Prerelease-Alpha

Release created at Fri Jan 9 00:03:04 CST 2026
Synchronize Alpha branch code updates, keeping only the latest version


我应该下载哪个文件? / Which file should I download?
二进制文件筛选 / Binary file selector
查看文档 / Docs

v1.19.18

What's Changed

• e4cdb9b feat: add uot for sudoku (#2415) by @saba-futai
• 2211789 chore: add customized byte style for sudoku (#2427) by @saba-futai
• 25041b5 chore: sudoku support enable-pure-downlink mode to increase download bandwidth (#2419) by @saba-futai
• 4a723e8 chore: allow automatic reloading when the TLS server's certificate, private-key or ech-key is a local file by @wwqgtxx
• 5585304 chore: allow custom path for gRPC (grpc-service-name start with /) by @wwqgtxx
• a06097c chore: add xvp rotation andd new header generation strategy for sudoku (#2437) by @saba-futai
• The group with relay type (which was marked as deprecated in v1.18.6) was completely removed in v1.19.17, please using dialer-proxy instead

BUG & Fix

• 17966b5 fix: close sing-tun maybe panic on windows by @wwqgtxx
• 1ebcb25 fix: typo in sniffer skip-dst-address config parsing (#2446) by @Howard20181
• 91f5593 fix: structure ignore tag not working in nest struct by @wwqgtxx
• abb5519 fix: os.RemoveAll not working on Windows7 by @wwqgtxx
• b753a57 fix: ech not work with websocket+clientFingerprint by @eric-gitta-moore
• bc8f0dc fix: missing ntp call by @wwqgtxx
• d33dbbe fix: QUIC events with session tickets disabled will panic on Go 1.26 by @wwqgtxx
• e652e27 fix: missing ProxyInfo information in wireguard outbound by @wwqgtxx

Maintenance

• 17b8eb8 chore: skip icmp forwarding when destination in tun interface addr range by @wwqgtxx
• 1cab34d chore: update quic-go to 0.57.1 by @wwqgtxx
• 2a1b3b2 chore: allow sudoku inbound handle sing-mux request by @wwqgtxx
• 30891f8 chore: sharing sudoku internal code by @wwqgtxx
• 32ce513 chore: discard domain addr input in sudoku uot by @wwqgtxx
• 35a1130 chore: use HasPrefix instead of Contains for key checks (#2447) by @Howard20181
• 40863d2 chore: add lock in baseProvider for thread-safe by @wwqgtxx
• 6539b50 chore: restful api contains providerChains for connections by @wwqgtxx
• 6b40072 chore: support find process on freebsd 14 and 15 (#2422) by @Vincent-Loeng
• 7cd58fb chore: add DialerForAPI to outbound option for library user by @wwqgtxx
• 7e8c287 chore: improve HTTPS RR logging (#2431) by @eric-gitta-moore
• 827cd61 chore: cleanup import path by @wwqgtxx
• 87c3f70 chore: add TODO comment to ca.LoadCertificates by @wwqgtxx
• 90470ac chore: cleanup import path for common/net by @wwqgtxx
• 936ebc7 chore: add echparser package for parse ECHConfigList and ECHConfig by @wwqgtxx
• 93cf46e chore: remove unused import path by @wwqgtxx
• 9a5e506 chore: simplify server config and add keygen for sudoku (#2407) by @saba-futai
• 9df8392 chore: clean up internal interface definitions by @wwqgtxx
• ac90543 chore: code cleanup by @wwqgtxx
• b509aff chore: simplify DNSPrefer serialization process by @wwqgtxx
• b5fa3ee chore: restful api contains provider-name for proxies by @wwqgtxx
• b92b387 chore: update ech handling by @wwqgtxx
• bc719eb chore: simplify tuic client by @wwqgtxx
• bc9db11 chore: hub/route module handle websocket itself by @wwqgtxx
• c33d9ad chore: cleanup sudoku internal code by @wwqgtxx
• cbcacdb chore: using tls.Config.GetCertificate/GetClientCertificate to load TLS certificates by @wwqgtxx
• d2007fd chore: improves thread safety in adapter by @xixu-me
• d8dcaa7 chore: add upTotal and downTotal data to /traffic restful api by @wwqgtxx
• e1384e8 chore: update http2 using in test by @wwqgtxx
• e7a04e0 chore: don't process msg.Extra in msgToHTTPSRRInfo by @wwqgtxx
• f44aa22 chore: add sudoku ed25519key test by @wwqgtxx
• fdb7cb1 chore: allow setting DialerForAPI in adapter.ParseProxy for library user by @wwqgtxx

Full Changelog: v1.19.17...v1.19.18

v1.19.17

What's Changed

• 5aa140c feat: support mieru UDP outbound (#2384) by @enfein
• 6cf1743 feat: add Sudoku protocol inbound & outbound support (#2397) by @saba-futai (doc: outbound inbound)
• The group with relay type (which was marked as deprecated in v1.18.6) was completely removed, please using dialer-proxy instead

BUG & Fix

• 0df2f79 fix: missing metadata in mieru inbound by @wwqgtxx
• 2f545ef fix: hosts not working by @wwqgtxx
• 438d413 fix: compare authentication scheme case-insensitively (#2386) by @TargetLocked
• 45fd628 fix: bugs in kcp-go and smux by @wwqgtxx
• 5998956 fix: a nil pointer error when closing mieru underlay (#2401) by @enfein
• 8b6ba22 fix: replace wrong SetString() with SetBool() for uint weak-typed input (#2394) by @sinspired
• c107c6a fix: crash due to nil net.Conn from mieru inbound (#2361) by @enfein
• d48bcf1 fix: fakeip6 logic not work correctly by @wwqgtxx

Maintenance

• 054e63c chore: remove depend of purego by @wwqgtxx
• 0b3159b chore: remove redundant code (#2355) by @hi
• 140d892 chore: better log by @wwqgtxx
• 4d3167f chore: completely remove relay group type using dialer-proxy instead by @wwqgtxx
• 7571c87 chore: add fake-ip-ttl to dns section by @wwqgtxx
• 93de49d chore: sync sudoku with mihomo log (#2402) by @futai
• a001b1b chore: update mieru version (#2403) by @enfein
• d1f89fa chore: update tfo-go ready for go1.26 by @wwqgtxx
• e2796e2 chore: apply ping destination filter for windows by @wwqgtxx
• f6e494e chore: upgrade the embedded xsync.Map to v4.2.0 by @wwqgtxx

Full Changelog: v1.19.16...v1.19.17

v1.19.16

What's Changed

• a4b7680 feat: support mieru inbound (#2347) by @enfein
• c8af92a feat: support fake-ip-range6 in dns module by @wwqgtxx

BUG & Fix

• 5bc0ac7 fix: openbsd build by @wwqgtxx
• 6fb1f79 fix: handle nil pointer stored in non-nil interface (#2337) by @Restia-Ashbell
• 8b32c43 fix: race in kcp-go by @wwqgtxx
• 90f47a6 fix: openbsd build by @wwqgtxx
• 9ed9c3d fix: docker build by @wwqgtxx
• c2209d6 fix: vision panic with dialer-proxy by @wwqgtxx
• dcfe664 fix: strategyFn index out of range if proxies changed (#2330) by @vernesong
• f2bf4a0 fix: memory leak in h3 stream hijack by @wwqgtxx

Maintenance

• 1d5890a chore: cleanup import path for constant/provider by @wwqgtxx
• 27b47f9 chore: structure support ignore tag by @wwqgtxx
• 421dc79 chore: cleanup default value in parseProxy by @wwqgtxx
• 5a285ac chore: reduce the global variables that should not be used in amneziawg-go by @wwqgtxx
• 644c04f chore: update sing-tun by @wwqgtxx
• 6bffbdd chore: ignore ipv6 check when get interface addrs failed by @wwqgtxx
• 85c56e7 chore: revert ade4234 for convert speed by @wwqgtxx
• 8701639 chore: update bart by @wwqgtxx
• 926aaec chore: update purego by @wwqgtxx
• 99e68e9 chore: update dependencies by @wwqgtxx
• a3c023a chore: cleanup import path for component/process by @wwqgtxx
• c25a388 chore: share append chains logic by @wwqgtxx
• cfdaebe chore: check fake-ip-range and fake-ip-range6 are indeed ipv4 and ipv6 prefixes by @wwqgtxx
• f3edbc2 chore: remove unused code by @wwqgtxx
• fb1ae21 chore: remove unused code by @wwqgtxx
• fd39c2a chore: better maphash test by @wwqgtxx
• ff62386 chore: reduce internal dependencies of the ntp package by @wwqgtxx
• ff76576 chore: cleanup import path for listener by @wwqgtxx

Full Changelog: v1.19.15...v1.19.16

v1.19.15

What's Changed

BUG & Fix

Maintenance

• 40e0813 chore: adjust the internal code structure of the dns module by @wwqgtxx
• 94b591e chore: separate the DNS enhancer config passing by @wwqgtxx
• d225625 chore: update quic-go to 0.55.0 by @wwqgtxx
• da69b19 chore: remove unused global goroutine in kcp-go by @wwqgtxx
• de2ff37 chore: update utls by @wwqgtxx
• f45c6f5 chore: update quic-go to 0.54.1 by @wwqgtxx
• f7bd8b8 chore: revert "chore: consolidate mieru port configuration (#2277)" by @wwqgtxx

Full Changelog: v1.19.14...v1.19.15

v1.19.14

What's Changed

• 0ced98d feat: support sending ping requests via direct in tun mode by @wwqgtxx

• 0dc5e30 feat: add mTLS support for client & server (certificate and private-key for proxies, client-auth-type and client-auth-cert for listeners( by @wwqgtxx

• 571be85 feat: support mieru 0-RTT handshake (#2261) by @enfein

• 6786705 feat: remove ca and ca-str in hy1/hy2/tuic outbound, using fingerprint instead by @wwqgtxx

• 80a90f0 feat: support AmneziaWG v2.0 by @wwqgtxx

• 9a124a3 feat: add disable-icmp-forwarding option to tun (#2248) by @Nuofang

• abe6c3b feat: support kcptun plugin for ss client/server by @wwqgtxx

• For macOS users: According to the Go wiki, Go 1.25 no longer supports macOS 11. macOS 11 users are advised to download the binary with the go124 tag, macOS 10.15 users are advised to download the binary with the go122 tag, and macOS 10.13 users are advised to download the binary with the go120 tag.

• Note: For amd64 platform, -amd64 and -amd64-compatible versions have been deprecated. -amd64-v1, -amd64-v2 and -amd64-v3 will be used to mark the CPU level. Please adapt the automatic update script in time for downstream projects.

BUG & Fix

• 02d954b fix: server mux conn not close by @wwqgtxx
• 1b99759 fix: ntp time method not passing to ss2022 client by @wwqgtxx
• 23448ec fix: incomplete read filter in vision by @wwqgtxx
• 30bead4 fix: ntp not apply to reality client by @wwqgtxx
• 4188277 fix: tuic server goroutine leak by @wwqgtxx
• 455f213 fix: xudp server source addr losing by @wwqgtxx
• 472cefb fix: snat key in packet listener by @wwqgtxx
• 6c527f8 fix: panic when wintun dll fails to load by @wwqgtxx
• 7061c5a fix: possible data location errors in vision read by @wwqgtxx
• 74e64d3 fix: maybe "invalid cross-device link" in update ui by @wwqgtxx
• 7e9e12c fix: SyscallVectorisedPacketWriter not handle inet type in address processing by @wwqgtxx
• 8cdfd87 fix: ip4p port not apply in resolveUDPAddr by @wwqgtxx
• 909729c fix: allow use vision on vless encryption over ws by @wwqgtxx
• 92ecdfc fix: data race on darwin by @wwqgtxx
• 9cc208b fix: reality shouldn't check chacha by @wwqgtxx
• a8f7e25 fix: backticks cannot be used to separate multiple regular expressions in the exclude-filter of proxy-providers by @wwqgtxx
• c4449a9 fix: ntp not apply to reality server by @wwqgtxx
• ccff003 fix: get localAddr error by @wwqgtxx
• dd7b3c2 fix: race codes by @wwqgtxx
• f02766a fix: reshaping buffer maybe too long in vision by @wwqgtxx
• fed4b36 fix: auto update local file provider (#2245) by @nunu6689

Maintenance

• 00638f3 chore: don't test sing-mux over grpc by @wwqgtxx
• 0336d64 chore: cleanup vision code by @wwqgtxx
• 08fc100 chore: cleanup ntp code by @wwqgtxx
• 0992ee8 chore: remove depend of gopsutil by @wwqgtxx
• 0c25831 chore: replace HasAESGCMHardwareSupport in vless encryption by @wwqgtxx
• 0c556bc chore: replace hashicorp/yamux to our forked libp2p/go-yamux by @wwqgtxx
• 0d3d31d chore: ready for handwritten addons parsing by @wwqgtxx
• 108bf64 chore: merge the server-side and client-side vision implementations by @wwqgtxx
• 1b1f95a chore: consolidate mieru port configuration (#2277) by @enfein
• 1d09ed8 chore: simplify resolveUDPAddr by @wwqgtxx
• 2222d0e chore: update gvisor by @wwqgtxx
• 2987200 chore: sync vless encryption code by @wwqgtxx
• 29eaa4d chore: add test for memory module by @wwqgtxx
• 318b352 chore: better handwritten addons parsing by @wwqgtxx
• 33cde65 chore: sync vless encryption code by @wwqgtxx
• 3a1caf1 chore: better batchConn handle in kcp-go by @wwqgtxx
• 3b63fef chore: better defensive programming by @wwqgtxx
• 40b2cde chore: cleanup dns client code by @wwqgtxx
• 45cb45a chore: simplify randBetween by @wwqgtxx
• 50e1afd chore: cleanup vless code by @wwqgtxx
• 545d9b8 chore: sync vless encryption code by @wwqgtxx
• 57b527d chore: simplify GetMemoryInfo in darwin by @wwqgtxx
• 57e14e5 chore: cleanup internal ca using by @wwqgtxx
• 5c73025 chore: change vless encryption code to our style by @wwqgtxx
• 5e17d6f chore: simplify N.Relay by @wwqgtxx
• 63781b3 chore: decrease memory using by @wwqgtxx
• 65d3920 chore: update dependencies by @wwqgtxx
• 74a86f1 chore: update dependencies by @wwqgtxx
• 7917f24 chore: more check in listeners start by @wwqgtxx
• 7e71d21 chore: improve fingerprint verifier handle non-leaf certificate by @wwqgtxx
• 8a9300d chore: better WriteBuffers support in smux by @wwqgtxx
• 8eba1c8 chore: sync vless encryption code by @wwqgtxx
• a0f1ac4 chore: apply ntp time function more place by @wwqgtxx
• ad69ee8 chore: cleanup ntp code by @wwqgtxx
• b27325e chore: update dependencies by @wwqgtxx
• b57f305 chore: speedup convid generation by @wwqgtxx
• c6e596f chore: full reset buffer after directRead by @wwqgtxx
• c98f5f4 chore: sync vless encryption code by @wwqgtxx
• cdd02a9 chore: sync vless encryption code by @wwqgtxx
• cea29e2 chore: sync code style by @wwqgtxx
• d6f1af5 chore: cleanup queue code by @wwqgtxx
• e28c8e6 chore: sync anytls v0.0.11 (#2276) by @anytls
• f3ebd5c chore: clarify function descriptions and variable names by @wwqgtxx
• f8ee5c1 chore: sync vless encryption code by @wwqgtxx
• fdc46f0 chore: update utls to tag version by @wwqgtxx

Full Changelog: v1.19.13...v1.19.14

v1.19.13

⚠️⚠️ Warning: Any GUI client with the word mihomo in its name is not related to this project and violates the license agreement. Please do not use these malicious software. ⚠️⚠️

What's Changed

• 1b0c72b feat: support vless encryption by @wwqgtxx client doc server doc

• 5f09db2 feat: support AmneziaWG v1.5 by @wwqgtxx doc

• dc52c38 fix: ? in DOMAIN-WILDCARD should match exactly one character #2204 by @wwqgtxx

• For macOS users: According to the Go wiki, Go 1.25 no longer supports macOS 11. macOS 11 users are advised to download the binary with the go124 tag, macOS 10.15 users are advised to download the binary with the go122 tag, and macOS 10.13 users are advised to download the binary with the go120 tag.

• Note: For amd64 platform, -amd64 and -amd64-compatible versions have been deprecated. -amd64-v1, -amd64-v2 and -amd64-v3 will be used to mark the CPU level. Please adapt the automatic update script in time for downstream projects.

BUG & Fix

• 0f1baeb fix: updater may not be able to overwrite files directly by @wwqgtxx
• 0f76fdf fix: vision on vless encryption by @wwqgtxx
• 2605bf7 fix: add code signing for macOS executables during file copy by @xishang0128
• 26f6030 fix: 335d54e sync mistake by @wwqgtxx
• 2a915a5 fix: vless server close by @wwqgtxx
• 375e160 fix: data loss in vision server read by @wwqgtxx
• 48f3ea8 fix: buffer handle in vision server read by @wwqgtxx
• 8e6be19 fix: h2mux client closed by @wwqgtxx
• 99e888c fix: missing WriterReplaceable for deadline.Conn by @wwqgtxx
• adf553a fix: generate doc by @wwqgtxx
• d2395fb fix: allow disabling ALPN by setting an empty array (#2225) by @eWloYW8
• e3d9a8e fix: vision on vless encryption by @wwqgtxx
• e89af72 fix: auto redirect panic by @wwqgtxx
• e8fddd8 fix: vless packetaddr not working by @wwqgtxx
• eca5a27 fix: mlkem768 logging by @wwqgtxx

Maintenance

• 0003530 chore: let /upgrade support channel and force as parameters in restful api by @wwqgtxx
• 03f4513 chore: sync vless encryption code by @wwqgtxx
• 0408da2 chore: sync vless encryption code by @wwqgtxx
• 0836ec6 chore: change time.Duration atomic using by @wwqgtxx
• 089766b chore: update TypedValue in sing by @wwqgtxx
• 0e9102d chore: don't test h2mux for the inbound by @wwqgtxx
• 10174d2 chore: update wireguard-go by @wwqgtxx
• 12c30ac chore: cleanup vision code by @wwqgtxx
• 16d95df chore: better wildcard test by @wwqgtxx
• 16ff9e8 chore: code cleanup by @wwqgtxx
• 182f60d chore: sync vless encryption code by @wwqgtxx
• 1ae050c chore: sync vless encryption code by @wwqgtxx
• 2790481 chore: update cast using in sing-vmess by @wwqgtxx
• 2a8831b chore: sync vless encryption code by @wwqgtxx
• 335d54e chore: sync vless encryption code by @wwqgtxx
• 41b321d chore: sync vless encryption code by @wwqgtxx
• 438be2d chore: update mieru version (#2215) by @enfein
• 443200a chore: sync vless encryption code by @wwqgtxx
• 46dccf2 chore: sync vless encryption code by @wwqgtxx
• 48c1b1c chore: remove depend on lunixbochs/struc by @wwqgtxx
• 4e20ed6 chore: sync vless encryption code by @wwqgtxx
• 578e659 chore: keep original file permissions when unpack in updater by @wwqgtxx
• 664ddb8 chore: simplifying generator code by @wwqgtxx
• 6c726d6 chore: test different http data size for inbound by @wwqgtxx
• 71290b0 chore: reimplement TypedValue by atomic.Pointer by @wwqgtxx
• 7392529 chore: add a confused benchmark for wildcard by @wwqgtxx
• 76e40ba chore: sync vless encryption code by @wwqgtxx
• 7960bca chore: code cleanup by @wwqgtxx
• 7e0a77c chore: sync vless encryption code by @wwqgtxx
• 7f38763 chore: update hkdf using by @wwqgtxx
• 84086a6 chore: update dependencies by @wwqgtxx
• 854c6a1 chore: sync vless encryption code by @wwqgtxx
• 873d0de chore: make XorConn replaceable for splice by @wwqgtxx
• 946b402 chore: code cleanup by @wwqgtxx
• a0bdb86 chore: rebuild vless encryption string parsing by @wwqgtxx
• a18e99f chore: update dependencies by @wwqgtxx
• aca0d97 chore: sync vless encryption code by @wwqgtxx
• b31664b chore: sync vless encryption code by @wwqgtxx
• b41ea05 chore: add encryption to converter by @wwqgtxx
• b481eca chore: allow vision with vless encryption by @wwqgtxx
• b4c3bbf chore: sync vless encryption code by @wwqgtxx
• b56068e chore: make vision server support splice by @wwqgtxx
• b643388 chore: sync vless encryption code by @wwqgtxx
• cdf5e0c chore: rewrite vision client write by @wwqgtxx
• ce82d49 chore: update golang to 1.25 by @wwqgtxx
• d11f9c8 chore: sync vless encryption code by @wwqgtxx
• d7999a3 chore: using named const value by @wwqgtxx
• e4dfe09 chore: output vless hash11 in generater by @wwqgtxx
• e54ca7c chore: sync vless encryption code by @wwqgtxx
• e6fe895 chore: sync code by @wwqgtxx
• eb028b6 chore: better reflect using in vision by @wwqgtxx
• eeb2ad8 chore: add more test for TypedValue by @wwqgtxx
• f04af73 chore: update quic-go to 0.54.0 by @wwqgtxx
• f90d0b9 chore: using atomic.Pointer in anytls by @wwqgtxx
• fc61715 chore: add handshake-mode for mieru by @wwqgtxx

Full Changelog: v1.19.12...v1.19.13

v1.19.12

What's Changed

• 241ae92 feat: support DOMAIN-WILDCARD rule (#2124) by @ayanamist
• Note: For amd64 platform, -amd64 and -amd64-compatible versions have been deprecated. -amd64-v1, -amd64-v2 and -amd64-v3 will be used to mark the CPU level. Please adapt the automatic update script in time for downstream projects.

BUG & Fix

• 0d92b67 fix: add base64 decoding for VLESS host in ConvertsV2Ray function (#2125) by @jianguo Wang
• 2b84dd3 fix: regex in logic rules by @wwqgtxx
• 3050201 fix: darwin system stack problem by @wwqgtxx
• 407c13b fix: hy2 server crash by @wwqgtxx
• 63ad95e fix: remove unconventional bits when unpacking for update_ui (#2178) by @白日梦主义
• 765cbbc fix: miss config in patch by @wwqgtxx
• 79decdc fix: vision server crash by @wwqgtxx
• a37440c fix: some downstream dependencies on the upgrader's output fields by @wwqgtxx
• b06ec5b fix: add path safety check in file type providers (#2177) by @白日梦主义
• ba3e718 chore: update mieru to v3.16.1 (#2138) by @enfein
• d84b182 fix: darwin tun mixed stack not working by @wwqgtxx

Maintenance

• 01cd7e2 chore: improve backup and replace logic in updater by @xishang0128
• 1a84153 chore: code cleanup by @wwqgtxx
• 300eb8b chore: rebuild rule parsing code by @wwqgtxx
• 349b773 chore: upgrade and embed the xsync.Map to v4 by @wwqgtxx
• 56c3462 chore: update quic-go to 0.53.0 by @wwqgtxx
• 5f1f296 chore: add /cache/dns/flush to restful api by @wwqgtxx
• 6337151 chore: upgrade bbolt to 1.4.2 by @wwqgtxx
• 66fd5c9 chore: allow setting cache-max-size in dns section by @wwqgtxx
• 6a620ba chore: revert "chore: better dns batchExchange" by @wwqgtxx
• 6a9d428 chore: remove unused code (#2126) by @leo
• 6f4fe71 chore: update dependencies by @wwqgtxx
• 748b5df chore: keep original file permissions after update by @xishang0128
• 8cbae59 chore: upgrade bbolt by @wwqgtxx
• 8f18d3f chore: add recvmsgx and sendmsgx config to tun by @wwqgtxx
• 91985c1 chore: typo (#2127) by @Phanium
• 9f1da11 chore: use the compile-time GOAMD64 flag in the updater by @wwqgtxx
• a9b7e70 chore: optimizing copyFile in updater by @wwqgtxx
• aa555ce chore: allow embedded xsync.Map to be lazily initialized by @wwqgtxx
• b9260e0 chore: improve darwin tun performance by @wwqgtxx
• ba3e718 chore: update mieru to v3.16.1 (#2138) by @enfein
• c3a3009 chore: keep original file permissions when copyFile in updater by @wwqgtxx
• d4fbffd chore: update utls to 1.8.0 by @wwqgtxx
• deec7aa chore: optimizing download in updater by @wwqgtxx
• dfe6e05 chore: rebuild core updater by @wwqgtxx
• fb043df chore: use canonical return value order by @xishang0128

Full Changelog: v1.19.11...v1.19.12

v1.19.11

What's Changed

• 29a37f4 feat: all dns client support disable-ipv4 and disable-ipv6 params by @wwqgtxx
• 40587b6 feat: all dns client support skip-cert-verify params by @wwqgtxx
• 617fef8 feat: converter support anytls/socks/http (#2100) by @beck
• 85e6d25 feat: all dns client support ecs and ecs-override params by @wwqgtxx
• 9283cb0 feat: add loopback-address support for tun by @wwqgtxx
• Other incompatible updates are the same as v1.19.6~v1.19.10:

• For security reasons, all paths appearing in the configuration file will be limited to workdir (regardless of whether they are relative or absolute). If there is a specific need, please specify additional safe paths by setting the SAFE_PATHS environment variable while ensuring safety. The syntax of this environment variable is the same as the PATH environment variable parsing rules of this operating system (i.e., semicolon-separated under Windows and colon-separated under other systems)
• For security reasons, the "path" parameter of /configs in the restful api has been restricted, and its directory also needs to be in workdir or SAFE_PATHS.
• In addition, support for specifying routing-mark and interface-name for proxy-groups has been removed. Please specify the relevant parameters in proxies directly.
• Note: The workdir mentioned above is specified by the -d parameter when the program is started or the CLASH_HOME_DIR environment variable. If neither of the above is specified, the default is:
  • on Unix systems, $HOME/.config/mihomo.
  • on Windows, %USERPROFILE%/.config/mihomo.
• The DNS resolution of the overall UDP part has been delayed to the connection initiation stage. It will be triggered only when the IP rule without no-resolve is matched during the rule matching process.
  • For direct and wireguard outbound, the same logic as the TCP part will be followed, that is, when direct-nameserver (or DNS configured by wireguard) exists, the resolution result in the rule matching process will be discarded and the domain name will be re-resolved. This re-resolution logic is only effective for fakeip.
  • For reject and DNS outbound, no resolution is required.
  • For other outbound, resolution will still be performed when the UDP connection is initiated, and the domain name will not be sent directly to the remote server.

BUG & Fix

• 31f0060 fix: chacha20 counter overflow by @wwqgtxx
• 32d447c fix: convert https (#2102) by @beck
• 40ea0ba fix: correct constructor for 2022-blake3-chacha8-poly1305 by @wwqgtxx
• 5344e86 fix: ssr uri decode (#2116) by @Restia-Ashbell
• 5b97527 fix: incorrect checking of strings.Split return value by @wwqgtxx
• 6cfaf15 fix: missing error return by @wwqgtxx
• 71a8705 fix: remote dst parse by @wwqgtxx
• 8d7f947 fix: TypedValue.CompareAndSwap by @wwqgtxx
• ebf5918 fix: v2ray-plugin mux maybe not close underlay connection by @wwqgtxx

Maintenance

• 01f8f2d chore: cleanup allocator code by @wwqgtxx
• 082bcec chore: apply find process mode in direct/global mode by @wwqgtxx
• 166392f chore: sniffer replace domain only if domain is valid (#2122) by @ayanamist
• 255ff5e chore: add rate limiting support for reality listener by @wwqgtxx
• 2f9a3b3 chore: cleanup code by @wwqgtxx
• 5c6aa43 chore: unconditionally allow clients with passwords for password-free socks5 inbound (#2123) by @ayanamist
• 85bb40a chore: add Int32Enum for common/atomic by @wwqgtxx
• 87795e3 chore: add yaml marshal for common/atomic by @wwqgtxx
• 939e410 chore: write dns reply in single syscall by @wwqgtxx
• 93ca185 chore: converter support fingerprint for anytls by @riolurs
• ae7967f chore: the resolve and findProcess behaviors of Logic and SubRules follow the order and needs of the internal rules by @wwqgtxx
• c60750d chore: allow tun to skip the system ipv6 check when starting by environment variable SKIP_SYSTEM_IPV6_CHECK by @wwqgtxx

Full Changelog: v1.19.10...v1.19.11

v1.19.10

What's Changed

• The DNS resolution of the overall UDP part has been delayed to the connection initiation stage. It will be triggered only when the IP rule without no-resolve is matched during the rule matching process.
  • For direct and wireguard outbound, the same logic as the TCP part will be followed, that is, when direct-nameserver (or DNS configured by wireguard) exists, the resolution result in the rule matching process will be discarded and the domain name will be re-resolved. This re-resolution logic is only effective for fakeip.
  • For reject and DNS outbound, no resolution is required.
  • For other outbound, resolution will still be performed when the UDP connection is initiated, and the domain name will not be sent directly to the remote server.
• In addition, the memory usage of the UDP part of tun inbound has also been optimized in this version.
• Other incompatible updates are the same as v1.19.6~v1.19.8:

• For security reasons, all paths appearing in the configuration file will be limited to workdir (regardless of whether they are relative or absolute). If there is a specific need, please specify additional safe paths by setting the SAFE_PATHS environment variable while ensuring safety. The syntax of this environment variable is the same as the PATH environment variable parsing rules of this operating system (i.e., semicolon-separated under Windows and colon-separated under other systems)
• For security reasons, the "path" parameter of /configs in the restful api has been restricted, and its directory also needs to be in workdir or SAFE_PATHS.
• In addition, support for specifying routing-mark and interface-name for proxy-groups has been removed. Please specify the relevant parameters in proxies directly.
• Note: The workdir mentioned above is specified by the -d parameter when the program is started or the CLASH_HOME_DIR environment variable. If neither of the above is specified, the default is:
  • on Unix systems, $HOME/.config/mihomo.
  • on Windows, %USERPROFILE%/.config/mihomo.

BUG & Fix

• 15eda70 fix: hysteria2 panic by @wwqgtxx
• 1db89da fix: quic sniffer should not replace domain when no valid host is read by @wwqgtxx
• 213d80c fix: quic sniffer should consider skipDomain by @wwqgtxx
• 33590c4 fix: destination should unmap before find interface by @wwqgtxx
• 4741ac6 fix: in-port not work with shadowsocks listener by @wwqgtxx
• 5a21bf3 fix: listener close panic by @wwqgtxx
• 6c9abe1 fix: vmess listener error by @wwqgtxx
• d2e255f fix: some error in tun by @wwqgtxx

Maintenance

• 12e3952 chore: code cleanup by @wwqgtxx
• 199fb8f chore: update quic-go to 0.52.0 by @wwqgtxx
• 28c387a chore: restore break change in sing-tun by @wwqgtxx
• 34de62d chore: better get localAddr by @wwqgtxx
• 3ed6ff9 chore: export pipeDeadline by @wwqgtxx
• 4ed8303 chore: remove confused code by @wwqgtxx
• 60ae9dc chore: recover log leval for preHandleMetadata by @wwqgtxx
• 689c58f chore: clear dstIP when overrideDest in sniffer by @wwqgtxx
• 88419cb chore: better parse remote dst by @wwqgtxx
• 9e3bf14 chore: handle two interfaces have the same prefix but different address by @wwqgtxx
• a0c46bb chore: remove the redundant layer of udpnat in sing-tun to reduce resource usage when processing udp by @wwqgtxx
• a1c7881 chore: rebuild udp dns resolve by @wwqgtxx
• b1d12a1 chore: proxy's ech should fetch from proxy-nameserver by @wwqgtxx
• c0f452b chore: more unmap for 4in6 address by @wwqgtxx
• ef3d7e4 chore: remove unneeded dns resolve when proxydialer dial udp by @wwqgtxx

Full Changelog: v1.19.9...v1.19.10