Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

change to resolve 0.0.0.0:2017 security issue #727

Open
wants to merge 1,090 commits into
base: main
Choose a base branch
from
Open

change to resolve 0.0.0.0:2017 security issue #727

wants to merge 1,090 commits into from
+29,496 −14,822

Conversation

SaumyaBhushan
Copy link

@SaumyaBhushan SaumyaBhushan commented Nov 29, 2022
edited

@mzz2017
refine code
e151e36
@mzz2017
chore: clean code
49ad92d
@mzz2017
feat: support dns over quic (no routing)
776b797
@mzz2017
chore: safer jwt
abb0132
@mzz2017
chore: change exp duration to 30 days
5073e28
@mzz2017
feat(service): bump to the version v5 of v2ray-core and support Multi…
e7f586e 
…Observatory
@mzz2017
feat(gui): support v5 and configure outbound
12828e2
@mzz2017
fix: a problem that duplicated server would not show the info in obse…
b3373d9 
…rvatory window
@mzz2017
feat: observatory window
c7bec99
@mzz2017
fix: panic caused by incorrect observatory tags
79e600d
@mzz2017
optimize: replace vlessGrpc inbound with vmess inbound
310db4f
@mzz2017
fix: some ipv6 inbounds has no routing in some cases
e206479
@mzz2017
optimize: e206479
6b83fed
@mzz2017
fix: latency test failure when servers connected and transparent prox…
4f32161 
…y on
@mzz2017
refine code
e03c6c5
@mzz2017
chore: remove pingtunnel
f0ae652
@mzz2017
fix: trojan was deleted accidently
8c521d4
@mzz2017
i18n: portVmessLink
504ea4c
@mzz2017
fix: defunct process and the problem that fail to kill subprocess
3bd0674
@mzz2017
chore: clean code: remove all migrations
0ba50a8
@mzz2017
optimize: replace nutsdb with more stable boltdb
abe8023
@mzz2017
optimize(gui): better performance for server locating
15c4a45
@mzz2017
chore: use mirrors.aliyun.com/goproxy instead
00bbd28
@mzz2017
use v2raya.org instead of v2raya.mzz.pub
5adf789
@mzz2017
fix(shadowsocks): failed to parse if ":" in the password
1031ed6
@mzz2017
chore: fix ci
a594335 
chore: fix ci
@mzz2017
docs: correct license in README
1e900e8
@mzz2017
fix: replace all path with filepath
46f7113
@mzz2017
optimize: expand '~' with user home
966f260
@mzz2017
fix: failed to list outbounds
dc719a1
Markson and others added 17 commits November 10, 2022 08:28
@cubercsl
Copy link
Contributor

Some distribution like openwrt should still listen 0.0.0.0, so this is a breaking change and we should tell the maintainers make some changes in their packages before a tag release.

@SaumyaBhushan
Copy link
Author

Right @cubercsl

@1715173329
Copy link
Member

Some distribution like openwrt should still listen 0.0.0.0

It's the default behavior on openwrt. However, docker users might not that like this change.

JamesMackerel
JamesMackerel reviewed Nov 30, 2022
View reviewed changes
Copy link

@JamesMackerel JamesMackerel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

default config value changed to 127.0.0.1 from 0.0.0.0, clean and good

@SaumyaBhushan
Copy link
Author

@JamesMackerel . Is it ready to get merged or something else needs to be changed or discussed ?

@JamesMackerel
Copy link

I'm OK with it. Thank you!

@dramthy

This comment was marked as off-topic.

Sign in to view
@mzz2017
Copy link
Collaborator

mzz2017 commented Dec 2, 2022
edited

I don't think it's a good idea to change it, because a lot of people use it with remote management, such as in routers and servers without a desktop environment.

There are MAYBE some vulnerabilities. However, we should also carefully consider usage scenafios.

@JamesMackerel
Copy link

I don't think it's a good idea to change it, because a lot of people use it with remote management, such as in routers and servers without a desktop environment.

This modification only changes the default config value, users are free to set the program to listen to 0.0.0.0 or any address if they want. I think the only thing we have to be care of is to mention this change in release note.

@SaumyaBhushan
Copy link
Author

Hi @JamesMackerel @mzz2017 Any update on this PR?

@mzz2017
Copy link
Collaborator

mzz2017 commented Mar 24, 2023

@SaumyaBhushan Now you can set this in /etc/default/v2raya conveniently~

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JamesMackerel JamesMackerel JamesMackerel left review comments

@mzz2017 mzz2017 Awaiting requested review from mzz2017

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone