AdGuard Home - Package Updates

girish

[1.3.3]

• Update AdGuard Home to 0.106.3
• Full changelog
• Support for DHCP DECLINE and RELEASE message types (#3053).

girish

[1.4.0]

• Update AdGuard Home to 0.107.0
• Full changelog
• RFC 9000 support In DNS-over-QUIC
• DNS-over-HTTPS queries now use the real IP address of the client instead of the address of the proxy (#2799)
• Optimistic DNS cache
• Query log search now supports internationalized domains

nebulon

[1.4.1]

• Update AdGuard Home to 0.107.2
• Full changelog
• Infinite loops when TCP connections time out (#4042).
• The validation error message for duplicated allow- and blocklists in DNS settings now shows the duplicated elements (#3975).
• ipset initialization bugs (#4027).
• Legacy DNS rewrites from a wildcard pattern to a subdomain (#4016).
• Service not being stopped before running the uninstall service action (#3868).
• Legacy DNS rewrites responding from upstream when a request other than A or AAAA is received (#4008).
• Panic on port availability check during installation (#3987).
• Incorrect application of rules from the OS's hosts files (#3998).

nebulon

[1.4.2]

• Update AdGuard Home to 0.107.3
• Full changelog
• Support for a $dnsrewrite modifier with an empty NOERROR response (#4133).
• Wrong set of ports checked for duplicates during the initial setup (#4095).
• Incorrectly invalidated service domains (#4120).
• Poor testing of domain-specific upstream servers (#4074).
• Omitted aliases of hosts specified by another line within the OS's hosts file (#4079).

girish

[1.4.3]

• Update AdGuard Home to 0.107.4
• Full changelog
• Go version was updated to prevent the possibility of exploiting the CVE-2022-23806, CVE-2022-23772, and CVE-2022-23773 vulnerabilities.
• Minor UI improvements.
• Optimistic cache now responds with expired items even if those can't be resolved again (#4254).
• Unnecessarily complex hosts-related logic leading to infinite recursion in some cases (#4216).

nebulon

[1.4.4]

• Update AdGuard Home to 0.107.5
• Full changelog
• Go version was updated to prevent the possibility of exploiting the CVE-2022-24921 vulnerability. As the CVE page is still showing “reserved” at the time of publishing, see also golang/go#51112.

girish

[1.4.5]

• Update AdGuard Home to 0.107.6
• Full changelog
• Go version was updated to prevent the possibility of exploiting the CVE-2022-24675, CVE-2022-27536, and CVE-2022-28327 vulnerabilities.
• Support for SVCB/HTTPS parameter dohpath in filtering rules with the dnsrewrite modifier according to the RFC draft (#4463).
• Filtering rules with the dnsrewrite modifier that create SVCB or HTTPS responses should use ech instead of echconfig to conform with the latest drafts.

girish

[1.4.6]

• DoH: Remove isrg-root-x1-cross-signed from the cert chain

ApplegateR

@girish about time hopefully it work on my side.

nebulon

[1.4.7]

• Update AdGuard Home to 0.107.7
• Full changelog
• DNS-over-QUIC: RFC 9250
• More Control Over Upstreams
• Users now have more control over how runtime client information is gathered, including the ability to completely disable this feature.
• The EDNS Client Subnet information from clients' requests is now shown on the Query log page.
• As usual, we strive to keep our tools up-to-date in order to make sure that our users don't fall prey to vulnerabilities.
• There are many more smaller changes and fixes; just look at the full changelog below!

nebulon

[1.4.8]

• Update AdGuard Home to 0.107.8
• Full changelog
• Go version was updated to prevent the possibility of exploiting the CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, and other Go vulnerabilities fixed in Go 1.17.12.
• DHCP lease validation incorrectly letting users assign the IP address of the gateway as the address of the lease (#4698).
• Updater no longer expects a hardcoded name for AdGuardHome executable (#4219).
• Inconsistent names of runtime clients from hosts files (#4683).
• PTR requests for addresses leased by DHCP will now be resolved into hostnames under dhcp.local_domain_name (#4699).
• Broken service installation on OpenWrt (#4677).

nebulon

[1.4.9]

• Update AdGuard Home to 0.107.9
• Full changelog
• Go version was updated to prevent the possibility of exploiting the CVE-2022-32189 Go vulnerability fixed in Go 1.18.5. Go 1.17 support has also been removed, as it has reached end of life and will not receive security updates.
• Domain-specific upstream servers test. If such test fails, a warning message is shown (#4517).
• UI and update links have been changed to make them more resistant to DNS blocking.
• Several UI issues (#4775, #4776, #4782).

nebulon

[1.4.10]

• Update AdGuard Home to 0.107.10
• Full changelog
• Arabic localization.
• Support for Discovery of Designated Resolvers (DDR) according to the RFC draft (#4463).
• DHCP not working on most OSs (#4836).
• invalid argument errors during update checks on older Linux kernels (#4670).
• Data races and concurrent map access in statistics module (#4358, #4342).

nebulon

[1.4.11]

• Update AdGuard Home to 0.107.11
• Full changelog
• Bilibili service blocking (#4795).
• DNS-over-QUIC connections now use keepalive.
• Migrations from releases older than v0.107.7 failing (#4846).

girish

[1.5.0]

• Update AdGuard Home to 0.108.0
• Full changelog
• New bool, dur, u8, and u16 DHCP options to provide more convenience on options control by setting values in a human-readable format (#4705). See also a Wiki page.
• New del DHCP option which removes the corresponding option from server's response (#4337). See also a Wiki page.
• A new HTTP API, GET /control/blocked_services/services, that lists all available blocked services (#4535).
• The DHCP options handling is now closer to the RFC 2131 (#4705).
• When the DHCP server is enabled, queries for domain names under dhcp.local_domain_name not pointing to real DHCP client hostnames are now processed by filters (#4865).
• The DHCPREQUEST handling is now closer to the RFC 2131 (#4863).
• The internal DNS client, used to resolve hostnames of external clients and also during automatic updates, now respects the upstream mode settings for the main DNS client (#4403).

girish

[1.5.1]

• Update AdGuard Home to 0.108.0-b.15
• Full changelog
• The minimum DHCP message size is reassigned back to BOOTP's constraint of 300 bytes (#4904).
• Panic when adding a static lease within the disabled DHCP server (#4722).

girish

[1.5.2]

• Update AdGuard Home to 0.108.0-b.17
• Full changelog
• Security: As an additional CSRF protection measure, AdGuard Home now ensures that requests that change its state but have no body (such as POST /control/stats_reset requests) do not have a Content-Type header set on them

nebulon

[1.5.3]

• Update AdGuard Home to 0.108.0-b.18
• Full changelog
• Go version has been updated to prevent the possibility of exploiting the CVE-2022-2879, CVE-2022-2880, and CVE-2022-41715 Go vulnerabilities fixed in Go 1.18.7.
• The ability to put ClientIDs into DNS-over-HTTPS hostnames as opposed to URL paths (#3418). Note that AdGuard Home checks the server name only if the URL does not contain a ClientID.

girish

[1.5.4]

• Update AdGuard Home to 0.108.0-b.19
• Full changelog
  The new optional tls.override_tls_ciphers property, which allows overriding TLS ciphers used by AdGuard Home (#4925, #4990).
• The ability to serve DNS on link-local IPv6 addresses (#2926).

girish

[1.5.5]

• Update AdGuard Home to 0.108.0-b.20
• Full changelog
• The warning message when adding a certificate having no IP addresses (#4898).
• Several new blockable services (#3972). Those will now be more in sync with the services that are already blockable in AdGuard DNS.
• A new HTTP API, GET /control/blocked_services/all, that lists all available blocked services and their data, such as SVG icons (#3972).
• The ability to put ClientIDs into DNS-over-HTTPS hostnames as opposed to URL paths (#3418). Note that AdGuard Home checks the server name only if the URL does not contain a ClientID.