Releases: kyochikuto/sing-box-plus
1.10.4
1.10.3
Upstream Changelog
- Fixes and improvements
1.10.1
Upstream Changelog
- Fixes and improvements
1.10.0
Upstream Changelog
- Fixes and improvements
Important changes since 1.9:
- Introducing auto-redirect 1
- Add AdGuard DNS Filter support 2
- TUN address fields are merged 3
- Add custom options for
auto-route
andauto-redirect
4 - Drop support for go1.18 and go1.19 5
- Add tailing comma support in JSON configuration
- Improve sniffers 6
- Add new
inline
rule-set type 7 - Add access control options for Clash API 8
- Add
rule_set_ip_cidr_accept_empty
DNS address filter rule item 9 - Add auto reload support for local rule-set
- Update fsnotify usages 10
- Add IP address support for
rule-set match
command - Add
rule-set decompile
command - Add
process_path_regex
rule item - Update uTLS to v1.6.7 11
- Optimize memory usages of rule-sets 12
1:
The new auto-redirect feature allows TUN to automatically
configure connection redirection to improve proxy performance.
When auto-redirect is enabled, new route address set options will allow you to
automatically configure destination IP CIDR rules from a specified rule set to the firewall.
Specified or unspecified destinations will bypass the sing-box routes to get better performance
(for example, keep hardware offloading of direct traffics on the router).
See TUN.
2:
The new feature allows you to use AdGuard DNS Filter lists in a sing-box without AdGuard Home.
See AdGuard DNS Filter.
3:
See Migration.
4:
See iproute2_table_index,
iproute2_rule_index,
auto_redirect_input_mark and
auto_redirect_output_mark.
5:
Due to maintenance difficulties, sing-box 1.10.0 requires at least Go 1.20 to compile.
6:
BitTorrent, DTLS, RDP, SSH sniffers are added.
Now the QUIC sniffer can correctly extract the server name from Chromium requests and
can identify common QUIC clients, including
Chromium, Safari, Firefox, quic-go (including uquic disguised as Chrome).
7:
The new rule-set type inline (which also becomes the default type)
allows you to write headless rules directly without creating a rule-set file.
8:
With the new access control options, not only can you allow Clash dashboards
to access the Clash API on your local network,
you can also manually limit the websites that can access the API instead of allowing everyone.
See Clash API.
9:
See DNS Rule.
10:
sing-box now uses fsnotify correctly and will not cancel watching
if the target file is deleted or recreated via rename (e.g. mv
).
This affects all path options that support reload, including
tls.certificate_path
, tls.key_path
, tls.ech.key_path
and rule_set.path
.
11:
Some legacy chrome fingerprints have been removed and will fallback to chrome,
see utls.
12:
See Source Format.
1.9.7
Upstream changelog
- Fixes and improvements
1.9.5
Upstream Changelog
- Update quic-go to v0.47.0
- Fix direct dialer not resolving domain
- Fix no error return when empty DNS cache retrieved
- Fix build with go1.23
- Fix stream sniffer
- Fix bad redirect in clash-api
- Fix wireguard events chan leak
- Fix cached conn eats up read deadlines
- Fix disconnected interface selected as default in windows
- Update Bundle Identifiers for Apple platform clients 1
1.9.4
Fork Changelog
- Add WARP IP scanner
- Update WARP unblocker to a more robust method
- Update TLS fragmentation method (revert regression)
Upstream Changelog
- Update quic-go to v0.46.0
- Update Hysteria2 BBR congestion control
- Filter HTTPS ipv4hint/ipv6hint with domain strategy
- Fix crash on Android when using process rules
- Fix non-IP queries accepted by address filter rules
- Fix UDP server for shadowsocks AEAD multi-user inbounds
- Fix default next protos for v2ray QUIC transport
- Fix default end value of port range configuration options
- Fix reset v2ray transports
- Fix panic caused by rule-set generation of duplicate keys for
domain_suffix
- Fix UDP connnection leak when sniffing
- Fixes and improvements
v1.9.3
- Fixes and improvements
v1.9.0
- Fixes and improvements
Important changes since 1.8:
domain_suffix
behavior update 1process_path
format update on Windows 2- Add address filter DNS rule items 3
- Add support for
client-subnet
DNS options 4 - Add rejected DNS response cache support 5
- Add
bypass_domain
andsearch_domain
platform HTTP proxy options 6 - Fix missing
rule_set_ipcidr_match_source
item in DNS rules 7 - Handle Windows power events
- Always disable cache for fake-ip DNS transport if
dns.independent_cache
disabled - Improve DNS truncate behavior
- Update Hysteria protocol
- Update quic-go to v0.43.1
- Update gVisor to 20240422.0
- Mitigating TunnelVision attacks 8
1:
See Migration.
2:
See Migration.
3:
The new DNS feature allows you to more precisely bypass Chinese websites via DNS leaks. Do not use plain local DNS
if using this method.
Client example updated.
4:
See DNS, DNS Server and DNS Rules.
Since this feature makes the scenario mentioned in alpha.1
no longer leak DNS requests,
the Client example has been updated.
5:
The new feature allows you to cache the check results of
Address filter DNS rule items until expiration.
6:
See TUN inbound.
7:
See DNS Rule.
8:
See TunnelVision.