v4.38.3 is released. (Stable Release)
This release includes security functionality improvement for some users.
Feature
* FakeDNS: Added fakedns+others sniffer. Thanks yuhan6665 .
* TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value.
* Observatory: A component that measure the connectivity of selected outbounds.
* Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time.
Fix
* Fixed crashing in fake dns. Thanks IceCodeNew
* Added IPv6 pool in fake dns by default. Thanks Loyalsoldier
* Return ErrEmptyResponse for fakedns. Thanks sixg0000d
* Fixed UDP DNS connection cause crash. Thanks nekohasekai
* Multi-json support for observatory, browser forwarder. Thanks ha-ku AkinoKaede
Chore
* Fixed two typo in comments. Thanks U-v-U
Security Advisory
* TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
GitHubRelease v4.38.3 · v2fly/v2ray-coreFeature
FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Doc...
v4.36.1 released.
—
Features
* Transport: add gRPC / gun transport. This transport's connections can be relayed over Nginx and other supported CDNs, have an ALPN of h2 and a built-in mux. (#757 #783)
-> Docs: Transport; gRPC transport
* Proxy: add loopback proxy. This proxy allows you to send connections back to router to be routed again. It is a drop-in replacement for modified outbound address and dokodemo-door setup while using less system resources. (#770)
-> Docs: Loopback
* Routing: add a faster and more memory-efficient routing rule matcher MphDomainMatcher that uses minimal perfect hash. (#743)
-> Docs: Routing
Fixes
* DNS: Refined DNS default setting logics in Android (#767)
* FakeDNS: use 198.18.0.0/15 as default FakeDNS IP pool (#779)
Notices
* VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
* You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For Downstream Developers
The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.
GitHubRelease v4.36.1 · v2fly/v2ray-coreFeatures
Transport: add gRPC / gun transport. This transport's connections can be relayed over Nginx and other supported CDNs, have an ALPN of h2 and a built-in mux. (#757 #783)
Docs: Transpo...
v4.34.0 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.34.0
Breaking Changes
* Support for the legacy Shadowsocks protocol with stream ciphers has been removed (#566). If you are still using the unsecure stream ciphers, migrate to Shadowsocks AEAD (ChaCha20Poly1305 and AES-GCM) immediately.
* Binaries of the following architectures are no longer a part of the release: s390x, ppc64, ppc64le, mips softfloat.
Changes
* DNS: refactoring DNS (#169)
* DNS: support DNS over QUIC (#534) (currently only non-proxied lookup)
* DNS: add clientIp feature support for every nameserver (#504)
* Release: add Android release (#512)
* Android: default dns set to 8.8.8.8:53 (#572)
* TLS Session Resumption is now disabled by default (#569). See #557 for more information.
* SessionTicketsDisabled is now true by default. See #557 for more information.
* SOCKS: Refine socks5 server UdpAssociate response behavior (#523)
* SOCKS: Fix socks client UDP outbound's wrong destination (#522)
* HTTP2: listen port failed use error level log (#576)
* DNS: refine skipRoutePick (#558)
* DNS: compatible with localhost nameserver (#530)
* DNS & Routing: refine rule parsing process (#528)
* Config: multi-JSON config overide (#409)
* Release: migrate release from Azure Pipelines to GitHub Actions (#453 #468)
* Logging: Prevent trailing whitespaces in logs (#526)
* Test: add race detector
* Minor changes and fixes by U-v-U, CalmLong, dyhkwong
GitHubRelease v4.34.0 · v2fly/v2ray-coreRelease Notes
TLS Session Resumption is now disabled by default (#569). See #557 for more information.
Support for the legacy Shadowsocks protocol with stream ciphers has been removed (#566). If y...
v4.33.0 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.33.0
Breaking Changes
* Remove XTLS
Features
* Add support for Debian package
* API: Reflection Service Support
* Update to IETF QUIC draft-32 (draft-29 is still supported)
Chores
* Transfer VSign and related project to V2Fly and share under the same
* Update security policy with renewed GPG public key
* Use Go 1.15.5
* Refine Code
Notice
The project gets rid of GOPATH mode entirely. Use Git and go mod command as your first choice while developing.
For more information, visit:
https://www.v2fly.org/developer/intro/compile.html
GitHubRelease v4.33.0 · v2fly/v2ray-coreBreaking Changes
Remove XTLS
Features
Add support for Debian package
API: Reflection Service Support @Vigilans
Update to IETF QUIC draft-32 (draft-29 is still supported)
Chores
Transfer VSign ...
#performance
最新的 v4.32.1 版本中,VLESS XTLS Direct Mode 引入了 ReadV 增强,减少一层内存 Copy,性能已与 VLESS 无加密裸奔持平(接近于纯流量转发),为传统 VMess WS TLS 方案的五倍、VLESS TCP TLS 的三倍(且测试机器 CPU 均有 AES 指令集,否则差距更大,如硬路由器上),强烈建议测试体验。这或许是当前性能最强的安全代理方式,但并不是上限,因为下一步优化方向是 V2Ray 框架本身的性能。
https://www.v2fly.org/config/protocols/vless.html
www.v2fly.orgVLESS | V2Fly.orgProject V 是一个工具集合,它可以帮助你打造专属的基础通信网络
v4.32.0 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.32.0
Features
* V2Ray loads JSON internally by default
* Refine UNIX domain socket
https://www.v2fly.org/config/inbounds.html
Fixes
* Fix mKCP sending window
* Fix JSON parsing dependency introduced by mutijson config
* Fix proto.go ProtoFilesUsingProtocGenGoFast on Windows
Chores
* Update geoip, geosite, dependencies
* Refine vprotogen & Regenerate .pb.go files
Notice
* Compiling v2ray-core requires Go 1.15+
* Now v2ray-core supports Reproducible Builds
https://github.com/v2fly/reproducible-builds
GitHubRelease v4.32.0 · v2fly/v2ray-coreFeatures
V2Ray loads JSON internally by default @forever8938
Refine UNIX domain socket @lucifer9…
v4.31.3 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.31.3
Warning
* Compiling v2ray-core requires Go 1.15+
Changes
* Add Trojan over XTLS support
* Adjust VLESS & Trojan Validator
Fixes
* Fix Trojan API
* Fix generate .pb.go on Windows
Chores
* Update geoip, geosite, dependencies
* Remove .dev/protoc & Detect and show download link
GitHubRelease v4.31.3 · v2fly/v2ray-coreWarning
Compiling v2ray-core requires Go 1.15+
…
v4.31.1 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.31.1
Warning
* Compiling v2ray-core requires Go 1.15+
Changes
* Use Go 1.15.3
* Remove XTLS WriteMultiBuffer method
* Adjust level of some logs in VLESS
Fixes
* mKCP: Fix XTLS over mKCP
* DoH: Reduce timeout & fix ineffassign
Chores
* Upgrade all dependencies
* Refine golangci-lint settings & Refine code according to golangci-lint results
* Fix user-package codename & buildtime error
Notice
Project has got rid of GOPATH mode entirely. Use Git and go mod command as your first choice while development.
For more information, visit:
* https://www.v2fly.org/developer/intro/compile.html
* https://www.v2fly.org/developer/intro/guide.html
FeaturesParse X-Forwarded-For in http transport @lucifer9FixFix according to staticcheck result @Loyalsoldier
Fix: Bound check when accessing DNS server's ipIndexMap @Vigilans
Refine code @Loyalsoldier VMess AEAD will be used when alterId is 0 in V2Ray v4.28.0+
via Release notes from v2ray-core https://ift.tt/31SjJZP
UpdatesV2Fly’s signing infrastructure has been revised. You can from now on verify V2Fly’s release with the “Release” signed manifest file with v2ctl.VMessAEAD has been updated to rely more on AEAD.Outbound traffic accounting API. Thanks @yuhan6665HTTP outbound can now handle HTTP2 over TLS, HTTP 1.1 over TLS in addition to HTTP 1.1 proxy traffic. Thanks @darhwaARM release will from now on have an explicit version in it. Thanks @rprxV2Ray will from now on generate Windows 32 ARM binary release.Minor code tidy up. Thanks Roger Shimizu.Minor code tidy up. Thanks @agioiFix crash when the client supplied an invalid domain name to DoH. Thanks @DuckSoftBreaking ChangeVMessAEAD has been updated and needs both client and server to be the same version for it to work.
via Release notes from v2ray-core https://ift.tt/2ZML1yl
FixImprove ARM platform stability. Thank @gitgayhub @rprx and other testers
via Release notes from v2ray-core https://ift.tt/37VpZ46
V2Fly:
公告频道:@v2fly
须知:/channel/v2fly_chat/54118
使用群:@v2fly_chat
off-topic群(水群):https://t.me/joinchat/TNAUs6D6iUG0wVxW
# 关于某专利
首先,专利并不会保证方法的有效性,专利仅仅是保护方法本身。
其次,该专利的描述存在一些问题:
1. 专利中提到:“V2ray服务端与客户端进行每次通信时需要预先交换密钥,因而每次通信较为靠前的数据包具有显著特征”。
实际上,VMess 协议并不存在“预先交换密钥”这个步骤。
即使将 V2Ray 与需要进行“预先交换密钥”的协议配合使用,那么进行“预先交换密钥”时的数据包也不会有 V2Ray 的数据特征,因为此时还没有开始发送有效数据,即使有特征也是配合使用的协议的特征。
2. 专利中将 V2Ray 拼写成了 V2ray。
https://docs.google.com/document/d/1lanYeQbELX7pytehvXO8SndZ0iGyivc2XopkMV5HWW0/edit?usp=sharing
Читать полностью…
V2Ray安装包中自带的geoip.dat和geosite.dat已分别独立为两个repo: v2ray/geoip和v2ray/domain-list-community。这两个repo分别独立发布更新,至少每周一次。V2Ray每次发布时会自动抓取其最新的版本。当V2Ray没有新版本时,你也可以手动从两个repo下载文件并替换。
Читать полностью…
v4.38.0 is released. (Unstable Release)
This release includes security functionality improvement for some users.
Feature
* FakeDNS: Added fakedns+others sniffer. Thanks yuhan6665 .
* TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value.
* Observatory: A component that measure the connectivity of selected outbounds.
* Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time.
Chore
* Fixed two typo in comments. Thanks U-v-U
Security Advisory
* TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
GitHubRelease v4.38.0 · v2fly/v2ray-coreFeature
FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Doc...
v4.35.1 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.35.1
New Features
* FakeDNS, an imaginary DNS server to preserve the domain information even if the software do not support proxy settings
* HybridDomainMatcher: a faster and more memory-efficient routing rule matcher.
* Outbound transport level proxySettings: comprehensive chained proxy support
* Support Apple Silicon: add pre-built binary for Apple Silicon named v2ray-macos-arm64-v8a.zip
* VMess: add zero pseudo encryption for better performance
* Support to disable DNS cache
So many other improvements see Github Release Note for detail.
GitHubRelease v4.35.1 · v2fly/v2ray-coreFeatures
Support Apple Silicon: add pre-built binary for Apple Silicon named v2ray-macos-arm64-v8a.zip (#686) @Loyalsoldier
FakeDNS: add support for FakeDNS. FakeDNS will not take effect on Routin...
New API Service: ReflectionService
This service enables the clients to retrieve gRPC service's API list and signatures without prior access to its proto files. In this way, tools like grpcurl could easily interact with the API service:
# h2cref: https://github.com/v2fly/v2ray-core/pull/435
$ grpcurl -plaintext localhost:10086 list
grpc.reflection.v1alpha.ServerReflection
v2ray.core.app.proxyman.command.HandlerService
v2ray.core.app.stats.command.StatsService
# h2 with tls
$ grpcurl -insecure -cert cert.crt -key cert.key localhost:10086 v2ray.core.app.stats.command.StatsService/GetSysStats
{
"NumGoroutine": 24,
"NumGC": 25,
"Alloc": "24095640",
"TotalAlloc": "511473656",
"Sys": "146657288",
"Mallocs": "6909875",
"Frees": "6464105",
"LiveObjects": "445770",
"PauseTotalNs": "1834456",
"Uptime": 82
}
感谢 @kidonng 的工作
现在你可以在 macOS 中使用
brew install v2ray来安装 V2Ray Читать полностью…
v4.32.1 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.32.1
Important improvement
* VLESS XTLS Direct Mode ReadV Experiment
It's strongly recommended to test this change, as it reaches the best performance of current V2Ray platform.
Remember to use V2Ray v4.32.1+ on at least client side. For more information, please visit
https://www.v2fly.org/config/protocols/vless.html#xtls-%E9%BB%91%E7%A7%91%E6%8A%80
Fixes
* Disable 0-RTT mechanism for HTTP/1.x outbound
* Set default alterId to 0 for VMess dynamic ports
Chores
* Use Go 1.15.4
* Update geoip, geosite, dependencies
Notice
* Compiling v2ray-core requires Go 1.15+
* You are able to compile codes to the complete same binaries as assets by simply following
https://www.v2fly.org/developer/intro/compile.html
GitHubRelease v4.32.1 · v2fly/v2ray-coreImportant improvement
VLESS XTLS Direct Mode ReadV Experiment
It's strongly recommended to test this change, as it reachs the best performance of current V2Ray platform.…
尽管任何人都可以检查自由开源软件中的源代码是否存在恶意漏洞,但大多数情况下都只是获取这些软件的预编译版本,没有办法确认它们和源代码是否一致。
这就刺激了对发布软件的开发者的攻击 —— 不仅是传统的对漏洞的利用,还以政治影响、勒索甚至暴力威胁的形式。
比起开发者本身,攻击构建程序的基础设施更能控制大量的用户设备,而二进制文件变化,对开发者和用户而言是个共同的盲区。
这些攻击可能还导致特定目标,如异见者,新闻工作者和举报人,以及希望进行自由通信的任何人,可能仅仅因为在专制政权下自由通信而遭受处罚。
因此,Reproducible Builds 允许验证在编译过程中没有漏洞或后门被引入。通过相同的源代码生成相同的二进制,让多个第三方就 "正确" 的结果达成共识,突出任何可疑的和值得仔细检查的偏差。
现在,我们在 https://github.com/v2fly/reproducible-builds 提供该工具,你可以快速运行并校验发布文件是否被修改。
GitHubv2fly/reproducible-buildsReproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code. - v2fly/reproducible-builds
v4.31.2 Released
https://github.com/v2fly/v2ray-core/releases/tag/v4.31.2
Changes
* gRPC: Rollback from 1.33.0 to 1.32.0
https://github.com/grpc/grpc-go/issues/3945
* Upgrade other dependencies
GitHubRelease v4.31.2 · v2fly/v2ray-coreChanges
gRPC: Rollback from 1.33.0 to 1.32.0 @o0HalfLife0o
grpc/grpc-go#3945…
FixesRouting Context: Fix GetUser() & Use string for Attributes Value. @Vigilans
Fix the coarse-grained mutex in HTTP outbound. @darhwaChoresSupport disable VMessAead by os environ. @wwqgtxx
Fix and refine workflows. @Loyalsoldier
via Release notes from v2ray-core https://ift.tt/2FQHSHj
FeatureVLESS PREVIEW 1.3 https://www.v2fly.org/config/protocols/vless.htmlAdd Linux riscv64 release @rprxFixShadowsocks supports cipher as None @yuhan6665Add access log for Dokodemo inbound @lucifer9Some typo fixes @DuckSoftFix the error of missing curl in Dockerfile @kallydevGitHub Actions push to docker hub @kallydevOptimize SO_REUSEPORT implementation @VigilansDOH supports HTTP/2 @darhwaApply Sockopt from inbound config to Dokodemo Tproxy response connection @VigilansBreaking ChangeVMessAEAD has been updated and needs both client and server to be the same version for it to work.Release file structure changes. VMess AEAD will be used when alterId is 0 in V2Ray v4.28.0+
via Release notes from v2ray-core https://ift.tt/3a1ZHhZ
Please refer to https://github.com/v2fly/v2ray-core/releases for further updates instead of the V2Ray release page. Currently, update in V2Fly will be mirrored to the V2Ray release page but this will NOT continue indefinitely.
Читать полностью…
New FunctionsVMess's new header format experiment begins. You can now enable VMessAEAD to be better protected. Documents EN CH are updated. See extra-VMessAEADdoc.zip for a more detailed explanation available in both Chinese and English.mKCP can now be encrypted to resist recognition, address issue mentioned in #2530 #2253 #2131. Documents EN CH are updated.Breaking ChangesTo slow down certain replay attacks, taint mechanic for VMess MD5 authentication data is introduced. Unless the server is under attack, a well-behaved client is not influenced. Pay attention to this change if you are designing a "V2Ray Panel", "Airport" or "V2Ray Service Provider". Documents EN CH are updated.Minor fixes from v2fly#12 v2fly#10 included.Updated Golang tool-chain. Thanks @rprxLocalAddr() in UDP workers will now return correct local addr. Thanks @zhuobixinAbout AV warningsWe are aware some anti-virus software detects V2Ray as malware, which it isn't, but we can't afford to pay the fee needed to make them not detect V2Ray as malware. Microsoft's AV detects V2Ray as "Trojan:Win32/Wacatac.C!ml" , "Program:Win32/Wacapew.C!ml" each time we release a new version, and I have to manually contact them each time to remove it from the malware database. If you have more information to report please leave them here. These AVs are known to generate false-positive results: "Microsoft", "McAfee", "Cylance", "Symantec", "F-Secure", "SecureAge APEX", "Cybereason", "Cynet", "MaxSecure", "F-Secure", "Avira", "AVAST", "AVG", "Rising"(瑞星).
via Release notes from v2ray-core https://ift.tt/2AZ7TSl
V2Ray v4.23.2 已发布。
更新内容
* TLS 改用 Golang 标准密码套件
* 增加 Illumos 支持
* Golang 升级至 1.14.1
注:v2ray/v2ray-core#2509 提及的潜在被识别风险已消除,如果您在使用 TLS 或 WebSocket 功能并在意这项潜在的风险,应当尽快升级 客户端。
—
V2Ray v4.23.2 released.
Updates
* TLS Cipher Suites follows Golang standard
* Add Illumos Suppport
* Update to Golang 1.14.1
P.S. This release should address the potential threat, that the TLS ClientHello may be recognize by matching the constant TLS Cipher Suites string in the handshake packet. For more information, see v2ray/v2ray-core#2509. If you find this important in your application (i.e. using TLS or WebSocket), you should update your client side immediately.
V2Ray 4.15正式开放了面向客户端的DNS查询功能,可以作为一个独立的DNS服务器使用。配合V2Ray现有的功能,可以开发一些新的玩法:1) 广告屏蔽 2) DNS 查询分流 3) 基于CNAME抵御DNS污染。想尝鲜的同学们现在就可以试用了。一头雾水的话,请等待详细的使用说明。
Читать полностью…
新的项目:domain-list-community。它的目标是成为一个由社区维护的域名列表,用于取代V2Ray Core现有的geosite,同时也可以使用工具生成其它软件兼容的规则格式。我们欢迎所有感兴趣的同学对此项目提交更改,所有的更改会自动加入未来的Core的版本中。 https://github.com/v2ray/domain-list-community
Читать полностью…
