New Features

macOS 26 Tahoe

• Menu icons are now displayed throughout the app on macOS Tahoe, including the main menu, context menus in the rule list and sidebar, and the connection list context menus in Network Monitor.
• The menu icons are slightly enlarged (compared to the rather tiny standard size on macOS Tahoe), which results in a crisper, easier to read appearance that is in general much more pleasing to the eye.
• If you prefer not to have icons in these menus, you can turn them off with the following Terminal commands:

  defaults write at.obdev.littlesnitch NSMenuEnableActionImages -bool false
  defaults write at.obdev.littlesnitch.networkmonitor NSMenuEnableActionImages -bool false

Rules & Configuration

• Unlock Configuration Until Quit: You can now temporarily unlock a locked configuration for the duration of the current session via the menu bar, without permanently disabling the lock.
• Change locked settings with authentication: Locked settings in the Control Center can now be changed directly with Touch ID or password authentication, without having to unlock the entire configuration first.
• Copy rules between profiles via drag & drop: Holding the Option key while dragging rules to another profile now creates a copy of the rule in the destination profile, instead of moving it.
• Hourly update interval for blocklists and remote rule groups: In addition to the existing daily update schedule, blocklists and remote rule groups can now be configured to update hourly.

Network & Security

• Biometric Authentication for Software Update: The Software Update process now supports Touch ID / Face ID authentication.
• DNS4EU: The dns0.eu encryption service has discontinued its operations. Its DNS encryption preset has therefore been replaced with DNS4EU, which provides unfiltered DNS resolution in compliance with European data protection standards.
• Unfiltered Quad9 DoH and DoT: The Quad9 DNS encryption preset now uses the unfiltered Quad9 endpoints (9.9.9.10 / 149.112.112.10).

Improvements

Network Monitor

• App connection nodes are now automatically expanded when the “From Now” filter mode is active.
• Connections to 0.0.0.0 are no longer shown in Network Monitor.
• Improved selection behavior in the connection list.
• Path information for a connection is now displayed as two separate entries in the inspector: the main executable path and the “via” path (e.g., for helper processes).
• The “Include local network traffic” option in Settings > Monitor now affects both the connection list and the traffic shown in the status menu. The separate setting in Settings > Status Menu has been removed.

Rules Window

• When a new rule is added, the UI now automatically switches to the sidebar group or profile where the rule was added.
• When editing a rule and changing the destination type to domain, hostname, or unicast address, the destination text field is now automatically focused for faster editing.
• A “Confirm” button has been added to the Notes editor in the inspector, so changes can be confirmed more straightforward, without having to click outside the text field.
• The “Focus on Rules Affecting Process” action now correctly activates the “Active Rules” quick filter.

Connection Alert

• Mouse clicks in the segmented control of the connection alert are now more reliably recognized.

Menu & UI

• The “Keep Above Other Windows” / “Keep Window in Front” menu items have been renamed to “Float on Top” for consistency across Little Snitch and Little Snitch Mini.
• Menu items in the Network Monitor menu bar have been reorganized.
• Connection list expansion states are now cached for 5 minutes after a connection disappears from the list, so re-appearing connections restore their previous expand/collapse state.
• Badge counts in the rules window are now correctly recalculated when a filter is selected.
• The “Lock Configuration” command can now also be invoked with the Command-L keyboard shortcut.
• Toolbar popovers (unlocking the configuration or enabling the network filter) can now be confirmed with the Return key.

Performance

• Improved performance when filtering and sorting large blocklists.

Bug Fixes

• The “Ghostty” terminal application is now correctly recognized by its new bundle identifier.
• Fixed a crash that could occur when setting a license key inside a virtual machine.
• Fixed a bug in the network filter’s internal resource management that could cause connection handling issues.
• Fixed a bug where TLS ClientHello data that was split across multiple QUIC initial packets was not correctly reassembled, which could prevent determining the server's hostname for some connections, showing only the IP address instead.
• Items in the map context menu were incorrectly disabled.
• Fixed a bug where icons were missing in column headers of the rule list.
• Fixed incorrect localization of button labels in the code signature issue alert in Network Monitor.
• Fixed a bug where app icons were not updated in the connection list when changing the icon appearance or switching between light and dark mode.
• Fixed incorrect coloring of map connection lines when the system appearance (dark/light mode) did change.