v0.9.7 Beta – SSH Reachability, Hardening Reports & Rolling Update Timeouts

🛠️ SSH Reachability Overhaul

• Corosync-on-separate-VLAN fix — _get_node_ip() no longer hands out the corosync ring IP for SSH operations when the cluster network is on a dedicated VLAN. Reachability is now probed on the actual SSH port (not 8006, which Proxmox listens on everywhere), and cluster/status quick path is filtered against the primary management network so corosync IPs can't leak through (#324).
• Single-node cluster-creds — the WebSocket SSH shell now requests only the node it needs via ?node=<name> instead of resolving the entire cluster. Resolution capped at 3 probes to stay under the WS 10s timeout.
• Safer host fallback — _get_node_ip() only falls back to the connected host when the requested node actually matches it, so multi-node clusters can't accidentally SSH into the wrong box.
• All node-SSH endpoints (SMBIOS, custom scripts, get_node_ip_api) now use the consolidated resolver and surface a clean error instead of silently acting on mgr.host when resolution fails.

Thanks to @remipcomaite for the original investigation and PR (#324).

🛡️ Node Hardening Reports

• PDF / PNG export — the Harden PVE Node page now has PDF and PNG buttons next to "Apply Selected". The PDF includes a stats block (controls active / not applied / selected), one table per source (CIS / Lynis / STIG / PegaProx) with ref + title + status + PVE impact, and — when verbose audit mode was on during the scan — a full audit evidence table with check commands and actual state.
• Verbose audit output is now fully translated (Show audit details / Hide audit details / Check command / Actual state) across DE / EN / FR / ES / PT / KO.

🔄 Rolling Updates

• Reboot / Online Timeout now exposed in the UI (#328) — next to the existing Evacuation Timeout. Defaults to 10 min, presets up to 2h. Extend it for Ceph OSD hosts or nodes with many disks that take longer to come back. When exceeded, the rolling update pauses with a clear reboot_timeout reason so you can inspect manually and continue.

📊 CVE Scanner

• No more misleading green 0s — when every node fails the scan (e.g. SSH unreachable), the summary now shows a grey dash — with a red "X failed" count instead of pretending everything is clean.
• Breathing room in Corporate layout — stat cards are taller, gap is wider, number-to-label spacing increased. The section no longer looks cramped against the dense corporate grid.

🎨 Corporate Layout & UI

• Standalone-node badge (#326) — single-node clusters no longer show the red "Quorum verloren" badge in the dashboard services bar. Instead a neutral blue Standalone badge, matching the Datacenter status tile.
• KSM Sharing visible in Node Summary — always shown now, matches native PVE UI. 0 B in grey when inactive, actual size in purple when KSM is deduplicating under memory pressure.

🐛 Bug Fixes

• Disk Create modal (#323) — native <select> dropdowns in fixed-position modals no longer dismiss the modal when you click an option. Switched backdrop to onMouseDown + currentTarget check.

💎 Sponsors

Massive thanks to our Platinum Sponsor 🏆 netwolk GmbH — your support keeps this project going and directly funds ongoing PegaProx development.

Interested in sponsoring? → pegaprox.com/#sponsor | sponsor@pegaprox.com | opencollective.com/pegaprox

💬 Community

Join the Discord: https://discord.gg/AJPf3H62QW

---

Full Changelog: v0.9.6.1...v0.9.7

v0.9.6.1 Beta – PBS Updates, VM Wizard, OIDC & UX Fixes

✨ New Features

• PBS Update Manager — Check available APT updates on Proxmox Backup Servers directly from the cluster Update Manager. PBS servers are now included in the cluster-wide update check with expandable package lists (#240).
• 24h/12h Time Format — User-configurable time format toggle in My Profile → Appearance. Applies across all date/time displays in the dashboard (#215).
• Searchable ISO Dropdown — ISO image selector in the VM creation wizard now includes a search/filter input for environments with many ISOs (#305).
• Email-Style Usernames — Users can now log in with email addresses (e.g. `user@company.com`) as usernames (#228).

🔧 VM Creation Wizard

• Disk format dropdown now filters by storage type — ZFS, LVM, and RBD only show "Raw", file-based storage shows all formats (#307)
• Ubuntu 24.04 LTS quick template now correctly sets `virtio-scsi-single` controller to avoid IOThread warnings (#306)
• Tab validation prevents advancing without a VM name — shows inline error instead of cryptic API error (#304)
• Missing "Back" button translation added to all 6 languages (#302)

🎨 Corporate Layout & UI

• Fixed gray-on-gray text in advanced CPU, RAM, and network settings within the VM wizard (#303)
• Global search results dropdown now has a visible background and accent border in Corporate Dark mode (#308)
• KSM (Kernel Same-page Merging) sharing data now displayed in node details (#298)
• Collapsible node trees in Corporate Layout sidebar with persistence (#299)
• Light theme removed from Modern Layout — Corporate Layout retains its own light/dark toggle
• Theme auto-resets to Corporate Dark/Light when switching layouts

🛡️ Security & Auth

• OIDC multi-group role mapping now picks the highest role (admin > user > viewer) instead of the last matched group (#293)

🐛 Bug Fixes

• ESXi migration pre-flight check verifies `qemu-img`, `qemu-nbd`, `sshfs`, `sshpass` availability before starting. Fails early with install hints instead of generic errors (#311)
• PBS namespace selector properly wired up with state + onChange (#301)
• LXC container IP display with cloud-init and DHCP fallback (#300)

💎 Sponsors

Proud to have netwolk GmbH as our Platinum Sponsor 🏆 — their support directly fuels PegaProx development. Thank you!

Interested in sponsoring? → pegaprox.com/#sponsor | sponsor@pegaprox.com

💬 Community

Join the Discord: https://discord.gg/AJPf3H62QW

---

Full Changelog: v0.9.6...v0.9.6.1

v0.9.6 Beta – Predictive LB, ESXi Wizard, ISO Sync & Security

✨ New Features

• Predictive Load Balancing — Trend-based VM migration that acts before nodes become overloaded, similar to VMware DRS. Includes configurable score weights (CPU/RAM/IO) and a CPU compatibility mode with cluster baseline enforcement.
• ESXi Migration Wizard — Completely redesigned 3-step wizard (Target → Hardware → Advanced) with 28 configurable options. Auto-detects firmware, SCSI controller, NIC model, CPU topology, Secure Boot, and TPM from the source ESXi VM. Fixes disk attachment, BIOS/OVMF handling, and sets VGA to vmware for immediate display compatibility (#222).
• ISO/Template Sync — Distribute ISOs and CT templates across all cluster nodes via SCP/SFTP. Designed for iSCSI-only setups where file-level storage isn't shared. Includes a sync matrix view and auto-sync toggle.
• Push Notifications Plugin — Send alerts via Ntfy (self-hosted or cloud) and optionally through Apprise for 80+ services including Slack, Discord, Telegram, and Gotify (#213).
• Professional PDF Export — Reports, CVE scans, syslog events, and topology diagrams now export as properly styled PDFs with PegaProx branding via jsPDF.
• User Folders — Organize users into folders in the User Management panel with color-coded badges and folder-based filtering. Pagination at 15 users per page.

🔧 Client Portal & Status Page

• Client Portal: ISO mount/unmount for customers, Force Stop with warning, Ctrl+Alt+Del button in console, OIDC/LDAP login support, dashboard overview with resource totals, VM search/filter, larger console modal, light theme toggle
• Status Page: Incident timeline with severity badges, 90-day uptime tracking bar, scheduled maintenance banner, component-level status, embeddable SVG status badge

🎨 UI & Corporate Layout

• Syslog viewer redesigned with severity quick-stats, compact filter bar, facility names, and color-coded protocol badges
• Corporate Layout light mode fully polished with ~90 CSS overrides covering all components
• Fixed icon/text alignment in corporate tabs and subnav menus (#289, #290)
• Collapsible Score Weights and CPU Baseline sections in cluster settings
• Search icon positioning fixed across all corporate layout search bars
• VMID hidden from portal customers — shows "VM" / "Container" instead

🛡️ Security

• TOTP verification window tightened
• Rate limiting on password verification endpoint
• Session IP change detection and logging
• Absolute session timeout reduced (12h regular / 7d remember-me)
• XSS: DOMPurify fallback now renders escaped plaintext instead of regex-filtered HTML
• Apprise SSRF blocklist prevents requests to localhost and private networks
• ISO mount path traversal prevention
• VNC ticket removed from DOM attributes
• Portal session moved from localStorage to sessionStorage
• Plugin load events logged to audit trail

🐛 Bug Fixes

• Cross-cluster replication now works on ZFS, LVM, and iSCSI storage (#192)
• Cross-cluster migrate bridge mapping format corrected (#274)
• XCP-ng migration with Ceph RBD uses qemu-img instead of dd (#272)
• Rolling update no longer migrates VMs to a node mid-shutdown (#276)
• CT wizard now includes keyctl and fuse feature toggles for Docker-in-LXC (#278)
• Compliance HTTPS check respects reverse proxy mode (#281)
• NVMe SMART data retrieval fixed (#288)
• Datastore page no longer blocked by offline storage (#292)
• OIDC users can now re-configure clusters without password prompt (#294)
• OIDC login button visible after logout without page refresh (#295)
• Generic SSO icon shown instead of Microsoft logo for non-Microsoft providers (#295)
• Backup directory path in update.sh is now absolute (#253)
• DNS resolution cached at connect time — eliminates excessive DNS queries (#279)
• Syslog database schema improved with FTS5 full-text search and composite indexes (PR #287, @gyptazy)
• Translation gaps fixed across all 6 languages (PR #275, @newtscamander2)

💎 Sponsors

We're excited to welcome netwolk GmbH as our first Platinum Sponsor! Their support directly helps us dedicate more time to PegaProx development. Thank you! 🙏

Interested in sponsoring? → pegaprox.com/#sponsor | sponsor@pegaprox.com

💬 Community Discord by @gyptazy

Join the Discord: https://discord.gg/AJPf3H62QW

---

Full Changelog: v0.9.5...v0.9.6

v0.9.5 Beta – Client Portal, Public Status Page & Security

✨ New Features

• Client Portal Plugin — Self-service portal for hosting customers at /portal. VM dashboard with power actions, embedded noVNC console, snapshot management (create/revert/delete), 2FA self-service, and password change. Hosters configure allowed actions, branding, and snapshot limits via config.json. Portal-only users are restricted to /portal login only.
• Public Status Page Plugin — Cluster health dashboard for monitoring screens at /status?key=xxx (#126). Shows node health, VM counts, storage usage with auto-refresh. No login required — uses URL auth key.
• Integrated Syslog Server — Receives syslog messages via UDP/TCP on port 1514. Log viewer with filtering, search, severity coloring, and pagination in the dashboard Syslog tab. (Originally contributed by @gyptazy , PR #257, rewritten for gevent compatibility.)
• External ACME CA Support — Custom ACME directory URLs for CAs like StepCA (#249). (PR #258 | @gyptazy )
• Plugin Config Editor — Edit plugin config.json directly from Settings → Plugins with JSON validation and formatting

🎨 UI Improvements

• Markdown VM descriptions with Edit/Preview toggle *(PR #263, @newtscamander2 ) *
• Inline tag selector with existing Proxmox tag dropdown + format validation (PR #263)
• Node and tag filter dropdowns in Resource Management (PR #263)
• DNS name validation before API call with translated error messages (PR #263)
• Tags displayed in compact/card view (max 2 pills + overflow count)
• VNC console + portal actions visible in admin task bar with username attribution
• List view table compacted — IP column removed in modern layout, RAM/disk shows percentage only

🛡️ Security Hardening

• Timing-safe auth key comparison for status page (prevents brute-force via timing analysis)
• TOTP rate limit tightened: 3 attempts per 2 minutes (was 5/5min)
• Absolute session timeout: 24h max regardless of activity
• Admin password change now revokes all sessions (no exceptions)
• Plugin config path traversal prevention with resolve() check
• File upload magic byte validation (PNG/JPEG/WebP header check)
• API token permission escalation fix (custom roles + explicit admin check)
• Plugin trust warnings for non-PegaProx authors
• DB encryption key file permissions enforced on startup
• SSL verification warning logged per cluster

🐛 Bug Fixes

• setReconfigureCluster prop missing in sidebar — reconfigure button now works (PR #261, @newtscamander2 )
• OIDC skip_jwt_verification not persisted across sessions (#188)
• Portal-only users could access main dashboard via direct URL navigation
• Client Portal: Tailwind CDN replaced with local CSS for offline/air-gapped environments

📋 Updating

Use the built-in web updater in Settings → Updates, or manually:

cd /opt/PegaProx
curl -O https://raw.githubusercontent.com/PegaProx/project-pegaprox/refs/heads/main/update.sh
chmod +x update.sh && sudo bash update.sh

Or pull the latest Docker image.

v0.9.4.1

🛡️ Bug Fixes

• ESXi Migration: Datastore auto-detection via pyvmomi — fixes VSAN, restricted shells, datastore name issues (#222)
• ESXi Migration: pvesm path validation — prevents disk writes to wrong location (#251, #244)
• ESXi Migration: TMPDIR redirected to target storage instead of local root partition
• Replication Jobs: Fixed get_cluster_resources AttributeError when creating jobs (#241)
• Cross-Cluster Replication: Real Proxmox error messages instead of generic "timed out" (#192)
• Cross-Cluster Replication: Storage mapping now includes EFI disk and TPM state
• SSL Verification: Uses system CA store — custom/internal CAs now work (#246)
• Reverse Proxy: SSH WebSocket route mismatch fixed (/shellws) (#221)
• VNC Console: noVNC load timeout race condition fixed + auto-reconnect (max 3 retries)
• Site Recovery: Network mapping uses full bridge mapping instead of first value only
• LDAP/OIDC: Password form replaced with provider info message (#164)

⚡ Improvements

• Cross-Cluster Migration: Per-NIC bridge mapping — each NIC gets its own target bridge (#242)
• Cross-Cluster Migration: Per-storage mapping — EFI, TPM, and multi-disk VMs can target different storages
• RBAC: Users with VM ACLs can now see their assigned VMs without needing cluster.view (#248)

📋 Updating

Use the built-in web updater in Settings → Updates, or manually:

cd /opt/PegaProx
curl -O https://raw.githubusercontent.com/PegaProx/project-pegaprox/refs/heads/main/update.sh
chmod +x update.sh && sudo bash update.sh

Or pull the latest Docker image.

v0.9.4 Beta

🌐 Network View

New sidebar view in the Corporate Layout — see all bridges and SDN VNets across your cluster, grouped by node, with connected VMs listed per bridge.

🎨 Corporate Light Mode

Extensive light mode improvements for the Corporate Layout. Charts, tooltips, sidebar, modals, and all corporate components now properly adapt to the light theme.

🔧 Bug Fixes

• Cross-cluster replication now uses correct PVE storage mapping format (#192)
• Site Recovery plans no longer get stuck in 'running' after a crash or restart (#238)
• Container migration with multiple mount points / local disks now maps all storages correctly
• Guest agent no longer spams Proxmox logs when QEMU agent is disabled (#237)
• Background image upload behind reverse proxy works again (#210)
• Topology diagram no longer jumps around from live metric updates
• PBS filtering in topology now only shows PBS servers linked to the cluster (#142)
• Datastore usage sidebar and tab now always show the same values (#201)
• Fixed node card expand chevron not rotating in Corporate Layout
• Fixed node shell text spacing in Corporate Layout

🔐 Security

• Hardened file upload validation (path traversal, null bytes)
• Added field whitelist to prevent SQL injection in cluster updates
• Reduced information exposure in API error responses
• Fixed 5 undefined permission references across endpoints

🌍 Community

• proxmox-ha plugin for HA resource management by @yairmiz (PR #226)
• Spanish translations update by @ColombianJoker (PR #234)
• Language picker dropdown for Corporate Layout by @gyptazy (PR #236)
• Upload a Profile Picture now under My Profile by @gyptazy (PR #232)
• Custom reverse proxy bind address (#212)
• OIDC JWT verification can now be disabled for broken JWKS environments

📋 Updating

Use the built-in web updater in Settings → Updates, or manually:

cd /opt/PegaProx
curl -O https://raw.githubusercontent.com/PegaProx/project-pegaprox/refs/heads/main/update.sh
chmod +x update.sh && sudo bash update.sh

v0.9.3.1 – Security Fix & Stability

🔒 Security Fix

• CRITICAL: User account wipe on restart — OIDC/LDAP/Entra ID users triggered legacy migration that wiped all accounts and reset to default admin password on every container restart (#224)

🛡️ Stability

• Site Recovery failover crash handler — background tasks that crash no longer leave plans stuck in 'running' status forever. Errors are caught, logged, and status set to 'failed' (#225)
• CVE Scanner on PVE 9 (Trixie) — improved suite detection with bookworm fallback for mixed PVE 8/9 clusters

📋 Updating

Use the built-in web updater in Settings → Updates, or manually:

cd /opt/PegaProx
curl -O https://raw.githubusercontent.com/PegaProx/project-pegaprox/refs/heads/main/update.sh
chmod +x update.sh && sudo bash update.sh

v0.9.3 – Plugin System, Balancing Tolerance & Bug Fixes

🔌 Plugin System

• Auto-Discovery — Drop plugin folders into plugins/, PegaProx detects them automatically
• Runtime Loading — Enable/disable plugins without server restart via Settings → Server → Plugins
• Plugin API — Plugins register route handlers via register_plugin_route(), accessed through catch-all proxy
• Security Disclaimer — Warning banner reminding admins to review plugin code before enabling
• Rescan & Delete — Scan for new plugins and remove installed ones from the UI

⚖️ Balancing Tolerance / Hysteresis

• Migration Tolerance — New deadband parameter (0–20) prevents VMs from ping-ponging between nodes
• VM Cooldown — 15-minute cooldown after migration, same VM can't be picked again immediately
• Storage Cluster Tolerance — Per-storage-cluster deadband for storage balancing
• Pool Exclusion — Exclude entire Proxmox pools from auto-balancing (like VM/node exclusion)

🛡️ Bug Fixes

• Cross-cluster replication clone storage fix (#192)
• CVE scanner / SMBIOS SSH fixes for failover & offline nodes (#199, #198)
• PBS VM backups not showing on linked PBS (#143)
• Login background upload 403 behind reverse proxy (#210)
• Rolling update log vanishing + wrong node count (#179, #180)
• Ceph panel on PVE 9 + Ceph Squid compatibility (#191)
• OIDC PKCE support for Authentik (#188)
• Custom role editing + name persistence (#167)
• Corporate overview Cluster Storage now includes local datastores
• Reverse proxy VNC/SSH WebSocket port reuse (PR #173)
• Various: migration WARNINGS status, support bundle OOM, nginx.conf patterns

⚡ Improvements

• CVE Scanner PNG + PDF export
• Backup schedule editing (#207)
• Custom role edit UI with permission checkboxes
• Site recovery: 8 missing audit log operations added
• VNC cert hints hidden when reverse proxy is active
• Updated nginx.conf example with correct WebSocket URL patterns

👥 Contributors

• @aderumier — Reverse proxy WebSocket port reuse
• @wakbijok — CVE scanner failover + SMBIOS offline node fixes
• @WaellerKlaus — Ceph PVE 9 compatibility report

📋 Updating

Use the built-in web updater in Settings → Updates, or manually:

cd /opt/PegaProx
curl -O https://raw.githubusercontent.com/PegaProx/project-pegaprox/refs/heads/main/update.sh
chmod +x update.sh && sudo bash update.sh

PegaProx v0.9.2.2

What's Changed

Bug Fixes

• Sponsor section now visible in both Corporate and Modern Layout (was hidden in Corporate)

Notes

This is a hotfix release on top of v0.9.2.1 which contained 20 bug fixes and features. See that release for the full changelog.

Full Changelog: v0.9.2.1...v0.9.2.2

PegaProx v0.9.2.1 — Bug Fix Release

What's Changed

Bug Fixes

• Cross-cluster replication — clone API used wrong parameter name (target instead of storage), causing "no such cluster node" errors (#192)
• Docker CVE Scanner & Hardening — openssh-client + sshpass missing in Docker image (#175)
• ESXi migration wrong IP — SSHFS mount used wrong node IP on multi-homed Proxmox nodes with dedicated storage NICs (#132)
• PBS backup snapshots — large datastores timed out; now filtered server-side by backup group (#143)
• VM backups tab — infinite loading spinner when switching to backups tab (#143)
• Placeholder contrast — improved readability on dark/green backgrounds in OIDC/LDAP settings (#170)
• Upgrade crash — site_recovery.py and esxi_cluster.py missing from incremental update file list (#172)
• Rolling update log — phase name corrected to apt_dist_upgrade (#178)
• Support ZIP — now includes per-cluster logs with password/token/IP redaction (#182)
• Rolling update status — auto-refresh pending update counts after completion (#183)
• Migration false failure — accept WARNINGS exit status as success (#184)
• Top Resources navigation — clicking a VM now opens VM detail view instead of the host (#190)
• CDN SRI hash — pinned React 18.3.1, Babel 7.29.2, Chart.js 4.5.1 to prevent hash mismatches (#206)
• Auto-failover toggle — fixed CSS rendering in site recovery settings
• Login background validation — client-side file size check before upload (PR #195)
• Sponsor image 404s — skip image load for empty sponsor slots (PR #203)
• Site recovery audit — added logging for 8 missing operations (plan update, VM CRUD, cancel, cleanup)

New Features

• French translations — 2680+ keys by @IMNotMax (PR #186)
• @IMNotMax added to About credits
• Topology snapshot freeze — prevents SSE metric updates from causing constant re-layout in Corporate Layout

Contributors

• @IMNotMax — French translations 🇫🇷
• @newtscamander2 — Login background validation, sponsor image fix

Full Changelog: v0.9.2...v0.9.2.1