| blob | a625d938bfa3157fd4d573a031b46ef0eeb9e8ad |
2 * Version 1.6.1:
3 - Security: malformed packets could cause the OpenDNS deviceid,
4 OpenDNS set-client-ip, blocking and AAAA blocking plugins to use
5 uninitialized pointers, leading to a denial of service or possibly
6 code execution. The vulnerable code is present since dnscrypt-proxy
7 1.1.0. OpenDNS users and people using dnscrypt-proxy in order to block
8 domain names and IP addresses should upgrade as soon as possible.
10 * Version 1.6.0:
11 - New feature: public-key based client authentication (-K), for
12 private and commercial DNS services to securely authenticate the
13 sender of a query no matter what the source IP address is, without
14 altering the DNS query.
15 - On Windows, paths are now relative to the application folder. Which
16 means that the -L option is usually not required any more if the CSV
17 file is in the same folder as the dnscrypt-proxy executable. Full
18 paths to plugins are not required any more either; plugin names can be
19 given directly.
21 * Version 1.5.0:
22 - New option: -E, to use an ephemeral key pair for each query.
23 - Logging to files is supported on Windows.
24 - TCP FASTOPEN is now enabled on Linux.
26 * Version 1.4.3:
27 - libevent update, including a fix for CVE-2014-6272
28 - Two new public dnscrypt resolvers were added: opennic-us-wa-ns1 and
29 dnscrypt.org-fr.
30 - d0wn servers in France IP have changed.
31 - Compilation fixes.
33 * Version 1.4.2:
34 - New compilation switch: --with-systemd, to enable socket activation
35 support when using systemd.
36 - The list of public DNSCrypt-enabled resolvers was updated.
37 - Libevent2 updates.
39 * Version 1.4.1:
40 - Alternative ports to dnscrypt.eu servers have been added
41 - Android build scripts are now part of the package
42 - UDP queries timing out are not retried any more. This caused some issues
43 and was already better handled by stub resolvers and caching name servers.
45 * Version 1.4.0:
46 - Security: versions 0.11 to 1.3.3 were vulnerable to a denial of
47 service when running out of output buffer space. Reported by @iamultra.
48 - Windows: --uninstall now actually stops the service
49 - Windows: registry keys are automatically created for a given
50 provider when installing the service.
51 - The resolver to use and its configuration can now be specified as a
52 definition file + the name of the resolver to use. The new
53 command-line options to use are --resolvers-list=<csv file> (optional
54 on non-Windows platforms) and --resolver-name=<name>. This deprecates
55 --provider-key, --provider-name and --resolver-address.
56 - Documentation and diagnostics have been improved.
58 * Version 1.3.3:
59 - Try to send questions as big as the response can be. Upgrading is
60 highly recommended, as the server can refuse to respond to queries using
61 UDP if the response is larger than the question.
63 * Version 1.3.2:
64 - faster startup on iOS and Android
65 - New command-line switch: --test, in order to check if a certificate can be
66 used, with an optional time safety margin.
67 - The package now includes an AppArmor profile, thanks to InsanityBit.
68 - Plugins using ldns can now be compiled on Windows.
70 * Version 1.3.1:
71 - dnscrypt-proxy doesn't ship its own, possibly outdated copy of libsodium
72 any more, and always picks the system one instead.
73 - Minor compilation improvements for iOS, Android and FreeBSD.
75 * Version 1.3.0:
76 - The bundled NaCl library with only reference implementations has been
77 replaced with libsodium, leading to significant performance improvements.
78 - A new command-line switch, --loglevel, allows adjusting the log verbosity.
80 * Version 1.2.1:
81 - Add support for certificates split into multiple TXT records.
82 Contributed by Yecheng Fu, thanks!
84 * Version 1.2.0:
85 - A pre-filter can now totally bypass the resolver and directly send a
86 reply to the client.
87 - A new example plugin has been shipped: ldns-aaaa-blocking. It
88 directly sends an empty response to AAAA queries in order to
89 significantly speed up lookups on hosts without IPv6 connectivity
90 (but with clients still asking for AAAA records anyway).
91 - Example plugins requiring ldns can be compiled on Windows.
92 - Paths with a drive name are now recognized as absolute paths on
93 Windows.
95 * Version 1.1.0:
96 - dnscrypt-proxy can now use plugins in order to alter/inspect
97 queries and responses before and after they are relayed.
98 See README-PLUGINS.markdown for more information.
99 - The default max payload size has been trimmed down to 1252 bytes
100 for compatibility with some scary network setups.
101 - The --local-port and --resolver-port options are gone for good.
102 They had been deprecated for a while and were undocumented since
103 version 1.0.
104 - Multiple certificates are now properly handled.
105 - Memory leaks have been fixed, a big bad use-after-free condition
106 has been fixed, uninitialized variables have been initialized.
107 Upgrading is recommended, especially on Windows.
109 * Version 1.0.1:
110 - dnscrypt-proxy and hostip can now be compiled for Android and
111 Solaris.
112 - The proxy can now run as a Windows service. The new --install and
113 --uninstall command-line switches can automatically register the proxy
114 as a service. Startup options are read from the Windows registry.
115 See the README-WINDOWS.markdown file for details.
117 * Version 1.0:
118 - Autotools scripts have been improved.
119 - 1.0.
121 * Version 0.12:
122 - Datagrams are resent after running out of memory, or if the queue
123 was full.
124 - Missing compilation flags broke 0.11 on some Linux distributions.
125 This has been fixed.
127 * Version 0.11:
128 - A new tool, hostip, can resolve host names before dnscrypt-proxy is
129 started. This should help resolving chicken-and-egg problems on
130 routers, as reported by LanceThePants.
131 - The --local-port and --resolver-port options have been deprecated.
132 Please use --local-address=<ip>:<port> and
133 --resolver-address=<ip>:<port> instead.
134 - Improved stability on Win32.
136 * Version 0.10.1:
137 - The daemon didn't start on some Linux distributions lacking the
138 RANDOM_UUID sysctl. This has been fixed.
139 - The config.guess files have been patched in order to run out of the
140 box on Bitrig.
142 * Version 0.10:
143 - Almost a complete rewrite, with libuv being replaced by libevent.
144 - The max number of simultaneous queries is now global, not
145 per-protocol.
146 - As an insane amount of routers and ISPs are hijacking port 53, the default
147 server port is now 443.
148 - iOS binaries are now smaller.
149 - More dtrace probes.
151 * Version 0.9.5:
152 - Full IPv6 support.
154 * Version 0.9.4:
155 - The --tcp-port option is gone. The resolver port can now be set
156 with --resolver-port= and forcing use of TCP can be achieved with
157 --tcp-only.
158 - portage files for Gentoo have been added.
159 - Libuv has been updated.
161 * Version 0.9.3:
162 - Support for native Windows builds.
163 - --daemonize has been fixed.
165 * Version 0.9.2:
166 - Support for cross-compilation. In particular, the proxy can now
167 compile and work on iOS.
169 * Version 0.9.1:
170 - DNSCrypt should compile out of the box on DD-WRT and other
171 uclibc-based systems.
173 * Version 0.9:
174 - libuv has been updated.
175 - Enhanced compatibility with non-Intel architectures.
177 * Version 0.8:
178 - Support for Windows (through Cygwin, for now) has been improved.
179 - Documentation has been improved.
180 - The package now compiles on Dragonfly BSD-current.
181 - Signatures are now using ed25519 instead of edwards25519sha512batch.
182 - The proxy now compiles on Openwall Linux.
183 - Libuv has been updated.
184 - A sample .plist file and a Homebrew formula for OSX are now provided.
186 * Version 0.7:
187 - Initial public release.