Update adguard/adguardhome Docker tag to v0.107.76

[renovate]

This PR contains the following updates:

Package	Update	Change
adguard/adguardhome (source)	patch	v0.107.71 → v0.107.76

---

Release Notes

AdguardTeam/AdGuardHome (adguard/adguardhome)

v0.107.76

Compare Source

See also the v0.107.76 GitHub milestone.

Changed

• Duration values in YAML configuration file now support d (days) units and has been updated.

  NOTE: Any rollback to version below the v0.107.76 should convert the values back to hours.

Fixed

• DNS caching with disabled DNSSEC (#​8384).

v0.107.75

Compare Source

See also the v0.107.75 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.26.3.

• IDs of requests received over DoH and DoQ and forwarded to plain-DNS upstreams are now set to non-zero values to improve security.

  This is GHSA-xgx4-4h9w-53pv. We thank @​N0zoM1z0 for reporting this security issue.

Changed

• Frontend API requests no longer depend on axios.

• Dashboard charts use Recharts instead of Nivo.

• enable_dnssec in dns configuration now defines whether the proxy should set the DO flag in the upstream requests, the default is true (#​7046).

Fixed

• Statistics database deadlock (#​8359).

• Translated labels on the DNS settings pages not updating after changing the UI language.

• Dashboard charts now correctly display lower query counts (#​6823).

• Redundant validation warnings about DHCP when it's disabled (#​8348).

• Safe Browsing and Parental Control labels on the General Settings page not updating after changing the UI language.

v0.107.74

Compare Source

See also the v0.107.74 GitHub milestone.

Security

• Frontend libraries has been updated to prevent the possibility of exploiting the vulnerability described in CVE-2026-40175.

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.26.2.

Changed

Configuration changes

In this release, the schema version has changed from 33 to 34.

• Added a new field doh in http configuration.

  # BEFORE:
  'http':
    # …
  'tls':
    # …
    'allow_unencrypted_doh': false
  
  # AFTER:
  'http':
    # …
    'doh':
      'insecure_enabled': false
      'routes':
        - 'GET /dns-query'
        - 'POST /dns-query'
        - 'GET /dns-query/{ClientID}'
        - 'POST /dns-query/{ClientID}'
  'tls':
    # …

  To roll back this change, set the schema_version back to 33.

Fixed

• Incorrect forwarding of root domain requests when domain-specific upstreams are configured (#​7058).

• The strict SNI check setting is not persisted when the TLS configuration is changed (#​8327).

• Status reported by the launchd service implementation in cases of scheduled service restart.

• Fixed clients block/unblock when moving clients between allowed and disallowed lists.

v0.107.73

Compare Source

See also the v0.107.73 GitHub milestone.

Security

• Authentication is now applied to requests that have been upgraded from HTTP/2 Cleartext (H2C) requests to public resources.

  NOTE: We thank @​mandreko for reporting this security issue.

v0.107.72

Compare Source

See also the v0.107.72 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.7.

Added

• AdGuard Home now tracks the TLS certificate and key files for updates and reloads them after any updates are detected (#​3962).

• New query parameter recent in GET /control/stats/ defines statistics lookback period in millieseconds. See openapi/openapi.yaml for details.

• New field "ignored_enabled" in GetStatsConfigResponse or GetQueryLogConfigResponse. See openapi/openapi.yaml for details.

Changed

• In addition to modifying the contents of a hosts file, deleting or renaming the file now also updates runtime clients and DNS filtering results.

Configuration changes

In this release, the schema version has changed from 32 to 33.

• Added a new boolean field ignored_enabled in querylog and statistics config.

  # BEFORE:
  'querylog':
    # …
    'ignored':
    - '|.^'
  'statistics':
    # …
    'ignored':
    - '|.^'
  
  # AFTER:
  'querylog':
    # …
    'ignored':
    - '|.^'
    'ignored_enabled': true
  'statistics':
    # …
    'ignored':
    - '|.^'
    'ignored_enabled': true
    ```
  
  To roll back this change, set the `schema_version` back to `32`.

Fixed

• Executable permissions in some Docker installations (#​8237).

• Unknown blocked services from both global and client configuration now logged instead of causing server crash.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.