From 9e020af94daafd27bbca74de8cef080d96dddd0f Mon Sep 17 00:00:00 2001
From: kisfenyo <nagyfenyvesi.viktor@gmail.com>
Date: Sat, 6 Jun 2026 12:55:58 +0200
Subject: [PATCH] pihole: bump image to 2026.05.0 (dnsmasq CVE security
 release)

Pi-hole 2026.05.0 bundles FTL v6.6.2 which imports six upstream dnsmasq
security fixes, covering all publicly disclosed CVEs against the
dnsmasq 2.92/2.93 line. Per the upstream release notes the fixes are
"minimal, self-contained changes to the embedded dnsmasq sources. No
FTL-side configuration or API changes; users should see no observable
behavior change beyond the closed vulnerabilities."

Override the chart's default image.tag in helm/pihole/values.yaml (no
chart version bump). The pihole ArgoCD app is intentionally MANUAL
sync per Viktor's call -- after merge, sync the pihole app from the
ArgoCD UI to roll the pod over.

https://github.com/pi-hole/docker-pi-hole/releases/tag/2026.05.0

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 helm/pihole/values.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/helm/pihole/values.yaml b/helm/pihole/values.yaml
index b32c9c6..fbabaa1 100755
--- a/helm/pihole/values.yaml
+++ b/helm/pihole/values.yaml
@@ -1,4 +1,11 @@
 ---
+# Image tag override: bumps pihole/pihole to 2026.05.0 without changing
+# the chart version. The 2026.05.0 release bundles FTL v6.6.2 which
+# imports 6 upstream dnsmasq CVE fixes (covering the dnsmasq 2.92/2.93
+# disclosures). No FTL-side config or API changes per the release notes.
+# https://github.com/pi-hole/docker-pi-hole/releases/tag/2026.05.0
+image:
+  tag: "2026.05.0"
 DNS1: "1.1.1.1"   # Cloudflare
 DNS2: "8.8.8.8"   # Google
 DNS3: "9.9.9.9"   #Quad9