Releases: SagerNet/sing-box
1.11.0-alpha.9
π Release Notes
- Improve tun compatibility 1
- Fixes and improvements
1:
When gvisor
tun stack is enabled, even if the request passes routing, if the outbound connection establishment fails, the connection still does not need to be established and a TCP RST is replied.
1.11.0-alpha.8
π Release Notes
- Fixes and improvements
1.11.0-alpha.7
π Release Notes
- Introducing rule actions 1
1:
New rule actions replace legacy inbound fields and special outbound fields, and can be used for pre-matching 2.
See Rule, Rule Action, DNS Rule and DNS Rule Action.
For migration, see Migrate legacy special outbounds to rule actions, Migrate legacy inbound fields to rule actions and Migrate legacy DNS route options to rule actions.
2:
Similar to Surge's pre-matching.
Specifically, the new rule actions allow you to reject connections with TCP RST (for TCP connections) and ICMP port unreachable (for UDP packets) before connection established to improve tun's compatibility.
See Rule Action.
1.11.0-alpha.6
π Release Notes
- Update quic-go to v0.48.1
- Set gateway for tun correctly
- Fixes and improvements
1.11.0-alpha.5
π Release Notes
- Fixes and improvements
1.11.0-alpha.4
π Release Notes
- Fixes and improvements
1.11.0-alpha.2
π Release Notes
- Add warnings for usage of deprecated features
- Fixes and improvements
1.11.0-alpha.1
π Release Notes
- Update quic-go to v0.48.0
- Fixes and improvements
1.10.1
π Release Notes
- Fixes and improvements
1.10.0
π Release Notes
Important changes since 1.9:
- Introducing auto-redirect 1
- Add AdGuard DNS Filter support 2
- TUN address fields are merged 3
- Add custom options for
auto-route
andauto-redirect
4 - Drop support for go1.18 and go1.19 5
- Add tailing comma support in JSON configuration
- Improve sniffers 6
- Add new
inline
rule-set type 7 - Add access control options for Clash API 8
- Add
rule_set_ip_cidr_accept_empty
DNS address filter rule item 9 - Add auto reload support for local rule-set
- Update fsnotify usages 10
- Add IP address support for
rule-set match
command - Add
rule-set decompile
command - Add
process_path_regex
rule item - Update uTLS to v1.6.7 11
- Optimize memory usages of rule-sets 12
1:
The new auto-redirect feature allows TUN to automatically configure connection redirection to improve proxy performance.
When auto-redirect is enabled, new route address set options will allow you to automatically configure destination IP CIDR rules from a specified rule set to the firewall.
Specified or unspecified destinations will bypass the sing-box routes to get better performance (for example, keep hardware offloading of direct traffics on the router).
See TUN.
2:
The new feature allows you to use AdGuard DNS Filter lists in a sing-box without AdGuard Home.
See AdGuard DNS Filter.
3:
See Migration.
4:
See iproute2_table_index, iproute2_rule_index, auto_redirect_input_mark and auto_redirect_output_mark.
5:
Due to maintenance difficulties, sing-box 1.10.0 requires at least Go 1.20 to compile.
6:
BitTorrent, DTLS, RDP, SSH sniffers are added.
Now the QUIC sniffer can correctly extract the server name from Chromium requests and can identify common QUIC clients, including Chromium, Safari, Firefox, quic-go (including uquic disguised as Chrome).
7:
The new rule-set type inline (which also becomes the default type) allows you to write headless rules directly without creating a rule-set file.
8:
With the new access control options, not only can you allow Clash dashboards to access the Clash API on your local network, you can also manually limit the websites that can access the API instead of allowing everyone.
See Clash API.
9:
See DNS Rule.
10:
sing-box now uses fsnotify correctly and will not cancel watching if the target file is deleted or recreated via rename (e.g. mv
).
This affects all path options that support reload, including tls.certificate_path
, tls.key_path
, tls.ech.key_path
and rule_set.path
.
11:
Some legacy chrome fingerprints have been removed and will fallback to chrome, see utls.
12:
See Source Format.