v1.8.11

Features

• #232 Send data along with handshake (LOCAL -> REMOTE)
• HTTP server supports https target with both native-tls and rustls
  • For rustls, https connections will try to negociate h2 with ALPN
• shadowsocks/shadowsocks-org#161 Support none as dummy cipher's name
• Adding local-tunnel feature for controlling tunnel protocol
• #252 Support udp_max_associations configuration option
• Various updates for local-dns-relay for Android integration

Fixed BUGs

• #234 Ensure plugin subprocesses are killed when server is exited
  • On *NIX platform, SIGTERM is sent to plugins for graceful exit
• #237 Increase regex memory limit for ACL host rules
• #240 Wait for 10 seconds for plugins to start
• ssserver should start plugins with PluginMode::Server

BREAKING Changes

• Removed Runtime's Handle for all run entry functions

v1.8.10

Features

• Support ACL configuration
  • Examples could be found in shadowsocks/shadowsocks-libev
• sslocal supports transparent proxy protocol (experimental)
  • TCP
    • Linux: iptables with REDIRECT or TPROXY rules
    • macOS: pf
    • FreeBSD: pf or ipfw, not tested
    • OpenBSD: pf, not tested
  • UDP
    • Linux: iptables with TPROXY rules
    • FreeBSD/OpenBSD: pf, not tested
  • Usage: Run sslocal with --protocol redir
• Better command line option verifications

Fixed BUGs

• sslocal with HTTP protocol clears Hop-by-Hop headers
• CryptoStream is now thread safe
• #222 rc4 cipher is now working

Miscellaneous

• Integrate into the Android's client implementation, shadowsocks/shadowsocks-android#2452
  • Not finished yet, you shouldn't use them in production environment
• Abort on panic! for release builds
• #223 --log-without-time command line option is added back
• #205 -6 command line option to resolve host names to IPv6 addresses first

BREAKING Changes

• Merged sstunnel and ssredir into sslocal
• DNS-over-HTTPS and DNS-over-TLS are disabled by default, could be enabled by features dns-over-https and dns-over-tls
• #217 Logging output uses local datetime instead of UTC
  • Logging output is now in customized format

v1.8.9

Features

• ssmanager - Supports Manage Multiple Users APIs

  • Create / Remove servers in the same tokio runtime dynamically

• Fallback to tokio's builtin DNS resolver (currently it is libstd's builtin) if trust-dns's resolver initialize failed

Fixed BUGs

• Ping tasks will panic if remote servers fail to connect for the first time

v1.8.8

Features

• ssredir - (Experimental) Transparent Proxy. Currently only supports the following platforms:
  • Linux - TCP: REDIRECT and TPROXY, UDP: TPROXY
  • FreeBSD - TCP, UDP: ipfw

BUG Fixed

• Enable TCP_NODELAY for better handshaking performance, for
  • sslocal's socks5 protocol handshaking
  • Local and Remote server shadowsocks' IV/nonce exchanging
• Ensure plugins starts before listening for sslocal
  • Eliminated those connection failures while sslocal server just started
• #191 Skip IV/nonce duplication check for plain cipher

Miscelleous

• Nightly builds on CircleCI: https://circleci.com/gh/shadowsocks/shadowsocks-rust
  • Obtain release binaries in #Artifacts, for example:
    • https://circleci.com/gh/shadowsocks/shadowsocks-rust/151#artifacts/containers/0

v1.8.7

Features

• Set RLIMIT_NOFILE on *nix systems by
  • -r, --nofile command line argument
  • nofile key in configuration file

BUG Fixed

• ssserver shouldn't use local_port in configuration to bind() before connect() or sendto()
  • Command line argument --bind-addr or -b should only accept IP or Domain

v1.8.6

Basically the same as v1.8.5, but prints the actual error while handshaking with clients. Useful if server received a repeated IV and salt (probably replay attacks).

v1.8.5

Features

• Add feature trust-dns to allow disable depending on trust-dns-resolver
  • Disabling trust-dns would significantly shrink the size of binaries
• #26 UDP servers will also bind() to local_address and local_port
• Check repeated IV / Salt for defending against replay attacks
  • Defend against replay attack

v1.8.4

Features

• ssserver supports bind before connect to remote addresses. Can be configured by
  • local_address and local_port in config.json
  • -b or --bind-address in command line parameter
    Suggestion: Port should be set to 0 otherwise you will get EADDRINUSE

Breaking Changes

• ssserver won't ignore local_address and local_port in config.json

v1.8.3

Enhancements

• Refactored PingBalancer for supporting customized Server Configuration structure

  • For Example: HTTP sslocal can stores HttpClients into the ServerScore structure instead of putting them into a HashMap.

• Removed trust-dns feature gate, set as default.

Releases

• shadowsocks-v1.8.0-stable.x86_64-unknown-linux-musl.tar.xz
  • SHA256 d4144b0c13789c8755448a6b68c8c04c46376013d340a3c8940344b1ba17bc4f
• shadowsocks-v1.8.0-stable.x86_64-pc-windows-gnu.zip
  • SHA256 f619061c143ca6c743922d0dd6daa45a6273f929b3f8c4d77b0bb42fd71b1ee4

v1.8.2

Enhancements

• Refactored PingBalancer for supporting customized Server Configuration structure

  • For Example: HTTP sslocal can stores HttpClients into the ServerScore structure instead of putting them into a HashMap.

• Removed trust-dns feature gate, set as default.