v1.17.0

Breaking Changes

Binary file name changes to mihomo, along with most of the const such as default config path, check and update these file/path before update to this version.

What's Changed

• feat(sniffer): add quic sniffer by @5aaee9
• feat: Add outbound sing-mux tcp-brutal support by @H1JK
• feat: add reload signal support (#780) by @andrei Shevchuk
• feat: Add v2ray httpupgrade fast open support by @H1JK
• feat: add certificate and private-key to vmess listener by @wwqgtxx
• feat: add include-all-providers to proxy-groups by @xishang0128
• feat: add override to proxy-providers by @Larvan2
• feat: add skip-auth-prefixes by @wwqgtxx
• feat: add v2ray-http-upgrade support by @wwqgtxx
• feat: add ws-path to vmess listener by @wwqgtxx
• feat: cancel RULE-SET nested SUB-RULE restrictions by @Skyxim
• feat: share more code from android branch by @Steve Johnson
• feat: support ARC for DNS cache by @Larvan2
• feat: support clash premium's structured log stream (#735) by @NyaMisty
• feat: support REJECT-DROP by @Larvan2
• feature: add environs startup option support (#2909) by @septs
• feature: add xdg base support (#2913) by @septs
• Merge pull request #810 from 5aaee9/Alpha by @Larvan2

BUG & Fix

• fix: avoid tls panic by @wwqgtxx
• fix: BBR bandwidth estimation edge case by @wwqgtxx
• fix: BBR memory leak by @wwqgtxx
• fix: build error by @wwqgtxx
• fix: dhcp not working on windows by @wwqgtxx
• fix: DNS NCACHE TTL and OPT RRs (#2900) by @jiahao Lu
• fix: fix android-arm64 build by @Steve Johnson
• fix: fix package name rules match by @Steve Johnson
• fix: gvisor panic by @wwqgtxx
• fix: gVisor UDP 6to4 check by @wwqgtxx
• fix: health check at startup by @Skyxim
• fix: health check available for 'selector' if configured by @Larvan2
• fix: hy2/tuic inbound cert isn't path by @Larvan2
• fix: improve feature check and add missing patches by @Steve Johnson
• fix: method in vmess http-opts is not used by @sduoduo233
• fix: Mux missing sing logger & initializing race by @H1JK
• fix: only force health check compatible providers by @Skyxim
• fix: parsing override by @Larvan2
• fix: Pool panic when putting small buffer by @H1JK
• fix: quic-go min MTU by @wwqgtxx
• fix: reality panic by @wwqgtxx
• fix: remote logic rules cannot be parsed (#837) by @HolgerHuo
• Fix: should check all ips need to fallback (#2915) by @yaling888
• fix: sing listener panic by @wwqgtxx
• fix: socks5 udp associate by @Dreamacro
• fix: ssr panic by @wwqgtxx
• fix: Trojan websocket header panic by @H1JK
• fix: unmap 4in6 ip by @wwqgtxx
• fix: v2ray http upgrade Hosts header not working by @wwqgtxx

Maintenance

• chore: add android feature and patch by @Steve Johnson
• chore: add CMFA auto update-dependencies trigger by @Steve Johnson
• chore: add labels to issue template by @Steve Johnson
• chore: add new bbr implementation by @wwqgtxx
• chore: add route exclude support by @wwqgtxx
• chore: add SetupContextForConn for common/net by @wwqgtxx
• chore: add some warning log by @wwqgtxx
• chore: better atomic using by @wwqgtxx
• chore: better bufio.Reader warp by @wwqgtxx
• chore: better dns batchExchange by @wwqgtxx
• chore: better tls handshake by @wwqgtxx
• chore: Cleanup code by @H1JK
• chore: cleanup error using of dialer.DefaultInterface by @wwqgtxx
• chore: code cleanup by @wwqgtxx
• chore: decrease goroutine used in core tunnel by @wwqgtxx
• chore: decrease memory copy in quic sniffer by @wwqgtxx
• chore: decrease memory copy in sing listener by @wwqgtxx
• chore: direct append data to bufio.Reader's internal buffer as much as possible by @wwqgtxx
• chore: do websocket client upgrade directly instead of gobwas/ws by @wwqgtxx
• chore: fix bbr bugs by @wwqgtxx
• chore: fix sniffer log error by @xishang0128
• chore: fix subscription_info by @xishang0128
• chore: geo link replaced with github by @xishang0128
• chore: improve subscription userinfo parsing (#781) by @septs
• chore: inMemoryAuthenticator unneed sync map by @wwqgtxx
• chore: listeners can set mux-option by @wwqgtxx
• chore: merge some quic-go fix by @wwqgtxx
• chore: migrate from gorilla/websocket to gobwas/ws by @wwqgtxx
• chore: modify configuration fields by @xishang0128
• chore: modify some fields by @xishang0128
• chore: modify ua by @xishang0128
• chore: NameServerPolicy will match inorder by @wwqgtxx
• chore: netip.Prefix should not using pointer by @wwqgtxx
• chore: Pool allocate arrays instead of slices by @H1JK
• chore: print colored log by @Larvan2
• chore: reduce memory alloc by @Larvan2
• chore: reduce string split immediately after string concat (#773) by @kiva
• chore: reorder atomic TypedValue see: https://gfw.go101.org/article/unofficial-faq.html#final-zero-size-field by @wwqgtxx
• chore: Replace stack collection with list by @H1JK
• chore: revert default global ua by @Steve Johnson
• chore: share dnsClient in NewResolver by @wwqgtxx
• chore: share some code by @wwqgtxx
• chore: Shrink allocator pool range by @H1JK
• chore: simplify fast open code by @wwqgtxx
• chore: support reject proxy type by @wwqgtxx
• chore: support relative path for hy2/tuic inbound cert by @Larvan2
• chore: support v2ray http upgrade server too by @wwqgtxx
• chore: system resolver can autoupdate by @wwqgtxx
• chore: temporary seal by @Larvan2
• chore: Update dependencies by @H1JK
• chore: update dependencies by @Larvan2
• chore: Update dependencies by @wwqgtxx
• chore: update gvisor by @wwqgtxx
• chore: update quic-go to 0.39.0 by @wwqgtxx
• chore: Update quic-go to v0.40.0 by @wwqgtxx
• chore: update sing-tun by @wwqgtxx
• chore: upgrade xsync to v3 by @wwqgtxx
• chore: using wk8/go-ordered-map/v2 replace internal StringMapSlice by @wwqgtxx
• docs: support reload in service by @Larvan2
• docs: update about quic sniffer by @5aaee9
• docs: update readme.md by @Larvan2

Full Changelog: v1.16.0...v1.17.0

v1.16.0

What's Changed

• feat: Add disable quic-go GSO to experimental by @H1JK
• feat: add provider proxies api by @xishang0128
• feat: add udp-over-stream for tuic only work with meta tuic server or sing-box 1.4.0-beta.6 by @wwqgtxx
• feat: bump restls to v0.1.6 (utls v1.4.3) (#692) by @3andne
• feat: configurable TCPKeepAlive interval by @Larvan2
• feat: converter support hysteria2 by @Larvan2
• feat: Converter unofficial TUIC share link support by @H1JK
• feat: download/upgrade XD to external-ui by @Larvan2
• feat: inbound support Hysteria2 by @wwqgtxx
• feat: ntp service by @riolu.rs
• feat: proxies support direct type by @wwqgtxx
• feat: recovering preHandleMetadata failure from sniffing (#769) by @kiva
• feat: support Hysteria2 by @wwqgtxx
• feat: support users to customize download ua by @xishang0128
• feat: update external-ui by @Larvan2

BUG & Fix

• fix: caceh dns result by @Skyxim
• fix: call shutdown before restart (#709) by @Alpha
• fix: concurrent map writes #707 by @Larvan2
• fix: dualStack confusing error on ipv4 failed connect by @Mitt
• fix: fail to set KeepAliveIntervall #715 by @Larvan2
• fix: hy2 udp not working by @wwqgtxx
• fix: ntp service panic by @riolu.rs
• fix: ntp service panic by @wwqgtxx
• fix: RESTful api missing TunConf.device by @YanceyChiew
• fix: sing-vmess panic by @wwqgtxx
• fix: socks5 udp not working on loopback by @wwqgtxx
• fix: TLS ALPN support by @H1JK
• fix: tuicv5 panic in ReadFrom by @wwqgtxx
• fix: uot read failed by @wwqgtxx

Maintenance

• chore: cleanup code by @Larvan2
• chore: cleanup codes by @Larvan2
• chore: DNS cache policy follow upstream by @Larvan2
• chore: fix typo by @Larvan2
• chore: handle provider proxies in proxies api by @PuerNya
• chore: ignore PR when Pre-releasing by @Larvan2
• chore: limit tuicv5's maxUdpRelayPacketSize up to 1200-PacketOverHead by @wwqgtxx
• chore: ntp service dep with sing, optional synchronize system time by @riolu.rs
• chore: ntp service support dialer-proxy by @wwqgtxx
• chore: rebuild ca parsing by @wwqgtxx
• chore: rename func name by @Larvan2
• chore: resolver read system hosts file by @wwqgtxx
• chore: Restore go1.20 support by @wwqgtxx
• chore: restore unselected by @Larvan2
• chore: share N.dialer code by @wwqgtxx
• chore: support set cwnd for hy2 too by @wwqgtxx
• chore: TCPKeepAlive interval set to 15s by default by @Larvan2
• chore: Update android-ndk by @汐殇
• chore: Update dependencies by @H1JK
• chore: Update dependencies by @wwqgtxx
• chore: update external-ui by @xishang0128
• Chore: update github issue template by @xishang0128
• chore: update provider proxies api by @xishang0128
• chore: update quic-go to 0.38.0 by @wwqgtxx
• chore: updateUI API return 501 when config incomplete by @Larvan2
• chore: use cmp in go 1.21 by @Larvan2
• chore: use WaitGroup in dualStackDialContext by @Larvan2
• chore: Use xsync provided map size calculation by @H1JK
• chore: using xsync.MapOf replace sync.Map by @wwqgtxx
• docs(README): update dashboard section by @kunish
• Merge pull request #767 from PuerNya/fix-delay by @汐殇
• refactor: Decouple .Cleanup from ReCreateTun by @YanceyChiew

Full Changelog: v1.15.1...v1.16.0

v1.15.1

What's Changed

• feat: Add Meta-geoip V0 database support by @H1JK
• feat: Add RCode DNS client by @H1JK
• feat: Add sing-geoip database support by @H1JK
• feat: Add XUDP migration support by @H1JK
• feat: add inbound-mptcp for listeners by @wwqgtxx
• feat: add mptcp for all proxy by @wwqgtxx
• feat: optional provider path (#624) by @汐殇
• feat: support tuicV5 by @wwqgtxx
• feat: tuic outbound allow set an empty ALPN array by @wwqgtxx

BUG & Fix

• fix geodata-mode by @xishang0128
• fix hysteria faketcp lookback in TUN mode (#601) by @Mars160
• fix: parse nested sub-rules failed by @Skyxim
• fix: Disable XUDP global ID if source address invalid by @H1JK
• fix: discard http unsuccessful status by @Skyxim
• fix: DNS cache by @H1JK
• fix: dns concurrent not work by @Skyxim
• fix: go1.19 compile by @wwqgtxx
• fix: handle manually select in url-test by @Larvan2
• fix: hysteria faketcp loopback in tun mode by @wwqgtxx
• Fix: mapping dns should not stale (#675) by @Yusaki丶Kanade
• fix: nil pointer in urltest (#603) by @wzdnzd
• fix: panic when add 4in6 ipcidr by @Skyxim
• fix: Resolve delay omission in the presence of nested proxy-groups by @Larvan2
• fix: singmux return wrong supportUDP value by @wwqgtxx
• fix: tuic server cwnd parsing by @wwqgtxx
• fix: tuicV5's heartbeat should be a datagram packet by @wwqgtxx
• fix: tunnel's handleUDPToLocal panic by @wwqgtxx

Maintenance

• chore: change geodata download url to fastly.jsdelivr.net (#636) by @moranno
• chore: adjustable cwnd for cc in quic by @Larvan2
• chore: allow unsafe path for provider by environment variable by @Skyxim
• chore: avoid unneeded map copy when close connection in restful api by @wwqgtxx
• chore: better close single connection in restful api by @wwqgtxx
• chore: better env parsing by @wwqgtxx
• chore: better resolv.conf parsing by @wwqgtxx
• chore: better tuicV5 deFragger by @wwqgtxx
• chore: Disable cache for RCode client by @H1JK
• chore: fix TUIC cwnd parsing by @Larvan2
• chore: function rename by @wwqgtxx
• chore: generate release note automatically by @Larvan2
• chore: genReleaseNote support verrsion range by @Larvan2
• chore: Ignore PR in Docker build by @Larvan2
• chore: init gopacket only when dial fake-tcp to decrease memory using by @wwqgtxx
• chore: Random only if the certificate and private-key are empty by @Skyxim
• chore: reduce process lookup attempts when process not exist #613 by @Skyxim
• chore: Refine adapter type name by @H1JK
• chore: Reject packet conn implement wait read by @H1JK
• chore: Remove legacy XTLS support (#645) by @hellojack
• chore: Replace murmur3 with maphash by @H1JK
• Chore: Something update from clash (#639) by @タイムライン
• chore: Something update from clash :) (#606) by @タイムライン
• chore: statistic's Snapshot only contains TrackerInfo by @wwqgtxx
• chore: structure support decode pointer by @wwqgtxx
• chore: tuic server can handle V4 and V5 in same port by @wwqgtxx
• chore: Update dependencies by @H1JK
• chore: Update dependencies by @wwqgtxx
• chore: update go1.21.0 release by @wwqgtxx
• chore: Update go1.21rc3 by @wwqgtxx
• chore: update proxy's udpConn when received a new packet by @wwqgtxx
• chore: update quic-go to 0.34.0 by @wwqgtxx
• chore: update quic-go to 0.35.1 by @wwqgtxx
• chore: update quic-go to 0.36.0 by @wwqgtxx
• chore: update quic-go to 0.36.1 by @wwqgtxx
• chore: update quic-go to 0.37.1 by @wwqgtxx
• chore: update quic-go to 0.37.2 and go1.21rc4 by @wwqgtxx
• chore: update quic-go to 0.37.3 by @wwqgtxx
• chore: update to go1.21rc2, drop support for go1.19 by @wwqgtxx
• chore: Use Meta-geoip for default by @H1JK
• chore: using uint16 for ports in Metadata by @wwqgtxx
• refactor: Geodata initialization by @H1JK

Full Changelog: v1.14.5...v1.15.1

v1.15.0

What's Changed

• feat: Add RCode DNS client by @H1JK
• feat: Add XUDP migration support by @H1JK
• feat: optional provider path (#624) by @xishang0128
• feat: support tuicV5 by @wwqgtxx

BUG & Fix

• fix hysteria faketcp lookback in TUN mode (#601) by @Mars160
• fix: Disable XUDP global ID if source address invalid by @H1JK
• fix: dns concurrent not work by @Skyxim
• fix: go1.19 compile by @wwqgtxx
• fix: hysteria faketcp loopback in tun mode by @wwqgtxx
• fix: nil pointer in urltest (#603) by @wzdnzd
• fix: panic when add 4in6 ipcidr by @Skyxim
• fix: Resolve delay omission in the presence of nested proxy-groups by @Larvan2
• fix: singmux return wrong supportUDP value by @wwqgtxx
• fix: tuic server cwnd parsing by @wwqgtxx
• fix: tuicV5's heartbeat should be a datagram packet by @wwqgtxx

Maintenance

• chore: adjustable cwnd for cc in quic by @Larvan2
• chore: allow unsafe path for provider by environment variable by @Skyxim
• chore: avoid unneeded map copy when close connection in restful api by @wwqgtxx
• chore: better close single connection in restful api by @wwqgtxx
• chore: better resolv.conf parsing by @wwqgtxx
• chore: Disable cache for RCode client by @H1JK
• chore: fix TUIC cwnd parsing by @Larvan2
• chore: function rename by @wwqgtxx
• chore: generate release note automatically by @Larvan2
• chore: genReleaseNote support verrsion range by @Larvan2
• chore: Ignore PR in Docker build by @Larvan2
• chore: init gopacket only when dial fake-tcp to decrease memory using by @wwqgtxx
• chore: reduce process lookup attempts when process not exist #613 by @Skyxim
• chore: Refine adapter type name by @H1JK
• chore: Replace murmur3 with maphash by @H1JK
• chore: Something update from clash :) (#606) by @Nep-Timeline
• chore: statistic's Snapshot only contains TrackerInfo by @wwqgtxx
• chore: tuic server can handle V4 and V5 in same port by @wwqgtxx
• chore: Update dependencies by @H1JK
• chore: Update dependencies by @wwqgtxx
• chore: update proxy's udpConn when received a new packet by @wwqgtxx
• chore: update quic-go to 0.34.0 by @wwqgtxx
• chore: update quic-go to 0.35.1 by @wwqgtxx

Full Changelog: v1.14.5...v1.15.0

v1.14.5

What's Changed

Configs example

• feat: add IN-USER and IN-NAME rules by @wwqgtxx
• feat: rewrite http outbound by @PuerNya
• feat: Support insecure gRPC by @H1JK
• feat: support system dns by @sleshep
• feat: support system dns for windows by @Larvan2
• feat: Updater detect and download AMD64v3 artifact by @H1JK
• refactor: Move vision implementation to a new package by @H1JK
• refactor: Switch to sing-shadowsocks2 client by @H1JK

BUG & Fix

• fix: Deadline not apply on EnhancePacketConn by @wwqgtxx
• fix: deadline reader cause panic by @wwqgtxx
• Fix: deprecated action commands (#556) by @H1JK
• fix: ensure group not empty by @wwqgtxx
• fix: handle manually select in url-test by @Larvan2
• fix: mux's udp should add write lock by @wwqgtxx
• fix: shadowsocks rc4-md5 not working by @wwqgtxx
• fix: sing inbound should check needAdditionReadDeadline on udp too by @wwqgtxx
• fix: sing-based listener panic by @wwqgtxx
• fix: sing-ss2's Reader not set buffer end by @wwqgtxx
• fix: ss aead udp problem by @wwqgtxx
• fix: tfoConn panic by @wwqgtxx
• fix: TLS certificate pool initialize by @H1JK
• fix: tuic can't work with proxy-dialer by @wwqgtxx
• fix: tuic connection error using fast_open by @Skyxim
• fix: tuic server return error udp address by @wwqgtxx
• fix: udp can't auto close by @wwqgtxx
• fix: UDP packet should not return io.EOF by @wwqgtxx
• fix: udp panic when server return a domain name by @wwqgtxx
• Fix: update action to support Node 16 (#565) by @8Mi_Yile
• fix: Update unsafe pointer add usage by @H1JK
• fix: wildcard matching problem by @Skyxim
• fix: #512: geo download failed when startup (#538) by @sleshep

Maintenance

• chore: Add vision splice support by @H1JK
• chore: add WaitReadFrom support in hyPacketConn by @wwqgtxx
• chore: add WaitReadFrom support in quicStreamPacketConn by @wwqgtxx
• chore: add WaitReadFrom support in ssr by @wwqgtxx
• chore: better packet deadline by @wwqgtxx
• chore: better sing's udp api support by @wwqgtxx
• chore: better tproxy error logging by @wwqgtxx
• chore: better tuic earlyConn impl by @wwqgtxx
• chore: better updater by @Larvan2
• chore: cleanup system dns code by @wwqgtxx
• chore: decrease direct udp read memory used for no-windows platform by @wwqgtxx
• chore: decrease shadowsocks udp read memory used for no-windows platform by @wwqgtxx
• chore: Decrease UoT read memory by @H1JK
• chore: drop bufio.Reader in BufferedConn to let gc can clean up its internal buf by @wwqgtxx
• chore: improve read waiter interface by @wwqgtxx
• chore: Make slash optional for system resolver by @H1JK
• chore: more context passing in outbounds by @wwqgtxx
• chore: packet deadline support CreateReadWaiter interface by @wwqgtxx
• chore: Random only if the certificate and private-key are empty by @Skyxim
• chore: rebuild ref and threadSafe packetConn by @wwqgtxx
• chore: Remove default DNS in system resolver by @H1JK
• chore: sing inbound support WaitReadPacket by @wwqgtxx
• chore: slightly improve quic-bbr performance by @Larvan2
• chore: switch ss uot default back to version 1 by @wwqgtxx
• chore: Update dependencies by @H1JK
• chore: update docs by @cubemaze
• chore: update release note by @Larvan2
• chore: upgrade dependencies by @Skyxim
• chore: upgrade dependencies by @wwqgtxx
• chore: Use API to create windows firewall rule by @Larvan2
• chore: using internal socks5.ReadAddr0 in trojan by @wwqgtxx
• docs: update config.yaml by @Larvan2

Full Changelog: v1.14.4...v1.14.5

v1.14.4

What's Changed

Configs example

• feat: Add multi-peer support for wireguard outbound by @wwqgtxx
• feat: nameserver-policy support use rule-providers and reduce domain-set memory by @Skyxim
• feat: add statistic and only-tcp options for smux by @wwqgtxx
• feat: add memory status for snapshot by @wwqgtxx
• feat: add proxy and sing-based listener support sing-mux by @wwqgtxx
• feat: core support memory chat by @rookisbusy
• feat: proxy-provider can set dialer-proxy too it will apply dialer-proxy to all proxy in this provider by @wwqgtxx
• feat: ruleset support text format by @wwqgtxx
• feat: support dialer-proxy config for all outbound by @wwqgtxx
• feat: urltest can be select by user by @MetaCubeX
• feat: wireguard add dialer-proxy config to support chain forwarding by @wwqgtxx
• feat: wireguard add remote-dns-resolve and dns settings by @wwqgtxx

BUG & Fix

• fix: CGO build failed on darwin-10.16 by @wwqgtxx
• fix: concurrent close on h2mux server conn by @nekohasekai
• fix: Converter panic on bad VMess share links by @H1JK
• fix: Vision slice out of bounds error by @H1JK
• fix: chat.js not begin with zero by @rookisbusy
• fix: deadline pipeReadBuffer, pipeReadFrom and panic when alloc empty buffer by @wwqgtxx
• fix: direct outbound not ensure ip was resolved by @wwqgtxx
• fix: domain-set wildcard match by @Skyxim
• fix: ensure StreamWebsocketConn call N.NewDeadlineConn by @wwqgtxx
• fix: firstWriteCallBackConn can pass N.ExtendedConn too by @wwqgtxx
• fix: h2 close panic by @wwqgtxx
• fix: not match top domain by @Skyxim
• fix: proxyDialer has a non-nil interface containing nil pointer judgment by @wwqgtxx
• fix: proxyDialer panic when domain name was not resolved by @wwqgtxx
• fix: revert LRU cache changes by @wwqgtxx
• fix: ruleProvider panic by @wwqgtxx
• fix: return pooled buffer when simple-obfs tls read error (#2643) by @bdbai
• fix: sing-mux udp by @wwqgtxx
• fix: should always drop packet when handle UDP packet (#2659) by @yaling888
• fix: smux should show its support udp and uot by @wwqgtxx
• fix: tracker remote addr check by @Skyxim
• fix: tuic fast-open not work by @wwqgtxx
• fix: tuic pool client should only cache the system's UDPConn by @wwqgtxx
• fix: tun warn timeout by @rookisbusy
• fix: tunnel udp panic by @wwqgtxx
• fix: vless tcp not working by @wwqgtxx
• fix: vless udp not working by @wwqgtxx
• fix: wireguard auto close not working by @wwqgtxx
• fix: wireguard reconnect failed by @wwqgtxx
• fix: wireguard tcp close need long time by @wwqgtxx

Maintenance

• chore: add issue templates by @Larvan2
• chore: clash filter link local by @Skyxim
• chore: Add early bounds checks by @H1JK
• chore: Add read deadline implementation by @wwqgtxx
• chore: Adopt sing-tun's update by @wwqgtxx
• chore: DomainSet now build from a DomainTrie by @wwqgtxx
• chore: Update dependencies by @wwqgtxx
• chore: add genReleaseNote.sh by @Larvan2
• chore: better error ignore by @wwqgtxx
• chore: better memory fetching time by @Skyxim
• chore: better parse remote dst by @Skyxim
• chore: better upgrade by @Larvan2
• chore: better workflow by @Larvan2
• chore: clarify the wireguard logging by @wwqgtxx
• chore: clean up code by @Larvan2
• chore: clean up docs by @Larvan2
• chore: cleanup listener before restart by @Larvan2
• chore: cleanup unneeded deadline by @wwqgtxx
• chore: clear windows bind error by @wwqgtxx
• chore: close all connections after proxySet initial by @wwqgtxx
• chore: download geoX use inner by @Larvan2
• chore: fix build by @Larvan2
• chore: force set SelectAble when start load cache by @wwqgtxx
• chore: init gopsutil's Process direct from struct by @wwqgtxx
• chore: make all net.Conn wrapper can pass through N.ExtendedConn by @wwqgtxx
• chore: proxyDialer can add inner conn to statistic by @wwqgtxx
• chore: proxyDialer can limited support old dial function by @wwqgtxx
• chore: proxyDialer don't push flow to manager in statistic by @wwqgtxx
• chore: proxyDialer first using old function to let mux work by @wwqgtxx
• chore: remove debug_api patch by @Larvan2
• chore: rename delete.yml by @Larvan2
• chore: resolver priority return TypeA in ResolveIP (not effected LookupIP) by @wwqgtxx
• chore: rewrite verifyIP6 by @wwqgtxx
• chore: rule-provider direct using IndexByte in bytes for find new line by @wwqgtxx
• chore: rule-provider now read yaml line-by-line by @wwqgtxx
• chore: safe sing-mux close by @wwqgtxx
• chore: support splice for direct outbound by @wwqgtxx
• chore: sync sing-wireguard's update by @wwqgtxx
• chore: udp always direct pass ip to remote without domain by @wwqgtxx
• chore: update bug_report by @Skyxim
• chore: update demo by @Skyxim
• chore: update doc by @Skyxim
• chore: update templates by @Larvan2
• chore: update use compatible version for windows/linux amd64 by @Larvan2
• chore: update wireguard-go by @wwqgtxx
• chore: using new chan based deadline reader by @wwqgtxx
• chore: using sync/atomic replace uber/atomic by @wwqgtxx
• chore: version print error by @Skyxim
• chore: wireguard dns can work with domain-based server by @wwqgtxx
• doc: update config.yaml by @wwqgtxx
• doc: update smux by @wwqgtxx

Full Changelog: v1.14.3...v1.14.4

What's Changed

• Alpha by @rookisbusy in #490
• feat: core support memory chat by @rookisbusy in #491
• fix: chat.js not begin with zero by @rookisbusy in #492
• fix: tun warn timeout by @rookisbusy in #493

Full Changelog: v1.14.3...v1.14.4

What's Changed

• Alpha by @rookisbusy in #490
• feat: core support memory chat by @rookisbusy in #491
• fix: chat.js not begin with zero by @rookisbusy in #492
• fix: tun warn timeout by @rookisbusy in #493
• fix: wildcard matching problem by @Skyxim in #536

Full Changelog: v1.14.3...v1.14.4

v1.14.3

What's Changed

Configs example

REALITY is experimental support and may have compatibility issues

• feat: support set tun file-descriptor in config file by @wwqgtxx
• feat: Support Restls-V1 in Clash.Meta (#441) by @3andne
• feat: Update UoT protocol by @nekohasekai
• feat: Converter support REALITY share standard by @H1JK
• feat: REALITY use proxy servername by @H1JK
• feat: Support REALITY protocol by @H1JK
• feat: Support VLESS XTLS Vision (#406) by @H1JK
• feat: add sni field for tuic by @Skyxim
• feat: add upgrade api by @Larvan2
• feat: nameserver-policy support multiple keys by @Larvan2
• feta: add hosts support domain and mulitple ip (#439) by @Skyxim
• refactor: tcp dial (#412) by @Skyxim

Maintenance

• chore: Better REJECT conn by @H1JK
• chore: Chore: adjust the loading order, and then load the resource at last by @Skyxim
• chore: Cleanup REALITY code by @H1JK
• chore: Generate UUID from fastrand by @H1JK
• chore: Improve REALITY handshake by @H1JK
• chore: Remove useless mutex in Vision by @H1JK
• chore: Update dependencies by @wwqgtxx
• chore: Vision padding upgrade by @H1JK
• chore: proxy-server-nameserver does not follow the nameserver-policy by @Skyxim
• chore: add /restart to restful api by @wwqgtxx
• chore: add comment by @Skyxim
• chore: add custom ca trust by @Skyxim
• chore: add early conn interface to decrease unneeded write by @wwqgtxx
• chore: add more utls fingerprints by @wwqgtxx
• chore: add pprof api, when log-level is debug by @Skyxim
• chore: add reality-grpc by @Larvan2
• chore: add release branch by @Larvan2
• chore: add sni of tuic in demo by @Skyxim
• chore: adjust error log by @Skyxim
• chore: adjust log by @Skyxim
• chore: adjust the configuration loading order by @Skyxim
• chore: adjust trust cert by @Skyxim
• chore: better REJECT process by @wwqgtxx
• chore: better TunnelStatus define by @wwqgtxx
• chore: better geodata shared by @wwqgtxx
• chore: better release notes by @Larvan2
• chore: better release notes by @kunish
• chore: better rename by @Larvan2
• chore: better restls by @wwqgtxx
• chore: better uuid using by @wwqgtxx
• chore: better windows bind error handle by @wwqgtxx
• chore: better workflow by @Larvan2
• chore: better workflow by @MetaCubeX
• chore: better workflow by @wwqgtxx
• chore: change default geo* url by @Larvan2
• chore: change internal tcp traffic type by @Skyxim
• chore: clean up code by @Larvan2
• chore: clean up code by @wwqgtxx
• chore: cleanup code by @wwqgtxx
• chore: cleanup dialer's code by @wwqgtxx
• chore: code cleanup by @wwqgtxx
• chore: disconnect when suspended by @Skyxim
• chore: do not apply padding for nonTLS packet with contentLen over 900 by @Larvan2
• chore: do not modify ALPN in utls by @Larvan2
• chore: exposure ipv6 wait time by @Skyxim
• chore: fix issues #440 by @Larvan2
• chore: format code by @Skyxim
• chore: keep existing connections by @Skyxim
• chore: move sing-tun's udpTimeout fix to there lib by @wwqgtxx
• chore: parse the allowInsecure field for the trojan uri scheme by @MetaCubeX
• chore: push latest alpha core to MetaCubeX/AlphaBinary by @Larvan2
• chore: rename delete.yml by @Larvan2
• chore: reset tunName in macos when it isn't startWith "utun" by @wwqgtxx
• chore: Simplify VLESS handshake lock by @H1JK
• chore: set prerelease notes timezone of release create time to Asia/Shanghai by @kunish
• chore: shadowsocks listener support the "udp" setting by @wwqgtxx
• chore: share the same geodata in different rule by @wwqgtxx
• chore: skip restart when update error by @Larvan2
• chore: support TFO for outbounds by @wwqgtxx
• chore: try to fix slice out of bound. by @Larvan2
• chore: Update flake.nix (#452) by @yaoshiu
• chore: update for testing the updater by @Larvan2
• chore: update quic-go by @wwqgtxx
• chore: update quic-go to release unused buffer when error by @wwqgtxx
• chore: update readme by @Larvan2
• chore: update utls library by @wwqgtxx
• chore: update xray-core version by @Larvan2
• chore: use early conn to support real ws 0-rtt by @wwqgtxx
• chore: use fastrand to replace math/rand by @wwqgtxx
• chore: use inner for upgrade core by @Larvan2
• chore: using sing-shadowtls to support shadowtls v1/2/3 by @wwqgtxx
• chore: wireguard using internal dialer by @wwqgtxx

BUG & Fix

• fix: ALPN not applied in uTLS/REALITY by @H1JK
• fix: Adjust the timing of subscription information acquisition by @Skyxim
• fix: Converter REALITY security type by @H1JK
• fix: Filter slice index out of bounds by @H1JK
• fix: REALITY with gRPC transport by @H1JK
• fix: SA4001 for net.UDPAddr copy by @wwqgtxx
• fix: SA4001 for netDialer copy by @wwqgtxx
• fix: The default interface is actually configured incorrectly by @Skyxim
• fix: ToLower first by @Larvan2
• fix: Vision disable filter for non-TLS connections by @H1JK
• fix: Vision filter Client Hello by @H1JK
• fix: Vision filter TLS 1.2 by @H1JK
• fix: Vision filter TLS 1.2 by @wwqgtxx
• fix: add "dns resolve failed" error in dialer by @wwqgtxx
• fix: add version of shadow-tls plugin in docs/config.yaml by @wwqgtxx
• fix: add xtls-rprx-vision server version warning to user by @wwqgtxx
• fix: checkTunName mistake by @wwqgtxx
• fix: dial panic by @Skyxim
• fix: dialer dual stack panic by @Skyxim
• fix: dns resolve in dialer by @wwqgtxx
• fix: dns resolver by @wwqgtxx
• fix: don't return a non-nil interface containing nil pointer by @wwqgtxx
• fix: dual stack serial dial by @Skyxim
• fix: ensure peekMutex is locked before handleSocket by @wwqgtxx
• fix: ensure restart api return ok by @wwqgtxx
• fix: ensure wireguard inner use dialer with DefaultResolver by @wwqgtxx
• fix: geosite of nameserver-policy cannot be loaded correctly by @MetaCubeX
• fix: global-client-fingerprint is now work by @Larvan2
• fix: golang1.19 can't compile by @wwqgtxx
• fix: handle no IP address by @Skyxim
• fix: incorrect time to set interface name by @Skyxim
• fix: inner http use host of address by @Skyxim
• fix: ip version prefer not working by @Skyxim
• fix: let quic-go works on outbound's packetConn by @wwqgtxx
• fix: load-balance's touch not effected by @wwqgtxx
• fix: loadbalance panic by @wwqgtxx
• fix: log typo by @MetaCubeX
• fix: optimize health check by @Skyxim
• fix: peek not work with some inbound by @wwqgtxx
• fix: rand ip error and clash remove loopback ip by @Skyxim
• fix: reject's dial warning by @wwqgtxx
• fix: replace self define "connect timeout" to os.ErrDeadlineExceeded by @wwqgtxx
• fix: sing-vmess listener‘s "cipher: message authentication failed" by @wwqgtxx
• fix: sing_tun apply udpTimeout when using gvisor stack by @wwqgtxx
• fix: strategyRoundRobin not begin with zero by @wwqgtxx
• fix: tproxy listener cannot listen udp by @Skyxim
• fix: tuic missing routing mark by @wwqgtxx
• fix: tuic relay tuic by @wwqgtxx
• fix: tuic server close with error message by @wwqgtxx
• fix: tuic server set authentication timeout after quic handshake complete by @wwqgtxx
• fix: tuic udp native mode can't relay packetSize>1200 by @wwqgtxx
• fix: tunnel's inboundTFO missing by @wwqgtxx
• fix: udp loopback show "The requested address is not valid in its context." by @wwqgtxx
• fix: unmap 4in6 address in dialer and wireguard by @wwqgtxx
• fix: uot client's WriteTo mistake by @wwqgtxx
• fix: upgrade backup by @Larvan2
• fix: vless NeedHandshake mistake by @wwqgtxx

New Contributors

• @3andne made their first contribution in #441
• @yaoshiu made their first contribution in #452

Full Changelog: v1.14.2...v1.14.3

v1.14.2

What's Changed

• fix: skip-cert-verify is true by default by @3andero in #333
• chore: Refine process code by @cubemaze
• chore: adjust the case of Program names and HttpRequest UA by @cubemaze
• Fix: TLS defaults to true for h2/grpc networks by @cubemaze
• refactor: replace experimental.fingerprints with custom-certificates and Change the fingerprint verification logic to SSL pinning by @Skyxim
• fix: ss converter cipher missing by @cubemaze
• fix: config parse error by @Skyxim
• chore: better workflow by @wwqgtxx
• refactor: Implement extended IO by @H1JK
• chore: tuic decrease unneeded copy by @wwqgtxx
• chore: decrease direct depend on the sing package by @wwqgtxx
• fix: addr panic by @wwqgtxx
• adjust: Improve WebSocket mask by @H1JK
• feat: gRPC gun implement extended writer by @H1JK
• chore: Update BBR config by @Larvan2
• fix: tuic server's SetCongestionController by @wwqgtxx
• fix: tuic server's MaxIncomingStreams by @wwqgtxx
• fix: tcpTracker's upload by @wwqgtxx
• chore: new Random TLS KeyPair when empty input by @wwqgtxx
• Fix: Remove EnableProcess from config.go and enable-process from config.yaml. FindProcess is now enabled by default when the rule set contains process-name rules by @Larvan2
• fix: ShadowTLS header use array instead by @H1JK
• feat: better config for sniffer by @Skyxim
• feat: add override-destination for sniffer by @Skyxim
• make ConvertsV2Ray more robust by @ag2s20150909 in #349
• Chore: Decrease the default MaxUdpRelayPacketSize to 1252 to avoid the relay UDP exceeding the size of the QUIC's datagram. ClientMaxOpenStreams now follows the config.yaml option by @Larvan2
• chore: better source address by @Skyxim
• feat: Converter support WS early data parameters by @H1JK
• fix: sub-rule condition don't work by @Skyxim
• chore: better parse udp dns by @Skyxim
• Chore: Add GEO data url configuration by @Larvan2
• Chore: Change default latency test url to HTTPS by @Larvan2
• Chore: Better parsing pure IPv6 UDP DNS by @Larvan2
• chore: better parsing pure UDP DNS by @Larvan2
• feature: geosite-based nameserver policy by @i40e
• chore: restful api display xudp for VLESS and VMess by @cubemaze
• chore: adjust keyword for geosite-based nameserver policy by @cubemaze
• adjust: VLESS enable XUDP by default by @H1JK
• docs(README.md): remove missing image link, mention Yacd-meta by @kunish in #356
• fix: get tlsconfig err not handle, return nil pointer #358 by @tgNotHouse in #360
• feat: Add utls for client's fingerprint. by @Larvan2 in #361
• chore: fix mips atomic panic by @wwqgtxx
• feat: nameserver policy support multiple server by @Skyxim
• fix: Converter Shadowsocks password parse by @H1JK
• chore: override-destination default value is true by @Skyxim
• feat: add global-client-fingerprint by @Larvan2
• fix: sniff domain don't match geosite when override-destination valuE is false by @Skyxim
• chore: do not use extra pointer in UClient by @wwqgtxx
• chore: avoid repeated wrapper by @Skyxim
• fix: tun udp with 4in6 ip by @wwqgtxx
• chore: better bind in windows by @wwqgtxx
• fix: RoundRobin strategy of load balance when called multiple times by @Ovear in #390
• feat: introduce a new robust approach to handle tproxy udp by @Ovear in #389
• style: run go fmt on every .go file by @kunish in #392
• fix: parsing ipv6 doh error by @Skyxim
• chore: Considering remove GOAMD64=v2 of linux-amd64-compatible by @wwqgtxx
• fix: websocket headroom by @wwqgtxx
• fix: disable header protection in vmess server by @wwqgtxx

Config changes

#  全局TLS指纹,优先低于proxy内的 client-fingerprint
#  可选："chrome","firefox","safari","ios","random","none" options.
#  Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
global-client-fingerprint: chrome

# DNS 分流支持 GeoSite
dns:
    #此处省略部分设置#
  nameserver-policy:
    "geosite:cn": 
      - https://doh.pub/dns-query
      - https://dns.alidns.com/dns-query
      
  nameserver:
  - https://dns.google/dns-query
  - https://dns.cloudflare.com/dns-query
  - https://doh.opendns.com/dns-query
  - https://doh.dns.sb/dns-query

# 嗅探域名 
sniffer:
  enable: false
  ## 对 redir-host 类型识别的流量进行强制嗅探
  ## 如：Tun、Redir 和 TProxy 并 DNS 为 redir-host 皆属于
  # force-dns-mapping: false
  ## 对所有未获取到域名的流量进行强制嗅探
  # parse-pure-ip: false
  # 是否使用嗅探结果作为实际访问，默认 true
  # 全局配置，优先级低于 sniffer.sniff 实际配置
  override-destination: false
  sniff:
    # TLS 默认如果不配置 ports 默认嗅探 443
    TLS:
    #  ports: [443, 8443]

    # 默认嗅探 80
    HTTP:
      # 需要嗅探的端口

      ports: [80, 8080-8880]
      # 可覆盖 sniffer.override-destination
      override-destination: true
  force-domain:
    - +.v2ex.com
  ## 对嗅探结果进行跳过
  # skip-domain:
  #   - Mijia Cloud

proxies:
  #此处省略部分设置#
  # vmess
  - name: "vmess"
    type: vmess/vless/trojan
    client-fingerprint: chrome   
    #  可选："chrome","firefox","safari","ios","random","none" options.
    #  Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.

New Contributors

• @kunish made their first contribution in #356
• @tgNotHouse made their first contribution in #360
• @Ovear made their first contribution in #390

Full Changelog: v1.14.1...v1.14.2

v1.14.1

What's Changed

• Chore: proxy-provider and proxy-groups support exclude node by node type by @ag2s20150909
• Fix: Process rule is not work in classical rule-set by @Skyxim
• Fix #322: add option general.find-process-mode, user can turn off findProcess feature in router by @chain710
• Fix: geoip mmdb/geodata init by @cubemaze
• Fix: vless RoutingMark bind by @cubemaze
• Fix: vmess udp by @wwqgtxx
• Chore: vemss converter xudp is true by default by @cubemaze
• Fix: ss2022 converter password decode error by @cubemaze
• Chore: Refine converter packet encoding parse by @H1JK
• Fix: Converter VMess XUDP not enabled by default when using v2rayN style share linkby @H1JK
• Chore: ss2022 converter method verify by @cubemaze
• Feat: Support ShadowTLS v2 as Shadowsocks plugin by @3andero
• Fix: dns cache index out of range by @wwqgtxx
• Feat: VLESS support packet encodings by @H1JK
• Refactor: VLESS with packet encodings by @H1JK
• Fix: Deprecate TCPMSS by @Larvan2

New Contributors

• @ag2s20150909 made their first contribution in #321
• @Rasphino made their first contribution in #327
• @Larvan2 made their first contribution in #336

Full Changelog: v1.14.0...v1.14.1

v1.14.0

What's Changed

• Chore: add exclude-filter to ProxyGroup by @wwqgtxx
• Chore: support wireguard outbound by @wwqgtxx (doc)
• Chore: add vmess, shadowsocks, tcptun and udptun listener by @wwqgtxx (doc)
• Chore: support IN-PORT rule by @wwqgtxx
• Featrue: DoH and DoQ are implemented using AdGuardTeam/dnsProxy, DoH support perfer and force http3 @Skyxim
• Chore: better dns background fetch retrying by @wwqgtxx
• Chore: Update tfo to v2, ss and vmess inbound add tfo by @zhudan
• Chore: support old chacha20 by @wwqgtxx
• Chore: add retry in tunnel dial by @wwqgtxx
• Chore: add tuic outbound by @wwqgtxx (doc)
• Feat: support fast_open for hysteria, and unified parameter naming by @Skyxim
• Chore: decrease DomainTrie's memory use by @wwqgtxx
• Fix: a temporary solution for error reporting when enabling tun for devices that do not have an ipv6 environment by @cubemaze
• Feat: add tls port for RESTful api and external controller by @Skyxim (doc)
• Feat: add listeners by @Skyxim (doc, doc)
• Chore: listeners support tuic/shadowsocks/vmess/tunnel/tun by @wwqgtxx (doc)
• Chore: Android version supports child processes following the main process rules by @cubemaze
• Chore: wireguard's reserved support base64 input by @wwqgtxx
• Chore: support relay native udp when using ss and ssr protocol by @wwqgtxx
• Chore: rebuild relay by @wwqgtxx
• Chore: linux ipv6 REDIRECT by @embeddedlove in #311
• Fix: trying to let hysteria's port hopping work by @wwqgtxx
• Update README.md by @tdjnodj in #282
• Fix nix build fail by @oluceps in #302

New Contributors

• @tdjnodj made their first contribution in #282
• @embeddedlove made their first contribution in #311

Full Changelog: v1.13.2...v1.14.0