Skip to content

Releases: pi-hole/web

v5.10.1

05 Jan 23:00
cb7a866
Compare
Choose a tag to compare

What's Changed

Full Changelog: v5.10...v5.10.1

v5.10

05 Jan 18:25
b137345
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v5.9...v5.10

v5.9

22 Dec 20:26
193fb7f
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v5.8...v5.9

Pi-hole web v5.8

23 Oct 19:01
ee50954
Compare
Choose a tag to compare

What's Changed

Full Changelog: v5.7...v5.8

Pi-hole web v5.7

29 Sep 20:46
50f43bd
Compare
Choose a tag to compare
  • Remove adlists tab from settings page #1845
  • footer.php: move FTL before Web Interface #1854 @XhmikosR
  • Add forgotten target_blank #1884
  • Add delete button to message table #1886
  • Clarify that never forward non-FQDN only applies to A and AAAA queries #1887
  • Simple maintenance improvements #1892 @a1346054
  • Add background colors on Query log + switchable text coloring (as before) #1893 @PromoFaux @DL6ER
  • Lift prefix limitaion for --rev-server #1897

All @yubiuser unless otherwise specified

Pi-hole web v5.6

11 Sep 21:18
f5292a3
Compare
Choose a tag to compare
  • Password autocompletion #1785
  • Try to obtain hostname for MAC clients #1793
  • Improvement to readability of footer "update" command text #1797
  • Added the option for an automatic dark mode based on the device status #1836
  • Add reply type DNSSEC #1837
  • Adding CORS support via environment variable #1822
  • Fix domain validation method #1852
  • Fix require func.php #1855
  • Add interpretation for Pi-hole message type RATE_LIMIT #1859
  • Stop timer when user reenabled blocking early #1863
  • Fix TypeError if no extended DNS error is available #1862
  • Import two fixes #1867
  • Add new blocked by database status and NONE reply type #1869
  • Add httponly = true to persistent login cookie #1875
  • Apply htmlentities in a couple of places to prevent xss #1876
  • Clarify how and when UQDN are forwarded with conditional forwarding #1873
  • Less color for the Query Log #1872
  • Add BLOB reply type #1871
  • footer.php: move FTL before Web Interface #1854
  • Remove adlists tab from settings page #1845

Pi-hole web v5.5.1

04 Aug 17:22
fb9bd56
Compare
Choose a tag to compare

Hotfix release to address two security advisories:

GHSA-g3w6-q4fg-p8x8 - "Stored XSS Vulnerability in the Pi-hole Webinterface" reported by both Dariusz Gońda and @awareseven

GHSA-5cm9-6p3m-v259 - "(Authenticated) Remote Code Execution Possible in Web Interface 5.5" reported by @SchneiderSec

Pi-hole web v5.5

14 Apr 18:04
7e602e0
Compare
Choose a tag to compare
  • Add details to adlist table #1673
  • Don't count new status types as blocked queries in long-term data #1743
  • Add hint for update command & documentation link #1749
  • Add Pi-hole darker theme #1731
  • Trim CNAME target input field value data #1759

Pi-hole web v5.4

16 Feb 19:47
989e1ba
Compare
Choose a tag to compare

This release contains some security patches, as reported by Veno Eivazian

  • Properly escape possible user-input 22d7df9
  • Prevent javascript XSS attacks aimed to steal the session ID d4e46df
  • Regenerate session ID on successful login to prevent session fixation 64b3656

Pi-hole web v5.3.2

27 Jan 18:05
1521dfe
Compare
Choose a tag to compare

This release fixes Unknown (0) queries as reported in #1713

Reason: dnsmasq-v2.83+ forwards multiple queries to the same destination once and stores the other queries as duplicates. They do receive the answer later on, however, this is usually not logged (when log-queries=extra is enabled, there will be a warning about the duplicate). FTL v5.6 introduces a new reply type 14 = "already forwarded" to fix this.