XTLS/Xray-core v25.3.6

Xray-core v25.3.6

on GitHub

XHTTP: Beyond REALITY #4113 & MITM-Domain-Fronting

距离上次写 release notes 已过了近三个月，在此期间 XHTTP 积累了大量的改进与修复，其中感知最明显的是逐步将 HTTP request header 的 path padding 迁移至了 Referer header 以避免产生过长的日志（由 @rPDmYQ 提出），以及逐步修复了 stream-up 通过 CF 时连接 100 秒后被掐断的问题，请查看 commit history 及第四版 XHTTP: Beyond REALITY。

另一项重点开发的功能是 MITM-Domain-Fronting：

• 比如现在你可以用 Xray 对浏览器发出的 TLS MITM 并强制域前置，以实现无代理服务器直连一些被 GFW 封锁的网站。
• Xray 内置 DNS 也加了 h2c:// 以搭配 freedom 出站实现内置 DoH 域前置，它正好可以绕过近期 GFW 对 DoH 的封锁。并且 Xray 内置 DoH 现在均默认使用 Chrome 指纹、加了 header padding。
• @patterniha 分享出了适用于伊朗的完整 serverless 配置，包括 TCP/TLS fragment 和 UDP noises：Serverless-for-Iran。Please join the official Xray Iranian group https://t.me/projectXhttp for more information.

请支持一个 REALITY NFT：https://opensea.io/assets/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/2

如果你有余力，请支持一个 Project X NFT：https://opensea.io/assets/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/1

Xray 接下来的重心转向 Vision Seed & VLESS Encryption，Windows Tun & GUI Client，以及 ECH 和 REALITY 抗量子更新。

最低 Go 版本要求已升至 Go 1.24+，@KobeArthurScofield 正在维护 https://github.com/XTLS/go-win7 以继续支持 Win7。

What's Changed

• XHTTP XMUX: Fix OpenUsage never gets reduced by @RPRX in 1410b63
• XHTTP client: Make H3 httptrace work on v2rayNG by @RPRX in 53b04d5
• XHTTP client: Merge Open* into OpenStream(), and more by @RPRX in db934f0
• DNS: Always use a DNS Message ID of 0 for DoH and DoQ by @maoxikun @dyhkwong in #4193
• chore: use errors.New to replace fmt.Errorf with no parameters by @RiceChuan in #4204
• Core: Add mutex to injection resolution by @yuhan6665 in #4206
• Dokodemo TPROXY: Interrupt UDP download if upload timeouts by @RPRX in a8559a1
• XHTTP XMUX: Increase the default value for cMaxReuseTimes by @RPRX in ff4331a
• XHTTP XMUX: cMaxLifetimeMs -> hMaxReusableSecs, Refactor default values by @RPRX in 4ce65fc
• Sockopt config: Add penetrate for XHTTP U-D-S, Remove tcpNoDelay by @RPRX in 369d894
• Inbounds config: Add mixed as an alias of socks by @RPRX in 5af9068
• Build: Use patched newer Go version to build Windows 7 assets by @KobeArthurScofield in #4192
• Upgrade quic-go to patched v0.48.2 by @RPRX in 8a6a538
• Config: Correctly marshal Int32Range to JSON by @yiguous in #4234
• Freedom config: Fix noises delay by @GFW-knocker in #4233
• Workflows: Trigger all Build & Test on all branches & files by @RPRX in dd4ba82
• Freedom noises: Change legacy variable name by @Fangliding in #4238
• Freedom noises: Support "hex" as type & packet by @GFW-knocker @RPRX in #4239
• Freedom noises: Support RawURLEncoding for "base64" by @RPRX in 2f52aa7
• Upgrade gVisor to a newer version by @hossinasaadi in #3903
• Build: Update GeoIP/GeoSite Cache per hour by @KobeArthurScofield in #4247
• XHTTP XMUX: Abandon client if client.Do(req) failed by @RPRX in #4253
• Freedom: Don't use rawConn copy when using utls by @Fangliding in #4272
• chore: fix struct field name in comment by @dashangcun in #4284
• Commands: Fix dumping merged config for XHTTP by @vrnobody in #4290
• Mixed inbound: Handle immediately closing connection gracefully by @rPDmYQ @RPRX in #4297
• XHTTP client: Move x_padding into Referer header by @rPDmYQ in #4298
• DNS: Implement queryStrategy for "localhost" by @Fangliding in #4303
• XHTTP server: Add scStreamUpServerSecs, enabled by default by @RPRX in #4306
• DNS DoH: Add h2c Remote mode (with TLS serverNameToVerify) by @RPRX in 2522cfd
• RAW: Allow setting ALPN http/1.1 for non-REALITY uTLS by @RPRX in 740a6b0
• Log: Add microseconds for all kinds of logs by @RPRX in 5679d71
• UDS: Keep valid source addr by @Fangliding in #4325
• Upgrade quic-go to official v0.49.0 by @RPRX in a7a8362
• README.md: Add xray-checker to Xray Tools by @kutovoys in #4319
• XTLS Vision: Use separate uplink/downlink flag for direct copy by @yuhan6665 in #4329
• XHTTP client: Add back minimal path padding for compatibility by @RPRX in efdc70f
• Commands: Fix ambiguous printing of private x25519 key by @auvred in #4343
• README.md: Add Project XHTTP (Persian) to Telegram by @RPRX in 480c7d7
• MITM: Allow forwarding local negotiated ALPN http/1.1 to the real website by @RPRX in 9b78411
• MITM: Allow using local received SNI in the outgoing serverName & verifyPeerCertInNames by @RPRX in c6a31f4
• Log: Add microseconds for golang's standard logger by @RPRX in 527caa3
• MITM freedom RAW TLS: Report website with unexpected Negotiated Protocol / invalid Domain Fronting certificate by @RPRX in 117de1f
• API: Add user IPs and access times tracking by @mr1cloud in #4360
• Chore: Make some Maps into real Sets by @arturmelanchyk in #4362
• README.md: Add XrayUI to Asuswrt-Merlin clients by @DanielLavrushin in #4355
• Geofiles: Switch to Loyalsoldier's v2ray-rules-dat by @RPRX in c81d8e4
• Workflows: Reduce Geodata update frequency by @KobeArthurScofield in #4369
• MITM freedom RAW TLS: Allow "fromMitm" to be written at any position in verifyPeerCertInNames, Add checking for alpn "fromMitm" by @RPRX in d4c7cd0
• DNS DoH h2c Remote: Add verifyPeerCertInNames "fromMitm" support by @RPRX in 613c63b
• Commands: Use ".crt" & ".key" suffixes when generating TLS certificates by @RPRX in 925a985
• XHTTP server: Finish stream-up's HTTP POST when its request.Body is closed by @RPRX in dcd7e92
• Workflows: Fix Actions' manual dispatch for assets update by @KobeArthurScofield in #4378
• Config: Correctly marshal PortList and NameServerConfig to JSON by @yiguous in #4386
• UDS: Make all remote addr 0.0.0.0 by @Fangliding @RPRX in #4390
• Build: End of the easily mistaken 'Makefile' by @KobeArthurScofield @RPRX in #4395
• API: Improve cli usage descriptions by @billzhong in #4401
• XTLS: More separate uplink/downlink flags for splice copy by @yuhan6665 in #4407
• XHTTP server: Set remoteAddr & localAddr correctly by @RPRX in 8cb63db
• XHTTP client: Revert "Add back minimal path padding for compatibility" by @RPRX in c5de08b
• Metrics: Add direct listen by @Fangliding in #4409
• UDS: Use UnixListenerWrapper & UnixConnWrapper by @Fangliding @RPRX in #4413
• XHTTP server: Fix stream-up "single POST problem", Use united httpServerConn instead of recover() by @RPRX in b786a50
• Outbound: Add outbound sendThrough origin behavior by @lastrise in #4349
• Use Go 1.24 by @RPRX in ce2384c
• Chore: Fix tests by @Fangliding in #4440
• XHTTP server: Switch to Go 1.24 native h2c support by @yin1999 in #4451
• TLS fingerprints: Refine "random" & "randomized", Add "randomizednoalpn" by @RPRX in 8d46f7e
• Sockopt: Add addressPortStrategy (query SRV or TXT) by @j3l11234 @Fangliding in #4416
• DNS DoH: Use Chrome's fingerprint & keepAlivePeriod, Add header padding by default by @RPRX in e466b04
• REALITY config: Add password as an alias of publicKey by @RPRX in dde0a4f
• Mux server: Clone the session.Content attached on ctx as well by @RPRX in 16eee1b
• README.md: Add Happ to iOS clients by @mangustyura in #4465

以及升级一些依赖，使用 Go 1.24.1 进行编译。

New Contributors

• @maoxikun made their first contribution in #4193
• @RiceChuan made their first contribution in #4204
• @GFW-knocker made their first contribution in #4233
• @dashangcun made their first contribution in #4284
• @rPDmYQ made their first contribution in #4297
• @kutovoys made their first contribution in #4319
• @auvred made their first contribution in #4343
• @arturmelanchyk made their first contribution in #4362
• @DanielLavrushin made their first contribution in #4355
• @billzhong made their first contribution in #4401
• @lastrise made their first contribution in #4349
• @j3l11234 made their first contribution in #4416
• @mangustyura made their first contribution in #4465

Full Changelog: v24.12.18...v25.3.6