Mihomo Files

What's Changed

• 29a37f4f feat: all dns client support disable-ipv4 and disable-ipv6 params by @wwqgtxx
• 40587b62 feat: all dns client support skip-cert-verify params by @wwqgtxx
• 617fef84 feat: converter support anytls/socks/http (#2100) by @beck
• 85e6d25d feat: all dns client support ecs and ecs-override params by @wwqgtxx
• 9283cb0f feat: add loopback-address support for tun by @wwqgtxx
• Other incompatible updates are the same as v1.19.6~v1.19.10:

  • For security reasons, all paths appearing in the configuration file will be limited to workdir (regardless of whether they are relative or absolute). If there is a specific need, please specify additional safe paths by setting the SAFE_PATHS environment variable while ensuring safety. The syntax of this environment variable is the same as the PATH environment variable parsing rules of this operating system (i.e., semicolon-separated under Windows and colon-separated under other systems)
  • For security reasons, the "path" parameter of /configs in the restful api has been restricted, and its directory also needs to be in workdir or SAFE_PATHS.
  • In addition, support for specifying routing-mark and interface-name for proxy-groups has been removed. Please specify the relevant parameters in proxies directly.
  • Note: The workdir mentioned above is specified by the -d parameter when the program is started or the CLASH_HOME_DIR environment variable. If neither of the above is specified, the default is:
  • on Unix systems, $HOME/.config/mihomo.
  • on Windows, %USERPROFILE%/.config/mihomo.
  • The DNS resolution of the overall UDP part has been delayed to the connection initiation stage. It will be triggered only when the IP rule without no-resolve is matched during the rule matching process.
  • For direct and wireguard outbound, the same logic as the TCP part will be followed, that is, when direct-nameserver (or DNS configured by wireguard) exists, the resolution result in the rule matching process will be discarded and the domain name will be re-resolved. This re-resolution logic is only effective for fakeip.
  • For reject and DNS outbound, no resolution is required.
  • For other outbound, resolution will still be performed when the UDP connection is initiated, and the domain name will not be sent directly to the remote server.

BUG & Fix

• 31f0060b fix: chacha20 counter overflow by @wwqgtxx
• 32d447ce fix: convert https (#2102) by @beck
• 40ea0ba0 fix: correct constructor for 2022-blake3-chacha8-poly1305 by @wwqgtxx
• 5344e869 fix: ssr uri decode (#2116) by @Restia-Ashbell
• 5b975275 fix: incorrect checking of strings.Split return value by @wwqgtxx
• 6cfaf15c fix: missing error return by @wwqgtxx
• 71a87056 fix: remote dst parse by @wwqgtxx
• 8d7f947a fix: TypedValue.CompareAndSwap by @wwqgtxx
• ebf5918e fix: v2ray-plugin mux maybe not close underlay connection by @wwqgtxx

Maintenance

• 01f8f2db chore: cleanup allocator code by @wwqgtxx
• 082bcec2 chore: apply find process mode in direct/global mode by @wwqgtxx
• 166392fe chore: sniffer replace domain only if domain is valid (#2122) by @ayanamist
• 255ff5e9 chore: add rate limiting support for reality listener by @wwqgtxx
• 2f9a3b34 chore: cleanup code by @wwqgtxx
• 5c6aa433 chore: unconditionally allow clients with passwords for password-free socks5 inbound (#2123) by @ayanamist
• 85bb40aa chore: add Int32Enum for common/atomic by @wwqgtxx
• 87795e3a chore: add yaml marshal for common/atomic by @wwqgtxx
• 939e4109 chore: write dns reply in single syscall by @wwqgtxx
• 93ca1851 chore: converter support fingerprint for anytls by @riolurs
• ae7967f6 chore: the resolve and findProcess behaviors of Logic and SubRules follow the order and needs of the internal rules by @wwqgtxx
• c60750d5 chore: allow tun to skip the system ipv6 check when starting by environment variable SKIP_SYSTEM_IPV6_CHECK by @wwqgtxx

Full Changelog: https://github.com/MetaCubeX/mihomo/compare/v1.19.10...v1.19.11