Recent Releases
0.107.5429 Nov 2024 00:45
minor bugfix:
See also the v0.107.54 GitHub milestone ms-v0.107.54 .
Security:
Incorrect handling of sensitive files permissions on Windows ().
Changed:
Improved filtering performance ().
:
Repetitive statistics log messages ().
Custom client cache ().
Missing runtime clients with information from the system hosts file on first
AdGuard Home start ().
https://github.com/AdguardTeam/AdGuardHome//6818.
https://github.com/AdguardTeam/AdGuardHome//7250.
https://github.com/AdguardTeam/AdGuardHome//7314.
https://github.com/AdguardTeam/AdGuardHome//7315.
https://github.com/AdguardTeam/AdGuardHome//7338.
ms-v0.107.54 : https://github.com/AdguardTeam/AdGuardHome/milestone/89?=1.
0.107.5326 Nov 2024 04:45
minor feature:
See also the v0.107.53 GitHub milestone ms-v0.107.53 .
Security:
Previous versions of AdGuard Home allowed users to add any system file it had
access to as filters, exposing them to be world-readable. To prevent this,
AdGuard Home now allows adding filtering-rule list files only from files
matching the patterns enumerated in the `filtering.safe_fs_patterns` property
in the configuration file.
We thank @itz-d0dgy for reporting this vulnerability, designated
CVE-2024-36814, to us.
Additionally, AdGuard Home will now try to change the permissions of its files
and directories to more restrictive ones to prevent similar vulnerabilities
as well as limit the access to the configuration.
We thank @go-compile for reporting this vulnerability, designated
CVE-2024-36586, to us.
Go version has been updated to prevent the possibility of exploiting the Go
vulnerabilities in 1.23.2 go-1.23.2 .
Added:
Support for 64-bit RISC-V architecture ().
Ecosia search engine is now supported in safe search ().
Changed:
Upstream server URL domain names requirements has been relaxed and now follow
the same rules as their domain specifications.
Configuration changes:
In this release, the schema version has changed from 28 to 29.
The new array `filtering.safe_fs_patterns` contains glob patterns for paths of
files that can be added as local filtering-rule lists. The migration should
add list files that have already been added, as well as the default value.
` DATA_DIR/userfilters/*`.
:
Property `clients.runtime_sources.dhcp` in the configuration file not taking
effect.
Stale Google safe search domains list ().
Bing safe search from Edge sidebar ().
Text overflow on the query log page ().
Known :
Due to the complexity of the Windows permissions architecture and poor support
from the standard Go library, we have to postpone the proper automated Windows
until the next release.
Temporary workaround: Set the permissions of the `AdGuardHome` directory
to more
0.107.5206 Jul 2024 03:15
minor feature:
See also the v0.107.52 GitHub milestone ms-v0.107.52 .
Security:
Go version has been updated to prevent the possibility of exploiting the Go
vulnerabilities in Go 1.22.5 go-1.22.5 .
Added:
The ability to disable logging using the new `log.enabled` configuration
property ().
Changed:
Frontend rewritten in TypeScript.
The `systemd`-based service now uses `journal` for logging by default. It
also doesn't create the `/var/log/` directory anymore ().
NOTE: With an installed service for changes to take effect, you need to
reinstall the service using `-r` flag of the install script install-script
or via the CLI (with root privileges):
``sh.
./AdGuardHome -s stop.
./AdGuardHome -s uninstall.
./AdGuardHome -s install.
./AdGuardHome -s start.
``.
Don't forget to backup your configuration file and other important data before
reinstalling the service.
Deprecated:
Node 18 support, Node 20 will be required in future releases.
:
Panic caused by missing user-specific blocked services object in configuration
file ().
Tracking `/etc/hosts` file changes causing panics within particular
filesystems on start ().
https://github.com/AdguardTeam/AdGuardHome//7053.
https://github.com/AdguardTeam/AdGuardHome//7069.
https://github.com/AdguardTeam/AdGuardHome//7076.
https://github.com/AdguardTeam/AdGuardHome//7079.
go-1.22.5 : https://groups.google.com/g/golang-announce/c/gyb7aM1C9H4.
install-script : https://github.com/AdguardTeam/AdGuardHome/?tab=readme-ov-file#automated-install-linux-and-mac.
ms-v0.107.52 : https://github.com/AdguardTeam/AdGuardHome/milestone/87?=1.
0.107.5107 Jun 2024 09:45
minor security:
See also the v0.107.51 GitHub milestone ms-v0.107.51 .
Security:
Go version has been updated to prevent the possibility of exploiting the Go
vulnerabilities in Go 1.22.4 go-1.22.4 .
Changed:
The HTTP server's write timeout has been increased from 1 minute to 5 minutes
to match the one used by AdGuard Home's HTTP client to fetch filtering-list
data ().
https://github.com/AdguardTeam/AdGuardHome//7041.
go-1.22.4 : https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/.
ms-v0.107.51 : https://github.com/AdguardTeam/AdGuardHome/milestone/86?=1.
0.107.5027 May 2024 03:15
minor bugfix:
See also the v0.107.50 GitHub milestone ms-v0.107.50 .
:
Broken private reverse DNS upstream servers validation causing update failures.
().
https://github.com/AdguardTeam/AdGuardHome//7013.
ms-v0.107.50 : https://github.com/AdguardTeam/AdGuardHome/milestone/85?=1.
0.107.4923 May 2024 08:45
minor feature:
See also the v0.107.49 GitHub milestone ms-v0.107.49 .
Security:
Go version has been updated to prevent the possibility of exploiting the Go
vulnerabilities in Go 1.22.3 go-1.22.3 .
Added:
Support for comments in the ipset file ().
Changed:
Private rDNS resolution now also affects `SOA` and `NS` requests ().
Rewrite rules mechanics were changed due to improved resolving in safe search.
Deprecated:
Currently, AdGuard Home skips persistent clients that have duplicate fields
when reading them from the configuration file. This behaviour is deprecated
and will cause errors on startup in a future release.
:
Acceptance of duplicate UIDs for persistent clients at startup. See also the
section on client settings on the Wiki page wiki-config .
Domain specifications for top-level domains not considered for requests to
unqualified domains ().
Support for link-local subnets, i.e. `fe80::/16`, as client identifiers.
().
with QUIC and HTTP/3 upstreams on older Linux kernel versions.
().
YouTube restricted mode is not enforced by HTTPS queries on Firefox.
Support for link-local subnets, i.e. `fe80::/16`, in the access settings.
().
The ability to apply an invalid configuration for private rDNS, which led to
server not starting.
Ignoring query log for clients with ClientID set ().
Subdomains of `in-addr.arpa` and `ip6.arpa` containing zero-length pre incorrectly considered invalid when specified for private rDNS upstream
servers ().
Unspecified IP addresses aren't checked when using "Fastest IP address" mode.
().
https://github.com/AdguardTeam/AdGuardHome//5345.
https://github.com/AdguardTeam/AdGuardHome//5812.
https://github.com/AdguardTeam/AdGuardHome//6192.
https://github.com/AdguardTeam/AdGuardHome//6312.
https://github.com/AdguardTeam/AdGuardHome//6422.
https://github.com/AdguardTeam/AdGuardHome//6744.
https://github.com/AdguardTeam/AdGuardHome//6854.
https://github.com/AdguardTeam/AdGuardHome//6875.
https://github.com/AdguardTe
0.107.4806 Apr 2024 15:25
minor bugfix:
See also the v0.107.48 GitHub milestone ms-v0.107.48 .
:
Access settings not being applied to encrypted protocols ().
https://github.com/AdguardTeam/AdGuardHome//6890.
ms-v0.107.48 : https://github.com/AdguardTeam/AdGuardHome/milestone/83?=1.
0.107.4621 Mar 2024 03:15
minor feature:
See also the v0.107.46 GitHub milestone ms-v0.107.46 .
Added:
Ability to disable the use of system hosts file information for query
resolution ().
Ability to define custom directories for storage of query log files and
statistics ().
Changed:
Private rDNS resolution (`dns.use_private_ptr_resolvers` in YAML
configuration) now requires a valid "Private reverse DNS servers", when
enabled ().
NOTE: Disabling private rDNS resolution behaves effectively the same as if
no private reverse DNS servers provided by user and by the OS.
:
Statistics for 7 days displayed by day on the dashboard graph ().
Missing "served from cache" label on long DNS server strings ().
Incorrect tracking of the system hosts file's changes ().
https://github.com/AdguardTeam/AdGuardHome//5992.
https://github.com/AdguardTeam/AdGuardHome//6610.
https://github.com/AdguardTeam/AdGuardHome//6711.
https://github.com/AdguardTeam/AdGuardHome//6712.
https://github.com/AdguardTeam/AdGuardHome//6740.
https://github.com/AdguardTeam/AdGuardHome//6820.
ms-v0.107.46 : https://github.com/AdguardTeam/AdGuardHome/milestone/81?=1.
0.107.4506 Mar 2024 20:49
minor feature:
### Added
- Timezones in the Etc/ area to the timezone list ( #6568 ).
- The schema version of the configuration file to the output of running `AdGuardHome` (or `AdGuardHome.exe`) with `-v --version` command-line options ( #6545 ).
- Ability to disable plain-DNS serving via UI if an encrypted protocol is already used ( #1660 ).
### Changed
- The bootstrapped upstream addresses are now updated according to the TTL of the bootstrap DNS response ( #6321 ).
- Logging level of timeout errors is now `error` instead of `debug` ( #6574 ).
- The field `"upstream_mode"` in `POST /control/dns_config` and
`GET /control/dns_info` HTTP APIs now accepts `load_balance` value. Check `openapi/CHANGELOG.md` for more details.