2.0.18

• Official builds now support TLS 1.3.
• The timeout for the initial connectivity check can now be set from the command line.
• An Accept: header is now always sent with GET queries.
• BOMs are now ignored in configuration files.
• In addition to SOCKS, HTTP and HTTPS proxies are now supported for DoH servers.

2.0.17

• Go >= 1.11 is now supported
• The flipside is that Windows XP is not supported any more :(
• When dropping privileges, there is no supervisor process any more.
• DNS options used to be cleared from DNS queries, with the exception of flags and payload sizes. This is not the case any more.
• Android builds use a newer NDK, and add compatibility with API 19.
• DoH queries are smaller, since workarounds are not required any more after Google updated their implementation.

2.0.16

2.0.16

2.0.15

• Support for proxies (HTTP/SOCKS) was added. All it takes to route all TCP queries to Tor is add proxy = "socks5://127.0.0.1:9050" to the configuration file.
• Querylog files have a new record indicating the outcome of each transaction.
• Pre-built binaries for Linux are statically linked on all architectures.

2.0.14

• Supports DNS-over-HTTPS draft 08.
• Netprobes don't use port 0 by default, as this causes issues with Little Snitch and FreeBSD.

2.0.13

2.0.13

2.0.12

• Further compatibility fixes for Alpine Linux/i386 and Android/i386 have been made. Thanks to @aead for his help!
• The proxy will now wait for network connectivity before starting. This is useful if the proxy is automatically started at boot, possibly before the network is fully configured.
• The IPv6 blocking module now returns synthetic SOA records to improve compatibility with downstream resolvers and stub resolvers.

2.0.11

• Version 2.0.11

• This release fixes a long-standing bug that caused the proxy to block or crash when Position-Independent Executables were produced.
  This bug only showed up when compiled on (not for) Alpine Linux and Android, for some CPU architectures.
• New configuration settings: cache_neg_min_ttl and cache_neg_max_ttl, to clamp the negative caching TTL.

2.0.10

2.0.10

2.0.9

• Whitelists have been implemented: one a name matches a pattern in the whitelist, rules from the name-based and IP-based blacklists will be bypassed. Whitelists support the same patterns as blacklists, as
  well as time-based rules, so that some website can be normally blocked, but accessible on specific days or times of the day.
• Lists are now faster to load, and large lists require significantly less memory than before.
• New options have been added to disable TLS session tickets as well as use a specific cipher suite. See the example configuration file for a recommended configuration to speed up DoH servers on ARM such as Android devices and Raspberry Pi.
• The -service install command now remembers what the current directory was when the service was installed, in order to later load configuration files with relative paths.
• DoH: The "Cache-Control: max-age" header is now ignored.
• Patterns can now be prefixed with = to do exact matching: =example.com matches example.com but will not match www.example.com.
• Patterns are now fully supported by the cloaking module.
• A new option was added to use a specific cipher suite instead of the server's provided one. Using RSA+ChaChaPoly over ECDSA+AES-GCM has shown to decrease CPU usage and latency when connecting to Cloudflare, especially on Mips and ARM systems.
• The ephemeral keys mode of dnscrypt-proxy v1.x was reimplemented: this creates a new unique key for every single query.