v4.38.0 #915
Replies: 4 comments 9 replies
-
FakeDNS sniffer的功能改进非常棒,使这个功能具备了足够的鲁棒性,在透明代理中可以作为标配功能进行推广了。 |
Beta Was this translation helpful? Give feedback.
-
关于推荐设置的 |
Beta Was this translation helpful? Give feedback.
-
感谢大佬对 fakedns 的改进工作,fff3e1a 你觉得目前不需要吗? |
Beta Was this translation helpful? Give feedback.
-
同样配置下,为啥windows的v2rayN和iOS的shadowrocket就可以把allowinsecure开成false,而linux和macos的v2ray-core开启后就会校验失败无法上网?服务端配置为tls+websocket+web. |
Beta Was this translation helpful? Give feedback.
-
Feature
fakedns+others
sniffer , based on Add sniffer enhancement related to Fake DNS #697 . Thanks @yuhan6665 .leastPing
balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.Chore
Security Advisory
allowInsecure
turn on and without certificate pin withpinnedPeerCertificateChainSha256
will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess withnone
orzero
security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) wheneverallowInsecure
is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.Notices
For downstream developers
The Go module name of
v2ray-core
has been changed togithub.com/v2fly/v2ray-core/v4
. Do NOT usev2ray.com/core
anymore.This discussion was created from the release v4.38.0.
Beta Was this translation helpful? Give feedback.
All reactions