Skip to content

Releases: kyochikuto/sing-box-plus

1.10.4

20 Dec 19:41
8698ca3
Compare
Choose a tag to compare

Upstream Changelog

  • Fixes and improvements

1.10.3

29 Nov 14:04
da715c7
Compare
Choose a tag to compare

Upstream Changelog

  • Fixes and improvements

1.10.1

17 Oct 21:42
8d3a83a
Compare
Choose a tag to compare

Upstream Changelog

  • Fixes and improvements

1.10.0

16 Oct 12:34
cc24356
Compare
Choose a tag to compare

Upstream Changelog

  • Fixes and improvements

Important changes since 1.9:

  • Introducing auto-redirect 1
  • Add AdGuard DNS Filter support 2
  • TUN address fields are merged 3
  • Add custom options for auto-route and auto-redirect 4
  • Drop support for go1.18 and go1.19 5
  • Add tailing comma support in JSON configuration
  • Improve sniffers 6
  • Add new inline rule-set type 7
  • Add access control options for Clash API 8
  • Add rule_set_ip_cidr_accept_empty DNS address filter rule item 9
  • Add auto reload support for local rule-set
  • Update fsnotify usages 10
  • Add IP address support for rule-set match command
  • Add rule-set decompile command
  • Add process_path_regex rule item
  • Update uTLS to v1.6.7 11
  • Optimize memory usages of rule-sets 12

1:

The new auto-redirect feature allows TUN to automatically
configure connection redirection to improve proxy performance.

When auto-redirect is enabled, new route address set options will allow you to
automatically configure destination IP CIDR rules from a specified rule set to the firewall.

Specified or unspecified destinations will bypass the sing-box routes to get better performance
(for example, keep hardware offloading of direct traffics on the router).

See TUN.

2:

The new feature allows you to use AdGuard DNS Filter lists in a sing-box without AdGuard Home.

See AdGuard DNS Filter.

3:

See Migration.

4:

See iproute2_table_index,
iproute2_rule_index,
auto_redirect_input_mark and
auto_redirect_output_mark.

5:

Due to maintenance difficulties, sing-box 1.10.0 requires at least Go 1.20 to compile.

6:

BitTorrent, DTLS, RDP, SSH sniffers are added.

Now the QUIC sniffer can correctly extract the server name from Chromium requests and
can identify common QUIC clients, including
Chromium, Safari, Firefox, quic-go (including uquic disguised as Chrome).

7:

The new rule-set type inline (which also becomes the default type)
allows you to write headless rules directly without creating a rule-set file.

8:

With the new access control options, not only can you allow Clash dashboards
to access the Clash API on your local network,
you can also manually limit the websites that can access the API instead of allowing everyone.

See Clash API.

9:

See DNS Rule.

10:

sing-box now uses fsnotify correctly and will not cancel watching
if the target file is deleted or recreated via rename (e.g. mv).

This affects all path options that support reload, including
tls.certificate_path, tls.key_path, tls.ech.key_path and rule_set.path.

11:

Some legacy chrome fingerprints have been removed and will fallback to chrome,
see utls.

12:

See Source Format.

1.9.7

08 Oct 19:14
0d66d0c
Compare
Choose a tag to compare

Upstream changelog

  • Fixes and improvements

1.9.5

20 Sep 18:42
6532da3
Compare
Choose a tag to compare

Upstream Changelog

  • Update quic-go to v0.47.0
  • Fix direct dialer not resolving domain
  • Fix no error return when empty DNS cache retrieved
  • Fix build with go1.23
  • Fix stream sniffer
  • Fix bad redirect in clash-api
  • Fix wireguard events chan leak
  • Fix cached conn eats up read deadlines
  • Fix disconnected interface selected as default in windows
  • Update Bundle Identifiers for Apple platform clients 1

1.9.4

15 Sep 09:12
af272c6
Compare
Choose a tag to compare

Fork Changelog

  • Add WARP IP scanner
  • Update WARP unblocker to a more robust method
  • Update TLS fragmentation method (revert regression)

Upstream Changelog

  • Update quic-go to v0.46.0
  • Update Hysteria2 BBR congestion control
  • Filter HTTPS ipv4hint/ipv6hint with domain strategy
  • Fix crash on Android when using process rules
  • Fix non-IP queries accepted by address filter rules
  • Fix UDP server for shadowsocks AEAD multi-user inbounds
  • Fix default next protos for v2ray QUIC transport
  • Fix default end value of port range configuration options
  • Fix reset v2ray transports
  • Fix panic caused by rule-set generation of duplicate keys for domain_suffix
  • Fix UDP connnection leak when sniffing
  • Fixes and improvements

v1.9.3

12 Jun 12:12
2981960
Compare
Choose a tag to compare
  • Fixes and improvements

v1.9.0

09 Jun 19:51
5ff7006
Compare
Choose a tag to compare
  • Fixes and improvements

Important changes since 1.8:

  • domain_suffix behavior update 1
  • process_path format update on Windows 2
  • Add address filter DNS rule items 3
  • Add support for client-subnet DNS options 4
  • Add rejected DNS response cache support 5
  • Add bypass_domain and search_domain platform HTTP proxy options 6
  • Fix missing rule_set_ipcidr_match_source item in DNS rules 7
  • Handle Windows power events
  • Always disable cache for fake-ip DNS transport if dns.independent_cache disabled
  • Improve DNS truncate behavior
  • Update Hysteria protocol
  • Update quic-go to v0.43.1
  • Update gVisor to 20240422.0
  • Mitigating TunnelVision attacks 8

1:

See Migration.

2:

See Migration.

3:

The new DNS feature allows you to more precisely bypass Chinese websites via DNS leaks. Do not use plain local DNS
if using this method.

See Address Filter Fields.

Client example updated.

4:

See DNS, DNS Server and DNS Rules.

Since this feature makes the scenario mentioned in alpha.1 no longer leak DNS requests,
the Client example has been updated.

5:

The new feature allows you to cache the check results of
Address filter DNS rule items until expiration.

6:

See TUN inbound.

7:

See DNS Rule.

8:

See TunnelVision.