Software Update: AdGuard Home 0.107.14

By admin on September 29, 2022
Spread the love

AdGuard Home version 0.107.14 has been released. With this software, a DNS server can be set up at home to block advertisements and malware on the entire network, among other things. It is therefore comparable to Pi-hole. AdGuard Home works on a machine running Windows, macOS, Linux or FreeBSD, is also able to protect against phishing and has parental control. The program can be discussed on our own forum. The changelog for this release can be found below:

Security

A Cross-Site Request Forgery (CSRF) vulnerability has been discovered. The CVE number is to be assigned. We thank Daniel Elkabes from Mend for reporting this vulnerability to us.

Same Site Policy

The SameSite policy on the AdGuard Home session cookies has been upgraded to Lax. Which means that the only cross-site HTTP request for which the browser is allowed to send the session cookie is navigating to the AdGuard Home domain. Note: users are strongly advised to log out, clear browser cache, and log in again after updating.

Removal Of Plain-Text APIs (BREAKING API CHANGE)

We have implemented several measures to prevent such vulnerabilities in the future, but some of these measures break backwards compatibility for the sake of better protection.

The following APIs, which previously accepted or returned text/plain data, now accept or return data as JSON. All new formats for the request and response bodies are documented in openapi/openapi.yaml and openapi/CHANGELOG.md.

  • GET /control/i18n/current_language;
  • POST /control/dhcp/find_active_dhcp;
  • POST /control/filtering/set_rules;
  • POST /control/i18n/change_language.

Stricter Content-Type Checks (BREAKING API CHANGE)

All JSON APIs now check if the request actually has Content-Type set to application/json.

Other Security Changes

  • Weaker cipher suites that use the CBC (cipher block chaining) mode of operation have been disabled (#2993).

Added

  • Support for plain (unencrypted) HTTP/2 (#4930). This is useful for AdGuard Home installations behind a reverse proxy.

Fixed

  • Incorrect path template in DDR responses (#4927).

Version number 0.107.14
Release status Final
Operating systems Windows 7, Linux, BSD, macOS, Windows 8, Windows 10, Windows 11
Website AdGuard Team
Download
License type GPL
DNSJSONLinuxSecuritySoftwareWindows
Related Posts

Rumor: Apple is working on its own applications based on a large language model

EU Council determines position on security requirements for digital products

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

Meta introduces open source language model Llama 2, works on PCs and phones

Logitech acquires stream controller maker Loupedeck

Anticheat FaceIT gets Linux version, enables Steam Deck support

Rumor: EU starts investigation into Microsoft for including Teams with Office