AdGuard Home - Package Updates

girish

[1.1.1]

Update AdGuard Home to 0.105.1
Full changelog

girish

[1.2.0]

Add DoT support (only with Cloudron 6.2)

girish

[1.2.1]

Update AdGuar Home to 0.105.2
Full changelog
Security: Session token doesn't contain user's information anymore
Incomplete hostnames with trailing zero-bytes handling (#2582).
Wrong DNS-over-TLS ALPN configuration (#2681).
Inconsistent responses for messages with EDNS0 and AD when DNS caching is enabled (#2600).

girish

[1.2.2]

fix bug where tls cert and key path were not set in the config file

girish

[1.3.0]

Update AdGuardHome to 0.106.0
Full changelog
ability to set up custom upstreams to resolve PTR queries for local addresses and to disable the automatic resolving of clients' addresses
Search by clients' names in the query log
The ability to block user for login after configurable number of unsuccessful attempts for configurable time (#2826).
$denyallow modifier for filters (#2923).
Hostname uniqueness validation in the DHCP server (#2952).
Hostname generating for DHCP clients which don't provide their own (#2723).

girish

[1.3.1]

Update AdGuardHome to 0.106.1
Full changelog
Local domain name handling when the DHCP server is disabled (#3028).
Normalization of perviously-saved invalid static DHCP leases (#3027).
Validation of IPv6 addresses with zones in system resolvers (#3022).

girish

[1.3.2]

Update AdGuard Home to 0.106.2
Full changelog
Uniqueness validation for dynamic DHCP leases (#3056).

girish

[1.3.3]

Update AdGuard Home to 0.106.3
Full changelog
Support for DHCP DECLINE and RELEASE message types (#3053).

girish

[1.4.0]

Update AdGuard Home to 0.107.0
Full changelog
RFC 9000 support In DNS-over-QUIC
DNS-over-HTTPS queries now use the real IP address of the client instead of the address of the proxy (#2799)
Optimistic DNS cache
Query log search now supports internationalized domains

nebulon

[1.4.1]

Update AdGuard Home to 0.107.2
Full changelog
Infinite loops when TCP connections time out (#4042).
The validation error message for duplicated allow- and blocklists in DNS settings now shows the duplicated elements (#3975).
ipset initialization bugs (#4027).
Legacy DNS rewrites from a wildcard pattern to a subdomain (#4016).
Service not being stopped before running the uninstall service action (#3868).
Legacy DNS rewrites responding from upstream when a request other than A or AAAA is received (#4008).
Panic on port availability check during installation (#3987).
Incorrect application of rules from the OS's hosts files (#3998).

nebulon

[1.4.2]

Update AdGuard Home to 0.107.3
Full changelog
Support for a $dnsrewrite modifier with an empty NOERROR response (#4133).
Wrong set of ports checked for duplicates during the initial setup (#4095).
Incorrectly invalidated service domains (#4120).
Poor testing of domain-specific upstream servers (#4074).
Omitted aliases of hosts specified by another line within the OS's hosts file (#4079).

girish

[1.4.3]

Update AdGuard Home to 0.107.4
Full changelog
Go version was updated to prevent the possibility of exploiting the CVE-2022-23806, CVE-2022-23772, and CVE-2022-23773 vulnerabilities.
Minor UI improvements.
Optimistic cache now responds with expired items even if those can't be resolved again (#4254).
Unnecessarily complex hosts-related logic leading to infinite recursion in some cases (#4216).

nebulon

[1.4.4]

Update AdGuard Home to 0.107.5
Full changelog
Go version was updated to prevent the possibility of exploiting the CVE-2022-24921 vulnerability. As the CVE page is still showing “reserved” at the time of publishing, see also golang/go#51112.

girish

[1.4.5]

Update AdGuard Home to 0.107.6
Full changelog
Go version was updated to prevent the possibility of exploiting the CVE-2022-24675, CVE-2022-27536, and CVE-2022-28327 vulnerabilities.
Support for SVCB/HTTPS parameter dohpath in filtering rules with the dnsrewrite modifier according to the RFC draft (#4463).
Filtering rules with the dnsrewrite modifier that create SVCB or HTTPS responses should use ech instead of echconfig to conform with the latest drafts.

girish

[1.4.6]

DoH: Remove isrg-root-x1-cross-signed from the cert chain

ApplegateR

@girish about time hopefully it work on my side.

nebulon

[1.4.7]

Update AdGuard Home to 0.107.7
Full changelog
DNS-over-QUIC: RFC 9250
More Control Over Upstreams
Users now have more control over how runtime client information is gathered, including the ability to completely disable this feature.
The EDNS Client Subnet information from clients' requests is now shown on the Query log page.
As usual, we strive to keep our tools up-to-date in order to make sure that our users don't fall prey to vulnerabilities.
There are many more smaller changes and fixes; just look at the full changelog below!

nebulon

[1.4.8]

Update AdGuard Home to 0.107.8
Full changelog
Go version was updated to prevent the possibility of exploiting the CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, and other Go vulnerabilities fixed in Go 1.17.12.
DHCP lease validation incorrectly letting users assign the IP address of the gateway as the address of the lease (#4698).
Updater no longer expects a hardcoded name for AdGuardHome executable (#4219).
Inconsistent names of runtime clients from hosts files (#4683).
PTR requests for addresses leased by DHCP will now be resolved into hostnames under dhcp.local_domain_name (#4699).
Broken service installation on OpenWrt (#4677).

nebulon

[1.4.9]

Update AdGuard Home to 0.107.9
Full changelog
Go version was updated to prevent the possibility of exploiting the CVE-2022-32189 Go vulnerability fixed in Go 1.18.5. Go 1.17 support has also been removed, as it has reached end of life and will not receive security updates.
Domain-specific upstream servers test. If such test fails, a warning message is shown (#4517).
UI and update links have been changed to make them more resistant to DNS blocking.
Several UI issues (#4775, #4776, #4782).

nebulon

[1.4.10]

Update AdGuard Home to 0.107.10
Full changelog
Arabic localization.
Support for Discovery of Designated Resolvers (DDR) according to the RFC draft (#4463).
DHCP not working on most OSs (#4836).
invalid argument errors during update checks on older Linux kernels (#4670).
Data races and concurrent map access in statistics module (#4358, #4342).

nebulon

[1.4.11]

Update AdGuard Home to 0.107.11
Full changelog
Bilibili service blocking (#4795).
DNS-over-QUIC connections now use keepalive.
Migrations from releases older than v0.107.7 failing (#4846).

girish

[1.5.0]

Update AdGuard Home to 0.108.0
Full changelog
New bool, dur, u8, and u16 DHCP options to provide more convenience on options control by setting values in a human-readable format (#4705). See also a Wiki page.
New del DHCP option which removes the corresponding option from server's response (#4337). See also a Wiki page.
A new HTTP API, GET /control/blocked_services/services, that lists all available blocked services (#4535).
The DHCP options handling is now closer to the RFC 2131 (#4705).
When the DHCP server is enabled, queries for domain names under dhcp.local_domain_name not pointing to real DHCP client hostnames are now processed by filters (#4865).
The DHCPREQUEST handling is now closer to the RFC 2131 (#4863).
The internal DNS client, used to resolve hostnames of external clients and also during automatic updates, now respects the upstream mode settings for the main DNS client (#4403).

girish

[1.5.1]

Update AdGuard Home to 0.108.0-b.15
Full changelog
The minimum DHCP message size is reassigned back to BOOTP's constraint of 300 bytes (#4904).
Panic when adding a static lease within the disabled DHCP server (#4722).

girish

[1.5.2]

Update AdGuard Home to 0.108.0-b.17
Full changelog
Security: As an additional CSRF protection measure, AdGuard Home now ensures that requests that change its state but have no body (such as POST /control/stats_reset requests) do not have a Content-Type header set on them

nebulon

[1.5.3]

Update AdGuard Home to 0.108.0-b.18
Full changelog
Go version has been updated to prevent the possibility of exploiting the CVE-2022-2879, CVE-2022-2880, and CVE-2022-41715 Go vulnerabilities fixed in Go 1.18.7.
The ability to put ClientIDs into DNS-over-HTTPS hostnames as opposed to URL paths (#3418). Note that AdGuard Home checks the server name only if the URL does not contain a ClientID.

girish

[1.5.4]

Update AdGuard Home to 0.108.0-b.19
Full changelog
The new optional tls.override_tls_ciphers property, which allows overriding TLS ciphers used by AdGuard Home (#4925, #4990).
The ability to serve DNS on link-local IPv6 addresses (#2926).

girish

[1.5.5]

Update AdGuard Home to 0.108.0-b.20
Full changelog
The warning message when adding a certificate having no IP addresses (#4898).
Several new blockable services (#3972). Those will now be more in sync with the services that are already blockable in AdGuard DNS.
A new HTTP API, GET /control/blocked_services/all, that lists all available blocked services and their data, such as SVG icons (#3972).
The ability to put ClientIDs into DNS-over-HTTPS hostnames as opposed to URL paths (#3418). Note that AdGuard Home checks the server name only if the URL does not contain a ClientID.

nebulon

[1.5.6]

Update AdGuard home to 0.108.0-b.21
Full changelog
Crash on some systems when domains from system hosts files are processed (#5089).

nebulon

[1.5.7]

Update AdGuard Home to 0.108.0-b.22
Full changelog

girish

[1.5.8]

Update AdGuard Home to 0.108.0-b.23
Full changelog

nebulon

[1.5.9]

Update AdGuard Home to 0.108.0-b.24
Full changelog
The URLs of the default filters for new installations are synchronized to those introduced in v0.107.20 (#5238).
Errors popping up during updates of settings, which could sometimes cause the server to stop responding (#5251).

nebulon

[1.5.10]

Update AdGuard Home to 0.108.0-b.25
Full changelog

nebulon

[1.5.11]

Update AdGuard Home to 0.108.0-b.26
Full changelog
Added
DNS64 support (#5117). The function may be enabled with new use_dns64 field under dns object in the configuration along with dns64_prefixes, the set of exclusion prefixes to filter AAAA responses. The Well-Known Prefix (64:ff9b::/96) is used if no custom prefixes are specified.
Filtering rules with * as the hostname not working properly (#5245).
Various dark theme bugs (#5375).

nebulon

[1.5.12]

Update AdGuard Home to 0.108.0-b.27
Full changelog

girish

[1.5.13]

Update AdGuard Home to 0.108.0-b.28
Full changelog

girish

[1.6.0]

Add ClientID support with DoH

girish

[1.7.0]

Add ClientID support with DoT

girish

[1.7.1]

Update AdGuard Home to 0.108.0-b.29
Full changelog
The ability to use dnstype rules in the disallowed domains list (#5468). This allows dropping requests based on their question types.
Various dark theme bugs (#5439, #5441, #5442, #5515).
Automatic update on MIPS64 and little-endian 32-bit MIPS architectures (#5270, #5373).

girish

[1.7.2]

Update AdGuard Home to 0.108.0-b.30
Full changelog
The ability to set custom IP for EDNS Client Subnet by using the new dns.edns_client_subnet.use_custom and dns.edns_client_subnet.custom_ip fields (#1472). The UI changes are coming in the upcoming releases.
In this release, the schema version has changed from 16 to 17. Check the full changelog for details.

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

AdGuard Home - Package Updates