v4.40.0

Features

• DNS: support DNS over TCP.
  • docs: DNS
  • #983 Thanks @AkinoKaede
  • Currently DNS over TCP is yet to be optimized for performance, and is recommended for compatibility purpose only.

Fixes

• Fix: new cert issuing is incorrectly delayed. #998 Thanks @bhoppi

Chores

• Update dependencies

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.39.2

Features

• Websocket: support header based Websocket early data & its partial browser forwarder support
  • docs: Websocket
  • Thanks @RPRX
• GeoData: add a memory efficient geodata decoder called memconservative for memory-limited devices
  • docs: Environment variable
  • #934 #953 #964 #965 #967 #977 Thanks @Loyalsoldier @rurirei
• HTTP/2 Transport: support to set method and headers for outgoing connections
  • docs: HTTP/2
• TCP Socket Option: support to set keepalive interval on Linux operating system
  • docs: Transport
  • #962 Thanks @therealak12

Fixes

• BrowserForwarder panics with empty config (#954) Thanks @AkinoKaede @Loyalsoldier
• FakeDNS prints error with empty config (#955) Thanks @Loyalsoldier
• Dual stack FakeDNS Close method (#956) Thanks @Loyalsoldier
• Observatory starts with empty config & fails to close (#957) Thanks @Loyalsoldier
• Null check on alternative system dialer (#959) Thanks @rurirei
• Fixed the chain proxy support for gRPC and HTTP/2 transport
• Fixed leastping logic (#1019) Thanks @fanyiguang
• Fixed v2ctl unable to create geodata loaders (#1014) Thanks @ght99

Chores

• Use Go v1.16.4
• Update dependencies

Notices

• Some unintentionally published APIs have been removed. 620d8f1
• API introduced in #966 is unsupported, and will be removed once a permanent solution is available.
• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.39.1

Features

• Websocket: support header based Websocket early data & its partial browser forwarder support
  • docs: Websocket
  • Thanks @RPRX
• GeoData: add a memory efficient geodata decoder called memconservative for memory-limited devices
  • docs: Environment variable
  • #934 #953 #964 #965 #967 #977 Thanks @Loyalsoldier @rurirei
• HTTP/2 Transport: support to set method and headers for outgoing connections
  • docs: HTTP/2
• TCP Socket Option: support to set keepalive interval on Linux operating system
  • docs: Transport
  • #962 Thanks @therealak12

Fixes

• BrowserForwarder panics with empty config (#954) Thanks @AkinoKaede @Loyalsoldier
• FakeDNS prints error with empty config (#955) Thanks @Loyalsoldier
• Dual stack FakeDNS Close method (#956) Thanks @Loyalsoldier
• Observatory starts with empty config & fails to close (#957) Thanks @Loyalsoldier
• Null check on alternative system dialer (#959) Thanks @rurirei
• Fixed the chain proxy support for grpc and h2 transport.

Chores

• Use Go v1.16.3
• Update dependencies

Notices

• Some unintentionally published APIs have been removed. 620d8f1
• API introduced in #966 is unsupported, and will be removed once a permanent solution is available.
• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.39.0

Features

• Websocket: support header based Websocket early data & its partial browser forwarder support
  • docs: Websocket
  • Thanks @RPRX
• GeoData: add a memory efficient geodata decoder called memconservative for memory-limited devices
  • docs: Environment variable
  • #934 #953 #964 #965 #967 #977 Thanks @Loyalsoldier @rurirei
• HTTP/2 Transport: support to set method and headers for outgoing connections
  • docs: HTTP/2
• TCP Socket Option: support to set keepalive interval on Linux operating system
  • docs: Transport
  • #962 Thanks @therealak12

Fixes

• BrowserForwarder panics with empty config (#954) Thanks @AkinoKaede @Loyalsoldier
• FakeDNS prints error with empty config (#955) Thanks @Loyalsoldier
• Dual stack FakeDNS Close method (#956) Thanks @Loyalsoldier
• Observatory starts with empty config & fails to close (#957) Thanks @Loyalsoldier
• Null check on alternative system dialer (#959) Thanks @rurirei

Chores

• Use Go v1.16.3
• Update dependencies

Notices

• Some unintentionally published APIs have been removed. 620d8f1
• API introduced in #966 is unsupported, and will be removed once a permanent solution is available.
• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.38.3

Feature

• FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
• TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
• Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
• Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.

Fixs

• Fixed crashing in fake dns. #931 Thanks @IceCodeNew
• Added IPv6 pool in fake dns by default. #925 Thanks @Loyalsoldier
• Return ErrEmptyResponse for fakedns. #926 Thanks @sixg0000d
• Fixed UDP DNS connection cause crash. Thanks @nekohasekai
• Multi-json support for observatory, browser forwarder. #944 Thanks @ha-ku @AkinoKaede

Chore

• Fixed two typo in comments. Thanks @U-v-U

Security Advisory

• TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.38.2

Feature

• FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
• TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
• Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
• Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.

Fixs

• Fixed crashing in fake dns. #931 Thanks @IceCodeNew
• Added IPv6 pool in fake dns by default. #925 Thanks @Loyalsoldier
• Return ErrEmptyResponse for fakedns. #926 Thanks @sixg0000d
• Fixed UDP DNS connection cause crash. Thanks @nekohasekai

Chore

• Fixed two typo in comments. Thanks @U-v-U

Security Advisory

• TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.38.1

Feature

• FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
• TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
• Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
• Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.

Fixs

• Fixed crashing in fake dns. #931 Thanks @IceCodeNew
• Added IPv6 pool in fake dns by default. #925 Thanks @Loyalsoldier
• Return ErrEmptyResponse for fakedns. #926 Thanks @sixg0000d

Chore

• Fixed two typo in comments. Thanks @U-v-U

Security Advisory

• TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.38.0

Feature

• FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
• TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Document for TLS is updated.
• Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
• Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.

Chore

• Fixed two typo in comments. Thanks @U-v-U

Security Advisory

• TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.37.3

Feature

• DNS: hosts support multiple addresses (#884 #886 #888) Docs

Fix

• Cannot load geoip & geosite (#889)

Chore

• Use Go v1.16.3
• Use Go v1.16 to build Debian package (#890)
• Update Debian package (098bf4b #894)

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.

v4.37.2

Features

• Websocket: support browser forwarder (#818)
  • Docs: Websocket & BrowserForwarder
  • Thanks @RPRX
• Websocket: support Websocket 0-RTT early data (#818)
  • Docs: Websocket
  • Thanks @RPRX
• Shadowsocks: add replay protection for Shadowsocks proxy (#777) @oif
• DNS: add queryStrategy option for DNS (#794)
  • Docs: DNS
  • Thanks @Loyalsoldier
• DNS: add disableFallback & skipFallback option for DNS client (#864)
  • Docs: DNS
  • Thanks @Loyalsoldier
• GeoIP: add inversed GeoIP matching (#860)
  • Docs: Routing & DNS
  • Thanks @Loyalsoldier

Fixes

• gRPC: add grpcSettings & gunSettings to streamSettings (00879c4) @RPRX
• Protobuf: vprotogen loop dependency (#797) @Loyalsoldier @U-v-U
• DNS: tests timeout due to network instability (#805) @Loyalsoldier
• DNS: remove AA header flag in DNS query (#817) @Loyalsoldier
• TProxy: cannot find IPv6 destination in redirect mode (#815) @mzz2017
• Context: ctx initialization for core.functions (#841) @rurirei
• FakeDNS: set FakeEnable option dynamically (#879) @sixg0000d @Loyalsoldier
• Websocket: Websocket early data 404 bug (#859) @k79e
• Browser Forwarder: cannot load resources on Windows (#849) @dyhkwong
• QUIC: disconnect due to timeout (#850) @bhoppi

Chores

• Log: remove package path prefix in logs (#840 0138017 78c1993) @kslr
• Update protobuf & dependencies & workflows & lint @Loyalsoldier
• Use Go v1.16.3

Notices

• VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
• You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.

For downstream developers

The Go module name of v2ray-core has been changed to github.com/v2fly/v2ray-core/v4. Do NOT use v2ray.com/core anymore.