Releases: v2fly/v2ray-core
v4.40.1
Features
- DNS: support DNS over TCP.
- docs: DNS
- #983 Thanks @AkinoKaede
- Currently DNS over TCP is yet to be optimized for performance, and is recommended for compatibility purpose only.
Fixes
Chores
- Use Go v1.16.5
- Update dependencies
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.40.0
Features
- DNS: support DNS over TCP.
- docs: DNS
- #983 Thanks @AkinoKaede
- Currently DNS over TCP is yet to be optimized for performance, and is recommended for compatibility purpose only.
Fixes
Chores
- Update dependencies
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.39.2
Features
- Websocket: support header based Websocket early data & its partial browser forwarder support
- GeoData: add a memory efficient geodata decoder called
memconservative
for memory-limited devices- docs: Environment variable
- #934 #953 #964 #965 #967 #977 Thanks @Loyalsoldier @rurirei
- HTTP/2 Transport: support to set method and headers for outgoing connections
- docs: HTTP/2
- TCP Socket Option: support to set keepalive interval on Linux operating system
- docs: Transport
- #962 Thanks @therealak12
Fixes
- BrowserForwarder panics with empty config (#954) Thanks @AkinoKaede @Loyalsoldier
- FakeDNS prints error with empty config (#955) Thanks @Loyalsoldier
- Dual stack FakeDNS Close method (#956) Thanks @Loyalsoldier
- Observatory starts with empty config & fails to close (#957) Thanks @Loyalsoldier
- Null check on alternative system dialer (#959) Thanks @rurirei
- Fixed the chain proxy support for gRPC and HTTP/2 transport
- Fixed leastping logic (#1019) Thanks @fanyiguang
- Fixed v2ctl unable to create geodata loaders (#1014) Thanks @ght99
Chores
- Use Go v1.16.4
- Update dependencies
Notices
- Some unintentionally published APIs have been removed. 620d8f1
- API introduced in #966 is unsupported, and will be removed once a permanent solution is available.
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.39.1
Features
- Websocket: support header based Websocket early data & its partial browser forwarder support
- GeoData: add a memory efficient geodata decoder called
memconservative
for memory-limited devices- docs: Environment variable
- #934 #953 #964 #965 #967 #977 Thanks @Loyalsoldier @rurirei
- HTTP/2 Transport: support to set method and headers for outgoing connections
- docs: HTTP/2
- TCP Socket Option: support to set keepalive interval on Linux operating system
- docs: Transport
- #962 Thanks @therealak12
Fixes
- BrowserForwarder panics with empty config (#954) Thanks @AkinoKaede @Loyalsoldier
- FakeDNS prints error with empty config (#955) Thanks @Loyalsoldier
- Dual stack FakeDNS Close method (#956) Thanks @Loyalsoldier
- Observatory starts with empty config & fails to close (#957) Thanks @Loyalsoldier
- Null check on alternative system dialer (#959) Thanks @rurirei
- Fixed the chain proxy support for grpc and h2 transport.
Chores
- Use Go v1.16.3
- Update dependencies
Notices
- Some unintentionally published APIs have been removed. 620d8f1
- API introduced in #966 is unsupported, and will be removed once a permanent solution is available.
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.39.0
Features
- Websocket: support header based Websocket early data & its partial browser forwarder support
- GeoData: add a memory efficient geodata decoder called
memconservative
for memory-limited devices- docs: Environment variable
- #934 #953 #964 #965 #967 #977 Thanks @Loyalsoldier @rurirei
- HTTP/2 Transport: support to set method and headers for outgoing connections
- docs: HTTP/2
- TCP Socket Option: support to set keepalive interval on Linux operating system
- docs: Transport
- #962 Thanks @therealak12
Fixes
- BrowserForwarder panics with empty config (#954) Thanks @AkinoKaede @Loyalsoldier
- FakeDNS prints error with empty config (#955) Thanks @Loyalsoldier
- Dual stack FakeDNS Close method (#956) Thanks @Loyalsoldier
- Observatory starts with empty config & fails to close (#957) Thanks @Loyalsoldier
- Null check on alternative system dialer (#959) Thanks @rurirei
Chores
- Use Go v1.16.3
- Update dependencies
Notices
- Some unintentionally published APIs have been removed. 620d8f1
- API introduced in #966 is unsupported, and will be removed once a permanent solution is available.
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.38.3
Feature
- FakeDNS: Added
fakedns+others
sniffer , based on #697 . Thanks @yuhan6665 . - TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
- Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
- Routing :
leastPing
balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.
Fixs
- Fixed crashing in fake dns. #931 Thanks @IceCodeNew
- Added IPv6 pool in fake dns by default. #925 Thanks @Loyalsoldier
- Return ErrEmptyResponse for fakedns. #926 Thanks @sixg0000d
- Fixed UDP DNS connection cause crash. Thanks @nekohasekai
- Multi-json support for observatory, browser forwarder. #944 Thanks @ha-ku @AkinoKaede
Chore
- Fixed two typo in comments. Thanks @U-v-U
Security Advisory
- TLS connections with dangerous diagnose option
allowInsecure
turn on and without certificate pin withpinnedPeerCertificateChainSha256
will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess withnone
orzero
security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) wheneverallowInsecure
is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.38.2
Feature
- FakeDNS: Added
fakedns+others
sniffer , based on #697 . Thanks @yuhan6665 . - TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
- Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
- Routing :
leastPing
balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.
Fixs
- Fixed crashing in fake dns. #931 Thanks @IceCodeNew
- Added IPv6 pool in fake dns by default. #925 Thanks @Loyalsoldier
- Return ErrEmptyResponse for fakedns. #926 Thanks @sixg0000d
- Fixed UDP DNS connection cause crash. Thanks @nekohasekai
Chore
- Fixed two typo in comments. Thanks @U-v-U
Security Advisory
- TLS connections with dangerous diagnose option
allowInsecure
turn on and without certificate pin withpinnedPeerCertificateChainSha256
will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess withnone
orzero
security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) wheneverallowInsecure
is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.38.1
Feature
- FakeDNS: Added
fakedns+others
sniffer , based on #697 . Thanks @yuhan6665 . - TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
- Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
- Routing :
leastPing
balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.
Fixs
- Fixed crashing in fake dns. #931 Thanks @IceCodeNew
- Added IPv6 pool in fake dns by default. #925 Thanks @Loyalsoldier
- Return ErrEmptyResponse for fakedns. #926 Thanks @sixg0000d
Chore
- Fixed two typo in comments. Thanks @U-v-U
Security Advisory
- TLS connections with dangerous diagnose option
allowInsecure
turn on and without certificate pin withpinnedPeerCertificateChainSha256
will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess withnone
orzero
security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) wheneverallowInsecure
is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.38.0
Feature
- FakeDNS: Added
fakedns+others
sniffer , based on #697 . Thanks @yuhan6665 . - TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
- Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
- Routing :
leastPing
balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.
Chore
- Fixed two typo in comments. Thanks @U-v-U
Security Advisory
- TLS connections with dangerous diagnose option
allowInsecure
turn on and without certificate pin withpinnedPeerCertificateChainSha256
will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess withnone
orzero
security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) wheneverallowInsecure
is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.
v4.37.3
Feature
Fix
- Cannot load geoip & geosite (#889)
Chore
Notices
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.