Update adguard/adguardhome Docker tag to v0.107.67

[renovate]

This PR contains the following updates:

Package	Update	Change
adguard/adguardhome (source)	patch	v0.107.55 -> v0.107.67

---

Release Notes

AdguardTeam/AdGuardHome (adguard/adguardhome)

v0.107.67

Compare Source

See also the v0.107.67 GitHub milestone.

Added

• The HaGeZi's DNS Rebind Protection filter for protecting against DNS rebinding attacks (#​102).
• Support for configuring the suggested default HTTP port for the installation wizard via the ADGUARD_HOME_DEFAULT_WEB_PORT environment variable (useful for vendors).

Changed

• Optimized matching of filtering rules.

Fixed

• Excessive configuration file overwrites when visiting the Web UI and a non-empty language is set.
• Lowered the severity of log messages for failed deletion of old filter files (#​7964).

v0.107.66

Compare Source

See also the v0.107.66 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.1.

Changed

• Our snap package now uses the core24 image as its base.
• Outgoing HTTP requests now use the User-Agent header AdGuardHome/v0.107.66 (where v0.107.66 is the current version) instead of Go-http-client/1.1 (#​7979).

Fixed

• Authentication errors in the Web UI when AdGuard Home is behind a proxy that sets Basic Auth headers (#​7987).
• The HTTP API GET /control/profile endpoint failing when no users were configured (#​7985).
• Missing warning on the Encryption Settings page when using a certificate without an IP address.

v0.107.65

Compare Source

See also the v0.107.65 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.6.

Added

• A separate checkbox in the Web UI to enable or disable the global DNS response cache without losing the configured cache size.

• A new "cache_enabled" field to the HTTP API (GET /control/dns_info and POST /control/dns_config). See openapi/openapi.yaml for the full description.

Changed

Configuration changes

In this release, the schema version has changed from 29 to 30.

• Added a new boolean field dns.cache_enabled to the configuration. This field explicitly controls whether DNS caching is enabled, replacing the previous implicit logic based on dns.cache_size.

BEFORE:

'dns':

…

    'cache_size': 123456

AFTER:

'dns':

…

    'cache_enabled': true
    'cache_size': 123456
```

To roll back this change, set the schema_version back to `29`.

Fixed

• Disabled state of Top clients action button in web UI (#​7923).

v0.107.64

Compare Source

See also the v0.107.64 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.5.

Fixed

• TTL override calculation (#​7903).
• Validation process for DNSCrypt settings (#​7856).

v0.107.63

Compare Source

See also the v0.107.63 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.4.

Fixed

• The hostnames of DHCP clients with multiple labels not being recognized.

• Status reported by the systemd service implementation in cases of auto-restart after a failed start.

v0.107.62

Compare Source

See also the v0.107.62 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.3.

Fixed

• Clients with CIDR identifiers showing zero requests on the Settings → Client settings page (#​2945).

• Command line option --update when the dns.serve_plain_dns configuration property was disabled (#​7801).

• DNS cache not working for custom upstream configurations.

• Validation process for the DNS-over-TLS, DNS-over-QUIC, and HTTPS ports on the Encryption Settings page.

• Searching for persistent clients using an exact match for CIDR in the POST /clients/search HTTP API.

v0.107.61

Compare Source

See also the v0.107.61 GitHub milestone.

Security

• Any simultaneous requests that are considered duplicates will now only result in a single request to upstreams, reducing the chance of a cache poisoning attack succeeding. This is controlled by the new configuration object pending_requests, which has a single enabled property, set to true by default.

  NOTE: We thank Xiang Li for reporting this security issue. It's strongly recommended to leave it enabled, otherwise AdGuard Home will be vulnerable to untrusted clients.

v0.107.60

Compare Source

See also the v0.107.60 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.2.

Changed

• Alpine Linux version in Dockerfile has been updated to 3.21 (#​7588).

Deprecated

• Node 20 support, Node 22 will be required in future releases.

  NOTE: npm may be replaced with a different tool, such as pnpm or yarn, in a future release.

Fixed

• Filtering for DHCP clients (#​7734).

• Incorrect label on login page (#​7729).

• Validation process for the HTTPS port on the Encryption Settings page.

Removed

• Node 18 support.

v0.107.59

Compare Source

See also the v0.107.59 GitHub milestone.

• Rules with the client modifier not working (#​7708).

• The search form not working in the query log (#​7704).

v0.107.58

Compare Source

See also the v0.107.58 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.1.

Added

• The ability to check filtering rules for host names using an optional query type and optional ClientID or client IP address (#​4036).

• Optional client and qtype URL query parameters to the GET /control/check_host HTTP API.

Fixed

• Clearing the DNS cache on the DNS settings page now includes both global cache and custom client cache.

• Invalid ICMPv6 Router Advertisement messages (#​7547).

• Disabled button for autofilled login form.

• Formatting of elapsed times less than one millisecond.

• Changes to global upstream DNS settings not applying to custom client upstream configurations.

• The formatting of large numbers in the clients tables on the Client settings page (#​7583).

v0.107.57

Compare Source

See also the v0.107.57 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.23.6.

Added

• The ability to specify the upstream timeout in the Web UI.

Changed

• The Fastest IP address upstream mode now correctly collects statistics for all upstream DNS servers.

Fixed

• The hostnames of DHCP clients not being shown in the Top clients table on the dashboard (#​7627).

• The formatting of large numbers in the upstream table and query log (#​7590).

v0.107.56

Compare Source

See also the v0.107.56 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.23.5.

Added

• The new HTTP API POST /clients/search that finds clients by their IP addresses, CIDRs, MAC addresses, or ClientIDs. See openapi/openapi.yaml for the full description.

Deprecated

• The GET /clients/find HTTP API is deprecated. Use the new POST /clients/search API.

Fixed

• Request count link in the clients table (#​7513).

• The formatting of large numbers on the dashboard (#​7329).

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.