leo15dev · pull · Jun 9, 2026 · Jun 9, 2026 · Jun 9, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,8 +18,16 @@ See also the [v0.107.78 GitHub milestone][ms-v0.107.78].
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
 
+### Added
+
+- Improved updater logging to give users more insight into the problem with version updating ([#8410]).
+
+[#8410]: https://github.com/AdguardTeam/AdGuardHome/issues/8410
+
 ### Security
 
+- The H2C connection establishment via HTTP/1.1 request upgrade is no longer supported.  See [RFC 9113][rfc9113].
+
 - The size of rulelists is limited. This is necessary to prevent a user's machine from becoming overloaded if the filter source misbehaves.
 
 ### Changed
@@ -32,6 +40,8 @@ NOTE: Add new changes BELOW THIS COMMENT.
 
 - Blocked services check on the Custom filtering rules page does not work properly without specifying of a client.
 
+[rfc9113]: https://datatracker.ietf.org/doc/html/rfc9113
+
 <!--
 NOTE: Add new changes ABOVE THIS COMMENT.
 -->

diff --git a/internal/home/controlupdate.go b/internal/home/controlupdate.go
@@ -77,7 +77,7 @@ func (web *webAPI) handleVersionJSON(w http.ResponseWriter, r *http.Request) {
 }
 
 // requestVersionInfo sets the VersionInfo field of resp if it can reach the
-// update server.
+// update server.  resp must not be nil.
 func (web *webAPI) requestVersionInfo(
 	ctx context.Context,
 	resp *versionResponse,
@@ -109,6 +109,8 @@ func (web *webAPI) requestVersionInfo(
 	}
 
 	if err != nil {
+		web.logger.WarnContext(ctx, "getting version info", slogutil.KeyError, err)
+
 		return fmt.Errorf("getting version info: %w", err)
 	}
 
@@ -128,7 +130,7 @@ func (web *webAPI) handleUpdate(w http.ResponseWriter, r *http.Request) {
 			r,
 			w,
 			http.StatusBadRequest,
-			"/update request isn't allowed now",
+			"update request isn't allowed now",
 		)
 
 		return

diff --git a/internal/home/web.go b/internal/home/web.go
@@ -24,10 +24,6 @@ import (
 	"github.com/AdguardTeam/golibs/osutil/executil"
 	"github.com/NYTimes/gziphandler"
 	"github.com/quic-go/quic-go/http3"
-	"golang.org/x/net/http2"
-
-	//lint:ignore SA1019 See AGDNS-4038.
-	"golang.org/x/net/http2/h2c"
 )
 
 // TODO(a.garipov): Make configurable.
@@ -277,18 +273,16 @@ func (web *webAPI) start(ctx context.Context) {
 
 		hdlr = web.auth.middleware().Wrap(hdlr)
 
-		// Use an h2c handler to support unencrypted HTTP/2, e.g. for proxies.
-		//
-		// NOTE:  The auth middleware must be inside the h2c handler to ensure
-		// it applies to upgraded HTTP/2 connections as well.  See AG-51779.
-		//
-		//lint:ignore SA1019 See AGDNS-4038.
-		hdlr = h2c.NewHandler(hdlr, &http2.Server{})
+		// Enable unencrypted HTTP/2, e.g. for proxies.
+		protocols := &http.Protocols{}
+		protocols.SetUnencryptedHTTP2(true)
+		protocols.SetHTTP1(true)
 
 		// Create a new instance, because the Web is not usable after Shutdown.
 		web.httpServer = &http.Server{
 			Addr:              web.conf.BindAddr.String(),
 			Handler:           hdlr,
+			Protocols:         protocols,
 			ReadTimeout:       web.conf.ReadTimeout,
 			ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
 			WriteTimeout:      web.conf.WriteTimeout,