Fix client count inflation for rate-limited queries#2814
Merged
Conversation
This was referenced Mar 20, 2026
Member
|
Is the |
findClientID() increments client->count for every incoming query, including those that are immediately refused by the rate-limiter. Because rate-limited queries never create a query record, GC (gc.c) has nothing to decrement and the count inflates permanently. Undo the increment before the early return so the "Top Clients (total)" counter stays consistent with what Pi-hole actually processed. Fixes #2810 Signed-off-by: Dominik <dl6er@dl6er.de>
f25dbcb to
bc85e26
Compare
Member
Author
|
Thank you, I did them one after the other so this seems to have spilled. Force-pushed away 👍 |
This was
linked to
issues
Mar 20, 2026
rdwebdesign
approved these changes
Mar 20, 2026
|
This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there: https://discourse.pi-hole.net/t/pi-hole-ftl-v6-6-web-v6-5-and-core-v6-4-1-released/85626/1 |
github-actions Bot
pushed a commit
to bigbeartechworld/big-bear-universal-apps
that referenced
this pull request
Apr 5, 2026
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [jacklul/pihole](https://redirect.github.com/pi-hole/docker-pi-hole) | minor | `2026.02.0` → `2026.04.0` | --- ### Release Notes <details> <summary>pi-hole/docker-pi-hole (jacklul/pihole)</summary> ### [`v2026.04.0`](https://redirect.github.com/pi-hole/docker-pi-hole/releases/tag/2026.04.0) [Compare Source](https://redirect.github.com/pi-hole/docker-pi-hole/compare/2026.02.0...2026.04.0) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed (Docker Specific - all related to CI/build) - Group dependabot PRs to reduce PR spam by [@​yubiuser](https://redirect.github.com/yubiuser) in [#​2004](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2004) - ci: switch image publishing to docker/github-builder by [@​crazy-max](https://redirect.github.com/crazy-max) in [#​2008](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2008) - Readme Rework by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [#​1958](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1958) - Replace Python test suite with BATS and consolidate workflows by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [#​2009](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2009) - Add timeout to curl command in branch validation by [@​RynoCODE](https://redirect.github.com/RynoCODE) in [#​2011](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2011) - Use bats-assert library functions in BATS test suite by [@​Copilot](https://redirect.github.com/Copilot) in [#​2018](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2018) - ci: run build job on pull request event by [@​crazy-max](https://redirect.github.com/crazy-max) in [#​2021](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2021) - Update github-builder to v1.5.0 and enable fail-fast by [@​yubiuser](https://redirect.github.com/yubiuser) in [#​2022](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2022) #### New Contributors - [@​crazy-max](https://redirect.github.com/crazy-max) made their first contribution in [#​2008](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2008) - [@​RynoCODE](https://redirect.github.com/RynoCODE) made their first contribution in [#​2011](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2011) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [#​2018](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2018) **Full Changelog**: <pi-hole/docker-pi-hole@2026.02.0...2026.04.0> #### Component Release Notes <!-- Release notes generated using configuration in .github/release.yml at development --> #### What's Changed (FTL v6.6) - Fix possible resolver issue on armv5tel by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2781](https://redirect.github.com/pi-hole/FTL/pull/2781) - Introduce CMake options for optional dependencies by [@​aeolio](https://redirect.github.com/aeolio) in [pi-hole/FTL#2795](https://redirect.github.com/pi-hole/FTL/pull/2795) - Fix build without mbedtls \[v2] by [@​aeolio](https://redirect.github.com/aeolio) in [pi-hole/FTL#2796](https://redirect.github.com/pi-hole/FTL/pull/2796) - Fix overTime data when database.DBimport = false by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2788](https://redirect.github.com/pi-hole/FTL/pull/2788) - Fix cross-compilation issues w/ custom toolchain by [@​aeolio](https://redirect.github.com/aeolio) in [pi-hole/FTL#2797](https://redirect.github.com/pi-hole/FTL/pull/2797) - Add new option for controling name resolution via MAC address by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2790](https://redirect.github.com/pi-hole/FTL/pull/2790) - Fix obtaining client groups by name by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2791](https://redirect.github.com/pi-hole/FTL/pull/2791) - Ensure API sessions are restored before starting the HTTP server by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2803](https://redirect.github.com/pi-hole/FTL/pull/2803) - Add form-action 'self' to Content-Security-Policy by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/FTL#2804](https://redirect.github.com/pi-hole/FTL/pull/2804) - Add query\_frequency to /padd endpoint by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/FTL#2806](https://redirect.github.com/pi-hole/FTL/pull/2806) - Guard query-count counters against unsigned underflow by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2815](https://redirect.github.com/pi-hole/FTL/pull/2815) - Add universal crash backtrace via \_Unwind\_Backtrace by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2811](https://redirect.github.com/pi-hole/FTL/pull/2811) - config: show totp\_secret presence in CLI output by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2813](https://redirect.github.com/pi-hole/FTL/pull/2813) - Fix client count inflation for rate-limited queries by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2814](https://redirect.github.com/pi-hole/FTL/pull/2814) - Fix stack buffer overflow in get\_process\_name() by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2821](https://redirect.github.com/pi-hole/FTL/pull/2821) - Do not restart FTL while `pihole -g` is still ongoing by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2419](https://redirect.github.com/pi-hole/FTL/pull/2419) #### Security Advisories - [GHSA-r7g8-3fj7-m5qq - Authorization bypass: CLI API sessions can import Teleporter archives and modify configuration](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-r7g8-3fj7-m5qq) reported by [@​mzalzahrani](https://redirect.github.com/mzalzahrani) - Remote Code Execution (RCE) via Newline Injection in Multiple Configuration Parameters reported by [@​T0X1Cx](https://redirect.github.com/T0X1Cx) - [pi-hole/FTL/security/advisories/GHSA-vfmq-jrx3-wv3c](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-vfmq-jrx3-wv3c) - [pi-hole/FTL/security/advisories/GHSA-wxhv-w77q-6qwp](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-wxhv-w77q-6qwp) - [pi-hole/FTL/security/advisories/GHSA-28g5-gg88-wh5m](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-28g5-gg88-wh5m) - [pi-hole/FTL/security/advisories/GHSA-fqv2-qhfh-ghcj](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-fqv2-qhfh-ghcj) - [pi-hole/FTL/security/advisories/GHSA-23w8-7333-p9fj](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-23w8-7333-p9fj) #### New Contributors - [@​aeolio](https://redirect.github.com/aeolio) made their first contribution in [pi-hole/FTL#2795](https://redirect.github.com/pi-hole/FTL/pull/2795) **Full Changelog**: <pi-hole/FTL@v6.5...v6.6> <!-- Release notes generated using configuration in .github/release.yml at development --> #### What's Changed (Web v6.5) - Amend teleporter help text that the long-term data is not included by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3721](https://redirect.github.com/pi-hole/web/pull/3721) - Do not use 3 columns when boxed layout is used by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/web#3722](https://redirect.github.com/pi-hole/web/pull/3722) - Use <kbd>ENTER</kbd> instead of <kbd>⏎</kbd> by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3727](https://redirect.github.com/pi-hole/web/pull/3727) - Don't link to github releases if docker tag is nightly by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3718](https://redirect.github.com/pi-hole/web/pull/3718) - Do not try to compare component version when remote version info is not available by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3729](https://redirect.github.com/pi-hole/web/pull/3729) - Show loading overlay when adding/removing CNAME records as it requires a FTL restart by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3742](https://redirect.github.com/pi-hole/web/pull/3742) - fix: check on responseJSON when wrong password by [@​guybrush2105](https://redirect.github.com/guybrush2105) in [pi-hole/web#3693](https://redirect.github.com/pi-hole/web/pull/3693) - Remove the loggingButton from Settings > System > Actions by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3747](https://redirect.github.com/pi-hole/web/pull/3747) #### Security Advisories - Multiple Stored HTML Injections and XSS in different web interface pages reported by [@​andrejtomci](https://redirect.github.com/andrejtomci) - [GHSA-jx8x-mj2r-62vq - Stored HTML Injection in queries.js](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-jx8x-mj2r-62vq) - [GHSA-9rfm-c5g6-538p - Stored HTML attribute injection](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-9rfm-c5g6-538p) - [GHSA-px6w-85wp-ww9v - Stored XSS / HTML injection in the Network page/Dashboard](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-px6w-85wp-ww9v) - [GHSA-7xqw-r9pr-qv59 - Reflected XSS / HTML injection in taillog.js](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-7xqw-r9pr-qv59) (Also reported by [@​n1rwhex](https://redirect.github.com/n1rwhex) and [@​mzalzahrani](https://redirect.github.com/mzalzahrani)) #### New Contributors - [@​guybrush2105](https://redirect.github.com/guybrush2105) made their first contribution in [pi-hole/web#3693](https://redirect.github.com/pi-hole/web/pull/3693) **Full Changelog**: <pi-hole/web@v6.4.1...v6.5> <!-- Release notes generated using configuration in .github/release.yml at development --> #### What's Changed (Core v6.4.1) - Remove additional ':' from debug log system time output by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/pi-hole#6551](https://redirect.github.com/pi-hole/pi-hole/pull/6551) - Remove `readonly` from piholeNetworkFlush.sh to avoid error message by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/pi-hole#6554](https://redirect.github.com/pi-hole/pi-hole/pull/6554) - Add antigravity index by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/pi-hole#6573](https://redirect.github.com/pi-hole/pi-hole/pull/6573) - Fix return status capture of FTL check\_download exists by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/pi-hole#6572](https://redirect.github.com/pi-hole/pi-hole/pull/6572) - Remove misleading TODO comment for SetWebPassword by [@​10adnan75](https://redirect.github.com/10adnan75) in [pi-hole/pi-hole#6531](https://redirect.github.com/pi-hole/pi-hole/pull/6531) #### Security Advisories - [GHSA-c935-8g63-qp74 – Local Privilege Escalation](https://redirect.github.com/pi-hole/pi-hole/security/advisories/GHSA-c935-8g63-qp74) reported by [@​smittix](https://redirect.github.com/smittix) #### New Contributors - [@​10adnan75](https://redirect.github.com/10adnan75) made their first contribution in [pi-hole/pi-hole#6531](https://redirect.github.com/pi-hole/pi-hole/pull/6531) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [pi-hole/pi-hole#6580](https://redirect.github.com/pi-hole/pi-hole/pull/6580) **Full Changelog**: <pi-hole/pi-hole@v6.4...v6.4.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/bigbeartechworld/big-bear-universal-apps). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ1cGRhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyIsInJlbm92YXRlIl19-->
github-actions Bot
pushed a commit
to bigbeartechworld/big-bear-universal-apps
that referenced
this pull request
Apr 5, 2026
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [pihole/pihole](https://redirect.github.com/pi-hole/docker-pi-hole) | minor | `2026.02.0` → `2026.04.0` | --- ### Release Notes <details> <summary>pi-hole/docker-pi-hole (pihole/pihole)</summary> ### [`v2026.04.0`](https://redirect.github.com/pi-hole/docker-pi-hole/releases/tag/2026.04.0) [Compare Source](https://redirect.github.com/pi-hole/docker-pi-hole/compare/2026.02.0...2026.04.0) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed (Docker Specific - all related to CI/build) - Group dependabot PRs to reduce PR spam by [@​yubiuser](https://redirect.github.com/yubiuser) in [#​2004](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2004) - ci: switch image publishing to docker/github-builder by [@​crazy-max](https://redirect.github.com/crazy-max) in [#​2008](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2008) - Readme Rework by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [#​1958](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1958) - Replace Python test suite with BATS and consolidate workflows by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [#​2009](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2009) - Add timeout to curl command in branch validation by [@​RynoCODE](https://redirect.github.com/RynoCODE) in [#​2011](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2011) - Use bats-assert library functions in BATS test suite by [@​Copilot](https://redirect.github.com/Copilot) in [#​2018](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2018) - ci: run build job on pull request event by [@​crazy-max](https://redirect.github.com/crazy-max) in [#​2021](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2021) - Update github-builder to v1.5.0 and enable fail-fast by [@​yubiuser](https://redirect.github.com/yubiuser) in [#​2022](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2022) #### New Contributors - [@​crazy-max](https://redirect.github.com/crazy-max) made their first contribution in [#​2008](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2008) - [@​RynoCODE](https://redirect.github.com/RynoCODE) made their first contribution in [#​2011](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2011) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [#​2018](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2018) **Full Changelog**: <pi-hole/docker-pi-hole@2026.02.0...2026.04.0> #### Component Release Notes <!-- Release notes generated using configuration in .github/release.yml at development --> #### What's Changed (FTL v6.6) - Fix possible resolver issue on armv5tel by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2781](https://redirect.github.com/pi-hole/FTL/pull/2781) - Introduce CMake options for optional dependencies by [@​aeolio](https://redirect.github.com/aeolio) in [pi-hole/FTL#2795](https://redirect.github.com/pi-hole/FTL/pull/2795) - Fix build without mbedtls \[v2] by [@​aeolio](https://redirect.github.com/aeolio) in [pi-hole/FTL#2796](https://redirect.github.com/pi-hole/FTL/pull/2796) - Fix overTime data when database.DBimport = false by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2788](https://redirect.github.com/pi-hole/FTL/pull/2788) - Fix cross-compilation issues w/ custom toolchain by [@​aeolio](https://redirect.github.com/aeolio) in [pi-hole/FTL#2797](https://redirect.github.com/pi-hole/FTL/pull/2797) - Add new option for controling name resolution via MAC address by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2790](https://redirect.github.com/pi-hole/FTL/pull/2790) - Fix obtaining client groups by name by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2791](https://redirect.github.com/pi-hole/FTL/pull/2791) - Ensure API sessions are restored before starting the HTTP server by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2803](https://redirect.github.com/pi-hole/FTL/pull/2803) - Add form-action 'self' to Content-Security-Policy by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/FTL#2804](https://redirect.github.com/pi-hole/FTL/pull/2804) - Add query\_frequency to /padd endpoint by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/FTL#2806](https://redirect.github.com/pi-hole/FTL/pull/2806) - Guard query-count counters against unsigned underflow by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2815](https://redirect.github.com/pi-hole/FTL/pull/2815) - Add universal crash backtrace via \_Unwind\_Backtrace by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2811](https://redirect.github.com/pi-hole/FTL/pull/2811) - config: show totp\_secret presence in CLI output by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2813](https://redirect.github.com/pi-hole/FTL/pull/2813) - Fix client count inflation for rate-limited queries by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2814](https://redirect.github.com/pi-hole/FTL/pull/2814) - Fix stack buffer overflow in get\_process\_name() by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2821](https://redirect.github.com/pi-hole/FTL/pull/2821) - Do not restart FTL while `pihole -g` is still ongoing by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2419](https://redirect.github.com/pi-hole/FTL/pull/2419) #### Security Advisories - [GHSA-r7g8-3fj7-m5qq - Authorization bypass: CLI API sessions can import Teleporter archives and modify configuration](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-r7g8-3fj7-m5qq) reported by [@​mzalzahrani](https://redirect.github.com/mzalzahrani) - Remote Code Execution (RCE) via Newline Injection in Multiple Configuration Parameters reported by [@​T0X1Cx](https://redirect.github.com/T0X1Cx) - [pi-hole/FTL/security/advisories/GHSA-vfmq-jrx3-wv3c](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-vfmq-jrx3-wv3c) - [pi-hole/FTL/security/advisories/GHSA-wxhv-w77q-6qwp](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-wxhv-w77q-6qwp) - [pi-hole/FTL/security/advisories/GHSA-28g5-gg88-wh5m](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-28g5-gg88-wh5m) - [pi-hole/FTL/security/advisories/GHSA-fqv2-qhfh-ghcj](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-fqv2-qhfh-ghcj) - [pi-hole/FTL/security/advisories/GHSA-23w8-7333-p9fj](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-23w8-7333-p9fj) #### New Contributors - [@​aeolio](https://redirect.github.com/aeolio) made their first contribution in [pi-hole/FTL#2795](https://redirect.github.com/pi-hole/FTL/pull/2795) **Full Changelog**: <pi-hole/FTL@v6.5...v6.6> <!-- Release notes generated using configuration in .github/release.yml at development --> #### What's Changed (Web v6.5) - Amend teleporter help text that the long-term data is not included by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3721](https://redirect.github.com/pi-hole/web/pull/3721) - Do not use 3 columns when boxed layout is used by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/web#3722](https://redirect.github.com/pi-hole/web/pull/3722) - Use <kbd>ENTER</kbd> instead of <kbd>⏎</kbd> by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3727](https://redirect.github.com/pi-hole/web/pull/3727) - Don't link to github releases if docker tag is nightly by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3718](https://redirect.github.com/pi-hole/web/pull/3718) - Do not try to compare component version when remote version info is not available by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3729](https://redirect.github.com/pi-hole/web/pull/3729) - Show loading overlay when adding/removing CNAME records as it requires a FTL restart by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3742](https://redirect.github.com/pi-hole/web/pull/3742) - fix: check on responseJSON when wrong password by [@​guybrush2105](https://redirect.github.com/guybrush2105) in [pi-hole/web#3693](https://redirect.github.com/pi-hole/web/pull/3693) - Remove the loggingButton from Settings > System > Actions by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3747](https://redirect.github.com/pi-hole/web/pull/3747) #### Security Advisories - Multiple Stored HTML Injections and XSS in different web interface pages reported by [@​andrejtomci](https://redirect.github.com/andrejtomci) - [GHSA-jx8x-mj2r-62vq - Stored HTML Injection in queries.js](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-jx8x-mj2r-62vq) - [GHSA-9rfm-c5g6-538p - Stored HTML attribute injection](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-9rfm-c5g6-538p) - [GHSA-px6w-85wp-ww9v - Stored XSS / HTML injection in the Network page/Dashboard](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-px6w-85wp-ww9v) - [GHSA-7xqw-r9pr-qv59 - Reflected XSS / HTML injection in taillog.js](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-7xqw-r9pr-qv59) (Also reported by [@​n1rwhex](https://redirect.github.com/n1rwhex) and [@​mzalzahrani](https://redirect.github.com/mzalzahrani)) #### New Contributors - [@​guybrush2105](https://redirect.github.com/guybrush2105) made their first contribution in [pi-hole/web#3693](https://redirect.github.com/pi-hole/web/pull/3693) **Full Changelog**: <pi-hole/web@v6.4.1...v6.5> <!-- Release notes generated using configuration in .github/release.yml at development --> #### What's Changed (Core v6.4.1) - Remove additional ':' from debug log system time output by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/pi-hole#6551](https://redirect.github.com/pi-hole/pi-hole/pull/6551) - Remove `readonly` from piholeNetworkFlush.sh to avoid error message by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/pi-hole#6554](https://redirect.github.com/pi-hole/pi-hole/pull/6554) - Add antigravity index by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/pi-hole#6573](https://redirect.github.com/pi-hole/pi-hole/pull/6573) - Fix return status capture of FTL check\_download exists by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/pi-hole#6572](https://redirect.github.com/pi-hole/pi-hole/pull/6572) - Remove misleading TODO comment for SetWebPassword by [@​10adnan75](https://redirect.github.com/10adnan75) in [pi-hole/pi-hole#6531](https://redirect.github.com/pi-hole/pi-hole/pull/6531) #### Security Advisories - [GHSA-c935-8g63-qp74 – Local Privilege Escalation](https://redirect.github.com/pi-hole/pi-hole/security/advisories/GHSA-c935-8g63-qp74) reported by [@​smittix](https://redirect.github.com/smittix) #### New Contributors - [@​10adnan75](https://redirect.github.com/10adnan75) made their first contribution in [pi-hole/pi-hole#6531](https://redirect.github.com/pi-hole/pi-hole/pull/6531) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [pi-hole/pi-hole#6580](https://redirect.github.com/pi-hole/pi-hole/pull/6580) **Full Changelog**: <pi-hole/pi-hole@v6.4...v6.4.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/bigbeartechworld/big-bear-universal-apps). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ1cGRhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyIsInJlbm92YXRlIl19-->
github-actions Bot
pushed a commit
to bigbeartechworld/big-bear-universal-apps
that referenced
this pull request
Apr 7, 2026
…ag to v2026.04.0 This PR contains the following updates: | Package | Update | Change | |---|---|---| | [bigbeartechworld/big-bear-pihole-unbound](https://redirect.github.com/pi-hole/docker-pi-hole) | minor | `2026.02.0` → `2026.04.0` | --- ### Release Notes <details> <summary>pi-hole/docker-pi-hole (bigbeartechworld/big-bear-pihole-unbound)</summary> ### [`v2026.04.0`](https://redirect.github.com/pi-hole/docker-pi-hole/releases/tag/2026.04.0) [Compare Source](https://redirect.github.com/pi-hole/docker-pi-hole/compare/2026.02.0...2026.04.0) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed (Docker Specific - all related to CI/build) - Group dependabot PRs to reduce PR spam by [@​yubiuser](https://redirect.github.com/yubiuser) in [#​2004](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2004) - ci: switch image publishing to docker/github-builder by [@​crazy-max](https://redirect.github.com/crazy-max) in [#​2008](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2008) - Readme Rework by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [#​1958](https://redirect.github.com/pi-hole/docker-pi-hole/pull/1958) - Replace Python test suite with BATS and consolidate workflows by [@​PromoFaux](https://redirect.github.com/PromoFaux) in [#​2009](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2009) - Add timeout to curl command in branch validation by [@​RynoCODE](https://redirect.github.com/RynoCODE) in [#​2011](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2011) - Use bats-assert library functions in BATS test suite by [@​Copilot](https://redirect.github.com/Copilot) in [#​2018](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2018) - ci: run build job on pull request event by [@​crazy-max](https://redirect.github.com/crazy-max) in [#​2021](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2021) - Update github-builder to v1.5.0 and enable fail-fast by [@​yubiuser](https://redirect.github.com/yubiuser) in [#​2022](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2022) #### New Contributors - [@​crazy-max](https://redirect.github.com/crazy-max) made their first contribution in [#​2008](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2008) - [@​RynoCODE](https://redirect.github.com/RynoCODE) made their first contribution in [#​2011](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2011) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [#​2018](https://redirect.github.com/pi-hole/docker-pi-hole/pull/2018) **Full Changelog**: <pi-hole/docker-pi-hole@2026.02.0...2026.04.0> #### Component Release Notes <!-- Release notes generated using configuration in .github/release.yml at development --> #### What's Changed (FTL v6.6) - Fix possible resolver issue on armv5tel by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2781](https://redirect.github.com/pi-hole/FTL/pull/2781) - Introduce CMake options for optional dependencies by [@​aeolio](https://redirect.github.com/aeolio) in [pi-hole/FTL#2795](https://redirect.github.com/pi-hole/FTL/pull/2795) - Fix build without mbedtls \[v2] by [@​aeolio](https://redirect.github.com/aeolio) in [pi-hole/FTL#2796](https://redirect.github.com/pi-hole/FTL/pull/2796) - Fix overTime data when database.DBimport = false by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2788](https://redirect.github.com/pi-hole/FTL/pull/2788) - Fix cross-compilation issues w/ custom toolchain by [@​aeolio](https://redirect.github.com/aeolio) in [pi-hole/FTL#2797](https://redirect.github.com/pi-hole/FTL/pull/2797) - Add new option for controling name resolution via MAC address by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2790](https://redirect.github.com/pi-hole/FTL/pull/2790) - Fix obtaining client groups by name by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2791](https://redirect.github.com/pi-hole/FTL/pull/2791) - Ensure API sessions are restored before starting the HTTP server by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2803](https://redirect.github.com/pi-hole/FTL/pull/2803) - Add form-action 'self' to Content-Security-Policy by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/FTL#2804](https://redirect.github.com/pi-hole/FTL/pull/2804) - Add query\_frequency to /padd endpoint by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/FTL#2806](https://redirect.github.com/pi-hole/FTL/pull/2806) - Guard query-count counters against unsigned underflow by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2815](https://redirect.github.com/pi-hole/FTL/pull/2815) - Add universal crash backtrace via \_Unwind\_Backtrace by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2811](https://redirect.github.com/pi-hole/FTL/pull/2811) - config: show totp\_secret presence in CLI output by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2813](https://redirect.github.com/pi-hole/FTL/pull/2813) - Fix client count inflation for rate-limited queries by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2814](https://redirect.github.com/pi-hole/FTL/pull/2814) - Fix stack buffer overflow in get\_process\_name() by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2821](https://redirect.github.com/pi-hole/FTL/pull/2821) - Do not restart FTL while `pihole -g` is still ongoing by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/FTL#2419](https://redirect.github.com/pi-hole/FTL/pull/2419) #### Security Advisories - [GHSA-r7g8-3fj7-m5qq - Authorization bypass: CLI API sessions can import Teleporter archives and modify configuration](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-r7g8-3fj7-m5qq) reported by [@​mzalzahrani](https://redirect.github.com/mzalzahrani) - Remote Code Execution (RCE) via Newline Injection in Multiple Configuration Parameters reported by [@​T0X1Cx](https://redirect.github.com/T0X1Cx) - [pi-hole/FTL/security/advisories/GHSA-vfmq-jrx3-wv3c](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-vfmq-jrx3-wv3c) - [pi-hole/FTL/security/advisories/GHSA-wxhv-w77q-6qwp](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-wxhv-w77q-6qwp) - [pi-hole/FTL/security/advisories/GHSA-28g5-gg88-wh5m](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-28g5-gg88-wh5m) - [pi-hole/FTL/security/advisories/GHSA-fqv2-qhfh-ghcj](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-fqv2-qhfh-ghcj) - [pi-hole/FTL/security/advisories/GHSA-23w8-7333-p9fj](https://redirect.github.com/pi-hole/FTL/security/advisories/GHSA-23w8-7333-p9fj) #### New Contributors - [@​aeolio](https://redirect.github.com/aeolio) made their first contribution in [pi-hole/FTL#2795](https://redirect.github.com/pi-hole/FTL/pull/2795) **Full Changelog**: <pi-hole/FTL@v6.5...v6.6> <!-- Release notes generated using configuration in .github/release.yml at development --> #### What's Changed (Web v6.5) - Amend teleporter help text that the long-term data is not included by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3721](https://redirect.github.com/pi-hole/web/pull/3721) - Do not use 3 columns when boxed layout is used by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/web#3722](https://redirect.github.com/pi-hole/web/pull/3722) - Use <kbd>ENTER</kbd> instead of <kbd>⏎</kbd> by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3727](https://redirect.github.com/pi-hole/web/pull/3727) - Don't link to github releases if docker tag is nightly by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3718](https://redirect.github.com/pi-hole/web/pull/3718) - Do not try to compare component version when remote version info is not available by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3729](https://redirect.github.com/pi-hole/web/pull/3729) - Show loading overlay when adding/removing CNAME records as it requires a FTL restart by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3742](https://redirect.github.com/pi-hole/web/pull/3742) - fix: check on responseJSON when wrong password by [@​guybrush2105](https://redirect.github.com/guybrush2105) in [pi-hole/web#3693](https://redirect.github.com/pi-hole/web/pull/3693) - Remove the loggingButton from Settings > System > Actions by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/web#3747](https://redirect.github.com/pi-hole/web/pull/3747) #### Security Advisories - Multiple Stored HTML Injections and XSS in different web interface pages reported by [@​andrejtomci](https://redirect.github.com/andrejtomci) - [GHSA-jx8x-mj2r-62vq - Stored HTML Injection in queries.js](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-jx8x-mj2r-62vq) - [GHSA-9rfm-c5g6-538p - Stored HTML attribute injection](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-9rfm-c5g6-538p) - [GHSA-px6w-85wp-ww9v - Stored XSS / HTML injection in the Network page/Dashboard](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-px6w-85wp-ww9v) - [GHSA-7xqw-r9pr-qv59 - Reflected XSS / HTML injection in taillog.js](https://redirect.github.com/pi-hole/web/security/advisories/GHSA-7xqw-r9pr-qv59) (Also reported by [@​n1rwhex](https://redirect.github.com/n1rwhex) and [@​mzalzahrani](https://redirect.github.com/mzalzahrani)) #### New Contributors - [@​guybrush2105](https://redirect.github.com/guybrush2105) made their first contribution in [pi-hole/web#3693](https://redirect.github.com/pi-hole/web/pull/3693) **Full Changelog**: <pi-hole/web@v6.4.1...v6.5> <!-- Release notes generated using configuration in .github/release.yml at development --> #### What's Changed (Core v6.4.1) - Remove additional ':' from debug log system time output by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/pi-hole#6551](https://redirect.github.com/pi-hole/pi-hole/pull/6551) - Remove `readonly` from piholeNetworkFlush.sh to avoid error message by [@​rdwebdesign](https://redirect.github.com/rdwebdesign) in [pi-hole/pi-hole#6554](https://redirect.github.com/pi-hole/pi-hole/pull/6554) - Add antigravity index by [@​DL6ER](https://redirect.github.com/DL6ER) in [pi-hole/pi-hole#6573](https://redirect.github.com/pi-hole/pi-hole/pull/6573) - Fix return status capture of FTL check\_download exists by [@​yubiuser](https://redirect.github.com/yubiuser) in [pi-hole/pi-hole#6572](https://redirect.github.com/pi-hole/pi-hole/pull/6572) - Remove misleading TODO comment for SetWebPassword by [@​10adnan75](https://redirect.github.com/10adnan75) in [pi-hole/pi-hole#6531](https://redirect.github.com/pi-hole/pi-hole/pull/6531) #### Security Advisories - [GHSA-c935-8g63-qp74 – Local Privilege Escalation](https://redirect.github.com/pi-hole/pi-hole/security/advisories/GHSA-c935-8g63-qp74) reported by [@​smittix](https://redirect.github.com/smittix) #### New Contributors - [@​10adnan75](https://redirect.github.com/10adnan75) made their first contribution in [pi-hole/pi-hole#6531](https://redirect.github.com/pi-hole/pi-hole/pull/6531) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [pi-hole/pi-hole#6580](https://redirect.github.com/pi-hole/pi-hole/pull/6580) **Full Changelog**: <pi-hole/pi-hole@v6.4...v6.4.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/bigbeartechworld/big-bear-universal-apps). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ1cGRhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyIsInJlbm92YXRlIl19-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this implement/fix?
findClientID()incrementsclient->countfor every incoming query, including those that are immediately refused by the rate-limiter. Because rate-limited queries never create a query record, GC has nothing to decrement and the count inflates permanently.Undo the increment before the early return so the "Top Clients (total)" counter stays consistent with what Pi-hole actually processed.
Related issue or feature (if applicable): Fixes #2801 #2810
Pull request in docs with documentation (if applicable): N/A
By submitting this pull request, I confirm the following:
git rebase)Checklist:
developmentbranch.