Releases: apernet/hysteria
Releases · apernet/hysteria
app/v2.6.5
This release contains important fixes and we strongly encourage everyone to upgrade.
- Fixed a server-side memory leak issue that accumulates with each client connection
此版本包含重要修复,强烈建议更新
- 修复一个会随着每个客户端连接而累积的服务端内存泄漏问题
app/v2.6.4
This release contains important fixes and we strongly encourage everyone to upgrade.
- Security fix & behavior change:
tls.pinSHA256now matches only the fingerprint of the leaf certificate, instead of any certificate in the chain. This change mitigates MITM risks in cases whereinsecure=trueby preventing 1) user accidentally pinning a CA certificate, which would allow any certificate issued by that CA to be accepted, and 2) attacker constructing a forged certificate chain by combining their own leaf certificate with the user server's certificate. - Fix tun mode UDP packet AF corruption
- Updated quic-go to v0.54.0
此版本包含重要修复,强烈建议更新
- 安全修复与行为变更:
tls.pinSHA256现在只会匹配叶子证书的指纹,而不是整条链中任意证书。此改动在insecure=true的情况下避免了中间人攻击风险,特别是以下两种情况: 1) 用户错误地 pin 了 CA 证书,从而导致该 CA 签发的任何证书都能被接受;2) 攻击者伪造证书链,将自己的叶子证书与用户服务器的证书拼接使用。 - 修复 tun 模式下 UDP 包 AF 字段损坏问题
- quic-go 更新到 v0.54.0
app/v2.6.3
- Added mTLS support for client certificate authentication
- Fixed a memory leak issue in tun mode
- Fixed an issue where DNS resolution failed in tun mode on Linux systems using systemd-resolved
- Fixed a bug in the ACL cache that caused rules with different ports or protocols to be applied to irrelevant connections
- Removed the license-conflicted DoH library and replaced it with an in-house implementation
- Fixed a race condition in UDP session handling
- 新增 mTLS 客户端证书验证
- 修复 tun 模式下一个内存泄漏问题
- 修复使用 systemd-resolved 的 Linux 设备上 tun 模式 DNS 解析失败的问题
- 修复一个 ACL 中协议/端口不匹配的规则被错误应用到其他连接的 bug
- 移除许可协议不兼容的 DoH 库,改为自行实现
- 修复一个 UDP session 处理的线程安全问题
app/v2.6.2
- Updated quic-go to v0.52.0
- ClientHello is now fragmented during TLS handshake, which can bypass some firewalls' SNI filtering.
- The
--qroption in client mode is deprecated; use thesharesubcommand to generate links and QR codes instead.
- quic-go 更新到 v0.52.0
- 现在 TLS 握手时会对 ClientHello 进行分片,可绕过部分防火墙的 SNI 过滤
- 客户端模式的
--qr参数已不推荐使用,可用 share 子命令生成共享链接与二维码
app/v2.6.1
- The server's direct outbound now supports TCP Fast Open
- Changed
LibVersiontoLibrariesin the output of theversionsubcommand - Added support to disable TLS verification (
insecure) for the masquerade proxy website - Fixed issues with tun not functioning on Linux when
ipv6.disable=1is set - Added support for
LoongArch64 - Updated quic-go to version 0.49.0
- Made the username in
userpassauthentication case-insensitive
- 服务端 direct outbound 支持 TCP Fast Open
version子命令的输出中将LibVersion改为Libraries- 伪装代理网站回源支持禁用 TLS 验证 (
insecure) - 修复在 Linux 上
ipv6.disable=1时 tun 无法正常工作的 bug - 添加对
LoongArch64的支持 (64 位龙芯) - quic-go 更新到 v0.49.0
userpass认证中的用户名不再区分大小写
app/v2.6.0
This release contains important fixes and we strongly encourage everyone to upgrade.
- Fixed a bug where the client would freeze on startup if the port hopping range contained 65535
- Added a new
/dump/streamsendpoint to the traffic stats API for retrieving information on active QUIC streams - Updated quic-go to v0.48.1
- The
versionsubcommand now includes the toolchain & quic-go version information - Added a new
sharesubcommand to the client for generating sharing links & QR codes - The server now validates the
masquerade.proxy.urlfield to ensure it's a valid HTTP or HTTPS URL
此版本包含重要修复,强烈建议更新
- 修复一个端口跳跃范围包含 65535 时客户端启动会卡死的 bug
- 流量统计 API 新增
/dump/streams接口,用于获取当前所有 QUIC 流的信息 - quic-go 更新到 v0.48.1
version子命令新增工具链和 quic-go 版本信息- 客户端新增
share子命令,用于生成分享链接和二维码 - 服务端现在会验证
masquerade.proxy.url字段是否为有效的 HTTP 或 HTTPS URL
app/v2.5.2
- By default, the server now terminates the TLS handshake if the SNI sent by a client does not match the certificate. A new
sniGuardoption has been added to thetlssection to control this behavior - Fixed the issue where sniffing could not recognize fragmented QUIC packets
- Updated quic-go to v0.47.0
- 服务端现在默认会在客户端发送的 SNI 与证书不匹配时终止 TLS 握手,并在
tls中新增了sniGuard选项用于控制此行为 - 修复了 sniff 无法嗅探分片后的 QUIC 包的问题
- quic-go 更新到 v0.47.0
app/v2.5.1
- Fixed a bug in HTTP sniffing that caused all connections to non-standard ports (non-80) to fail
- Fixed a bug in the client where the authentication password was not escaped when parsing sharing links
- Updated quic-go to v0.46.0
- 修复了 HTTP 嗅探中一个导致所有非标准端口 (非 80) 连接会发生错误的问题
- 修复了客户端解析分享链接时未对认证密码部分进行转义的问题
- quic-go 更新到 v0.46.0
app/v2.5.0
- Added support for ACME DNS challenge, including several common providers such as Cloudflare, GoDaddy, and Name.com
- Added server-side protocol sniffing, supporting HTTP, TLS (HTTPS), and QUIC (HTTP/3)
- Fixed the issue with inaccurate unit conversion in the speed test command (1024 -> 1000)
- 新增 ACME DNS 验证支持,支持 Cloudflare, GoDaddy, Name.com 等多个常见服务商
- 新增服务端协议嗅探 (Sniff),支持 HTTP, TLS (HTTPS) 和 QUIC (HTTP/3) 协议
- 修复测速命令中速度显示单位转换不准确的问题 (1024 -> 1000)
app/v2.4.5
- Fixed some logic issues in BBR, and added
HYSTERIA_BBR_DEBUGenvironment variable for printing debug information - Fixed compatibility issues of the HTTP proxy with certain programs
- Updated quic-go to v0.44.0
- 修复 BBR 中的一些逻辑问题,并新增
HYSTERIA_BBR_DEBUG环境变量用于输出 BBR 调试信息 - 修复 HTTP 代理对某些程序的兼容性问题
- quic-go 更新到 v0.44.0