github SagerNet/sing-box v1.10.0
1.10.0
on GitHub

latest releases: v1.11.0-alpha.1, v1.10.1
2 days ago

📝 Release Notes

Important changes since 1.9:

  • Introducing auto-redirect 1
  • Add AdGuard DNS Filter support 2
  • TUN address fields are merged 3
  • Add custom options for auto-route and auto-redirect 4
  • Drop support for go1.18 and go1.19 5
  • Add tailing comma support in JSON configuration
  • Improve sniffers 6
  • Add new inline rule-set type 7
  • Add access control options for Clash API 8
  • Add rule_set_ip_cidr_accept_empty DNS address filter rule item 9
  • Add auto reload support for local rule-set
  • Update fsnotify usages 10
  • Add IP address support for rule-set match command
  • Add rule-set decompile command
  • Add process_path_regex rule item
  • Update uTLS to v1.6.7 11
  • Optimize memory usages of rule-sets 12

1:

The new auto-redirect feature allows TUN to automatically configure connection redirection to improve proxy performance.

When auto-redirect is enabled, new route address set options will allow you to automatically configure destination IP CIDR rules from a specified rule set to the firewall.

Specified or unspecified destinations will bypass the sing-box routes to get better performance (for example, keep hardware offloading of direct traffics on the router).

See TUN.

2:

The new feature allows you to use AdGuard DNS Filter lists in a sing-box without AdGuard Home.

See AdGuard DNS Filter.

3:

See Migration.

4:

See iproute2_table_index, iproute2_rule_index, auto_redirect_input_mark and auto_redirect_output_mark.

5:

Due to maintenance difficulties, sing-box 1.10.0 requires at least Go 1.20 to compile.

6:

BitTorrent, DTLS, RDP, SSH sniffers are added.

Now the QUIC sniffer can correctly extract the server name from Chromium requests and can identify common QUIC clients, including Chromium, Safari, Firefox, quic-go (including uquic disguised as Chrome).

7:

The new rule-set type inline (which also becomes the default type) allows you to write headless rules directly without creating a rule-set file.

8:

With the new access control options, not only can you allow Clash dashboards to access the Clash API on your local network, you can also manually limit the websites that can access the API instead of allowing everyone.

See Clash API.

9:

See DNS Rule.

10:

sing-box now uses fsnotify correctly and will not cancel watching if the target file is deleted or recreated via rename (e.g. mv).

This affects all path options that support reload, including tls.certificate_path, tls.key_path, tls.ech.key_path and rule_set.path.

11:

Some legacy chrome fingerprints have been removed and will fallback to chrome, see utls.

12:

See Source Format.

Check out latest releases or
releases around SagerNet/sing-box v1.10.0

Don't miss a new sing-box release

NewReleases is sending notifications on new releases.

Get notifications