As always, please read through the changelogs before updating with pihole -up

Don’t forget, you can use Teleporter to export your configuration. It can be found under the settings menu of the web interface or on the command line with pihole-FTL --teleporter

Docker has been tagged as 2026.04.1

Highlights

This release is mostly about addressing two security advisories – one in FTL and one in Core. We’d like to thank the researchers who responsibly disclosed these issues.

Full details for both advisories can be found at the following links:

• pi-hole/pi-hole/security/advisories/GHSA-6w8x-p785-6pm4 reported by u/mjkim610
• pi-hole/FTL/security/advisories/GHSA-9cqv-839p-gpq2 reported by u/anuraagbaishya

Details of all other fixes can be found below!

FTL v6.6.1

What’s Changed

• Add new GET /api/config/_properties endpoint by u/DL6ER in #2356
• Fix thread-safety issues causing SIGSEGV under concurrent API load by u/DL6ER in #2835
• fix: fix rare race condition for SHM strings in API handlers by u/DL6ER in #2833
• Accept punycode domains that libidn2 rejects under IDNA2008 by u/DL6ER in #2838
• Improve shutdown diagnostics to identify SIGTERM source by u/DL6ER in #2839
• Resolve empty backtraces when addr2line is not installed by u/DL6ER in #2831
• Improve thread-safety for concurrent API requests by u/DL6ER in #2847
• Don’t skip device lookup when resolver.macNames is disabled by u/DL6ER in #2846
• Fix linker error when compiling w/o optimization by u/aeolio in #2850
• Clarify dns.blockESNI wording by u/darkexplosiveqwx in #2784
• Preserve log file path config when fopen fails by u/DL6ER in #2834

Security advisories

• GHSA-6w8x-p785-6pm4
  • Fixed with : pi-hole/FTL@88c569a and pi-hole/pi-hole@7ccb8dd
• GHSA-9cqv-839p-gpq2
  • Fixed with : pi-hole/FTL@0c46e4e

New Contributors

• u/darkexplosiveqwx made their first contribution in #2784

Full Changelog: v6.6…v6.6.1

Core v6.4.2

What’s Changed

• Fix ownership permissions for containing directories in fix_owner_per… by u/PromoFaux in #6589
• Remove reference to /usr/local/bin/COL_TABLE by u/darkexplosiveqwx in #6594
• Skip apt cache update when pihole-meta is current by u/PromoFaux in #6581
• Set versions in /etc/pihole/versions to null if script fails by u/yubiuser in #6550
• Wipe version file before creating a new one by u/yubiuser in #6538
• Remove redundant touching of logfiles from systemd Service by u/yubiuser in #6601
• Loosen requirements for local file access for gravity by u/yubiuser in #6430
• Fix permission for *.etag files after gravity run by u/yubiuser in #6353
• add logrotate to DEB and RPM dependencies by u/darkexplosiveqwx in #6524
• Improve gravity error message including curl exit code and errormsg by u/rdwebdesign in #6605

Security advisories

• GHSA-6w8x-p785-6pm4
  • Fixed with : pi-hole/pi-hole@7ccb8dd and pi-hole/FTL@88c569a

Full Changelog: v6.4.1…v6.4.2