Disable Version Information on WebInterface while logged out

(Couldn't find this type of request.)

Is there a way to hide the pi-hole Versions on the Web Interface while not logged in?

In my eyes I don't want everyone to be able to see on which version my pi-hole is running when visiting the Web Interface

Just curious; why is this a problem? Is your Pi-hole exposed to the internet?

My pi-hole is not exposed to the internet. In fact it is in the LAN, as most of the people probably have it. The issue for me is that, when there is an update, it shows this very clearly with the red "Update available" sentence next to the version. On top of that, if you click it you will be forwarded to the github page. On the one side it makes sense because you can see what has changed in the new version. On the other hand, if there is a new version which closes some critical vulnerabilities, everyone on my LAN can get access to this information. Sure some might say devices in your LAN are "trusted", which is untrue in my eyes.

From my security standpoint it is bad practice to enclose the version of any service/application.

I would counter that security through obscurity is an even worse practice.

I can partially agree with that. However, I don't see any advantage in putting the current versions on the front page. The best would be to have an option in the settings which, when activated, does not show the current versions on the front page, but shows it as soon as you're logged in.

I may have stated it wrongly. In my eyes Obscurity is acceptable as long as you're not authenticated. Except for the Admin it should be no ones business to know about the current versions running.

We'll track it as a feature request, and we'll track the popularity of the request.

Changing would require users to log in to the interface to see when they need to update. Adds another step.

1 Like