This update gives AdGuard Home a solid security upgrade — think of it as tightening the locks and double-checking the doors.
We’ve fixed a critical vulnerability affecting DNS-over-QUIC and DNS-over-HTTPS that could put your DNS privacy at risk. The gap is now closed, and your encrypted traffic is back to traveling through a properly armored tunnel.
We also updated Go to the latest version, sweeping out known vulnerabilities in its libraries.
Acknowledgments
A special thanks to @N0zoM1z0 for reporting the vulnerability, our community moderators team and to everyone who filed and inspected issues, added translations, and helped us test this release!
Full changelog
See also the v0.107.75 GitHub milestone.
Security
-
Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.26.3.
-
IDs of requests received over DoH and DoQ and forwarded to plain-DNS upstreams are now set to non-zero values to improve security.
This is GHSA-xgx4-4h9w-53pv. We thank @N0zoM1z0 for reporting this security issue.
Changed
-
Frontend API requests no longer depend on axios.
-
Dashboard charts use Recharts instead of Nivo.
-
enable_dnssecindnsconfiguration now defines whether the proxy should set the DO flag in the upstream requests, the default istrue(#7046).
Fixed
-
Statistics database deadlock (#8359).
-
Translated labels on the DNS settings pages not updating after changing the UI language.
-
Dashboard charts now correctly display lower query counts (#6823).
-
Redundant validation warnings about DHCP when it's disabled (#8348).
-
Safe Browsing and Parental Control labels on the General Settings page not updating after changing the UI language.