MetaCubeX/mihomo v1.14.2

on GitHub

What's Changed

• fix: skip-cert-verify is true by default by @3andero in #333
• chore: Refine process code by @cubemaze
• chore: adjust the case of Program names and HttpRequest UA by @cubemaze
• Fix: TLS defaults to true for h2/grpc networks by @cubemaze
• refactor: replace experimental.fingerprints with custom-certificates and Change the fingerprint verification logic to SSL pinning by @Skyxim
• fix: ss converter cipher missing by @cubemaze
• fix: config parse error by @Skyxim
• chore: better workflow by @wwqgtxx
• refactor: Implement extended IO by @H1JK
• chore: tuic decrease unneeded copy by @wwqgtxx
• chore: decrease direct depend on the sing package by @wwqgtxx
• fix: addr panic by @wwqgtxx
• adjust: Improve WebSocket mask by @H1JK
• feat: gRPC gun implement extended writer by @H1JK
• chore: Update BBR config by @Larvan2
• fix: tuic server's SetCongestionController by @wwqgtxx
• fix: tuic server's MaxIncomingStreams by @wwqgtxx
• fix: tcpTracker's upload by @wwqgtxx
• chore: new Random TLS KeyPair when empty input by @wwqgtxx
• Fix: Remove EnableProcess from config.go and enable-process from config.yaml. FindProcess is now enabled by default when the rule set contains process-name rules by @Larvan2
• fix: ShadowTLS header use array instead by @H1JK
• feat: better config for sniffer by @Skyxim
• feat: add override-destination for sniffer by @Skyxim
• make ConvertsV2Ray more robust by @ag2s20150909 in #349
• Chore: Decrease the default MaxUdpRelayPacketSize to 1252 to avoid the relay UDP exceeding the size of the QUIC's datagram. ClientMaxOpenStreams now follows the config.yaml option by @Larvan2
• chore: better source address by @Skyxim
• feat: Converter support WS early data parameters by @H1JK
• fix: sub-rule condition don't work by @Skyxim
• chore: better parse udp dns by @Skyxim
• Chore: Add GEO data url configuration by @Larvan2
• Chore: Change default latency test url to HTTPS by @Larvan2
• Chore: Better parsing pure IPv6 UDP DNS by @Larvan2
• chore: better parsing pure UDP DNS by @Larvan2
• feature: geosite-based nameserver policy by @i40e
• chore: restful api display xudp for VLESS and VMess by @cubemaze
• chore: adjust keyword for geosite-based nameserver policy by @cubemaze
• adjust: VLESS enable XUDP by default by @H1JK
• docs(README.md): remove missing image link, mention Yacd-meta by @kunish in #356
• fix: get tlsconfig err not handle, return nil pointer #358 by @tgNotHouse in #360
• feat: Add utls for client's fingerprint. by @Larvan2 in #361
• chore: fix mips atomic panic by @wwqgtxx
• feat: nameserver policy support multiple server by @Skyxim
• fix: Converter Shadowsocks password parse by @H1JK
• chore: override-destination default value is true by @Skyxim
• feat: add global-client-fingerprint by @Larvan2
• fix: sniff domain don't match geosite when override-destination valuE is false by @Skyxim
• chore: do not use extra pointer in UClient by @wwqgtxx
• chore: avoid repeated wrapper by @Skyxim
• fix: tun udp with 4in6 ip by @wwqgtxx
• chore: better bind in windows by @wwqgtxx
• fix: RoundRobin strategy of load balance when called multiple times by @ovear in #390
• feat: introduce a new robust approach to handle tproxy udp by @ovear in #389
• style: run go fmt on every .go file by @kunish in #392
• fix: parsing ipv6 doh error by @Skyxim
• chore: Considering remove GOAMD64=v2 of linux-amd64-compatible by @wwqgtxx
• fix: websocket headroom by @wwqgtxx
• fix: disable header protection in vmess server by @wwqgtxx

Config changes

#  全局TLS指纹,优先低于proxy内的 client-fingerprint
#  可选："chrome","firefox","safari","ios","random","none" options.
#  Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
global-client-fingerprint: chrome

# DNS 分流支持 GeoSite
dns:
    #此处省略部分设置#
  nameserver-policy:
    "geosite:cn": 
      - https://doh.pub/dns-query
      - https://dns.alidns.com/dns-query
      
  nameserver:
  - https://dns.google/dns-query
  - https://dns.cloudflare.com/dns-query
  - https://doh.opendns.com/dns-query
  - https://doh.dns.sb/dns-query

# 嗅探域名 
sniffer:
  enable: false
  ## 对 redir-host 类型识别的流量进行强制嗅探
  ## 如：Tun、Redir 和 TProxy 并 DNS 为 redir-host 皆属于
  # force-dns-mapping: false
  ## 对所有未获取到域名的流量进行强制嗅探
  # parse-pure-ip: false
  # 是否使用嗅探结果作为实际访问，默认 true
  # 全局配置，优先级低于 sniffer.sniff 实际配置
  override-destination: false
  sniff:
    # TLS 默认如果不配置 ports 默认嗅探 443
    TLS:
    #  ports: [443, 8443]

    # 默认嗅探 80
    HTTP:
      # 需要嗅探的端口

      ports: [80, 8080-8880]
      # 可覆盖 sniffer.override-destination
      override-destination: true
  force-domain:
    - +.v2ex.com
  ## 对嗅探结果进行跳过
  # skip-domain:
  #   - Mijia Cloud

proxies:
  #此处省略部分设置#
  # vmess
  - name: "vmess"
    type: vmess/vless/trojan
    client-fingerprint: chrome   
    #  可选："chrome","firefox","safari","ios","random","none" options.
    #  Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.

New Contributors

• @kunish made their first contribution in #356
• @tgNotHouse made their first contribution in #360
• @ovear made their first contribution in #390

Full Changelog: v1.14.1...v1.14.2