Chore: bump github.com/v2fly/v2ray-core/v5 from 5.0.3 to 5.0.7

Bumps github.com/v2fly/v2ray-core/v5 from 5.0.3 to 5.0.7.

Release notes

Sourced from github.com/v2fly/v2ray-core/v5's releases.

v5.0.7 Developer Preview

This release includes security enhancement for all users.

!!! Important SECURITY enhancement !!!

Fix DoS attack vulnerability in VMess Option Processing. (Thanks @nekohasekai )

Security Advisory

This update fixes a DoS vulnerability in V2Ray. This vulnerability allows a VMess Client with authentication information controlled by an attacker to crash a VMess Server by sending a specially crafted VMess handshake message with an invalid option or encryption type. This vulnerability does NOT allow the attacker to retrieve any information and does NOT allow an attacker to control the unpatched software or system other than it used an unpatched version of the software. It is strongly recommended for all users to apply this security update at the earliest possible opportunity. We would like to thank @nekohasekai for the discovery of this vulnerability.

此更新修复了在 V2Ray 中的一个拒绝服务攻击漏洞。这个漏洞允许攻击者控制的拥有认证信息的 VMess 客户端迫使 VMess 服务器端崩溃。这个漏洞可以通过在 VMess 握手阶段由客户端发送一个恶意的数据包被触发，触发漏洞数据包拥有无效的选项或加密方式。攻击者无法通过这个漏洞获取任何信息（除客户端尚未应用此安全更新以外），也不会允许攻击者控制客户端软件或系统。强烈推荐所有用户在第一时间应用本安全更新。我们在此感谢 @nekohasekai 发现此漏洞。

v5.0.6 Developer Preview

v5.0.5 Developer Preview

This is a pre-release version of V2Ray intended for developer preview. Users are not advised to use this version right now. Contributors are encouraged to send pull requests to the V5 version of the codebase. This release note is being edited to reflect all significant changes made to the codebase, please contact us if you think something is missing. Most new features are currently undocumented. The documents will be updated over time.

!!! SECURITY !!!

Fix TLS Client Certificate Verify setting is not applied. Most users do not use this feature in V5.

!!! BREAKING !!!

TLS Certificates are required to have usage set to AUTHORITY_VERIFY, or AUTHORITY_VERIFY_CLIENT to be recognized as respective CA.

New Features

Jsonv5 New configuration format. This enables support for automatic component recognition.

ZH Document is work in progress.

EN Document is work in progress.

Thanks @AkinoKaede, @kslr, @mzz2017.

VLite UDP P2P focused proxy protocol with Full Cone, Forward Error Correction, Self-Healing Connection(Connection Stabilization) support.

UDP based VLite support was added in #1732.

The ZH EN documents have been updated.

UDP PacketAddr UDP endpoint independent mapping(aka Full Cone) support.

SocksOpt Add KeepAlive Support. Thanks @ValdikSS .

SocksOpt Add BindToDevice Support. Thanks @database64128 .

SocksOpt Add Rx/TxBuf Size Support.

Burst Observatory Measure connection quality to a significant amount of outbound at the same time. Thanks @qjebbs.

Multi Observatory Run more than one Observatory at the same time.

Router Load balancing strategy LeastLoad. Thanks @qjebbs.

Jsonv4 Additional representation format for Jsonv4 configure file format. This includes YAML, TOML. Thanks @qjebbs.

Jsonv4 General purpose merger for all configure formats. Thanks @qjebbs.

Shadowsocks Reduced IV Head Entropy Experiment. Thanks GFWReport and other collaborators.

CLI Reworked command line Interface. Thanks @qjebbs.

Developer Assistance Protobuf configure format reverse engineering.

Asset Search for assets in xdg data directories on non-windows platforms #1578 Thanks @NickCao.

DNS Feat: refine find IPs logic for DoH. Thanks @AkinoKaede .

gRPC Feat: make gRPC dialer accept socket config #1697 Thanks @dyhkwong

... (truncated)

Commits

b4069f7 update version
5eff77c Fix DoS attack vulnerability in VMess Option Processing
4e24784 Add JsonV5 support for QUIC: auto generated
7deca02 Add JsonV5 support for QUIC
c333383 Chore: bump github.com/miekg/dns from 1.1.48 to 1.1.49 (#1779)
0468cdf Fix convert time ip parsing in jsonv5
0685f8c Chore: bump github.com/go-playground/validator/v10 (#1764)
17a93bb update version
52ea2b0 Fix TLS Client Certificate Verify Not Applied
c93ad2f update version
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Loyalsoldier / geoip

Chore: bump github.com/v2fly/v2ray-core/v5 from 5.0.3 to 5.0.7 #63

v5.0.7 Developer Preview

!!! Important SECURITY enhancement !!!

Security Advisory

v5.0.6 Developer Preview

!!! SECURITY !!!

!!! BREAKING !!!

New Features