Skip to content

Releases: AdguardTeam/AdGuardHome

AdGuard Home v0.107.55

11 Dec 13:32
Compare
Choose a tag to compare

Time for another release! We encourage all Windows users to play close attention as it addresses a bug that has been affecting some Windows installations. For the rest of AdGuard Home aficionados, we've updated Go version to shore up some vulnerabilities and have dealt with a couple leaks 🚰

Note

This release includes a fix for #7400, which was caused by changes related to #7314 that broke some Windows installations. We've changed the approach to permission handling on Windows to be much more careful about modifying them, but if you're not concerned about this feature, you can always use a --no-permcheck command line option (it works with the -s install command). This will disable any permission manipulation and may leave the system vulnerable.

Acknowledgments

A special thanks to our open-source contributor, @MaggieFero, our community moderators team, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.55 GitHub milestone.

Security

  • The permission check and migration on Windows has been fixed to use the Windows security model more accurately (#7400).

  • Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.23.4.

  • The Windows executables are now signed.

Added

  • The --no-permcheck command-line option to disable checking and migration of permissions for the security-sensitive files and directories, which caused issues on Windows (#7400).

Fixed

  • Setup guide styles in Firefox.

  • Goroutine leak during the upstream DNS server test (#7357).

  • Goroutine leak during configuration update resulting in increased response time (#6818).

AdGuard Home v0.108.0-b.61

04 Dec 16:36
Compare
Choose a tag to compare
Pre-release

Changes compared to the previous beta, v0.108.0-b.60. See CHANGELOG.md for all changes.

Note

This beta includes a fix for #7400, which was caused by changes related to #7314 that broke some Windows installations. We've changed the approach to permission handling on Windows to be much more careful about modifying them, but if you're not concerned about this feature, you can always use a --no-permcheck command line option (it works with the -s install command). This will disable any permission manipulation and may leave the system vulnerable.

Acknowledgments

A special thanks to our open-source contributor @MaggieFero, our community moderators team, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

Security

  • The permission check and migration on Windows has been fixed to use the Windows security model more accurately (#7400).
  • Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.23.4.

Added

  • The --no-permcheck command-line option to disable checking and migration of permissions for the security-sensitive files and directories, which caused issues on Windows (#7400).

Fixed

  • Goroutine leak during the upstream DNS server test (#7357).
  • Goroutine leak during configuration update resulting in increased response time (#6818).

AdGuard Home v0.108.0-b.60

06 Nov 16:46
Compare
Choose a tag to compare
Pre-release

Changes compared to the previous beta, v0.108.0-b.59. See CHANGELOG.md for all changes.

Warning

This beta includes a fix for a specific issue caused by changes related to #7314 that broke the update process. In short, if you've updated to v0.108.0-b.59 on Windows, this may have caused AdGuard Home to restrict itself from running by setting incorrect permissions on the binary. This release should fix this behavior, but for those who have encountered this problem, the following steps should help:

  1. Go to the AdGuard Home working directory, right click on AdGuardHome.exe, choose "Properties";

  2. go to "Security" tab, click "Advanced";

  3. click "Continue" (it requires Administrator rights);

  4. choose the "Administrators" group, click "Edit";

  5. click "Show advanced permissions";

  6. tick "Traverse folder / Execute file" and "Full control", save the changes.

    permissions

After that the binary should become executable from PowerShell with Administrator rights.

Full changelog

Security

  • The release executables are now signed.

AdGuard Home v0.107.54

06 Nov 13:26
Compare
Choose a tag to compare

This AdGuard Home update will be of particular interest to Windows users. We've made the necessary security improvements for Windows that we didn't have time to implement in the previous version. But there's always something for everyone in AdGuard Home updates, not just for Windows enjoyers: filters perform better now and, of course, we've done out fair share of bug fixing.

Acknowledgments

A special thanks to our open-source contributor @GnatorX, our community moderators team, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.54 GitHub milestone.

Security

  • AdGuard Home now properly sets permissions to its files and directories on Windows (#7314).

Changed

  • Improved filtering performance (#6818).

Fixed

  • Repetitive statistics log messages (#7338).
  • Custom client cache (#7250).
  • Missing runtime clients with information from the system hosts file on first AdGuard Home start (#7315).

AdGuard Home v0.108.0-b.59

29 Oct 13:25
Compare
Choose a tag to compare
Pre-release

Changes compared to the previous beta, v0.108.0-b.58. See CHANGELOG.md for all changes.

Acknowledgments

A special thanks to our open-source contributor @GnatorX, our community moderators team, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

Security

  • AdGuard Home now properly sets permissions to its files and directories on Windows (#7314).

Changed

  • Improved filtering performance (#6818).

Fixed

  • Repetitive statistics log messages (#7338).
  • Custom client cache (#7250).
  • Missing runtime clients with information from the system hosts file on first AdGuard Home start (#7315).

AdGuard Home v0.107.53

03 Oct 12:46
Compare
Choose a tag to compare

It's been a while since we postponed the next AdGuard Home update for a few months. But of course, we had a good reason for it: with the help of community members (we are very thankful to you! πŸ™), we discovered two vulnerabilities and have been working on patching them. Testing the solutions took a bit longer than expected, but in the end, we believe in quality over speed.

Luckily, it's not all patching vulnerabilities and fixing bugs; we've made some improvements, too. For example, we've added support for 64-bit RISC-V architecture and Ecosia search engine to Safe Search. Find the complete changelog below.

Acknowledgments

A special thanks to our open-source contributor, @javabean, to @itz-d0dgy and @go-compile for reporting the vulnerabilities, our community moderators team, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

Security

  • Previous versions of AdGuard Home allowed users to add any system file it had access to as filters, exposing them to be world-readable. To prevent this, AdGuard Home now allows adding filtering-rule list files only from files matching the patterns enumerated in the filtering.safe_fs_patterns property in the configuration file.

    We thank @itz-d0dgy for reporting this vulnerability, designated CVE-2024-36814, to us.

  • Additionally, AdGuard Home will now try to change the permissions of its files and directories to more restrictive ones to prevent similar vulnerabilities as well as limit the access to the configuration.

    We thank @go-compile for reporting this vulnerability, designated CVE-2024-36586, to us.

  • Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.23.2.

Added

  • Support for 64-bit RISC-V architecture (#5704).
  • Ecosia search engine is now supported in safe search (#5009).

Changed

  • Upstream server URL domain names requirements has been relaxed and now follow the same rules as their domain specifications.

Configuration changes

In this release, the schema version has changed from 28 to 29.

  • The new array filtering.safe_fs_patterns contains glob patterns for paths of files that can be added as local filtering-rule lists. The migration should add list files that have already been added, as well as the default value, $DATA_DIR/userfilters/*.

Fixed

  • Property clients.runtime_sources.dhcp in the configuration file not taking effect.
  • Stale Google safe search domains list (#7155).
  • Bing safe search from Edge sidebar (#7154).
  • Text overflow on the query log page (#7119).

Known issues

  • Due to the complexity of the Windows permissions architecture and poor support from the standard Go library, we have to postpone the proper automated Windows fix until the next release.

    Temporary workaround: Set the permissions of the AdGuardHome directory to more restrictive ones manually. To do that:

    1. Locate the AdGuardHome directory.
    2. Right-click on it and navigate to Properties β†’ Security β†’ Advanced.
    3. (You might need to disable permission inheritance to make them more restricted.)
    4. Adjust to give the Full control access to only the user which runs AdGuard Home. Typically, Administrator.

    An example of a what a properly restricted configuration could look like:

    permissions

AdGuard Home v0.108.0-b.58

02 Oct 18:29
Compare
Choose a tag to compare
Pre-release

Changes compared to the previous beta, v0.108.0-b.57. See CHANGELOG.md for all changes.

Security

  • Previous versions of AdGuard Home allowed users to add any system it had access to as filters, exposing them to be world-readable. To prevent this, AdGuard Home now allows adding filtering-rule list files only from files matching the patterns enumerated in the filtering.safe_fs_patterns property in the configuration file.

    We thank @itz-d0dgy for reporting this vulnerability, designated CVE-2024-36814, to us.

  • Additionally, AdGuard Home will now try to change the permissions of its files and directories to more restrictive ones to prevent similar vulnerabilities as well as limit the access to the configuration.

    We thank @go-compile for reporting this vulnerability, designated CVE-2024-36586, to us.

  • Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.23.2.

Added

  • Support for 64-bit RISC-V architecture (#5704).
  • Ecosia search engine is now supported in safe search (#5009).

Changed

  • Upstream server URL domain names requirements has been relaxed and now follow the same rules as their domain specifications.

Configuration changes

In this release, the schema version has changed from 28 to 29.

  • The new array filtering.safe_fs_patterns contains glob patterns for paths of files that can be added as local filtering-rule lists. The migration should add list files that have already been added, as well as the default value, $DATA_DIR/userfilters/*.

Fixed

  • Property clients.runtime_sources.dhcp in the configuration file not taking effect.
  • Update Google safe search domains list (#7155).
  • Enforce Bing safe search from Edge sidebar (#7154).
  • Text overflow on the query log page (#7119).

Known issues

  • Due to the complexity of the Windows permissions architecture and poor support from the standard Go library, we have to postpone the proper automated Windows fix until the next release.

    Temporary workaround: Set the permissions of the AdGuardHome directory to more restrictive ones manually. To do that:

    1. Locate the AdGuardHome directory.
    2. Right-click on it and navigate to Properties β†’ Security β†’ Advanced.
    3. (You might need to disable permission inheritance to make them more restricted.)
    4. Adjust to give the Full control access to only the user which runs AdGuard Home. Typically, Administrator.

AdGuard Home v0.107.52

04 Jul 15:51
Compare
Choose a tag to compare

In this release we have fixed a number of bugs, migrated our front-end to TypeScript and updated our front-end libraries to improve the quality of development and your user experience.

Acknowledgements

A special thanks to our community moderation team, @AdguardTeam/community-moderators, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.52 GitHub milestone.

Security

  • Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.22.5.

Added

  • The ability to disable logging using the new log.enabled configuration property (#7079).

Changed

  • Frontend rewritten in TypeScript.

  • The systemd-based service now uses journal for logging by default. It also doesn't create the /var/log/ directory anymore (#7053).

    NOTE: With an installed service for changes to take effect, you need to reinstall the service using -r flag of the install script or via the CLI (with root privileges):

    ./AdGuardHome -s uninstall
    ./AdGuardHome -s install

    Don't forget to backup your configuration file and other important data before reinstalling the service.

Deprecated

  • Node 18 support, Node 20 will be required in future releases.

Fixed

  • Panic caused by missing user-specific blocked services object in configuration file (#7069).

  • Tracking /etc/hosts file changes causing panics within particular filesystems on start (#7076).

AdGuard Home v0.108.0-b.57

03 Jul 13:41
Compare
Choose a tag to compare
Pre-release

Changes compared to the previous beta, v0.108.0-b.56. See CHANGELOG.md for all changes.

Acknowledgements

A special thanks to our community moderation team, @AdguardTeam/community-moderators, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

Security

  • Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.22.5.

Added

  • The ability to disable logging using the new log.enabled configuration property (#7079).

Changed

  • Frontend rewritten in TypeScript.

  • The systemd-based service now uses journal for logging by default. It also doesn't create the /var/log/ directory anymore (#7053).

    NOTE: With an installed service for changes to take effect, you need to reinstall the service using -r flag of the install script or via the CLI (with root privileges):

    ./AdGuardHome -s uninstall
    ./AdGuardHome -s install

    Don't forget to backup your configuration file and other important data before reinstalling the service.

  • The HTTP server's write timeout has been increased from 1 minute to 5 minutes to match the one used by AdGuard Home's HTTP client to fetch filtering-list data (#7041).

Deprecated

  • Node 18 support, Node 20 will be required in future releases.

Fixed

  • Unnecessary validation call on the encryption page.
  • Missing version in the footer.
  • Panic caused by missing user-specific blocked services object in configuration file (#7069).
  • Tracking /etc/hosts file changes causing panics within particular filesystems on start (#7076).

AdGuard Home v0.107.51

06 Jun 14:41
Compare
Choose a tag to compare

A small bugfix and security release. We are working on new features in future releases.

Full changelog

See also the v0.107.51 GitHub milestone.

Security

  • Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.22.4.

Changed

  • The HTTP server's write timeout has been increased from 1 minute to 5 minutes to match the one used by AdGuard Home's HTTP client to fetch filtering-list data (#7041).