v4.31.3 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.31.3
Warning
* Compiling v2ray-core requires Go 1.15+
Changes
* Add Trojan over XTLS support
* Adjust VLESS & Trojan Validator
Fixes
* Fix Trojan API
* Fix generate .pb.go on Windows
Chores
* Update geoip, geosite, dependencies
* Remove .dev/protoc & Detect and show download link
https://github.com/v2fly/v2ray-core/releases/tag/v4.31.3
Warning
* Compiling v2ray-core requires Go 1.15+
Changes
* Add Trojan over XTLS support
* Adjust VLESS & Trojan Validator
Fixes
* Fix Trojan API
* Fix generate .pb.go on Windows
Chores
* Update geoip, geosite, dependencies
* Remove .dev/protoc & Detect and show download link
GitHub
Release v4.31.3 · v2fly/v2ray-core
Warning
Compiling v2ray-core requires Go 1.15+
Changes
Add Trojan over XTLS support @maskedeken
Adjust VLESS & Trojan Validator
Fixes
Fix Trojan API @maskedeken
Fix generate .pb.go on Wind...
Compiling v2ray-core requires Go 1.15+
Changes
Add Trojan over XTLS support @maskedeken
Adjust VLESS & Trojan Validator
Fixes
Fix Trojan API @maskedeken
Fix generate .pb.go on Wind...
尽管任何人都可以检查自由开源软件中的源代码是否存在恶意漏洞,但大多数情况下都只是获取这些软件的预编译版本,没有办法确认它们和源代码是否一致。
这就刺激了对发布软件的开发者的攻击 —— 不仅是传统的对漏洞的利用,还以政治影响、勒索甚至暴力威胁的形式。
比起开发者本身,攻击构建程序的基础设施更能控制大量的用户设备,而二进制文件变化,对开发者和用户而言是个共同的盲区。
这些攻击可能还导致特定目标,如异见者,新闻工作者和举报人,以及希望进行自由通信的任何人,可能仅仅因为在专制政权下自由通信而遭受处罚。
因此,Reproducible Builds 允许验证在编译过程中没有漏洞或后门被引入。通过相同的源代码生成相同的二进制,让多个第三方就 "正确" 的结果达成共识,突出任何可疑的和值得仔细检查的偏差。
现在,我们在 https://github.com/v2fly/reproducible-builds 提供该工具,你可以快速运行并校验发布文件是否被修改。
这就刺激了对发布软件的开发者的攻击 —— 不仅是传统的对漏洞的利用,还以政治影响、勒索甚至暴力威胁的形式。
比起开发者本身,攻击构建程序的基础设施更能控制大量的用户设备,而二进制文件变化,对开发者和用户而言是个共同的盲区。
这些攻击可能还导致特定目标,如异见者,新闻工作者和举报人,以及希望进行自由通信的任何人,可能仅仅因为在专制政权下自由通信而遭受处罚。
因此,Reproducible Builds 允许验证在编译过程中没有漏洞或后门被引入。通过相同的源代码生成相同的二进制,让多个第三方就 "正确" 的结果达成共识,突出任何可疑的和值得仔细检查的偏差。
现在,我们在 https://github.com/v2fly/reproducible-builds 提供该工具,你可以快速运行并校验发布文件是否被修改。
GitHub
GitHub - v2fly/reproducible-builds: Reproducible builds are a set of software development practices that create an independently…
Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code. - v2fly/reproducible-builds
v4.32.0 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.32.0
Features
* V2Ray loads JSON internally by default
* Refine UNIX domain socket
https://www.v2fly.org/config/inbounds.html
Fixes
* Fix mKCP sending window
* Fix JSON parsing dependency introduced by mutijson config
* Fix proto.go ProtoFilesUsingProtocGenGoFast on Windows
Chores
* Update geoip, geosite, dependencies
* Refine vprotogen & Regenerate .pb.go files
Notice
* Compiling v2ray-core requires Go 1.15+
* Now v2ray-core supports Reproducible Builds
https://github.com/v2fly/reproducible-builds
https://github.com/v2fly/v2ray-core/releases/tag/v4.32.0
Features
* V2Ray loads JSON internally by default
* Refine UNIX domain socket
https://www.v2fly.org/config/inbounds.html
Fixes
* Fix mKCP sending window
* Fix JSON parsing dependency introduced by mutijson config
* Fix proto.go ProtoFilesUsingProtocGenGoFast on Windows
Chores
* Update geoip, geosite, dependencies
* Refine vprotogen & Regenerate .pb.go files
Notice
* Compiling v2ray-core requires Go 1.15+
* Now v2ray-core supports Reproducible Builds
https://github.com/v2fly/reproducible-builds
GitHub
Release v4.32.0 · v2fly/v2ray-core
Features
V2Ray loads JSON internally by default @forever8938
Refine UNIX domain socket @lucifer9
https://www.v2fly.org/config/inbounds.html
Fixes
Fix mKCP sending window @p4gefau1t
Fix JSON par...
V2Ray loads JSON internally by default @forever8938
Refine UNIX domain socket @lucifer9
https://www.v2fly.org/config/inbounds.html
Fixes
Fix mKCP sending window @p4gefau1t
Fix JSON par...
v4.32.1 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.32.1
Important improvement
* VLESS XTLS Direct Mode ReadV Experiment
It's strongly recommended to test this change, as it reaches the best performance of current V2Ray platform.
Remember to use V2Ray v4.32.1+ on at least client side. For more information, please visit
https://www.v2fly.org/config/protocols/vless.html#xtls-%E9%BB%91%E7%A7%91%E6%8A%80
Fixes
* Disable 0-RTT mechanism for HTTP/1.x outbound
* Set default alterId to 0 for VMess dynamic ports
Chores
* Use Go 1.15.4
* Update geoip, geosite, dependencies
Notice
* Compiling v2ray-core requires Go 1.15+
* You are able to compile codes to the complete same binaries as assets by simply following
https://www.v2fly.org/developer/intro/compile.html
https://github.com/v2fly/v2ray-core/releases/tag/v4.32.1
Important improvement
* VLESS XTLS Direct Mode ReadV Experiment
It's strongly recommended to test this change, as it reaches the best performance of current V2Ray platform.
Remember to use V2Ray v4.32.1+ on at least client side. For more information, please visit
https://www.v2fly.org/config/protocols/vless.html#xtls-%E9%BB%91%E7%A7%91%E6%8A%80
Fixes
* Disable 0-RTT mechanism for HTTP/1.x outbound
* Set default alterId to 0 for VMess dynamic ports
Chores
* Use Go 1.15.4
* Update geoip, geosite, dependencies
Notice
* Compiling v2ray-core requires Go 1.15+
* You are able to compile codes to the complete same binaries as assets by simply following
https://www.v2fly.org/developer/intro/compile.html
GitHub
Release v4.32.1 · v2fly/v2ray-core
Important improvement
VLESS XTLS Direct Mode ReadV Experiment
It's strongly recommended to test this change, as it reaches the best performance of current V2Ray platform.
Remember to use V2Ray...
VLESS XTLS Direct Mode ReadV Experiment
It's strongly recommended to test this change, as it reaches the best performance of current V2Ray platform.
Remember to use V2Ray...
#performance
最新的 v4.32.1 版本中,VLESS XTLS Direct Mode 引入了 ReadV 增强,减少一层内存 Copy,性能已与 VLESS 无加密裸奔持平(接近于纯流量转发),为传统 VMess WS TLS 方案的五倍、VLESS TCP TLS 的三倍(且测试机器 CPU 均有 AES 指令集,否则差距更大,如硬路由器上),强烈建议测试体验。这或许是当前性能最强的安全代理方式,但并不是上限,因为下一步优化方向是 V2Ray 框架本身的性能。
https://www.v2fly.org/config/protocols/vless.html
最新的 v4.32.1 版本中,VLESS XTLS Direct Mode 引入了 ReadV 增强,减少一层内存 Copy,性能已与 VLESS 无加密裸奔持平(接近于纯流量转发),为传统 VMess WS TLS 方案的五倍、VLESS TCP TLS 的三倍(且测试机器 CPU 均有 AES 指令集,否则差距更大,如硬路由器上),强烈建议测试体验。这或许是当前性能最强的安全代理方式,但并不是上限,因为下一步优化方向是 V2Ray 框架本身的性能。
https://www.v2fly.org/config/protocols/vless.html
www.v2fly.org
VLESS | V2Fly.org
Project V 是一个工具集合,它可以帮助你打造专属的基础通信网络
v4.33.0 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.33.0
Breaking Changes
* Remove XTLS
Features
* Add support for Debian package
* API: Reflection Service Support
* Update to IETF QUIC draft-32 (draft-29 is still supported)
Chores
* Transfer VSign and related project to V2Fly and share under the same
* Update security policy with renewed GPG public key
* Use Go 1.15.5
* Refine Code
Notice
The project gets rid of GOPATH mode entirely. Use Git and go mod command as your first choice while developing.
For more information, visit:
https://www.v2fly.org/developer/intro/compile.html
https://github.com/v2fly/v2ray-core/releases/tag/v4.33.0
Breaking Changes
* Remove XTLS
Features
* Add support for Debian package
* API: Reflection Service Support
* Update to IETF QUIC draft-32 (draft-29 is still supported)
Chores
* Transfer VSign and related project to V2Fly and share under the same
* Update security policy with renewed GPG public key
* Use Go 1.15.5
* Refine Code
Notice
The project gets rid of GOPATH mode entirely. Use Git and go mod command as your first choice while developing.
For more information, visit:
https://www.v2fly.org/developer/intro/compile.html
GitHub
Release v4.33.0 · v2fly/v2ray-core
Breaking Changes
Remove XTLS
Features
Add support for Debian package
API: Reflection Service Support @Vigilans
Update to IETF QUIC draft-32 (draft-29 is still supported)
Chores
Transfer VSign ...
Remove XTLS
Features
Add support for Debian package
API: Reflection Service Support @Vigilans
Update to IETF QUIC draft-32 (draft-29 is still supported)
Chores
Transfer VSign ...
New API Service: ReflectionService
This service enables the clients to retrieve gRPC service's API list and signatures without prior access to its proto files. In this way, tools like grpcurl could easily interact with the API service:
This service enables the clients to retrieve gRPC service's API list and signatures without prior access to its proto files. In this way, tools like grpcurl could easily interact with the API service:
# h2cref: https://github.com/v2fly/v2ray-core/pull/435
$ grpcurl -plaintext localhost:10086 list
grpc.reflection.v1alpha.ServerReflection
v2ray.core.app.proxyman.command.HandlerService
v2ray.core.app.stats.command.StatsService
# h2 with tls
$ grpcurl -insecure -cert cert.crt -key cert.key localhost:10086 v2ray.core.app.stats.command.StatsService/GetSysStats
{
"NumGoroutine": 24,
"NumGC": 25,
"Alloc": "24095640",
"TotalAlloc": "511473656",
"Sys": "146657288",
"Mallocs": "6909875",
"Frees": "6464105",
"LiveObjects": "445770",
"PauseTotalNs": "1834456",
"Uptime": 82
}
GitHub
API: Reflection Service Support by Vigilans · Pull Request #435 · v2fly/v2ray-core
This PR implements a new service ReflectionService, which is a simple wrapper of grpc/reflection package:
"api": {
"tag": "api",
&...
"api": {
"tag": "api",
&...
v4.34.0 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.34.0
Breaking Changes
* Support for the legacy Shadowsocks protocol with stream ciphers has been removed (#566). If you are still using the unsecure stream ciphers, migrate to Shadowsocks AEAD (ChaCha20Poly1305 and AES-GCM) immediately.
* Binaries of the following architectures are no longer a part of the release: s390x, ppc64, ppc64le, mips softfloat.
Changes
* DNS: refactoring DNS (#169)
* DNS: support DNS over QUIC (#534) (currently only non-proxied lookup)
* DNS: add clientIp feature support for every nameserver (#504)
* Release: add Android release (#512)
* Android: default dns set to 8.8.8.8:53 (#572)
* TLS Session Resumption is now disabled by default (#569). See #557 for more information.
* SessionTicketsDisabled is now true by default. See #557 for more information.
* SOCKS: Refine socks5 server UdpAssociate response behavior (#523)
* SOCKS: Fix socks client UDP outbound's wrong destination (#522)
* HTTP2: listen port failed use error level log (#576)
* DNS: refine skipRoutePick (#558)
* DNS: compatible with localhost nameserver (#530)
* DNS & Routing: refine rule parsing process (#528)
* Config: multi-JSON config overide (#409)
* Release: migrate release from Azure Pipelines to GitHub Actions (#453 #468)
* Logging: Prevent trailing whitespaces in logs (#526)
* Test: add race detector
* Minor changes and fixes by U-v-U, CalmLong, dyhkwong
https://github.com/v2fly/v2ray-core/releases/tag/v4.34.0
Breaking Changes
* Support for the legacy Shadowsocks protocol with stream ciphers has been removed (#566). If you are still using the unsecure stream ciphers, migrate to Shadowsocks AEAD (ChaCha20Poly1305 and AES-GCM) immediately.
* Binaries of the following architectures are no longer a part of the release: s390x, ppc64, ppc64le, mips softfloat.
Changes
* DNS: refactoring DNS (#169)
* DNS: support DNS over QUIC (#534) (currently only non-proxied lookup)
* DNS: add clientIp feature support for every nameserver (#504)
* Release: add Android release (#512)
* Android: default dns set to 8.8.8.8:53 (#572)
* TLS Session Resumption is now disabled by default (#569). See #557 for more information.
* SessionTicketsDisabled is now true by default. See #557 for more information.
* SOCKS: Refine socks5 server UdpAssociate response behavior (#523)
* SOCKS: Fix socks client UDP outbound's wrong destination (#522)
* HTTP2: listen port failed use error level log (#576)
* DNS: refine skipRoutePick (#558)
* DNS: compatible with localhost nameserver (#530)
* DNS & Routing: refine rule parsing process (#528)
* Config: multi-JSON config overide (#409)
* Release: migrate release from Azure Pipelines to GitHub Actions (#453 #468)
* Logging: Prevent trailing whitespaces in logs (#526)
* Test: add race detector
* Minor changes and fixes by U-v-U, CalmLong, dyhkwong
GitHub
Release v4.34.0 · v2fly/v2ray-core
Release Notes
TLS Session Resumption is now disabled by default (#569). See #557 for more information.
Support for the legacy Shadowsocks protocol with stream ciphers has been removed (#566). If y...
TLS Session Resumption is now disabled by default (#569). See #557 for more information.
Support for the legacy Shadowsocks protocol with stream ciphers has been removed (#566). If y...
v4.35.1 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.35.1
New Features
* FakeDNS, an imaginary DNS server to preserve the domain information even if the software do not support proxy settings
* HybridDomainMatcher: a faster and more memory-efficient routing rule matcher.
* Outbound transport level proxySettings: comprehensive chained proxy support
* Support Apple Silicon: add pre-built binary for Apple Silicon named v2ray-macos-arm64-v8a.zip
* VMess: add zero pseudo encryption for better performance
* Support to disable DNS cache
So many other improvements see Github Release Note for detail.
https://github.com/v2fly/v2ray-core/releases/tag/v4.35.1
New Features
* FakeDNS, an imaginary DNS server to preserve the domain information even if the software do not support proxy settings
* HybridDomainMatcher: a faster and more memory-efficient routing rule matcher.
* Outbound transport level proxySettings: comprehensive chained proxy support
* Support Apple Silicon: add pre-built binary for Apple Silicon named v2ray-macos-arm64-v8a.zip
* VMess: add zero pseudo encryption for better performance
* Support to disable DNS cache
So many other improvements see Github Release Note for detail.
GitHub
Release v4.35.1 · v2fly/v2ray-core
Features
Support Apple Silicon: add pre-built binary for Apple Silicon named v2ray-macos-arm64-v8a.zip (#686) @Loyalsoldier
FakeDNS: add support for FakeDNS. FakeDNS will not take effect on Routin...
Support Apple Silicon: add pre-built binary for Apple Silicon named v2ray-macos-arm64-v8a.zip (#686) @Loyalsoldier
FakeDNS: add support for FakeDNS. FakeDNS will not take effect on Routin...
v4.36.1 released.
—
Features
* Transport: add
-> Docs: Transport; gRPC transport
* Proxy: add
-> Docs: Loopback
* Routing: add a faster and more memory-efficient routing rule matcher
-> Docs: Routing
Fixes
* DNS: Refined DNS default setting logics in Android (#767)
* FakeDNS: use
Notices
* VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
* You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For Downstream Developers
The Go module name of
—
Features
* Transport: add
gRPC
/ gun
transport. This transport's connections can be relayed over Nginx and other supported CDNs, have an ALPN of h2
and a built-in mux. (#757 #783)-> Docs: Transport; gRPC transport
* Proxy: add
loopback
proxy. This proxy allows you to send connections back to router to be routed again. It is a drop-in replacement for modified outbound address and dokodemo-door
setup while using less system resources. (#770)-> Docs: Loopback
* Routing: add a faster and more memory-efficient routing rule matcher
MphDomainMatcher
that uses minimal perfect hash. (#743)-> Docs: Routing
Fixes
* DNS: Refined DNS default setting logics in Android (#767)
* FakeDNS: use
198.18.0.0/15
as default FakeDNS IP pool (#779)Notices
* VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
* You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For Downstream Developers
The Go module name of
v2ray-core
has been changed to github.com/v2fly/v2ray-core/v4
. Do NOT use v2ray.com/core
anymore.GitHub
Release v4.36.1 · v2fly/v2ray-core
⚠️ Do NOT use this release. ⚠️ Bugs are fixed in v4.36.2
Features
Transport: add gRPC / gun transport. This transport's connections can be relayed over Nginx and other supported CDNs, have an ...
Features
Transport: add gRPC / gun transport. This transport's connections can be relayed over Nginx and other supported CDNs, have an ...
v4.38.0 is released. (Unstable Release)
This release includes security functionality improvement for some users.
Feature
* FakeDNS: Added fakedns+others sniffer. Thanks yuhan6665 .
* TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value.
* Observatory: A component that measure the connectivity of selected outbounds.
* Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time.
Chore
* Fixed two typo in comments. Thanks U-v-U
Security Advisory
* TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
This release includes security functionality improvement for some users.
Feature
* FakeDNS: Added fakedns+others sniffer. Thanks yuhan6665 .
* TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value.
* Observatory: A component that measure the connectivity of selected outbounds.
* Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time.
Chore
* Fixed two typo in comments. Thanks U-v-U
Security Advisory
* TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
GitHub
Release v4.38.0 · v2fly/v2ray-core
Feature
FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Doc...
FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Doc...
v4.38.3 is released. (Stable Release)
This release includes security functionality improvement for some users.
Feature
* FakeDNS: Added fakedns+others sniffer. Thanks yuhan6665 .
* TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value.
* Observatory: A component that measure the connectivity of selected outbounds.
* Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time.
Fix
* Fixed crashing in fake dns. Thanks IceCodeNew
* Added IPv6 pool in fake dns by default. Thanks Loyalsoldier
* Return ErrEmptyResponse for fakedns. Thanks sixg0000d
* Fixed UDP DNS connection cause crash. Thanks nekohasekai
* Multi-json support for observatory, browser forwarder. Thanks ha-ku AkinoKaede
Chore
* Fixed two typo in comments. Thanks U-v-U
Security Advisory
* TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
This release includes security functionality improvement for some users.
Feature
* FakeDNS: Added fakedns+others sniffer. Thanks yuhan6665 .
* TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value.
* Observatory: A component that measure the connectivity of selected outbounds.
* Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time.
Fix
* Fixed crashing in fake dns. Thanks IceCodeNew
* Added IPv6 pool in fake dns by default. Thanks Loyalsoldier
* Return ErrEmptyResponse for fakedns. Thanks sixg0000d
* Fixed UDP DNS connection cause crash. Thanks nekohasekai
* Multi-json support for observatory, browser forwarder. Thanks ha-ku AkinoKaede
Chore
* Fixed two typo in comments. Thanks U-v-U
Security Advisory
* TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
GitHub
Release v4.38.3 · v2fly/v2ray-core
Feature
FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Doc...
FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Doc...
Forwarded from John Doe
Due to increase in size of the
* For RAM insufficient devices: Enable the Geodata loader optimized for memory-constrained devices by setting the environment variable
* For ROM insufficient devices:
* Use the newly added GeoIP file
* Customize your own GeoIP file via project [v2fly/geoip](https://github.com/v2fly/geoip).
geoip.dat
file recently, devices with insufficient ROM/RAM are experiencing difficulties in using V2Ray. The solution is as follows:* For RAM insufficient devices: Enable the Geodata loader optimized for memory-constrained devices by setting the environment variable
V2RAY_CONF_GEOLOADER
to value memconservative
. For more details, see [documentation](https://www.v2fly.org/config/env.html#geodata-%E6%96%87%E4%BB%B6%E5%8A%A0%E8%BD%BD%E5%99%A8).* For ROM insufficient devices:
* Use the newly added GeoIP file
geoip-only-cn-private.dat
in the zip package or download it from [release page](https://github.com/v2fly/geoip/releases), which only contains GeoIP list geoip:cn
and geoip:private
, or* Customize your own GeoIP file via project [v2fly/geoip](https://github.com/v2fly/geoip).
www.v2fly.org
环境变量 | V2Fly.org
Project V 是一个工具集合,它可以帮助你打造专属的基础通信网络
v4.44.0 is released. (Stable, Security Release)
This release includes security enhancement for all users.
!!! Important SECURITY enhancement !!!
* Fix DoS attack vulnerability in CommandSwitchAccountFactory. (Thanks geeknik)
Security Advisory
This update fixes a DoS vulnerability in V2Ray. This vulnerability allows a VMess Server controlled by an attacker to crash a VMess Client by sending a specially crafted handshake response reply with an (optional) VMess SwitchAccount Command that is one byte shorter than expected. This vulnerability does NOT allow the attacker to retrieve any information from a client other than it used an unpatched version of the software and does NOT allow attacker to control the unpatched software or system. It is strongly recommended for all users to apply this security update at the earliest possible opportunity. We would like to thank geeknik for the responsible disclosure of this vulnerability.
此更新修复了在 V2Ray 中的一个拒绝服务攻击漏洞。这个漏洞允许攻击者控制的 VMess 服务器迫使 VMess 客户端崩溃。这个漏洞可以通过在 VMess 握手阶段向客户端发送一个恶意的回复数据包被触发,触发漏洞数据包的内容是比正确内容少一个字节的 VMess 切换账户指令。 攻击者 *无法* 通过这个漏洞获取来自客户端任何信息(除客户端尚未应用此安全更新以外),也 *不会* 允许攻击者控制客户端软件或系统。强烈推荐所有用户在第一时间应用本安全更新。我们在此感谢 geeknik 将此漏洞负责任的披露给我们。
This release includes security enhancement for all users.
!!! Important SECURITY enhancement !!!
* Fix DoS attack vulnerability in CommandSwitchAccountFactory. (Thanks geeknik)
Security Advisory
This update fixes a DoS vulnerability in V2Ray. This vulnerability allows a VMess Server controlled by an attacker to crash a VMess Client by sending a specially crafted handshake response reply with an (optional) VMess SwitchAccount Command that is one byte shorter than expected. This vulnerability does NOT allow the attacker to retrieve any information from a client other than it used an unpatched version of the software and does NOT allow attacker to control the unpatched software or system. It is strongly recommended for all users to apply this security update at the earliest possible opportunity. We would like to thank geeknik for the responsible disclosure of this vulnerability.
此更新修复了在 V2Ray 中的一个拒绝服务攻击漏洞。这个漏洞允许攻击者控制的 VMess 服务器迫使 VMess 客户端崩溃。这个漏洞可以通过在 VMess 握手阶段向客户端发送一个恶意的回复数据包被触发,触发漏洞数据包的内容是比正确内容少一个字节的 VMess 切换账户指令。 攻击者 *无法* 通过这个漏洞获取来自客户端任何信息(除客户端尚未应用此安全更新以外),也 *不会* 允许攻击者控制客户端软件或系统。强烈推荐所有用户在第一时间应用本安全更新。我们在此感谢 geeknik 将此漏洞负责任的披露给我们。
GitHub
Release v4.44.0 · v2fly/v2ray-core
This release includes security enhancement for all users.
!!! Important SECURITY enhancement !!!
Fix DoS attack vulnerability in CommandSwitchAccountFactory (CVE-2021-4070). (Thanks @geeknik)
Fix...
!!! Important SECURITY enhancement !!!
Fix DoS attack vulnerability in CommandSwitchAccountFactory (CVE-2021-4070). (Thanks @geeknik)
Fix...
v4.45.2 v5.0.7 is released. (Security Release)
This release includes security enhancement for all users.
## !!! Important SECURITY enhancement !!!
* Fix DoS attack vulnerability in VMess Option Processing. (Thanks @nekohasekai )
## Security Advisory
This update fixes a DoS vulnerability in V2Ray. This vulnerability allows a VMess Client with authentication information controlled by an attacker to crash a VMess Server by sending a specially crafted VMess handshake message with an invalid option or encryption type. This vulnerability does NOT allow the attacker to retrieve any information(other than it used an unpatched version of the software) and does NOT allow an attacker to control the unpatched software or system. It is strongly recommended for all users to apply this security update at the earliest possible opportunity. We would like to thank @nekohasekai for the discovery of this vulnerability.
此更新修复了在 V2Ray 中的一个拒绝服务攻击漏洞。这个漏洞允许攻击者控制的拥有认证信息的 VMess 客户端迫使 VMess 服务器端崩溃。这个漏洞可以通过在 VMess 握手阶段由客户端发送一个恶意的数据包被触发,触发漏洞数据包拥有无效的选项或加密方式。 攻击者 无法 通过这个漏洞获取任何信息(除客户端尚未应用此安全更新以外),也 不会 允许攻击者控制客户端软件或系统。强烈推荐所有用户在第一时间应用本安全更新。我们在此感谢 @nekohasekai 发现此漏洞。
Edit: Fixed a typo. Last version of this document withdrawn.
This release includes security enhancement for all users.
## !!! Important SECURITY enhancement !!!
* Fix DoS attack vulnerability in VMess Option Processing. (Thanks @nekohasekai )
## Security Advisory
This update fixes a DoS vulnerability in V2Ray. This vulnerability allows a VMess Client with authentication information controlled by an attacker to crash a VMess Server by sending a specially crafted VMess handshake message with an invalid option or encryption type. This vulnerability does NOT allow the attacker to retrieve any information(other than it used an unpatched version of the software) and does NOT allow an attacker to control the unpatched software or system. It is strongly recommended for all users to apply this security update at the earliest possible opportunity. We would like to thank @nekohasekai for the discovery of this vulnerability.
此更新修复了在 V2Ray 中的一个拒绝服务攻击漏洞。这个漏洞允许攻击者控制的拥有认证信息的 VMess 客户端迫使 VMess 服务器端崩溃。这个漏洞可以通过在 VMess 握手阶段由客户端发送一个恶意的数据包被触发,触发漏洞数据包拥有无效的选项或加密方式。 攻击者 无法 通过这个漏洞获取任何信息(除客户端尚未应用此安全更新以外),也 不会 允许攻击者控制客户端软件或系统。强烈推荐所有用户在第一时间应用本安全更新。我们在此感谢 @nekohasekai 发现此漏洞。
Edit: Fixed a typo. Last version of this document withdrawn.
GitHub
Release v4.45.2 · v2fly/v2ray-core
This release includes security enhancement for all users.
!!! Important SECURITY enhancement !!!
Fix DoS attack vulnerability in VMess Option Processing. (Thanks @nekohasekai )
Security Advisory
...
!!! Important SECURITY enhancement !!!
Fix DoS attack vulnerability in VMess Option Processing. (Thanks @nekohasekai )
Security Advisory
...
v5.2.1 User Preview is released. (stable version)
New Features
uTLS: TLS Client Hello imitation
DNS: Support per-client configuration
DNS: Support specifying domain matcher
Add bind to device to Windows and Darwin.
Replace default Health Ping URL to HTTPS for burst observatory.
Implement Match and MatchAny for all MatcherGroup, IndexMatcher
It also includes fixes to known issues, please refer to release note for more info.
New Features
uTLS: TLS Client Hello imitation
DNS: Support per-client configuration
DNS: Support specifying domain matcher
Add bind to device to Windows and Darwin.
Replace default Health Ping URL to HTTPS for burst observatory.
Implement Match and MatchAny for all MatcherGroup, IndexMatcher
It also includes fixes to known issues, please refer to release note for more info.
GitHub
Release v5.2.1 User Preview · v2fly/v2ray-core
New Features
uTLS New Security Type uTLS: TLS Client Hello imitation. (#2219)
CN EN Document have been updated.
Only client without transport, or with websocket transport is currently supported.
...
uTLS New Security Type uTLS: TLS Client Hello imitation. (#2219)
CN EN Document have been updated.
Only client without transport, or with websocket transport is currently supported.
...
v5.3.0 User Preview is released. (stable version)
New Features
uTLS: uTLS APLN Control
It also includes fixes to known issues, please refer to release note for more info.
New Features
uTLS: uTLS APLN Control
It also includes fixes to known issues, please refer to release note for more info.
GitHub
Release v5.3.0 User Preview · v2fly/v2ray-core
New Features
uTLS uTLS ALPN Control (#2261)
CN EN Document have been updated.
Fixes
fix: dns.Hostmapping in JSONv5 config treats ip as Base64 (#2107) (#2271) Thanks @mydogshitgold .
fix(app/...
uTLS uTLS ALPN Control (#2261)
CN EN Document have been updated.
Fixes
fix: dns.Hostmapping in JSONv5 config treats ip as Base64 (#2107) (#2271) Thanks @mydogshitgold .
fix(app/...
v5.5.0 User Preview is released. (stable version)
It includes fixes to known issues, please refer to release note for more info.
It includes fixes to known issues, please refer to release note for more info.
v5.6.0 User Preview is released. (unstable version)
New Features
HTTP Proxy: Add h1SkipWaitForReply Option to HTTP Proxy Protocol; This allow you to run a V2Ray compatible HTTP Proxy server over WebSocket protocol on workerd.
set v2ray binary as an entrypoint in container images
New Features
HTTP Proxy: Add h1SkipWaitForReply Option to HTTP Proxy Protocol; This allow you to run a V2Ray compatible HTTP Proxy server over WebSocket protocol on workerd.
set v2ray binary as an entrypoint in container images