1.5.0

📝 Release Notes

• Fixes and improvements

🆕 Important changes since 1.4:

• Add TLS ECH server support
• Improve TLS TCH client configuration
• Add TLS ECH key pair generator 1
• Add TLS ECH support for QUIC based protocols 2
• Add KDE support for the set_system_proxy option in HTTP inbound
• Add Hysteria2 protocol support 3
• Add interrupt_exist_connections option for Selector and URLTest outbounds 4
• Add DNS01 challenge support for ACME TLS certificate issuer 5
• Add merge command 6
• Mark Deprecated Features

1:

Command: sing-box generate ech-keypair <plain_server_name> [--pq-signature-schemes-enabled]

2:

All inbounds and outbounds are supported, including Naiveproxy, Hysteria[/2], TUIC and V2ray QUIC transport.

3:

See Hysteria2 inbound and Hysteria2 outbound

For protocol description, please refer to https://v2.hysteria.network

4:

Interrupt existing connections when the selected outbound has changed.

Only inbound connections are affected by this setting, internal connections will always be interrupted.

5:

Only Alibaba Cloud DNS and Cloudflare are supported, see ACME Fields
and DNS01 Challenge Fields.

6:

This command also parses path resources that appear in the configuration file and replaces them with embedded
configuration, such as TLS certificates or SSH private keys.

1.5.0-rc.6

📝 Release Notes

• Fixes and improvements

1.4.6

📝 Release Notes

• Fixes and improvements

1.5.0-rc.5

📝 Release Notes

• Fixed an improper authentication vulnerability in the SOCKS inbound
• Fixes and improvements

⚠️ Security Advisory

This update fixes an improper authentication vulnerability in the sing-box SOCKS inbound. This vulnerability allows an
attacker to craft special requests to bypass user authentication. All users exposing SOCKS servers with user
authentication in an insecure environment are advised to update immediately.

此更新修复了 sing-box SOCKS 入站中的一个不正确身份验证漏洞。 该漏洞允许攻击者制作特殊请求来绕过用户身份验证。建议所有将使用用户认证的 SOCKS 服务器暴露在不安全环境下的用户立即更新。

1.4.5

📝 Release Notes

• Fixed an improper authentication vulnerability in the SOCKS inbound
• Fixes and improvements

⚠️ Security Advisory

This update fixes an improper authentication vulnerability in the sing-box SOCKS inbound. This vulnerability allows an
attacker to craft special requests to bypass user authentication. All users exposing SOCKS servers with user
authentication in an insecure environment are advised to update immediately.

此更新修复了 sing-box SOCKS 入站中的一个不正确身份验证漏洞。 该漏洞允许攻击者制作特殊请求来绕过用户身份验证。建议所有将使用用户认证的 SOCKS 服务器暴露在不安全环境下的用户立即更新。

1.5.0-rc.3

📝 Release Notes

• Fixes and improvements

1.5.0-rc.2

📝 Release Notes

• Fixes and improvements

1.5.0-rc.1

📝 Release Notes

• Fixes and improvements

1.5.0-beta.12

📝 Release Notes

• Add merge command 1
• Fixes and improvements

1:

This command also parses path resources that appear in the configuration file and replaces them with embedded
configuration, such as TLS certificates or SSH private keys.

Merge configurations

Usage:
  sing-box merge [output] [flags]

Flags:
  -h, --help   help for merge

Global Flags:
  -c, --config stringArray             set configuration file path
  -C, --config-directory stringArray   set configuration directory path
  -D, --directory string               set working directory
      --disable-color                  disable color output

1.5.0-beta.11

📝 Release Notes

• Add DNS01 challenge support for ACME TLS certificate issuer 1
• Fixes and improvements

1:

Only Alibaba Cloud DNS and Cloudflare are supported, see ACME Fields and DNS01 Challenge Fields.