https://yfamily.vercel.app/surge.html
不晓得哪位佬整理维护的，挺赞👍

#Mac #Release

Version 5.4.0-2470


#### New Features

* Protocol sniffing

Requests to port 80 and 443 will wait for the client to send the first packet, then extract the SNI and other information for the rule system to judge.

- DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules add an optional parameter called extended-matching. When this parameter is enabled, the rule will try to match both the SNI and the HTTP Host Header (or :authority).

- Added a parameter called always-raw-tcp-hosts, used to forcibly turn off active protocol detection for specific hostnames.

* New proxy protocol support: Hysteria 2

Hysteria 2 is a proxy protocol optimized for unstable and packet-loss-prone network environments, based on UDP/QUIC.

* Automatic QUIC blocking

Since most proxy protocols are not suitable for forwarding QUIC traffic, Surge will now automatically block QUIC traffic to make it fallback to HTTPS/TCP protocol, ensuring performance. For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.

* ECN (Explicit Congestion Notification) support for QUIC-based protocols

Significantly improved the performance of the Vector(Surge Ponte)/TUIC/Hysteria 2 protocol.

#### Optimizations

- Reworked HTTP capture functionality
- The related settings are no longer stored in the configuration, the [Replica] section has been deprecated.
- Added an automatic shut-off setting after turning on the capture switch, which can automatically stop capturing based on time, size, or the number of requests.
- Added automatic activation of MITM after turning on the capture switch, which can be additionally turned on for specific hostnames. (Even if the main MITM switch is off).
- Added an option to only save HTTP/HTTPS requests after turning on the capture switch.
- Improved compatibility with some non-standard protocols.
- When testing the Ponte policy, the test URL has been changed from proxy-test-url to internet-test-url.
- Following the WireGuard protocol standard recommendation, WireGuard handshake packets will now be tagged with 0x88 (AF41) DSCP to increase the success rate.
- When forwarding UDP packets via WireGuard, it supports retaining the TOS(DSCP/ECN) tag of packets inside the tunnel.
- Based on the WireGuard protocol standard recommendation, Surge will copy the ECN tag from packets inside the tunnel to packets outside. When receiving packets with an ECN tag, they will be strictly merged according to RFC6040. (ecn=true must be set for the strategy).
- UDP NAT can close the UDP session early based on ICMP messages.
- Improved PMTU support for QUIC.

#### Bug Fixes

- Fixed the issue where the external resources of rule sets needed to be reloaded to take effect after updates.
- After a network switch, it will forcefully break the original long connection of DoH/DoQ/DoH3 to avoid obtaining results that are not suitable for the current network environment.
- Fixed the issue where invalid certificates might cause the key store interface to crash.
- When performing MITM on HTTPS requests that directly connect using an IP address, the IP address should not be sent as SNI, as this might cause compatibility issues.
- Other bug fixes.

正式版版本更新
· Surge iOS 5.8.0 正式版本已在 App Store 上线，预计数小时后可进行更新。
· Surge Mac 5.4.0 正式版本也已一同发布。
· Surge tvOS 5.8.0 版本由于审核中的一些细节问题暂未上线，预计将在数日内解决。
· 在线文档已为本次更新进行了完善。

#iOS #TestFlight

Surge 5 5.21.0 (2946) is ready to test on iOS.

What to Test:

- 优化 Surge Ponte 错误处理流程，修正某些错误下不会自动更新设备信息的问题
- 参数表说明补充
- 其他细节问题修正

#Mac #Beta

Version 5.4.1-2471

- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.

#Mac #Beta

Version 5.4.1-2472

- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.

#Mac #Beta

Version 5.4.1-2473

- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.

#Mac #Beta

Version 5.4.1-2474

- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.

#Mac #Beta

Version 5.4.1-2475

- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- Bug fixes.

Surge tvOS 5.8.0 现已通过审核上线

#Mac #Beta

Version 5.4.1-2476

- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use #, //, ; three common comment symbols.
- Bug fixes.

#iOS #TestFlight

Surge 5 5.21.0 (2947) is ready to test on iOS.

What to Test:

新增规则数量过多的警告（5000条以上）
行首与行末注释，现在可以随意使用 # // ; 等三种常见写法

#Mac #Beta

Version 5.4.1-2477

- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use #, //, ; three common comment symbols.
- Profile error message prompt optimization, now it can give the exact line number where the error occurred more accurately.
- Bug fixes.

#Mac #Beta

Version 5.4.1-2478

- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use #, //, ; three common comment symbols.
- Profile error message prompt optimization, now it can give the exact line number where the error occurred more accurately.
- Bug fixes.

#iOS #TestFlight

Surge 5 5.21.0 (2949) is ready to test on iOS.

What to Test:

- 修正 DNS 页面无法显示结果的问题
- 将规则过多的警告级别降低至诊断时提示
- 配置错误信息提示优化，现在能更准确的给出出错的行号。
- 其他细节优化

#Mac #Beta

Version 5.4.1-2480

- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use #, //, ; three common comment symbols.
- Profile error message prompt optimization, now it can give the exact line number where the error occurred more accurately.
- Bug fixes.

#iOS #TestFlight

Surge 5 5.21.0 (2950) is ready to test on iOS.

What to Test:

关于规则数过多的问题
由于 Surge 的规则系统严格按照自上而下的方式匹配，且提供了多种类的规则类型，这使得 Surge 没有办法以提前建立索引的方式加速规则匹配。（RULE-SET 和主配置内的规则性能没有区别）
一般情况下，绝大多数用户的需求都可以在 1000 条规则内满足（或者更少），此时每次进行规则匹配的开销应该在 1ms 以内，完全不必在意。
但是部分巨量的规则集（主要是去广告的规则），可能内含上万条规则。这将产生严重的性能影响，我们测试在 iPhone 15 Pro 上，七万条规则的 RULE-SET 匹配耗时约 100ms，造成严重的性能下降。
所以如果需要使用巨量的规则，请使用 DOMAIN-SET 类型规则集，该类型专为巨量规则所设计，不仅内存占用极小，匹配速度也极快，七万条规则也只需要个位数 ms 即可完成匹配。

由于规则的维护者和部分用户并不了解 RULE-SET 和 DOMAIN-SET 的区别，因此 Surge 在该版本中加入了一项新功能，如果发现某 RULE-SET 中仅包含 DOMAIN 和 DOMAIN-SUFFIX 规则，那么 Surge 将在内部自动转换该 RULE-SET 为 DOMAIN-SET 实现，以此大幅优化性能。
但请注意，只要 RULE-SET 中含有一条其他类型的规则，那就无法进行自动转换。所以依然建议主动使用 DOMAIN-SET。

#Mac #Beta

Version 5.4.1-2481

- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use #, //, ; three common comment symbols.
- Profile error message prompt optimization, now it can give the exact line number where the error occurred more accurately.
- Bug fixes.

#iOS #TestFlight

Surge 5 5.21.0 (2952) is ready to test on iOS.

What to Test:

RULE-SET 与 DOMAIN-SET 的实现完全重写，现在 Surge 会在资源更新时自动对规则集进行预处理，建立索引数据结构，大幅提高匹配速度。

1. RULE-SET 和 DOMAIN-SET 两种类型规则集不再有性能和内存占用区别，可以随意使用。
2. DOMAIN-SET 规则集不再存在不可以使用 eTLD 的限制。
3. RULE-SET 中的 DOMAIN, DOMAIN-SUFFIX, IP-CIDR, IP-CIDR6 规则匹配速度得到大幅提升。
· 十万条左右的 DOMAIN/DOMAIN-SUFFIX 规则集，在旧版中单次匹配需要 100ms，现在只需要个位数 ms。
· 一万条左右的 IP-CIDR 规则集，在旧版中单次匹配需要约 0.1ms。新版只需要0.0002ms，提升了约 500 倍。IP-CIDR6 规则的性能提升幅度更高。
4. 在新版本中，自行通过 IP-CIDR 规则集构建出地区的 IP 地址集合，与直接使用内部的 GEOIP 规则的性能已经完全一致。
5. RULE-SET 的索引优化不再受上个版本的规则类型限制，可以随意混用任意规则。（但只有上面 4 种规则类型会得到性能优化）
6. 先前版本加入的 Inline Ruleset 无法享受该优化，但是在百条数量级下几乎无差异。
7. 先前版本中，Ruleset 中的规则也是按照从上至下的方式逐条匹配，如果规则集中同时包含了需要 DNS 解析的规则，也只有当开始匹配该子规则时才会触发 DNS。新版本中，只要规则集中包含任意一条需要 DNS 解析的规则，在测试该规则集前就会先进行 DNS 解析。（绝大多数情况下没有任何区别）


另外，我们最近做的许多新功能都未加入 iOS 的功能订阅中，因为我们不想为此增加额外的选项和开关导致使用不便。可以将 Surge 的功能订阅看作是一种赞助，希望订阅用户理解。

#Mac #Beta

Version 5.4.1-2484

- Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM.
- All comments (at the beginning and end of lines) can now use #, //, ; three common comment symbols.
- Profile error message prompt optimization, now it can give the exact line number where the error occurred more accurately.
- Bug fixes.