Pi-hole Release Notes

Pi-hole FTL v6.4, Web v6.4 and Core v6.3 Released!

As always, please read through the changelogs before updating with pihole -up

Don’t forget, you can use Teleporter to export your configuration. It can be found under the settings menu of the web interface or on the command line with pihole-FTL --teleporter

This release has also been tagged on Docker as 2025.11.1

Highlights

Performance & Optimization

• FTL Optimizations: We’ve improved string processing, memory management, and enabled new compiler flags (such as -funroll-loops) to make FTL faster and more efficient (#2571).
• Reduced Locking: We’ve reduced DNS resolver locking during database interactions (#2700).

User Interface & Experience

• TOTP Autofill: Logging in with 2FA is now smoother. The TOTP input field now supports autocomplete="one-time-code", allowing browsers and password managers to automatically suggest the code (#3658).
• “All Time” Query Log: The “All Time” date range in the Query Log now accurately reflects the earliest timestamp in your database, giving you a true historical view (#3657, #2706).
• Optional Colour Output: The Gravity API now defaults to plain text output, only sending ANSI colour codes when explicitly requested (?color=true). This fixes issues for API consumers that don’t handle escape codes well (#2718).

API & Networking

• Extended Hardware Addresses: The API now correctly handles hardware addresses longer than 48 bits (e.g., InfiniBand), ensuring they are displayed and managed correctly (#2724).
• Partial Regex Matching: The search API now supports simple partial matching for regex, making it easier to find domains within your blocklists (#2705).
• Security: We’ve added rate-limiting for TOTP validation (max 1 attempt/second) to prevent brute-force attacks on 2FA (#2719).

FTL v6.4

What’s Changed

• Fix API specs and example for dns.upstreams in config.yaml by @rdwebdesign in #2696
• gravity update – silently discard unicode BOM if present by @rrobgill in #2702
• Update embedded SQLite to 3.51.0 by @DL6ER in #2704
• Get earliest query timestamp from database by @PromoFaux in #2706
• Increase buffer length for query string by @mwoolweaver in #2709
• Reduce DNS resolver locking during database interaction by @DL6ER in #2700
• Make colour output optional in streaming gravity API call by @PromoFaux in #2718
• api/dhcp/leases Allow for hwaddr > 48 bits by @rrobgill in #2724
• Add rate-limiting for TOTP validation by @DL6ER in #2719
• Implement simple partial matching for regex in /api/search/{domain} by @DL6ER in #2705
• Performance optimizations: string processing, memory management, and compiler flags by @Copilot in #2571
• Fix authentication redirect when webhome is / (fixes #2518) by @averyvigolo in #2610
• Reduce database locking and add timing debug setting by @DL6ER in #2688

New Contributors

• @mwoolweaver made their first contribution in #2709
• @Copilot made their first contribution in #2571
• @averyvigolo made their first contribution in #2610

Full Changelog: v6.3.3…v6.4

Web v6.4

What’s Changed

• Start using commented tags for editorconfig-checker by @yubiuser in #3643
• Remove some unused code (leftover from v5) by @rdwebdesign in #3636
• Make sure the table is redrawn after the dnssec API call returns by @rdwebdesign in #3645
• Add hint that partial matching may not return all possible results by @DL6ER in #3654
• Enable one-time code autofill for TOTP input by @sebastianlivoni in #3658
• Set “All Time ” range for query log datepicker based on Database ranges (moment) by @PromoFaux in #3657
• Request ANSI colour codes when calling gravity API by @PromoFaux in #3662

New Contributors

• @sebastianlivoni

Full Changelog: v6.3…v6.4

Core v6.3

What’s Changed

• Add Fedora 43 to test suite by @yubiuser in #6453
• Fix libcap capabilities not being granted on OpenRC distros by @Sparronator9999 in #6456
• systemd service – don’t use deprecated PermissionsStartOnly by @rrobgill in #6465
• Speed up processing and display of file contents and services in piholeDebug.sh by @rrobgill in #6469
• Use port from dns.port in piholeDebug.sh by @darkexplosiveqwx in #6475
• Improve gravity tables presentation on the debug log by @rdwebdesign in #6460

New Contributors

• @Sparronator9999

Full Changelog: v6.2.2…v6.2.3 Original source Report a problem

Pi-hole FTL v6.3, Web v6.3 and Core v6.2 Released!

As always, please read through the changelogs before updating with pihole -up

Don’t forget, you can use Teleporter to export your configuration. It can be found under the settings menu of the web interface or on the command line with pihole-FTL --teleporter

This release has also been tagged on Docker as 2025.10.0

Highlights

Security & TLS Enhancements

Shorter validity for self-signed TLS certificate (#2463) – The default validity period for self-signed TLS certificates has been reduced, aligning with modern security best practices and ensuring compatibility with Apple devices. To compensate for the shorter validity, automatic renewal has been implemented. Certificates now default to a 47-day validity period (configurable via webserver.tls.validity) and automatically renew when nearing expiration.

Improved Content Security Policy (#2575) – Improved default CSP headers provide better protection against XSS attacks while maintaining functionality.

Security Advisories:

Thank you to the folks who responsibly disclosed potential vulnerabilities since our last realease. Details of which can be read at the following links:
• https://github.com/pi-hole/web/security/advisories/GHSA-5v79-p56f-x7c4
• https://github.com/pi-hole/web/security/advisories/GHSA-7w6h-3gwc-qhq5
• https://github.com/pi-hole/web/security/advisories/GHSA-8hr3-47jh-25vr
• https://github.com/pi-hole/web/security/advisories/GHSA-w8f8-92rx-4f6w

Network & DNS Improvements

Smart Interface Detection (#2456, #2607) – FTL now automatically detects the appropriate DNS interface when dns.interface is empty in pihole.toml, eliminating manual configuration in most scenarios.

Netlink ARP Cache Handling (#2600) – Replaced external ip neigh show calls with internal netlink-based communication, dramatically improving performance and reducing resource usage. This addresses “database locked” issues seen in some environments.

Special Domain Handling (#2474) – Added support for .internal domain blocking (following RFC draft-davies-internal-tld-03), preventing these queries from being sent to upstream DNS servers while still allowing local resolution.

DNS Localization (#2524) – New dns.localise configuration option provides better control over DNS query handling.

IPv6 DHCP Support (#2554) – Enhanced the DHCP API to properly support IPv6 addresses and configurations.

Platform & Installation

Alpine Linux Support (pi-hole/pi-hole#6275) – Full native support for Alpine Linux has been added, including proper package management with apk, OpenRC init system support, and comprehensive testing. This expands Pi-hole’s reach to lightweight container environments and minimal installations.

User Interface & Experience

CLI Autocomplete (#2593, pi-hole/pi-hole#6376) – Added bash-style completion support for pihole-FTL commands, making configuration much more user-friendly. Tab completion works for the entire --config path and suggests appropriate values.

Web Interface Improvements (web#3530, web#3551, web#3533, web#3592, FTL#2645, FTL#2647, FTL#2644, web#3622) – Many small improvements: better visualization of DNS metrics, improved query log handling, enhanced gravity output with colors, refined button styling for blocked/allowed domain actions, improved load average detection and better system information gathering.

Configuration & Management

Advanced Web Server Options (#2635) – New webserver.advancedOpts configuration for fine-tuning web server behavior.

Enhanced API Endpoints (#2530, #2632, #2466) – Multiple API improvements including better error handling, optional restart parameters, and enhanced response formatting.

Web documentation for the config file – https://docs.pi-hole.net/ftldns/configfile/ – we have added some automation and a Python script to parse the latest pihole-FTL config file and to keep the documentation up to date on the web

Performance & Reliability

Updated Core Components (#2544, #2576, #2592, #2570, #2587, #2603, #2614, #2621, #2579):
• SQLite3 updated to 3.50.4 for better database performance
• dnsmasq updated to v2.92test21 with latest fixes
• CivetWeb updated for improved web server functionality
• Migrate TOML library to tomlc17 (tomlc99 has been marked as deprecated)

Memory Management (#2617) – Improved memory handling throughout the codebase to reduce resource usage and improve stability.

Database Resilience (#2605, #2602, #2646) – Enhanced gravity database handling with custom SQLite busy callbacks and better error recovery.

Bug Fixes & Stability

• Fixed PTR query handling for .localhost domains (#2517)
• Resolved DHCP string processing issues (#2519)
• Fixed cache-optimizer query display in logs (#2619)
• Improved NTP IPv6 crash handling (#2569)
• Better foreign fork PR handling in CI (#2543)
• Enhanced debug output and logging throughout (#2594)

Diagnostics

Improved Debug Output (#2600, #2594) – More comprehensive debug information across networking, ARP processing, and system diagnostics.

Full Release Notes can be found below.

FTL v6.3

What’s Changed

• Tests – fix PTR test by @rrobgill in https://github.com/pi-hole/FTL/pull/2516
• Reply to address queries in .localhost domain (RFC6171) by @rrobgill in https://github.com/pi-hole/FTL/pull/2517
• dhcp-discover: Fix string processing by @rrobgill in https://github.com/pi-hole/FTL/pull/2519
• [RFC] Prevent .internal queries from being upstreamed. Draft draft-davies-internal-tld-03 by @Tooa in https://github.com/pi-hole/FTL/pull/2474
• Add dns.localise by @Manakuremati in https://github.com/pi-hole/FTL/pull/2524
• Webserver: Allow webhome to be root by @rrobgill in https://github.com/pi-hole/FTL/pull/2521
• api/network Avoid NULL string comparison logspam by @rrobgill in https://github.com/pi-hole/FTL/pull/2526
• request_info.is_authenticated needs to be initialized explicitly with… by @DL6ER in https://github.com/pi-hole/FTL/pull/2533
• Allow forcing color in CLI output by @DL6ER in https://github.com/pi-hole/FTL/pull/2538
• Simplify CI build by removing the composite action by @yubiuser in https://github.com/pi-hole/FTL/pull/2511
• Rename flushing arp > flushing network by @yubiuser in https://github.com/pi-hole/FTL/pull/2541
• Update embedded SQLite3 engine to 3.50.2 by @DL6ER in https://github.com/pi-hole/FTL/pull/2544
• Add pihole-FTL create-default-config option and use it to upload pihole.toml to ftl.pi-hole.net by @yubiuser in https://github.com/pi-hole/FTL/pull/2540
• Allow low-level header manipulation from Lua pages by @DL6ER in https://github.com/pi-hole/FTL/pull/2535
• Fix foreign fork PRs by @DL6ER in https://github.com/pi-hole/FTL/pull/2543
• Update package-lock.json to fix npm vuln by @XhmikosR in https://github.com/pi-hole/FTL/pull/2555
• Update rapidoc to v9.3.8 by @XhmikosR in https://github.com/pi-hole/FTL/pull/2556
• Add missing ‘took’ fields to API spec response examples by @tsutsu3 in https://github.com/pi-hole/FTL/pull/2466
• Remove domain type from domainNeeded help text by @yubiuser in https://github.com/pi-hole/FTL/pull/2564
• Update embedded dnsmasq to v2.92test16 by @DL6ER in https://github.com/pi-hole/FTL/pull/2570
• Config typo correction by @rrobgill in https://github.com/pi-hole/FTL/pull/2572
• Support IPv6 in the DHCP API by @DL6ER in https://github.com/pi-hole/FTL/pull/2554
• Add sigrtmin option by @jacklul in https://github.com/pi-hole/FTL/pull/2574
• NTP ipv6 crash fix – ntp reply & logging by @rrobgill in https://github.com/pi-hole/FTL/pull/2569
• Add ‘never-stale’ to stale issue exempt lable list by @yubiuser in https://github.com/pi-hole/FTL/pull/2578
• Upgrade TOML library to tomlc17 by @DL6ER in https://github.com/pi-hole/FTL/pull/2579
• Add warning to the config markdown by @yubiuser in https://github.com/pi-hole/FTL/pull/2580
• Automatically detect DNS interface when empty in pihole.toml by @DL6ER in https://github.com/pi-hole/FTL/pull/2456
• Make type a required parameter for PUT and DELETE /lists by @DL6ER in https://github.com/pi-hole/FTL/pull/2530
• Update embedded SQLite3 to 3.50.3 by @DL6ER in https://github.com/pi-hole/FTL/pull/2576
• Remove remaining traces of ARP flush by @yubiuser in https://github.com/pi-hole/FTL/pull/2545
• Improve CNAME behavior of pi.hole by @DL6ER in https://github.com/pi-hole/FTL/pull/2585
• Add colors to the –config output by @DL6ER in https://github.com/pi-hole/FTL/pull/2584
• fix: change type of disk parameter for GET /queries by @ninjack-dev in https://github.com/pi-hole/FTL/pull/2589
• Improve default CSP headers by @DL6ER in https://github.com/pi-hole/FTL/pull/2575
• Improve already running detection by @DL6ER in https://github.com/pi-hole/FTL/pull/2591
• Update embedded SQLite3 to 3.50.4 by @DL6ER in https://github.com/pi-hole/FTL/pull/2592
• Fix debug output association by @DL6ER in https://github.com/pi-hole/FTL/pull/2594
• Fix FTL running behing reverse-proxy with prefix by @DL6ER in https://github.com/pi-hole/FTL/pull/2595
• Update embedded dnsmasq by @DL6ER in https://github.com/pi-hole/FTL/pull/2587
• Implement netlink ARP cache handling by @DL6ER in https://github.com/pi-hole/FTL/pull/2600
• Add autocomplete feature by @DL6ER in https://github.com/pi-hole/FTL/pull/2593
• Update embedded dnsmasq to v2.92test19 by @DL6ER in https://github.com/pi-hole/FTL/pull/2603
• Fix dns.interface comment by @rdwebdesign in https://github.com/pi-hole/FTL/pull/2597
• Fix logic in automatic interface determination (when dns.interface = “”) by @DL6ER in https://github.com/pi-hole/FTL/pull/2607
• Fix default value autocomplete suggestions by @DL6ER in https://github.com/pi-hole/FTL/pull/2609
• Update dnsmasq to v2.92test21 by @DL6ER in https://github.com/pi-hole/FTL/pull/2614
• Fix cache-optimizer queries in Query Log by @DL6ER in https://github.com/pi-hole/FTL/pull/2619
• Update embedded CivetWeb by @DL6ER in https://github.com/pi-hole/FTL/pull/2621
• Do not set domainname when the kernel replies with “(none)” by @DL6ER in https://github.com/pi-hole/FTL/pull/2620
• Fix dns.hosts help text to show multiple hostnames per IP are allowed by @rdwebdesign in https://github.com/pi-hole/FTL/pull/2623
• Improve memory handling by @DL6ER in https://github.com/pi-hole/FTL/pull/2617
• Pin github actions to SHA by @yubiuser in https://github.com/pi-hole/FTL/pull/2615
• Bump the github_action-dependencies group across 1 directory with 6 updates by @dependabot[bot] in https://github.com/pi-hole/FTL/pull/2628
• Be more gracefully when validating dns_hosts by @yubiuser in https://github.com/pi-hole/FTL/pull/2624
• Implement automatic TLS/SSL certificate renewals by @DL6ER in https://github.com/pi-hole/FTL/pull/2463
• Fix HOSTS file rotation test which was hiding in fast runners by @yubiuser in https://github.com/pi-hole/FTL/pull/2630
• Suggest IP addresses instead of names for upstream by @DL6ER in https://github.com/pi-hole/FTL/pull/2444
• Make restarting optional in API config endpoints by @DL6ER in https://github.com/pi-hole/FTL/pull/2632
• Ensure queries with ID 0 are stored to the long-term queries database by @DL6ER in https://github.com/pi-hole/FTL/pull/2633
• Ensure we can log until the very end by @DL6ER in https://github.com/pi-hole/FTL/pull/2634
• Bump github/codeql-action from 3.30.3 to 3.30.5 in the github_action-dependencies group across 1 directory by @dependabot[bot] in https://github.com/pi-hole/FTL/pull/2636
• Fix long-term database insertion by @DL6ER in https://github.com/pi-hole/FTL/pull/2583
• Add webserver.advancedOpts by @DL6ER in https://github.com/pi-hole/FTL/pull/2635
• Add new dns.domain.local and rename dns.domain -> dns.domain.name by @DL6ER in https://github.com/pi-hole/FTL/pull/2531
• Bump the github_action-dependencies group across 1 directory with 3 updates by @dependabot[bot] in https://github.com/pi-hole/FTL/pull/2641
• Allow escaping special single-character wildcard “_” when doing partial matching by @DL6ER in https://github.com/pi-hole/FTL/pull/2550
• Expose both total and enabled for gravity tables by @DL6ER in https://github.com/pi-hole/FTL/pull/2177
• Improve gravity database resilience by @DL6ER in https://github.com/pi-hole/FTL/pull/2605
• Add custom SQLite busy callback by @DL6ER in https://github.com/pi-hole/FTL/pull/2602
• Add %MEM and %CPU of FTL to GET info/system by @DL6ER in https://github.com/pi-hole/FTL/pull/2645
• Try to load system load averages from /proc/loadavg first by @tpjanssen in https://github.com/pi-hole/FTL/pull/2644
• Fix database busy handler initialization by @DL6ER in https://github.com/pi-hole/FTL/pull/2646
• Fix POST /lists example by @DL6ER in https://github.com/pi-hole/FTL/pull/2649
• Improve CPU utilization reporting by @DL6ER in https://github.com/pi-hole/FTL/pull/2647
• Bump the github_action-dependencies group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/pi-hole/FTL/pull/2651
• Implement selection of TLS ciphers for mbedtls by @DL6ER in https://github.com/pi-hole/FTL/pull/2638
• Bump the github_action-dependencies group across 1 directory with 3 updates by @dependabot[bot] in https://github.com/pi-hole/FTL/pull/2654

New Contributors

• @Tooa made their first contribution in https://github.com/pi-hole/FTL/pull/2474
• @Manakuremati made their first contribution in https://github.com/pi-hole/FTL/pull/2524
• @ninjack-dev made their first contribution in https://github.com/pi-hole/FTL/pull/2589
• @tpjanssen made their first contribution in https://github.com/pi-hole/FTL/pull/2644

Full Changelog: https://github.com/pi-hole/FTL/compare/v6.2.3…v6.3

Core v6.2

What’s Changed

• Remove readonly from list.sh to avoid errors by @rdwebdesign in https://github.com/pi-hole/pi-hole/pull/6349
• Remove netcat from the list of dependencies by @darkexplosiveqwx in https://github.com/pi-hole/pi-hole/pull/6343
• Re-order authentication errors in verbose mode by @yubiuser in https://github.com/pi-hole/pi-hole/pull/6338
• Speed up pihole –query by @rrobgill in https://github.com/pi-hole/pi-hole/pull/6334
• Use RTMIN value provided by FTL when possible by @jacklul in https://github.com/pi-hole/pi-hole/pull/6358
• Speed up pihole api by @rrobgill in https://github.com/pi-hole/pi-hole/pull/6336
• Update man page – remove “reconfigure” option by @rdwebdesign in https://github.com/pi-hole/pi-hole/pull/6361
• Tweak ARP flushing function by @yubiuser in https://github.com/pi-hole/pi-hole/pull/6319
• Fix gravity and error on pihole-FTL –config failures by @yubiuser in https://github.com/pi-hole/pi-hole/pull/6352
• Use ‘true’/’false’ strings instead of 0/1 integers for boolean root user check in pihole command by @yubiuser in https://github.com/pi-hole/pi-hole/pull/6351
• Do not call pihole-FTL –config interactively by @DL6ER in https://github.com/pi-hole/pi-hole/pull/6368
• Explicitly check for the existence of FTL binary before attempting to stop it. Prevents warning message on fresh installs by @PromoFaux in https://github.com/pi-hole/pi-hole/pull/6364
• Add “setpassword” to pihole Bash completion by @deHakkelaar in https://github.com/pi-hole/pi-hole/pull/6369
• Add FTL bash autocomplete by @yubiuser in https://github.com/pi-hole/pi-hole/pull/6376
• Alpine Linux Support and Tests by @mgziminsky in https://github.com/pi-hole/pi-hole/pull/6275
• uninstall refactor and improvement by @rrobgill in https://github.com/pi-hole/pi-hole/pull/6339
• Fix typo found during install by @jbirddog in https://github.com/pi-hole/pi-hole/pull/6406
• Add Debian 13 Trixie to the test suite by @yubiuser in https://github.com/pi-hole/pi-hole/pull/6382
• Adjust .shellcheckrc to 0.11 and enable some optional checks by @yubiuser in https://github.com/pi-hole/pi-hole/pull/6374
• Use SHA to pin github actions by @yubiuser in https://github.com/pi-hole/pi-hole/pull/6392
• Rename views, upgrade gravity database and bump gravity database version by @DL6ER in https://github.com/pi-hole/pi-hole/pull/6386
• Tiny change to make prev2 also a local variable by @casperklein in https://github.com/pi-hole/pi-hole/pull/6420
• Fix gravity indention by @yubiuser in https://github.com/pi-hole/pi-hole/pull/6427

New Contributors

• @mgziminsky made their first contribution in https://github.com/pi-hole/pi-hole/pull/6275
• @jbirddog made their first contribution in https://github.com/pi-hole/pi-hole/pull/6406

Full Changelog: https://github.com/pi-hole/pi-hole/compare/v6.1.4…v6.2

Web v6.3

What’s Changed

• Clarify client description priorities on the groups/client interface by @DL6ER in https://github.com/pi-hole/web/pull/3521
• Remove superfluous settings-level-expert class by @yubiuser in https://github.com/pi-hole/web/pull/3503
• Remove link to rate limit documentation which does not add further etails by @yubiuser in https://github.com/pi-hole/web/pull/3526
• Add some color to gravity output by @yubiuser in https://github.com/pi-hole/web/pull/3530
• settings-system : Avoid division by zero in DNS metrics by @rrobgill in https://github.com/pi-hole/web/pull/3533
• Make the “Add to denied/allowed domains” buttons red and green by @darkexplosiveqwx in https://github.com/pi-hole/web/pull/3551
• Remove query type from domainNeeded option by @yubiuser in https://github.com/pi-hole/web/pull/3557
• Handle pie chart item style conditionally by @yubiuser in https://github.com/pi-hole/web/pull/3532
• Use label-primary for number of enabled list icon on sidebar by @yubiuser in https://github.com/pi-hole/web/pull/3563
• Use innerHTML instead of append to fix gravity color output by @yubiuser in https://github.com/pi-hole/web/pull/3566
• Trim whitespaces before adding custom DNS record by @yubiuser in https://github.com/pi-hole/web/pull/3569
• Bind address to new element instead of raw HTML construction by @DL6ER in https://github.com/pi-hole/web/pull/3567
• Use /flush/network instead of /flush/arp by @yubiuser in https://github.com/pi-hole/web/pull/3553
• Prevents getting stuck loading unlimited query log results by @ablankenship10 in https://github.com/pi-hole/web/pull/3592
• Fix 2FA icon styles #3431 by @idotj in https://github.com/pi-hole/web/pull/3585
• Fix header.lp closing head tag formatting by @h3xcat in https://github.com/pi-hole/web/pull/3607
• Fix the link on the upstream chart legend by @rdwebdesign in https://github.com/pi-hole/web/pull/3606
• Rename config key dns.domain > dns.domain.name by @yubiuser in https://github.com/pi-hole/web/pull/3611
• Improve line graph tooltip by @yubiuser in https://github.com/pi-hole/web/pull/3601
• Make DNSSEC icon conditional in Queries Log (redo of https://github.com/pi-hole/web/pull/3399/) by @yubiuser in https://github.com/pi-hole/web/pull/3535
• Query Log: The underscore is special by @DL6ER in https://github.com/pi-hole/web/pull/3578
• Fix addList function to include type in API request URL by @PromoFaux in https://github.com/pi-hole/web/pull/3620
• Pin github action to SHA by @yubiuser in https://github.com/pi-hole/web/pull/3593
• Adjust domain count according to pi-hole/FTL#2177 by @yubiuser in https://github.com/pi-hole/web/pull/3619
• Also pin editorconfigchecker by sha by @yubiuser in https://github.com/pi-hole/web/pull/3621
• Update FTL %cpu and %mem everytime total CPU stats are updated by @yubiuser in https://github.com/pi-hole/web/pull/3622
• Clarify uptime in container matching the host uptime with a tooltip by @yubiuser in https://github.com/pi-hole/web/pull/3624
• Adjust text BitWarden to Bitwarden by @jprusik in https://github.com/pi-hole/web/pull/3629

New Contributors

• @darkexplosiveqwx made their first contribution in https://github.com/pi-hole/web/pull/3551
• @ablankenship10 made their first contribution in https://github.com/pi-hole/web/pull/3592
• @idotj made their first contribution in https://github.com/pi-hole/web/pull/3585
• @h3xcat made their first contribution in https://github.com/pi-hole/web/pull/3607
• @jprusik made their first contribution in https://github.com/pi-hole/web/pull/3629

Full Changelog: https://github.com/pi-hole/web/compare/v6.2.1…v6.3

© 2026 Pi-hole.

Original source Report a problem

Pi-hole FTL v6.2, Web v6.2 and Core v6.1 Released!

As always, please read through the changelogs before updating with pihole -up.
(A new tag for docker image will follow shortly!)

Don’t forget, you can use Teleporter to export your configuration. It can be found under the settings menu of the web interface or on the command line with pihole-FTL --teleporter

FTL Changes

What’s Changed (FTL v6.2)

• Fix minor spelling mistake in API docs by @PromoFaux in #2399
• fix: batch request body spec by @tien in #2389
• fix: make getAuth security optional by @tien in #2388
• fix: incorrect session field requirements by @tien in #2387
• Add privacy_level to /padd endpoint by @yubiuser in #2402
• Parameter is called length not n in GET /queries by @DL6ER in #2407
• Fix duplicate web port information output in FTL startup by @PromoFaux in #2410
• Fix logfile warning port length truncation (bug #2408) by @rrobgill in #2409
• Remove dns.watch from upstream DNS server list by @rdwebdesign in #2411
• Prevent home.arpa queries from being upstreamed. RFC 8375 by @rrobgill in #2405
• Fix redirecting when redirecting from /admin/ to /admin/login and back by @DL6ER in #2415
• Move manual filtering to FTLs file parsing by @DL6ER in #2381
• Various small fixes by @DL6ER in #2392
• Update embedded dnsmasq to v2.92test2 by @DL6ER in #2417
• Fix signedness error in the NTP total round-trip delay calculation by @DL6ER in #2420
• Use webhome variable also on the API documentation page by @DL6ER in #2406
• Report RFC6598 shared address space as “Carrier-Grade NAT” by @rrobgill in #2423
• Fix mishanding of CONF_UINT16 config options by @shawnanastasio in #2426
• Feature/fix yocto cross build by @rehsack in #2425
• Update embedded civetweb by @DL6ER in #2428
• Check for existing NTP client when starting FTL by @DL6ER in #2416
• Validate received NTP packets for version and server synchronisation by @rrobgill in #2431
• Use CODEOWNERS instead of deprecated dependbot/reviewers by @yubiuser in #2437
• Modify how we use xxd to compile assets into the FTL binary by @DL6ER in #2446
• Update dnsmasq to v2.91test5 by @DL6ER in #2433
• Update embedded SQLite3 to 3.49.2 by @DL6ER in #2447
• Gravity: support for arbitrary HOSTS-like list formats by @DL6ER in #2439
• Set dns.interface to eth0 by default by @yubiuser in #2448
• Update embedded dnsmasq by @DL6ER in #2457
• Adjust write_to_file function to include the CA certificate by @nathansmeal in #2465
• Update SQLite to 3.50.0 by @DL6ER in #2469

New Contributors

• @tien made their first contribution in #2389
• @shawnanastasio made their first contribution in #2426
• @rehsack made their first contribution in #2425
• @nathansmeal made their first contribution in #2465

Full Changelog: v6.1...v6.2

Web Changes

What’s Changed (Web v6.2)

• Streamline actions, format and switch to Node.js 22 by @XhmikosR in #3357
• Remove remaining hard-coded /admin/ paths in the webinterface by @DL6ER in #3370
• Fix Local CNAME records records mistake by @yubiuser in #3367
• Fix concurrency issue about const apiUrl by @DL6ER in #3371
• groups-lists: remove unneeded HTML escape by @XhmikosR in #3379
• login.js: fix deprecated submit() usage by @XhmikosR in #3380
• Remove x-dns-prefetch-control meta tag by @XhmikosR in #3378
• group-domains: fix uncaught TypeError due to invalid URLs by @XhmikosR in #3383
• Replace remaining i element cases with em by @XhmikosR in #3381
• Revert the defer addition for now by @XhmikosR in #3382
• header: fix runtime error when query_string is null by @XhmikosR in #3395
• utils: fix typo in showAlert() by @XhmikosR in #3403
• queries: make the Advanced filtering button occupy all space by @XhmikosR in #3402
• Remove icheckbox related-code except for primary by @XhmikosR in #3387
• queries: add missing display: none by @XhmikosR in #3405
• Allow free input in upstream filter by @yubiuser in #3408
• Fix console warning when no password set by @PromoFaux in #3410
• Modernize JS and tighten things by @XhmikosR in #3388
• high-contrast.css: fix duplicate selector by @XhmikosR in #3411
• Remove unused CSS by @XhmikosR in #3420
• Add missing display: none for collapsed boxes by @XhmikosR in #3417
• Remove unused HTML elements by @XhmikosR in #3418
• Update chart.umd.js.map from npm by @XhmikosR in #3419
• settings-api: add missing end closing p tag by @XhmikosR in #3428
• settings-system: fix span end tag typo by @XhmikosR in #3427
• login: fix deprecated submit() function by @XhmikosR in #3425
• settings-api: fix deprecated keyup() function by @XhmikosR in #3424
• gravity: remove the unused ?go code by @XhmikosR in #3426
• disabled and checked are boolean attributes by @XhmikosR in #3434
• queries: replace the deprecated jQuery.parseJSON with JSON.parse by @XhmikosR in #3435
• package.json: sort deps by name by @XhmikosR in #3437
• Use CODEOWNERS instead of deprecated dependbot/reviewers by @yubiuser in #3433
• Add ‘Bug: Confirmed’ to stale exempt list by @yubiuser in #3432
• Various minor tweaks to the LCARS theme by @rdwebdesign in #3446
• queries: fix box markup by @XhmikosR in #3445
• Use the same default interface used by FTL if none is set in pihole.toml by @rdwebdesign in #3436
• Use font-weight: 600 by @XhmikosR in #3449
• Use mg.script_name to retrieve the scriptname by @rdwebdesign in #3447
• .user-header: use font-weight: 600 by @XhmikosR in #3450
• settings-system.js: remove unused overlay code by @XhmikosR in #3455
• settings-advanced: remove unused code by @XhmikosR in #3454
• index.lp: remove unused classes by @XhmikosR in #3453
• scripts/js/settings-dns-records.js: fix api url base by @onlyJakob in #3456
• Add hint about wildcard search in advanced query filtering by @yubiuser in #3452
• index: make tables stripped by @XhmikosR in #3438
• Replace invalid hostname to prevent XSS by @yubiuser in #3401
• settings-system: fix typo by @XhmikosR in #3460
• sidebar: increase logo size to prevent a reflow by @XhmikosR in #3407
• queries: improve link to search page by @XhmikosR in #3422
• Hide top tables depending on privacy level by @yubiuser in #3362
• settings-dns-records: fix typo by @XhmikosR in #3459
• Fix deprecated ready function by @XhmikosR in #3461
• utils: remove the unused objectToArray util by @XhmikosR in #3462
• utils: improve readability for validateIPv* functions by @XhmikosR in #3423
• settings-api: fix wrong code by @XhmikosR in #3463
• Use text() / textContent when we don’t need HTML by @XhmikosR in #3464
• footer: drop redundant addAdvancedInfo() call by @XhmikosR in #3467
• settings-system: remove unneeded span elements by @XhmikosR in #3468
• settings-dhcp: drop unused lookatme-text attribute by @XhmikosR in #3469
• settings-advanced.js: fix wrong role value by @XhmikosR in #3470
• settings-advanced: drop small element by @XhmikosR in #3472
• updateFtlInfo: remove unused code by @XhmikosR in #3474
• settings-level-expert: only toggle the expert elements by @XhmikosR in #3473
• Make use of the new format_path function to add the current page in body by @XhmikosR in #3390
• Use proper Object methods by @XhmikosR in #3441
• queries: minor grammar fix by @XhmikosR in #3477
• queries: change box to an info one by @XhmikosR in #3476
• Fix DataTables warning message in Network page by @rdwebdesign in #3475
• Fix broken themes by @rdwebdesign in #3479
• queries: drop non-existent elements code by @XhmikosR in #3478
• Reset update-hint text every time updateVersionInfo() function is executed by @rdwebdesign in #3480
• Use the same interface name used by FTL in DNS Settings page by @rdwebdesign in #3481
• messages: fix function call by @XhmikosR in #3482
• footer: rename label by @XhmikosR in #3486
• header_authenticated: change documentation icon to solid by @XhmikosR in #3488
• Remove horizontal line in hamburger menu by @yubiuser in #3491
• sidebar: move active class outside of class attribute conditional by @XhmikosR in #3492
• index: use sentence case for queries for consistency by @XhmikosR in #3493
• Add rel=”noreferrer” to external hyperlinks by @casperklein in #3495
• settings-level-expert: hide them by default by @XhmikosR in #3487

New Contributors

• @onlyJakob made their first contribution in #3456
• @casperklein made their first contribution in #3495

Full Changelog: v6.1...v6.2

Core Changes

What’s Changed (Core v6.1)

• build gravityDBfile_default like the other variables by @mwoolweaver in #6133
• Add CentOS 10 to test suite by @yubiuser in #6126
• Ensure gravity_Cleanup() checks the correct directory by @mwoolweaver in #6131
• Add recommended fields to the deb package by @yubiuser in #6054
• Add webserver log to piholeLogFlush.sh by @jacklul in #6049
• Update update.sh, updatecheck.sh and uninstall.sh to honour pihole.to… by @nexusgoblin in #5981
• Move list parsing entirely into FTL by @DL6ER in #6105
• Remove no-longer-needed pihole sudoers file by @PromoFaux in #6143
• versions file should readable by others (make pihole -v work for non-root users) by @yubiuser in #6002
• Reduce code duplication in piholeLogFlush by @PromoFaux in #6148
• Add ON DELETE CASCADE to FOREIGN KEY REFERENCES in gravity.db by @DL6ER in #6113
• Install on IPv6-only/DNS64/NAT64 system by @rrobgill in #6144
• Treat FTL return data as strings – part II by @yubiuser in #6184
• Remove duplicated code checking if adlist domain is blocked locally by @yubiuser in #6183
• Fix gravity waiting forever for DNS by @yubiuser in #6196
• Remove check for supported OS by @yubiuser in #6206
• Remove unused $target from gravity by @yubiuser in #6192
• Remove reference to telnet and chronometer in README by @rrobgill in #6188
• Add Fedora 42 to tests by @darkexplosiveqwx in #6177
• Extend .gitignore by @darkexplosiveqwx in #6215
• Use CODEOWNERS instead of deprecated dependbot/reviewers by @yubiuser in #6213
• Set dns.interface during installation by @yubiuser in #6216
• Allow alternative cron daemons on Debian by @z0rc in #6180
• Fix API logic in api.sh by @yubiuser in #6193
• Do not try to upgrade gravity if it does not exist by @yubiuser in #6218
• All gravity related files and dirs should be owned by pihole:pihole by @yubiuser in #6186
• Give FTL 60 seconds for graceful shutdown by @yubiuser in #6187
• Use shell parameter expansion to split http_code and payload for api.sh by @dschaper in #6230
• Change FTLcheckUpdate to use api.github.com and jq to retrieve tag_name by @rdwebdesign in #6229
• Update get_available_interfaces() to correctly filter loopback device (lo) by @PiotrTyrakowski in #6236
• Allow simple pihole api output, containing only the JSON payload by @rdwebdesign in #6096
• Function gravity_CheckDNSResolutionAvailable() should return 0 if DNS resolution is available by @rdwebdesign in #6240
• Use a more general method to determine whether systemd is the init system by @DL6ER in #6043
• Use PID1 to determine which command to use when toggeling services by @yubiuser in #6245
• Allow to get API URL from local.api.ftl even if DNS port has changed by @yubiuser in #6252

New Contributors

• @nexusgoblin made their first contribution in #5981
• @darkexplosiveqwx made their first contribution in #6177
• @z0rc made their first contribution in #6180

Full Changelog: v6.0.6...v6.1

Join the Community

Pi-hole thrives thanks to our vibrant and supportive community. Whether you’re looking to share your experience, get advice, or stay informed about the latest updates, there’s a place for you. Join the conversation on our official forum or connect with fellow users on our subreddit. We look forward to welcoming you!

Thank You for Your Support

We want to express our heartfelt thanks to everyone who has supported Pi-hole throughout the years.

Your community contributions and donations are the lifeblood of this project, allowing us to maintain and continually improve Pi-hole while keeping it free for everyone. If you’d like to contribute to our ongoing efforts, please consider donating through our official donation page. Every contribution, big or small, makes a significant difference in helping us deliver the best project that we can.

Thank you for being part of the Pi-hole community!

Original source Report a problem

We have now released FTL v6.2.3. This patch release contains fixes for almost all reported bugs (most importantly, it fixes a logging regression where types are missing from pihole.log as well as a crash in filter_servers() deep down in dnsmasq code).

Note:
If you had switched to FTL v6.1 or a different branch following the previous posts, you may now switch back the released version pihole checkout ftl master should get you to v6.2.3.

There is one remaining known issue about the behavior of server=/example.com/1.2.3.4 having changed which we are still working on with the maintainers of dnsmasq.

FTL Changes

• Relax the session cookie from SameSite=Strict to Lax by @DL6ER in #2471
• Allow unauthenticated access to non-admin LUA pages by @DL6ER in #2503
• ntp: ignore client version, always return a v4 packet by @rrobgill in #2505
• Store intermediate CNAME domain pointers in DNS cache by @DL6ER in #2461
• Run dependabot also on composite actions by @yubiuser in #2502
• Split FTL build and test on GHA by @yubiuser in #2498
• Remove pullapprove.yml by @yubiuser in #2499
• Speedup build and test by running RISCV on ARM64 by @yubiuser in #2501
• Simplify CI build process by @DL6ER in #2507
• Get latest dnsmasq updates by @DL6ER in #2509

Full Changelog: v6.2.2...v6.2.3

Join the Community
Pi-hole thrives thanks to our vibrant and supportive community. Whether you’re looking to share your experience, get advice, or stay informed about the latest updates, there’s a place for you. Join the conversation on our official forum or connect with fellow users on our subreddit. We look forward to welcoming you!

Thank You for Your Support
We want to express our heartfelt thanks to everyone who has supported Pi-hole throughout the years.
Your community contributions and donations are the lifeblood of this project, allowing us to maintain and continually improve Pi-hole while keeping it free for everyone. If you’d like to contribute to our ongoing efforts, please consider donating through our official donation page. Every contribution, big or small, makes a significant difference in helping us deliver the best project that we can.
Thank you for being part of the Pi-hole community!

Original source Report a problem

FTL v6.2.2 Release

Following on from our previous post, we have now released FTL v6.2.2, which contains fixes for some underlying bugs in dnsmasq that should now resolve the majority of cases where we have seen crashes. We have also downgraded the embedded version of SQLite from 3.50.0, as this was also causing issues.

Full details and converation around the issues can be found in pi-hole/FTL#2473

If you had switched to FTL v6.1 following the previous post, you may now switch back the released version pihole checkout ftl master should get you to v6.2.2

There are still a couple of outliers (pi-hole/FTL#2494, and pi-hole/FTL#2496) – though there is a fix on the FTL branch fix/filter_servers which should resolve those, though it is pending feedback. If you find that 6.2.2 still crashes for you, you are invited to try above branch with pihole checkout ftl fix/filter_servers and provide feedback on the above mentioned issues, or via our Discourse forum.

FTL Changes

This release addresses crashes reported in #2473 #2475 #2481 and friends.

What’s Changed

• Update build containers to Alpine 3.22 by @DL6ER in #2477
• Update dnsmasq to 2.92test11(-1) by @DL6ER in #2486
• Update dnsmasq to 2.92test11 by @DL6ER in #2489
• Revert the SQLite update to 3.50.0 as it is causing crashes for users by @DL6ER in #2488
• Update Lua to 5.4.8 (bugfix) by @DL6ER in #2491
• Fix typos in misc config settings by @rrobgill in #2485
• Display invalid character and offset correctly in hostname diagnosis by @rrobgill in #2484

Full Changelog: v6.2...v6.2.2

Join the Community

Pi-hole thrives thanks to our vibrant and supportive community. Whether you’re looking to share your experience, get advice, or stay informed about the latest updates, there’s a place for you. Join the conversation on our official forum or connect with fellow users on our subreddit. We look forward to welcoming you!

Thank You for Your Support

We want to express our heartfelt thanks to everyone who has supported Pi-hole throughout the years.
Your community contributions and donations are the lifeblood of this project, allowing us to maintain and continually improve Pi-hole while keeping it free for everyone. If you’d like to contribute to our ongoing efforts, please consider donating through our official donation page. Every contribution, big or small, makes a significant difference in helping us deliver the best project that we can.
Thank you for being part of the Pi-hole community!

Original source Report a problem

FTL Changes

What’s Changed (FTL v6.1)

• The domain pi.hole should be fully local by @DL6ER in #2331
• Add total CPU % to /info/system endpoint by @DL6ER in #2297
• Do not read empty values from versions file. Use null instead by @DL6ER in #2335
• Ensure proper shutdown when crashing in a thread by @DL6ER in #2332
• README.md: switch to the SVG logos by @XhmikosR in #2344
• Allow newlines in env vars as separator by @DL6ER in #2346
• Update npm dependencies by @XhmikosR in #2342
• Fix unlocking warning in /api/history/clients by @DL6ER in #2351
• Increase restrictions on POST /api/teleporter by @DL6ER in #2352
• Use keep-alive by @DL6ER in #2357
• Change default file serving behavior possibly breaking by @DL6ER in #2355
• Add new special permitted upstream filter for Query Log by @DL6ER in #2345
• Fix typo in json_macros.h for HTTP Status Code body return check by @Gabriel-H4 in #2338
• API validation: update CI by @XhmikosR in #2341
• Do not overwrite externally given MAKEFLAGS if set by @DL6ER in #2360
• Default-off 0x20 encoding by @DL6ER in #2365
• Simplify overTime processing by @DL6ER in #2353
• Tweak API documentation for /docs by @DL6ER in #2337
• Add Discovery of Designated Resolvers special zone blocking by @DL6ER in #2315
• Still save clients when database.maxDBdays is 0 by @DL6ER in #2367
• Add new Lua function pihole.format_path() by @DL6ER in #2370
• Do not update webserver.threads in-place by @DL6ER in #2368
• Update embedded dnsmasq to v2.91rc6 by @DL6ER in #2374
• Also set Expires= property for deleted cookies by @DL6ER in #2336
• Fix docs for lists batchDelete by @DL6ER in #2379
• Update dnsmasq tag to 2.91 by @DL6ER in #2380
• Allow prefix multiplexing behind reverse proxy by @DL6ER in #2319
• NTP – Provide correct stratum to clients by @rrobgill in #2386
• Set X-DNS-Prefetch-Control header by @yubiuser in #2396

New Contributors

• @XhmikosR made their first contribution in #2344
• @Gabriel-H4 made their first contribution in #2338

Full Changelog: v6.0.4...v6.1

Web Changes

What’s Changed (Web v6.1)

• Fix typo in DHCP settings page by @alexwhitman in #3279
• Live long and prosper by @PromoFaux in #3280
• Fix CPU% by @DL6ER in #3262
• Fix top lists links on the dashboard by @DL6ER in #3283
• Improve HTTPS detection behind reverse proxy by @DL6ER in #3285
• Improve CodeQL action by @XhmikosR in #3289
• package.json: properly configure xo and postcss by @XhmikosR in #3248
• Set default values for each property of versions object by @rdwebdesign in #3268
• Fix the text and icon used to report end-to-end encryption status (TLS/SSL) on the top menu by @rdwebdesign in #3288
• .gitattributes: enforce LF by @XhmikosR in #3282
• Sort IPv4 before IPv6 addresses on the network overview by @DL6ER in #3286
• Add missing img dimensions by @XhmikosR in #3294
• Sort interfaces by @DL6ER in #3284
• Remove the obsolete X-UA-Compatible meta tag by @XhmikosR in #3305
• logout.js: add missing preventDefault call by @XhmikosR in #3301
• Switch to Font Awesome CSS by @XhmikosR in #3300
• Ran autoprefixer by @XhmikosR in #3246
• testpr: run prefix script too by @XhmikosR in #3307
• Updated run gravity message when importing config in Teleporter by @jmui in #3312
• Fix a few CodeQL issues by @XhmikosR in #3290
• Remove trailing slash from void elements by @XhmikosR in #3315
• sidebar: fix missing span end-closing tags by @XhmikosR in #3316
• Fix stray - by @XhmikosR in #3318
• Fix issues found in LCARS theme after recent changes in CSS and HTML by @rdwebdesign in #3327
• Remove a few unused CSS rules from pi-hole.css and LCARS theme by @rdwebdesign in #3329
• Update browserslistc by @XhmikosR in #3322
• Use em instead of i and strong instead of b by @XhmikosR in #3321
• Update fonts by @XhmikosR in #3309
• Add missing rel=”noopener” for external links by @XhmikosR in #3333
• Allow path prefix multiplexing the dashboard and API by @DL6ER in #3269
• login.lp: remove mention of sudo by @XhmikosR in #3334
• Refactor assets loading by @XhmikosR in #3295
• queries: switch to a real button by @XhmikosR in #3339
• Logout: fix redirect by @XhmikosR in #3304
• sidebar: switch to a real button by @XhmikosR in #3342
• parseQueryString: switch to URLSearchParams and remove unused param by @XhmikosR in #3340
• Queries: user fieldtext directly by @XhmikosR in #3343
• Queries: escape querystatus.fieldtext by @XhmikosR in #3348
• Fix typo in advanced DNS help text by @yubiuser in #3350
• Set an upper limit on the number of rows returned for the query log by @PromoFaux in #3346
• Use pretty URLs when possible by @XhmikosR in #3351
• Use modernized waitMe plugin by @yubiuser in #3213
• Query Log: Add QUERY_EXTERNAL_BLOCKED_EDE15 rules by @DL6ER in #3347
• index: remove useless empty title attributes by @XhmikosR in #3352
• Remove meta http-equiv="cache-control" by @XhmikosR in #3353
• Regenerate package-lock.json with npm 10.9 by @XhmikosR in #3356

New Contributors

• @alexwhitman made their first contribution in #3279
• @jmui made their first contribution in #3312

Full Changelog: v6.0.2...v6.1

Core Changes

What’s Changed (Core v6.0.6)

• README.md: switch to the SVG logo by @XhmikosR in #6052
• version.sh: fix typo in comment by @XhmikosR in #6056
• Add trailing / when changing ownership of /etc/pihole by @casperklein in #6057
• Add 2FA handling to api.sh by @yubiuser in #6065
• Create webserver.log on FTL startup by @yubiuser in #6051
• Remove WEB_CALL from COL_TABLE by @yubiuser in #6062
• revert #6030 in preparation for docker-pi-hole #1794 by @mwoolweaver in #6086

New Contributors

• @casperklein made their first contribution in #6057

Full Changelog: v6.0.5...v6.0.6

Join the Community
Pi-hole thrives thanks to our vibrant and supportive community. Whether you’re looking to share your experience, get advice, or stay informed about the latest updates, there’s a place for you. Join the conversation on our official forum or connect with fellow users on our subreddit. We look forward to welcoming you!

Thank You for Your Support
We want to express our heartfelt thanks to everyone who has supported Pi-hole throughout the years.
Your community contributions and donations are the lifeblood of this project, allowing us to maintain and continually improve Pi-hole while keeping it free for everyone. If you’d like to contribute to our ongoing efforts, please consider donating through our official donation page. Every contribution, big or small, makes a significant difference in helping us deliver the best project that we can.
Thank you for being part of the Pi-hole community!

Original source Report a problem

Fixes

• Prevent gravity from failing due to an empty shell variable. #6191
  This fixes a case where calls to pihole -g failed during list downloads.
• Require privileged status (root or sudo) for all user calls to pihole. #6312
  This fixes cases where users are unable to change or update the admin password.
• Exit installation if FTL binary can not be downloaded. #6316
• Abort update if FTL branch does not exist. #6329
  These fix cases where the installation did not fully complete or an update left the installation with mismatched binary and repository versions. Both fixes contributed by @MichaIng
• Restore pihole -q function. #6284
  This fixes a case where running a query immediately failed with an error message for an unknown file.

Miscellaneous Fixes and Improvements

• Display output from FTL commands in color on the terminal. #6314
• Add note to final installation dialog box showing users where to find instructions for allowing a user to run Pi-hole commands without authentication. #6152
• Allow pihole tail to search for strings beginning with the hyphen character. #6318
  Contributed by @rrobgill
• Do not update the package cache on updates. #6282
• Improve default route detection in debugging process. #6303
  Contributed by @rrogbill
• Improve detecting loopback interfaces in the installer. #6269
  Contributed by @deHakkelaar

Original source Report a problem