Compared to 0.17.46-beta.3:
- Fix a vulnerability where TrustTunnel
ServerNameToVerifydoes not verify the certificate when uTLS is used. (ExclaveNetwork/exclave-core@0b4abfb) - Fix balancer landing proxy and front proxy. (#433)
- Fix system stack URL test when the server address is a domain name.
Compared to 0.17.45:
- Fix a vulnerability where TrustTunnel
ServerNameToVerifydoes not verify the certificate when uTLS is used. (ExclaveNetwork/exclave-core@0b4abfb) - Fix balancer landing proxy and front proxy. (#433)
- Fix system stack URL test when the server address is a domain name.
- Update mieru to 3.34.0 and add padding traffic pattern.
- Breaking change: Remove ShadowTLS and reverse proxy.
- Bump target SDK to 37. 123
- Fix system stack TCP NAT source port reuse. (SagerNet/sing-box#4224)
- Workaround system stack TCP listener returns "invalid argument" on user switch. (#427)
- Third-party breaking change: KCP share link. (XTLS/Xray-core@aba2272 and XTLS/Xray-core@ad2e4cb)
- Third-party breaking change: XHTTP session ID. (XTLS/Xray-core@e10347b)
Footnotes
-
Android 17 blocks cross-profile loopback traffic for all apps, breaking cross-profile localhost proxy. Unfortunately, it seems there is no way to restore access completely.
INTERACT_ACROSS_USERSpermission is declared so that cross-profile loopback traffic access between Exclave (not applicable to cross-application) can be restored. This permission needs to be granted via ADB. (#430) ↩ -
Android 17 blocks apps targeting Android 17 from accessing the LAN, unless
ACCESS_LOCAL_NETWORKis granted. To restore access, you need to grant the "nearby devices" permission to the app. ↩ -
System stack requires a TCP listener accepting incoming connections to private addresses and therefore requires the
ACCESS_LOCAL_NETWORKpermission on Android 17. You need to grant the "nearby devices" permission to the app to use system stack on Android 17. ↩