Blog

V6 – Post release fixes and findings

Well, what a busy couple of days! We have finally released v6 – and we believe by-and-large that it has been a success!  Of course, there will be a few bugs and issues that weren’t caught during testing, even with the extended beta release we were probably never going to catch everything – so we’re…
Read more

Introducing Pi-hole v6

  We’re excited to announce the general release of Pi-hole v6! At a glance: What’s New in Pi-hole v6? 1. Embedded Web Server and REST API We’ve integrated a new REST API and embedded web server directly into the pihole-FTL binary. This eliminates the need for lighttpd and PHP, reducing the installation footprint and boosting…
Read more

Thank You for Being Part of the V6 Beta!

We want to take a moment to express our heartfelt gratitude to each of you for participating in our beta program. Your feedback, support, and enthusiasm have been invaluable as we continue to enhance and improve the Pi-hole experience. ✨ The Party Continues! The journey doesn’t stop here! The next phase is now available on…
Read more

Preparing for the v6 release

A little over 10 months ago, we announced the beginning of a beta testing round for Pi-hole v6. We’re excited to share that after countless hours of testing, feedback, and fine-tuning, we believe it’s now (very nearly) ready for release! The response from our community has been incredible, with over 250 discussion threads on our…
Read more

Pi-hole Core v5.18 released to fix an Authenticated Arbitrary File Read with root privileges vulnerability

A vulnerability was recently discovered in Pi-hole’s gravity script that would allow for any system file to be arbitrarily read and presented to an authenticated user on the web interface. This release mitigates the vulnerability by limiting gravity’s ability to read local file’s to only those that are explicitly readable by anyone on the system.…
Read more

DNSSEC fix generally released.

Please run `pihole -up` to update Pi-hole with the fixes noted in the previous post. Thanks!

A lock

Fixing two new DNSSEC vulnerabilities

  Today, we have been informed about two DNSSEC vulnerabilities in dnsmasq, which Pi-hole FTL is forked from. Both vulnerabilities, via specially crafted DNSSEC answers, can lead DNSSEC validators down a very CPU intensive and time costly validation/NSEC3 hash calculation path. This results in degraded performance and denial of service in trivially orchestrated attacks. In…
Read more

Pi-hole FTL v5.24, and Core v5.17.3 released

As always, please read through the changelog before updating with pihole -up. (A new tag for docker image will arrive in due course.) While the majority of our development effort is currently focused on the running v6.0 beta, we are absolutely dedicated to supporting and enhancing v5. We understand that many users continue to depend…
Read more

Pi-hole V6 Beta Testing

It’s no secret that we’ve been working on the next iteration of Pi-hole for quite some time now (Nearly four years!). You may have seen mentions of v6.0 floating around on our Github, Discourse, or Reddit channels. Today we’re looking to ask some of the more brave users to help us test and troubleshoot it

PSA: Renaming the web repo

What’s happening? We will be renaming the current web repo from AdminLTE to web Why is this happening? The web repo started off life a long time ago as a fork of popular admin dashboard template AdminLTE (building on their demo template). What we probably should have done in retrospect was start from scratch and embed…
Read more