We are releasing this hotfix to address a recently discovered critical vulnerability that could allow users to bypass authentication and gain full access to AdGuard Home without valid credentials. We strongly recommend updating your AdGuard Home clients immediately.
Acknowledgments
A special thanks to @mandreko for reporting the vulnerability, our community moderators team and to everyone who filed and inspected issues, added translations, and helped us test this release!
Full changelog
See also the v0.107.73 GitHub milestone.
Security
-
Authentication is now applied to requests that have been upgraded from HTTP/2 Cleartext (H2C) requests to public resources.
NOTE: We thank @mandreko for reporting this security issue.