Recent Releases

0.107.5512 Dec 2024 05:25 minor security: See also the v0.107.55 GitHub milestone ms-v0.107.55 . Security: The permission check and migration on Windows has been to use the Windows security model more accurately (). Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities in 1.23.4 go-1.23.4 . The Windows executables are now signed. Added: The `--no-permcheck` command-line option to disable checking and migration of permissions for the security-sensitive files and directories, which caused on Windows (). : Setup guide styles in Firefox. Goroutine leak during the upstream DNS server test (). Goroutine leak during configuration update resulting in increased response time (). https://github.com/AdguardTeam/AdGuardHome//7357. https://github.com/AdguardTeam/AdGuardHome//7400. go-1.23.4 : https://groups.google.com/g/golang-announce/c/3DyiMkYx4Fo. ms-v0.107.55 : https://github.com/AdguardTeam/AdGuardHome/milestone/90?=1.
0.107.5429 Nov 2024 00:45 minor bugfix: See also the v0.107.54 GitHub milestone ms-v0.107.54 . Security: Incorrect handling of sensitive files permissions on Windows (). Changed: Improved filtering performance (). : Repetitive statistics log messages (). Custom client cache (). Missing runtime clients with information from the system hosts file on first AdGuard Home start (). https://github.com/AdguardTeam/AdGuardHome//6818. https://github.com/AdguardTeam/AdGuardHome//7250. https://github.com/AdguardTeam/AdGuardHome//7314. https://github.com/AdguardTeam/AdGuardHome//7315. https://github.com/AdguardTeam/AdGuardHome//7338. ms-v0.107.54 : https://github.com/AdguardTeam/AdGuardHome/milestone/89?=1.
0.107.5326 Nov 2024 04:45 minor feature: See also the v0.107.53 GitHub milestone ms-v0.107.53 . Security: Previous versions of AdGuard Home allowed users to add any system file it had access to as filters, exposing them to be world-readable. To prevent this, AdGuard Home now allows adding filtering-rule list files only from files matching the patterns enumerated in the `filtering.safe_fs_patterns` property in the configuration file. We thank @itz-d0dgy for reporting this vulnerability, designated CVE-2024-36814, to us. Additionally, AdGuard Home will now try to change the permissions of its files and directories to more restrictive ones to prevent similar vulnerabilities as well as limit the access to the configuration. We thank @go-compile for reporting this vulnerability, designated CVE-2024-36586, to us. Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities in 1.23.2 go-1.23.2 . Added: Support for 64-bit RISC-V architecture (). Ecosia search engine is now supported in safe search (). Changed: Upstream server URL domain names requirements has been relaxed and now follow the same rules as their domain specifications. Configuration changes: In this release, the schema version has changed from 28 to 29. The new array `filtering.safe_fs_patterns` contains glob patterns for paths of files that can be added as local filtering-rule lists. The migration should add list files that have already been added, as well as the default value. ` DATA_DIR/userfilters/*`. : Property `clients.runtime_sources.dhcp` in the configuration file not taking effect. Stale Google safe search domains list (). Bing safe search from Edge sidebar (). Text overflow on the query log page (). Known : Due to the complexity of the Windows permissions architecture and poor support from the standard Go library, we have to postpone the proper automated Windows until the next release. Temporary workaround: Set the permissions of the `AdGuardHome` directory to more
0.107.5206 Jul 2024 03:15 minor feature: See also the v0.107.52 GitHub milestone ms-v0.107.52 . Security: Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities in Go 1.22.5 go-1.22.5 . Added: The ability to disable logging using the new `log.enabled` configuration property (). Changed: Frontend rewritten in TypeScript. The `systemd`-based service now uses `journal` for logging by default. It also doesn't create the `/var/log/` directory anymore (). NOTE: With an installed service for changes to take effect, you need to reinstall the service using `-r` flag of the install script install-script or via the CLI (with root privileges): ``sh. ./AdGuardHome -s stop. ./AdGuardHome -s uninstall. ./AdGuardHome -s install. ./AdGuardHome -s start. ``. Don't forget to backup your configuration file and other important data before reinstalling the service. Deprecated: Node 18 support, Node 20 will be required in future releases. : Panic caused by missing user-specific blocked services object in configuration file (). Tracking `/etc/hosts` file changes causing panics within particular filesystems on start (). https://github.com/AdguardTeam/AdGuardHome//7053. https://github.com/AdguardTeam/AdGuardHome//7069. https://github.com/AdguardTeam/AdGuardHome//7076. https://github.com/AdguardTeam/AdGuardHome//7079. go-1.22.5 : https://groups.google.com/g/golang-announce/c/gyb7aM1C9H4. install-script : https://github.com/AdguardTeam/AdGuardHome/?tab=readme-ov-file#automated-install-linux-and-mac. ms-v0.107.52 : https://github.com/AdguardTeam/AdGuardHome/milestone/87?=1.
0.107.5107 Jun 2024 09:45 minor security: See also the v0.107.51 GitHub milestone ms-v0.107.51 . Security: Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities in Go 1.22.4 go-1.22.4 . Changed: The HTTP server's write timeout has been increased from 1 minute to 5 minutes to match the one used by AdGuard Home's HTTP client to fetch filtering-list data (). https://github.com/AdguardTeam/AdGuardHome//7041. go-1.22.4 : https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/. ms-v0.107.51 : https://github.com/AdguardTeam/AdGuardHome/milestone/86?=1.
0.107.5027 May 2024 03:15 minor bugfix: See also the v0.107.50 GitHub milestone ms-v0.107.50 . : Broken private reverse DNS upstream servers validation causing update failures. (). https://github.com/AdguardTeam/AdGuardHome//7013. ms-v0.107.50 : https://github.com/AdguardTeam/AdGuardHome/milestone/85?=1.
0.107.4923 May 2024 08:45 minor feature: See also the v0.107.49 GitHub milestone ms-v0.107.49 . Security: Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities in Go 1.22.3 go-1.22.3 . Added: Support for comments in the ipset file (). Changed: Private rDNS resolution now also affects `SOA` and `NS` requests (). Rewrite rules mechanics were changed due to improved resolving in safe search. Deprecated: Currently, AdGuard Home skips persistent clients that have duplicate fields when reading them from the configuration file. This behaviour is deprecated and will cause errors on startup in a future release. : Acceptance of duplicate UIDs for persistent clients at startup. See also the section on client settings on the Wiki page wiki-config . Domain specifications for top-level domains not considered for requests to unqualified domains (). Support for link-local subnets, i.e. `fe80::/16`, as client identifiers. (). with QUIC and HTTP/3 upstreams on older Linux kernel versions. (). YouTube restricted mode is not enforced by HTTPS queries on Firefox. Support for link-local subnets, i.e. `fe80::/16`, in the access settings. (). The ability to apply an invalid configuration for private rDNS, which led to server not starting. Ignoring query log for clients with ClientID set (). Subdomains of `in-addr.arpa` and `ip6.arpa` containing zero-length pre incorrectly considered invalid when specified for private rDNS upstream servers (). Unspecified IP addresses aren't checked when using "Fastest IP address" mode. (). https://github.com/AdguardTeam/AdGuardHome//5345. https://github.com/AdguardTeam/AdGuardHome//5812. https://github.com/AdguardTeam/AdGuardHome//6192. https://github.com/AdguardTeam/AdGuardHome//6312. https://github.com/AdguardTeam/AdGuardHome//6422. https://github.com/AdguardTeam/AdGuardHome//6744. https://github.com/AdguardTeam/AdGuardHome//6854. https://github.com/AdguardTeam/AdGuardHome//6875. https://github.com/AdguardTe
0.107.4806 Apr 2024 15:25 minor bugfix: See also the v0.107.48 GitHub milestone ms-v0.107.48 . : Access settings not being applied to encrypted protocols (). https://github.com/AdguardTeam/AdGuardHome//6890. ms-v0.107.48 : https://github.com/AdguardTeam/AdGuardHome/milestone/83?=1.
0.107.4621 Mar 2024 03:15 minor feature: See also the v0.107.46 GitHub milestone ms-v0.107.46 . Added: Ability to disable the use of system hosts file information for query resolution (). Ability to define custom directories for storage of query log files and statistics (). Changed: Private rDNS resolution (`dns.use_private_ptr_resolvers` in YAML configuration) now requires a valid "Private reverse DNS servers", when enabled (). NOTE: Disabling private rDNS resolution behaves effectively the same as if no private reverse DNS servers provided by user and by the OS. : Statistics for 7 days displayed by day on the dashboard graph (). Missing "served from cache" label on long DNS server strings (). Incorrect tracking of the system hosts file's changes (). https://github.com/AdguardTeam/AdGuardHome//5992. https://github.com/AdguardTeam/AdGuardHome//6610. https://github.com/AdguardTeam/AdGuardHome//6711. https://github.com/AdguardTeam/AdGuardHome//6712. https://github.com/AdguardTeam/AdGuardHome//6740. https://github.com/AdguardTeam/AdGuardHome//6820. ms-v0.107.46 : https://github.com/AdguardTeam/AdGuardHome/milestone/81?=1.
0.107.4506 Mar 2024 20:49 minor feature: ### Added - Timezones in the Etc/ area to the timezone list ( #6568 ). - The schema version of the configuration file to the output of running `AdGuardHome` (or `AdGuardHome.exe`) with `-v --version` command-line options ( #6545 ). - Ability to disable plain-DNS serving via UI if an encrypted protocol is already used ( #1660 ). ### Changed - The bootstrapped upstream addresses are now updated according to the TTL of the bootstrap DNS response ( #6321 ). - Logging level of timeout errors is now `error` instead of `debug` ( #6574 ). - The field `"upstream_mode"` in `POST /control/dns_config` and `GET /control/dns_info` HTTP APIs now accepts `load_balance` value. Check `openapi/CHANGELOG.md` for more details.