V2fly V2ray Core Versions Save

New Features

• uTLS uTLS ALPN Control (https://github.com/v2fly/v2ray-core/pull/2261)
  • CN EN Document have been updated.

Fixes

• fix: dns.Hostmapping in JSONv5 config treats ip as Base64 (#2107) (https://github.com/v2fly/v2ray-core/pull/2271) Thanks @mydogshitgold .
• fix(app/log): prevent close of closed channel (https://github.com/v2fly/v2ray-core/pull/2296) Thanks @yin1999 .

Chores

• Fix deprecated 'set-output' in workflow (https://github.com/v2fly/v2ray-core/pull/2220) Thanks @zedifen .
• Chore: use Go 1.20 (https://github.com/v2fly/v2ray-core/pull/2297) Thanks @AkinoKaede .

New Features

• uTLS New Security Type uTLS: TLS Client Hello imitation. (#2219)
  • CN EN Document have been updated.
  • Only client without transport, or with websocket transport is currently supported.
  • Thanks @HirbodBehnam .
• DNS Support per-client configuration (#1977 #2212) Thanks @Vigilans .
• DNS Support specifying domain matcher (#1979) Thanks @Vigilans .
• Add bind to device to Windows and Darwin (#1972) . Thanks @AkinoKaede .
• Replace default Health Ping URL to HTTPS for burst observatory(#1991) Thanks @4-FLOSS-Free-Libre-Open-Source-Software .
• Implement Match and MatchAny for all MatcherGroup, IndexMatcher Thanks @Vigilans .

Fixes

• Fix typo in error message (#2146) Thanks @kvii .
• Support domain string validation (#2188) Thanks @Vigilans .
• Charset of ACAutomationMatcherGroup should accept all ASCII characters (#1988) Thanks @Vigilans .
• Fix logic of domain override Thanks @AkinoKaede .
• Fix HTTP sniff Thanks @AkinoKaede .
• Fix config merger fixes (#2084) Thanks @qjebbs .
• Fix selectLeastLoad() returns wrong number of nodes (#2083) Thanks @qjebbs .
• Fix(freebsd): ReadUDPMsg nil pointer Thanks @kscooo @AkinoKaede .
• fix: socks4/4a client handshake (#1971) Thanks @dyhkwong .
• Add transport original name to listen unix (#2048) Thanks @AkinoKaede .
• fix Replace "math/rand" with "crypto/rand" in padding generation(#2032) @nlzy .
• Fix remove v2ctl from debian/rules (#1954) Thanks @felixonmars @Loyalsoldier .
• Fix getting shared flags for balance info command (#1905) Thanks @iusearch .
• Fix erroneous prefix checking Thanks @iusearch .
• Fix json.Reader: fill output bytes as much as possible Thanks @EHfive .
• Guard against nil pointer dereference of (*NetworkList) Thanks @EHfive.
• Fix server name not applied to security engine in TCP transport. (#2260) Thanks @Zeezorn.

Chores

• Add tests for idn support (#2213) Thanks @Vigilans .
• Test: fix leastload strategy unit test Thanks @AkinoKaede .
• Chore: update dependencies (#1995) Thanks @Loyalsoldier .
• Refactor: replace netaddr package with netipx (#1994) Thanks @Loyalsoldier .
• Lint: exclude ST1016 Thanks @AkinoKaede .
• Style: remove duplicate FetchHTTPContent function Thanks @AkinoKaede .
• chore: disable lint on generated protobuf file.

New Features

• uTLS New Security Type uTLS: TLS Client Hello imitation. (#2219)
  • CN EN Document have been updated.
  • Only client without transport, or with websocket transport is currently supported.
  • Thanks @HirbodBehnam .
• DNS Support per-client configuration (#1977 #2212) Thanks @Vigilans .
• DNS Support specifying domain matcher (#1979) Thanks @Vigilans .
• Add bind to device to Windows and Darwin (#1972) . Thanks @AkinoKaede .
• Replace default Health Ping URL to HTTPS (#1991) Thanks @4-FLOSS-Free-Libre-Open-Source-Software .
• Implement Match and MatchAny for all MatcherGroup, IndexMatcher Thanks @Vigilans .

Fixes

• Fix typo in error message (#2146) Thanks @kvii .
• Support domain string validation (#2188) Thanks @Vigilans .
• Charset of ACAutomationMatcherGroup should accept all ASCII characters (#1988) Thanks @Vigilans .
• Fix logic of domain override Thanks @AkinoKaede .
• Fix HTTP sniff Thanks @AkinoKaede .
• Fix config merger fixes (#2084) Thanks @qjebbs .
• Fix selectLeastLoad() returns wrong number of nodes (#2083) Thanks @qjebbs .
• Fix(freebsd): ReadUDPMsg nil pointer Thanks @kscooo @AkinoKaede .
• fix: socks4/4a client handshake (#1971) Thanks @dyhkwong .
• Add transport original name to listen unix (#2048) Thanks @AkinoKaede .
• fix Replace "math/rand" with "crypto/rand" in padding generation(#2032) @nlzy .
• Fix remove v2ctl from debian/rules (#1954) Thanks @felixonmars @Loyalsoldier .
• Fix getting shared flags for balance info command (#1905) Thanks @iusearch .
• Fix erroneous prefix checking Thanks @iusearch .
• Fix json.Reader: fill output bytes as much as possible Thanks @EHfive .
• Guard against nil pointer dereference of (*NetworkList) Thanks @EHfive.

Chores

• Add tests for idn support (#2213) Thanks @Vigilans .
• Test: fix leastload strategy unit test Thanks @AkinoKaede .
• Chore: update dependencies (#1995) Thanks @Loyalsoldier .
• Refactor: replace netaddr package with netipx (#1994) Thanks @Loyalsoldier .
• Lint: exclude ST1016 Thanks @AkinoKaede .
• Style: remove duplicate FetchHTTPContent function Thanks @AkinoKaede .
• chore: disable lint on generated protobuf file.

v5.1.0 User Preview

New Features

• Jsonv5 New configuration format. This enables support for automatic component recognition.
  • ZH Document is work in progress.
  • EN Document is work in progress.
  • Thanks @AkinoKaede, @kslr, @mzz2017.
• VLite UDP P2P focused proxy protocol with Full Cone, Forward Error Correction, Self-Healing Connection(Connection Stabilization) support.
  • UDP based VLite support was added in #1732.
  • The ZH EN documents have been updated.
• UDP PacketAddr UDP endpoint independent mapping(aka Full Cone) support.
• SocksOpt Add KeepAlive Support. Thanks @ValdikSS .
• SocksOpt Add BindToDevice Support. Thanks @database64128 .
• SocksOpt Add Rx/TxBuf Size Support.
• Burst Observatory Measure connection quality to a significant amount of outbound at the same time. Thanks @qjebbs.
• Multi Observatory Run more than one Observatory at the same time.
• Router Load balancing strategy LeastLoad. Thanks @qjebbs.
• Jsonv4 Additional representation format for Jsonv4 configure file format. This includes YAML, TOML. Thanks @qjebbs.
• Jsonv4 General purpose merger for all configure formats. Thanks @qjebbs.
• Shadowsocks Reduced IV Head Entropy Experiment. Thanks GFWReport and other collaborators.
• CLI Reworked command line Interface. Thanks @qjebbs.
• Developer Assistance Protobuf configure format reverse engineering.
• Asset Search for assets in xdg data directories on non-windows platforms #1578 Thanks @NickCao.
• DNS Feat: refine find IPs logic for DoH. Thanks @AkinoKaede .
• gRPC Feat: make gRPC dialer accept socket config #1697 Thanks @dyhkwong
• JSONv5 Feat: add JSONC support to v5 configuration #1778 Thanks @AkinoKaede
• DNS Change the default port of Dns over Quic #1834 Thanks @simpleandstupid @AkinoKaede
• DNS feat: change ALPN of DNS over QUIC Thanks @AkinoKaede
• UDP Feat: increase idle timeout to 300s for udp split #1903 Thanks @AkinoKaede
• Feat: refine cipher and network config #1436 Thanks @AkinoKaede
• Feat: refine the logic of security type AUTO #1913 Thanks @H1JK

Fixes

• Router Fixed a memory leak bug caused by requiring component.
• FakeDNS Fix a concurrency issue in fakedns #1666 Thanks @yuhan6665 .
• Jsonv5 Fix: context of DNS simplified config #1665 Thanks @AkinoKaede .
• DNS Fix: fix failure of cache expired DNS record querying over DoH #1706 Thanks @KujouRinka.
• DNS Fix: failure of cache expired DNS record querying over DoQ. Thanks @AkinoKaede .
• Fix client dialer log #1568 Thanks @yuhan6665 @AkinoKaede @kslr.
• Fix: net.Address type checking #1629 Thanks @1ocalhost
• Fix "disable quit on connection interrupt" #1763 Thanks @dyhkwong
• Fix TLS Client Certificate Verify Not Applied
• Fix: proxy/http: Avoid getting stuck when using server-first protocols #1517 Thanks @lrh2000
• Fix: correct a type assertion of dokodemo simplified config #1771 Thanks @EHfive
• Fix: build routing condition for geo domain #1772 Thanks @EHfive
• Fix: correct TCP keepalive sockopt names for darwin #1777 Thanks @EHfive
• Fix ticker usage Thanks @nekohasekai
• Fix: load auto format config with io.Reader #1773 Thanks @AkinoKaede
• Fix: V5 config register #1879 Thanks @AkinoKaede
• Fix: length of DNS over QUIC #1888 Thanks @AkinoKaede

Chores

• Test: Add statistics in conn testing #1444 Thanks @yuhan6665 @kslr .
• Chore: bump github.com/lucas-clemente/quic-go to 0.27.0 Thanks @AkinoKaede .
• Fix: lint setting for revive #1758 Thanks @Loyalsoldier
• Fix: gci command for formatting code #1757 Thanks @Loyalsoldier
• Refactor strmatcher.ACAutomationMatcherGroup #1363 Thanks @Vigilans
• Fix TestUserValidator #1381 Thanks @yuhan6665
• Fix lint Thanks @nekohasekai
• Chore: use Go v1.19 Thanks @AkinoKaede
• Chore: normalized generated protobuf files.

v5.0.8 Developer Preview

-----> ⚠️ Important Message ⚠️<-----

This might be the last Developer Preview of V2Ray V5. We will soon begin to release User Preview that are signed and marked as stable. This User Preview will suitable for users to start using v5 version of V2Ray, and user facing config will be more stable than Developer Preview. The version number for that release will be v5.1.0, and then increase middle version number for each regular update, then a minor version increase for minor patches.

For testing purpose, this v5.0.8 version might be signed as well.

This is a pre-release version of V2Ray intended for developer preview. Users are not advised to use this version right now. Contributors are encouraged to send pull requests to the V5 version of the codebase. This release note is being edited to reflect all significant changes made to the codebase, please contact us if you think something is missing. Most new features are currently undocumented. The documents will be updated over time.

Breaking Changes

• DNS DNS over QUIC's default port changed from 784 to 853
• Jsonv5 field network renamed to networks

New Features

• Jsonv5 New configuration format. This enables support for automatic component recognition.
  • ZH Document is work in progress.
  • EN Document is work in progress.
  • Thanks @AkinoKaede, @kslr, @mzz2017.
• VLite UDP P2P focused proxy protocol with Full Cone, Forward Error Correction, Self-Healing Connection(Connection Stabilization) support.
  • UDP based VLite support was added in #1732.
  • The ZH EN documents have been updated.
• UDP PacketAddr UDP endpoint independent mapping(aka Full Cone) support.
• SocksOpt Add KeepAlive Support. Thanks @ValdikSS .
• SocksOpt Add BindToDevice Support. Thanks @database64128 .
• SocksOpt Add Rx/TxBuf Size Support.
• Burst Observatory Measure connection quality to a significant amount of outbound at the same time. Thanks @qjebbs.
• Multi Observatory Run more than one Observatory at the same time.
• Router Load balancing strategy LeastLoad. Thanks @qjebbs.
• Jsonv4 Additional representation format for Jsonv4 configure file format. This includes YAML, TOML. Thanks @qjebbs.
• Jsonv4 General purpose merger for all configure formats. Thanks @qjebbs.
• Shadowsocks Reduced IV Head Entropy Experiment. Thanks GFWReport and other collaborators.
• CLI Reworked command line Interface. Thanks @qjebbs.
• Developer Assistance Protobuf configure format reverse engineering.
• Asset Search for assets in xdg data directories on non-windows platforms #1578 Thanks @NickCao.
• DNS Feat: refine find IPs logic for DoH. Thanks @AkinoKaede .
• gRPC Feat: make gRPC dialer accept socket config #1697 Thanks @dyhkwong
• JSONv5 Feat: add JSONC support to v5 configuration #1778 Thanks @AkinoKaede
• DNS Change the default port of Dns over Quic #1834 Thanks @simpleandstupid @AkinoKaede
• DNS feat: change ALPN of DNS over QUIC Thanks @AkinoKaede
• UDP Feat: increase idle timeout to 300s for udp split #1903 Thanks @AkinoKaede
• Feat: refine cipher and network config #1436 Thanks @AkinoKaede
• Feat: refine the logic of security type AUTO #1913 Thanks @H1JK

Fixes

• Router Fixed a memory leak bug caused by requiring component.
• FakeDNS Fix a concurrency issue in fakedns #1666 Thanks @yuhan6665 .
• Jsonv5 Fix: context of DNS simplified config #1665 Thanks @AkinoKaede .
• DNS Fix: fix failure of cache expired DNS record querying over DoH #1706 Thanks @KujouRinka.
• DNS Fix: failure of cache expired DNS record querying over DoQ. Thanks @AkinoKaede .
• Fix client dialer log #1568 Thanks @yuhan6665 @AkinoKaede @kslr.
• Fix: net.Address type checking #1629 Thanks @1ocalhost
• Fix "disable quit on connection interrupt" #1763 Thanks @dyhkwong
• Fix TLS Client Certificate Verify Not Applied
• Fix: proxy/http: Avoid getting stuck when using server-first protocols #1517 Thanks @lrh2000
• Fix: correct a type assertion of dokodemo simplified config #1771 Thanks @EHfive
• Fix: build routing condition for geo domain #1772 Thanks @EHfive
• Fix: correct TCP keepalive sockopt names for darwin #1777 Thanks @EHfive
• Fix ticker usage Thanks @nekohasekai
• Fix: load auto format config with io.Reader #1773 Thanks @AkinoKaede
• Fix: V5 config register #1879 Thanks @AkinoKaede
• Fix: length of DNS over QUIC #1888 Thanks @AkinoKaede

Chores

• Test: Add statistics in conn testing #1444 Thanks @yuhan6665 @kslr .
• Chore: bump github.com/lucas-clemente/quic-go to 0.27.0 Thanks @AkinoKaede .
• Fix: lint setting for revive #1758 Thanks @Loyalsoldier
• Fix: gci command for formatting code #1757 Thanks @Loyalsoldier
• Refactor strmatcher.ACAutomationMatcherGroup #1363 Thanks @Vigilans
• Fix TestUserValidator #1381 Thanks @yuhan6665
• Fix lint Thanks @nekohasekai
• Chore: use Go v1.19 Thanks @AkinoKaede

This release includes security enhancement for all users.

!!! Important SECURITY enhancement !!!

• Fix DoS attack vulnerability in VMess Option Processing. (Thanks @nekohasekai )

Security Advisory

This update fixes a DoS vulnerability in V2Ray. This vulnerability allows a VMess Client with authentication information controlled by an attacker to crash a VMess Server by sending a specially crafted VMess handshake message with an invalid option or encryption type. This vulnerability does NOT allow the attacker to retrieve any information(other than it used an unpatched version of the software) and does NOT allow an attacker to control the unpatched software or system. It is strongly recommended for all users to apply this security update at the earliest possible opportunity. We would like to thank @nekohasekai for the discovery of this vulnerability.

此更新修复了在 V2Ray 中的一个拒绝服务攻击漏洞。这个漏洞允许攻击者控制的拥有认证信息的 VMess 客户端迫使 VMess 服务器端崩溃。这个漏洞可以通过在 VMess 握手阶段由客户端发送一个恶意的数据包被触发，触发漏洞数据包拥有无效的选项或加密方式。 攻击者 无法 通过这个漏洞获取任何信息（除客户端尚未应用此安全更新以外），也 不会 允许攻击者控制客户端软件或系统。强烈推荐所有用户在第一时间应用本安全更新。我们在此感谢 @nekohasekai 发现此漏洞。

Edit: Fixed a typo. Last version of this document withdrawn.

This release have with withdrawn.

This release includes security enhancement for all users.

!!! Important SECURITY enhancement !!!

• Fix DoS attack vulnerability in VMess Option Processing. (Thanks @nekohasekai )

Security Advisory

This update fixes a DoS vulnerability in V2Ray. This vulnerability allows a VMess Client with authentication information controlled by an attacker to crash a VMess Server by sending a specially crafted VMess handshake message with an invalid option or encryption type. This vulnerability does NOT allow the attacker to retrieve any information(other than it used an unpatched version of the software) and does NOT allow an attacker to control the unpatched software or system. It is strongly recommended for all users to apply this security update at the earliest possible opportunity. We would like to thank @nekohasekai for the discovery of this vulnerability.

此更新修复了在 V2Ray 中的一个拒绝服务攻击漏洞。这个漏洞允许攻击者控制的拥有认证信息的 VMess 客户端迫使 VMess 服务器端崩溃。这个漏洞可以通过在 VMess 握手阶段由客户端发送一个恶意的数据包被触发，触发漏洞数据包拥有无效的选项或加密方式。 攻击者 无法 通过这个漏洞获取任何信息（除客户端尚未应用此安全更新以外），也 不会 允许攻击者控制客户端软件或系统。强烈推荐所有用户在第一时间应用本安全更新。我们在此感谢 @nekohasekai 发现此漏洞。

Edit: Fixed a typo. Last version of this document withdrawn.

v5.0.5 Developer Preview

This is a pre-release version of V2Ray intended for developer preview. Users are not advised to use this version right now. Contributors are encouraged to send pull requests to the V5 version of the codebase. This release note is being edited to reflect all significant changes made to the codebase, please contact us if you think something is missing. Most new features are currently undocumented. The documents will be updated over time.

!!! SECURITY !!!

Fix TLS Client Certificate Verify setting is not applied. Most users do not use this feature in V5.

!!! BREAKING !!!

TLS Certificates are required to have usage set to AUTHORITY_VERIFY, or AUTHORITY_VERIFY_CLIENT to be recognized as respective CA.

New Features

• Jsonv5 New configuration format. This enables support for automatic component recognition.
  • ZH Document is work in progress.
  • EN Document is work in progress.
  • Thanks @AkinoKaede, @kslr, @mzz2017.
• VLite UDP P2P focused proxy protocol with Full Cone, Forward Error Correction, Self-Healing Connection(Connection Stabilization) support.
  • UDP based VLite support was added in #1732.
  • The ZH EN documents have been updated.
• UDP PacketAddr UDP endpoint independent mapping(aka Full Cone) support.
• SocksOpt Add KeepAlive Support. Thanks @ValdikSS .
• SocksOpt Add BindToDevice Support. Thanks @database64128 .
• SocksOpt Add Rx/TxBuf Size Support.
• Burst Observatory Measure connection quality to a significant amount of outbound at the same time. Thanks @qjebbs.
• Multi Observatory Run more than one Observatory at the same time.
• Router Load balancing strategy LeastLoad. Thanks @qjebbs.
• Jsonv4 Additional representation format for Jsonv4 configure file format. This includes YAML, TOML. Thanks @qjebbs.
• Jsonv4 General purpose merger for all configure formats. Thanks @qjebbs.
• Shadowsocks Reduced IV Head Entropy Experiment. Thanks GFWReport and other collaborators.
• CLI Reworked command line Interface. Thanks @qjebbs.
• Developer Assistance Protobuf configure format reverse engineering.
• Asset Search for assets in xdg data directories on non-windows platforms #1578 Thanks @NickCao.
• DNS Feat: refine find IPs logic for DoH. Thanks @AkinoKaede .
• gRPC Feat: make gRPC dialer accept socket config #1697 Thanks @dyhkwong

Fixes

• Router Fixed a memory leak bug caused by requiring component.
• FakeDNS Fix a concurrency issue in fakedns #1666 Thanks @yuhan6665 .
• Jsonv5 Fix: context of DNS simplified config #1665 Thanks @AkinoKaede .
• DNS Fix: fix failure of cache expired DNS record querying over DoH #1706 Thanks @KujouRinka.
• DNS Fix: failure of cache expired DNS record querying over DoQ. Thanks @AkinoKaede .
• Fix client dialer log #1568 Thanks @yuhan6665 @AkinoKaede @kslr.
• Fix: net.Address type checking #1629 Thanks @1ocalhost
• Fix "disable quit on connection interrupt" #1763 Thanks @dyhkwong
• Fix TLS Client Certificate Verify Not Applied

Chores

• Test: Add statistics in conn testing #1444 Thanks @yuhan6665 @kslr .
• Chore: bump github.com/lucas-clemente/quic-go to 0.27.0 Thanks @AkinoKaede .
• Fix: lint setting for revive #1758 Thanks @Loyalsoldier
• Fix: gci command for formatting code #1757 Thanks @Loyalsoldier

v5.0.5 Developer Preview

This is a pre-release version of V2Ray intended for developer preview. Users are not advised to use this version right now. Contributors are encouraged to send pull requests to the V5 version of the codebase. This release note is being edited to reflect all significant changes made to the codebase, please contact us if you think something is missing. Most new features are currently undocumented. The documents will be updated over time.

New Features

• Jsonv5 New configuration format. This enables support for automatic component recognition.
  • ZH Document is work in progress.
  • EN Document is work in progress.
  • Thanks @AkinoKaede, @kslr, @mzz2017.
• VLite UDP P2P focused proxy protocol with Full Cone, Forward Error Correction, Self-Healing Connection(Connection Stabilization) support.
  • UDP based VLite support was added in #1732.
  • The ZH EN documents have been updated.
• UDP PacketAddr UDP endpoint independent mapping(aka Full Cone) support.
• SocksOpt Add KeepAlive Support. Thanks @ValdikSS .
• SocksOpt Add BindToDevice Support. Thanks @database64128 .
• SocksOpt Add Rx/TxBuf Size Support.
• Burst Observatory Measure connection quality to a significant amount of outbound at the same time. Thanks @qjebbs.
• Multi Observatory Run more than one Observatory at the same time.
• Router Load balancing strategy LeastLoad. Thanks @qjebbs.
• Jsonv4 Additional representation format for Jsonv4 configure file format. This includes YAML, TOML. Thanks @qjebbs.
• Jsonv4 General purpose merger for all configure formats. Thanks @qjebbs.
• Shadowsocks Reduced IV Head Entropy Experiment. Thanks GFWReport and other collaborators.
• CLI Reworked command line Interface. Thanks @qjebbs.
• Developer Assistance Protobuf configure format reverse engineering.
• Asset Search for assets in xdg data directories on non-windows platforms #1578 Thanks @NickCao.
• DNS Feat: refine find IPs logic for DoH. Thanks @AkinoKaede .
• gRPC Feat: make gRPC dialer accept socket config #1697 Thanks @dyhkwong

Fixes

• Router Fixed a memory leak bug caused by requiring component.
• FakeDNS Fix a concurrency issue in fakedns #1666 Thanks @yuhan6665 .
• Jsonv5 Fix: context of DNS simplified config #1665 Thanks @AkinoKaede .
• DNS Fix: fix failure of cache expired DNS record querying over DoH #1706 Thanks @KujouRinka.
• DNS Fix: failure of cache expired DNS record querying over DoQ. Thanks @AkinoKaede .
• Fix client dialer log #1568 Thanks @yuhan6665 @AkinoKaede @kslr.
• Fix: net.Address type checking #1629 Thanks @1ocalhost
• Fix "disable quit on connection interrupt" #1763 Thanks @dyhkwong

Chores

• Test: Add statistics in conn testing #1444 Thanks @yuhan6665 @kslr .
• Chore: bump github.com/lucas-clemente/quic-go to 0.27.0 Thanks @AkinoKaede .
• Fix: lint setting for revive #1758 Thanks @Loyalsoldier
• Fix: gci command for formatting code #1757 Thanks @Loyalsoldier