AdguardTeam/AdGuardHome (docker.io/adguard/adguardhome)
### [`v0.107.53`](https://redirect.github.com/AdguardTeam/AdGuardHome/blob/HEAD/CHANGELOG.md#v010753---2024-10-03)
[Compare Source](https://redirect.github.com/AdguardTeam/AdGuardHome/compare/v0.107.52...v0.107.53)
See also the [v0.107.53 GitHub milestone][ms-v0.107.53].
##### Security
- Previous versions of AdGuard Home allowed users to add any system file it had
access to as filters, exposing them to be world-readable. To prevent this,
AdGuard Home now allows adding filtering-rule list files only from files
matching the patterns enumerated in the `filtering.safe_fs_patterns` property
in the configuration file.
We thank [@itz-d0dgy](https://redirect.github.com/itz-d0dgy) for reporting this vulnerability, designated
CVE-2024-36814, to us.
- Additionally, AdGuard Home will now try to change the permissions of its files
and directories to more restrictive ones to prevent similar vulnerabilities
as well as limit the access to the configuration.
We thank [@go-compile](https://redirect.github.com/go-compile) for reporting this vulnerability, designated
CVE-2024-36586, to us.
- Go version has been updated to prevent the possibility of exploiting the Go
vulnerabilities fixed in [1.23.2][go-1.23.2].
##### Added
- Support for 64-bit RISC-V architecture ([#5704]).
- Ecosia search engine is now supported in safe search ([#5009]).
##### Changed
- Upstream server URL domain names requirements has been relaxed and now follow
the same rules as their domain specifications.
##### Configuration changes
In this release, the schema version has changed from 28 to 29.
- The new array `filtering.safe_fs_patterns` contains glob patterns for paths of
files that can be added as local filtering-rule lists. The migration should
add list files that have already been added, as well as the default value,
`$DATA_DIR/userfilters/*`.
##### Fixed
- Property `clients.runtime_sources.dhcp` in the configuration file not taking
effect.
- Stale Google safe search domains list ([#7155]).
- Bing safe search from Edge sidebar ([#7154]).
- Text overflow on the query log page ([#7119]).
##### Known issues
- Due to the complexity of the Windows permissions architecture and poor support
from the standard Go library, we have to postpone the proper automated Windows
fix until the next release.
**Temporary workaround:** Set the permissions of the `AdGuardHome` directory
to more restrictive ones manually. To do that:
1. Locate the `AdGuardHome` directory.
2. Right-click on it and navigate to *Properties → Security → Advanced.*
3. (You might need to disable permission inheritance to make them more
restricted.)
4. Adjust to give the `Full control` access to only the user which runs
AdGuard Home. Typically, `Administrator`.
[#5009]: https://redirect.github.com/AdguardTeam/AdGuardHome/issues/5009
[#5704]: https://redirect.github.com/AdguardTeam/AdGuardHome/issues/5704
[#7119]: https://redirect.github.com/AdguardTeam/AdGuardHome/issues/7119
[#7154]: https://redirect.github.com/AdguardTeam/AdGuardHome/pull/7154
[#7155]: https://redirect.github.com/AdguardTeam/AdGuardHome/pull/7155
[go-1.23.2]: https://groups.google.com/g/golang-announce/c/NKEc8VT7Fz0
[ms-v0.107.53]: https://redirect.github.com/AdguardTeam/AdGuardHome/milestone/88?closed=1
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v0.107.52
->v0.107.53
Release Notes
AdguardTeam/AdGuardHome (docker.io/adguard/adguardhome)
### [`v0.107.53`](https://redirect.github.com/AdguardTeam/AdGuardHome/blob/HEAD/CHANGELOG.md#v010753---2024-10-03) [Compare Source](https://redirect.github.com/AdguardTeam/AdGuardHome/compare/v0.107.52...v0.107.53) See also the [v0.107.53 GitHub milestone][ms-v0.107.53]. ##### Security - Previous versions of AdGuard Home allowed users to add any system file it had access to as filters, exposing them to be world-readable. To prevent this, AdGuard Home now allows adding filtering-rule list files only from files matching the patterns enumerated in the `filtering.safe_fs_patterns` property in the configuration file. We thank [@itz-d0dgy](https://redirect.github.com/itz-d0dgy) for reporting this vulnerability, designated CVE-2024-36814, to us. - Additionally, AdGuard Home will now try to change the permissions of its files and directories to more restrictive ones to prevent similar vulnerabilities as well as limit the access to the configuration. We thank [@go-compile](https://redirect.github.com/go-compile) for reporting this vulnerability, designated CVE-2024-36586, to us. - Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in [1.23.2][go-1.23.2]. ##### Added - Support for 64-bit RISC-V architecture ([#5704]). - Ecosia search engine is now supported in safe search ([#5009]). ##### Changed - Upstream server URL domain names requirements has been relaxed and now follow the same rules as their domain specifications. ##### Configuration changes In this release, the schema version has changed from 28 to 29. - The new array `filtering.safe_fs_patterns` contains glob patterns for paths of files that can be added as local filtering-rule lists. The migration should add list files that have already been added, as well as the default value, `$DATA_DIR/userfilters/*`. ##### Fixed - Property `clients.runtime_sources.dhcp` in the configuration file not taking effect. - Stale Google safe search domains list ([#7155]). - Bing safe search from Edge sidebar ([#7154]). - Text overflow on the query log page ([#7119]). ##### Known issues - Due to the complexity of the Windows permissions architecture and poor support from the standard Go library, we have to postpone the proper automated Windows fix until the next release. **Temporary workaround:** Set the permissions of the `AdGuardHome` directory to more restrictive ones manually. To do that: 1. Locate the `AdGuardHome` directory. 2. Right-click on it and navigate to *Properties → Security → Advanced.* 3. (You might need to disable permission inheritance to make them more restricted.) 4. Adjust to give the `Full control` access to only the user which runs AdGuard Home. Typically, `Administrator`. [#5009]: https://redirect.github.com/AdguardTeam/AdGuardHome/issues/5009 [#5704]: https://redirect.github.com/AdguardTeam/AdGuardHome/issues/5704 [#7119]: https://redirect.github.com/AdguardTeam/AdGuardHome/issues/7119 [#7154]: https://redirect.github.com/AdguardTeam/AdGuardHome/pull/7154 [#7155]: https://redirect.github.com/AdguardTeam/AdGuardHome/pull/7155 [go-1.23.2]: https://groups.google.com/g/golang-announce/c/NKEc8VT7Fz0 [ms-v0.107.53]: https://redirect.github.com/AdguardTeam/AdGuardHome/milestone/88?closed=1Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.