v1.12.0-alpha.2

• #616 Handle tcp_only mode properly in tun protocol
• #614, #615 Upgraded bloomfilter crate to v1.0.8

v1.12.0-alpha.1

Features

• #586 Basic support of tun interface in sslocal
  • (Experimental) Tested on macOS and Linux
• #421 ssmanager support --plugin and --plugin-opts as default plugin configurations

Bug Fixed

• #579 UDP server reply target address should be received source address

Miscellaneous

• #596 Support Snapcraft https://snapcraft.io/shadowsocks-rust

v1.11.2

Features

• #570 Multi-architecture Docker image for release
• Replaced futures::future::abortable with tokio's builtin tokio::task::JoinHandle::abort
• Define binaries' exit code with standard in sysexits.h
• HTTP local listener supports TCP_NODELAY, SO_KEEPALIVE and dual-stack

Bug Fixed

• #577 ssmanager and ssserver command line argument -u should overwrite mode to be Mode::UdpOnly
• #566 Exit with error code instead of panic! when loading ACL fails
• #555 Properly handling EINPROGRESS for TFO connect when falling backs
• #557 Properly killing UDP associations, which may cause Future (memory) leaks

Security

• #556 Remove slient dropping when replay was detected

v1.11.1

Features

• #546 Enable TCP Keep Alive for inbound and outbound sockets

  • Add a new keep_alive key in configuration for configuring keep alive timeout
  • Default timeout is 15 seconds (like Go's net library's default)

• #543 Add disabled key for local servers in configuration

Bug Fixed

• #490 Try to purge half-open TCP connections when one direction is closed

  • When one direction is closed, server will set a 5 seconds read timeout on the other half

• #542 Allow setting method for default encryption method when starting ssmanager with configuration

• #541 Fixed ACL rules for ssmanager

• Fixed wrong slient-drop implementation in ssserver

v1.11.0

Features

• #184 Support TFO (TCP Fast Open) on Linux, Windows, macOS (iOS), FreeBSD
• #510 Support customizing servers' weight for balancer

v1.10.9

Bug Fixes

• HTTP Proxy preserves headers' title case. https://github.com/shadowsocks/shadowsocks-rust/discussions/491 , hyperium/hyper#2313

v1.10.8

Bug Fixes

• Removes non-standard AEAD ciphers that have variable nonce length, including
  • aes-128-ocb-taglen128, aes-192-ocb-taglen128, aes-256-ocb-taglen128
  • aes-siv-cmac-256, aes-siv-cmac-384, aes-siv-cmac-512

v1.10.7

Features

• Support non-standard AEAD ciphers sm4-gcm and sm4-ccm

v1.10.6

It is recommended all users since v1.9.0 to upgrade to this release.

Features

• shadowsocks/shadowsocks-crypto#8 Support non-standard AEAD ciphers with crypto2, could be enabled by feature aead-cipher-extra
  • aes-128-ccm, aes-256-ccm
  • aes-128-gcm-siv, aes-256-gcm-siv
  • aes-128-ocb-taglen128, aes-192-ocb-taglen128, aes-256-ocb-taglen128
  • aes-siv-cmac-256, aes-siv-cmac-384, aes-siv-cmac-512
  • xchacha20-ietf-poly1305

Bug Fixes

• shadowsocks/shadowsocks-android#2705 MD5 algorithm bug causes KDF (Key Derived Function) produces wrong key when LEN(password) % 64 in [50, 64)

v1.10.5

It is recommended all users since v1.9.0 to upgrade to this release.

BUG Fixed

• ProxyClientStream should keep the concatenated first packet buffer alive before asynchronous write() finishes