Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2940) is ready to test on iOS.
What to Test:
- 调整了自动更新模块的逻辑,再更新失败后自动重试
- 修正 HTTP 捕获关闭后,请求列表中依然会出现先前保存的请求
- Surge Ponte 错误信息优化
- Surge Ponte 页面的设备选项里新增进入远程控制器的选项
- 修正 MITM 在一些特定情况下的失败无法产生 MITM Failed 记录的问题
- 文案补全
5.8.0 RC2
Surge 5 5.21.0 (2940) is ready to test on iOS.
What to Test:
- 调整了自动更新模块的逻辑,再更新失败后自动重试
- 修正 HTTP 捕获关闭后,请求列表中依然会出现先前保存的请求
- Surge Ponte 错误信息优化
- Surge Ponte 页面的设备选项里新增进入远程控制器的选项
- 修正 MITM 在一些特定情况下的失败无法产生 MITM Failed 记录的问题
- 文案补全
5.8.0 RC2
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2469
#### New Features
* Protocol sniffing
Requests to port 80 and 443 will wait for the client to send the first packet, then extract the SNI and other information for the rule system to judge.
-
- Added a parameter called
* New proxy protocol support: Hysteria 2
Hysteria 2 is a proxy protocol optimized for unstable and packet-loss-prone network environments, based on UDP/QUIC.
* Automatic QUIC blocking
Since most proxy protocols are not suitable for forwarding QUIC traffic, Surge will now automatically block QUIC traffic to make it fallback to HTTPS/TCP protocol, ensuring performance. For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* ECN (Explicit Congestion Notification) support for QUIC-based protocols
Significantly improved the performance of the Vector(Surge Ponte)/TUIC/Hysteria 2 protocol.
#### Optimizations
- Reworked HTTP capture functionality
- The related settings are no longer stored in the configuration, the
- Added an automatic shut-off setting after turning on the capture switch, which can automatically stop capturing based on time, size, or the number of requests.
- Added automatic activation of MITM after turning on the capture switch, which can be additionally turned on for specific hostnames. (Even if the main MITM switch is off).
- Added an option to only save HTTP/HTTPS requests after turning on the capture switch.
- Improved compatibility with some non-standard protocols.
- When testing the Ponte policy, the test URL has been changed from
- Following the WireGuard protocol standard recommendation, WireGuard handshake packets will now be tagged with 0x88 (AF41) DSCP to increase the success rate.
- When forwarding UDP packets via WireGuard, it supports retaining the TOS(DSCP/ECN) tag of packets inside the tunnel.
- Based on the WireGuard protocol standard recommendation, Surge will copy the ECN tag from packets inside the tunnel to packets outside. When receiving packets with an ECN tag, they will be strictly merged according to RFC6040. (
- UDP NAT can close the UDP session early based on ICMP messages.
- Improved PMTU support for QUIC.
#### Bug Fixes
- Fixed the issue where the external resources of rule sets needed to be reloaded to take effect after updates.
- After a network switch, it will forcefully break the original long connection of DoH/DoQ/DoH3 to avoid obtaining results that are not suitable for the current network environment.
- Fixed the issue where invalid certificates might cause the key store interface to crash.
- When performing MITM on HTTPS requests that directly connect using an IP address, the IP address should not be sent as SNI, as this might cause compatibility issues.
- Other bug fixes.
Version 5.4.0-2469
#### New Features
* Protocol sniffing
Requests to port 80 and 443 will wait for the client to send the first packet, then extract the SNI and other information for the rule system to judge.
-
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules add an optional parameter called extended-matching. When this parameter is enabled, the rule will try to match both the SNI and the HTTP Host Header (or :authority).- Added a parameter called
always-raw-tcp-hosts, used to forcibly turn off active protocol detection for specific hostnames.* New proxy protocol support: Hysteria 2
Hysteria 2 is a proxy protocol optimized for unstable and packet-loss-prone network environments, based on UDP/QUIC.
* Automatic QUIC blocking
Since most proxy protocols are not suitable for forwarding QUIC traffic, Surge will now automatically block QUIC traffic to make it fallback to HTTPS/TCP protocol, ensuring performance. For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* ECN (Explicit Congestion Notification) support for QUIC-based protocols
Significantly improved the performance of the Vector(Surge Ponte)/TUIC/Hysteria 2 protocol.
#### Optimizations
- Reworked HTTP capture functionality
- The related settings are no longer stored in the configuration, the
[Replica] section has been deprecated.- Added an automatic shut-off setting after turning on the capture switch, which can automatically stop capturing based on time, size, or the number of requests.
- Added automatic activation of MITM after turning on the capture switch, which can be additionally turned on for specific hostnames. (Even if the main MITM switch is off).
- Added an option to only save HTTP/HTTPS requests after turning on the capture switch.
- Improved compatibility with some non-standard protocols.
- When testing the Ponte policy, the test URL has been changed from
proxy-test-url to internet-test-url.- Following the WireGuard protocol standard recommendation, WireGuard handshake packets will now be tagged with 0x88 (AF41) DSCP to increase the success rate.
- When forwarding UDP packets via WireGuard, it supports retaining the TOS(DSCP/ECN) tag of packets inside the tunnel.
- Based on the WireGuard protocol standard recommendation, Surge will copy the ECN tag from packets inside the tunnel to packets outside. When receiving packets with an ECN tag, they will be strictly merged according to RFC6040. (
ecn=true must be set for the strategy).- UDP NAT can close the UDP session early based on ICMP messages.
- Improved PMTU support for QUIC.
#### Bug Fixes
- Fixed the issue where the external resources of rule sets needed to be reloaded to take effect after updates.
- After a network switch, it will forcefully break the original long connection of DoH/DoQ/DoH3 to avoid obtaining results that are not suitable for the current network environment.
- Fixed the issue where invalid certificates might cause the key store interface to crash.
- When performing MITM on HTTPS requests that directly connect using an IP address, the IP address should not be sent as SNI, as this might cause compatibility issues.
- Other bug fixes.
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2941) is ready to test on iOS.
What to Test:
- 修正有时会错误创建 MITM Failed 记录的问题
- 修正有时请求可能会错误保持连接的问题
- 修正 UI 无法正确写入 Subnet Settings 的多个 DNS 服务器的问题
- 修正 Widget 部分文案未能正确显示中文的问题
5.8.0 RC3
Surge 5 5.21.0 (2941) is ready to test on iOS.
What to Test:
- 修正有时会错误创建 MITM Failed 记录的问题
- 修正有时请求可能会错误保持连接的问题
- 修正 UI 无法正确写入 Subnet Settings 的多个 DNS 服务器的问题
- 修正 Widget 部分文案未能正确显示中文的问题
5.8.0 RC3
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2942) is ready to test on iOS.
What to Test:
- 再次修正了模块可能不会自动更新的问题
5.8.0 RC4
Surge 5 5.21.0 (2942) is ready to test on iOS.
What to Test:
- 再次修正了模块可能不会自动更新的问题
5.8.0 RC4
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2470
#### New Features
* Protocol sniffing
Requests to port 80 and 443 will wait for the client to send the first packet, then extract the SNI and other information for the rule system to judge.
-
- Added a parameter called
* New proxy protocol support: Hysteria 2
Hysteria 2 is a proxy protocol optimized for unstable and packet-loss-prone network environments, based on UDP/QUIC.
* Automatic QUIC blocking
Since most proxy protocols are not suitable for forwarding QUIC traffic, Surge will now automatically block QUIC traffic to make it fallback to HTTPS/TCP protocol, ensuring performance. For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* ECN (Explicit Congestion Notification) support for QUIC-based protocols
Significantly improved the performance of the Vector(Surge Ponte)/TUIC/Hysteria 2 protocol.
#### Optimizations
- Reworked HTTP capture functionality
- The related settings are no longer stored in the configuration, the
- Added an automatic shut-off setting after turning on the capture switch, which can automatically stop capturing based on time, size, or the number of requests.
- Added automatic activation of MITM after turning on the capture switch, which can be additionally turned on for specific hostnames. (Even if the main MITM switch is off).
- Added an option to only save HTTP/HTTPS requests after turning on the capture switch.
- Improved compatibility with some non-standard protocols.
- When testing the Ponte policy, the test URL has been changed from
- Following the WireGuard protocol standard recommendation, WireGuard handshake packets will now be tagged with 0x88 (AF41) DSCP to increase the success rate.
- When forwarding UDP packets via WireGuard, it supports retaining the TOS(DSCP/ECN) tag of packets inside the tunnel.
- Based on the WireGuard protocol standard recommendation, Surge will copy the ECN tag from packets inside the tunnel to packets outside. When receiving packets with an ECN tag, they will be strictly merged according to RFC6040. (
- UDP NAT can close the UDP session early based on ICMP messages.
- Improved PMTU support for QUIC.
#### Bug Fixes
- Fixed the issue where the external resources of rule sets needed to be reloaded to take effect after updates.
- After a network switch, it will forcefully break the original long connection of DoH/DoQ/DoH3 to avoid obtaining results that are not suitable for the current network environment.
- Fixed the issue where invalid certificates might cause the key store interface to crash.
- When performing MITM on HTTPS requests that directly connect using an IP address, the IP address should not be sent as SNI, as this might cause compatibility issues.
- Other bug fixes.
Version 5.4.0-2470
#### New Features
* Protocol sniffing
Requests to port 80 and 443 will wait for the client to send the first packet, then extract the SNI and other information for the rule system to judge.
-
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules add an optional parameter called extended-matching. When this parameter is enabled, the rule will try to match both the SNI and the HTTP Host Header (or :authority).- Added a parameter called
always-raw-tcp-hosts, used to forcibly turn off active protocol detection for specific hostnames.* New proxy protocol support: Hysteria 2
Hysteria 2 is a proxy protocol optimized for unstable and packet-loss-prone network environments, based on UDP/QUIC.
* Automatic QUIC blocking
Since most proxy protocols are not suitable for forwarding QUIC traffic, Surge will now automatically block QUIC traffic to make it fallback to HTTPS/TCP protocol, ensuring performance. For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* ECN (Explicit Congestion Notification) support for QUIC-based protocols
Significantly improved the performance of the Vector(Surge Ponte)/TUIC/Hysteria 2 protocol.
#### Optimizations
- Reworked HTTP capture functionality
- The related settings are no longer stored in the configuration, the
[Replica] section has been deprecated.- Added an automatic shut-off setting after turning on the capture switch, which can automatically stop capturing based on time, size, or the number of requests.
- Added automatic activation of MITM after turning on the capture switch, which can be additionally turned on for specific hostnames. (Even if the main MITM switch is off).
- Added an option to only save HTTP/HTTPS requests after turning on the capture switch.
- Improved compatibility with some non-standard protocols.
- When testing the Ponte policy, the test URL has been changed from
proxy-test-url to internet-test-url.- Following the WireGuard protocol standard recommendation, WireGuard handshake packets will now be tagged with 0x88 (AF41) DSCP to increase the success rate.
- When forwarding UDP packets via WireGuard, it supports retaining the TOS(DSCP/ECN) tag of packets inside the tunnel.
- Based on the WireGuard protocol standard recommendation, Surge will copy the ECN tag from packets inside the tunnel to packets outside. When receiving packets with an ECN tag, they will be strictly merged according to RFC6040. (
ecn=true must be set for the strategy).- UDP NAT can close the UDP session early based on ICMP messages.
- Improved PMTU support for QUIC.
#### Bug Fixes
- Fixed the issue where the external resources of rule sets needed to be reloaded to take effect after updates.
- After a network switch, it will forcefully break the original long connection of DoH/DoQ/DoH3 to avoid obtaining results that are not suitable for the current network environment.
- Fixed the issue where invalid certificates might cause the key store interface to crash.
- When performing MITM on HTTPS requests that directly connect using an IP address, the IP address should not be sent as SNI, as this might cause compatibility issues.
- Other bug fixes.
Forwarded from Surge's Changelog
#Mac #Release
Version 5.4.0-2470
#### New Features
* Protocol sniffing
Requests to port 80 and 443 will wait for the client to send the first packet, then extract the SNI and other information for the rule system to judge.
-
- Added a parameter called
* New proxy protocol support: Hysteria 2
Hysteria 2 is a proxy protocol optimized for unstable and packet-loss-prone network environments, based on UDP/QUIC.
* Automatic QUIC blocking
Since most proxy protocols are not suitable for forwarding QUIC traffic, Surge will now automatically block QUIC traffic to make it fallback to HTTPS/TCP protocol, ensuring performance. For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* ECN (Explicit Congestion Notification) support for QUIC-based protocols
Significantly improved the performance of the Vector(Surge Ponte)/TUIC/Hysteria 2 protocol.
#### Optimizations
- Reworked HTTP capture functionality
- The related settings are no longer stored in the configuration, the
- Added an automatic shut-off setting after turning on the capture switch, which can automatically stop capturing based on time, size, or the number of requests.
- Added automatic activation of MITM after turning on the capture switch, which can be additionally turned on for specific hostnames. (Even if the main MITM switch is off).
- Added an option to only save HTTP/HTTPS requests after turning on the capture switch.
- Improved compatibility with some non-standard protocols.
- When testing the Ponte policy, the test URL has been changed from
- Following the WireGuard protocol standard recommendation, WireGuard handshake packets will now be tagged with 0x88 (AF41) DSCP to increase the success rate.
- When forwarding UDP packets via WireGuard, it supports retaining the TOS(DSCP/ECN) tag of packets inside the tunnel.
- Based on the WireGuard protocol standard recommendation, Surge will copy the ECN tag from packets inside the tunnel to packets outside. When receiving packets with an ECN tag, they will be strictly merged according to RFC6040. (
- UDP NAT can close the UDP session early based on ICMP messages.
- Improved PMTU support for QUIC.
#### Bug Fixes
- Fixed the issue where the external resources of rule sets needed to be reloaded to take effect after updates.
- After a network switch, it will forcefully break the original long connection of DoH/DoQ/DoH3 to avoid obtaining results that are not suitable for the current network environment.
- Fixed the issue where invalid certificates might cause the key store interface to crash.
- When performing MITM on HTTPS requests that directly connect using an IP address, the IP address should not be sent as SNI, as this might cause compatibility issues.
- Other bug fixes.
Version 5.4.0-2470
#### New Features
* Protocol sniffing
Requests to port 80 and 443 will wait for the client to send the first packet, then extract the SNI and other information for the rule system to judge.
-
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules add an optional parameter called extended-matching. When this parameter is enabled, the rule will try to match both the SNI and the HTTP Host Header (or :authority).- Added a parameter called
always-raw-tcp-hosts, used to forcibly turn off active protocol detection for specific hostnames.* New proxy protocol support: Hysteria 2
Hysteria 2 is a proxy protocol optimized for unstable and packet-loss-prone network environments, based on UDP/QUIC.
* Automatic QUIC blocking
Since most proxy protocols are not suitable for forwarding QUIC traffic, Surge will now automatically block QUIC traffic to make it fallback to HTTPS/TCP protocol, ensuring performance. For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* ECN (Explicit Congestion Notification) support for QUIC-based protocols
Significantly improved the performance of the Vector(Surge Ponte)/TUIC/Hysteria 2 protocol.
#### Optimizations
- Reworked HTTP capture functionality
- The related settings are no longer stored in the configuration, the
[Replica] section has been deprecated.- Added an automatic shut-off setting after turning on the capture switch, which can automatically stop capturing based on time, size, or the number of requests.
- Added automatic activation of MITM after turning on the capture switch, which can be additionally turned on for specific hostnames. (Even if the main MITM switch is off).
- Added an option to only save HTTP/HTTPS requests after turning on the capture switch.
- Improved compatibility with some non-standard protocols.
- When testing the Ponte policy, the test URL has been changed from
proxy-test-url to internet-test-url.- Following the WireGuard protocol standard recommendation, WireGuard handshake packets will now be tagged with 0x88 (AF41) DSCP to increase the success rate.
- When forwarding UDP packets via WireGuard, it supports retaining the TOS(DSCP/ECN) tag of packets inside the tunnel.
- Based on the WireGuard protocol standard recommendation, Surge will copy the ECN tag from packets inside the tunnel to packets outside. When receiving packets with an ECN tag, they will be strictly merged according to RFC6040. (
ecn=true must be set for the strategy).- UDP NAT can close the UDP session early based on ICMP messages.
- Improved PMTU support for QUIC.
#### Bug Fixes
- Fixed the issue where the external resources of rule sets needed to be reloaded to take effect after updates.
- After a network switch, it will forcefully break the original long connection of DoH/DoQ/DoH3 to avoid obtaining results that are not suitable for the current network environment.
- Fixed the issue where invalid certificates might cause the key store interface to crash.
- When performing MITM on HTTPS requests that directly connect using an IP address, the IP address should not be sent as SNI, as this might cause compatibility issues.
- Other bug fixes.
Forwarded from Surge TestFlight Feed
正式版版本更新
· Surge iOS 5.8.0 正式版本已在 App Store 上线,预计数小时后可进行更新。
· Surge Mac 5.4.0 正式版本也已一同发布。
· Surge tvOS 5.8.0 版本由于审核中的一些细节问题暂未上线,预计将在数日内解决。
· 在线文档已为本次更新进行了完善。
· Surge iOS 5.8.0 正式版本已在 App Store 上线,预计数小时后可进行更新。
· Surge Mac 5.4.0 正式版本也已一同发布。
· Surge tvOS 5.8.0 版本由于审核中的一些细节问题暂未上线,预计将在数日内解决。
· 在线文档已为本次更新进行了完善。
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2946) is ready to test on iOS.
What to Test:
- 优化 Surge Ponte 错误处理流程,修正某些错误下不会自动更新设备信息的问题
- 参数表说明补充
- 其他细节问题修正
Surge 5 5.21.0 (2946) is ready to test on iOS.
What to Test:
- 优化 Surge Ponte 错误处理流程,修正某些错误下不会自动更新设备信息的问题
- 参数表说明补充
- 其他细节问题修正
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.1-2471
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.
Version 5.4.1-2471
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.1-2472
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.
Version 5.4.1-2472
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.1-2473
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.
Version 5.4.1-2473
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.1-2474
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.
Version 5.4.1-2474
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.1-2475
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.
Version 5.4.1-2475
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.1-2476
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use
- Bug fixes.
Version 5.4.1-2476
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use
#, //, ; three common comment symbols.- Bug fixes.
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2947) is ready to test on iOS.
What to Test:
新增规则数量过多的警告(5000条以上)
行首与行末注释,现在可以随意使用 # // ; 等三种常见写法
Surge 5 5.21.0 (2947) is ready to test on iOS.
What to Test:
新增规则数量过多的警告(5000条以上)
行首与行末注释,现在可以随意使用 # // ; 等三种常见写法
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.1-2477
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use
- Profile error message prompt optimization, now it can give the exact line number where the error occurred more accurately.
- Bug fixes.
Version 5.4.1-2477
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use
#, //, ; three common comment symbols.- Profile error message prompt optimization, now it can give the exact line number where the error occurred more accurately.
- Bug fixes.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.1-2478
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use
- Profile error message prompt optimization, now it can give the exact line number where the error occurred more accurately.
- Bug fixes.
Version 5.4.1-2478
- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use
#, //, ; three common comment symbols.- Profile error message prompt optimization, now it can give the exact line number where the error occurred more accurately.
- Bug fixes.
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2949) is ready to test on iOS.
What to Test:
- 修正 DNS 页面无法显示结果的问题
- 将规则过多的警告级别降低至诊断时提示
- 配置错误信息提示优化,现在能更准确的给出出错的行号。
- 其他细节优化
Surge 5 5.21.0 (2949) is ready to test on iOS.
What to Test:
- 修正 DNS 页面无法显示结果的问题
- 将规则过多的警告级别降低至诊断时提示
- 配置错误信息提示优化,现在能更准确的给出出错的行号。
- 其他细节优化