Skip to content

v1.0.8 — Engine v3.4.11, Security Hardening, Telegram Customization

Latest
Latest

Choose a tag to compare

View all tags
@SamNet-dev SamNet-dev released this 18 May 00:34
v1.0.8
b9b28ea

🔧 Engine Upgrade + Telegram Customization

This release upgrades the telemt engine from v3.4.8 → v3.4.11 (3 upstream releases) and adds post-install Telegram notification customization requested in #77.

🚀 Engine v3.4.11 — Security Hardening & Performance

Three upstream releases worth of improvements, all drop-in compatible:

🔒 Security

  • Constant-time API authorization — prevents timing attacks on auth headers
  • PROXY protocol pre-validation — reject untrusted sources before reading the header
  • Bounded API/metrics connections — HTTP connection timeouts prevent resource exhaustion
  • Per-user source IP/CIDR deny lists — new access.user_source_deny config key

🔐 TLS

  • Full certificate budget bookkeeping — tracks TLS cert resource usage per shard
  • Fixed domain-aware masking fallback — extra tls_domains now properly preserve matching SNI domain
  • TLS front profile health metrics — configured, emitted, suppressed, default, raw, merged states
  • Multi-domain TLS fetcher — works across multiple tls_domains entries
  • tls_domains validation — rejects invalid entries at config time

📊 Quota & Rate Limiting

  • Persistent per-user quota statequota_state_path saves quota consumption across restarts
  • Runtime quota reset endpointPOST /v1/users/{user}/reset-quota
  • Bounded quota contention — cancellation paths and contention metrics

⚡ Performance & Reliability

  • IP tracker cleanup pressure reduction — less work on hot paths
  • ME admission event-driven wakeup — faster connection acceptance
  • Bounded ME child task join — timeout + abort accounting for relay cleanup
  • Hot-path cleanup — moved stats/cleanup work away from latency-sensitive paths
  • TimeWindow IP limiting fix — only new IPs counted when TimeWindow mode enabled
  • WorkingDirectory behavior fix

📈 Observability

  • Class-based rejected connection and handshake failure metrics
  • Quota contention/cancellation/flow-wait metrics
  • ME child task abort/timeout metrics
  • Updated Grafana dashboard for new metric surface

📦 Dependencies

  • rustls-webpki 0.103.12 → 0.103.13

🤖 Telegram Notification Customization (#77)

Previously, report interval, server label, and alert preferences could only be set during the initial setup wizard. Now they're fully configurable post-install:

CLI:

mtproxymax telegram interval 12      # Change report interval (1–168 hours)
mtproxymax telegram label "My VPS"   # Change server label in notifications
mtproxymax telegram alerts on        # Toggle down/recovery alerts (on|off)

# Show current values:
mtproxymax telegram interval         # → Report interval: every 6h
mtproxymax telegram status           # → shows interval, alerts, and label

TUI — Telegram Bot menu:

Option Description
[5] Toggle alerts Now shows current state: (true) / (false)
[7] Change report interval Prompts with current value, validates 1-168h
[8] Change server label Prompts with current value, validates format

🏁 Upgrade

mtproxymax update

The new engine image (ghcr.io/samnet-dev/mtproxymax-telemt:3.4.11-3bd5637) is pulled automatically on update. No manual steps needed.

🐛 Engine Version

Pinned: telemt v3.4.11 (3bd5637)

Assets 2
Loading