[Hotfix] Pi-hole Web v5.5.1 released
Just a quick note to say we have pushed out a small bugfix release for the web component to address a couple of security issues reported to us. As ever, read the release notes before updating.
- GHSA-g3w6-q4fg-p8x8 – “Stored XSS Vulnerability in the Pi-hole Webinterface” reported by both Dariusz Gońda and @awareseven
- GHSA-5cm9-6p3m-v259 – “(Authenticated) Remote Code Execution Possible in Web Interface 5.5” reported by @SchneiderSec
Docker
The :v5.8.1
docker image has been re-tagged to include this hotfix, but it also allowed us to bring in some (non-breaking) housekeeping and changes to the build process of the container at the same time.
Docker Specific Changes:
- [BugFix] Ignore SKIPGRAVITYONBOOT if gravity.db does not exist #881
- [BugFix-BugFix] Fix gravityDB check #883
- [BugFix] Remove Unneccessary kill -9 #888
- [BugFix] Remove no longer needed workaround for resolvconf #882
- [BugFix] Remove obsolete debconf-apt-progress workaround #879
- [Docs] Add documentation for WEBPASSWORD_FILE #869
- [Docs] Fix DNS_BOGUS_PRIV description #857
- [Docs] Small correction in the ‘Quick Start’ section of the README #886
- [Docs] Update README.md to add changes in #867 #873
- [Docs] Use nginxproxy’s DockerHub registry #890
- [Housekeeping] Remove broken doco-example.yml symlink #737
- [Infrasctucture] Switch multiarch/debian-debootstrap to pihole/debian-debootstrap to fix build issues #892
- [Infrastructure] Single versions file #861
- [Infrastructure] install.sh overhaul #843
- [New Feature] Add CACHE_SIZE environment variable to the available options #689
- [New Feature] Adding CORS_HOSTS to PHP environment #867
- [New Feature] Introduced WEBTHEME environment variable to control user interface theme selection. #856
These fixes are also in both the beta branch for the web interface, and the :beta-v5.9
docker image.