Skip to content

blocky

v0.30.0 Feature

This release adds 4 notable features for engineering teams evaluating rollout.

Published 16d Privacy & Ad-blocking
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ad-blocker adblock adblocker dns dns-over-https go
+3 more
parental-control pihole self-hosted

Affected surfaces

deps

Summary

AI summary

Broad release touches Build and dependencies, deps, @0xERR0R, and Bug fixes.

Changes in this release

Feature Low

handle resolver.arpa zone per RFC 9462 (DDR)

handle resolver.arpa zone per RFC 9462 (DDR)

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Feature Low

add DNS-over-QUIC (DoQ) upstream support (RFC 9250)

add DNS-over-QUIC (DoQ) upstream support (RFC 9250)

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Feature Low

add schedule-based blocking for deny/allowlist groups

add schedule-based blocking for deny/allowlist groups

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Feature Low

serve DoH over HTTP/3 (DoH3, RFC 9114)

serve DoH over HTTP/3 (DoH3, RFC 9114)

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Feature Low

validate allow/denylist references in ClientGroupsBlock

validate allow/denylist references in ClientGroupsBlock

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Performance Low

keep time.Parse off the schedule hot path

keep time.Parse off the schedule hot path

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Bugfix Medium

keep /api/query response unobfuscated when log.privacy is on

keep /api/query response unobfuscated when log.privacy is on

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Bugfix Medium

enhance DNS bootstrapping by utilizing IPs from DNS stamps

enhance DNS bootstrapping by utilizing IPs from DNS stamps

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Bugfix Medium

use RFC 4034 canonical DNS name ordering for NSEC coverage check

use RFC 4034 canonical DNS name ordering for NSEC coverage check

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Refactor Low

extend e2e tests

extend e2e tests

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Refactor Low

redis write through cache

redis write through cache

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Refactor Low

small quick improvements

small quick improvements

Source: granite4.1:8b-q6_K@2026-05-18

Confidence: high
Refactor Low

implement redis write‑through cache

implement redis write‑through cache

Source: granite4.1:30b@2026-05-19-audit

Confidence: high
Refactor Low

apply small quick code improvements

apply small quick code improvements

Source: granite4.1:30b@2026-05-19-audit

Confidence: high
Full changelog

Changelog

Features

  • 0de3fac101964aa85d6eb6ac43ed67d84d8116be: feat(sudn): handle resolver.arpa zone per RFC 9462 (DDR) (#2059) (@0xERR0R)
  • c32863d342e4edaf949021bc21446ac8d5762e30: feat: add DNS-over-QUIC (DoQ) upstream support (RFC 9250) (#2013) (@elsbrock)
  • 22b0bdd3538e052b10660a3bfbcf1731d05b5b07: feat: add schedule-based blocking for deny/allowlist groups (#2037) (@alessandrocuzzocrea)
  • 842dda99a8ecbd489ee8755beea3ce6fe9fd49bf: feat: serve DoH over HTTP/3 (DoH3, RFC 9114) (#2060) (@0xERR0R)
  • c95cfba19b48c61b1f6dbdebe78fa4a29f221f9f: feat: validate allow/denylist references in ClientGroupsBlock (#2016) (@JenswBE)

Bug fixes

  • 10d644602db9a7b7ef93018de9f5a13eb5af8dbe: fix(api): keep /api/query response unobfuscated when log.privacy is on (#2058) (@0xERR0R)
  • fb285134dec0503416161007d1f137700bade5de: fix: enhance DNS bootstrapping by utilizing IPs from DNS stamps (#1995) (@0xERR0R)
  • 2ffe18ae8908017555610920de08a013b0d33d1d: fix: use RFC 4034 canonical DNS name ordering for NSEC coverage check (#2017) (@0xERR0R)

Build and dependencies

  • a8015c8a4d8d89c648f8d80da51ed8dc41b1bc9d: build(deps): bump codecov/codecov-action from 5 to 6 (#2029) (@dependabot[bot])
  • 89aee541625fa4bc3ddfbf6d441d51cf1d09904f: build(deps): bump crazy-max/ghaction-docker-meta from 5 to 6 (#2005) (@dependabot[bot])
  • 98f41c4dedaa5630cb54ef0f97abf31ec02be12b: build(deps): bump dependabot/fetch-metadata from 2 to 3 (#2031) (@dependabot[bot])
  • 83434c58456a612eb55dbd161ff13f39549f756e: build(deps): bump docker/build-push-action from 6 to 7 (#2004) (@dependabot[bot])
  • 0c9e176b314da2624aba23366c282a48ec98ab8f: build(deps): bump docker/login-action from 3 to 4 (#2003) (@dependabot[bot])
  • 67dababac07d292533242a34ddfa5942ea8e813d: build(deps): bump docker/setup-buildx-action from 3 to 4 (#2006) (@dependabot[bot])
  • def8e95faa89e0810632565585e667de0627ab6c: build(deps): bump docker/setup-qemu-action from 3 to 4 (#2002) (@dependabot[bot])
  • 733f21ce5b7f55c4da05013a358d644537b8e15e: build(deps): bump github.com/alicebob/miniredis/v2 from 2.37.0 to 2.38.0 (#2055) (@dependabot[bot])
  • 5130c3e2c11341dd5ccf637a86b8b45092a1c576: build(deps): bump github.com/breml/rootcerts from 0.3.4 to 0.3.5 (#2040) (@dependabot[bot])
  • 08e53d712aea9f11bccf3ea428da23e05781f4ab: build(deps): bump github.com/docker/go-connections from 0.6.0 to 0.7.0 (#2038) (@dependabot[bot])
  • 95225f80f8334f28c75a5dbbebe6650fdc08be34: build(deps): bump github.com/jackc/pgx/v5 from 5.7.5 to 5.9.0 (#2039) (@dependabot[bot])
  • 3274076afdfffb8b64902954578ad12ec9fac41d: build(deps): bump github.com/jackc/pgx/v5 from 5.9.0 to 5.9.2 (#2041) (@dependabot[bot])
  • 7a279fcc89f7a3fcd1355698702cfe82647ef393: build(deps): bump github.com/moby/moby/api from 1.54.1 to 1.54.2 (#2050) (@dependabot[bot])
  • 1a04f458bd531920a28f7ab0d2fa80a373893984: build(deps): bump github.com/oapi-codegen/runtime from 1.1.2 to 1.2.0 (#1999) (@dependabot[bot])
  • 076c880c4e74177fb11600a4a7f28d36e1427a45: build(deps): bump github.com/oapi-codegen/runtime from 1.2.0 to 1.3.0 (#2021) (@dependabot[bot])
  • b7fddae26631e24301ce58ad351b968ab32b04b7: build(deps): bump github.com/oapi-codegen/runtime from 1.3.0 to 1.3.1 (#2028) (@dependabot[bot])
  • 9c8f11c7d9e82542879463b71a628c9257754486: build(deps): bump github.com/oapi-codegen/runtime from 1.3.1 to 1.4.0 (#2030) (@dependabot[bot])
  • 62a7e4c5a6fe18821d4051fa525f75a22d63d66e: build(deps): bump github.com/onsi/ginkgo/v2 from 2.28.1 to 2.28.2 (#2042) (@dependabot[bot])
  • 56dfb1d19557f85e6ce9992b2b02f40ae33aef72: build(deps): bump github.com/onsi/ginkgo/v2 from 2.28.2 to 2.28.3 (#2044) (@dependabot[bot])
  • adb9457c6d0a15bd1372be2c6ca3a7e84ddbce8b: build(deps): bump github.com/onsi/ginkgo/v2 from 2.28.3 to 2.29.0 (#2057) (@dependabot[bot])
  • 5d6da8673e1f7d86b07314ae6e58eeb1b334a91b: build(deps): bump github.com/onsi/gomega from 1.39.1 to 1.40.0 (#2043) (@dependabot[bot])
  • 6ac0c33f72306f6c4281196e8725ebb10c2904b1: build(deps): bump github.com/onsi/gomega from 1.40.0 to 1.41.0 (#2056) (@dependabot[bot])
  • 14047f253168dbc19980909af858e186ebaaa423: build(deps): bump github.com/quic-go/quic-go from 0.59.0 to 0.59.1 (#2054) (@dependabot[bot])
  • 670daf34dff8693b66486dec9bbccfef335a92be: build(deps): bump github.com/testcontainers/testcontainers-go/modules/mariadb from 0.40.0 to 0.41.0 (#2011) (@dependabot[bot])
  • ecd41d69cd7cb797b7437050a7bfd37853fcd939: build(deps): bump github.com/testcontainers/testcontainers-go/modules/postgres from 0.40.0 to 0.41.0 (#2012) (@dependabot[bot])
  • 5c9df8131316ccfc47e38ca20c38c609a3cd889f: build(deps): bump github.com/testcontainers/testcontainers-go/modules/redis from 0.40.0 to 0.41.0 (#2009) (@dependabot[bot])
  • 0f1b3f399bde6b30c4c47eb330119b9fa6b33599: build(deps): bump go.opentelemetry.io/otel/sdk from 1.35.0 to 1.40.0 (#2001) (@dependabot[bot])
  • 6a06aa41098703014b743656a621ff7fcc205051: build(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.43.0 (#2047) (@dependabot[bot])
  • 394a58526110ad807fa75496ef2f05354cd48962: build(deps): bump golang.org/x/net from 0.51.0 to 0.52.0 (#2014) (@dependabot[bot])
  • f7718ae5fe3dc98e9c32f4572e0089997873c390: build(deps): bump golang.org/x/net from 0.52.0 to 0.53.0 (#2036) (@dependabot[bot])
  • 2ea2b653a872578add77e5147af147b4dd1536da: build(deps): bump golang.org/x/net from 0.53.0 to 0.54.0 (#2053) (@dependabot[bot])
  • 2d36b562f7ba4bf43f344f5b9cb95a01a58351be: build(deps): bump google.golang.org/grpc from 1.73.0 to 1.79.3 (#2020) (@dependabot[bot])
  • bdcd239af4139d9417777b5d78f01ecdadb0caed: build(deps): bump testcontainers-go to v0.42.0 (#2046) (@0xERR0R)
  • cb2ae25341b08be01d744159665d17dc0d434646: build: update golangci-lint (#2008) (@0xERR0R)
  • fa8250caf7cffb758ec77b106d650f83d53d2e60: build: update goreleaser action (#2024) (@0xERR0R)

Misc

  • 1c43054e0eca29c6bd6a52dd607e484623c0530f: perf(blocking): keep time.Parse off the schedule hot path (#2049) (@0xERR0R)
  • b4a1d54aa8456d721a585368f85a4a641e73948b: refactor(e2e): extend e2e tests (#2023) (@0xERR0R)
  • 667044b07b4e887d0c5dfb1f22f6efe222e21beb: refactor: redis write through cache (#2025) (@0xERR0R)
  • 835e0180a2d7390c684dbe77b41ae0bcedc978c4: refactor: small quick improvements (#2019) (@0xERR0R)
  • 94e921242fc849fe270c1023e0849258f0f0a8c1: test(e2e): smoke-test schedule-based blocking (#2048) (@0xERR0R)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track blocky

Get notified when new releases ship.

Sign up free

About blocky

Fast and lightweight DNS proxy as ad-blocker for local network with many features

All releases →

Related context

Beta — feedback welcome: [email protected]