Update adguard/adguardhome Docker tag to v0.107.57

[klutchell-renovate]

This PR contains the following updates:

Package	Type	Update	Change
adguard/adguardhome (source)		patch	0.107.52 -> 0.107.57
adguard/adguardhome (source)	final	patch	v0.107.56 -> v0.107.57

---

Release Notes

AdguardTeam/AdGuardHome (adguard/adguardhome)

v0.107.57

Compare Source

See also the v0.107.57 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.23.6.

Added

• The ability to specify the upstream timeout in the Web UI.

Changed

• The Fastest IP address upstream mode now correctly collects statistics for all upstream DNS servers.

Fixed

• The hostnames of DHCP clients not being shown in the Top clients table on the dashboard (#​7627).
• The formatting of large numbers in the upstream table and query log (#​7590).

v0.107.56

Compare Source

See also the v0.107.56 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.23.5.

Added

• The new HTTP API POST /clients/search that finds clients by their IP addresses, CIDRs, MAC addresses, or ClientIDs. See openapi/openapi.yaml for the full description.

Deprecated

• The GET /clients/find HTTP API is deprecated. Use the new POST /clients/search API.

Fixed

• Request count link in the clients table (#​7513).

• The formatting of large numbers on the dashboard (#​7329).

v0.107.55

Compare Source

See also the v0.107.55 GitHub milestone.

Security

• The permission check and migration on Windows has been fixed to use the Windows security model more accurately (#​7400).

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.23.4.

• The Windows executables are now signed.

Added

• The --no-permcheck command-line option to disable checking and migration of permissions for the security-sensitive files and directories, which caused issues on Windows (#​7400).

Fixed

• Setup guide styles in Firefox.

• Goroutine leak during the upstream DNS server test (#​7357).

• Goroutine leak during configuration update resulting in increased response time ([#​6818]).

v0.107.54

Compare Source

See also the v0.107.54 GitHub milestone.

Security

• Incorrect handling of sensitive files permissions on Windows (#​7314).

Changed

• Improved filtering performance (#​6818).

Fixed

• Repetitive statistics log messages (#​7338).

• Custom client cache (#​7250).

• Missing runtime clients with information from the system hosts file on first AdGuard Home start (#​7315).

v0.107.53

Compare Source

See also the v0.107.53 GitHub milestone.

Security

• Previous versions of AdGuard Home allowed users to add any system file it had access to as filters, exposing them to be world-readable. To prevent this, AdGuard Home now allows adding filtering-rule list files only from files matching the patterns enumerated in the filtering.safe_fs_patterns property in the configuration file.

  We thank @​itz-d0dgy for reporting this vulnerability, designated CVE-2024-36814, to us.

• Additionally, AdGuard Home will now try to change the permissions of its files and directories to more restrictive ones to prevent similar vulnerabilities as well as limit the access to the configuration.

  We thank @​go-compile for reporting this vulnerability, designated CVE-2024-36586, to us.

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.23.2.

Added

• Support for 64-bit RISC-V architecture (#​5704).

• Ecosia search engine is now supported in safe search (#​5009).

Changed

• Upstream server URL domain names requirements has been relaxed and now follow the same rules as their domain specifications.

Configuration changes

In this release, the schema version has changed from 28 to 29.

• The new array filtering.safe_fs_patterns contains glob patterns for paths of files that can be added as local filtering-rule lists. The migration should add list files that have already been added, as well as the default value, $DATA_DIR/userfilters/*.

Fixed

• Property clients.runtime_sources.dhcp in the configuration file not taking effect.

• Stale Google safe search domains list (#​7155).

• Bing safe search from Edge sidebar (#​7154).

• Text overflow on the query log page (#​7119).

Known issues

• Due to the complexity of the Windows permissions architecture and poor support from the standard Go library, we have to postpone the proper automated Windows fix until the next release.

  Temporary workaround: Set the permissions of the AdGuardHome directory to more restrictive ones manually. To do that:

  1. Locate the AdGuardHome directory.

  2. Right-click on it and navigate to Properties → Security → Advanced.

  3. (You might need to disable permission inheritance to make them more restricted.)

  4. Adjust to give the Full control access to only the user which runs AdGuard Home. Typically, Administrator.

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[eiddor]

@klutchell Update itself seems fine, however:

1. The version in balena.yml isn't being updated, so we're still at 0.152.2+rev*

2. I've noticed recently with Renovate updates that I have to assign myself as a reviewer, refresh, and then I can approve. I don't remember having to do this until recently. Not a big deal, obviously, just a difference.

[klutchell]

I think I've fixed 1, not sure what the deal is with 2?

[eiddor]

I think I've fixed 1, not sure what the deal is with 2?

Not sure, honestly - It's happened with this one as well as the last pi-hole PR.