Software-update: AdGuard Home 0.107.14

AdGuard Home versie 0.107.14 is uitgekomen. Met deze software kan er thuis een dns-server worden opgezet om zo onder meer advertenties en malware te blokkeren op het gehele netwerk. Het is daarmee dus vergelijkbaar met Pi-hole. AdGuard Home werkt op een machine met Windows, macOS, Linux of FreeBSD, is ook in staat om tegen phishing te beschermen en heeft parental control. Op ons eigen forum kan over het programma worden gediscussieerd. De changelog voor deze uitgave kan hieronder worden gevonden:

Security

A Cross-Site Request Forgery (CSRF) vulnerability has been discovered. The CVE number is to be assigned. We thank Daniel Elkabes from Mend for reporting this vulnerability to us.

SameSite Policy

The SameSite policy on the AdGuard Home session cookies has been upgraded to Lax. Which means that the only cross-site HTTP request for which the browser is allowed to send the session cookie is navigating to the AdGuard Home domain. Note: users are strongly advised to log out, clear browser cache, and log in again after updating.

Removal Of Plain-Text APIs (BREAKING API CHANGE)

We have implemented several measures to prevent such vulnerabilities in the future, but some of these measures break backwards compatibility for the sake of better protection.

The following APIs, which previously accepted or returned text/plain data, now accept or return data as JSON. All new formats for the request and response bodies are documented in openapi/openapi.yaml and openapi/CHANGELOG.md.

• GET /control/i18n/current_language;
• POST /control/dhcp/find_active_dhcp;
• POST /control/filtering/set_rules;
• POST /control/i18n/change_language.

Stricter Content-Type Checks (BREAKING API CHANGE)

All JSON APIs now check if the request actually has Content-Type set to application/json.

Other Security Changes

• Weaker cipher suites that use the CBC (cipher block chaining) mode of operation have been disabled (#2993).

Added

• Support for plain (unencrypted) HTTP/2 (#4930). This is useful for AdGuard Home installations behind a reverse proxy.

Fixed

• Incorrect path template in DDR responses (#4927).