Releases: AdguardTeam/AdGuardHome
AdGuard Home v0.108.0-b.45
Changes compared to the previous beta, v0.108.0-b.44. See CHANGELOG.md for all changes.
Acknowledgements
A special thanks to our open-source contributor, @ssrahul96, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!
Full changelog
Security
- Go version has been updated to prevent the possibility of exploiting the CVE-2023-39318, CVE-2023-39319, and CVE-2023-39320 Go vulnerabilities fixed in Go 1.20.8.
Added
-
AdBlock-style syntax support for ignored domains in logs and statistics (#5720).
-
Strict-Transport-Security
header in the HTTP API and DNS-over-HTTPS responses when HTTPS is forced (#2998). See RFC 6797. -
UI for the schedule of the service-blocking pause (#951).
Changed
Configuration Changes
In this release, the schema version has changed from 25 to 27.
-
Ignore rules blocking
.
inquerylog.ignored
andstatistics.ignored
have been migrated to AdBlock syntax (|.^
). To rollback this change, restore the rules and change theschema_version
back to26
. -
Filtering-related settings have been moved from
dns
section of the YAML configuration file to the new sectionfiltering
:# BEFORE: 'dns': 'filtering_enabled': true 'filters_update_interval': 24 'parental_enabled': false 'safebrowsing_enabled': false 'safebrowsing_cache_size': 1048576 'safesearch_cache_size': 1048576 'parental_cache_size': 1048576 'safe_search': 'enabled': false 'bing': true 'duckduckgo': true 'google': true 'pixabay': true 'yandex': true 'youtube': true 'rewrites': [] 'blocked_services': 'schedule': 'time_zone': 'Local' 'ids': [] 'protection_enabled': true, 'blocking_mode': 'custom_ip', 'blocking_ipv4': '1.2.3.4', 'blocking_ipv6': '1:2:3::4', 'blocked_response_ttl': 10, 'protection_disabled_until': 'null', 'parental_block_host': 'p.dns.adguard.com', 'safebrowsing_block_host': 's.dns.adguard.com' # AFTER: 'filtering': 'filtering_enabled': true 'filters_update_interval': 24 'parental_enabled': false 'safebrowsing_enabled': false 'safebrowsing_cache_size': 1048576 'safesearch_cache_size': 1048576 'parental_cache_size': 1048576 'safe_search': 'enabled': false 'bing': true 'duckduckgo': true 'google': true 'pixabay': true 'yandex': true 'youtube': true 'rewrites': [] 'blocked_services': 'schedule': 'time_zone': 'Local' 'ids': [] 'protection_enabled': true, 'blocking_mode': 'custom_ip', 'blocking_ipv4': '1.2.3.4', 'blocking_ipv6': '1:2:3::4', 'blocked_response_ttl': 10, 'protection_disabled_until': 'null', 'parental_block_host': 'p.dns.adguard.com', 'safebrowsing_block_host': 's.dns.adguard.com',
To rollback this change, remove the new object
filtering
, set back filtering properties indns
section, and change theschema_version
back to25
.
Fixed
AdGuard Home v0.107.37
The summer has come and gone, leaving behind a decent harvest of long-awaited features and improvements, with a side order of bug fixesΒ :grapes:!
Service blocking pause schedule
Users can now easily set pauses for the service blocking filter. For example, you can block social networks throughout the day, but allow yourself 30 minutes after work.
While this feature has been in internal development for several months, in this release we are glad to finally present it in the web UI.
Fallback servers
Another long-awaited feature is the fallback servers, which are used when the main upstream DNS servers cannot be reached.
The syntax there is the same as for the main upstream input, so you can set different fallback servers for different domains.
Upstream statistics
Another feature related to DNS upstreams is the new upstream statistics shown on the dashboard.
These allow users to see which upstreams are faster than others, as well as which upstreams are being used the most.
Acknowledgements
A special thanks to our open-source contributor, @ssrahul96, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!
Full changelog
See also the v0.107.37 GitHub milestone.
Security
- Go version has been updated to prevent the possibility of exploiting the CVE-2023-39318, CVE-2023-39319, and CVE-2023-39320 Go vulnerabilities fixed in Go 1.20.8.
Added
-
AdBlock-style syntax support for ignored domains in logs and statistics (#5720).
-
Strict-Transport-Security
header in the HTTP API and DNS-over-HTTPS responses when HTTPS is forced (#2998). See RFC 6797. -
UI for the schedule of the service-blocking pause (#951).
-
IPv6 hints are now filtered in case IPv6 addresses resolving is disabled (#6122).
-
The ability to set fallback DNS servers in the configuration file and the UI (#3701).
-
While adding or updating blocklists, the title can now be parsed from
! Title:
definition of the blocklist's source (#6020). -
The ability to filter DNS HTTPS records including IPv4 and IPv6 hints (#6053).
-
Two new metrics showing total number of responses from each upstream DNS server and their average processing time in the Web UI (#1453).
-
The ability to set the port for the
pprof
debug API, see configuration changes below.
Changed
-
$dnsrewrite
rules containing IPv4-mapped IPv6 addresses are now working consistently with legacy DNS rewrites and match theAAAA
requests. -
For non-A and non-AAAA requests, which has been filtered, the NODATA response is returned if the blocking mode isn't set to
Null IP
. In previous versions it returned NXDOMAIN response in such cases.
Configuration Changes
In this release, the schema version has changed from 24 to 27.
-
Ignore rules blocking
.
inquerylog.ignored
andstatistics.ignored
have been migrated to AdBlock syntax (|.^
). To rollback this change, restore the rules and change theschema_version
back to26
. -
Filtering-related settings have been moved from
dns
section of the YAML configuration file to the new sectionfiltering
:# BEFORE: 'dns': 'filtering_enabled': true 'filters_update_interval': 24 'parental_enabled': false 'safebrowsing_enabled': false 'safebrowsing_cache_size': 1048576 'safesearch_cache_size': 1048576 'parental_cache_size': 1048576 'safe_search': 'enabled': false 'bing': true 'duckduckgo': true 'google': true 'pixabay': true 'yandex': true 'youtube': true 'rewrites': [] 'blocked_services': 'schedule': 'time_zone': 'Local' 'ids': [] 'protection_enabled': true, 'blocking_mode': 'custom_ip', 'blocking_ipv4': '1.2.3.4', 'blocking_ipv6': '1:2:3::4', 'blocked_response_ttl': 10, 'protection_disabled_until': 'null', 'parental_block_host': 'p.dns.adguard.com', 'safebrowsing_block_host': 's.dns.adguard.com' # AFTER: 'filtering': 'filtering_enabled': true 'filters_update_interval': 24 'parental_enabled': false 'safebrowsing_enabled': false 'safebrowsing_cache_size': 1048576 'safesearch_cache_size': 1048576 'parental_cache_size': 1048576 'safe_search': 'enabled': false 'bing': true 'duckduckgo': true 'google': true 'pixabay': true 'yandex': true 'youtube': true 'rewrites': [] 'blocked_services': 'schedule': 'time_zone': 'Local' 'ids': [] 'protection_enabled': true, 'blocking_mode': 'custom_ip', 'blocking_ipv4': '1.2.3.4', 'blocking_ipv6': '1:2:3::4', 'blocked_response_ttl': 10, 'protection_disabled_until': 'null', 'parental_block_host': 'p.dns.adguard.com', 'safebrowsing_block_host': 's.dns.adguard.com',
To rollback this change, remove the new object
filtering
, set back filtering properties indns
section, and change theschema_version
back to25
. -
Property
debug_pprof
which used to setup profiling HTTP handler, is now moved to the newpprof
object underhttp
section. The new object contains propertiesenabled
andport
:# BEFORE: 'debug_pprof': true # AFTER: 'http': 'pprof': 'enabled': true 'port': 6060
Note that the new default
6060
is used as default. To rollback this change, remove the new objectpprof
, set backdebug_pprof
, and change theschema_version
back to24
.
Fixed
-
Incorrect display date on statistics graph (#5793).
-
Missing query log entries and statistics on service restart (#6100).
-
Occasional DNS-over-QUIC and DNS-over-HTTP/3 errors (#6133).
-
Legacy DNS rewrites containing IPv4-mapped IPv6 addresses are now matching the
AAAA
requests, notA
(#6050). -
File log configuration, such as
max_size
, being ignored (#6093). -
Panic on using a single-slash filtering rule.
-
Panic on shutting down while DNS requests are in process of filtering (#5948).
AdGuard Home v0.108.0-b.44
Changes compared to the previous beta, v0.108.0-b.43. See CHANGELOG.md for all changes.
Full changelog
Added
-
IPv6 hints are now filtered in case IPv6 addresses resolving is disabled (#6122).
-
The ability to set fallback DNS servers in the configuration file (#3701).
-
While adding or updating blocklists, the title can now be parsed from
! Title:
definition of the blocklist's source (#6020). -
The ability to filter DNS HTTPS records including IPv4/v6 hints (#6053).
-
Two new metrics showing total number of responses from each upstream DNS server and their average processing time in the Web UI (#1453).
Changed
-
$dnsrewrite
rules containing IPv4-mapped IPv6 addresses are now working consistently with legacy DNS rewrites and match theAAAA
requests. -
For non-A and non-AAAA requests, which has been filtered, the NODATA response is returned if the blocking mode isn't set to
Null IP
. In previous versions it returned NXDOMAIN response in such cases.
Fixed
-
Occasional DNS-over-QUIC and DNS-over-HTTP/3 errors (#6133).
-
Legacy DNS rewrites containing IPv4-mapped IPv6 addresses are now matching the
AAAA
requests, notA
(#6050). -
File log configuration, such as
max_size
, being ignored (#6093). -
Panic on using a single-slash filtering rule.
-
Panic on shutting down while DNS requests are in process of filtering (#5948).
AdGuard Home v0.108.0-b.43
Changes compared to the previous beta, v0.108.0-b.42. See CHANGELOG.md for all changes.
Full changelog
Security
- Go version has been updated to prevent the possibility of exploiting the CVE-2023-29409 Go vulnerability fixed in Go 1.20.7.
Changed
- Improved reliability filtering-rule list updates on Unix systems.
Configuration Changes
In this release, the schema version has changed from 24 to 25.
-
Property
debug_pprof
which used to setup profiling HTTP handler, is now moved to the newpprof
object underhttp
section. The new object contains propertiesenabled
andport
:# BEFORE: 'debug_pprof': true # AFTER: 'http': 'pprof': 'enabled': true 'port': 6060
Note that the new default
6060
is used as default. To rollback this change, remove the new objectpprof
, set backdebug_pprof
, and change theschema_version
back to24
.
Deprecated
- Go 1.20 support. Future versions will require at least Go 1.21 to build.
Fixed
-
Inability to block queries for the root domain, such as
NS .
queries, using the Disallowed domains feature on the DNS settings page (#6049). Users who want to block.
queries should use the|.^
AdBlock rule or a similar regular expression. -
Client hostnames not resolving when upstream server responds with zero-TTL records (#6046).
AdGuard Home v0.107.36
A small bugfix and security release. We are working on new features in future releases.
Full changelog
See also the v0.107.36 GitHub milestone.
Security
- Go version has been updated to prevent the possibility of exploiting the CVE-2023-29409 Go vulnerability fixed in Go 1.20.7.
Deprecated
- Go 1.20 support. Future versions will require at least Go 1.21 to build.
Fixed
-
Inability to block queries for the root domain, such as
NS .
queries, using the Disallowed domains feature on the DNS settings page (#6049). Users who want to block.
queries should use the|.^
AdBlock rule or a similar regular expression. -
Client hostnames not resolving when upstream server responds with zero-TTL records (#6046).
AdGuard Home v0.107.35
In the previous release, we optimized the filtering-rule list updates, achieving up to three times speedup in some cases. However, the new algorithm proved to be too strict, so in this release we have relaxed its validations while maintaining the optimization for more typical filtering-rule listsΒ :racing_car:.
As always, there are other minor bug fixes in this release as well.
Full changelog
See also the v0.107.35 GitHub milestone.
Changed
- Improved reliability filtering-rule list updates on Unix systems.
Fixed
-
Occasional client information lookup failures that could lead to the DNS server getting stuck (#6006).
-
bufio.Scanner: token too long
and other errors when trying to add filtering-rule lists with lines over 1024 bytes long or containing cosmetic rules (#6003).
Removed
- Default exposure of the non-standard ports 784 and 8853 for DNS-over-QUIC in the
Dockerfile
.
AdGuard Home v0.108.0-b.42
Changes compared to the previous beta, v0.108.0-b.41. See CHANGELOG.md for all changes.
Full changelog
Fixed
- Occasional client information lookup failures that could lead to the DNS server getting stuck (#6006).
bufio.Scanner: token too long
and other errors when trying to add filtering-rule lists with lines over 1024 bytes long or containing cosmetic rules (#6003).
Removed
- Default exposure of the non-standard ports 784 and 8853 for DNS-over-QUIC in the
Dockerfile
.
AdGuard Home v0.108.0-b.41
Changes compared to the previous beta, v0.108.0-b.40. See CHANGELOG.md for all changes.
Full changelog
Security
- Go version has been updated to prevent the possibility of exploiting the CVE-2023-29406 Go vulnerability fixed in Go 1.19.11.
Added
- Ability to ignore queries for the root domain, such as
NS .
queries (#5990).
AdGuard Home v0.107.34
This release improves the security of AdGuard Home and fixes a few larger issues.
Safe Browsing and CPU spikes
Back in June we released a security update to AdGuard Home with a few bugfixes. Ironically, it brought about another bug. Safe Browsing and Parental Control weren't working properly since then, which in some cases led to lowered performance, random crashes, and huge CPU spikes.
It took us an entire month to get to the bottom of this, and it certainly would have taken even longer if not for the awesome community members: @bigwookie, @TheCableGuy99, and others. It turned out that βThe Big Bugβ was, in fact, three smaller bugs in a trenchcoat. And they were all mercilessly dealt with in this update.
Docker HEALTHCHECK
Docker users should note that the Docker HEALTHCHECK
mechanism has been removed, since it was causing a lot of issues, especially when used with Podman and other popular Docker tools.
Acknowledgements
A special thanks to our open-source contributor, @Jiraiya8, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!
Full changelog
See also the v0.107.34 GitHub milestone.
Security
- Go version has been updated to prevent the possibility of exploiting the CVE-2023-29406 Go vulnerability fixed in Go 1.19.11.
Added
- Ability to ignore queries for the root domain, such as
NS .
queries (#5990).
Changed
- Improved CPU and RAM consumption during updates of filtering-rule lists.
Configuration Changes
In this release, the schema version has changed from 23 to 24.
-
Properties starting with
log_
, andverbose
property, which used to set up logging are now moved to the new objectlog
containing new propertiesfile
,max_backups
,max_size
,max_age
,compress
,local_time
, andverbose
:# BEFORE: 'log_file': "" 'log_max_backups': 0 'log_max_size': 100 'log_max_age': 3 'log_compress': false 'log_localtime': false 'verbose': false # AFTER: 'log': 'file': "" 'max_backups': 0 'max_size': 100 'max_age': 3 'compress': false 'local_time': false 'verbose': false
To rollback this change, remove the new object
log
, set backlog_
andverbose
properties and change theschema_version
back to23
.
Deprecated
- Default exposure of the non-standard ports 784 and 8853 for DNS-over-QUIC in the
Dockerfile
.
Fixed
-
Two unspecified IPs when a host is blocked in two filter lists (#5972).
-
Incorrect setting of Parental Control cache size.
-
Excessive RAM and CPU consumption by Safe Browsing and Parental Control filters (#5896).
Removed
-
The
HEALTHCHECK
section and the use oftini
in theENTRYPOINT
section inDockerfile
(#5939). They caused a lot of issues, especially with tools likedocker-compose
andpodman
.NOTE: Some Docker tools may cache
ENTRYPOINT
andHEALTHCHECK
sections, so some users may be required to backup their configuration, stop the container, purge the old image, and reload it from scratch.
AdGuard Home v0.108.0-b.40
Changes compared to the previous beta, v0.108.0-b.39. See CHANGELOG.md for all changes.
Full changelog
Changed
- Improved CPU and RAM consumption during updates of filtering-rule lists.
Deprecated
- Default exposure of the non-standard ports 784 and 8853 for DNS-over-QUIC in the
Dockerfile
.
Fixed
-
Two unspecified IPs when a host is blocked in two filter lists (#5972).
-
Incorrect setting of Parental Control cache size.
-
Excessive RAM and CPU consumption by Safe Browsing and Parental Control filters (#5896).
Removed
-
The
HEALTHCHECK
section and the use oftini
in theENTRYPOINT
section inDockerfile
(#5939). They caused a lot of issues, especially with tools likedocker-compose
andpodman
.NOTE: Some Docker tools may cache
ENTRYPOINT
sections, so some users may be required to backup their configuration, stop the container, purge the old image, and reload it from scratch.