Version 5.10.028 March 2024New Features
- New subscription feature: Body Rewrite. Surge now can rewrite the body of HTTP request or response, replacing the original content with regular expressions. If you need to make more flexible modifications, try scripting.
Improvements
- Comprehensive enhancement of the Mock (Map Local) function, adding data types such as text, tiny-gif, base64 to facilitate inline data return. Also added the ability to customize status codes.
- Optimized the request list filter, now displaying the filter at the top and allowing quick toggling of filter activation. Long-pressing a filter item displays a menu for deletion or reversing the item to a negative filter.
- Added recognition for STUN packets, which can be matched with PROTOCOL,STUN.
- Optimized the external resource management page.
- Optimized the script editor page.
- Optimized the module management page.
- Added a long-press shortcut menu to the Utilities tab.
- Added a new URL scheme for the iOS version: surge:///install-module?url=…
Optimizations
- When configuring Shortcuts to execute Surge scripts, the script list of the current configuration can now be directly accessed.
- Enhanced compatibility when decompressing HTTP Body.
- Optimized the script engine, limiting the number of concurrent JSC engine processes to 2 to avoid memory issues.
- The GeoIP database can now be updated by the main application without needing a restart to take effect.
- Optimized the request log, now displaying the specific rules matched for URL Rewrite and Header Rewrite.
- Adjusted the logic of the DNS engine handling empty results, now not waiting for all servers to respond with empty results when multiple DNS servers are configured, to avoid additional waiting when AAAA records do not exist..
- The module page allows undoing modifications to avoid misoperations that change the order of effectiveness.
Fixes
- Fixed the issue where warnings generated by module configurations were not displayed.
- Fixed a crash in Surge caused by passing some incorrect types of parameters in scripts.
- Fixed compatibility issues with non-https WebSockets in proxy mode with the new version of Safari.
- Fixed the issue where deleting an entry in the rule search page would delete all duplicate entries.
- Fixed some missing highlights in the editor.
- Other bug fixes..
Version 5.8.308 December 2023- Rewrote the virtual IP database, now the database can automatically clean up data based on last use time.
- Added viewing of the virtual IP table. (at the top right corner of the DNS result page)
- For DNS requests with illegal domain names, an empty result response will be generated instead of being ignored directly.
- Surge Ponte connections no longer validate peer addresses to ensure normal operation in certain special scenarios.
- Removed include-all-network option from UI to avoid misuse.
- Support configuring no-resolve for built-in rule sets/Inline rule sets.
- Other improvements and bug fixes..
Version 5.7.014 September 2023New Features
· Surge tvOS is now available. All users who have purchased Surge iOS can use it directly without any additional purchase.
· Supports interactive widgets for the latest system.
· Added full-text search support for HTTP request's header and body.
· Web Dashboard updated to version 2.0.
· Inline Ruleset, allowing the Ruleset to be written directly in the main profile.
Minor Improvements
· Optimized the script logging system, ensuring that script logs in request logs do not display content from other sessions during concurrent execution.
· Removed the Wi-Fi Assist notification.
· When using UI to edit policy groups, you can now select Ponte devices.
· When creating temporary rules for remote devices, Ponte devices can be selected.
· Remote controllers support viewing and updating external resources of remote devices, compatible with Surge Mac and Surge tvOS.
· Icons for Ponte devices now display the device type.
· Improved details related to accessibility.
· Improved some UI details.
Bug Fixes
· Fixed some potential issues when editing the MITM Hostname list.
· Fixed an issue where, when creating rules for remote devices, the policy options might be local policies instead of remote policies.
· Fixed an issue where, when using iCloud sync, the local module selection might be deselected if the cache was cleared.
· Fixed an issue where switching to Dropbox sync was not possible.
· Fixed a problem where some card backgrounds were incomplete when expanded.
· Fixed an issue where modules added via Basic Auth URL could not auto-update.
· Fixed a problem in quick switch mode where, after switching from an IPv6 network to a non-IPv6 network, the v6-vif didn't correctly auto-turn off when set to auto..
Version 5.6.025 July 2023Enhancements
· Comprehensive optimization of the request list page
· Ponte device sharing can now be initiated and managed directly on iOS
· The name of the source device will be displayed when viewing external requests
· Profile list added Create Linked Profile option for quick creation of detached profile
· Changed the logic of accessing the data protection area, now Surge can be properly activated in the locked screen state. (Except after rebooting)
· Will prompt when a CA certificate expiration is detected
· Single request exported .zip files support import back into Surge iOS, and will be displayed in the favorite requests
· Performance optimization
Problem Fixes
· Fixed the issue that in the same round of policy testing, if different test URLs are mixed, the HTTP Header constructed in the secondary test may be incorrect, leading to abnormal test results
· Fixed the issue that the Panel refresh may not be executed correctly after the main program is opened from the background
· Fixed the issue that the policy group title options under the list policy group view may not update in time
· Fixed the issue that using the DIRECT strategy as underlying proxy might cause UDP failure
· Fixed the issue that when using the SSH protocol, if the server side is configured with a banner, it cannot handshake properly
· Fixed some issues that may occur under the Lucid theme on iPad
· Fixed the issue that SSID related functions may not work correctly in some cases
· Fixed some problems that may occur when using TUIC v5 as underlying-proxy
· Fixed the issue that when directly using IPv6 address as vmess hostname, if WebSocket is enabled, the WebSocket request cannot be correctly constructed
· Fixed the issue that the use of certain invalid data in the DOMAIN-SET rule may cause a crash
· Fixed the crash that may be caused by profile errors
· Fixed the issue that the returned data of the replayed request cannot be viewed if there is compression
· Fixed the issue that the device list cannot be loaded when there is only a shared Ponte device
· Fixed some crashes that may occur with DNS over HTTP3
· Fixed the issue that when Surge Ponte is in a subnet CIDR not a multiple of 8, it will judge incorrectly leading to non-use of LAN direct connection
· Fixed some problems that may occur when using Surge Ponte
· Optimized the logic of re-establishing the main connection after network switching in TUIC/Ponte.
Version 5.5.025 May 2023Interface
· New UI theme Lucid, derived from the design language of Surge Mac 5. (Feature Subscription required)
· Remote control device management supports remote modification of device icons. (Surge Mac needs to be updated to version 5.1.0)
Surge Ponte
· Surge Ponte supports cross-iCloud account sharing. (Surge Mac needs to be updated to version 5.1.0)
· Fixed issues that might occur when accessing HTTP/1.0 servers via Surge Ponte or TUIC protocol. (e.g. ASUS router management page)
Proxy Protocol Related
· Supports ShadowTLS v3. (Feature Subscription required)
· New feature: Adaptive TLS Fingerprint, see the manual for details.
· Fixed an issue where the reuse feature could not work properly under Snell V4.
· SSH protocol adds server public key fingerprint designation, see the manual for usage.
· Added UDP forwarding support for VMess protocol.
Scripts
· Scripts' $httpClient supports binary mode. · The body of the request supports TypedArray. · Passing in binary-mode: true in the request parameters allows the return result to be returned as TypedArray.
· Fixed the problem that `http-request` type scripts could not use binary data directly as response.
Others
· Policy group adds parameter `external-policy-modifier`, which can be used to adjust external policies.
· Optimized the request log system · Added category marks to the logs. · Rule system adds more output for DNS and rulesets.
· Swipe right on temporary rules to write the rules into permanent rules.
· Other bug fixes and optimizations..
Version 5.3.116 February 2023- Support for customizing the reserved bits of WireGuard, also known as the client ID or routing ID.
- Improved WireGuard handshake logic.
- Fixed some UDP forwarding problems.
- Fixed some text editor issues..
Version 5.3.002 February 2023New Subscription Feature: Temporary Rules
We have added the temporary rules feature in Surge Mac to the iOS version. Temporary rules will automatically disappear after Surge is stopped and will not be written to the profile for some temporary usage scenarios.
New subscription feature: Whois lookup
Quickly perform a Whois lookup to identify the domain or IP owner in the request details menu.
New feature: Proxy Detail View
Traffic statistics have been enhanced: - In addition to traffic statistics, the number of requests will now be recorded as well. - In addition to this month's data, last month's data will also be kept.
Bug fixes and minor improvements:
- JSON and text viewers support search on iOS 16
- Network switching no longer interrupts in-progress $httpClient requests.
- Fixed an issue where scripted requests would sometimes accidentally carry the x-surge header handled internally by Surge
- Fixed an issue that some requests constructed in a special way could not be matched by MITM hostnames.
- Fixed an issue that the LAN proxy and Dashboard may not be accessible if the fast-switch is configured.
- Fixed an issue that could occur when using the expanded card layout on iPad
- Fixed an issue that the Panel button is not showing on iOS 14..
Version 5.2.203 December 2022New Feature
- Gaming Optimization. Enabling it will prioritize UDP packets when the system load is very high, and packet processing is delayed.
- SOCKS5 proxy now supports UDP forwarding, as the server side does not consistently support UDP forwarding, the parameter udp-relay=true needs to be explicitly configured.
Minor Improvements
- URL regular expressions for Script, Rewrite, Mock, etc. will try to match URLs constructed in many different ways (e.g. Host field in Header) to solve the problem that some apps use custom DNS logic to request directly to IP addresses.
- Removed the silencing mechanism after UDP forwarding errors to avoid extra waiting time after switching networks.
- Added a workaround for suspend and subnet settings that may occur when the SSID is temporarily not available under iOS 16.
- The log view supports freezing now.
- The IPv6 switch no longer prevents direct access to IPv6 addresses when turned off. The switch is now limited to controlling whether the DNS Client requests AAAA records.
- Automatic disabling of AAAA queries due to DNS issues will be prompted in the Event Center instead of just in the logs.
- Fixed handling issue of generating IPv6 fragmentation when forwarding IPv6 UDP packets via WireGuard.
- The external policy group will skip the line and continue processing when it encounters invalid content instead of returning an error directly.
- Adjusted the buffering mechanism of raw TCP forwarding to avoid conflicts with some apps.
- Fixed REJECT requests not being marked as failed under MITM H2.
- Adjusted the output text under diagnostics.
- Other bug fixes..
Version 5.1.329 September 2022- Added a delayed update mode to the view of the recent request, which will automatically start when too many requests are received, to avoid the Surge main application from getting jammed.
- Optimized the check logic of ICMP traffic limit to avoid the alarm triggered by high concurrency in a very short period.
- Added a lock screen widget that can be used to quickly open Surge.
- Added a view to examine the modified profile after modules are applied.
- Added a new Siri action: enable or disable modules, which can be used with Shortcut..
Version 4.15.030 June 2022MITM over HTTP/2
- Surge now supports performing MITM with HTTP/2 protocol to improve concurrent performance.
- Surge now supports performing MITM on WebSocket connections.
Others
- You may use `doh-skip-cert-verification=true` to disable server certificate verification for DNS-over-HTTPS.
- Bug fixes..
Version 4.14.001 June 2022SSH Proxy Support
- You can use SSH protocol as a proxy protocol. The feature is equivalent to the ssh -D command.
- Both password and public key authentications are supported.
- All the four types of private keys, RSA/ECDSA/ED25519/DSA, are supported.
- Surge only supports curve25519-sha256 as the kex algorithm and aes128-gcm as the encryption algorithm. The SSH server must use OpenSSH v7.3 or above. (It should not be a problem since OpenSSH 7.3 was released in 2016.)
Keystore
- You may now save sensitive keystore items to the system keychain.
- You may now configure TLS client certificate authentication with the UI.
- You may use a keystore item as the CA certificate for MITM.
Others
- New rule type: IP-ASN. You may use the rule to match the autonomous system number of the remote address.
- The request details now include the ASN and ASO information of remote IP addresses.
- You can now enable/disable the rewrite rules and DNS local mapping items.
- The preview of SVG images is removed. You can use the new Web View to see the SVG image.
- Bug fixes..
Version 4.12.018 March 2022### New Feature: Personal Hotspot Proxy Access
- When using an iPhone/iPad as a hotspot, an HTTP or SOCKS5 proxy can be used on the client device to take over the traffic using Surge iOS.
- The proxy IP to be configured on the client is shown in the More Settings and the port number is the same as the WiFi proxy service.
### New Feature: Hybrid Network
- Instead of setting up connections with cellular data when the Wi-Fi network is poor, always set up connections with Wi-Fi and cellular data simultaneously.
- This feature can improve the network experience significantly on poor Wi-Fi or when the Wi-Fi network is switching.
### WireGuard
- WireGuard supports multiple peers.
- The allowed-ips now support multiple IP ranges.
- WireGuard supports preshared-key and keepalive.
- WireGuard supports peers with IPv6 endpoints. (But still no IPv6 tunnel support)
- WireGuard now supports underlying-proxy.
- The raw TCP connections are now relayed on the L3 layer if no high-level features are used.
### Detached Profile
- You can now include multiple detached profiles in one section. But the section will be marked read-only and can't be edited with UI.
#!include A.dconf, B.dconf
### Policy Group
- You can now temporarily override an auto test group or an SSID group's optimal option, until Surge restart or reload.
- The new parameter include-all-proxies=true is added to the policy group, which will include all proxy policies defined in the [Proxy] section, and can be used with the policy-regex-filter parameter for filtering.
- The new parameter include-other-group="group1,group2" is added to include policies from another policy group, and can include multiple policy groups separated by commas, also can be used with the policy-regex-filter parameter for filtering.
- include-all-proxies, include-other-group, and policy-path parameters are allowed to be used in a single policy group at the same time. The policy-regex-filter parameter applies to all three.
- There is an order of precedence among the policy groups for the include-other-group parameter, but there is no order of precedence among the include-all-proxies, include-other-group, and policy-path parameters. For scenarios where the order of sub-policies makes sense (e.g., fallback groups), use policy groups nesting with include-other-group.
### Subnet expression
- SSID Group is now upgraded to Subnet Group, which supports subnet expression.
- SSID Setting now supports subnet expression.
- The SUBNET rule now supports subnet expression.
- The [SSID Setting] can control the TCP Fast Open behavior now. Read the manual for more information.
- The [SSID Setting] can control the Wi-Fi assist and Hybrid Network behavior now. Read the manual for more information.
### Proxy Protocol
- The Trojan protocol now supports using WebSocket as the transport layer.
- Shadowsocks protocol now supports underlying-proxy for UDP relay.
- You may configure the UDP testing endpoint for proxies. e.g., proxy-test-udp = [email protected]
- You may benchmark a single proxy by long press on the proxy cell.
### Module
- New Official Module: Block HTTP3/QUIC
- Surge will check updates for installed modules automatically.
### Others
- Performance improvements.
- OpenSSL is now the default TLS engine.
- The managed profile can be opened with the text editor now.
- The default timeout of $httpClient is 5 seconds now.
- Reduced the app package size.
- You need to perform a one-time Dropbox re-authorization if you are using Dropbox syncing.
- Modules allow modifying the skip-server-cert-verify and tcp-connection parameters of [MITM].
- The client will get an ICMP connection refused message instead of TCP RST if a REJECT policy matches.
- Supports IPv6 addresses with scope ID.
- The Network diagnostics can test proxy UDP relay now.
- Bug fixes..
Version 4.10.003 December 2021- You may extend your Surge iOS Pro license to 6 devices for free. You may find the guidance in the License Management view.
New Features
- Sorting option in the request list.
- Supports remote rule editing for the remote controller.
- Added the effective order adjustment view for the module. You can now adjust the effective order of the module.
- Supports custom the policy IP TOS field. Example: test-policy = direct, tos=0xb8.
Other Improvements
- UI details refined.
- Performance improvements.
- Network changed notification message will display the data network operator. If network automatic switching is enabled, you can use the notification to confirm the current carrier.
- The URL query part of the HTTP request is no longer displayed in the request list. It is now displayed in the details view.
- Fixed the problem that the JavaScript script timeout mechanism might not work properly.
- Fixed an issue that could occur when a load-balance group contains another group.
- Removed the "All" option from traffic statistics, as it took too long to count all historical traffic when the feature had not been used for a long time.
- You may remove devices in DDNS and Cloud Notification views..
Version 4.9.428 October 2021Bug fixes.
Version 4.9.203 September 2021- Bug fixes.
Version 4.8.014 June 2021New Features:
- Request Display Filter
You may use multiple conditions to filter which requests to show.
- Web Dashboard
You may control Surge via a web browser on local or remote devices.
Other bug fixes and improvements..
Version 4.7.021 April 2021Rules
- New rule type: SUBNET, which can match SSID/BSSID/router IP address with a wildcard pattern.
- New rule type: CELLULAR-CARRIER, which can match the MCC-MNC code.
- New rule type: CELLULAR-RADIO, which can match the radio access technology of the cellular network.
Profile
- You may put partial sections into a detached file. See manual for more information.
HTTP API
- Added new profile related HTTP APIs, including GET /profiles, POST /profiles/check
- Added new device management HTTP APIs, including: GET /devices, POST /devices, GET /devices/icon
- The HTTP API, proxy services, and external controller now support listening on IPv6 addresses. (No UI supports. Manual profile editing is required.)
- You may now use 'http-api-tls=true' enable TLS for HTTP API access. (aka HTTPS-API)
Other bug fixes and improvements..
Version 4.6.026 February 2021Remote Controller
- You may use this remote controller to view real-time statistics, events and perform network diagnostics remotely.
- You may use the remote controller to control the DHCP server feature of Surge Mac, including adjusting each device's settings.
Cloud Notification
- You can receive Surge Mac's notifications on your iOS device.
Scripting
- You may execute a script with Siri or Shortcuts.
Policy Group
In this release, we completely refactored the policy group functionality, bringing the following changes:
1. The url-test/fallback/load-balance policy group can no longer be configured with a specific testing URL but with a global testing URL or a policy-configured testing URL. The policy's test results can be used directly in all policy group decisions, eliminating the need to retest each policy group individually.
2. All types of policy groups support mixed nesting. The only requirement is that no circular references can be used.
3. When a group policy is used as a sub-policy of the url-test/fallback/load-balance group. - The latency of the select/url-test/fallback/ssid group is the latency of the selected policy. - The latency of the load-balance group is the average of the latencies of all available policies.
4. The timeout parameter of a policy group marks policies with latency exceeding this parameter as unavailable when making decisions for the group. But the maximum time taken to test the policy group is controlled by the global test-timeout parameter. (Default is 5s)
5. When testing a group due to decision making, all sub-policies that the group may use are tested, including sub-policies of the sub-policy group.
6. You may use no-alert=true parameter to suppress notifications for particular groups..
Version 4.4.328 October 2020- Optimized for the iPhone 12 series.
- Modified requests are now marked with orange color.
- Bug fixes..