Add rate-limiting for TOTP validation#2719
Merged
Merged
Conversation
Signed-off-by: Dominik <dl6er@dl6er.de>
yubiuser
approved these changes
Nov 20, 2025
yubiuser
left a comment
Member
There was a problem hiding this comment.
Before
2025-11-20 19:49:22.505 UTC [1050182/T1064084] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:31.284 UTC [1050182/T1063980] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:32.290 UTC [1050182/T1063748] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:33.248 UTC [1050182/T1063976] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:34.148 UTC [1050182/T1063977] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:35.131 UTC [1050182/T1062885] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:36.059 UTC [1050182/T1063975] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:36.927 UTC [1050182/T1063979] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:37.852 UTC [1050182/T1063978] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:38.626 UTC [1050182/T1064084] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:39.400 UTC [1050182/T1063980] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:40.117 UTC [1050182/T1063748] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:40.823 UTC [1050182/T1063976] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:49:41.879 UTC [1050182/T1063977] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:51:04.085 UTC [1050182/T1062885] WARNING: API: Invalid 2FA token (key: unauthorized)
After
2025-11-20 19:51:59.186 UTC [1065514/T1065704] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:51:59.769 UTC [1065514/T1065704] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:00.421 UTC [1065514/T1065705] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:52:00.966 UTC [1065514/T1065704] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:01.551 UTC [1065514/T1065729] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:52:02.220 UTC [1065514/T1065705] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:52:02.590 UTC [1065514/T1065704] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:02.893 UTC [1065514/T1065729] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:03.112 UTC [1065514/T1065737] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:52:03.339 UTC [1065514/T1065705] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:03.511 UTC [1065514/T1065704] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:03.694 UTC [1065514/T1065729] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:03.911 UTC [1065514/T1065705] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:04.093 UTC [1065514/T1065760] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:52:04.285 UTC [1065514/T1065737] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:04.485 UTC [1065514/T1065704] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:04.675 UTC [1065514/T1065729] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:04.874 UTC [1065514/T1065705] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:05.386 UTC [1065514/T1065760] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:52:07.632 UTC [1065514/T1065737] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:52:07.825 UTC [1065514/T1065704] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:08.023 UTC [1065514/T1065729] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:52:08.058 UTC [1065514/T1065760] WARNING: API: Rate-limiting login attempts (key: rate_limiting)
2025-11-20 19:52:08.206 UTC [1065514/T1065705] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:08.249 UTC [1065514/T1065737] WARNING: API: Rate-limiting login attempts (key: rate_limiting)
2025-11-20 19:52:08.751 UTC [1065514/T1065704] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:08.930 UTC [1065514/T1065729] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:09.099 UTC [1065514/T1065760] WARNING: API: Invalid 2FA token (key: unauthorized)
2025-11-20 19:52:09.304 UTC [1065514/T1065705] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:09.494 UTC [1065514/T1065737] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:09.674 UTC [1065514/T1065704] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:09.842 UTC [1065514/T1065729] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:09.999 UTC [1065514/T1065760] WARNING: API: Rate-limiting 2FA token requests, try again later (key: rate_limiting)
2025-11-20 19:52:10.190 UTC [1065514/T1065705] WARNING: API: Invalid 2FA token (key: unauthorized)
|
This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there: https://discourse.pi-hole.net/t/pi-hole-ftl-v6-4-web-v6-4-and-core-v6-3-released/83680/1 |
github-actions Bot
pushed a commit
to bigbeartechworld/big-bear-universal-apps
that referenced
this pull request
Nov 30, 2025
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [pihole/pihole](https://redirect.github.com/pi-hole/docker-pi-hole) | patch | `2025.11.0` -> `2025.11.1` | --- ### Release Notes <details> <summary>pi-hole/docker-pi-hole (pihole/pihole)</summary> ### [`v2025.11.1`](https://redirect.github.com/pi-hole/docker-pi-hole/releases/tag/2025.11.1) [Compare Source](https://redirect.github.com/pi-hole/docker-pi-hole/compare/2025.11.0...2025.11.1) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed (Docker Specific) - Fix build status badge in readme by [@​nol166](https://redirect.github.com/nol166) in [#​1938](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1938) - Add RISCV back by [@​yubiuser](https://redirect.github.com/yubiuser) in [#​1939](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1939) - Improve FTL startup detection and log tailing by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [#​1940](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1940) - Set DNS listening mode to 'ALL' in docker-compose.yml example by [@​cornshakes](https://redirect.github.com/cornshakes) in [#​1946](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1946) - Add instructions for excluding Pi-hole from Watchtower updates by [@​chippy01](https://redirect.github.com/chippy01) in [#​1949](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1949) #### New Contributors - [@​nol166](https://redirect.github.com/nol166) made their first contribution in [#​1938](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1938) - [@​cornshakes](https://redirect.github.com/cornshakes) made their first contribution in [#​1946](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1946) - [@​chippy01](https://redirect.github.com/chippy01) made their first contribution in [#​1949](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1949) **Full Changelog**: <pi-hole/docker-pi-hole@2025.11.0...2025.11.1> *** <!-- Release notes generated using configuration in .github/release.yml at development --> #### What's Changed (FTL v6.4.1) - Fix API specs and example for dns.upstreams in config.yaml by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/FTL#2696](https://redirect.github.com/pi-hole/FTL/pull/2696) - gravity update - silently discard unicode BOM if present by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/FTL#2702](https://redirect.github.com/pi-hole/FTL/pull/2702) - Update embedded SQLite to 3.51.0 by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2704](https://redirect.github.com/pi-hole/FTL/pull/2704) - Get earliest query timestamp from database by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/FTL#2706](https://redirect.github.com/pi-hole/FTL/pull/2706) - Increase buffer length for query string by [@​mwoolweaver](https://redirect.github.com/mwoolweaver) in [pi-hole/FTL#2709](https://redirect.github.com/pi-hole/FTL/pull/2709) - Reduce DNS resolver locking during database interaction by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2700](https://redirect.github.com/pi-hole/FTL/pull/2700) - Make colour output optional in streaming gravity API call by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/FTL#2718](https://redirect.github.com/pi-hole/FTL/pull/2718) - api/dhcp/leases Allow for hwaddr > 48 bits by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/FTL#2724](https://redirect.github.com/pi-hole/FTL/pull/2724) - Add rate-limiting for TOTP validation by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2719](https://redirect.github.com/pi-hole/FTL/pull/2719) - Implement simple partial matching for regex in /api/search/{domain} by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2705](https://redirect.github.com/pi-hole/FTL/pull/2705) - Performance optimizations: string processing, memory management, and compiler flags by [@​Copilot](https://redirect.github.com/Copilot) in [pi-hole/FTL#2571](https://redirect.github.com/pi-hole/FTL/pull/2571) - Fix authentication redirect when webhome is / (fixes [#​2518](https://redirect.github.com/pi-hole/docker-pi-hole/issues/2518)) by [@​averyvigolo](https://redirect.github.com/averyvigolo) in [pi-hole/FTL#2610](https://redirect.github.com/pi-hole/FTL/pull/2610) - Reduce database locking and add timing debug setting by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2688](https://redirect.github.com/pi-hole/FTL/pull/2688) #### New Contributors - [@​mwoolweaver](https://redirect.github.com/mwoolweaver) made their first contribution in [pi-hole/FTL#2709](https://redirect.github.com/pi-hole/FTL/pull/2709) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [pi-hole/FTL#2571](https://redirect.github.com/pi-hole/FTL/pull/2571) - [@​averyvigolo](https://redirect.github.com/averyvigolo) made their first contribution in [pi-hole/FTL#2610](https://redirect.github.com/pi-hole/FTL/pull/2610) **Full Changelog**: <pi-hole/FTL@v6.3.3...v6.4> <!-- Release notes generated using configuration in .github/release.yml at master --> <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed (Web v6.4) - Start using commented tags for editorconfig-checker by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3643](https://redirect.github.com/pi-hole/web/pull/3643) - Remove some unused code (leftover from v5) by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/web#3636](https://redirect.github.com/pi-hole/web/pull/3636) - Make sure the table is redrawn after the dnssec API call returns by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/web#3645](https://redirect.github.com/pi-hole/web/pull/3645) - Add hint that partial matching may not return all possible results by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/web#3654](https://redirect.github.com/pi-hole/web/pull/3654) - Enable one-time code autofill for TOTP input by [@​sebastianlivoni](https://redirect.github.com/sebastianlivoni) in [pi-hole/web#3658](https://redirect.github.com/pi-hole/web/pull/3658) - Set "All Time " range for query log datepicker based on Database ranges (moment) by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/web#3657](https://redirect.github.com/pi-hole/web/pull/3657) - Request ANSI colour codes when calling gravity API by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/web#3662](https://redirect.github.com/pi-hole/web/pull/3662) - Pi-hole Web v6.4 by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/web#3670](https://redirect.github.com/pi-hole/web/pull/3670) #### New Contributors - [@​sebastianlivoni](https://redirect.github.com/sebastianlivoni) made their first contribution in [pi-hole/web#3658](https://redirect.github.com/pi-hole/web/pull/3658) **Full Changelog**: <pi-hole/web@v6.3...v6.4> #### What's Changed (Core v6.3) - Add Fedora 43 to test suite by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/pi-hole#6453](https://redirect.github.com/pi-hole/pi-hole/pull/6453) - Fix libcap capabilities not being granted on OpenRC distros by [@​Sparronator9999](https://redirect.github.com/Sparronator9999) in [pi-hole/pi-hole#6456](https://redirect.github.com/pi-hole/pi-hole/pull/6456) - systemd service - don't use deprecated PermissionsStartOnly by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/pi-hole#6465](https://redirect.github.com/pi-hole/pi-hole/pull/6465) - debug - speed up processing and display of file contents and services by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/pi-hole#6469](https://redirect.github.com/pi-hole/pi-hole/pull/6469) - Use port from dns.port in piholeDebug.sh by [@​darkexplosiveqwx](https://redirect.github.com/darkexplosiveqwx) in [pi-hole/pi-hole#6475](https://redirect.github.com/pi-hole/pi-hole/pull/6475) - Improve gravity tables presentation on the debug log by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/pi-hole#6460](https://redirect.github.com/pi-hole/pi-hole/pull/6460) #### New Contributors - [@​Sparronator9999](https://redirect.github.com/Sparronator9999) made their first contribution in [pi-hole/pi-hole#6456](https://redirect.github.com/pi-hole/pi-hole/pull/6456) **Full Changelog**: <pi-hole/pi-hole@v6.2.2...v6.3> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/bigbeartechworld/big-bear-universal-apps). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xOS45IiwidXBkYXRlZEluVmVyIjoiNDIuMTkuOSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwicmVub3ZhdGUiXX0=-->
github-actions Bot
pushed a commit
to bigbeartechworld/big-bear-universal-apps
that referenced
this pull request
Dec 1, 2025
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [jacklul/pihole](https://redirect.github.com/pi-hole/docker-pi-hole) | patch | `2025.11.0` -> `2025.11.1` | --- ### Release Notes <details> <summary>pi-hole/docker-pi-hole (jacklul/pihole)</summary> ### [`v2025.11.1`](https://redirect.github.com/pi-hole/docker-pi-hole/releases/tag/2025.11.1) [Compare Source](https://redirect.github.com/pi-hole/docker-pi-hole/compare/2025.11.0...2025.11.1) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed (Docker Specific) - Fix build status badge in readme by [@​nol166](https://redirect.github.com/nol166) in [#​1938](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1938) - Add RISCV back by [@​yubiuser](https://redirect.github.com/yubiuser) in [#​1939](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1939) - Improve FTL startup detection and log tailing by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [#​1940](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1940) - Set DNS listening mode to 'ALL' in docker-compose.yml example by [@​cornshakes](https://redirect.github.com/cornshakes) in [#​1946](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1946) - Add instructions for excluding Pi-hole from Watchtower updates by [@​chippy01](https://redirect.github.com/chippy01) in [#​1949](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1949) #### New Contributors - [@​nol166](https://redirect.github.com/nol166) made their first contribution in [#​1938](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1938) - [@​cornshakes](https://redirect.github.com/cornshakes) made their first contribution in [#​1946](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1946) - [@​chippy01](https://redirect.github.com/chippy01) made their first contribution in [#​1949](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1949) **Full Changelog**: <pi-hole/docker-pi-hole@2025.11.0...2025.11.1> *** <!-- Release notes generated using configuration in .github/release.yml at development --> #### What's Changed (FTL v6.4.1) - Fix API specs and example for dns.upstreams in config.yaml by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/FTL#2696](https://redirect.github.com/pi-hole/FTL/pull/2696) - gravity update - silently discard unicode BOM if present by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/FTL#2702](https://redirect.github.com/pi-hole/FTL/pull/2702) - Update embedded SQLite to 3.51.0 by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2704](https://redirect.github.com/pi-hole/FTL/pull/2704) - Get earliest query timestamp from database by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/FTL#2706](https://redirect.github.com/pi-hole/FTL/pull/2706) - Increase buffer length for query string by [@​mwoolweaver](https://redirect.github.com/mwoolweaver) in [pi-hole/FTL#2709](https://redirect.github.com/pi-hole/FTL/pull/2709) - Reduce DNS resolver locking during database interaction by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2700](https://redirect.github.com/pi-hole/FTL/pull/2700) - Make colour output optional in streaming gravity API call by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/FTL#2718](https://redirect.github.com/pi-hole/FTL/pull/2718) - api/dhcp/leases Allow for hwaddr > 48 bits by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/FTL#2724](https://redirect.github.com/pi-hole/FTL/pull/2724) - Add rate-limiting for TOTP validation by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2719](https://redirect.github.com/pi-hole/FTL/pull/2719) - Implement simple partial matching for regex in /api/search/{domain} by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2705](https://redirect.github.com/pi-hole/FTL/pull/2705) - Performance optimizations: string processing, memory management, and compiler flags by [@​Copilot](https://redirect.github.com/Copilot) in [pi-hole/FTL#2571](https://redirect.github.com/pi-hole/FTL/pull/2571) - Fix authentication redirect when webhome is / (fixes [#​2518](https://redirect.github.com/pi-hole/docker-pi-hole/issues/2518)) by [@​averyvigolo](https://redirect.github.com/averyvigolo) in [pi-hole/FTL#2610](https://redirect.github.com/pi-hole/FTL/pull/2610) - Reduce database locking and add timing debug setting by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2688](https://redirect.github.com/pi-hole/FTL/pull/2688) #### New Contributors - [@​mwoolweaver](https://redirect.github.com/mwoolweaver) made their first contribution in [pi-hole/FTL#2709](https://redirect.github.com/pi-hole/FTL/pull/2709) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [pi-hole/FTL#2571](https://redirect.github.com/pi-hole/FTL/pull/2571) - [@​averyvigolo](https://redirect.github.com/averyvigolo) made their first contribution in [pi-hole/FTL#2610](https://redirect.github.com/pi-hole/FTL/pull/2610) **Full Changelog**: <pi-hole/FTL@v6.3.3...v6.4> <!-- Release notes generated using configuration in .github/release.yml at master --> <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed (Web v6.4) - Start using commented tags for editorconfig-checker by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3643](https://redirect.github.com/pi-hole/web/pull/3643) - Remove some unused code (leftover from v5) by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/web#3636](https://redirect.github.com/pi-hole/web/pull/3636) - Make sure the table is redrawn after the dnssec API call returns by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/web#3645](https://redirect.github.com/pi-hole/web/pull/3645) - Add hint that partial matching may not return all possible results by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/web#3654](https://redirect.github.com/pi-hole/web/pull/3654) - Enable one-time code autofill for TOTP input by [@​sebastianlivoni](https://redirect.github.com/sebastianlivoni) in [pi-hole/web#3658](https://redirect.github.com/pi-hole/web/pull/3658) - Set "All Time " range for query log datepicker based on Database ranges (moment) by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/web#3657](https://redirect.github.com/pi-hole/web/pull/3657) - Request ANSI colour codes when calling gravity API by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/web#3662](https://redirect.github.com/pi-hole/web/pull/3662) - Pi-hole Web v6.4 by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/web#3670](https://redirect.github.com/pi-hole/web/pull/3670) #### New Contributors - [@​sebastianlivoni](https://redirect.github.com/sebastianlivoni) made their first contribution in [pi-hole/web#3658](https://redirect.github.com/pi-hole/web/pull/3658) **Full Changelog**: <pi-hole/web@v6.3...v6.4> #### What's Changed (Core v6.3) - Add Fedora 43 to test suite by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/pi-hole#6453](https://redirect.github.com/pi-hole/pi-hole/pull/6453) - Fix libcap capabilities not being granted on OpenRC distros by [@​Sparronator9999](https://redirect.github.com/Sparronator9999) in [pi-hole/pi-hole#6456](https://redirect.github.com/pi-hole/pi-hole/pull/6456) - systemd service - don't use deprecated PermissionsStartOnly by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/pi-hole#6465](https://redirect.github.com/pi-hole/pi-hole/pull/6465) - debug - speed up processing and display of file contents and services by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/pi-hole#6469](https://redirect.github.com/pi-hole/pi-hole/pull/6469) - Use port from dns.port in piholeDebug.sh by [@​darkexplosiveqwx](https://redirect.github.com/darkexplosiveqwx) in [pi-hole/pi-hole#6475](https://redirect.github.com/pi-hole/pi-hole/pull/6475) - Improve gravity tables presentation on the debug log by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/pi-hole#6460](https://redirect.github.com/pi-hole/pi-hole/pull/6460) #### New Contributors - [@​Sparronator9999](https://redirect.github.com/Sparronator9999) made their first contribution in [pi-hole/pi-hole#6456](https://redirect.github.com/pi-hole/pi-hole/pull/6456) **Full Changelog**: <pi-hole/pi-hole@v6.2.2...v6.3> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/bigbeartechworld/big-bear-universal-apps). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xOS45IiwidXBkYXRlZEluVmVyIjoiNDIuMTkuOSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwicmVub3ZhdGUiXX0=-->
github-actions Bot
pushed a commit
to bigbeartechworld/big-bear-universal-apps
that referenced
this pull request
Jan 25, 2026
…ag to v2025.11.1 This PR contains the following updates: | Package | Update | Change | |---|---|---| | [bigbeartechworld/big-bear-pihole-unbound](https://redirect.github.com/pi-hole/docker-pi-hole) | patch | `2025.11.0` → `2025.11.1` | --- ### Release Notes <details> <summary>pi-hole/docker-pi-hole (bigbeartechworld/big-bear-pihole-unbound)</summary> ### [`v2025.11.1`](https://redirect.github.com/pi-hole/docker-pi-hole/releases/tag/2025.11.1) [Compare Source](https://redirect.github.com/pi-hole/docker-pi-hole/compare/2025.11.0...2025.11.1) <!-- Release notes generated using configuration in .github/release.yml at master --> ##### What's Changed (Docker Specific) - Fix build status badge in readme by [@​nol166](https://redirect.github.com/nol166) in [#​1938](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1938) - Add RISCV back by [@​yubiuser](https://redirect.github.com/yubiuser) in [#​1939](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1939) - Improve FTL startup detection and log tailing by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [#​1940](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1940) - Set DNS listening mode to 'ALL' in docker-compose.yml example by [@​cornshakes](https://redirect.github.com/cornshakes) in [#​1946](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1946) - Add instructions for excluding Pi-hole from Watchtower updates by [@​chippy01](https://redirect.github.com/chippy01) in [#​1949](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1949) ##### New Contributors - [@​nol166](https://redirect.github.com/nol166) made their first contribution in [#​1938](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1938) - [@​cornshakes](https://redirect.github.com/cornshakes) made their first contribution in [#​1946](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1946) - [@​chippy01](https://redirect.github.com/chippy01) made their first contribution in [#​1949](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1949) **Full Changelog**: <pi-hole/docker-pi-hole@2025.11.0...2025.11.1> *** <!-- Release notes generated using configuration in .github/release.yml at development --> ##### What's Changed (FTL v6.4.1) - Fix API specs and example for dns.upstreams in config.yaml by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/FTL#2696](https://redirect.github.com/pi-hole/FTL/pull/2696) - gravity update - silently discard unicode BOM if present by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/FTL#2702](https://redirect.github.com/pi-hole/FTL/pull/2702) - Update embedded SQLite to 3.51.0 by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2704](https://redirect.github.com/pi-hole/FTL/pull/2704) - Get earliest query timestamp from database by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/FTL#2706](https://redirect.github.com/pi-hole/FTL/pull/2706) - Increase buffer length for query string by [@​mwoolweaver](https://redirect.github.com/mwoolweaver) in [pi-hole/FTL#2709](https://redirect.github.com/pi-hole/FTL/pull/2709) - Reduce DNS resolver locking during database interaction by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2700](https://redirect.github.com/pi-hole/FTL/pull/2700) - Make colour output optional in streaming gravity API call by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/FTL#2718](https://redirect.github.com/pi-hole/FTL/pull/2718) - api/dhcp/leases Allow for hwaddr > 48 bits by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/FTL#2724](https://redirect.github.com/pi-hole/FTL/pull/2724) - Add rate-limiting for TOTP validation by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2719](https://redirect.github.com/pi-hole/FTL/pull/2719) - Implement simple partial matching for regex in /api/search/{domain} by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2705](https://redirect.github.com/pi-hole/FTL/pull/2705) - Performance optimizations: string processing, memory management, and compiler flags by [@​Copilot](https://redirect.github.com/Copilot) in [pi-hole/FTL#2571](https://redirect.github.com/pi-hole/FTL/pull/2571) - Fix authentication redirect when webhome is / (fixes [#​2518](https://redirect.github.com/pi-hole/docker-pi-hole/issues/2518)) by [@​averyvigolo](https://redirect.github.com/averyvigolo) in [pi-hole/FTL#2610](https://redirect.github.com/pi-hole/FTL/pull/2610) - Reduce database locking and add timing debug setting by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2688](https://redirect.github.com/pi-hole/FTL/pull/2688) ##### New Contributors - [@​mwoolweaver](https://redirect.github.com/mwoolweaver) made their first contribution in [pi-hole/FTL#2709](https://redirect.github.com/pi-hole/FTL/pull/2709) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [pi-hole/FTL#2571](https://redirect.github.com/pi-hole/FTL/pull/2571) - [@​averyvigolo](https://redirect.github.com/averyvigolo) made their first contribution in [pi-hole/FTL#2610](https://redirect.github.com/pi-hole/FTL/pull/2610) **Full Changelog**: <pi-hole/FTL@v6.3.3...v6.4> <!-- Release notes generated using configuration in .github/release.yml at master --> <!-- Release notes generated using configuration in .github/release.yml at master --> ##### What's Changed (Web v6.4) - Start using commented tags for editorconfig-checker by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3643](https://redirect.github.com/pi-hole/web/pull/3643) - Remove some unused code (leftover from v5) by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/web#3636](https://redirect.github.com/pi-hole/web/pull/3636) - Make sure the table is redrawn after the dnssec API call returns by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/web#3645](https://redirect.github.com/pi-hole/web/pull/3645) - Add hint that partial matching may not return all possible results by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/web#3654](https://redirect.github.com/pi-hole/web/pull/3654) - Enable one-time code autofill for TOTP input by [@​sebastianlivoni](https://redirect.github.com/sebastianlivoni) in [pi-hole/web#3658](https://redirect.github.com/pi-hole/web/pull/3658) - Set "All Time " range for query log datepicker based on Database ranges (moment) by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/web#3657](https://redirect.github.com/pi-hole/web/pull/3657) - Request ANSI colour codes when calling gravity API by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/web#3662](https://redirect.github.com/pi-hole/web/pull/3662) - Pi-hole Web v6.4 by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [pi-hole/web#3670](https://redirect.github.com/pi-hole/web/pull/3670) ##### New Contributors - [@​sebastianlivoni](https://redirect.github.com/sebastianlivoni) made their first contribution in [pi-hole/web#3658](https://redirect.github.com/pi-hole/web/pull/3658) **Full Changelog**: <pi-hole/web@v6.3...v6.4> ##### What's Changed (Core v6.3) - Add Fedora 43 to test suite by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/pi-hole#6453](https://redirect.github.com/pi-hole/pi-hole/pull/6453) - Fix libcap capabilities not being granted on OpenRC distros by [@​Sparronator9999](https://redirect.github.com/Sparronator9999) in [pi-hole/pi-hole#6456](https://redirect.github.com/pi-hole/pi-hole/pull/6456) - systemd service - don't use deprecated PermissionsStartOnly by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/pi-hole#6465](https://redirect.github.com/pi-hole/pi-hole/pull/6465) - debug - speed up processing and display of file contents and services by [@​rrobgill](https://redirect.github.com/rrobgill) in [pi-hole/pi-hole#6469](https://redirect.github.com/pi-hole/pi-hole/pull/6469) - Use port from dns.port in piholeDebug.sh by [@​darkexplosiveqwx](https://redirect.github.com/darkexplosiveqwx) in [pi-hole/pi-hole#6475](https://redirect.github.com/pi-hole/pi-hole/pull/6475) - Improve gravity tables presentation on the debug log by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/pi-hole#6460](https://redirect.github.com/pi-hole/pi-hole/pull/6460) ##### New Contributors - [@​Sparronator9999](https://redirect.github.com/Sparronator9999) made their first contribution in [pi-hole/pi-hole#6456](https://redirect.github.com/pi-hole/pi-hole/pull/6456) **Full Changelog**: <pi-hole/pi-hole@v6.2.2...v6.3> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/bigbeartechworld/big-bear-universal-apps). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwicmVub3ZhdGUiXX0=-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this implement/fix?
Add rate-limiting (max 1/sec) for TOTP validation attempts. Note that this rate-limit applies only after already successful login using the first factor (password). This seeks to avoid a possibility of an DoS attack with known password when 2FA is enabled.
Related issue or feature (if applicable): N/A
Pull request in docs with documentation (if applicable): N/A
By submitting this pull request, I confirm the following:
git rebase)Checklist:
developmentbranch.