by @Yusaki丶Kanade
• fix: nil pointer in urltest (#603) by @wzdnzd
• fix: panic when add 4in6 ipcidr by @Skyxim
• fix: Resolve delay omission in the presence of nested proxy-groups by @Larvan2
• fix: singmux return wrong supportUDP value by @wwqgtxx
• fix: tuic server cwnd parsing by @wwqgtxx
• fix: tuicV5's heartbeat should be a datagram packet by @wwqgtxx
• fix: tunnel's handleUDPToLocal panic by @wwqgtxx

Maintenance

• chore: change geodata download url to fastly.jsdelivr.net (#636) by @moranno
• chore: adjustable cwnd for cc in quic by @Larvan2
• chore: allow unsafe path for provider by environment variable by @Skyxim
• chore: avoid unneeded map copy when close connection in restful api by @wwqgtxx
• chore: better close single connection in restful api by @wwqgtxx
• chore: better env parsing by @wwqgtxx
• chore: better resolv.conf parsing by @wwqgtxx
• chore: better tuicV5 deFragger by @wwqgtxx
• chore: Disable cache for RCode client by @H1JK
• chore: fix TUIC cwnd parsing by @Larvan2
• chore: function rename by @wwqgtxx
• chore: generate release note automatically by @Larvan2
• chore: genReleaseNote support verrsion range by @Larvan2
• chore: Ignore PR in Docker build by @Larvan2
• chore: init gopacket only when dial fake-tcp to decrease memory using by @wwqgtxx
• chore: Random only if the certificate and private-key are empty by @Skyxim
• chore: reduce process lookup attempts when process not exist #613 by @Skyxim
• chore: Refine adapter type name by @H1JK
• chore: Reject packet conn implement wait read by @H1JK
• chore: Remove legacy XTLS support (#645) by @hellojack
• chore: Replace murmur3 with maphash by @H1JK
• Chore: Something update from clash (#639) by @タイムライン
• chore: Something update from clash :) (#606) by @タイムライン
• chore: statistic's Snapshot only contains TrackerInfo by @wwqgtxx
• chore: structure support decode pointer by @wwqgtxx
• chore: tuic server can handle V4 and V5 in same port by @wwqgtxx
• chore: Update dependencies by @H1JK
• chore: Update dependencies by @wwqgtxx
• chore: update go1.21.0 release by @wwqgtxx
• chore: Update go1.21rc3 by @wwqgtxx
• chore: update proxy's udpConn when received a new packet by @wwqgtxx
• chore: update quic-go to 0.34.0 by @wwqgtxx
• chore: update quic-go to 0.35.1 by @wwqgtxx
• chore: update quic-go to 0.36.0 by @wwqgtxx
• chore: update quic-go to 0.36.1 by @wwqgtxx
• chore: update quic-go to 0.37.1 by @wwqgtxx
• chore: update quic-go to 0.37.2 and go1.21rc4 by @wwqgtxx
• chore: update quic-go to 0.37.3 by @wwqgtxx
• chore: update to go1.21rc2, drop support for go1.19 by @wwqgtxx
• chore: Use Meta-geoip for default by @H1JK
• chore: using uint16 for ports in Metadata by @wwqgtxx
• refactor: Geodata initialization by @H1JK

Full Changelog: v1.14.5...v1.15.1

v1.15.0

What's Changed

• feat: Add RCode DNS client by @H1JK
• feat: Add XUDP migration support by @H1JK
• feat: optional provider path (#624) by @xishang0128
• feat: support tuicV5 by @wwqgtxx

BUG & Fix

• fix hysteria faketcp lookback in TUN mode (#601) by @Mars160
• fix: Disable XUDP global ID if source address invalid by @H1JK
• fix: dns concurrent not work by @Skyxim
• fix: go1.19 compile by @wwqgtxx
• fix: hysteria faketcp loopback in tun mode by @wwqgtxx
• fix: nil pointer in urltest (#603) by @wzdnzd
• fix: panic when add 4in6 ipcidr by @Skyxim
• fix: Resolve delay omission in the presence of nested proxy-groups by @Larvan2
• fix: singmux return wrong supportUDP value by @wwqgtxx
• fix: tuic server cwnd parsing by @wwqgtxx
• fix: tuicV5's heartbeat should be a datagram packet by @wwqgtxx

Maintenance

• chore: adjustable cwnd for cc in quic by @Larvan2
• chore: allow unsafe path for provider by environment variable by @Skyxim
• chore: avoid unneeded map copy when close connection in restful api by @wwqgtxx
• chore: better close single connection in restful api by @wwqgtxx
• chore: better resolv.conf parsing by @wwqgtxx
• chore: Disable cache for RCode client by @H1JK
• chore: fix TUIC cwnd parsing by @Larvan2
• chore: function rename by @wwqgtxx
• chore: generate release note automatically by @Larvan2
• chore: genReleaseNote support verrsion range by @Larvan2
• chore: Ignore PR in Docker build by @Larvan2
• chore: init gopacket only when dial fake-tcp to decrease memory using by @wwqgtxx
• chore: reduce process lookup attempts when process not exist #613 by @Skyxim
• chore: Refine adapter type name by @H1JK
• chore: Replace murmur3 with maphash by @H1JK
• chore: Something update from clash :) (#606) by @Nep-Timeline
• chore: statistic's Snapshot only contains TrackerInfo by @wwqgtxx
• chore: tuic server can handle V4 and V5 in same port by @wwqgtxx
• chore: Update dependencies by @H1JK
• chore: Update dependencies by @wwqgtxx
• chore: update proxy's udpConn when received a new packet by @wwqgtxx
• chore: update quic-go to 0.34.0 by @wwqgtxx
• chore: update quic-go to 0.35.1 by @wwqgtxx

Full Changelog: v1.14.5...v1.15.0

v1.14.5

What's Changed

Configs example

• feat: add IN-USER and IN-NAME rules by @wwqgtxx
• feat: rewrite http outbound by @PuerNya
• feat: Support insecure gRPC by @H1JK
• feat: support system dns by @sleshep
• feat: support system dns for windows by @Larvan2
• feat: Updater detect and download AMD64v3 artifact by @H1JK
• refactor: Move vision implementation to a new package by @H1JK
• refactor: Switch to sing-shadowsocks2 client by @H1JK

BUG & Fix

• fix: Deadline not apply on EnhancePacketConn by @wwqgtxx
• fix: deadline reader cause panic by @wwqgtxx
• Fix: deprecated action commands (#556) by @H1JK
• fix: ensure group not empty by @wwqgtxx
• fix: handle manually select in url-test by @Larvan2
• fix: mux's udp should add write lock by @wwqgtxx
• fix: shadowsocks rc4-md5 not working by @wwqgtxx
• fix: sing inbound should check needAdditionReadDeadline on udp too by @wwqgtxx
• fix: sing-based listener panic by @wwqgtxx
• fix: sing-ss2's Reader not set buffer end by @wwqgtxx
• fix: ss aead udp problem by @wwqgtxx
• fix: tfoConn panic by @wwqgtxx
• fix: TLS certificate pool initialize by @H1JK
• fix: tuic can't work with proxy-dialer by @wwqgtxx
• fix: tuic connection error using fast_open by @Skyxim
• fix: tuic server return error udp address by @wwqgtxx
• fix: udp can't auto close by @wwqgtxx
• fix: UDP packet should not return io.EOF by @wwqgtxx
• fix: udp panic when server return a domain name by @wwqgtxx
• Fix: update action to support Node 16 (#565) by @8Mi_Yile
• fix: Update unsafe pointer add usage by @H1JK
• fix: wildcard matching problem by @Skyxim
• fix: #512: geo download failed when startup (#538) by @sleshep

Maintenance

• chore: Add vision splice support by @H1JK
• chore: add WaitReadFrom support in hyPacketConn by @wwqgtxx
• chore: add WaitReadFrom support in quicStreamPacketConn by @wwqgtxx
• chore: add WaitReadFrom support in ssr by @wwqgtxx
• chore: better packet deadline by @wwqgtxx
• chore: better sing's udp api support by @wwqgtxx
• chore: better tproxy error logging by @wwqgtxx
• chore: better tuic earlyConn impl by @wwqgtxx
• chore: better updater by @Larvan2
• chore: cleanup system dns code by @wwqgtxx
• chore: decrease direct udp read memory used for no-windows platform by @wwqgtxx
• chore: decrease shadowsocks udp read memory used for no-windows platform by @wwqgtxx
• chore: Decrease UoT read memory by @H1JK
• chore: drop bufio.Reader in BufferedConn to let gc can clean up its internal buf by @wwqgtxx
• chore: improve read waiter interface by @wwqgtxx
• chore: Make slash optional for system resolver by @H1JK
• chore: more context passing in outbounds by @wwqgtxx
• chore: packet deadline support CreateReadWaiter interface by @wwqgtxx
• chore: Random only if the certificate and private-key are empty by @Skyxim
• chore: rebuild ref and threadSafe packetConn by @wwqgtxx
• chore: Remove default DNS in system resolver by @H1JK
• chore: sing inbound support WaitReadPacket by @wwqgtxx
• chore: slightly improve quic-bbr performance by @Larvan2
• chore: switch ss uot default back to version 1 by @wwqgtxx
• chore: Update dependencies by @H1JK
• chore: update docs by @cubemaze
• chore: update release note by @Larvan2
• chore: upgrade dependencies by @Skyxim
• chore: upgrade dependencies by @wwqgtxx
• chore: Use API to create windows firewall rule by @Larvan2
• chore: using internal socks5.ReadAddr0 in trojan by @wwqgtxx
• docs: update config.yaml by @Larvan2

Full Changelog: v1.14.4...v1.14.5

v1.14.4

What's Changed

Configs example

• feat: Add multi-peer support for wireguard outbound by @wwqgtxx
• feat: nameserver-policy support use rule-providers and reduce domain-set memory by @Skyxim
• feat: add statistic and only-tcp options for smux by @wwqgtxx
• feat: add memory status for snapshot by @wwqgtxx
• feat: add proxy and sing-based listener support sing-mux by @wwqgtxx
• feat: core support memory chat by @rookisbusy
• feat: proxy-provider can set dialer-proxy too it will apply dialer-proxy to all proxy in this provider by @wwqgtxx
• feat: ruleset support text format by @wwqgtxx
• feat: support dialer-proxy config for all outbound by @wwqgtxx
• feat: urltest can be select by user by @MetaCubeX
• feat: wireguard add dialer-proxy config to support chain forwarding by @wwqgtxx
• feat: wireguard add remote-dns-resolve and dns settings by @wwqgtxx

BUG & Fix

• fix: CGO build failed on darwin-10.16 by @wwqgtxx
• fix: concurrent close on h2mux server conn by @nekohasekai
• fix: Converter panic on bad VMess share links by @H1JK
• fix: Vision slice out of bounds error by @H1JK
• fix: chat.js not begin with zero by @rookisbusy
• fix: deadline pipeReadBuffer, pipeReadFrom and panic when alloc empty buffer by @wwqgtxx
• fix: direct outbound not ensure ip was resolved by @wwqgtxx
• fix: domain-set wildcard match by @Skyxim
• fix: ensure StreamWebsocketConn call N.NewDeadlineConn by @wwqgtxx
• fix: firstWriteCallBackConn can pass N.ExtendedConn too by @wwqgtxx
• fix: h2 close panic by @wwqgtxx
• fix: not match top domain by @Skyxim
• fix: proxyDialer has a non-nil interface containing nil pointer judgment by @wwqgtxx
• fix: proxyDialer panic when domain name was not resolved by @wwqgtxx
• fix: revert LRU cache changes by @wwqgtxx
• fix: ruleProvider panic by @wwqgtxx
• fix: return pooled buffer when simple-obfs tls read error (#2643) by @bdbai
• fix: sing-mux udp by @wwqgtxx
• fix: should always drop packet when handle UDP packet (#2659) by @yaling888
• fix: smux should show its support udp and uot by @wwqgtxx
• fix: tracker remote addr check by @Skyxim
• fix: tuic fast-open not work by @wwqgtxx
• fix: tuic pool client should only cache the system's UDPConn by @wwqgtxx
• fix: tun warn timeout by @rookisbusy
• fix: tunnel udp panic by @wwqgtxx
• fix: vless tcp not working by @wwqgtxx
• fix: vless udp not working by @wwqgtxx
• fix: wireguard auto close not working by @wwqgtxx
• fix: wireguard reconnect failed by @wwqgtxx
• fix: wireguard tcp close need long time by @wwqgtxx

Maintenance

• chore: add issue templates by @Larvan2
• chore: clash filter link local by @Skyxim
• chore: Add early bounds checks by @H1JK
• chore: Add read deadline implementation by @wwqgtxx
• chore: Adopt sing-tun's update by @wwqgtxx
• chore: DomainSet now build from a DomainTrie by @wwqgtxx
• chore: Update dependencies by @wwqgtxx
• chore: add genReleaseNote.sh by @Larvan2
• chore: better error ignore by @wwqgtxx
• chore: better memory fetching time by @Skyxim
• chore: better parse remote dst by @Skyxim
• chore: better upgrade by @Larvan2
• chore: better workflow by @Larvan2
• chore: clarify the wireguard logging by @wwqgtxx
• chore: clean up code by @Larvan2
• chore: clean up docs by @Larvan2
• chore: cleanup listener before restart by @Larvan2
• chore: cleanup unneeded deadline by @wwqgtxx
• chore: clear windows bind error by @wwqgtxx
• chore: close all connections after proxySet initial by @wwqgtxx
• chore: download geoX use inner by @Larvan2
• chore: fix build by @Larvan2
• chore: force set SelectAble when start load cache by @wwqgtxx
• chore: init gopsutil's Process direct from struct by @wwqgtxx
• chore: make all net.Conn wrapper can pass through N.ExtendedConn by @wwqgtxx
• chore: proxyDialer can add inner conn to statistic by @wwqgtxx
• chore: proxyDialer can limited support old dial function by @wwqgtxx
• chore: proxyDialer don't push flow to manager in statistic by @wwqgtxx
• chore: proxyDialer first using old function to let mux work by @wwqgtxx
• chore: remove debug_api patch by @Larvan2
• chore: rename delete.yml by @Larvan2
• chore: resolver priority return TypeA in ResolveIP (not effected LookupIP) by @wwqgtxx
• chore: rewrite verifyIP6 by @wwqgtxx
• chore: rule-provider direct using IndexByte in bytes for find new line by @wwqgtxx
• chore: rule-provider now read yaml line-by-line by @wwqgtxx
• chore: safe sing-mux close by @wwqgtxx
• chore: support splice for direct outbound by @wwqgtxx
• chore: sync sing-wireguard's update by @wwqgtxx
• chore: udp always direct pass ip to remote without domain by @wwqgtxx
• chore: update bug_report by @Skyxim
• chore: update demo by @Skyxim
• chore: update doc by @Skyxim
• chore: update templates by @Larvan2
• chore: update use compatible version for windows/linux amd64 by @Larvan2
• chore: update wireguard-go by @wwqgtxx
• chore: using new chan based deadline reader by @wwqgtxx
• chore: using sync/atomic replace uber/atomic by @wwqgtxx
• chore: version print error by @Skyxim
• chore: wireguard dns can work with domain-based server by @wwqgtxx
• doc: update config.yaml by @wwqgtxx
• doc: update smux by @wwqgtxx

Full Changelog: v1.14.3...v1.14.4

What's Changed

• Alpha by @rookisbusy in #490
• feat: core support memory chat by @rookisbusy in #491
• fix: chat.js not begin with zero by @rookisbusy in #492
• fix: tun warn timeout by @rookisbusy in #493

Full Changelog: v1.14.3...v1.14.4

What's Changed

• Alpha by @rookisbusy in #490
• feat: core support memory chat by @rookisbusy in #491
• fix: chat.js not begin with zero by @rookisbusy in #492
• fix: tun warn timeout by @rookisbusy in #493
• fix: wildcard matching problem by @Skyxim in #536

Full Changelog: v1.14.3...v1.14.4

v1.14.3

What's Changed

Configs example

REALITY is experimental support and may have compatibility issues

• feat: support set tun file-descriptor in config file by @wwqgtxx
• feat: Support Restls-V1 in Clash.Meta (#441) by @3andne
• feat: Update UoT protocol by @nekohasekai
• feat: Converter support REALITY share standard by @H1JK
• feat: REALITY use proxy servername by @H1JK
• feat: Support REALITY protocol by @H1JK
• feat: Support VLESS XTLS Vision (#406) by @H1JK
• feat: add sni field for tuic by @Skyxim
• feat: add upgrade api by @Larvan2
• feat: nameserver-policy support multiple keys by @Larvan2
• feta: add hosts support domain and mulitple ip (#439) by @Skyxim
• refactor: tcp dial (#412) by @Skyxim

Maintenance

• chore: Better REJECT conn by @H1JK
• chore: Chore: adjust the loading order, and then load the resource at last by @Skyxim
• chore: Cleanup REALITY code by @H1JK
• chore: Generate UUID from fastrand by @H1JK
• chore: Improve REALITY handshake by @H1JK
• chore: Remove useless mutex in Vision by @H1JK
• chore: Update dependencies by @wwqgtxx
• chore: Vision padding upgrade by @H1JK
• chore: proxy-server-nameserver does not follow the nameserver-policy by @Skyxim
• chore: add /restart to restful api by @wwqgtxx
• chore: add comment by @Skyxim
• chore: add custom ca trust by @Skyxim
• chore: add early conn interface to decrease unneeded write by @wwqgtxx
• chore: add more utls fingerprints by @wwqgtxx
• chore: add pprof api, when log-level is debug by @Skyxim
• chore: add reality-grpc by @Larvan2
• chore: add release branch by @Larvan2
• chore: add sni of tuic in demo by @Skyxim
• chore: adjust error log by @Skyxim
• chore: adjust log by @Skyxim
• chore: adjust the configuration loading order by @Skyxim
• chore: adjust trust cert by @Skyxim
• chore: better REJECT process by @wwqgtxx
• chore: better TunnelStatus define by @wwqgtxx
• chore: better geodata shared by @wwqgtxx
• chore: better release notes by @Larvan2
• chore: better release notes by @kunish
• chore: better rename by @Larvan2
• chore: better restls by @wwqgtxx
• chore: better uuid using by @wwqgtxx
• chore: better windows bind error handle by @wwqgtxx
• chore: better workflow by @Larvan2
• chore: better workflow by @MetaCubeX
• chore: better workflow by @wwqgtxx
• chore: change default geo* url by @Larvan2
• chore: change internal tcp traffic type by @Skyxim
• chore: clean up code by @Larvan2
• chore: clean up code by @wwqgtxx
• chore: cleanup code by @wwqgtxx
• chore: cleanup dialer's code by @wwqgtxx
• chore: code cleanup by @wwqgtxx
• chore: disconnect when suspended by @Skyxim
• chore: do not apply padding for nonTLS packet with contentLen over 900 by @Larvan2
• chore: do not modify ALPN in utls by @Larvan2
• chore: exposure ipv6 wait time by @Skyxim
• chore: fix issues #440 by @Larvan2
• chore: format code by @Skyxim
• chore: keep existing connections by @Skyxim
• chore: move sing-tun's udpTimeout fix to there lib by @wwqgtxx
• chore: parse the allowInsecure field for the trojan uri scheme by @MetaCubeX
• chore: push latest alpha core to MetaCubeX/AlphaBinary by @Larvan2
• chore: rename delete.yml by @Larvan2
• chore: reset tunName in macos when it isn't startWith "utun" by @wwqgtxx
• chore: Simplify VLESS handshake lock by @H1JK
• chore: set prerelease notes timezone of release create time to Asia/Shanghai by @kunish
• chore: shadowsocks listener support the "udp" setting by @wwqgtxx
• chore: share the same geodata in different rule by @wwqgtxx
• chore: skip restart when update error by @Larvan2
• chore: support TFO for outbounds by @wwqgtxx
• chore: try to fix slice out of bound. by @Larvan2
• chore: Update flake.nix (#452) by @yaoshiu
• chore: update for testing the updater by @Larvan2
• chore: update quic-go by @wwqgtxx
• chore: update quic-go to release unused buffer when error by @wwqgtxx
• chore: update readme by @Larvan2
• chore: update utls library by @wwqgtxx
• chore: update xray-core version by @Larvan2
• chore: use early conn to support real ws 0-rtt by @wwqgtxx
• chore: use fastrand to replace math/rand by @wwqgtxx
• chore: use inner for upgrade core by @Larvan2
• chore: using sing-shadowtls to support shadowtls v1/2/3 by @wwqgtxx
• chore: wireguard using internal dialer by @wwqgtxx

BUG & Fix

• fix: ALPN not applied in uTLS/REALITY by @H1JK
• fix: Adjust the timing of subscription information acquisition by @Skyxim
• fix: Converter REALITY security type by @H1JK
• fix: Filter slice index out of bounds by @H1JK
• fix: REALITY with gRPC transport by @H1JK
• fix: SA4001 for net.UDPAddr copy by @wwqgtxx
• fix: SA4001 for netDialer copy by @wwqgtxx
• fix: The default interface is actually configured incorrectly by @Skyxim
• fix: ToLower first by @Larvan2
• fix: Vision disable filter for non-TLS connections by @H1JK
• fix: Vision filter Client Hello by @H1JK
• fix: Vision filter TLS 1.2 by @H1JK
• fix: Vision filter TLS 1.2 by @wwqgtxx
• fix: add "dns resolve failed" error in dialer by @wwqgtxx
• fix: add version of shadow-tls plugin in docs/config.yaml by @wwqgtxx
• fix: add xtls-rprx-vision server version warning to user by @wwqgtxx
• fix: checkTunName mistake by @wwqgtxx
• fix: dial panic by @Skyxim
• fix: dialer dual stack panic by @Skyxim
• fix: dns resolve in dialer by @wwqgtxx
• fix: dns resolver by @wwqgtxx
• fix: don't return a non-nil interface containing nil pointer by @wwqgtxx
• fix: dual stack serial dial by @Skyxim
• fix: ensure peekMutex is locked before handleSocket by @wwqgtxx
• fix: ensure restart api return ok by @wwqgtxx
• fix: ensure wireguard inner use dialer with DefaultResolver by @wwqgtxx
• fix: geosite of nameserver-policy cannot be loaded correctly by @MetaCubeX
• fix: global-client-fingerprint is now work by @Larvan2
• fix: golang1.19 can't compile by @wwqgtxx
• fix: handle no IP address by @Skyxim
• fix: incorrect time to set interface name by @Skyxim
• fix: inner http use host of address by @Skyxim
• fix: ip version prefer not working by @Skyxim
• fix: let quic-go works on outbound's packetConn by @wwqgtxx
• fix: load-balance's touch not effected by @wwqgtxx
• fix: loadbalance panic by @wwqgtxx
• fix: log typo by @MetaCubeX
• fix: optimize health check by @Skyxim
• fix: peek not work with some inbound by @wwqgtxx
• fix: rand ip error and clash remove loopback ip by @Skyxim
• fix: reject's dial warning by @wwqgtxx
• fix: replace self define "connect timeout" to os.ErrDeadlineExceeded by @wwqgtxx
• fix: sing-vmess listener‘s "cipher: message authentication failed" by @wwqgtxx
• fix: sing_tun apply udpTimeout when using gvisor stack by @wwqgtxx
• fix: strategyRoundRobin not begin with zero by @wwqgtxx
• fix: tproxy listener cannot listen udp by @Skyxim
• fix: tuic missing routing mark by @wwqgtxx
• fix: tuic relay tuic by @wwqgtxx
• fix: tuic server close with error message by @wwqgtxx
• fix: tuic server set authentication timeout after quic handshake complete by @wwqgtxx
• fix: tuic udp native mode can't relay packetSize>1200 by @wwqgtxx
• fix: tunnel's inboundTFO missing by @wwqgtxx
• fix: udp loopback show "The requested address is not valid in its context." by @wwqgtxx
• fix: unmap 4in6 address in dialer and wireguard by @wwqgtxx
• fix: uot client's WriteTo mistake by @wwqgtxx
• fix: upgrade backup by @Larvan2
• fix: vless NeedHandshake mistake by @wwqgtxx

New Contributors

• @3andne made their first contribution in #441
• @yaoshiu made their first contribution in #452

Full Changelog: v1.14.2...v1.14.3

v1.14.2

What's Changed

• fix: skip-cert-verify is true by default by @3andero in #333
• chore: Refine process code by @cubemaze
• chore: adjust the case of Program names and HttpRequest UA by @cubemaze
• Fix: TLS defaults to true for h2/grpc networks by @cubemaze
• refactor: replace experimental.fingerprints with custom-certificates and Change the fingerprint verification logic to SSL pinning by @Skyxim
• fix: ss converter cipher missing by @cubemaze
• fix: config parse error by @Skyxim
• chore: better workflow by @wwqgtxx
• refactor: Implement extended IO by @H1JK
• chore: tuic decrease unneeded copy by @wwqgtxx
• chore: decrease direct depend on the sing package by @wwqgtxx
• fix: addr panic by @wwqgtxx
• adjust: Improve WebSocket mask by @H1JK
• feat: gRPC gun implement extended writer by @H1JK
• chore: Update BBR config by @Larvan2
• fix: tuic server's SetCongestionController by @wwqgtxx
• fix: tuic server's MaxIncomingStreams by @wwqgtxx
• fix: tcpTracker's upload by @wwqgtxx
• chore: new Random TLS KeyPair when empty input by @wwqgtxx
• Fix: Remove EnableProcess from config.go and enable-process from config.yaml. FindProcess is now enabled by default when the rule set contains process-name rules by @Larvan2
• fix: ShadowTLS header use array instead by @H1JK
• feat: better config for sniffer by @Skyxim
• feat: add override-destination for sniffer by @Skyxim
• make ConvertsV2Ray more robust by @ag2s20150909 in #349
• Chore: Decrease the default MaxUdpRelayPacketSize to 1252 to avoid the relay UDP exceeding the size of the QUIC's datagram. ClientMaxOpenStreams now follows the config.yaml option by @Larvan2
• chore: better source address by @Skyxim
• feat: Converter support WS early data parameters by @H1JK
• fix: sub-rule condition don't work by @Skyxim
• chore: better parse udp dns by @Skyxim
• Chore: Add GEO data url configuration by @Larvan2
• Chore: Change default latency test url to HTTPS by @Larvan2
• Chore: Better parsing pure IPv6 UDP DNS by @Larvan2
• chore: better parsing pure UDP DNS by @Larvan2
• feature: geosite-based nameserver policy by @i40e
• chore: restful api display xudp for VLESS and VMess by @cubemaze
• chore: adjust keyword for geosite-based nameserver policy by @cubemaze
• adjust: VLESS enable XUDP by default by @H1JK
• docs(README.md): remove missing image link, mention Yacd-meta by @kunish in #356
• fix: get tlsconfig err not handle, return nil pointer #358 by @tgNotHouse in #360
• feat: Add utls for client's fingerprint. by @Larvan2 in #361
• chore: fix mips atomic panic by @wwqgtxx
• feat: nameserver policy support multiple server by @Skyxim
• fix: Converter Shadowsocks password parse by @H1JK
• chore: override-destination default value is true by @Skyxim
• feat: add global-client-fingerprint by @Larvan2
• fix: sniff domain don't match geosite when override-destination valuE is false by @Skyxim
• chore: do not use extra pointer in UClient by @wwqgtxx
• chore: avoid repeated wrapper by @Skyxim
• fix: tun udp with 4in6 ip by @wwqgtxx
• chore: better bind in windows by @wwqgtxx
• fix: RoundRobin strategy of load balance when called multiple times by @Ovear in #390
• feat: introduce a new robust approach to handle tproxy udp by @Ovear in #389
• style: run go fmt on every .go file by @kunish in #392
• fix: parsing ipv6 doh error by @Skyxim
• chore: Considering remove GOAMD64=v2 of linux-amd64-compatible by @wwqgtxx
• fix: websocket headroom by @wwqgtxx
• fix: disable header protection in vmess server by @wwqgtxx

Config changes

#  全局TLS指纹,优先低于proxy内的 client-fingerprint
#  可选："chrome","firefox","safari","ios","random","none" options.
#  Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
global-client-fingerprint: chrome

# DNS 分流支持 GeoSite
dns:
    #此处省略部分设置#
  nameserver-policy:
    "geosite:cn": 
      - https://doh.pub/dns-query
      - https://dns.alidns.com/dns-query
      
  nameserver:
  - https://dns.google/dns-query
  - https://dns.cloudflare.com/dns-query
  - https://doh.opendns.com/dns-query
  - https://doh.dns.sb/dns-query

# 嗅探域名 
sniffer:
  enable: false
  ## 对 redir-host 类型识别的流量进行强制嗅探
  ## 如：Tun、Redir 和 TProxy 并 DNS 为 redir-host 皆属于
  # force-dns-mapping: false
  ## 对所有未获取到域名的流量进行强制嗅探
  # parse-pure-ip: false
  # 是否使用嗅探结果作为实际访问，默认 true
  # 全局配置，优先级低于 sniffer.sniff 实际配置
  override-destination: false
  sniff:
    # TLS 默认如果不配置 ports 默认嗅探 443
    TLS:
    #  ports: [443, 8443]

    # 默认嗅探 80
    HTTP:
      # 需要嗅探的端口

      ports: [80, 8080-8880]
      # 可覆盖 sniffer.override-destination
      override-destination: true
  force-domain:
    - +.v2ex.com
  ## 对嗅探结果进行跳过
  # skip-domain:
  #   - Mijia Cloud

proxies:
  #此处省略部分设置#
  # vmess
  - name: "vmess"
    type: vmess/vless/trojan
    client-fingerprint: chrome   
    #  可选："chrome","firefox","safari","ios","random","none" options.
    #  Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.

New Contributors

• @kunish made their first contribution in #356
• @tgNotHouse made their first contribution in #360
• @Ovear made their first contribution in #390

Full Changelog: v1.14.1...v1.14.2