Update adguard/adguardhome Docker tag to v0.107.69

[renovate]

This PR contains the following updates:

Package	Update	Change
adguard/adguardhome (source)	patch	v0.107.56 -> v0.107.69

---

Release Notes

AdguardTeam/AdGuardHome (adguard/adguardhome)

v0.107.69

Compare Source

See also the v0.107.69 GitHub milestone.

NOTE: Add new changes BELOW THIS COMMENT.
-->

Changed

• Node.js 24 is now used to build the frontend.

Deprecated

• Node.js 20 and 22 support.

Fixed

• DHCP settings could not be saved (#​8075).
• DNS Rewrite edit modal did not populate with the correct values (#​8072).

Removed

• The outdated querylog anonymization script.

v0.107.68

Compare Source

See also the v0.107.68 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.3.

Added

• New DNS rewrite settings endpoints GET /control/rewrite/settings and PUT /control/rewrite/settings/update (#​1765). See openapi/openapi.yaml for details.
• New fields "groups" and "group_id" added to the HTTP API (GET /control/blocked_services/all). See openapi/openapi.yaml for the full description.

Changed

• POST /control/rewrite/add and PUT /control/rewrite/update now accept the optional field "enabled" (#​1765). See openapi/openapi.yaml for details.

Configuration changes

In this release, the schema version has changed from 30 to 31.

• Added a new boolean field filtering.rewrites_enabled to globally enable/disable DNS rewrites.

• Added a new boolean field enabled for each entry in filtering.rewrites to toggle individual rewrites.

  # BEFORE:
  'filtering':
    'rewrites':
      - 'domain': test.example
        'answer': 192.0.2.0
    # …
  
  # AFTER:
  'filtering':
    'rewrites_enabled': true
    'rewrites':
      - 'domain': test.example
        'answer': 192.0.2.0
        'enabled': true
    # …

  To roll back this change, set schema_version back to 30.

v0.107.67

Compare Source

See also the v0.107.67 GitHub milestone.

Added

• The HaGeZi's DNS Rebind Protection filter for protecting against DNS rebinding attacks (#​102).
• Support for configuring the suggested default HTTP port for the installation wizard via the ADGUARD_HOME_DEFAULT_WEB_PORT environment variable (useful for vendors).

Changed

• Optimized matching of filtering rules.

Fixed

• Excessive configuration file overwrites when visiting the Web UI and a non-empty language is set.
• Lowered the severity of log messages for failed deletion of old filter files (#​7964).

v0.107.66

Compare Source

See also the v0.107.66 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.1.

Changed

• Our snap package now uses the core24 image as its base.
• Outgoing HTTP requests now use the User-Agent header AdGuardHome/v0.107.66 (where v0.107.66 is the current version) instead of Go-http-client/1.1 (#​7979).

Fixed

• Authentication errors in the Web UI when AdGuard Home is behind a proxy that sets Basic Auth headers (#​7987).
• The HTTP API GET /control/profile endpoint failing when no users were configured (#​7985).
• Missing warning on the Encryption Settings page when using a certificate without an IP address.

v0.107.65

Compare Source

See also the v0.107.65 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.6.

Added

• A separate checkbox in the Web UI to enable or disable the global DNS response cache without losing the configured cache size.

• A new "cache_enabled" field to the HTTP API (GET /control/dns_info and POST /control/dns_config). See openapi/openapi.yaml for the full description.

Changed

Configuration changes

In this release, the schema version has changed from 29 to 30.

• Added a new boolean field dns.cache_enabled to the configuration. This field explicitly controls whether DNS caching is enabled, replacing the previous implicit logic based on dns.cache_size.

BEFORE:

'dns':

…

    'cache_size': 123456

AFTER:

'dns':

…

    'cache_enabled': true
    'cache_size': 123456
```

To roll back this change, set the schema_version back to `29`.

Fixed

• Disabled state of Top clients action button in web UI (#​7923).

v0.107.64

Compare Source

See also the v0.107.64 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.5.

Fixed

• TTL override calculation (#​7903).
• Validation process for DNSCrypt settings (#​7856).

v0.107.63

Compare Source

See also the v0.107.63 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.4.

Fixed

• The hostnames of DHCP clients with multiple labels not being recognized.

• Status reported by the systemd service implementation in cases of auto-restart after a failed start.

v0.107.62

Compare Source

See also the v0.107.62 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.3.

Fixed

• Clients with CIDR identifiers showing zero requests on the Settings → Client settings page (#​2945).

• Command line option --update when the dns.serve_plain_dns configuration property was disabled (#​7801).

• DNS cache not working for custom upstream configurations.

• Validation process for the DNS-over-TLS, DNS-over-QUIC, and HTTPS ports on the Encryption Settings page.

• Searching for persistent clients using an exact match for CIDR in the POST /clients/search HTTP API.

v0.107.61

Compare Source

See also the v0.107.61 GitHub milestone.

Security

• Any simultaneous requests that are considered duplicates will now only result in a single request to upstreams, reducing the chance of a cache poisoning attack succeeding. This is controlled by the new configuration object pending_requests, which has a single enabled property, set to true by default.

  NOTE: We thank Xiang Li for reporting this security issue. It's strongly recommended to leave it enabled, otherwise AdGuard Home will be vulnerable to untrusted clients.

v0.107.60

Compare Source

See also the v0.107.60 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.2.

Changed

• Alpine Linux version in Dockerfile has been updated to 3.21 (#​7588).

Deprecated

• Node 20 support, Node 22 will be required in future releases.

  NOTE: npm may be replaced with a different tool, such as pnpm or yarn, in a future release.

Fixed

• Filtering for DHCP clients (#​7734).

• Incorrect label on login page (#​7729).

• Validation process for the HTTPS port on the Encryption Settings page.

Removed

• Node 18 support.

v0.107.59

Compare Source

See also the v0.107.59 GitHub milestone.

• Rules with the client modifier not working (#​7708).

• The search form not working in the query log (#​7704).

v0.107.58

Compare Source

See also the v0.107.58 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.24.1.

Added

• The ability to check filtering rules for host names using an optional query type and optional ClientID or client IP address (#​4036).

• Optional client and qtype URL query parameters to the GET /control/check_host HTTP API.

Fixed

• Clearing the DNS cache on the DNS settings page now includes both global cache and custom client cache.

• Invalid ICMPv6 Router Advertisement messages (#​7547).

• Disabled button for autofilled login form.

• Formatting of elapsed times less than one millisecond.

• Changes to global upstream DNS settings not applying to custom client upstream configurations.

• The formatting of large numbers in the clients tables on the Client settings page (#​7583).

v0.107.57

Compare Source

See also the v0.107.57 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.23.6.

Added

• The ability to specify the upstream timeout in the Web UI.

Changed

• The Fastest IP address upstream mode now correctly collects statistics for all upstream DNS servers.

Fixed

• The hostnames of DHCP clients not being shown in the Top clients table on the dashboard (#​7627).

• The formatting of large numbers in the upstream table and query log (#​7590).

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.