Merge branch 'master' into AGDNS-1982-upd-proxy

.github/workflows/build.yml

@@ -1,7 +1,7 @@
 'name': 'build'
 
 'env':
-  'GO_VERSION': '1.21.8'
+  'GO_VERSION': '1.22.2'
   'NODE_VERSION': '16'
 
 'on':

.github/workflows/lint.yml

@@ -1,7 +1,7 @@
 'name': 'lint'
 
 'env':
-  'GO_VERSION': '1.21.8'
+  'GO_VERSION': '1.22.2'
 
 'on':
   'push':

CHANGELOG.md

@@ -23,6 +23,11 @@ See also the [v0.107.47 GitHub milestone][ms-v0.107.47].
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
 
+### Security
+
+- Go version has been updated to prevent the possibility of exploiting the Go
+  vulnerabilities fixed in [Go 1.22.2][go-1.22.2].
+
 ### Changed
 
 - Time Zone Database is now embedded in the binary ([#6758]).
@@ -31,6 +36,7 @@ NOTE: Add new changes BELOW THIS COMMENT.
 
 ### Deprecated
 
+- Go 1.22 support.  Future versions will require at least Go 1.23 to build.
 - Currently, AdGuard Home uses a best-effort algorithm to fix invalid IDs of
   filtering-rule lists on startup.  This feature is deprecated, and invalid IDs
   will cause errors on startup in a future version.
@@ -42,11 +48,17 @@ NOTE: Add new changes BELOW THIS COMMENT.
 - Symbolic links to config YAML are replaced by a copy of the real file by AGH
   after startup ([#6717]).
 
+### Removed
+
+- Go 1.21 support.
+
 [#5829]: https://github.com/AdguardTeam/AdGuardHome/issues/5829
 [#6717]: https://github.com/AdguardTeam/AdGuardHome/issues/6717
 [#6758]: https://github.com/AdguardTeam/AdGuardHome/issues/6758
 [#6851]: https://github.com/AdguardTeam/AdGuardHome/issues/6851
 
+[go-1.22.2]: https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M/
+
 <!--
 NOTE: Add new changes ABOVE THIS COMMENT.
 -->

Makefile

@@ -27,7 +27,7 @@ DIST_DIR = dist
 GOAMD64 = v1
 GOPROXY = https://goproxy.cn|https://proxy.golang.org|direct
 GOSUMDB = sum.golang.google.cn
-GOTOOLCHAIN = go1.21.8
+GOTOOLCHAIN = go1.22.2
 GPG_KEY = devteam@adguard.com
 GPG_KEY_PASSPHRASE = not-a-real-password
 NPM = npm

README.md

@@ -205,7 +205,7 @@ Run `make init` to prepare the development environment.
 
 You will need this to build AdGuard Home:
 
-- [Go](https://golang.org/dl/) v1.20 or later;
+- [Go](https://golang.org/dl/) v1.22 or later;
 - [Node.js](https://nodejs.org/en/download/) v16 or later;
 - [npm](https://www.npmjs.com/) v8 or later;
 - [yarn](https://yarnpkg.com/) v1.22.5 or later.

bamboo-specs/release.yaml

@@ -8,7 +8,7 @@
 'variables':
     'channel': 'edge'
     'dockerFrontend': 'adguard/home-js-builder:1.1'
-    'dockerGo': 'adguard/go-builder:1.21.8--1'
+    'dockerGo': 'adguard/go-builder:1.22.2--1'
 
 'stages':
   - 'Build frontend':
@@ -266,7 +266,7 @@
         'variables':
             'channel': 'beta'
             'dockerFrontend': 'adguard/home-js-builder:1.1'
-            'dockerGo': 'adguard/go-builder:1.21.8--1'
+            'dockerGo': 'adguard/go-builder:1.22.2--1'
     # release-vX.Y.Z branches are the branches from which the actual final
     # release is built.
   - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@@ -282,4 +282,4 @@
         'variables':
             'channel': 'release'
             'dockerFrontend': 'adguard/home-js-builder:1.1'
-            'dockerGo': 'adguard/go-builder:1.21.8--1'
+            'dockerGo': 'adguard/go-builder:1.22.2--1'

bamboo-specs/test.yaml

@@ -6,7 +6,7 @@
     'name': 'AdGuard Home - Build and run tests'
 'variables':
     'dockerFrontend': 'adguard/home-js-builder:1.1'
-    'dockerGo': 'adguard/go-builder:1.21.8--1'
+    'dockerGo': 'adguard/go-builder:1.22.2--1'
     'channel': 'development'
 
 'stages':
@@ -195,5 +195,5 @@
         # may need to build a few of these.
         'variables':
             'dockerFrontend': 'adguard/home-js-builder:1.1'
-            'dockerGo': 'adguard/go-builder:1.21.8--1'
+            'dockerGo': 'adguard/go-builder:1.22.2--1'
             'channel': 'candidate'

client/src/__locales/fi.json

@@ -678,7 +678,7 @@
     "use_saved_key": "Käytä aiemmin tallennettua avainta",
     "parental_control": "Lapsilukko",
     "safe_browsing": "Turvallinen selaus",
-    "served_from_cache": "{{value}} <i>(jaettu välimuistista)</i>",
+    "served_from_cache_label": "Toimitettu välimuistista",
     "form_error_password_length": "Salasanan on oltava {{min}} - {{max}} merkkiä pitkä",
     "anonymizer_notification": "<0>Huomioi:</0> IP-osoitteen anonymisointi on käytössä. Voit poistaa sen käytöstä <1>Yleisistä asetuksista</1>.",
     "confirm_dns_cache_clear": "Haluatko varmasti tyhjentää DNS-välimuistin?",

client/src/__locales/id.json

@@ -117,8 +117,8 @@
     "refresh_statics": "Segarkan statistik",
     "dns_query": "Kueri DNS",
     "blocked_by": "<0>Diblokir oleh</0>",
-    "stats_malware_phishing": "Malware/phishing diblokir",
-    "stats_adult": "Situs dewasa diblokir",
+    "stats_malware_phishing": "Malware/phishing terblokir",
+    "stats_adult": "Situs dewasa terblokir",
     "stats_query_domain": "Kueri domain teratas",
     "for_last_hours": "selama {{count}} jam terakhir",
     "for_last_hours_plural": "selama {{count}} jam terakhir",
@@ -138,9 +138,9 @@
     "number_of_dns_query_days_plural": "Jumlah kueri DNS yang diproses selama {{count}} hari terakhir",
     "number_of_dns_query_hours": "Jumlah kueri DNS diproses selama {{{count}} jam terakhir",
     "number_of_dns_query_hours_plural": "Jumlah kueri DNS diproses selama {{count}} jam terakhir",
-    "number_of_dns_query_blocked_24_hours": "Julah DNS diblokir oleh penyaring adblock dan daftar blokir hosts",
-    "number_of_dns_query_blocked_24_hours_by_sec": "Jumlah perminataan DNS diblokir oleh modul Kemanan Penjelajahan AdGuard",
-    "number_of_dns_query_blocked_24_hours_adult": "Jumlah website dewasa diblokir",
+    "number_of_dns_query_blocked_24_hours": "Jumlah permintaan DNS yang diblokir oleh filter adblock dan daftar hitam host",
+    "number_of_dns_query_blocked_24_hours_by_sec": "Jumlah permintaan DNS yang diblokir oleh modul keamanan penjelajahan AdGuard",
+    "number_of_dns_query_blocked_24_hours_adult": "Jumlah situs web dewasa yang diblokir",
     "enforced_save_search": "Paksa pencarian aman",
     "number_of_dns_query_to_safe_search": "Jumlah perminataan DNS ke mesin pencari yang dipaksa Pencarian Aman",
     "average_processing_time": "Rata-rata waktu pemrosesan",
@@ -148,7 +148,7 @@
     "response_time": "Waktu respons",
     "average_processing_time_hint": "Rata-rata waktu dalam milidetik untuk pemrosesan sebuah permintaan DNS",
     "block_domain_use_filters_and_hosts": "Blokir domain menggunakan filter dan file hosts",
-    "filters_block_toggle_hint": "Anda dapat menyiapkan aturan pemblokiran di pengaturan <a>Penyaringan</a>.",
+    "filters_block_toggle_hint": "Anda dapat menyiapkan aturan pemblokiran dalam pengaturan <a>Filter</a>.",
     "use_adguard_browsing_sec": "Gunakan layanan web Keamanan Penjelajahan AdGuard",
     "use_adguard_browsing_sec_hint": "AdGuard Home akan memeriksa apakah domain diblokir oleh layanan web keamanan penjelajahan. Ini akan menggunakan API pencarian yang ramah privasi untuk melakukan pemeriksaan: hanya awalan singkat dari hash nama domain SHA256 yang dikirim ke server.",
     "use_adguard_parental": "Gunakan layanan web kontrol orang tua AdGuard",
@@ -291,7 +291,7 @@
     "custom_ip": "Custom IP",
     "blocking_ipv4": "Blokiran IPv4",
     "blocking_ipv6": "Blokiran IPv6",
-    "blocked_response_ttl": "Respons TTL yang diblokir",
+    "blocked_response_ttl": "Respons TTL terblokir",
     "blocked_response_ttl_desc": "Menentukan berapa detik klien harus menyimpan respons yang difilter dalam cache",
     "form_enter_blocked_response_ttl": "Masukkan TTL respons yang diblokir (detik)",
     "dnscrypt": "DNSCrypt",
@@ -322,9 +322,9 @@
     "rate_limit_whitelist": "Daftar pembatasan tarif yang diizinkan",
     "rate_limit_whitelist_desc": "Alamat IP dikecualikan dari pembatasan tarif",
     "rate_limit_whitelist_placeholder": "Masukkan satu alamat IP per baris",
-    "blocking_ipv4_desc": "Alamat IP akan dikembalikan untuk permintaan A yang diblokir",
-    "blocking_ipv6_desc": "Alamat IP akan dipulihkan untuk permintaan AAAA yang diblokir",
-    "blocking_mode_default": "Default: Tanggapi dengan alamat IP nol (0.0.0.0 untuk A; :: untuk AAAA) saat diblokir oleh aturan gaya Adblock; tanggapi dengan alamat IP yang ditentukan dalam aturan ketika diblokir oleh aturan gaya host /etc/",
+    "blocking_ipv4_desc": "Alamat IP yang akan dikembalikan untuk permintaan A yang diblokir",
+    "blocking_ipv6_desc": "Alamat IP yang akan dikembalikan untuk permintaan AAAA yang diblokir",
+    "blocking_mode_default": "Standar: Tanggapi dengan alamat IP nol (0.0.0.0 untuk A; :: untuk AAAA) saat diblokir oleh aturan gaya Adblock; tanggapi dengan alamat IP yang ditentukan dalam aturan ketika diblokir oleh aturan /etc/hosts-style",
     "blocking_mode_refused": "DITOLAK: Respon dengan kode DITOLAK",
     "blocking_mode_nxdomain": "NXDOMAIN: Respon pakai kode NXDOMAIN",
     "blocking_mode_null_ip": "Null IP: Respon pakai alamat IP kosong (0.0.0.0 untuk A; :: untuk AAAA)",
@@ -621,8 +621,8 @@
     "check_not_found": "Tidak di temukan di daftar penyaringan anda",
     "client_confirm_block": "Apa anda yakin ingin mem-blokir klien ini \"{{ip}}\"?",
     "client_confirm_unblock": "Apa anda yakin ingin meng-unblock klien ini \"{{ip}}\"?",
-    "client_blocked": "Klien \"{{ip}}\" sukses di blokir",
-    "client_unblocked": "Klien \"{{ip}}\" sukses di unblock",
+    "client_blocked": "Klien \"{{ip}}\" berhasil diblokir",
+    "client_unblocked": "Klien \"{{ip}}\" berhasil membuka blokir",
     "static_ip": "Alamat IP statis",
     "static_ip_desc": "AdGuard Home adalah server jadi perlu alamat IP statis agar berfungsi dengan benar. Jika tidak, pada titik tertentu, router Anda dapat menetapkan alamat IP yang berbeda untuk perangkat ini.",
     "set_static_ip": "Atur alamat IP statik",
@@ -640,8 +640,8 @@
     "show_whitelisted_responses": "Dalam Daftar Putih",
     "show_processed_responses": "Terproses",
     "blocked_safebrowsing": "Diblokir oleh Penjelajahan Aman",
-    "blocked_adult_websites": "Diblok oleh Kontrol Orang tua",
-    "blocked_threats": "Blokir Ancaman",
+    "blocked_adult_websites": "Diblokir oleh Kontrol Orang Tua",
+    "blocked_threats": "Ancaman terblokir",
     "allowed": "Dibolehkan",
     "filtered": "Tersaring",
     "rewritten": "Tulis ulang",

client/src/__locales/pl.json

@@ -678,7 +678,7 @@
     "use_saved_key": "Użyj wcześniej zapisanego klucza",
     "parental_control": "Kontrola rodzicielska",
     "safe_browsing": "Bezpieczne przeglądanie",
-    "served_from_cache": "{{value}} <i>(podawane z pamięci podręcznej)</i>",
+    "served_from_cache_label": "Podano z pamięci podręcznej",
     "form_error_password_length": "Hasło musi zawierać od {{min}} do {{max}} znaków",
     "anonymizer_notification": "<0>Uwaga:</0> Anonimizacja IP jest włączona. Możesz ją wyłączyć w <1>Ustawieniach ogólnych</1>.",
     "confirm_dns_cache_clear": "Czy na pewno chcesz wyczyścić pamięć podręczną DNS?",

client/src/__locales/zh-hk.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "用戶端設定",
     "example_upstream_reserved": "您可以<0>指定網域</0>使用特定 DNS 查詢",
+    "example_multiple_upstreams_reserved": "多個上游 <0>for 特定網域</0>;",
     "example_upstream_comment": "您可以指定註解",
     "upstream_parallel": "使用平行查詢，同時查詢所有上游伺服器來加速解析結果",
     "parallel_requests": "平行處理",
@@ -8,6 +9,9 @@
     "load_balancing_desc": "一次只查詢一個伺服器。AdGuard Home 會使用加權隨機取樣來選擇使用的查詢結果，以確保速度最快的伺服器能被充分運用。",
     "bootstrap_dns": "引導（Boostrap） DNS 伺服器",
     "bootstrap_dns_desc": "Bootstrap DNS 伺服器用於解析您所設定的上游 DoH/DoT 解析器的 IP 地址",
+    "fallback_dns_title": "備用 DNS 伺服器",
+    "fallback_dns_desc": "備用 DNS 伺服器列表：於主要 DNS 伺服器沒有回應時使用。語法與主要 DNS 伺服器設定欄位相同。",
+    "fallback_dns_placeholder": "每行輸入一個備用 DNS 伺服器",
     "local_ptr_title": "私人 DNS 伺服器",
     "local_ptr_desc": "AdGuard Home 用於區域 PTR 查詢的 DNS 伺服器。這些伺服器將用於解析具有私人 IP 位址的用戶端的主機名稱，例如  \"192.168.12.34\"，使用 rDNS。如果沒有設定，AdGuard Home 將自動使用您的系統預設 DNS 解析。",
     "local_ptr_default_resolver": "AdGuard Home 預設使用以下作為 DNS 反解器：{{ip}}",
@@ -37,17 +41,19 @@
     "dhcp_ipv6_settings": "DHCP IPv6 設定",
     "form_error_required": "必要欄位",
     "form_error_ip4_format": "無效的 IPv4 格式",
-    "form_error_ip6_format": "無效的 IPv6 格式",
     "form_error_ip4_gateway_format": "閘道的 IPv4 位址無效",
-    "form_error_ip_format": "無效的 IP 位址",
+    "form_error_ip6_format": "無效的 IPv6 格式",
+    "form_error_ip_format": "無效的 IP 格式",
     "form_error_mac_format": "無效的 「MAC 位址」格式",
     "form_error_client_id_format": "無效的「客戶端 ID」格式",
     "form_error_server_name": "無效伺服器名稱",
     "form_error_subnet": "子網路 \"{{cidr}}\" 不包含 IP 位址 \"{{ip}}\"",
     "form_error_positive": "數值必須大於 0",
+    "form_error_gateway_ip": "租約不能使用閘道器的 IP 位址",
     "out_of_range_error": "必須介於 \"{{start}}\" - \"{{end}}\" 範圍之外",
     "lower_range_start_error": "必須小於起始值",
     "greater_range_start_error": "必須大於起始值",
+    "subnet_error": "地址必須在同一個子網路中",
     "gateway_or_subnet_invalid": "無效子網路",
     "dhcp_form_gateway_input": "閘道 IP 位址",
     "dhcp_form_subnet_input": "子網路遮罩",
@@ -68,7 +74,9 @@
     "dhcp_dynamic_ip_found": "您的網路介面  <0>{{interfaceName}}</0> 正在使用動態 IP，要使用 DHCP 伺服器必須指定靜態 IP 給 AdGuard。\n目前您的 IP 位址  <0>{{ipAddress}}</0>，啟用 DHCP 後此 IP 將自動設定為靜態 IP 位址。",
     "dhcp_lease_added": "靜態租用 \"{{key}}\" 已新增成功",
     "dhcp_lease_deleted": "靜態租用 \"{{key}}\" 已刪除成功",
+    "dhcp_lease_updated": "靜態租約 \"{{key}}\" 已成功更新",
     "dhcp_new_static_lease": "新增靜態租用",
+    "dhcp_edit_static_lease": "編輯靜態租約",
     "dhcp_static_leases_not_found": "找不到 DHCP 靜態租用",
     "dhcp_add_static_lease": "新增靜態租用",
     "dhcp_reset_leases": "重置所有 DHCP 租約",
@@ -112,7 +120,8 @@
     "stats_malware_phishing": "已封鎖惡意軟體/網路釣魚",
     "stats_adult": "已封鎖成人網站",
     "stats_query_domain": "熱門查詢網域排行",
-    "for_last_24_hours": "過去 24 小時",
+    "for_last_hours": "在過去 {{count}} 小時",
+    "for_last_hours_plural": "在過去 {{count}} 小時裡",
     "for_last_days": "最近 {{count}} 天內",
     "for_last_days_plural": "最近 {{count}} 天內",
     "stats_disabled": "已禁用統計資料。您可以從<0>設定頁面</0>打開它。",
@@ -123,15 +132,20 @@
     "top_clients": "熱門用戶端排行",
     "no_clients_found": "找不到用戶端",
     "general_statistics": "一般統計資料",
+    "top_upstreams": "熱門上游伺服器",
+    "no_upstreams_data_found": "找不到上游數據",
     "number_of_dns_query_days": "過去 {{count}} 天內 DNS 查詢總數",
     "number_of_dns_query_days_plural": "過去 {{count}} 天內 DNS 查詢總數",
-    "number_of_dns_query_24_hours": "過去 24小時內 DNS 查詢總數",
+    "number_of_dns_query_hours": "過去 {{count}} 小時處理的 DNS 查詢數量",
+    "number_of_dns_query_hours_plural": "過去 {{count}} 小時處理的 DNS 查詢數量",
     "number_of_dns_query_blocked_24_hours": "已被廣告過濾器與主機黑名單封鎖 DNS 查詢總數",
     "number_of_dns_query_blocked_24_hours_by_sec": "已被 AdGuard 瀏覽安全模組封鎖的 DNS 查詢總數",
     "number_of_dns_query_blocked_24_hours_adult": "已封鎖成人網站總數",
     "enforced_save_search": "強制使用安全搜尋",
     "number_of_dns_query_to_safe_search": "已強制使用安全搜尋總數",
     "average_processing_time": "平均的處理時間",
+    "average_upstream_response_time": "平均上游伺服器回應時間",
+    "response_time": "回應時間",
     "average_processing_time_hint": "處理 DNS 請求的平均時間(毫秒)",
     "block_domain_use_filters_and_hosts": "使用過濾器與 hosts 檔案阻擋網域查詢",
     "filters_block_toggle_hint": "您可在<a>過濾器</a>設定中設定封鎖規則。",
@@ -156,6 +170,7 @@
     "upstream_dns_configured_in_file": "設定在 {{path}}",
     "test_upstream_btn": "測試上游 DNS",
     "upstreams": "上游",
+    "upstream": "上游伺服器",
     "apply_btn": "套用",
     "disabled_filtering_toast": "已停用過濾",
     "enabled_filtering_toast": "已啟用過濾",
@@ -164,6 +179,7 @@
     "disabled_parental_toast": "已停用家長監護",
     "enabled_parental_toast": "已啟用家長監護",
     "disabled_safe_search_toast": "已停用安全搜尋",
+    "enabled_save_search_toast": "已啟用安全搜尋",
     "updated_save_search_toast": "已更新安全搜尋設定",
     "enabled_table_header": "啟用",
     "name_table_header": "名稱",
@@ -206,24 +222,29 @@
     "example_comment_hash": "# Also a comment",
     "example_regex_meaning": "使用正規表示式（Regular Expression）來阻止對應的網域查詢",
     "example_upstream_regular": "一般 DNS（透過 UDP）",
+    "example_upstream_regular_port": "一般 DNS（透過 UDP，連接埠）",
+    "example_upstream_udp": "一般 DNS（透過 UDP，主機名稱）",
     "example_upstream_dot": "<0>DNS-over-TLS</0>（流量加密）",
     "example_upstream_doh": "<0>DNS-over-HTTPS</0>（流量加密）",
+    "example_upstream_doh3": "使 DNS-over-HTTPS 強制使用 <0>HTTP/3</0> ，並禁止使用後備 HTTP/2 或更低版本；",
     "example_upstream_doq": "加密 <0>DNS-over-QUIC</0>",
     "example_upstream_sdns": "您可以使透過 <0>DNS Stamps</0> 來解析  <1>DNSCrypt</1> 或 <2>DNS-over-HTTPS</2>",
     "example_upstream_tcp": "一般 DNS（透過 TCP）",
-    "example_upstream_regular_port": "一般 DNS（透過 UDP，連接埠）",
-    "example_upstream_udp": "一般 DNS（透過 UDP，主機名稱）",
     "example_upstream_tcp_port": "一般 DNS（透過 TCP，連接埠）",
     "example_upstream_tcp_hostname": "一般 DNS（透過 TCP，主機名稱）",
     "all_lists_up_to_date_toast": "所有清單已更新至最新",
+    "updated_upstream_dns_toast": "已更新上游 DNS 伺服器",
     "dns_test_ok_toast": "設定中的 DNS 上游運作正常",
     "dns_test_not_ok_toast": "DNS 設定中的 \"{{key}}\" 出現錯誤，請確認是否正確輸入",
+    "dns_test_parsing_error_toast": "在 {{section}} 部分中：第 {{line}} 行：無法使用，請檢查您是否有正確地填寫",
+    "dns_test_warning_toast": "上游伺服器 \"{{key}}\" 沒有回應測試請求，可能無法正常運作",
     "unblock": "解除封鎖",
     "block": "封鎖",
     "disallow_this_client": "不允許此用戶端",
     "allow_this_client": "允許此用戶端",
     "block_for_this_client_only": "僅封鎖此用戶端",
     "unblock_for_this_client_only": "僅解除封鎖此用戶端",
+    "add_persistent_client": "加入到用戶端",
     "time_table_header": "時間",
     "date": "日期",
     "domain_name_table_header": "域名",
@@ -270,6 +291,9 @@
     "custom_ip": "自訂 IP 位址",
     "blocking_ipv4": "封鎖 IPv4",
     "blocking_ipv6": "封鎖 IPv6",
+    "blocked_response_ttl": "阻塞響應 TTL",
+    "blocked_response_ttl_desc": "指定客戶端應快取過濾回應的秒數",
+    "form_enter_blocked_response_ttl": "輸入已封鎖的回應 TTL（秒）",
     "dnscrypt": "DNSCrypt",
     "dns_over_https": "DNS-over-HTTPS",
     "dns_over_tls": "DNS-over-TLS",
@@ -288,6 +312,16 @@
     "edns_use_custom_ip": "使用自訂 EDNS IP",
     "edns_use_custom_ip_desc": "允許使用自訂 EDNS IP",
     "rate_limit_desc": "限制單一裝置每秒發出的查詢次數（設定為 0 即表示無限制）",
+    "rate_limit_subnet_len_ipv4": "IPv4 位址的子網路前綴長度",
+    "rate_limit_subnet_len_ipv4_desc": "用於速率限制的 IPv4 位址的子網路前綴長度。 預設為 24",
+    "rate_limit_subnet_len_ipv4_error": "IPv4 子網路前綴長度應介於 0 到 32 之間",
+    "rate_limit_subnet_len_ipv6": "IPv6 位址的子網路前綴長度",
+    "rate_limit_subnet_len_ipv6_desc": "用於速率限制的 IPv6 位址的子網路前綴長度。 預設為 56",
+    "rate_limit_subnet_len_ipv6_error": "IPv6 子網路前綴長度應介於 0 到 128 之間",
+    "form_enter_rate_limit_subnet_len": "輸入速率限制的子網路前綴長度",
+    "rate_limit_whitelist": "速率限制白名單",
+    "rate_limit_whitelist_desc": "排除在速率限制之外的 IP 位址",
+    "rate_limit_whitelist_placeholder": "每行輸入一個 IP 地址",
     "blocking_ipv4_desc": "回覆指定 IPv4 位址給被封鎖的網域的 A 紀錄查詢",
     "blocking_ipv6_desc": "回覆指定 IPv6 位址給被封鎖的網域的 AAAA 紀錄查詢",
     "blocking_mode_default": "預設：被 Adblock 規則封鎖時回應零值的 IP 位址（A 紀錄回應 0.0.0.0 ，AAAA 紀錄回應 ::）；被 /etc/hosts 規則封鎖時回應規則中指定 IP 位址",
@@ -391,6 +425,9 @@
     "encryption_hostnames": "主機名稱",
     "encryption_reset": "您確定要重設加密設定嗎？",
     "encryption_warning": "警告",
+    "encryption_plain_dns_enable": "啟用一般 DNS",
+    "encryption_plain_dns_desc": "預設情況下已啟用一般 DNS。您可以將其停用以強制所有裝置使用加密 DNS。要執行此操作，您必須啟用至少一個加密的 DNS 協定。",
+    "encryption_plain_dns_error": "若要停用一般 DNS，請啟用至少一個加密的 DNS 協定",
     "topline_expiring_certificate": "您的 SSL 憑證即將到期。請前往<0>加密設定</0>更新。",
     "topline_expired_certificate": "您的 SSL 憑證已到期。請前往<0>加密設定</0>更新。",
     "form_error_port_range": "輸入範圍 80-65535 中的值",
@@ -430,6 +467,7 @@
     "form_add_id": "新增識別碼",
     "form_client_name": "輸入用戶端名稱",
     "name": "名稱",
+    "client_name": "客戶端 {{id}}",
     "client_global_settings": "使用全域設定",
     "client_deleted": "已刪除「{{key}}」",
     "client_added": "已新增「{{key}}」",
@@ -451,6 +489,7 @@
     "updates_checked": "檢查更新成功",
     "updates_version_equal": "AdGuard Home 是最新的版本",
     "check_updates_now": "立即檢查更新",
+    "version_request_error": "更新檢查失敗。請檢查您的網絡連線。",
     "dns_privacy": "DNS 隱私",
     "setup_dns_privacy_1": "<0>DNS-over-TLS：</0>使用 <1>{{address}}</1>。",
     "setup_dns_privacy_2": "<0>DNS-over-HTTPS：</0>使用 <1>{{address}}</1>。",
@@ -471,6 +510,7 @@
     "setup_dns_notice": "要使用  <1>DNS-over-HTTPS</1> 或 <1>DNS-over-TLS</1>，您必須先在 AdGuard Home 完成 <0>加密設定</0>。",
     "rewrite_added": "「{{key}}」的 DNS 覆寫新增成功",
     "rewrite_deleted": "「{{key}}」的 DNS 覆寫刪除成功",
+    "rewrite_updated": "已更新 DNS 覆寫",
     "rewrite_add": "新增 DNS 覆寫",
     "rewrite_edit": "編輯 DNS 覆寫",
     "rewrite_not_found": "找不到 DNS 覆寫",
@@ -522,6 +562,8 @@
     "statistics_enable": "啟用統計數據",
     "ignore_domains": "已忽略網域（每行一個）",
     "ignore_domains_title": "已忽略網域",
+    "ignore_domains_desc_stats": "符合這些規則的查詢不會被計入統計資料中",
+    "ignore_domains_desc_query": "符合這些規則的查詢不會被寫入查詢記錄中",
     "interval_hours": "{{count}} 小時",
     "interval_hours_plural": "{{count}} 小時",
     "filters_configuration": "過濾器設定",
@@ -631,10 +673,19 @@
     "click_to_view_queries": "按一下以檢視查詢結果",
     "port_53_faq_link": "連接埠 53 經常被「DNSStubListener」或「systemd-resolved」服務佔用。請閱讀下列有關解決<0>這個問題</0>的說明",
     "adg_will_drop_dns_queries": "AdGuard Home 將停止回應此用戶端的所有 DNS 查詢。",
+    "filter_allowlist": "警告：此操作同時會將規則 \"{{disallowed_rule}}\" 從允許的客戶端清單中排除。",
+    "last_rule_in_allowlist": "無法停用此客戶端，因為排除規則「{{disallowed_rule}}」會導致「允許的用戶端」清單停用。",
+    "use_saved_key": "使用先前儲存的鍵",
+    "parental_control": "家長監護",
     "safe_browsing": "安全瀏覽",
-    "served_from_cache": "{{value}} <i>(由快取回應)</i>",
+    "served_from_cache_label": "由快取回應",
     "form_error_password_length": "密碼必須至少 {{value}} 個字元長度",
+    "anonymizer_notification": "<0>注意</0>: 已啟用 IP 去識別化。您可以在<1>一般設定</1>中停用它。",
+    "confirm_dns_cache_clear": "您確定要清除 DNS 快取嗎？",
+    "cache_cleared": "DNS 快取成功清除",
+    "clear_cache": "清除快取",
     "make_static": "新增為靜態",
+    "theme_auto_desc": "自動（根據裝置調整）",
     "theme_dark_desc": "深色主題",
     "theme_light_desc": "淺色主題",
     "disable_for_seconds": "{{count}} 秒",
@@ -649,11 +700,48 @@
     "disable_notify_for_minutes": "暫停防護 {{count}} 分鐘",
     "disable_notify_for_minutes_plural": "暫停防護 {{count}} 分鐘",
     "disable_notify_for_hours": "暫停防護 {{count}} 小時",
+    "disable_notify_for_hours_plural": "停用保護 {{count}} 小時",
+    "disable_notify_until_tomorrow": "停用保護直至明天",
+    "enable_protection_timer": "保護功能將在 {{time}} 啟用",
+    "custom_retention_input": "輸入保存時長（單位：小時）",
+    "custom_rotation_input": "請輸入輪替週期（單位：小時）",
+    "protection_section_label": "保護",
+    "log_and_stats_section_label": "查詢日誌與統計資料",
+    "ignore_query_log": "在查詢日誌中忽略此客戶端",
+    "ignore_statistics": "在統計資料中忽略此客戶端",
+    "schedule_services": "暫停服務封鎖",
+    "schedule_services_desc": "設定服務封鎖過濾器的暫停排程",
+    "schedule_services_desc_client": "針對此用戶端，設定服務阻擋的暫停排程",
+    "schedule_desc": "設定已封鎖服務的閒置時段",
+    "schedule_invalid_select": "開始時間必須在結束時間之前",
+    "schedule_select_days": "選擇天數",
+    "schedule_timezone": "選擇時區",
+    "schedule_current_timezone": "目前時區：{{value}}",
+    "schedule_time_all_day": "全天",
+    "schedule_modal_description": "這個排程將會取代同一星期中所有現有的排程。每一天只能有一個閒置時段。",
+    "schedule_modal_time_off": "沒有封鎖服務：",
+    "schedule_new": "新排程",
+    "schedule_edit": "編輯排程",
+    "schedule_save": "儲存排程",
+    "schedule_add": "新增排程",
+    "schedule_remove": "移除排程",
+    "schedule_from": "從",
+    "schedule_to": "至",
+    "sunday": "星期日",
+    "monday": "星期一",
+    "tuesday": "星期二",
+    "wednesday": "星期三",
+    "thursday": "星期四",
+    "friday": "星期五",
+    "saturday": "星期六",
     "sunday_short": "週日",
     "monday_short": "週一",
     "tuesday_short": "週二",
     "wednesday_short": "週三",
     "thursday_short": "週四",
     "friday_short": "週五",
-    "saturday_short": "週六"
+    "saturday_short": "週六",
+    "upstream_dns_cache_configuration": "上游 DNS 快取設定",
+    "enable_upstream_dns_cache": "為此客戶端的自訂上游設定啟用 DNS 快取",
+    "dns_cache_size": "DNS 快取大小（bytes）"
 }

client/src/helpers/filters/filters.js

@@ -190,6 +190,12 @@ export default {
             "homepage": "https://github.com/hagezi/dns-blocklists#piracy",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_46.txt"
         },
+        "hagezi_badware_hoster_blocklist": {
+            "name": "HaGeZi's Badware Hoster Blocklist",
+            "categoryId": "security",
+            "homepage": "https://github.com/hagezi/dns-blocklists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_55.txt"
+        },
         "hagezi_dyndns_blocklist": {
             "name": "HaGeZi's DynDNS Blocklist",
             "categoryId": "security",
@@ -226,6 +232,12 @@ export default {
             "homepage": "https://github.com/hagezi/dns-blocklists",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_51.txt"
         },
+        "hagezi_the_worlds_most_abused_tlds": {
+            "name": "HaGeZi's The World's Most Abused TLDs",
+            "categoryId": "security",
+            "homepage": "https://github.com/hagezi/dns-blocklists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_56.txt"
+        },
         "hagezi_threat_intelligence_feeds": {
             "name": "HaGeZi's Threat Intelligence Feeds",
             "categoryId": "security",

go.mod

@@ -1,6 +1,6 @@
 module github.com/AdguardTeam/AdGuardHome
 
-go 1.21.8
+go 1.22.2
 
 require (
 	github.com/AdguardTeam/dnsproxy v0.67.1-0.20240403090357-a2c0e321a217
@@ -34,7 +34,7 @@ require (
 	go.etcd.io/bbolt v1.3.9
 	golang.org/x/crypto v0.21.0
 	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
-	golang.org/x/net v0.22.0
+	golang.org/x/net v0.23.0
 	golang.org/x/sys v0.18.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1

go.sum

@@ -145,8 +145,8 @@ golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
-golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=

internal/aghalg/aghalg.go

@@ -10,29 +10,8 @@ import (
 	"golang.org/x/exp/constraints"
 )
 
-// Coalesce returns the first non-zero value.  It is named after function
-// COALESCE in SQL.  If values or all its elements are empty, it returns a zero
-// value.
-//
-// T is comparable, because Go currently doesn't have a comparableWithZeroValue
-// constraint.
-//
-// TODO(a.garipov): Think of ways to merge with [CoalesceSlice].
-func Coalesce[T comparable](values ...T) (res T) {
-	var zero T
-	for _, v := range values {
-		if v != zero {
-			return v
-		}
-	}
-
-	return zero
-}
-
 // CoalesceSlice returns the first non-zero value.  It is named after function
 // COALESCE in SQL.  If values or all its elements are empty, it returns nil.
-//
-// TODO(a.garipov): Think of ways to merge with [Coalesce].
 func CoalesceSlice[E any, S []E](values ...S) (res S) {
 	for _, v := range values {
 		if v != nil {

internal/aghalg/ringbuffer_test.go

@@ -33,7 +33,7 @@ func elements(b *aghalg.RingBuffer[int], n uint, reverse bool) (es []int) {
 func TestNewRingBuffer(t *testing.T) {
 	t.Run("success_and_clear", func(t *testing.T) {
 		b := aghalg.NewRingBuffer[int](5)
-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			b.Append(i)
 		}
 		assert.Equal(t, []int{5, 6, 7, 8, 9}, elements(b, b.Len(), false))
@@ -44,7 +44,7 @@ func TestNewRingBuffer(t *testing.T) {
 
 	t.Run("zero", func(t *testing.T) {
 		b := aghalg.NewRingBuffer[int](0)
-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			b.Append(i)
 			bufLen := b.Len()
 			assert.EqualValues(t, 0, bufLen)
@@ -55,7 +55,7 @@ func TestNewRingBuffer(t *testing.T) {
 
 	t.Run("single", func(t *testing.T) {
 		b := aghalg.NewRingBuffer[int](1)
-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			b.Append(i)
 			bufLen := b.Len()
 			assert.EqualValues(t, 1, bufLen)
@@ -94,7 +94,7 @@ func TestRingBuffer_Range(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			for i := 0; i < tc.count; i++ {
+			for i := range tc.count {
 				b.Append(i)
 			}
 

internal/aghalg/sortedmap_test.go

@@ -11,7 +11,7 @@ func TestNewSortedMap(t *testing.T) {
 	var m SortedMap[string, int]
 
 	letters := []string{}
-	for i := 0; i < 10; i++ {
+	for i := range 10 {
 		r := string('a' + rune(i))
 		letters = append(letters, r)
 	}

internal/aghos/filewalker.go

@@ -97,6 +97,8 @@ func (fw FileWalker) Walk(fsys fs.FS, initial ...string) (ok bool, err error) {
 	var filename string
 	defer func() { err = errors.Annotate(err, "checking %q: %w", filename) }()
 
+	// TODO(e.burkov):  Redo this loop, as it modifies the very same slice it
+	// iterates over.
 	for i := 0; i < len(src); i++ {
 		var patterns []string
 		var cont bool

internal/aghrenameio/renameio_test.go

@@ -78,7 +78,6 @@ func TestWithDeferredCleanup(t *testing.T) {
 	}}
 
 	for _, tc := range testCases {
-		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 

internal/client/addrproc_test.go

@@ -91,8 +91,6 @@ func TestDefaultAddrProc_Process_rDNS(t *testing.T) {
 	}}
 
 	for _, tc := range testCases {
-		tc := tc
-
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 
@@ -186,8 +184,6 @@ func TestDefaultAddrProc_Process_WHOIS(t *testing.T) {
 	}}
 
 	for _, tc := range testCases {
-		tc := tc
-
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 

internal/configmigrate/v15.go

@@ -1,5 +1,7 @@
 package configmigrate
 
+import "github.com/AdguardTeam/golibs/errors"
+
 // migrateTo15 performs the following changes:
 //
 //	# BEFORE:
@@ -43,7 +45,7 @@ func migrateTo15(diskConf yobj) (err error) {
 	}
 	diskConf["querylog"] = qlog
 
-	return coalesceError(
+	return errors.Join(
 		moveVal[bool](dns, qlog, "querylog_enabled", "enabled"),
 		moveVal[bool](dns, qlog, "querylog_file_enabled", "file_enabled"),
 		moveVal[any](dns, qlog, "querylog_interval", "interval"),

internal/configmigrate/v24.go

@@ -1,5 +1,7 @@
 package configmigrate
 
+import "github.com/AdguardTeam/golibs/errors"
+
 // migrateTo24 performs the following changes:
 //
 //	# BEFORE:
@@ -28,7 +30,7 @@ func migrateTo24(diskConf yobj) (err error) {
 	diskConf["schema_version"] = 24
 
 	logObj := yobj{}
-	err = coalesceError(
+	err = errors.Join(
 		moveVal[string](diskConf, logObj, "log_file", "file"),
 		moveVal[int](diskConf, logObj, "log_max_backups", "max_backups"),
 		moveVal[int](diskConf, logObj, "log_max_size", "max_size"),

internal/configmigrate/v26.go

@@ -1,5 +1,7 @@
 package configmigrate
 
+import "github.com/AdguardTeam/golibs/errors"
+
 // migrateTo26 performs the following changes:
 //
 //	# BEFORE:
@@ -78,7 +80,7 @@ func migrateTo26(diskConf yobj) (err error) {
 	}
 
 	filteringObj := yobj{}
-	err = coalesceError(
+	err = errors.Join(
 		moveSameVal[bool](dns, filteringObj, "filtering_enabled"),
 		moveSameVal[int](dns, filteringObj, "filters_update_interval"),
 		moveSameVal[bool](dns, filteringObj, "parental_enabled"),

internal/configmigrate/v7.go

@@ -1,5 +1,7 @@
 package configmigrate
 
+import "github.com/AdguardTeam/golibs/errors"
+
 // migrateTo7 performs the following changes:
 //
 //	# BEFORE:
@@ -37,7 +39,7 @@ func migrateTo7(diskConf yobj) (err error) {
 	}
 
 	dhcpv4 := yobj{}
-	err = coalesceError(
+	err = errors.Join(
 		moveSameVal[string](dhcp, dhcpv4, "gateway_ip"),
 		moveSameVal[string](dhcp, dhcpv4, "subnet_mask"),
 		moveSameVal[string](dhcp, dhcpv4, "range_start"),

internal/configmigrate/yaml.go

@@ -50,19 +50,3 @@ func moveVal[T any](src, dst yobj, srcKey, dstKey string) (err error) {
 func moveSameVal[T any](src, dst yobj, key string) (err error) {
 	return moveVal[T](src, dst, key, key)
 }
-
-// coalesceError returns the first non-nil error.  It is named after function
-// COALESCE in SQL.  If all errors are nil, it returns nil.
-//
-// TODO(e.burkov): Replace with [errors.Join].
-//
-// TODO(a.garipov): Think of ways to merge with [aghalg.Coalesce].
-func coalesceError(errors ...error) (res error) {
-	for _, err := range errors {
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}

internal/dnsforward/dns64_test.go

@@ -268,8 +268,6 @@ func TestServer_HandleDNSRequest_dns64(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
-		tc := tc
-
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 

internal/dnsforward/dnsforward.go

@@ -2,6 +2,7 @@
 package dnsforward
 
 import (
+	"cmp"
 	"context"
 	"fmt"
 	"io"
@@ -15,7 +16,6 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/client"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
@@ -833,5 +833,5 @@ func (s *Server) IsBlockedClient(ip netip.Addr, clientID string) (blocked bool,
 		blocked = true
 	}
 
-	return blocked, aghalg.Coalesce(rule, clientID)
+	return blocked, cmp.Or(rule, clientID)
 }

internal/dnsforward/dnsforward_test.go

@@ -1,6 +1,7 @@
 package dnsforward
 
 import (
+	"cmp"
 	"context"
 	"crypto/ecdsa"
 	"crypto/rand"
@@ -21,7 +22,6 @@ import (
 	"testing/fstest"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
@@ -190,7 +190,7 @@ func newGoogleUpstream() (u upstream.Upstream) {
 	return &aghtest.UpstreamMock{
 		OnAddress: func() (addr string) { return "google.upstream.example" },
 		OnExchange: func(req *dns.Msg) (resp *dns.Msg, err error) {
-			return aghalg.Coalesce(
+			return cmp.Or(
 				aghtest.MatchedResponse(req, dns.TypeA, googleDomainName, "8.8.8.8"),
 				new(dns.Msg).SetRcode(req, dns.RcodeNameError),
 			), nil
@@ -253,7 +253,7 @@ func sendTestMessagesAsync(t *testing.T, conn *dns.Conn) {
 
 	wg := &sync.WaitGroup{}
 
-	for i := 0; i < testMessagesCount; i++ {
+	for range testMessagesCount {
 		msg := createGoogleATestMessage()
 		wg.Add(1)
 
@@ -276,7 +276,7 @@ func sendTestMessagesAsync(t *testing.T, conn *dns.Conn) {
 func sendTestMessages(t *testing.T, conn *dns.Conn) {
 	t.Helper()
 
-	for i := 0; i < testMessagesCount; i++ {
+	for i := range testMessagesCount {
 		req := createGoogleATestMessage()
 		err := conn.WriteMsg(req)
 		assert.NoErrorf(t, err, "cannot write message #%d: %s", i, err)
@@ -691,7 +691,7 @@ func TestServerCustomClientUpstream(t *testing.T) {
 	ups := aghtest.NewUpstreamMock(func(req *dns.Msg) (resp *dns.Msg, err error) {
 		atomic.AddUint32(&upsCalledCounter, 1)
 
-		return aghalg.Coalesce(
+		return cmp.Or(
 			aghtest.MatchedResponse(req, dns.TypeA, "host", "192.168.0.1"),
 			new(dns.Msg).SetRcode(req, dns.RcodeNameError),
 		), nil
@@ -1152,7 +1152,7 @@ func TestRewrite(t *testing.T) {
 	}))
 
 	ups := aghtest.NewUpstreamMock(func(req *dns.Msg) (resp *dns.Msg, err error) {
-		return aghalg.Coalesce(
+		return cmp.Or(
 			aghtest.MatchedResponse(req, dns.TypeA, "example.org", "4.3.2.1"),
 			new(dns.Msg).SetRcode(req, dns.RcodeNameError),
 		), nil
@@ -1481,7 +1481,7 @@ func TestServer_Exchange(t *testing.T) {
 	require.NoError(t, err)
 
 	extUpsHdlr := dns.HandlerFunc(func(w dns.ResponseWriter, req *dns.Msg) {
-		resp := aghalg.Coalesce(
+		resp := cmp.Or(
 			aghtest.MatchedResponse(req, dns.TypePTR, onesRevExtIPv4, dns.Fqdn(onesHost)),
 			doubleTTL(aghtest.MatchedResponse(req, dns.TypePTR, twosRevExtIPv4, dns.Fqdn(twosHost))),
 			new(dns.Msg).SetRcode(req, dns.RcodeNameError),
@@ -1495,7 +1495,7 @@ func TestServer_Exchange(t *testing.T) {
 	require.NoError(t, err)
 
 	locUpsHdlr := dns.HandlerFunc(func(w dns.ResponseWriter, req *dns.Msg) {
-		resp := aghalg.Coalesce(
+		resp := cmp.Or(
 			aghtest.MatchedResponse(req, dns.TypePTR, revLocIPv4, dns.Fqdn(localDomainHost)),
 			new(dns.Msg).SetRcode(req, dns.RcodeNameError),
 		)

internal/dnsforward/process_internal_test.go

@@ -1,11 +1,11 @@
 package dnsforward
 
 import (
+	"cmp"
 	"net"
 	"net/netip"
 	"testing"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
@@ -71,8 +71,6 @@ func TestServer_ProcessInitial(t *testing.T) {
 	}}
 
 	for _, tc := range testCases {
-		tc := tc
-
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 
@@ -172,8 +170,6 @@ func TestServer_ProcessFilteringAfterResponse(t *testing.T) {
 	}}
 
 	for _, tc := range testCases {
-		tc := tc
-
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 
@@ -639,7 +635,7 @@ func TestServer_HandleDNSRequest_restrictLocal(t *testing.T) {
 	)
 
 	localUpsHdlr := dns.HandlerFunc(func(w dns.ResponseWriter, req *dns.Msg) {
-		resp := aghalg.Coalesce(
+		resp := cmp.Or(
 			aghtest.MatchedResponse(req, dns.TypePTR, extPTRQuestion, extPTRAnswer),
 			aghtest.MatchedResponse(req, dns.TypePTR, intPTRQuestion, intPTRAnswer),
 			(&dns.Msg{}).SetRcode(req, dns.RcodeNameError),
@@ -758,7 +754,7 @@ func TestServer_ProcessUpstream_localPTR(t *testing.T) {
 	const reqAddr = "1.1.168.192.in-addr.arpa."
 
 	localUpsHdlr := dns.HandlerFunc(func(w dns.ResponseWriter, req *dns.Msg) {
-		resp := aghalg.Coalesce(
+		resp := cmp.Or(
 			aghtest.MatchedResponse(req, dns.TypePTR, reqAddr, locDomain),
 			(&dns.Msg{}).SetRcode(req, dns.RcodeNameError),
 		)

internal/filtering/filtering_test.go

@@ -200,7 +200,7 @@ func TestParallelSB(t *testing.T) {
 	t.Cleanup(d.Close)
 
 	t.Run("group", func(t *testing.T) {
-		for i := 0; i < 100; i++ {
+		for i := range 100 {
 			t.Run(fmt.Sprintf("aaa%d", i), func(t *testing.T) {
 				t.Parallel()
 				d.checkMatch(t, sbBlocked, setts)
@@ -670,7 +670,7 @@ func BenchmarkSafeBrowsing(b *testing.B) {
 	}, nil)
 	b.Cleanup(d.Close)
 
-	for n := 0; n < b.N; n++ {
+	for range b.N {
 		res, err := d.CheckHost(sbBlocked, dns.TypeA, setts)
 		require.NoError(b, err)
 

internal/filtering/idgenerator_internal_test.go

@@ -63,8 +63,6 @@ func TestIDGenerator_Fix(t *testing.T) {
 	}}
 
 	for _, tc := range testCases {
-		tc := tc
-
 		t.Run(tc.name, func(t *testing.T) {
 			g := newIDGenerator(1)
 			g.fix(tc.in)

internal/filtering/rulelist/parser_test.go

@@ -132,7 +132,6 @@ func TestParser_Parse(t *testing.T) {
 	}}
 
 	for _, tc := range testCases {
-		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 
@@ -216,7 +215,7 @@ func BenchmarkParser_Parse(b *testing.B) {
 
 	b.ReportAllocs()
 	b.ResetTimer()
-	for i := 0; i < b.N; i++ {
+	for range b.N {
 		resSink, errSink = p.Parse(dst, src, buf)
 		dst.Reset()
 	}

internal/filtering/safesearch/safesearch_internal_test.go

@@ -127,7 +127,7 @@ var dnsRewriteSink *rules.DNSRewrite
 func BenchmarkSafeSearch(b *testing.B) {
 	ss := newForTest(b, defaultSafeSearchConf)
 
-	for n := 0; n < b.N; n++ {
+	for range b.N {
 		dnsRewriteSink = ss.searchHost(googleHost, testQType)
 	}
 

internal/filtering/servicelist.go

@@ -483,6 +483,16 @@ var blockedServices = []blockedService{{
 		"||bsky.app^",
 		"||bsky.social^",
 	},
+}, {
+	ID:      "box",
+	Name:    "Box",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 -9 40 40\"><path d=\"M39.7 19.2c.5.7.4 1.6-.2 2.1-.7.5-1.7.4-2.2-.2l-3.5-4.5-3.4 4.4c-.5.7-1.5.7-2.2.2-.7-.5-.8-1.4-.3-2.1l4-5.2-4-5.2c-.5-.7-.3-1.7.3-2.2.7-.5 1.7-.3 2.2.3l3.4 4.5L37.3 7c.5-.7 1.4-.8 2.2-.3.7.5.7 1.5.2 2.2L35.8 14l3.9 5.2zm-18.2-.6c-2.6 0-4.7-2-4.7-4.6 0-2.5 2.1-4.6 4.7-4.6s4.7 2.1 4.7 4.6c-.1 2.6-2.2 4.6-4.7 4.6zm-13.8 0c-2.6 0-4.7-2-4.7-4.6 0-2.5 2.1-4.6 4.7-4.6s4.7 2.1 4.7 4.6c0 2.6-2.1 4.6-4.7 4.6zM21.5 6.4c-2.9 0-5.5 1.6-6.8 4-1.3-2.4-3.9-4-6.9-4-1.8 0-3.4.6-4.7 1.5V1.5C3.1.7 2.4 0 1.6 0 .7 0 0 .7 0 1.5v12.6c.1 4.2 3.5 7.5 7.7 7.5 3 0 5.6-1.7 6.9-4.1 1.3 2.4 3.9 4.1 6.8 4.1 4.3 0 7.8-3.4 7.8-7.7.1-4.1-3.4-7.5-7.7-7.5z\" /></svg>"),
+	Rules: []string{
+		"||box.com^",
+		"||box.net^",
+		"||boxcdn.net^",
+		"||boxcloud.com^",
+	},
 }, {
 	ID:      "canais_globo",
 	Name:    "Canais Globo",
@@ -669,6 +679,34 @@ var blockedServices = []blockedService{{
 		"||douban.fm^",
 		"||doubanio.com^",
 	},
+}, {
+	ID:      "dropbox",
+	Name:    "Dropbox",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 -2.5 30 30\"><path d=\"M7.7.32.48 4.92 7.7 9.5l7.22-4.6 7.23 4.6 7.22-4.6L22.15.32l-7.23 4.6L7.7.31Zm0 18.38L.48 14.1 7.7 9.5l7.22 4.6-7.22 4.6Z\"/><path d=\"m14.92 14.1 7.23-4.6 7.22 4.6-7.22 4.6-7.23-4.6Zm0 10.72-7.22-4.6 7.22-4.59 7.23 4.6-7.23 4.59Z\"/></svg>"),
+	Rules: []string{
+		"||addtodropbox.com^",
+		"||app.hellosign.com^",
+		"||dash.ai^",
+		"||db.tt^",
+		"||docsend.com^",
+		"||dropbox-dns.com^",
+		"||dropbox.com^",
+		"||dropbox.tech^",
+		"||dropbox.zendesk.com^",
+		"||dropboxapi.com^",
+		"||dropboxbusiness.com^",
+		"||dropboxcaptcha.com^",
+		"||dropboxforum.com^",
+		"||dropboxforums.com^",
+		"||dropboxinsiders.com^",
+		"||dropboxlegal.com^",
+		"||dropboxmail.com^",
+		"||dropboxpartners.com^",
+		"||dropboxstatic.com^",
+		"||dropboxteam.com^",
+		"||dropboxusercontent.com^",
+		"||getdropbox.com^",
+	},
 }, {
 	ID:      "ebay",
 	Name:    "EBay",
@@ -2439,8 +2477,10 @@ var blockedServices = []blockedService{{
 		"||bytecdn.cn^",
 		"||bytedance.map.fastly.net^",
 		"||bytedapm.com^",
+		"||bytegoofy.com^",
 		"||byteimg.com^",
 		"||byteoversea.com^",
+		"||bytescm.com^",
 		"||douyin.com^",
 		"||douyincdn.com^",
 		"||douyinliving.com^",
@@ -2463,6 +2503,7 @@ var blockedServices = []blockedService{{
 		"||ttlivecdn.com.c.bytefcdn-oversea.com^",
 		"||ttlivecdn.com^",
 		"||v*.tiktokcdn-eu.com^",
+		"||zijieapi.com^",
 	},
 }, {
 	ID:      "tinder",

internal/home/clientshttp.go

@@ -434,7 +434,7 @@ func (clients *clientsContainer) handleUpdateClient(w http.ResponseWriter, r *ht
 func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http.Request) {
 	q := r.URL.Query()
 	data := []map[string]*clientJSON{}
-	for i := 0; i < len(q); i++ {
+	for i := range len(q) {
 		idStr := q.Get(fmt.Sprintf("ip%d", i))
 		if idStr == "" {
 			break

internal/home/log.go

@@ -1,13 +1,13 @@
 package home
 
 import (
+	"cmp"
 	"fmt"
 	"path/filepath"
 	"runtime"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/stringutil"
 	"gopkg.in/natefinch/lumberjack.v2"
 	"gopkg.in/yaml.v3"
 )
@@ -76,8 +76,7 @@ func getLogSettings(opts options) (ls *logSettings) {
 		ls.Verbose = true
 	}
 
-	// TODO(a.garipov): Use cmp.Or in Go 1.22.
-	ls.File = stringutil.Coalesce(opts.logFile, ls.File)
+	ls.File = cmp.Or(opts.logFile, ls.File)
 
 	if opts.runningAsService && ls.File == "" && runtime.GOOS == "windows" {
 		// When running as a Windows service, use eventlog by default if

internal/home/service_openbsd.go

@@ -3,6 +3,7 @@
 package home
 
 import (
+	"cmp"
 	"fmt"
 	"os"
 	"os/signal"
@@ -14,7 +15,6 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/kardianos/service"
 )
 
@@ -76,7 +76,7 @@ func (*openbsdRunComService) Platform() (p string) {
 
 // String implements service.Service interface for *openbsdRunComService.
 func (s *openbsdRunComService) String() string {
-	return stringutil.Coalesce(s.cfg.DisplayName, s.cfg.Name)
+	return cmp.Or(s.cfg.DisplayName, s.cfg.Name)
 }
 
 // getBool returns the value of the given name from kv, assuming the value is a

internal/ipset/ipset_linux_internal_test.go

@@ -147,7 +147,7 @@ func BenchmarkManager_LookupHost(b *testing.B) {
 
 	b.Run("long", func(b *testing.B) {
 		const name = "a.very.long.domain.name.inside.the.domain.example.com"
-		for i := 0; i < b.N; i++ {
+		for range b.N {
 			ipsetPropsSink = m.lookupHost(name)
 		}
 
@@ -156,7 +156,7 @@ func BenchmarkManager_LookupHost(b *testing.B) {
 
 	b.Run("short", func(b *testing.B) {
 		const name = "example.net"
-		for i := 0; i < b.N; i++ {
+		for range b.N {
 			ipsetPropsSink = m.lookupHost(name)
 		}
 

internal/querylog/decode_test.go

@@ -303,7 +303,7 @@ func BenchmarkAnonymizeIP(b *testing.B) {
 		b.Run(bc.name, func(b *testing.B) {
 			b.ReportAllocs()
 
-			for i := 0; i < b.N; i++ {
+			for range b.N {
 				AnonymizeIP(bc.ip)
 			}
 
@@ -313,7 +313,7 @@ func BenchmarkAnonymizeIP(b *testing.B) {
 		b.Run(bc.name+"_slow", func(b *testing.B) {
 			b.ReportAllocs()
 
-			for i := 0; i < b.N; i++ {
+			for range b.N {
 				anonymizeIPSlow(bc.ip)
 			}
 

internal/querylog/qlog_test.go

@@ -143,13 +143,13 @@ func TestQueryLogOffsetLimit(t *testing.T) {
 		secondPageDomain = "second.example.org"
 	)
 	// Add entries to the log.
-	for i := 0; i < entNum; i++ {
+	for range entNum {
 		addEntry(l, secondPageDomain, net.IPv4(1, 1, 1, 1), net.IPv4(2, 2, 2, 1))
 	}
 	// Write them to the first file.
 	require.NoError(t, l.flushLogBuffer())
 	// Add more to the in-memory part of log.
-	for i := 0; i < entNum; i++ {
+	for range entNum {
 		addEntry(l, firstPageDomain, net.IPv4(1, 1, 1, 1), net.IPv4(2, 2, 2, 1))
 	}
 
@@ -215,7 +215,7 @@ func TestQueryLogMaxFileScanEntries(t *testing.T) {
 
 	const entNum = 10
 	// Add entries to the log.
-	for i := 0; i < entNum; i++ {
+	for range entNum {
 		addEntry(l, "example.org", net.IPv4(1, 1, 1, 1), net.IPv4(2, 2, 2, 1))
 	}
 	// Write them to disk.

internal/querylog/qlogfile_test.go

@@ -37,7 +37,7 @@ func prepareTestFile(t *testing.T, dir string, linesNum int) (name string) {
 
 	var lineIP uint32
 	lineTime := time.Date(2020, 2, 18, 19, 36, 35, 920973000, time.UTC)
-	for i := 0; i < linesNum; i++ {
+	for range linesNum {
 		lineIP++
 		lineTime = lineTime.Add(time.Second)
 

internal/stats/stats_internal_test.go

@@ -68,13 +68,13 @@ func TestStats_races(t *testing.T) {
 		startWG, finWG := &sync.WaitGroup{}, &sync.WaitGroup{}
 		waitCh := make(chan unit)
 
-		for i := 0; i < writersNum; i++ {
+		for i := range writersNum {
 			startWG.Add(1)
 			finWG.Add(1)
 			go writeFunc(startWG, finWG, waitCh, i)
 		}
 
-		for i := 0; i < readersNum; i++ {
+		for range readersNum {
 			startWG.Add(1)
 			finWG.Add(1)
 			go readFunc(startWG, finWG, waitCh)
@@ -111,7 +111,7 @@ func TestStatsCtx_FillCollectedStats_daily(t *testing.T) {
 
 	dailyData := []*unitDB{}
 
-	for i := 0; i < daysCount*24; i++ {
+	for i := range daysCount * 24 {
 		n := uint64(i)
 		nResult := make([]uint64, resultLast)
 		nResult[RFiltered] = n

internal/stats/stats_test.go

@@ -195,7 +195,7 @@ func TestLargeNumbers(t *testing.T) {
 	for h := 0; h < hoursNum; h++ {
 		atomic.AddUint32(&curHour, 1)
 
-		for i := 0; i < cliNumPerHour; i++ {
+		for i := range cliNumPerHour {
 			ip := net.IP{127, 0, byte((i & 0xff00) >> 8), byte(i & 0xff)}
 			e := &stats.Entry{
 				Domain:         fmt.Sprintf("domain%d.hour%d", i, h),

internal/stats/unit.go

@@ -525,9 +525,8 @@ func (s *StatsCtx) fillCollectedStatsDaily(
 	hours := countHours(curHour, days)
 	units = units[len(units)-hours:]
 
-	for i := 0; i < len(units); i++ {
+	for i, u := range units {
 		day := i / 24
-		u := units[i]
 
 		data.DNSQueries[day] += u.NTotal
 		data.BlockedFiltering[day] += u.NResult[RFiltered]

internal/tools/go.mod

@@ -1,6 +1,6 @@
 module github.com/AdguardTeam/AdGuardHome/internal/tools
 
-go 1.21.8
+go 1.22.2
 
 require (
 	github.com/fzipp/gocyclo v0.6.0

internal/whois/whois.go

@@ -3,6 +3,7 @@ package whois
 
 import (
 	"bytes"
+	"cmp"
 	"context"
 	"fmt"
 	"io"
@@ -17,7 +18,6 @@ import (
 	"github.com/AdguardTeam/golibs/ioutil"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
-	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/bluele/gcache"
 )
 
@@ -174,7 +174,7 @@ func whoisParse(data []byte, maxLen int) (info map[string]string) {
 			val = trimValue(val, maxLen)
 		case "descr", "netname":
 			key = "orgname"
-			val = stringutil.Coalesce(orgname, val)
+			val = cmp.Or(orgname, val)
 			orgname = val
 		case "whois":
 			key = "whois"
@@ -232,7 +232,7 @@ func (w *Default) queryAll(ctx context.Context, target string) (info map[string]
 	server := net.JoinHostPort(w.serverAddr, w.portStr)
 	var data []byte
 
-	for i := 0; i < w.maxRedirects; i++ {
+	for range w.maxRedirects {
 		data, err = w.query(ctx, target, server)
 		if err != nil {
 			// Don't wrap the error since it's informative enough as is.

scripts/translations/download.go

@@ -48,7 +48,7 @@ func (c *twoskyClient) download() (err error) {
 	failed := &sync.Map{}
 	uriCh := make(chan *url.URL, len(c.langs))
 
-	for i := 0; i < numWorker; i++ {
+	for range numWorker {
 		wg.Add(1)
 		go downloadWorker(wg, failed, client, uriCh)
 	}

scripts/translations/main.go

@@ -5,6 +5,7 @@ package main
 import (
 	"bufio"
 	"bytes"
+	"cmp"
 	"encoding/json"
 	"fmt"
 	"net/url"
@@ -204,19 +205,13 @@ type twoskyClient struct {
 func (t *twoskyConfig) toClient() (cli *twoskyClient, err error) {
 	defer func() { err = errors.Annotate(err, "filling config: %w") }()
 
-	uriStr := os.Getenv("TWOSKY_URI")
-	if uriStr == "" {
-		uriStr = twoskyURI
-	}
+	uriStr := cmp.Or(os.Getenv("TWOSKY_URI"), twoskyURI)
 	uri, err := url.Parse(uriStr)
 	if err != nil {
 		return nil, err
 	}
 
-	projectID := os.Getenv("TWOSKY_PROJECT_ID")
-	if projectID == "" {
-		projectID = defaultProjectID
-	}
+	projectID := cmp.Or(os.Getenv("TWOSKY_PROJECT_ID"), defaultProjectID)
 
 	baseLang := t.BaseLangcode
 	uLangStr := os.Getenv("UPLOAD_LANGUAGE")