Skip to content

AdGuard Home v0.107.34

Compare
Choose a tag to compare
@adguard-bot adguard-bot released this 12 Jul 12:48
· 1000 commits to master since this release

This release improves the security of AdGuard Home and fixes a few larger issues.

Safe Browsing and CPU spikes

Back in June we released a security update to AdGuard Home with a few bugfixes. Ironically, it brought about another bug. Safe Browsing and Parental Control weren't working properly since then, which in some cases led to lowered performance, random crashes, and huge CPU spikes.

It took us an entire month to get to the bottom of this, and it certainly would have taken even longer if not for the awesome community members: @bigwookie, @TheCableGuy99, and others. It turned out that “The Big Bug” was, in fact, three smaller bugs in a trenchcoat. And they were all mercilessly dealt with in this update.

Docker HEALTHCHECK

Docker users should note that the Docker HEALTHCHECK mechanism has been removed, since it was causing a lot of issues, especially when used with Podman and other popular Docker tools.

Acknowledgements

A special thanks to our open-source contributor, @Jiraiya8, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.34 GitHub milestone.

Security

  • Go version has been updated to prevent the possibility of exploiting the CVE-2023-29406 Go vulnerability fixed in Go 1.19.11.

Added

  • Ability to ignore queries for the root domain, such as NS . queries (#5990).

Changed

  • Improved CPU and RAM consumption during updates of filtering-rule lists.

Configuration Changes

In this release, the schema version has changed from 23 to 24.

  • Properties starting with log_, and verbose property, which used to set up logging are now moved to the new object log containing new properties file, max_backups, max_size, max_age, compress, local_time, and verbose:

    # BEFORE:
    'log_file': ""
    'log_max_backups': 0
    'log_max_size': 100
    'log_max_age': 3
    'log_compress': false
    'log_localtime': false
    'verbose': false
    
    # AFTER:
    'log':
        'file': ""
        'max_backups': 0
        'max_size': 100
        'max_age': 3
        'compress': false
        'local_time': false
        'verbose': false

    To rollback this change, remove the new object log, set back log_ and verbose properties and change the schema_version back to 23.

Deprecated

  • Default exposure of the non-standard ports 784 and 8853 for DNS-over-QUIC in the Dockerfile.

Fixed

  • Two unspecified IPs when a host is blocked in two filter lists (#5972).

  • Incorrect setting of Parental Control cache size.

  • Excessive RAM and CPU consumption by Safe Browsing and Parental Control filters (#5896).

Removed

  • The HEALTHCHECK section and the use of tini in the ENTRYPOINT section in Dockerfile (#5939). They caused a lot of issues, especially with tools like docker-compose and podman.

    NOTE: Some Docker tools may cache ENTRYPOINT and HEALTHCHECK sections, so some users may be required to backup their configuration, stop the container, purge the old image, and reload it from scratch.