V2Fly - Notification and Updates, V2Ray the second new

v4.38.3 is released. (Stable Release)

This release includes security functionality improvement for some users.

Feature

* FakeDNS: Added fakedns+others sniffer. Thanks yuhan6665 .
* TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value.
* Observatory: A component that measure the connectivity of selected outbounds.
* Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time.

Fix

* Fixed crashing in fake dns. Thanks IceCodeNew
* Added IPv6 pool in fake dns by default. Thanks Loyalsoldier
* Return ErrEmptyResponse for fakedns. Thanks sixg0000d
* Fixed UDP DNS connection cause crash. Thanks nekohasekai
* Multi-json support for observatory, browser forwarder. Thanks ha-ku AkinoKaede

Chore

* Fixed two typo in comments. Thanks U-v-U

Security Advisory

* TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.

GitHub

Release v4.38.3 · v2fly/v2ray-core

Feature

FakeDNS: Added fakedns+others sniffer , based on #697 . Thanks @yuhan6665 .
TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value. Doc...

www.tg-me.com/hk/V2Fly Notification and Updates V2Ray the second new/com.v2fly/86

21.1K viewsShelikhoo [aka Shell] 0x7791BDB0709ABD21, edited  Apr 30, 2021 at 20:19

v4.38.3 is released. (Stable Release)

This release includes security functionality improvement for some users.

Feature

* FakeDNS: Added fakedns+others sniffer. Thanks yuhan6665 .
* TLS: A SECURITY improvement that allow the remote peer's TLS certificate to be pinned to a known value.
* Observatory: A component that measure the connectivity of selected outbounds.
* Routing : leastPing balancing strategy is added. This strategy will select a outbound that is alive and completed HTTPS GET request in the least time.

Fix

* Fixed crashing in fake dns. Thanks IceCodeNew
* Added IPv6 pool in fake dns by default. Thanks Loyalsoldier
* Return ErrEmptyResponse for fakedns. Thanks sixg0000d
* Fixed UDP DNS connection cause crash. Thanks nekohasekai
* Multi-json support for observatory, browser forwarder. Thanks ha-ku AkinoKaede

Chore

* Fixed two typo in comments. Thanks U-v-U

Security Advisory

* TLS connections with dangerous diagnose option allowInsecure turn on and without certificate pin with pinnedPeerCertificateChainSha256 will not be able protect your data at all from a attacker in privileged network path(for example ISP or any firewall or censorship infrastructure). This is especially dangerous when an unprotected protocol or option is used, such as any VLess configuration, VMess with none or zero security, and any trojan configuration, in which case your data is accessible to attacker in plain text and attacker can inject arbitrary data pretending to the the remote server. In the case of VLess and trojan, the proxy protocol access control credential is also exposed to the attacker, the attacker will be able to use your proxy. You are advised to use certificate pin (and/or other security features provided in a later version of V2Ray) whenever allowInsecure is turned on. Attempting to MITM your connection temporarily to identify TLS based proxy is a known threat.

BY V2Fly - Notification and Updates, V2Ray the second new