Skip to content

Releases: SagerNet/sing-box

1.12.0-alpha.2

31 Jan 07:30
@github-actions github-actions
v1.12.0-alpha.2
460c523
This commit was signed with the committer’s verified signature.
nekohasekai δΈ–η•Œ
GPG key ID: CD109927C34A63C4
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.12.0-alpha.2 Pre-release
Pre-release

πŸ“ Release Notes

  • Update quic-go to v0.49.0
  • Fixes and improvements
Assets 48
Loading

1.12.0-alpha.1

30 Jan 12:22
@github-actions github-actions
v1.12.0-alpha.1
18c443e
This commit was signed with the committer’s verified signature.
nekohasekai δΈ–η•Œ
GPG key ID: CD109927C34A63C4
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.12.0-alpha.1 Pre-release
Pre-release

πŸ“ Release Notes

  • Refactor DNS servers 1
  • Add domain resolver options2
  • Add TLS fragment route options 3
  • Add certificate options 4

1:

DNS servers are refactored for better performance and scalability.

See DNS server.

For migration, see Migrate to new DNS server formats.

Compatibility for old formats will be removed in sing-box 1.14.0.

2:

Legacy outbound DNS rules are deprecated
and can be replaced by the new domain_resolver option.

See Dial Fields and Route.

For migration, see Migrate outbound DNS rule items to domain resolver.

3:

The new TLS fragment route options allow you to fragment TLS handshakes to bypass firewalls.

This feature is intended to circumvent simple firewalls based on plaintext packet matching, and should not be used to circumvent real censorship.

Since it is not designed for performance, it should not be applied to all connections, but only to server names that are known to be blocked.

See Route Action.

4:

New certificate options allow you to manage the default list of trusted X509 CA certificates.

For the system certificate list, fixed Go not reading Android trusted certificates correctly.

You can also use the Mozilla Included List instead, or add trusted certificates yourself.

See Certificate.

Assets 48
Loading

1.11.0

30 Jan 12:21
@github-actions github-actions
v1.11.0
d09d2fb
This commit was signed with the committer’s verified signature.
nekohasekai δΈ–η•Œ
GPG key ID: CD109927C34A63C4
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.11.0 Latest
Latest

πŸ“ Release Notes

Important changes since 1.10:

  • Introducing rule actions 1
  • Improve tun compatibility 3
  • Merge route options to route actions 4
  • Add network_type, network_is_expensive and network_is_constrainted rule items 5
  • Add multi network dialing 6
  • Add cache_capacity DNS option 7
  • Add override_address and override_port route options 8
  • Upgrade WireGuard outbound to endpoint 9
  • Add UDP GSO support for WireGuard
  • Make GSO adaptive 10
  • Add UDP timeout route option 11
  • Add more masquerade options for hysteria2 12
  • Add rule-set merge command
  • Add port hopping support for Hysteria2 13
  • Hysteria2 ignore_client_bandwidth behavior update 14

1:

New rule actions replace legacy inbound fields and special outbound fields,
and can be used for pre-matching 2.

See Rule, Rule Action, DNS Rule and DNS Rule Action.

For migration, see Migrate legacy special outbounds to rule actions, Migrate legacy inbound fields to rule actions and Migrate legacy DNS route options to rule actions.

2:

Similar to Surge's pre-matching.

Specifically, new rule actions allow you to reject connections with TCP RST (for TCP connections) and ICMP port unreachable (for UDP packets) before connection established to improve tun's compatibility.

See Rule Action.

3:

When gvisor tun stack is enabled, even if the request passes routing, if the outbound connection establishment fails, the connection still does not need to be established and a TCP RST is replied.

4:

Route options in DNS route actions will no longer be considered deprecated, see DNS Route Action.

Also, now udp_disable_domain_unmapping and udp_connect can also be configured in route action, see Route Action.

5:

When using in graphical clients, new routing rule items allow you to match on network type (WIFI, cellular, etc.), whether the network is expensive, and whether Low Data Mode is enabled.

See Route Rule, DNS Route Rule and Headless Rule.

6:

Similar to Surge's strategy.

New options allow you to connect using multiple network interfaces, prefer or only use one type of interface, configure a timeout to fallback to other interfaces.

See Dial Fields, Rule Action and Route.

7:

See DNS.

8:

See Rule Action and
Migrate destination override fields to route options.

9:

The new WireGuard endpoint combines inbound and outbound capabilities,
and the old outbound will be removed in sing-box 1.13.0.

See Endpoint, WireGuard Endpoint
and Migrate WireGuard outbound fields to route options.

10:

For WireGuard outbound and endpoint, GSO will be automatically enabled when available, see WireGuard Outbound.

For TUN, GSO has been removed, see Deprecated.

11:

See Rule Action.

12:

See Hysteria2.

13:

See Hysteria2.

14:

When up_mbps and down_mbps are set, ignore_client_bandwidth instead denies clients from using BBR CC.

Assets 48

1.11.0-rc.1

27 Jan 05:11
@github-actions github-actions
v1.11.0-rc.1
9b73222
This commit was signed with the committer’s verified signature.
nekohasekai δΈ–η•Œ
GPG key ID: CD109927C34A63C4
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.11.0-rc.1 Pre-release
Pre-release

πŸ“ Release Notes

  • Fixes and improvements
Assets 48
Loading

1.11.0-beta.24

19 Jan 07:54
@github-actions github-actions
v1.11.0-beta.24
8cc7734
This commit was signed with the committer’s verified signature.
nekohasekai δΈ–η•Œ
GPG key ID: CD109927C34A63C4
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.11.0-beta.24 Pre-release
Pre-release

πŸ“ Release Notes

  • Fixes and improvements
Assets 48
Loading

1.11.0-beta.23

14 Jan 01:57
@github-actions github-actions
v1.11.0-beta.23
bd2e052
This commit was signed with the committer’s verified signature.
nekohasekai δΈ–η•Œ
GPG key ID: CD109927C34A63C4
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.11.0-beta.23 Pre-release
Pre-release

πŸ“ Release Notes

  • Fixes and improvements
Assets 48
Loading

1.10.7

14 Jan 01:57
@github-actions github-actions
v1.10.7
253b419
This commit was signed with the committer’s verified signature.
nekohasekai δΈ–η•Œ
GPG key ID: CD109927C34A63C4
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.10.7

πŸ“ Release Notes

  • Fixes and improvements
Assets 48
Loading

1.11.0-beta.22

08 Jan 09:21
@github-actions github-actions
v1.11.0-beta.22
0d2334d
This commit was signed with the committer’s verified signature.
nekohasekai δΈ–η•Œ
GPG key ID: CD109927C34A63C4
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.11.0-beta.22 Pre-release
Pre-release

πŸ“ Release Notes

  • Fixes and improvements
Assets 48
Loading

1.11.0-beta.20

04 Jan 03:29
@github-actions github-actions
v1.11.0-beta.20
e483c90
This commit was signed with the committer’s verified signature.
nekohasekai δΈ–η•Œ
GPG key ID: CD109927C34A63C4
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.11.0-beta.20 Pre-release
Pre-release

πŸ“ Release Notes

  • Hysteria2 ignore_client_bandwidth behavior update 1
  • Fixes and improvements

1:

When up_mbps and down_mbps are set, ignore_client_bandwidth instead denies clients from using BBR CC.

See Hysteria2.

Assets 48
Loading

1.10.6

04 Jan 03:29
@github-actions github-actions
v1.10.6
578571b
This commit was signed with the committer’s verified signature.
nekohasekai δΈ–η•Œ
GPG key ID: CD109927C34A63C4
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.10.6

πŸ“ Release Notes

  • Fixes and improvements
Assets 48
Loading