1.9.0 (2026-06-15)
1.8.1 (2026-06-13)
1.8.0 (2026-06-13)
1.7.0 (2026-06-12)
1.6.0 (2026-06-12)
- proxy: max_connection_lifetime_sec — recycle long-lived relays (RST) to fix resume "updating" hang (#351) (b31c418)
1.5.0 (2026-06-11)
- faketls: clock-sync, mask-relay cap, fake_cert_size, PROXY-protocol (roadmap wave 2) (#350) (0577bbf)
- faketls: opt-in SNI-following mask target (mask_sni_safelist) (#349) (cdb22ba)
- faketls: PQ key_share, RST teardown, jittered desync split, probe metrics (#347) (1160c5e)
1.4.4 (2026-06-11)
- dashboard: offer "Remove dashboard" in the interactive menu when installed (#346) (18f8643)
- dashboard: show the real masking-endpoint port + add "setup dashboard --remove" (#344) (093ed0d)
1.4.3 (2026-06-10)
1.4.2 (2026-06-10)
- middleproxy: detect NAT IP through the egress so socks/tunnel + ad-tag work out of the box (#335) (d377acc)
1.4.1 (2026-06-10)
1.4.0 (2026-06-10)
1.3.0 (2026-06-09)
- egress: interactive share-link egress + split egress/tunnel into sharelink/wg/singbox modules (#326) (729c67d)
1.2.0 (2026-06-09)
1.1.1 (2026-06-08)
1.1.0 (2026-06-08)
1.0.3 (2026-06-08)
- config: handshake flood guard off by default (NAT/VPN-safe) (#314) (77e398a)
- config: handshake flood guard off by default (NAT/VPN-safe) (#314) (b1eae56)
1.0.2 (2026-06-07)
1.0.1 (2026-06-07)
- middleproxy: hourly + reactive refresh, and a getent fallback on the metadata fetch (#305) (86ccf03)
1.0.0 (2026-06-06)
- release 1.0.0 (5992997)
0.27.0 (2026-06-05)
0.26.0 (2026-06-05)
0.25.1 (2026-06-04)
- keep tunnel pool timer recurring (7c5fa30)
0.25.0 (2026-05-24)
0.24.1 (2026-05-19)
0.24.0 (2026-05-14)
0.23.4 (2026-05-14)
0.23.3 (2026-05-13)
0.23.2 (2026-05-11)
- reconnect direct fallback after middleproxy handshake failure (#255) (9bd2e88)
- decouple MiddleProxy NAT IP from public_ip (#257) (d247ab9)
0.23.1 (2026-05-11)
0.23.0 (2026-05-10)
0.22.1 (2026-05-05)
0.22.0 (2026-05-05)
0.21.3 (2026-05-05)
0.21.2 (2026-05-05)
0.21.1 (2026-05-05)
- docker: build images with Zig 0.16.0 by default (#232)
0.21.0 (2026-05-05)
- migrate the project and build workflows to Zig 0.16.0 (#228) (ea0c927)
- add
mtbuddy config validate,mtbuddy config doctor, andmtbuddy config print-effectivefor config diagnostics (#229) (0fea3fc) - add Linux e2e integration harness covering fake Telegram DC, SOCKS5/HTTP CONNECT, MiddleProxy fallback, masking, replay rejection, slowloris, churn, and SIGTERM drain scenarios (#229) (0fea3fc)
- add parser and state-machine fuzz/property coverage for TLS, MTProto obfuscation, MiddleProxy frames, SOCKS5, HTTP CONNECT, config, replay cache, and subnet limiter (#229) (0fea3fc)
- add SIGTERM graceful drain, SIGHUP config reload for supported runtime settings, SIGUSR1 stats dump, and
mtbuddy reload(#229) (0fea3fc)
- embed the official minisign public key in release builds and enforce signed release verification by default in
mtbuddy install,mtbuddy update, anddeploy/bootstrap.sh(#229) (0fea3fc) - require explicit
--insecureorMTPROTO_INSECURE=1for unsigned release mode (#229) (0fea3fc) - publish and verify per-asset SHA-256 checksums and minisign signatures before extraction or execution (#228) (ea0c927)
- remove shell-based Cloudflare DNS update execution from
ipv6hopand use argv-safe curl plus JSON parsing instead (#228) (ea0c927) - hide runtime user secrets and proxy links from proxy startup logs (#228) (ea0c927)
- split the proxy core into focused modules for connection pool/state, queue I/O, relay steps, MiddleProxy routing/frames/handshake/fallback, upstream failover, fd limits, network detection, and socket helpers (#228) (ea0c927)
- make
ProxyState.initfallible and fail fast on invalid or empty user configuration instead of silently dropping users (#228) (ea0c927) - replace the detached MiddleProxy updater with a joined lifecycle and shutdown flag (#228) (ea0c927)
- add
SECURITY.md,THREAT_MODEL.md,CONTRIBUTING.md, CODEOWNERS, issue templates, and updated README trust/install guidance (#229) (0fea3fc) - document Zig 0.16.0 support, current Make targets, e2e/fuzz commands, kernel/OS compatibility, known limitations, and Telegram compatibility caveats (#229) (0fea3fc)
- support ARM64 dashboard uv installation instead of hard-coding the x86_64 uv archive (#228) (ea0c927)
- align MiddleProxy memory capacity warnings with effective MiddleProxy usage and unsafe limit handling (#229) (0fea3fc)
- fix false-positive masking port collision warning for the default
tls_domain:443path (#229) (0fea3fc) - localize
mtbuddylanguage selection fromLANG/LC_ALLand expose--langin help (#229) (0fea3fc)
0.20.4 (2026-05-04)
0.20.3 (2026-05-02)
0.20.2 (2026-05-02)
0.20.1 (2026-04-25)
- resolve dashboard config parsing, UV installation, port conflicts, and Grafana dashboard (#215) (e5f77e6)
0.20.0 (2026-04-22)
0.19.3 (2026-04-21)
0.19.2 (2026-04-20)
0.19.1 (2026-04-20)
0.19.0 (2026-04-15)
0.18.0 (2026-04-15)
- dashboard: replace pip3 with uv for dependency management (#189) (83614bc), closes #185
- Metrics endpoint (#179) (6cc6674)
0.17.1 (2026-04-13)
0.17.0 (2026-04-13)
0.16.0 (2026-04-11)
0.15.3 (2026-04-11)
0.15.2 (2026-04-11)
- ci: use valid Zig CLI args in release AES check (#162) (816f702)
- ctl: remove legacy netns listen directives from nginx masking config (#165) (60af41c)
0.15.1 (2026-04-10)
0.15.0 (2026-04-10)
0.14.8 (2026-04-10)
0.14.7 (2026-04-10)
0.14.6 (2026-04-10)
0.14.5 (2026-04-10)
0.14.4 (2026-04-10)
0.14.3 (2026-04-10)
0.14.2 (2026-04-10)
0.14.1 (2026-04-10)
0.14.0 (2026-04-10)
- bootstrap: align artifact names with CI output (#124) (d8ccf51)
- bootstrap: look up binary by artifact name inside archive (#126) (b271a5b)
0.13.0 (2026-04-10)
0.12.0 (2026-04-10)
- docs: replace mp4 videos with gif for README compatibility (#119) (078ab9d)
- docs: use absolute URLs for README video embeds (#118) (8a920f5)
0.11.0 (2026-04-09)
0.10.0 (2026-04-08)
0.9.4 (2026-04-08)
0.9.3 (2026-04-08)
0.9.2 (2026-04-08)
0.9.1 (2026-04-07)
0.9.0 (2026-04-07)
0.8.1 (2026-04-07)
0.8.0 (2026-04-06)
0.7.1 (2026-04-06)
0.7.0 (2026-04-05)
0.6.2 (2026-04-05)
- deploy: ensure correct permissions on config and deploy dirs (#72) (1d3d4b2)
- proxy: harden fd-quota handling and nofile defaults (#71) (cb2751a)
0.6.1 (2026-04-05)
0.6.0 (2026-04-05)
Architectural rewrite: single-threaded Linux epoll event loop replaces the thread-per-connection model.
- proxy: epoll event loop with pre-allocated connection pool and non-blocking state machine (#61) (1833855)
- proxy: slab-based
MessageQueuebuffer pooling with tiered block sizes (tiny/small/standard) - proxy: on-demand heap allocation for idle connections — sub-1 MB baseline RSS
- proxy:
writevscatter-gather I/O for zero-copy relay writes - proxy: DRS (Dynamic Record Sizing) — TLS records ramp 1,369 → 16,384 bytes mimicking Chrome/Firefox
- proxy: Zero-RTT cloaking with local Nginx for active probe timing analysis defeat
- print startup capacity estimate for connection limits (#58) (6155609)
- IPv6 AAAA troubleshooting docs for iOS connect delays
- client behavior matrix skill for platform debugging
- memory: 8.8 MB RSS at 2,000 active TLS-auth connections (~90% less than Go/Rust alternatives)
- memory: 49 MB RSS at 12,000 idle held sockets (1.5–2.5× less than C implementations)
- binary: 177 KB static binary, zero external dependencies
0.5.1 (2026-04-04)
0.5.0 (2026-04-05)
- docs: remove extra capacity columns from root benchmark table for better readability
0.4.1 (2026-04-04)
0.4.0 (2026-04-04)
- Add Dockerfile and build instructions (#16) (ba13e35)
- soak gate CI + re-enable DRS with config toggle (#45) (e1435a8)
0.3.1 (2026-04-03)
0.3.0 (2026-04-03)
0.2.2 (2026-04-02)
- middleproxy: assert computed C2S frame size (#31) (6ced4b3)
- proxy: increase max_connections to 65535 (#27) (52a9fc4), closes #26
0.2.1 (2026-04-02)
0.2.0 (2026-04-02)
- deploy: add automate migrate command to push existing config to new servers (5c96c4e)
- deploy: add optional Cloudflare DNS update to migration script (ccfc6a4)
- deploy: add safe in-place server update flow (#23) (2bdf27a)
- deploy: automate zero-RTT masking and OS-level tcp desync (c7838c8)
- deploy: extract DNS update into a standalone make target (69ddfa0)
- env example (5774ccc)
- env example (10b9722)
- gemini md update anti dpi research (b940bed)
- Initial (bafd7e0)
- Initial (58aa01b)
- Initial (a3cc105)
- Initial (9481687)
- Initial (61c723e)
- Initial (ba009f3)
- Initial (d32b49b)
- Initial (64f85ea)
- Initial (bd131ce)
- Initial (7b1397b)
- Initial (3b951da)
- Initial (eab15ed)
- Initial (2298fb3)
- Initial (049d82e)
- Initial (4285955)
- Initial (2471da7)
- Initial (e97fa99)
- Initial (b76afda)
- Initial (6d55a6e)
- Initial (84cf8b3)
- Initial (b0b8e1e)
- Initial (074f16e)
- Initial (5000a46)
- three-layer DPI bypass (\u0422\u0421\u041f\u0423 evasion) (a6d7aae)
- apply TCPMSS DPI bypass rule to IPv6 out of the box via ip6tables (17a58bd)
- cache mask domain DNS at startup, prevent SEGFAULT on small-stack threads (8653964)
- correct Zig tarball naming convention in install script (closes #1) (4affb92)
- deploy: add missing build dependencies for zapret nfqws (f156511)
- deploy: prevent apt-get update from crashing installation on third-party repo failures (#4) (51e4c18)
- disable FAST_MODE for Media DCs to fix large channel images (21f43bd)
- install xxd in deploy script (closes #13) (b87872d)
- middleproxy: align promo ME routing and deployment sync (fb285a2)
- middleproxy: skip s2c noop padding frames (f76998f)
- middleproxy: stabilize dc203 relay and refresh proxy metadata (b8e2059)
- proxy: distinguish between native IPv6 and IPv4-mapped IPv6 in connection logs (512be10)
- proxy: panic in formatting invalid byte array on non-tls connections (#6) (13816d9)
- proxy: use std.fmt.bytesToHex for Zig 0.15 compatibility (70df373)
- readExact WouldBlock handling for fragmented TCP, add iptables to install.sh (0a33cbe)
- remove log_level=.debug override causing 93% CPU under load (5d7d3c1)
- workaround zig 0.15.2 cross-compilation bug in Makefile (bbb6e22), closes #2