AdGuard Home v0.107.49

Fast approaching summer promises everyone its warmth, and all kinds of bugs are crawling from under the rocks and twigs to enjoy the sun 🌞. Here's a patch to make sure that they stay in the grass and nowhere near AdGuard Home.

Acknowledgements

A special thanks to our community moderation team, @AdguardTeam/community-moderators, contributor @looklose, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.22.3.

Added

• Support for comments in the ipset file (#5345).

Changed

• Private rDNS resolution now also affects SOA and NS requests (#6882).

• Rewrite rules mechanics were changed due to improved resolving in safe search.

Deprecated

• Currently, AdGuard Home skips persistent clients that have duplicate fields when reading them from the configuration file. This behaviour is deprecated and will cause errors on startup in a future release.

Fixed

• Acceptance of duplicate UIDs for persistent clients at startup. See also the section on client settings on the Wiki page.

• Domain specifications for top-level domains not considered for requests to unqualified domains (#6744).

• Support for link-local subnets, i.e. fe80::/16, as client identifiers (#6312).

• Issues with QUIC and HTTP/3 upstreams on older Linux kernel versions (#6422).

• YouTube restricted mode is not enforced by HTTPS queries on Firefox.

• Support for link-local subnets, i.e. fe80::/16, in the access settings (#6192).

• The ability to apply an invalid configuration for private RDNS, which led to server inoperability.

• Ignoring query log for clients with ClientID set (#5812).

• Subdomains of in-addr.arpa and ip6.arpa containing zero-length prefix incorrectly considered invalid when specified for private RDNS upstream servers (#6854).

• Unspecified IP addresses aren't checked when using "Fastest IP address" mode (#6875).

AdGuard Home v0.108.0-b.55

Changes compared to the previous beta, v0.108.0-b.54. See CHANGELOG.md for all changes.

Acknowledgements

A special thanks to our community moderation team, @AdguardTeam/community-moderators, contributor @looklose, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.22.3.

Added

• Support for comments in the ipset file (#5345).

Changed

• Private rDNS resolution now also affects SOA and NS requests (#6882).

• Rewrite rules mechanics was changed due to improve resolving in safe search.

Deprecated

• Currently, AdGuard Home skips persistent clients that have duplicate fields when reading them from the configuration file. This behaviour is deprecated and will cause errors on startup in a future release.

Fixed

• Acceptance of duplicate UIDs for persistent clients at startup. See also the section on client settings on the Wiki page.

• Domain specifications for top-level domains not considered for requests to unqualified domains (#6744).

• Support for link-local subnets, i.e. fe80::/16, as client identifiers (#6312).

• Issues with QUIC and HTTP/3 upstreams on older Linux kernel versions (#6422).

• YouTube restricted mode is not enforced by HTTPS queries on Firefox.

• Support for link-local subnets, i.e. fe80::/16, in the access settings (#6192).

• The ability to apply an invalid configuration for private rDNS, which led to server not starting.

• Ignoring query log for clients with ClientID set (#5812).

• Subdomains of in-addr.arpa and ip6.arpa containing zero-length prefix incorrectly considered invalid when specified for private rDNS upstream servers (#6854).

• Unspecified IP addresses aren't checked when using "Fastest IP address" mode (#6875).

AdGuard Home v0.107.48

After the last update it became possible for banned users to make DNS queries over encrypted protocols. This behavior, of course, was not intended, and is fixed by this hotfix.

We apologize for this oversight and will do our best to avoid repeating such mistakes in the future.

Full changelog

See also the v0.107.48 GitHub milestone.

Fixed

• Access settings not being applied to encrypted protocols (#6890)

AdGuard Home v0.107.47

Another security and bug fix update, but this time we also fix a 🕒 time zone selection issue and a few other annoying bugs!

Acknowledgements

A special thanks to our community moderation team, @AdguardTeam/community-moderators, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.47 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.22.2.

Changed

• Time Zone Database is now embedded in the binary (#6758).

• Failed authentication attempts show the originating IP address in the logs, if the request came from a trusted proxy (#5829).

Deprecated

• Go 1.22 support. Future versions will require at least Go 1.23 to build.

• Currently, AdGuard Home uses a best-effort algorithm to fix invalid IDs of filtering-rule lists on startup. This feature is deprecated, and invalid IDs will cause errors on startup in a future version.

• Node.JS 16. Future versions will require at least Node.JS 18 to build.

Fixed

• Resetting DNS upstream mode when applying unrelated settings (#6851).

• Symbolic links to the configuration file begin replaced by a copy of the real file upon startup on FreeBSD (#6717).

Removed

• Go 1.21 support.

AdGuard Home v0.107.46

As promised in the notes for the previous release, this update brings some quality-of-life improvements as well as a few bug fixes 🔧.

Full changelog

See also the v0.107.46 GitHub milestone.

Added

• Ability to disable the use of system hosts file information for query resolution (#6610).

• Ability to define custom directories for storage of query log files and statistics (#5992).

Changed

• Private rDNS resolution (dns.use_private_ptr_resolvers in YAML configuration) now requires a valid "Private reverse DNS servers", when enabled (#6820).

  NOTE: Disabling private rDNS resolution behaves effectively the same as if no private reverse DNS servers provided by user and by the OS.

Fixed

• Statistics for 7 days displayed by day on the dashboard graph (#6712).

• Missing "served from cache" label on long DNS server strings (#6740).

• Incorrect tracking of the system hosts file's changes (#6711).

AdGuard Home v0.108.0-b.54

Changes compared to the previous beta, v0.108.0-b.53. See CHANGELOG.md for all changes.

Acknowledgements

A special thanks to our open-source contributors, @hoang-rio, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.21.8.

Added

• Ability to disable the use of system hosts file information for query resolution (#6610).

Changed

• Private RDNS resolution (dns.use_private_ptr_resolvers in YAML configuration) now requires a valid "Private reverse DNS servers", when enabled (#6820).

  NOTE: Disabling private RDNS resolution behaves effectively the same as if no private reverse DNS servers provided by user and by the OS.

Fixed

• Statistics for 7 days displayed by day on the dashboard graph (#6712).

• Missing "served from cache" label on long DNS server strings (#6740).

AdGuard Home v0.107.45

This is a small release containing a security update, a few fixes, and a small feature. More to come soon!

Acknowledgements

A special thanks to our open-source contributors, @hoang-rio, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.45 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.21.8.

Added

• Context menu item in the Query Log to add a Client to the Persistent client list (#6679).

Changed

• Starting with this release our scripts are using Go's forward compatibility mechanism for updating the Go version.

  Important note for porters: This change means that if your go version is 1.21+ but is different from the one required by AdGuard Home, the go tool will automatically download the required version.

  If you want to use the version installed on your builder, run:

  go get go@$YOUR_VERSION
  go mod tidy

  and call make with GOTOOLCHAIN=local.

Deprecated

• Go 1.21 support. Future versions will require at least Go 1.22 to build.

Fixed

• Missing IP addresses in logs when querying for domain names from the ignore lists.

• Blank page after resetting access clients (#6634).

• Wrong algorithm for caching bootstrapped upstream addresses (#6723).

Removed

• Go 1.20 support, as it has reached end of life.

AdGuard Home v0.108.0-b.53

Changes compared to the previous beta, v0.108.0-b.52. See CHANGELOG.md for all changes.

Acknowledgements

A special thanks to our open-source contributors: @bakito, and @satheshshiva, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.21.6 and Go 1.21.7.

Added

• Ability to define custom directories for storage of query log files and statistics (#5992).

• Context menu item in the Query Log to add a Client to the Persistent client list (#6679).

Changed

• Starting with this release our scripts are using Go's forward compatibility mechanism for updating the Go version.

  Important note for porters: This change means that if your go version is 1.21+ but is different from the one required by AdGuard Home, the go tool will automatically download the required version.

  If you want to use the version installed on your builder, run:

  go get go@$YOUR_VERSION
  go mod tidy

  and call make with GOTOOLCHAIN=local.

Deprecated

• Go 1.21 support. Future versions will require at least Go 1.22 to build.

Fixed

• Incorrect tracking of the system hosts file's changes (#6711).

• “Invalid AddrPort” in the Private reverse DNS servers section on the Settings → DNS settings page.

Removed

• Go 1.20 support, as it has reached end of life.

AdGuard Home v0.107.44

They say, when you do your job well, nobody ever notices it. We'd like to believe this is the case, as today's update won't knock your socks off with any new major features or anything of the sort. Instead, we “oil the gears” with spot changes and assorted bugfixes 🔧.

Acknowledgements

A special thanks to our open-source contributors: @bakito, and @satheshshiva, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.44 GitHub milestone.

Added

• Timezones in the Etc/ area to the timezone list (#6568).

• The schema version of the configuration file to the output of running AdGuardHome (or AdGuardHome.exe) with -v --version command-line options (#6545).

• Ability to disable plain-DNS serving via UI if an encrypted protocol is already used (#1660).

Changed

• The bootstrapped upstream addresses are now updated according to the TTL of the bootstrap DNS response (#6321).

• Logging level of timeout errors is now error instead of debug (#6574).

• The field "upstream_mode" in POST /control/dns_config and GET /control/dns_info HTTP APIs now accepts load_balance value. Check openapi/CHANGELOG.md for more details.

Configuration changes

In this release, the schema version has changed from 27 to 28.

• The new property clients.persistent.*.uid, which is a unique identifier of the persistent client.

• The properties dns.all_servers and dns.fastest_addr were removed, their values migrated to newly added field dns.upstream_mode that describes the logic through which upstreams will be used. See also a Wiki page.

  # BEFORE:
  'dns':
      # …
      'all_servers': true
      'fastest_addr': true
  
  # AFTER:
  'dns':
      # …
      'upstream_mode': 'parallel'

  To rollback this change, remove the new field upstream_mode, set back dns.all_servers and dns.fastest_addr properties in dns section, and change the schema_version back to 27.

Fixed

• “Invalid AddrPort” in the Private reverse DNS servers section on the Settings → DNS settings page.
• Panic on using --no-etc-hosts flag (#6644).
• Schedule display in the client settings after creating or updating.
• Zero value in querylog.size_memory disables logging (#6570).
• Non-anonymized IP addresses on the dashboard (#6584).
• Maximum cache TTL requirement when editing minimum cache TTL in the Web UI (#6409).
• Load balancing algorithm stuck on a single server (#6480).
• Statistics for 7 days displayed as 168 hours on the dashboard.
• Pre-filling the Edit static lease window with data (#6534).
• Names defined in the /etc/hosts for a single address family wrongly considered undefined for another family (#6541).
• Omitted CNAME records in safe search results, which can cause YouTube to not work on iOS (#6352).

AdGuard Home v0.108.0-b.52

Changes compared to the previous beta, v0.108.0-b.51. See CHANGELOG.md for all changes.

Full changelog

Added

• Etc timezones to the timezone list (#6568).
• The schema version of the configuration file to the output of running AdGuardHome (or AdGuardHome.exe) with -v --version command-line options (#6545).
• Ability to disable plain-DNS serving via UI if an encrypted protocol is already used (#1660).

Changed

• The bootstrapped upstream addresses now updated according to the TTL of the bootstrap DNS response (#6321).
• Logging level of timeout errors is now error instead of debug (#6574).
• The field "upstream_mode" in POST /control/dns_config and GET /control/dns_info HTTP APIs now accepts load_balance value. Check openapi/CHANGELOG.md for more details.

Configuration changes

In this release, the schema version has changed from 27 to 28.

• The new property clients.persistent.*.uid, which is unique identifier of the persistent client.
• The properties dns.all_servers and dns.fastest_addr were removed, their values migrated to newly added field dns.upstream_mode that describes the logic through which upstreams will be used. See also a Wiki page.

# BEFORE:
'dns':
    # …
    'all_servers': true
    'fastest_addr': true

# AFTER:
'dns':
    # …
    'upstream_mode': 'parallel'

To rollback this change, remove the new field upstream_mode, set back dns.all_servers and dns.fastest_addr properties in dns section, and change the schema_version back to 27.

Fixed

• Panic on using --no-etc-hosts flag (#6644).
• Schedule display in the client settings after creating or updating.
• Zero value in querylog.size_memory disables logging (#6570).
• Non-anonymized IP addresses on the dashboard (#6584).
• Maximum cache TTL requirement when editing minimum cache TTL in the Web UI (#6409).
• Load balancing algorithm stuck on a single server (#6480).
• Statistics for 7 days displayed as 168 hours on the dashboard.
• Pre-filling the Edit static lease window with data (#6534).
• Names defined in the /etc/hosts for a single address family wrongly considered undefined for another family (#6541).
• Omitted CNAME records in safe search results, which can cause YouTube to not work on iOS (#6352).
• Incorrect handling of IPv4-in-IPv6 addresses when binding to an unspecified address on some machines (#6510).