Pi-hole web v5.7

• Remove adlists tab from settings page #1845
• footer.php: move FTL before Web Interface #1854 @XhmikosR
• Add forgotten target_blank #1884
• Add delete button to message table #1886
• Clarify that never forward non-FQDN only applies to A and AAAA queries #1887
• Simple maintenance improvements #1892 @a1346054
• Add background colors on Query log + switchable text coloring (as before) #1893 @PromoFaux @DL6ER
• Lift prefix limitaion for --rev-server #1897

All @yubiuser unless otherwise specified

Pi-hole web v5.6

• Password autocompletion #1785
• Try to obtain hostname for MAC clients #1793
• Improvement to readability of footer "update" command text #1797
• Added the option for an automatic dark mode based on the device status #1836
• Add reply type DNSSEC #1837
• Adding CORS support via environment variable #1822
• Fix domain validation method #1852
• Fix require func.php #1855
• Add interpretation for Pi-hole message type RATE_LIMIT #1859
• Stop timer when user reenabled blocking early #1863
• Fix TypeError if no extended DNS error is available #1862
• Import two fixes #1867
• Add new blocked by database status and NONE reply type #1869
• Add httponly = true to persistent login cookie #1875
• Apply htmlentities in a couple of places to prevent xss #1876
• Clarify how and when UQDN are forwarded with conditional forwarding #1873
• Less color for the Query Log #1872
• Add BLOB reply type #1871
• footer.php: move FTL before Web Interface #1854
• Remove adlists tab from settings page #1845

Pi-hole web v5.5.1

Hotfix release to address two security advisories:

GHSA-g3w6-q4fg-p8x8 - "Stored XSS Vulnerability in the Pi-hole Webinterface" reported by both Dariusz Gońda and @awareseven

GHSA-5cm9-6p3m-v259 - "(Authenticated) Remote Code Execution Possible in Web Interface 5.5" reported by @SchneiderSec

Pi-hole web v5.5

• Add details to adlist table #1673
• Don't count new status types as blocked queries in long-term data #1743
• Add hint for update command & documentation link #1749
• Add Pi-hole darker theme #1731
• Trim CNAME target input field value data #1759

Pi-hole web v5.4

This release contains some security patches, as reported by Veno Eivazian

• Properly escape possible user-input 22d7df9
• Prevent javascript XSS attacks aimed to steal the session ID d4e46df
• Regenerate session ID on successful login to prevent session fixation 64b3656

Pi-hole web v5.3.2

This release fixes Unknown (0) queries as reported in #1713

Reason: dnsmasq-v2.83+ forwards multiple queries to the same destination once and stores the other queries as duplicates. They do receive the answer later on, however, this is usually not logged (when log-queries=extra is enabled, there will be a warning about the duplicate). FTL v5.6 introduces a new reply type 14 = "already forwarded" to fix this.

Pi-hole web v5.3.1

• Fix #1705 (incorrect forwardest link) and add improved tooltip for #1706 (compute shares if parts are hidden) #1707 (@DL6ER)

Pi-hole Web v5.3

• Implement dark theme on the modal dialogs #1674 (@kevlg)
• Add more query type names to title of Query Log instead of "type " #1671 (@Daxtorim)
• Fix sorting by reply in Query Log #1669 (@Daxtorim)
• Change radius to 10px for a more modern look. #1691 (@Gontier-Julien)
• Remove unnecessary backround-color for the interface. #1692 (@Gontier-Julien)
• Fix gray space on the left side for cleaner look. #1693 (@Gontier-Julien)
• Fix charts overflowing. #1694 (@Gontier-Julien)

Pi-hole Web v5.2.2

• Change color of blocked queries in dashboard piechart forward destination to red #1594 (@yubiuser)
• Switch from fontawesome webfonts to SVG + JS #1619 (@notriddle)
• Show status of retried DNS queries in query log correctly #1646 (@dnhp)
• Require auth for recentBlocked function #1650 (@aidentwoods)
• Use hash_equals when comparing to pwhash from cookie #1652 (@aidantwoods)
• Validate target domain for CNAME records #1662 (@yubiuser)
• Fix transactions in groups.php #1664 (@DL6ER)

Pi-hole Web v5.2.1

• Improve documentation on Settings page #1642 (@DL6ER)