AdGuard Home - Package Updates

girish

This topic is to track AdGuard Home package updates.

Please open issues in a separate topic instead of replying here.

girish

[0.4.0]

• Update AdGuard Home to 0.104.3

girish

[1.0.0]

• Initial stable version

girish

[1.0.1]

• Decrease query log retention to 7 days

girish

[1.1.0]

• Update AdGuard Home to 0.105.0
• Full changelog
• Client ID support for DNS-over-HTTPS, DNS-over-QUIC, and DNS-over-TLS
• Added more services to the "Blocked services" list (#2224, #2401).
• The host checking API and the query logs API can now return multiple matched rules (#2102).
• HTTP API request body size limit (#2305).

girish

[1.1.1]

• Update AdGuard Home to 0.105.1
• Full changelog

girish

[1.2.0]

• Add DoT support (only with Cloudron 6.2)

girish

[1.2.1]

• Update AdGuar Home to 0.105.2
• Full changelog
• Security: Session token doesn't contain user's information anymore
• Incomplete hostnames with trailing zero-bytes handling (#2582).
• Wrong DNS-over-TLS ALPN configuration (#2681).
• Inconsistent responses for messages with EDNS0 and AD when DNS caching is enabled (#2600).

girish

[1.2.2]

• fix bug where tls cert and key path were not set in the config file

girish

[1.3.0]

• Update AdGuardHome to 0.106.0
• Full changelog
• ability to set up custom upstreams to resolve PTR queries for local addresses and to disable the automatic resolving of clients' addresses
• Search by clients' names in the query log
• The ability to block user for login after configurable number of unsuccessful attempts for configurable time (#2826).
• $denyallow modifier for filters (#2923).
• Hostname uniqueness validation in the DHCP server (#2952).
• Hostname generating for DHCP clients which don't provide their own (#2723).

girish

[1.3.1]

• Update AdGuardHome to 0.106.1
• Full changelog
• Local domain name handling when the DHCP server is disabled (#3028).
• Normalization of perviously-saved invalid static DHCP leases (#3027).
• Validation of IPv6 addresses with zones in system resolvers (#3022).

girish

[1.3.2]

• Update AdGuard Home to 0.106.2
• Full changelog
• Uniqueness validation for dynamic DHCP leases (#3056).

girish

[1.3.3]

• Update AdGuard Home to 0.106.3
• Full changelog
• Support for DHCP DECLINE and RELEASE message types (#3053).

girish

[1.4.0]

• Update AdGuard Home to 0.107.0
• Full changelog
• RFC 9000 support In DNS-over-QUIC
• DNS-over-HTTPS queries now use the real IP address of the client instead of the address of the proxy (#2799)
• Optimistic DNS cache
• Query log search now supports internationalized domains

nebulon

[1.4.1]

• Update AdGuard Home to 0.107.2
• Full changelog
• Infinite loops when TCP connections time out (#4042).
• The validation error message for duplicated allow- and blocklists in DNS settings now shows the duplicated elements (#3975).
• ipset initialization bugs (#4027).
• Legacy DNS rewrites from a wildcard pattern to a subdomain (#4016).
• Service not being stopped before running the uninstall service action (#3868).
• Legacy DNS rewrites responding from upstream when a request other than A or AAAA is received (#4008).
• Panic on port availability check during installation (#3987).
• Incorrect application of rules from the OS's hosts files (#3998).

nebulon

[1.4.2]

• Update AdGuard Home to 0.107.3
• Full changelog
• Support for a $dnsrewrite modifier with an empty NOERROR response (#4133).
• Wrong set of ports checked for duplicates during the initial setup (#4095).
• Incorrectly invalidated service domains (#4120).
• Poor testing of domain-specific upstream servers (#4074).
• Omitted aliases of hosts specified by another line within the OS's hosts file (#4079).

girish

[1.4.3]

• Update AdGuard Home to 0.107.4
• Full changelog
• Go version was updated to prevent the possibility of exploiting the CVE-2022-23806, CVE-2022-23772, and CVE-2022-23773 vulnerabilities.
• Minor UI improvements.
• Optimistic cache now responds with expired items even if those can't be resolved again (#4254).
• Unnecessarily complex hosts-related logic leading to infinite recursion in some cases (#4216).

nebulon

[1.4.4]

• Update AdGuard Home to 0.107.5
• Full changelog
• Go version was updated to prevent the possibility of exploiting the CVE-2022-24921 vulnerability. As the CVE page is still showing “reserved” at the time of publishing, see also golang/go#51112.

girish

[1.4.5]

• Update AdGuard Home to 0.107.6
• Full changelog
• Go version was updated to prevent the possibility of exploiting the CVE-2022-24675, CVE-2022-27536, and CVE-2022-28327 vulnerabilities.
• Support for SVCB/HTTPS parameter dohpath in filtering rules with the dnsrewrite modifier according to the RFC draft (#4463).
• Filtering rules with the dnsrewrite modifier that create SVCB or HTTPS responses should use ech instead of echconfig to conform with the latest drafts.

girish

[1.4.6]

• DoH: Remove isrg-root-x1-cross-signed from the cert chain

ApplegateR

@girish about time hopefully it work on my side.

nebulon

[1.4.7]

• Update AdGuard Home to 0.107.7
• Full changelog
• DNS-over-QUIC: RFC 9250
• More Control Over Upstreams
• Users now have more control over how runtime client information is gathered, including the ability to completely disable this feature.
• The EDNS Client Subnet information from clients' requests is now shown on the Query log page.
• As usual, we strive to keep our tools up-to-date in order to make sure that our users don't fall prey to vulnerabilities.
• There are many more smaller changes and fixes; just look at the full changelog below!

nebulon

[1.4.8]

• Update AdGuard Home to 0.107.8
• Full changelog
• Go version was updated to prevent the possibility of exploiting the CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, and other Go vulnerabilities fixed in Go 1.17.12.
• DHCP lease validation incorrectly letting users assign the IP address of the gateway as the address of the lease (#4698).
• Updater no longer expects a hardcoded name for AdGuardHome executable (#4219).
• Inconsistent names of runtime clients from hosts files (#4683).
• PTR requests for addresses leased by DHCP will now be resolved into hostnames under dhcp.local_domain_name (#4699).
• Broken service installation on OpenWrt (#4677).

nebulon

[1.4.9]

• Update AdGuard Home to 0.107.9
• Full changelog
• Go version was updated to prevent the possibility of exploiting the CVE-2022-32189 Go vulnerability fixed in Go 1.18.5. Go 1.17 support has also been removed, as it has reached end of life and will not receive security updates.
• Domain-specific upstream servers test. If such test fails, a warning message is shown (#4517).
• UI and update links have been changed to make them more resistant to DNS blocking.
• Several UI issues (#4775, #4776, #4782).

nebulon

[1.4.10]

• Update AdGuard Home to 0.107.10
• Full changelog
• Arabic localization.
• Support for Discovery of Designated Resolvers (DDR) according to the RFC draft (#4463).
• DHCP not working on most OSs (#4836).
• invalid argument errors during update checks on older Linux kernels (#4670).
• Data races and concurrent map access in statistics module (#4358, #4342).

nebulon

[1.4.11]

• Update AdGuard Home to 0.107.11
• Full changelog
• Bilibili service blocking (#4795).
• DNS-over-QUIC connections now use keepalive.
• Migrations from releases older than v0.107.7 failing (#4846).

girish

[1.5.0]

• Update AdGuard Home to 0.108.0
• Full changelog
• New bool, dur, u8, and u16 DHCP options to provide more convenience on options control by setting values in a human-readable format (#4705). See also a Wiki page.
• New del DHCP option which removes the corresponding option from server's response (#4337). See also a Wiki page.
• A new HTTP API, GET /control/blocked_services/services, that lists all available blocked services (#4535).
• The DHCP options handling is now closer to the RFC 2131 (#4705).
• When the DHCP server is enabled, queries for domain names under dhcp.local_domain_name not pointing to real DHCP client hostnames are now processed by filters (#4865).
• The DHCPREQUEST handling is now closer to the RFC 2131 (#4863).
• The internal DNS client, used to resolve hostnames of external clients and also during automatic updates, now respects the upstream mode settings for the main DNS client (#4403).

girish

[1.5.1]

• Update AdGuard Home to 0.108.0-b.15
• Full changelog
• The minimum DHCP message size is reassigned back to BOOTP's constraint of 300 bytes (#4904).
• Panic when adding a static lease within the disabled DHCP server (#4722).

girish

[1.5.2]

• Update AdGuard Home to 0.108.0-b.17
• Full changelog
• Security: As an additional CSRF protection measure, AdGuard Home now ensures that requests that change its state but have no body (such as POST /control/stats_reset requests) do not have a Content-Type header set on them

nebulon

[1.5.3]

• Update AdGuard Home to 0.108.0-b.18
• Full changelog
• Go version has been updated to prevent the possibility of exploiting the CVE-2022-2879, CVE-2022-2880, and CVE-2022-41715 Go vulnerabilities fixed in Go 1.18.7.
• The ability to put ClientIDs into DNS-over-HTTPS hostnames as opposed to URL paths (#3418). Note that AdGuard Home checks the server name only if the URL does not contain a ClientID.

girish

[1.5.4]

• Update AdGuard Home to 0.108.0-b.19
• Full changelog
  The new optional tls.override_tls_ciphers property, which allows overriding TLS ciphers used by AdGuard Home (#4925, #4990).
• The ability to serve DNS on link-local IPv6 addresses (#2926).

girish

[1.5.5]

• Update AdGuard Home to 0.108.0-b.20
• Full changelog
• The warning message when adding a certificate having no IP addresses (#4898).
• Several new blockable services (#3972). Those will now be more in sync with the services that are already blockable in AdGuard DNS.
• A new HTTP API, GET /control/blocked_services/all, that lists all available blocked services and their data, such as SVG icons (#3972).
• The ability to put ClientIDs into DNS-over-HTTPS hostnames as opposed to URL paths (#3418). Note that AdGuard Home checks the server name only if the URL does not contain a ClientID.

nebulon

[1.5.6]

• Update AdGuard home to 0.108.0-b.21
• Full changelog
• Crash on some systems when domains from system hosts files are processed (#5089).

nebulon

[1.5.7]

• Update AdGuard Home to 0.108.0-b.22
• Full changelog

girish

[1.5.8]

• Update AdGuard Home to 0.108.0-b.23
• Full changelog

nebulon

[1.5.9]

• Update AdGuard Home to 0.108.0-b.24
• Full changelog
• The URLs of the default filters for new installations are synchronized to those introduced in v0.107.20 (#5238).
• Errors popping up during updates of settings, which could sometimes cause the server to stop responding (#5251).

nebulon

[1.5.10]

• Update AdGuard Home to 0.108.0-b.25
• Full changelog

nebulon

[1.5.11]

• Update AdGuard Home to 0.108.0-b.26
• Full changelog
  Added
• DNS64 support (#5117). The function may be enabled with new use_dns64 field under dns object in the configuration along with dns64_prefixes, the set of exclusion prefixes to filter AAAA responses. The Well-Known Prefix (64:ff9b::/96) is used if no custom prefixes are specified.
• Filtering rules with * as the hostname not working properly (#5245).
• Various dark theme bugs (#5375).

nebulon

[1.5.12]

• Update AdGuard Home to 0.108.0-b.27
• Full changelog

girish

[1.5.13]

• Update AdGuard Home to 0.108.0-b.28
• Full changelog

girish

[1.6.0]

• Add ClientID support with DoH

girish

[1.7.0]

• Add ClientID support with DoT

girish

[1.7.1]

• Update AdGuard Home to 0.108.0-b.29
• Full changelog
• The ability to use dnstype rules in the disallowed domains list (#5468). This allows dropping requests based on their question types.
• Various dark theme bugs (#5439, #5441, #5442, #5515).
• Automatic update on MIPS64 and little-endian 32-bit MIPS architectures (#5270, #5373).

girish

[1.7.2]

• Update AdGuard Home to 0.108.0-b.30
• Full changelog
• The ability to set custom IP for EDNS Client Subnet by using the new dns.edns_client_subnet.use_custom and dns.edns_client_subnet.custom_ip fields (#1472). The UI changes are coming in the upcoming releases.
• In this release, the schema version has changed from 16 to 17. Check the full changelog for details.

girish

[1.7.3]

• Update AdGuard Home to 0.108.0-b.31
• Full changelog
• The new HTTP API POST /control/protection, that updates protection state and adds an optional pause duration (#1333). The format of request body is described in openapi/openapi.yaml. The duration of this pause could also be set with the config field protection_disabled_until in dns section of the YAML configuration file.
• The ability to create a static DHCP lease from a dynamic one more easily (#3459).
• Two new HTTP APIs, PUT /control/stats/config/update and GET control/stats/config, which can be used to set and receive the query log configuration. See openapi/openapi.yaml for the full description.
• Two new HTTP APIs, PUT /control/querylog/config/update and GET control/querylog/config, which can be used to set and receive the statistics configuration. See openapi/openapi.yaml for the full description.
• The ability to set custom IP for EDNS Client Subnet by using the DNS-server configuration section on the DNS settings page in the UI (#1472).
• The ability to manage safesearch for each service by using the new safe_search field (#1163).
• ARPA domain names containing a subnet within private networks now also considered private, behaving closer to RFC 6761 (#5567).