What's Changed
- 188372c feat: add
tls.ech-keyforexternal-controller-tlsby @wwqgtxx - 5cf0f18 feat: reality add
support-x25519mlkem768, it only works with new version server by @wwqgtxx - a1350d4 feat: add
ech-keyfor listeners by @wwqgtxx - c6d7ef8 feat: add
ech-optsfor anytls/shadowsocks/trojan/vmess/vless outbound by @wwqgtxx - dc958e6 feat: add
ech-optsfor hysteria/hysteria2/tuic outbound by @wwqgtxx - Other incompatible updates are the same as v1.19.6~v1.19.8:
- For security reasons, all paths appearing in the configuration file will be limited to workdir (regardless of whether they are relative or absolute). If there is a specific need, please specify additional safe paths by setting the
SAFE_PATHSenvironment variable while ensuring safety. The syntax of this environment variable is the same as the PATH environment variable parsing rules of this operating system (i.e., semicolon-separated under Windows and colon-separated under other systems)- For security reasons, the "path" parameter of
/configsin the restful api has been restricted, and its directory also needs to be in workdir orSAFE_PATHS.- In addition, support for specifying
routing-markandinterface-nameforproxy-groupshas been removed. Please specify the relevant parameters inproxiesdirectly.- Note: The workdir mentioned above is specified by the
-dparameter when the program is started or theCLASH_HOME_DIRenvironment variable. If neither of the above is specified, the default is:
- on Unix systems,
$HOME/.config/mihomo.- on Windows,
%USERPROFILE%/.config/mihomo.
BUG & Fix
- 41b57af fix: grpc deadline implement by @wwqgtxx
- 608ddb1 fix:
external-ui-namemust in local by @wwqgtxx - 90ed01e fix: backoff not reset when the file unchanged by @wwqgtxx
- bb8c47d fix: error typo by @wwqgtxx
- c489c52 fix: hysteria2 hop ports init #2056 by @wwqgtxx
- d036d98 fix: http server does not handle http2 logic correctly by @wwqgtxx
- d5a0390 fix: race in close grpc transport by @wwqgtxx
- d900c71 fix: shadowtls v2 not work with X25519MLKEM768 by @wwqgtxx
- f91a586 fix: inline proxy provider's healthcheck not work by @wwqgtxx
Maintenance
- 1672750 chore: simplifying the old fingerprint processing method by @wwqgtxx
- 257fead docs: update config.yaml follow 5cf0f18 by @wwqgtxx
- 83213d4 chore: adjust min backoff from 1s to 10s by @wwqgtxx
- 8a5f3b8 chore: simplify port hop costs by @wwqgtxx
- 8f92b1d chore: simplify the single root decompression process by @wwqgtxx
- 9f7a2a3 chore: unpack externalUI in a separate temporary directory to avoid malicious compressed packages from polluting workdir by @wwqgtxx
- a934791 chore: stricter path checking when unpacking zip/tgz by @wwqgtxx
- ed42c4f chore: disallow symlink in unzip by @wwqgtxx
- fd959fe chore: update dependencies by @wwqgtxx
Full Changelog: v1.19.8...v1.19.9