github dyhkwong/Exclave hysteria-plugin-2.6.4
on GitHub

latest releases: tuic-plugin-1.6.5, tuic-plugin-1.6.4, tuic-plugin-1.6.3...
one month ago

  • ⚠️This release contains a security fix for pinSHA256, which is also a behavior change. Everyone is strongly encouraged to upgrade.

    Security fix & behavior change: tls.pinSHA256 now matches only the fingerprint of the leaf certificate, instead of any certificate in the chain. This change mitigates MITM risks in cases where insecure=true by preventing 1) user accidentally pinning a CA certificate, which would allow any certificate issued by that CA to be accepted, and 2) attacker constructing a forged certificate chain by combining their own leaf certificate with the user server's certificate.

    See https://github.com/apernet/hysteria/releases/tag/app%2Fv2.6.4 for details.

  • Please be aware that although github.com/apernet/hysteria/app/v2 claims that it is licensed under the MIT License, some GPL libraries are imported:

    • github.com/apernet/sing-tun (GPL v3 or later), which is a fork of github.com/sagernet/sing-tun (GPL v3 or later)
    • github.com/sagernet/sing (GPL v3 or later)
      A common statement is that they got a "license exception" from the author of sing and sing-tun.

    We will remove published Hysteria 2 plugin APKs if we do not actually have the license to redistribute Hysteria 2 binaries.

Check out latest releases or
releases around dyhkwong/Exclave hysteria-plugin-2.6.4

Don't miss a new Exclave release

NewReleases is sending notifications on new releases.

Get notifications