v2.3.0

What's Changed

Go 1.26 Upgrade

• Upgraded from Go 1.24 to Go 1.26
• Added goroutine leak detection tests using Go 1.26's experimental goroutineleak profile (GOEXPERIMENT=goroutineleakprofile)
• CI now runs leak detection on every push/PR

Goroutine Leak Fixes

• Added Stop() method to the ACL interface for proper lifecycle management
• Domain, CIDR, and GeoIP ACL refresh workers now use ticker + select with cancellation channels instead of infinite sleep loops
• StopACLs() is called on SIGTERM/SIGINT for clean shutdown
• 7 goroutine leak detection tests covering TLS (single, concurrent, slow client, valid SNI), DNS, and proxyCopy paths

Security Hardening

• All HTTP servers now set ReadHeaderTimeout to prevent Slowloris attacks (DoH server, Prometheus endpoint)
• TLS MinVersion set to 1.2 across all TLS configs (DoT, DoH, DoQ)
• InsecureSkipVerify defaults to false for DNS clients
• TLS SNI parser hardened with bounds checking against malformed packets
• Certificate/key files written with 0600 permissions instead of 0644
• Log output sanitized to prevent log injection (newline/carriage return stripping)
• HTTP proxy IP parsing fixed to use net.SplitHostPort for correct IPv6 handling
• HTTP transport connection pooling limits added (MaxIdleConns, MaxIdleConnsPerHost, IdleConnTimeout)

Code Quality

• Zero golangci-lint issues (was 100+)
• All defer Close()/Shutdown() patterns now properly handle errors
• Removed unused code (dead checkPIDFile function, unused struct fields)
• Fixed ineffassign, misspelling, and staticcheck issues throughout
• Added port range validation (1-65535) in multi-listen config parser
• Added Config.Validate() for startup config checking
• Accept loop backoff on repeated errors in HTTPS listener

Documentation

• README rewritten with actual project description, feature list, install/config instructions
• CONTRIBUTING.md rewritten to be concise and direct

Dependencies

• routedns v0.1.115 -> v0.1.144
• miekg/dns v1.1.67 -> v1.1.72
• quic-go v0.57.0 -> v0.59.0
• prometheus/client_golang v1.22.0 -> v1.23.2
• golang.org/x/net v0.47.0 -> v0.52.0
• golang.org/x/crypto v0.45.0 -> v0.49.0
• And many more (see full diff)

Full Changelog: v2.2.2...v2.3.0

v2.2.2

mvoe to go 1.23.4

v2.2.1

moving the builds to Go 1.23.4

v2.2.0

What's Changed

• Reject non-FQDN SNI values by @mosajjal in #129
• Bump docker/build-push-action from 6.7.0 to 6.8.0 by @dependabot in #130
• Bump docker/build-push-action from 6.8.0 to 6.9.0 by @dependabot in #131
• Bump docker/metadata-action from 5.5.1 to 5.6.1 by @dependabot in #132
• Bump docker/build-push-action from 6.9.0 to 6.10.0 by @dependabot in #133
• Bump github.com/quic-go/quic-go from 0.47.0 to 0.48.2 by @dependabot in #134
• Bump golang.org/x/crypto from 0.28.0 to 0.31.0 by @dependabot in #135

NOTE: this version of sniproxy uses a different and more optimized method to proxy connections. should result in increased performance. Feedbacks are welcome.

Full Changelog: v2.1.2...v2.2.0

v2.1.2

Full Changelog: v2.1.1...v2.1.2

fixed go version for workflows

v2.1.1

Full Changelog: v2.1.0...v2.1.1

Fixed ipv4 only network issues and better default config

v2.1.0

What's Changed

• added basic local connection option by @mosajjal in #80
• Bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in #86
• routedns by @mosajjal in #89
• Bump docker/build-push-action from 5.0.0 to 5.1.0 by @dependabot in #90
• Bump docker/metadata-action from 5.0.0 to 5.2.0 by @dependabot in #92
• Bump actions/setup-go from 4 to 5 by @dependabot in #94
• Bump docker/metadata-action from 5.2.0 to 5.3.0 by @dependabot in #95
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #97
• Bump docker/metadata-action from 5.3.0 to 5.4.0 by @dependabot in #99
• Bump docker/metadata-action from 5.4.0 to 5.5.0 by @dependabot in #102
• Bump github.com/quic-go/quic-go from 0.39.1 to 0.39.4 by @dependabot in #103
• Bump docker/metadata-action from 5.5.0 to 5.5.1 by @dependabot in #105
• ipv6 outbound by @mosajjal in #104
• Bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in #106
• Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #107
• Bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #109
• Bump docker/build-push-action from 5.2.0 to 5.3.0 by @dependabot in #110
• Bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #111
• Bump docker/login-action from 3.1.0 to 3.2.0 by @dependabot in #112
• Bump docker/build-push-action from 5.3.0 to 5.4.0 by @dependabot in #113
• Bump docker/build-push-action from 5.4.0 to 6.1.0 by @dependabot in #115
• Bump docker/build-push-action from 6.1.0 to 6.2.0 by @dependabot in #116
• Bump docker/build-push-action from 6.2.0 to 6.3.0 by @dependabot in #117
• Bump docker/build-push-action from 6.3.0 to 6.4.1 by @dependabot in #118
• Check before dereferencing dnsc res.Answer by @moh53n in #121
• Fix DNS AF version picker by @moh53n in #120
• Bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in #122
• Bump docker/build-push-action from 6.4.1 to 6.5.0 by @dependabot in #123
• Bump docker/build-push-action from 6.5.0 to 6.6.1 by @dependabot in #124
• Bump docker/build-push-action from 6.6.1 to 6.7.0 by @dependabot in #125
• ability to listen on multiple http or https ports by @mosajjal in #127

New Contributors

• @moh53n made their first contribution in #121

Full Changelog: v2.0.4...v2.1.0

v2.0.4

updated dependencies

v2.0.3

What's Changed

• revamp debug logging by @mosajjal in #57

[BUGFIX] many fixes in the ACL logic especially in DNS

Full Changelog: v2.0.2...v2.0.3

v2.0.2

fixed minor bug in geolocation

Full Changelog: v2.0.1...v2.0.2