Skip to content

Latest commit

 

History

History
756 lines (371 loc) · 44.6 KB

File metadata and controls

756 lines (371 loc) · 44.6 KB

Changelog

1.9.0 (2026-06-15)

Features

  • optional kernel SYN rate-limiter + per-endpoint DC connect timeout (#363) (b346b75)

1.8.1 (2026-06-13)

Bug Fixes

  • dashboard: accept a signed ticket on the log WebSocket (Safari fix) (#359) (1830e87)

1.8.0 (2026-06-13)

Features

  • ctl: tunnel menu redesign + Esc/← "back" navigation in the TUI (#357) (3b66630)

1.7.0 (2026-06-12)

Features

  • proxy: client_silence_close_sec wedge-breaker; drop max_connection_lifetime_sec (#355) (c2464db)

1.6.0 (2026-06-12)

Features

  • proxy: max_connection_lifetime_sec — recycle long-lived relays (RST) to fix resume "updating" hang (#351) (b31c418)

1.5.0 (2026-06-11)

Features

  • faketls: clock-sync, mask-relay cap, fake_cert_size, PROXY-protocol (roadmap wave 2) (#350) (0577bbf)
  • faketls: opt-in SNI-following mask target (mask_sni_safelist) (#349) (cdb22ba)
  • faketls: PQ key_share, RST teardown, jittered desync split, probe metrics (#347) (1160c5e)

1.4.4 (2026-06-11)

Bug Fixes

  • dashboard: offer "Remove dashboard" in the interactive menu when installed (#346) (18f8643)
  • dashboard: show the real masking-endpoint port + add "setup dashboard --remove" (#344) (093ed0d)

1.4.3 (2026-06-10)

Bug Fixes

  • Add tunnel dependency installer smoke (#338) (79ca063)

1.4.2 (2026-06-10)

Bug Fixes

  • middleproxy: detect NAT IP through the egress so socks/tunnel + ad-tag work out of the box (#335) (d377acc)

1.4.1 (2026-06-10)

Bug Fixes

  • dashboard: stop phantom tunnel card flashing in non-tunnel modes (#333) (aace7cc)

1.4.0 (2026-06-10)

Features

  • dashboard: "Bahnhof Console" redesign + fix long-name counter overflow (#328) (5fbd7e3)

Bug Fixes

  • remediate full-repo audit findings (security, robustness, tests) (#331) (b3f1657)

1.3.0 (2026-06-09)

Features

  • egress: interactive share-link egress + split egress/tunnel into sharelink/wg/singbox modules (#326) (729c67d)

1.2.0 (2026-06-09)

Features

  • egress: VPN-link tunnel egress + tunnel-pool failover fix + fronting x25519 helper (#324) (f8bca07)

1.1.1 (2026-06-08)

Bug Fixes

  • install: fronting-domain x25519 check works on OpenSSL 1.1.1 + clearer output (#319) (28e40fb)

1.1.0 (2026-06-08)

Features

  • evasion + robustness + UX bundle (+ Ubuntu 20.04 installer fix) (#316) (a837d89)

1.0.3 (2026-06-08)

Bug Fixes

  • config: handshake flood guard off by default (NAT/VPN-safe) (#314) (77e398a)
  • config: handshake flood guard off by default (NAT/VPN-safe) (#314) (b1eae56)

1.0.2 (2026-06-07)

Bug Fixes

  • cli: honor --help on subcommands; create mtproto user on update (#310) (#311) (8f1da4d)

1.0.1 (2026-06-07)

Bug Fixes

  • middleproxy: hourly + reactive refresh, and a getent fallback on the metadata fetch (#305) (86ccf03)

1.0.0 (2026-06-06)

Features

  • Горячая перезагрузка пользователей доступа по SIGHUP (#302) (3800a9b)

Miscellaneous Chores

0.27.0 (2026-06-05)

Features

0.26.0 (2026-06-05)

Features

0.25.1 (2026-06-04)

Bug Fixes

  • keep tunnel pool timer recurring (7c5fa30)

0.25.0 (2026-05-24)

Features

0.24.1 (2026-05-19)

Bug Fixes

0.24.0 (2026-05-14)

Features

  • add public port override for proxy links (#264) (630de8d)

0.23.4 (2026-05-14)

Bug Fixes

0.23.3 (2026-05-13)

Bug Fixes

0.23.2 (2026-05-11)

Bug Fixes

  • reconnect direct fallback after middleproxy handshake failure (#255) (9bd2e88)
  • decouple MiddleProxy NAT IP from public_ip (#257) (d247ab9)

0.23.1 (2026-05-11)

Bug Fixes

0.23.0 (2026-05-10)

Features

  • add tunnel pool failover and localized docs (#250) (6eb7dff)

0.22.1 (2026-05-05)

Bug Fixes

  • add release asset download fallbacks (#243) (813dc8d)

0.22.0 (2026-05-05)

Features

0.21.3 (2026-05-05)

Bug Fixes

0.21.2 (2026-05-05)

Bug Fixes

0.21.1 (2026-05-05)

Fixes

  • docker: build images with Zig 0.16.0 by default (#232)

0.21.0 (2026-05-05)

Features

  • migrate the project and build workflows to Zig 0.16.0 (#228) (ea0c927)
  • add mtbuddy config validate, mtbuddy config doctor, and mtbuddy config print-effective for config diagnostics (#229) (0fea3fc)
  • add Linux e2e integration harness covering fake Telegram DC, SOCKS5/HTTP CONNECT, MiddleProxy fallback, masking, replay rejection, slowloris, churn, and SIGTERM drain scenarios (#229) (0fea3fc)
  • add parser and state-machine fuzz/property coverage for TLS, MTProto obfuscation, MiddleProxy frames, SOCKS5, HTTP CONNECT, config, replay cache, and subnet limiter (#229) (0fea3fc)
  • add SIGTERM graceful drain, SIGHUP config reload for supported runtime settings, SIGUSR1 stats dump, and mtbuddy reload (#229) (0fea3fc)

Security

  • embed the official minisign public key in release builds and enforce signed release verification by default in mtbuddy install, mtbuddy update, and deploy/bootstrap.sh (#229) (0fea3fc)
  • require explicit --insecure or MTPROTO_INSECURE=1 for unsigned release mode (#229) (0fea3fc)
  • publish and verify per-asset SHA-256 checksums and minisign signatures before extraction or execution (#228) (ea0c927)
  • remove shell-based Cloudflare DNS update execution from ipv6hop and use argv-safe curl plus JSON parsing instead (#228) (ea0c927)
  • hide runtime user secrets and proxy links from proxy startup logs (#228) (ea0c927)

Refactoring

  • split the proxy core into focused modules for connection pool/state, queue I/O, relay steps, MiddleProxy routing/frames/handshake/fallback, upstream failover, fd limits, network detection, and socket helpers (#228) (ea0c927)
  • make ProxyState.init fallible and fail fast on invalid or empty user configuration instead of silently dropping users (#228) (ea0c927)
  • replace the detached MiddleProxy updater with a joined lifecycle and shutdown flag (#228) (ea0c927)

Documentation

  • add SECURITY.md, THREAT_MODEL.md, CONTRIBUTING.md, CODEOWNERS, issue templates, and updated README trust/install guidance (#229) (0fea3fc)
  • document Zig 0.16.0 support, current Make targets, e2e/fuzz commands, kernel/OS compatibility, known limitations, and Telegram compatibility caveats (#229) (0fea3fc)

Fixes

  • support ARM64 dashboard uv installation instead of hard-coding the x86_64 uv archive (#228) (ea0c927)
  • align MiddleProxy memory capacity warnings with effective MiddleProxy usage and unsafe limit handling (#229) (0fea3fc)
  • fix false-positive masking port collision warning for the default tls_domain:443 path (#229) (0fea3fc)
  • localize mtbuddy language selection from LANG/LC_ALL and expose --lang in help (#229) (0fea3fc)

0.20.4 (2026-05-04)

Bug Fixes

  • tunnel: fail fast on AWG install errors and clarify PPA outages (#226) (a2ad347)

0.20.3 (2026-05-02)

Bug Fixes

  • Accept Amnezia vpn links for tunnel setup (#222) (4568c6a)

0.20.2 (2026-05-02)

Bug Fixes

  • support Amnezia vpn links in tunnel setup (#220) (0017d2c)

0.20.1 (2026-04-25)

Bug Fixes

  • resolve dashboard config parsing, UV installation, port conflicts, and Grafana dashboard (#215) (e5f77e6)

0.20.0 (2026-04-22)

Features

  • dashboard: user toggle, per-user session tooltip, input fix (#207) (b5eb3dc)

0.19.3 (2026-04-21)

Bug Fixes

  • dashboard: fix config corruption on user add missing trailing newline (#204) (811b0f7)

0.19.2 (2026-04-20)

Bug Fixes

  • constants: correct bundled middle-proxy addresses to match getProxyConfig (#199) (20c5089)

0.19.1 (2026-04-20)

Bug Fixes

  • proxy: address critical review findings (data corruption, DoS, perf) (#197) (a6b6c80)

0.19.0 (2026-04-15)

Features

  • dashboard: show proxy version in header (#191) (99b5d7d)

0.18.0 (2026-04-15)

Features

0.17.1 (2026-04-13)

Bug Fixes

  • dashboard: detect dead tunnels as unhealthy (#180) (b6e6b8c)

0.17.0 (2026-04-13)

Features

  • mtbuddy enhancements and custom bind IP (#177) (8c6796f)

0.16.0 (2026-04-11)

Features

  • mtbuddy: ask about MiddleProxy during install (#174) (6985478)

0.15.3 (2026-04-11)

Bug Fixes

  • docker: build portable amd64 image to avoid invalid opcode (#170) (79f3e34)

0.15.2 (2026-04-11)

Bug Fixes

  • ci: use valid Zig CLI args in release AES check (#162) (816f702)
  • ctl: remove legacy netns listen directives from nginx masking config (#165) (60af41c)

0.15.1 (2026-04-10)

Bug Fixes

  • proxy: decouple tunnel routing from netns and add dashboard controls (#160) (95b5194)

0.15.0 (2026-04-10)

Features

  • SOCKS5 & HTTP CONNECT upstream proxies, generic tunnel type (#158) (ef5bc9f)

0.14.8 (2026-04-10)

Bug Fixes

  • ctl: unify install to use release artifacts instead of building from source (#156) (f15844b)

0.14.7 (2026-04-10)

Bug Fixes

  • main: enforce fail-closed max_connections safety clamp (#152) (24ea08c)

0.14.6 (2026-04-10)

Bug Fixes

  • ctl: honor configured public IP in generated links (#146) (ce6463d)

0.14.5 (2026-04-10)

Bug Fixes

  • uninstall: stop and disable proxy-monitor service (#144) (a84babf)

0.14.4 (2026-04-10)

Bug Fixes

  • tunnel: tolerate AWG DNS lines in netns setup (#136) (c5748c4)

0.14.3 (2026-04-10)

Bug Fixes

  • mtbuddy: print all user links and persist masking domain (#134) (c457e33)

0.14.2 (2026-04-10)

Bug Fixes

  • bootstrap: redirect ok/step output to stderr to avoid subshell capture pollution (#131) (da886d4)

0.14.1 (2026-04-10)

Bug Fixes

  • bootstrap: download mtbuddy binary instead of mtproto-proxy (#128) (f0d0658)

0.14.0 (2026-04-10)

Features

  • proxy: add --help and --version flags to mtproto-proxy (#127) (3026c42)

Bug Fixes

  • bootstrap: align artifact names with CI output (#124) (d8ccf51)
  • bootstrap: look up binary by artifact name inside archive (#126) (b271a5b)

0.13.0 (2026-04-10)

Features

  • ctl: add --config flag to install command (#121) (8300412)

0.12.0 (2026-04-10)

Features

  • introduce buddy — native installer & control panel (#116) (519baa7)

Bug Fixes

  • docs: replace mp4 videos with gif for README compatibility (#119) (078ab9d)
  • docs: use absolute URLs for README video embeds (#118) (8a920f5)

0.11.0 (2026-04-09)

Features

  • monitor: make host/port configurable and fix awg idle status (#112) (93fec36)

0.10.0 (2026-04-08)

Features

  • config: add per-user MiddleProxy direct bypass (#107) (877b410)

Bug Fixes

  • proxy: improve middle-proxy NAT detection for AWG tunnels (#105) (7b30617)

0.9.4 (2026-04-08)

Bug Fixes

  • deploy: honor configured server port in helper scripts (#101) (#102) (07b3b93)

0.9.3 (2026-04-08)

Bug Fixes

  • public IP in AmneziaWG tunnel mode (#97) (119705b)

0.9.2 (2026-04-08)

Bug Fixes

  • deploy: preserve tunnel service and avoid incompatible release binaries (#93) (7164040)

0.9.1 (2026-04-07)

Bug Fixes

  • proxy: harden relay security and reduce middleproxy memory (#89) (5b36c6d)

0.9.0 (2026-04-07)

Features

  • lightweight monitoring dashboard (#86) (8a56fd8)

0.8.1 (2026-04-07)

Bug Fixes

  • proxy: close slots on client hangup during upstream connect (#84) (353a9c4)

0.8.0 (2026-04-06)

Features

  • implement proxy resilience optimizations (#81) (71fb157)

0.7.1 (2026-04-06)

Bug Fixes

  • proxy: stabilize tunnel middleproxy and tune small-VPS defaults (#78) (5304be3)

0.7.0 (2026-04-05)

Features

  • AmneziaWG tunnel deployment for blocked regions (#74) (ba0cffc)

0.6.2 (2026-04-05)

Bug Fixes

  • deploy: ensure correct permissions on config and deploy dirs (#72) (1d3d4b2)
  • proxy: harden fd-quota handling and nofile defaults (#71) (cb2751a)

0.6.1 (2026-04-05)

Bug Fixes

  • proxy: prevent epoll spin on failed upstream connect (#67) (2ace562)

0.6.0 (2026-04-05)

Architectural rewrite: single-threaded Linux epoll event loop replaces the thread-per-connection model.

Features

  • proxy: epoll event loop with pre-allocated connection pool and non-blocking state machine (#61) (1833855)
  • proxy: slab-based MessageQueue buffer pooling with tiered block sizes (tiny/small/standard)
  • proxy: on-demand heap allocation for idle connections — sub-1 MB baseline RSS
  • proxy: writev scatter-gather I/O for zero-copy relay writes
  • proxy: DRS (Dynamic Record Sizing) — TLS records ramp 1,369 → 16,384 bytes mimicking Chrome/Firefox
  • proxy: Zero-RTT cloaking with local Nginx for active probe timing analysis defeat
  • print startup capacity estimate for connection limits (#58) (6155609)
  • IPv6 AAAA troubleshooting docs for iOS connect delays
  • client behavior matrix skill for platform debugging

Performance Improvements

  • memory: 8.8 MB RSS at 2,000 active TLS-auth connections (~90% less than Go/Rust alternatives)
  • memory: 49 MB RSS at 12,000 idle held sockets (1.5–2.5× less than C implementations)
  • binary: 177 KB static binary, zero external dependencies

0.5.1 (2026-04-04)

Bug Fixes

  • enforce strict max_connections reservation before spawn (#56) (74db0c3)

Performance Improvements

  • apply dynamic record sizing and connection backlog scaling (#53) (e62b56e)

0.5.0 (2026-04-05)

Features

  • docs: remove extra capacity columns from root benchmark table for better readability

0.4.1 (2026-04-04)

Bug Fixes

  • add stability harness and tune middleproxy buffers (#47) (4e98bbe)

0.4.0 (2026-04-04)

Features

  • Add Dockerfile and build instructions (#16) (ba13e35)
  • soak gate CI + re-enable DRS with config toggle (#45) (e1435a8)

0.3.1 (2026-04-03)

Bug Fixes

  • support IPv4-only hosts (no IPv6 required) (#42) (ca3e563), closes #39

0.3.0 (2026-04-03)

Features

  • make tcp listen backlog configurable (#38) (e6bb285)

Bug Fixes

  • proxy: stabilize Ubuntu reconnect and MiddleProxy routing (#36) (4ec90b0)

0.2.2 (2026-04-02)

Bug Fixes

  • middleproxy: assert computed C2S frame size (#31) (6ced4b3)
  • proxy: increase max_connections to 65535 (#27) (52a9fc4), closes #26

0.2.1 (2026-04-02)

Bug Fixes

  • respect mask_port for local masking and ignore .vscode (#24) (b4a5030)

0.2.0 (2026-04-02)

Features

Bug Fixes

  • apply TCPMSS DPI bypass rule to IPv6 out of the box via ip6tables (17a58bd)
  • cache mask domain DNS at startup, prevent SEGFAULT on small-stack threads (8653964)
  • correct Zig tarball naming convention in install script (closes #1) (4affb92)
  • deploy: add missing build dependencies for zapret nfqws (f156511)
  • deploy: prevent apt-get update from crashing installation on third-party repo failures (#4) (51e4c18)
  • disable FAST_MODE for Media DCs to fix large channel images (21f43bd)
  • install xxd in deploy script (closes #13) (b87872d)
  • middleproxy: align promo ME routing and deployment sync (fb285a2)
  • middleproxy: skip s2c noop padding frames (f76998f)
  • middleproxy: stabilize dc203 relay and refresh proxy metadata (b8e2059)
  • proxy: distinguish between native IPv6 and IPv4-mapped IPv6 in connection logs (512be10)
  • proxy: panic in formatting invalid byte array on non-tls connections (#6) (13816d9)
  • proxy: use std.fmt.bytesToHex for Zig 0.15 compatibility (70df373)
  • readExact WouldBlock handling for fragmented TCP, add iptables to install.sh (0a33cbe)
  • remove log_level=.debug override causing 93% CPU under load (5d7d3c1)
  • workaround zig 0.15.2 cross-compilation bug in Makefile (bbb6e22), closes #2