AdGuard Home v0.107.72

The first release of the year is always important — it sets the tone for the months ahead 📆

The way we kick things off in 2026 may not be flashy, but it’s a solid mix: the new way of handling TLS certificate updates, a couple of other, minor new features, some configuration changes, a couple of key fixes, and the usual security update.

Stay tuned for more goodies to come!

Acknowledgments

A special thanks to our community moderators team and to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.72 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.7.

Added

• AdGuard Home now tracks the TLS certificate and key files for updates and reloads them after any updates are detected (#3962).

• New query parameter recent in GET /control/stats/ defines statistics lookback period in millieseconds. See openapi/openapi.yaml for details.

• New field "ignored_enabled" in GetStatsConfigResponse or GetQueryLogConfigResponse. See openapi/openapi.yaml for details.

Changed

• In addition to modifying the contents of a hosts file, deleting or renaming the file now also updates runtime clients and DNS filtering results.

Configuration changes

In this release, the schema version has changed from 32 to 33.

• Added a new boolean field ignored_enabled in querylog and statistics config.

  # BEFORE:
  'querylog':
    # …
    'ignored':
    - '|.^'
  'statistics':
    # …
    'ignored':
    - '|.^'
  
  # AFTER:
  'querylog':
    # …
    'ignored':
    - '|.^'
    'ignored_enabled': true
  'statistics':
    # …
    'ignored':
    - '|.^'
    'ignored_enabled': true
    ```
  
  To roll back this change, set the `schema_version` back to `32`.
  

Fixed

• Executable permissions in some Docker installations (#8237).

• Unknown blocked services from both global and client configuration now logged instead of causing server crash.

AdGuard Home v0.108.0-b.82

Changes compared to the previous beta, v0.108.0-b.81. See CHANGELOG.md for all changes.

Full changelog

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.7.

Added

• The TLS certificate and key files are now being tracked for updates, which trigger a reload (#3962).

Fixed

• Executable permissions in some Docker installations (#8237).

AdGuard Home v0.108.0-b.81

Changes compared to the previous beta, v0.108.0-b.80. See CHANGELOG.md for all changes.

Full changelog

Added

• New query parameter recent in GET /control/stats/ defines statistics lookback period in millieseconds. See openapi/openapi.yaml for details.

• New field "ignored_enabled" in GetStatsConfigResponse or GetQueryLogConfigResponse. See openapi/openapi.yaml for details.

Changed

• In addition to modifying the contents of a hosts file, deleting or renaming the file now also updates runtime clients and DNS filtering results.

Configuration changes

In this release, the schema version has changed from 32 to 33.

• Added a new boolean field ignored_enabled in querylog and statistics config.

  # BEFORE:
  'querylog':
    # …
    'ignored':
    - '|.^'
  'statistics':
    # …
    'ignored':
    - '|.^'
  
  # AFTER:
  'querylog':
    # …
    'ignored':
    - '|.^'
    'ignored_enabled': true
  'statistics':
    # …
    'ignored':
    - '|.^'
    'ignored_enabled': true
    ```
  
  To roll back this change, set the `schema_version` back to `32`.
  

Fixed

• Unknown blocked services from both global and client configuration now logged instead of causing server crash.

• Optimistic DNS cache not working (#8148).

AdGuard Home v0.107.71

As it turns out, our changes to optimistic DNS cache in the previous update were a little too optimistic, and we’ve broken it a little bit in the process. This hotfix brings everything back to normal, and, as a bonus, we’re adding new settings for users to manually set the upper age limit and TTL for optimistic cache’s stale answers.

Acknowledgments

A special thanks to our community moderators team and to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.71 GitHub milestone.

Changed

• Stale records in optimistic DNS cache now have an upper age limit controlled by dns.cache_optimistic_max_age. The default value is 12 hours.

• TTL for stale answers from optimistic DNS cache is now controlled by dns.cache_optimistic_answer_ttl. The default value is 30 seconds.

Configuration changes

In this release, the schema version has changed from 31 to 32.

• Added a new string fields dns.cache_optimistic_answer_ttl and dns.cache_optimistic_max_age.

  # BEFORE:
  'dns':
    'cache_enabled': true
    'cache_optimistic': true
    # …
  
  # AFTER:
  'dns':
    'cache_enabled': true
    'cache_optimistic': true
    'cache_optimistic_answer_ttl': '30s'
    'cache_optimistic_max_age': '12h'
    # …

  To roll back this change, set the schema_version back to 31.

Fixed

• Optimistic DNS cache not working (#8148).

AdGuard Home v0.108.0-b.80

Changes compared to the previous beta, v0.108.0-b.79. See CHANGELOG.md for all changes.

Full changelog

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.5.

Changed

• Stale records in optimistic DNS cache now have an upper age limit controlled by dns.cache_optimistic_max_age. The default value is 12 hours.

• TTL for stale answers from optimistic DNS cache is now controlled by dns.cache_optimistic_answer_ttl. The default value is 30 seconds.

Configuration changes

In this release, the schema version has changed from 31 to 32.

• Added a new string fields dns.cache_optimistic_answer_ttl and dns.cache_optimistic_max_age.

  # BEFORE:
  'dns':
    'cache_enabled': true
    'cache_optimistic': true
    # …
  
  # AFTER:
  'dns':
    'cache_enabled': true
    'cache_optimistic': true
    'cache_optimistic_answer_ttl': '30s'
    'cache_optimistic_max_age': '12h'
    # …

  To roll back this change, set the schema_version back to 31.

AdGuard Home v0.107.70

Even when the update we roll out is on the smaller side, we still aim for some diversity in the changelog. A little bit of vulnerability shore-ups, a smidge of bug fixes, a new thing or two, and a couple generic changes — a tried and tested recipe for a good, solid update 🧑‍🍳

Acknowledgments

A special thanks to our community moderators team and to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.70 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.5.

Added

• New field "start_time" in the GET /control/status response.

Changed

• Stale records in optimistic DNS cache now have an upper age limit of 12 hours.
• New blocked services UI.

Fixed

• Generated mobileconfig could not be installed on macOS 26.1.

AdGuard Home v0.108.0-b.79

Changes compared to the previous beta, v0.108.0-b.78. See CHANGELOG.md for all changes.

Full changelog

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.4.

Added

• New field "start_time" in the GET /control/status response.

Changed

• New blocked services UI.

Fixed

• Generated mobileconfig could not be installed on macOS 26.1.

AdGuard Home v0.107.69

AdGuard Home v0.107.69 is here — just a quick pit stop to fix two pesky bugs that tried to sneak past us. No new features this time, but everything should now run a bit smoother (and those bugs have been shown the door).

Full changelog

See also the v0.107.69 GitHub milestone.

Changed

• Node.js 24 is now used to build the frontend.

Deprecated

• Node.js 20 and 22 support.

Fixed

• DHCP settings could not be saved (#8075).
• DNS Rewrite edit modal did not populate with the correct values (#8072).

Removed

• The outdated querylog anonymization script.

AdGuard Home v0.108.0-b.78

Changes compared to the previous beta, v0.108.0-b.77. See CHANGELOG.md for all changes.

Full changelog

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.3.

Added

• New DNS rewrite settings endpoints GET /control/rewrite/settings and PUT /control/rewrite/settings/update (#1765). See openapi/openapi.yaml for details.

Changed

• Node.js 24 is now used to build the frontend.
• POST /control/rewrite/add and PUT /control/rewrite/update now accept the optional field "enabled" (#1765). See openapi/openapi.yaml for details.

Configuration changes

In this release, the schema version has changed from 30 to 31.

• Added a new boolean field filtering.rewrites_enabled to globally enable/disable DNS rewrites.

• Added a new boolean field enabled for each entry in filtering.rewrites to toggle individual rewrites.

  # BEFORE:
  'filtering':
    'rewrites':
      - 'domain': test.example
        'answer': 192.0.2.0
    # …
  
  # AFTER:
  'filtering':
    'rewrites_enabled': true
    'rewrites':
      - 'domain': test.example
        'answer': 192.0.2.0
        'enabled': true
    # …

  To roll back this change, set schema_version back to 30.

Deprecated

• Node.js 20 and 22 support.

Fixed

• DHCP settings could not be saved (#8075).
• DNS Rewrite edit modal did not populate with the correct values (#8072).

Removed

• The outdated querylog anonymization script.

AdGuard Home v0.107.68

Let's get “the usual” out of the way: we’ve made some security updates, as we always do, and even managed to make do without any bug fixes this time, for better or for worse. But let’s focus on the main course: new option to enable and disable DNS rewrite rules 🚦

This was one of the earlier feature requests, and we are happy to finally deliver. You can enable and disable DNS rewrite rules all at once or do so on an individual rewrite basis — both by editing YAML files or via UI.

Acknowledgments

A special thanks to our community moderators team and to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.68 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.3.

Added

• New DNS rewrite settings endpoints GET /control/rewrite/settings and PUT /control/rewrite/settings/update (#1765). See openapi/openapi.yaml for details.
• New fields "groups" and "group_id" added to the HTTP API (GET /control/blocked_services/all). See openapi/openapi.yaml for the full description.

Changed

• POST /control/rewrite/add and PUT /control/rewrite/update now accept the optional field "enabled" (#1765). See openapi/openapi.yaml for details.

Configuration changes

In this release, the schema version has changed from 30 to 31.

• Added a new boolean field filtering.rewrites_enabled to globally enable/disable DNS rewrites.

• Added a new boolean field enabled for each entry in filtering.rewrites to toggle individual rewrites.

  # BEFORE:
  'filtering':
    'rewrites':
      - 'domain': test.example
        'answer': 192.0.2.0
    # …
  
  # AFTER:
  'filtering':
    'rewrites_enabled': true
    'rewrites':
      - 'domain': test.example
        'answer': 192.0.2.0
        'enabled': true
    # …

  To roll back this change, set schema_version back to 30.