The quality of a product is not defined solely by code or developers’ technical prowess. A strong community—or the lack of one—can often make or break how successful a piece of software will be. We are very lucky to have such a devoted and passionate community around AdGuard Home. This update has once again demonstrated this, as we were able to quickly address a vulnerability reported by one of our community members.
Acknowledgments
A special thanks to @djnnvx for reporting the vulnerability, our community moderators team and to everyone who filed and inspected issues, added translations, and helped us test this release!
Full changelog
See also the v0.107.77 GitHub milestone.
Security
-
Authorization in GLiNET mode is no longer vulnerable to path traversal attacks.
NOTE: This is CVE-2026-41448. We thank @djnnvx for reporting this security issue.
Added
- New
reasonquery parameter inGET /control/querylog. Seeopenapi/openapi.yamlfor the full description.
Deprecated
- Query parameter
response_statusinGET /control/querylogis now deprecated. Use newreasonquery parameter instead.