- FakeDNS: Added
fakedns+otherssniffer , based on #697 . Thanks @yuhan6665 .
- TLS: A SECURITY improvement that allow the remote peer’s TLS certificate to be pinned to a known value. Document for TLS is updated.
- Observatory: A component that measure the connectivity of selected outbounds. The document for Observatory is updated.
- Routing :
leastPingbalancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time. The document for Routing is updated.
- Fixed two typo in comments. Thanks @U-v-U
- TLS connections with dangerous diagnose option
allowInsecureturn on and without certificate pin with
pinnedPeerCertificateChainSha256will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with
zerosecurity, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever
allowInsecureis turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.
- VMess: From Jan 1, 2022, compatibility for legacy VMess MD5 will be disabled by default. Visit here for more information.
- You are able to compile exactly the same binaries as the ones in Assets section below by simply following the compiling guide.
For downstream developers
The Go module name of
v2ray-core has been changed to
github.com/v2fly/v2ray-core/v4. Do NOT use