Releases: SagerNet/sing-box
1.11.0-alpha.2
58feb8e
nekohasekai
δΈη
π Release Notes
- Add warnings for usage of deprecated features
- Fixes and improvements
1.11.0-alpha.1
ea70360
nekohasekai
δΈη
π Release Notes
- Update quic-go to v0.48.0
- Fixes and improvements
1.10.1
b80ec55
nekohasekai
δΈη
π Release Notes
- Fixes and improvements
1.10.0
137832f
nekohasekai
δΈη
π Release Notes
Important changes since 1.9:
- Introducing auto-redirect 1
- Add AdGuard DNS Filter support 2
- TUN address fields are merged 3
- Add custom options for
auto-routeandauto-redirect4 - Drop support for go1.18 and go1.19 5
- Add tailing comma support in JSON configuration
- Improve sniffers 6
- Add new
inlinerule-set type 7 - Add access control options for Clash API 8
- Add
rule_set_ip_cidr_accept_emptyDNS address filter rule item 9 - Add auto reload support for local rule-set
- Update fsnotify usages 10
- Add IP address support for
rule-set matchcommand - Add
rule-set decompilecommand - Add
process_path_regexrule item - Update uTLS to v1.6.7 11
- Optimize memory usages of rule-sets 12
1:
The new auto-redirect feature allows TUN to automatically configure connection redirection to improve proxy performance.
When auto-redirect is enabled, new route address set options will allow you to automatically configure destination IP CIDR rules from a specified rule set to the firewall.
Specified or unspecified destinations will bypass the sing-box routes to get better performance (for example, keep hardware offloading of direct traffics on the router).
See TUN.
2:
The new feature allows you to use AdGuard DNS Filter lists in a sing-box without AdGuard Home.
See AdGuard DNS Filter.
3:
See Migration.
4:
See iproute2_table_index, iproute2_rule_index, auto_redirect_input_mark and auto_redirect_output_mark.
5:
Due to maintenance difficulties, sing-box 1.10.0 requires at least Go 1.20 to compile.
6:
BitTorrent, DTLS, RDP, SSH sniffers are added.
Now the QUIC sniffer can correctly extract the server name from Chromium requests and can identify common QUIC clients, including Chromium, Safari, Firefox, quic-go (including uquic disguised as Chrome).
7:
The new rule-set type inline (which also becomes the default type) allows you to write headless rules directly without creating a rule-set file.
8:
With the new access control options, not only can you allow Clash dashboards to access the Clash API on your local network, you can also manually limit the websites that can access the API instead of allowing everyone.
See Clash API.
9:
See DNS Rule.
10:
sing-box now uses fsnotify correctly and will not cancel watching if the target file is deleted or recreated via rename (e.g. mv).
This affects all path options that support reload, including tls.certificate_path, tls.key_path, tls.ech.key_path and rule_set.path.
11:
Some legacy chrome fingerprints have been removed and will fallback to chrome, see utls.
12:
See Source Format.
1.10.0-rc.1
7e2231f
nekohasekai
δΈη
π Release Notes
- Fixes and improvements
1.10.0-beta.12
e68a9e6
nekohasekai
δΈη
π Release Notes
- Fixes and improvements
1.9.7
a06d10c
nekohasekai
δΈη
π Release Notes
- Fixes and improvements
1.10.0-beta.11
19295f6
nekohasekai
δΈη
π Release Notes
- Update uTLS to v1.6.7 1
1:
Some legacy chrome fingerprints have been removed and will fallback to chrome, see utls.
1.10.0-beta.10
2e19141
nekohasekai
δΈη
π Release Notes
- Add
process_path_regexrule item - Fixes and improvements
The macOS standalone versions of sing-box (>=1.9.5/<1.10.0-beta.11) now silently fail and require manual granting of the Full Disk Access permission to system extension to start, probably due to Apple's changed security policy. We will prompt users about this in feature versions.
1.9.6
e586d9e
nekohasekai
δΈη
π Release Notes
- Fixes and improvements
The macOS standalone versions of sing-box (>=1.9.5/<1.10.0-beta.11) now silently fail and require manual granting of the Full Disk Access permission to system extension to start, probably due to Apple's changed security policy. We will prompt users about this in feature versions.