新年快乐

中秋快乐！

v4.38.3 is released. (Stable Release)

This release includes security functionality improvement for some users.

Feature

• FakeDNS: Added fakedns+others sniffer. Thanks yuhan6665 .
• TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value.
• Observatory: A component that measure the connectivity of selected outbounds.
• Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time.

Fix

• Fixed crashing in fake dns. Thanks IceCodeNew
• Added IPv6 pool in fake dns by default. Thanks Loyalsoldier
• Return ErrEmptyResponse for fakedns. Thanks sixg0000d
• Fixed UDP DNS connection cause crash. Thanks nekohasekai
• Multi-json support for observatory, browser forwarder. Thanks ha-ku AkinoKaede

Chore

• Fixed two typo in comments. Thanks U-v-U

Security Advisory

• TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.

GitHubRelease v4.38.3 · v2fly/v2ray-coreFeature

FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Doc...

v4.38.0 is released. (Unstable Release)

This release includes security functionality improvement for some users.

Feature
FakeDNS: Added fakedns+others sniffer. Thanks yuhan6665 .
TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value.
Observatory: A component that measure the connectivity of selected outbounds.
Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time.

Chore
* Fixed two typo in comments. Thanks U-v-U

Security Advisory

• TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.

GitHubRelease v4.38.0 · v2fly/v2ray-coreFeature

FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Doc...

v4.35.1 Released

https://github.com/v2fly/v2ray-core/releases/tag/v4.35.1

New Features FakeDNS, an imaginary DNS server to preserve the domain information even if the software do not support proxy settings
HybridDomainMatcher: a faster and more memory-efficient routing rule matcher.
Outbound transport level proxySettings: comprehensive chained proxy support
Support Apple Silicon: add pre-built binary for Apple Silicon named v2ray-macos-arm64-v8a.zip
VMess: add zero pseudo encryption for better performance
Support to disable DNS cache

So many other improvements see Github Release Note for detail.

GitHubRelease v4.35.1 · v2fly/v2ray-coreFeatures

Support Apple Silicon: add pre-built binary for Apple Silicon named v2ray-macos-arm64-v8a.zip (#686) @Loyalsoldier
FakeDNS: add support for FakeDNS. FakeDNS will not take effect on Routin...

v4.34.0 Released

https://github.com/v2fly/v2ray-core/releases/tag/v4.34.0Breaking Changes * Support for the legacy Shadowsocks protocol with stream ciphers has been removed (#566). If you are still using the unsecure stream ciphers, migrate to Shadowsocks AEAD (ChaCha20Poly1305 and AES-GCM) immediately.
* Binaries of the following architectures are no longer a part of the release: s390x, ppc64, ppc64le, mips softfloat.

Changes * DNS: refactoring DNS (#169)
DNS: support DNS over QUIC (#534) (currently only non-proxied lookup)
DNS: add clientIp feature support for every nameserver (#504)
Release: add Android release (#512)
Android: default dns set to 8.8.8.8:53 (#572)
TLS Session Resumption is now disabled by default (#569). See #557 for more information.
SessionTicketsDisabled is now true by default. See #557 for more information.
SOCKS: Refine socks5 server UdpAssociate response behavior (#523)
SOCKS: Fix socks client UDP outbound's wrong destination (#522)
HTTP2: listen port failed use error level log (#576)
DNS: refine skipRoutePick (#558)
DNS: compatible with localhost nameserver (#530)
DNS & Routing: refine rule parsing process (#528)
Config: multi-JSON config overide (#409)
Release: migrate release from Azure Pipelines to GitHub Actions (#453 #468)
Logging: Prevent trailing whitespaces in logs (#526)
Test: add race detector
* Minor changes and fixes by U-v-U, CalmLong, dyhkwong

GitHubRelease v4.34.0 · v2fly/v2ray-coreRelease Notes

TLS Session Resumption is now disabled by default (#569). See #557 for more information.
Support for the legacy Shadowsocks protocol with stream ciphers has been removed (#566). If y...

New API Service: ReflectionServiceThis service enables the clients to retrieve gRPC service's API list and signatures without prior access to its proto files. In this way, tools like grpcurl could easily interact with the API service:

```
# h2c
$ grpcurl -plaintext localhost:10086 list
grpc.reflection.v1alpha.ServerReflection
v2ray.core.app.proxyman.command.HandlerService
v2ray.core.app.stats.command.StatsService

# h2 with tls
$ grpcurl -insecure -cert cert.crt -key cert.key localhost:10086 v2ray.core.app.stats.command.StatsService/GetSysStats
{
"NumGoroutine": 24,
"NumGC": 25,
"Alloc": "24095640",
"TotalAlloc": "511473656",
"Sys": "146657288",
"Mallocs": "6909875",
"Frees": "6464105",
"LiveObjects": "445770",
"PauseTotalNs": "1834456",
"Uptime": 82
}

```
ref: https://github.com/v2fly/v2ray-core/pull/435

GitHubAPI: Reflection Service Support by Vigilans · Pull Request #435 · v2fly/v2ray-coreThis PR implements a new service ReflectionService, which is a simple wrapper of grpc/reflection package:
"api": {
"tag": "api",
&amp...

v4.33.0 Released

https://github.com/v2fly/v2ray-core/releases/tag/v4.33.0

Breaking Changes * Remove XTLS

Features * Add support for Debian package
API: Reflection Service Support
Update to IETF QUIC draft-32 (draft-29 is still supported)

Chores * Transfer VSign and related project to V2Fly and share under the same
Update security policy with renewed GPG public key
Use Go 1.15.5
* Refine Code

Notice The project gets rid of GOPATH mode entirely. Use Git and go mod command as your first choice while developing.
For more information, visit:
https://www.v2fly.org/developer/intro/compile.html

GitHubRelease v4.33.0 · v2fly/v2ray-coreBreaking Changes

Remove XTLS

Features

Add support for Debian package
API: Reflection Service Support @Vigilans
Update to IETF QUIC draft-32 (draft-29 is still supported)

Chores

Transfer VSign ...

感谢 @kidonng 的工作

现在你可以在 macOS 中使用

```
brew install v2ray

```
来安装 V2Ray