github Corsinvest/cv4pve-admin v2.1.0
on GitHub

5 hours ago

Community Edition

Added

  • Built-in system user. A locked-out, no-password user is now created on first boot and shown in the users list with the Built-in flag. It is the identity used by scheduled jobs and other non-interactive workflows (cron snapshots, retention cleanups, workflow timers), so the audit trail records who actually did what even when no person is logged in. It cannot be deleted, modified or used to sign in.

  • Scheduled job identity. Any background job started from the web UI now runs as the user who clicked the button — manual Snapshot now, Run scan now, Cleanup retention and so on are recorded against your account, not as anonymous. Cron-driven jobs run as the new system user.

  • Module Overview pages. Every module landing page now opens with the existing three-column intro plus a small dashboard built from the module's own widgets — no more Overview tabs that only show decorative text. Modules that have nothing meaningful to show as widgets (e.g. Resources) keep the textual overview as before.

  • Status badges. The Tasks page status column now shows a coloured pill with an icon (Running / Completed / Failed / Cancelled / Abandoned), matching the level badges already used on the (EE) Logs page.

  • adminctl self-update command refreshes your local adminctl script and the docker-compose YAML to match a chosen release without touching your data or .env configuration. By default it bumps to the latest release; you can also target a specific version. Existing files are backed up under _backup/<timestamp>/ before being overwritten.

  • Diagnostic

    • PDF and Excel reports are now available in the free edition (used to be Enterprise-only). The PDF lists every issue colour-coded by severity and a separate section with the issues you have chosen to ignore. The Excel workbook opens on a cover sheet and the data sheet has the autofilter already on.
    • Compliance mapping. Every check is tagged with the controls it covers across ISO/IEC 27001, EU NIS2, EU DORA and PCI DSS v4.0. The scan details now have a Compliance tab that groups findings by standard and control; the mapping is saved with the scan, so older reports stay consistent.
    • Audit mode: a new switch makes each passing check appear as a Pass result — handy when you have to prove that a control was actually verified, not only when it failed.
    • Attach PDF / Excel toggles in the notifier settings.
    • New checks: ZFS pool detail, LVM-thin metadata, S.M.A.R.T. temperature and SSD wearout thresholds, PSI Pressure thresholds (CPU / I/O / Memory), snapshot age and backup recency (RPO).
    • Each issue links straight to the relevant Proxmox VE documentation page (QEMU guest agent, VirtIO drivers, end-of-life OS).
    • The Download button on the Scans page is a split-button: one click for the PDF (default), use the arrow to pick the Excel.

  • Updater

    • PDF and Excel reports in the free edition. The PDF lists every VM/CT and the status of its update scan; if some hosts failed the scan they get their own Errors page.
    • Parallel scan with a configurable Max Parallel Requests (1–50). A single host failing no longer stops the whole scan: the error is recorded against that host and the rest of the run continues.
    • Clicking Scan now starts the job immediately (the previous 5-second delay is gone).

  • System Report

    • Three output formats: Excel (the existing one), HTML (a single browseable page with a table of contents and cross-section links) and JSON (machine-readable, with raw values and clean slugs).
    • One zip file as result, whatever the format: the zip contains the report itself plus the SVG network diagram.
    • The chosen format is saved with the report — opening an old report from the list reminds you how it was generated.
    • Read-only mode for the report dialog.
    • The page is now called Reports in the side menu (was Scans).

  • AutoSnap

    • Max Parallel option per job (1–10) so snapshots within the same run can execute in parallel.

  • AI Server

    • New MCP tools: list/download/delete ISO images, list templates, delete backups, delete arbitrary storage content, read cluster defaults (migration, bandwidth, HA, console).

  • Metrics Exporter

    • Per-cluster configuration (used to be global): each cluster has its own on/off, its own collectors and its own cache windows.
    • Master Enabled switch, plus per-exporter and per-collector switches with editable cache seconds.
    • Fast / Standard / Full preset buttons to apply common configurations in one click.

  • Node Protect

    • Folder backup runs now appear in System → Tasks alongside AutoSnap, System Report and Diagnostic, with a clickable deep link and per-node summary lines.
    • Updated default Paths to backup: dropped wildcard entries that didn't expand correctly when quoted, added /var/spool/cron/crontabs so per-user cron jobs are picked up.

  • Resources

    • Three new pages in the side menu: Networks, Disks and Partitions, each with its own filters, grouping and card / list view switcher.
    • Networks has four tabs: Nodes (per-node bridges and bonds), Guests (per-VM virtual NICs), SDN (virtual networks) and Diagram (downloadable SVG topology view).
    • Disks lists the physical disks across the cluster with disk Kind (HDD / SSD / NVMe), model, serial, health and S.M.A.R.T. summary, with a drill-down per disk.
    • Partitions shows the partition / mount table per node.
    • Snapshots has a new Trends tab next to the snapshot list.
    • Storages reorganised into tabs: Configuration, Storages, Usage (with sub-tabs By Storage and By VMs).
    • VMs page renamed to Guests (it has always included LXC containers, the name now reflects the content).
    • Card view alongside the list view: every Guest / Node / Storage gets a card with status and key metrics. Toolbar with type / status / tag toggles, search and grouping.
    • Unified Health Score indicator: shows N/A when no data is available, with a tooltip explaining why.
    • Guest cards and lists show the operating system icon with a tooltip.

  • System

    • The Tasks page has a search box in the toolbar that filters across Title, Cluster, Module, Phase, Created by and Last log.
    • The Active Tasks menu auto-clears the badge for failed / abandoned tasks once you have opened the panel.
    • New user activation flow: when an admin creates a user from the UI the new user receives an activation email with a password-reset link, instead of being created without a password.
    • User unlock command added to the CLI.
    • Maintenance: Compact (full) — new button that reclaims disk space after big cleanups. The action is opt-in only, asks for explicit confirmation, and is not run by Fix All.
    • Help bundled with the app — the user documentation is now included in the container and served locally.

  • Command palette

    • The ip: filter now shows one IPv4 badge per VM (IPv6 and loopback addresses filtered out).

Changed

  • Issue cards on the AutoSnap, Backup Analytics, Replication Analytics, Diagnostic and Resources widgets. The old "thumb up / thumb down + bullet list" has been redesigned: when everything is fine you see a green thumb up, when there are issues a red thumb down with a number, and when the module is not configured a neutral icon with an explanatory message. Hovering the number opens a compact list of the failing items; each row is clickable and takes you straight to the relevant detail page. With many rows the list scrolls inside itself instead of growing without bound.

  • Diagnostic issue labels. The items on the Diagnostic widget used to be shown as internal paths that were hard to read. They now read VM 100 on cc01 (cluster), Node cc01 (cluster), Storage ssd-pool (cluster) and so on.

  • Diagnostic settings screen redesigned with one accordion per area (Node, QEMU, LXC, Storage, Snapshot, Backup, CVE) and per-context thresholds clearly grouped.

  • Diagnostic CVE checks now look up Proxmox VE specific CVEs in NVD using a CPE filter — wider coverage than the previous Debian-only tracker.

  • Resources list view has been redesigned alongside the new card view (filters, grouping and search work consistently across both).

  • Task Tracking Active Tasks panel and menu refresh row-by-row instead of reloading the whole grid, so the UI no longer flickers when tasks update.

Fixed

  • Built-in role permissions on existing installations. Older databases were seeded with a flag that prevented built-in admin roles from matching specific resources (single VM, single node). The check appeared to succeed in role lists but silently denied the actual action — most visibly on scheduled AutoSnap deletes. The flag is now correctly set on fresh installs, and existing installations are realigned automatically on first boot.

  • Postgres log sink. A typo in the column configuration was preventing the database log sink from writing any row — the file log kept working, so the issue went unnoticed. Database logging is now restored, and any future sink failure is surfaced on standard error instead of being swallowed.

  • PVE command result on permission denied / unauthorized / failure. A regression in the result object construction caused an internal error to bubble up to the UI instead of the expected Operation not permitted / Authentication required message.

  • Backup Analytics scan. The scan aborted in the middle when at least one vzdump task in the run had failed (e.g. a VM locked by a snapshot). The failed task is now imported correctly together with the successful ones.

  • KPI cards in the Snapshot Statistics and Insights widget kept stacking vertically even on large screens. They now stay horizontal as soon as there is room for them.

  • Resources → Snapshots and other grouped grids (AutoSnap status, BackupAnalytics, ReplicationAnalytics, Node Protect folders, Node storage contents): when grouping by more than one column the outer headers used to show only the group key and count. They now correctly aggregate totals (sizes, CPU and disk usage) from every nested level.

  • Diagnostic Excel export no longer fails on scans where every issue is ignored. PDF reports wrap long text inside every cell instead of running off the right edge of the page.

  • System

    • Cluster names with spaces no longer break navigation between module pages.
    • Validation messages inside edit dialogs are shown again.
    • Pages with many permission checks load fast, even on installations with many admin roles.
    • The "New Cluster" form no longer refuses the first submit because of a PveName is required error.
    • Release notes dialog shows only the current version, not earlier release candidates.
    • QEMU agent network cache refresh dropped from 30 to 15 minutes, so freshly attached NICs appear faster.
    • Maintenance: Reindex and Optimize no longer touch other modules' data. They used to run on the whole database once per installed module — so on an installation with sixteen modules each action ran sixteen times over everything. Now they run once per module, on that module's data only.

  • Notifier: SMTP and WebHook editors refresh correctly when you pick a different notifier from the list.

  • Docker: the container health check no longer marks the running container as unhealthy on every probe.

Compatibility note

  • The default Apprise endpoint in the notifier settings changed from http://localhost:8000 to http://apprise:8000 to match the docker-compose service name. Existing notifiers keep the value you saved; new notifiers will use the new default.

Internal

  • The background job system now uses a real PostgreSQL queue again (it had quietly fallen back to in-memory storage because of a conflicting registration from the workflow engine). Jobs survive process restarts, retries are durable, and the Hangfire dashboard shows real history.

Enterprise Edition

Added

  • System / Logs new native Logs page (replaces the Serilog UI integration) with server-side filtering by level, message and source, a stacked column chart of the last 30 days grouped by level, and a row-expansion for heavy fields (message template, exception, raw log event JSON) so the page stays fluid even on tables with millions of records.

  • Audit Logs Success column now uses a coloured pill badge (Success / Failed).

  • Diagnostic — Compliance report

    • The PDF gains one section per standard (ISO 27001, NIS2, DORA, PCI DSS). Every section starts on a new page with a short disclaimer, a summary table and a per-control detail block.
    • The Excel workbook gains one Compliance - <Standard> sheet per standard.
    • In the scan details page the Compliance tab is a real grid grouped by Standard → Control, with clickable links to the affected resources.
    • Colour coding on Gravity / Status cells is consistent between PDF and Excel.

  • System / Security

    • When an admin creates a new user, a confirmation email is sent automatically. The new user receives an activate your account link instead of being stuck with no password.
    • Audit log detail dialog has a copy-to-clipboard button.

  • Portal

    • Tenant user dialog has a new Display Name field; the previous Admin checkbox is now clearly labelled Tenant Admin. The UserName field only accepts email addresses, and is editable only when creating a new user.
    • Tenants without VMs show a friendly note instead of an empty table.

  • Node Protect / Git

    • Git push runs appear in the task tracker with a clickable link to the Git page, and the task log lines now show remote URL, branch and outcome.

  • Updater

    • The Enterprise PDF builds on top of the new free-edition PDF and still includes the Executive Summary at the top.

  • Workflow

    • New built-in activities to query the cluster (replications, guest config, guests, RRD data) and pickers for HA groups, node names, storage names and VM ids.

Changed

  • Notifications updated. Microsoft Teams is no longer supported; ntfy.sh users may need to update their URL.

Fixed

  • Background job permissions. AutoSnap retention deletions and other scheduled jobs were failing with Permission denied because the job was running as anonymous. They now run as the system user with full admin rights and complete successfully.

  • Audit log writes. Some audit log entries were silently dropped because the database constraint that links them to the user table was violated when no user could be resolved. The user is now always known (real user from the request, or system for jobs), and entries are written without errors.

  • Login activity in audit logs. Successful and failed login attempts are now recorded with the attempted username (in the Details column), not as anonymous, making it possible to spot brute-force attempts on a specific account.

  • Edit User dialog could fail on first render because of an internal type-visibility issue with the roles pick-list. The dialog opens reliably again.

  • Apprise notifier Render page sometimes failed to load the catalog of available services because Apprise can serve either JSON or HTML on the same URL. We now explicitly ask for JSON and show a clear error if the endpoint replies with something else.

  • Diagnostic / Updater PDF tables wrap long values correctly.

  • Workflow editor no longer fails to start in tenant mode (the live-update channel authenticates correctly).

Website | Docker Hub CE | Docker Hub EE

What's Changed

  • fix: show only current version section in release notes dialog by @franklupo in #256
  • fix: filter non-SemVer Docker Hub tags, increase page size to 100 by @franklupo in #257
  • feat: add user unlock CLI command by @franklupo in #258
  • chore: update install scripts — SPDX header, remove redundant cd step by @franklupo in #259
  • chore: add SPDX license headers to Docker Compose files by @franklupo in #260
  • feat: add GetQemuNetworkAsync/GetVmConfigAsync to CachedData, rename GetWebConsoleUrl by @franklupo in #261
  • fix: null check on group.Data.Items in ResourcesEx and Snapshots by @franklupo in #262
  • fix: snapshot dialog use Disabled instead of ReadOnly, fix CascadingParameter by @franklupo in #263
  • feat: command palette ip: filter - show IPv4 badges per VM by @franklupo in #264
  • chore: add missing translation keys by @franklupo in #265
  • chore: update THIRD-PARTY-NOTICES and package versions by @franklupo in #266
  • feat: AIServer - add storage/ISO/cluster MCP tools by @franklupo in #267
  • fix: GetClusterOptions - use only existing ClusterOptions properties by @franklupo in #268
  • fix: decode URL-encoded cluster name and validate name format by @franklupo in #270
  • fix: propagate EditContext to dynamic dialogs for inline validation by @franklupo in #271
  • chore: update dependencies and adapt to new API renames by @franklupo in #272
  • feat: add dialog refresh mechanism and rename EditContent to EditTemplate by @franklupo in #273
  • feat: update Diagnostic.Api to 2.0.2 and redesign settings UI by @franklupo in #274
  • feat: add card view, SearchTextBox and HealthScore unification by @franklupo in #275
  • feat: improve BackupAnalytics, ReplicationAnalytics and StorageContents by @franklupo in #276
  • feat: extract RrdTimeFrameSelector and RrdConsolidationSelector components by @franklupo in #277
  • feat: add VmJollyField and VmJollyPickerDialog, refactor AutoSnap VM selection by @franklupo in #278
  • feat: refactor task tracking UI — eliminate flickering, live row updates by @franklupo in #279
  • feat: rename ResourcesEx→ResourcesView, add ResourceField component, improve ResourceCards by @franklupo in #280
  • feat: introduce EditDialogMode enum and rename SystemReport Scans to Reports by @franklupo in #281
  • feat: update Diagnostic and SystemReport dialogs for new settings API by @franklupo in #283
  • feat: add ExcelBuilder for structured Excel export with cover page by @franklupo in #284
  • fix: core improvements and minor fixes by @franklupo in #285
  • fix(docker): disable broken healthcheck on cv4pve-admin container (#282) by @franklupo in #286
  • feat: big change — AutoSnap MaxParallel, Api.Extension 9.1.15, command pattern refactor by @franklupo in #288
  • feat(metrics-exporter): rewrite for Metrics.Exporter.Api 2.0.0 (per-cluster config) by @franklupo in #289
  • feat(node-protect): track folder backup in TaskTracker + update default paths by @franklupo in #290
  • feat(system): search-box on Tasks page + UI helper optimizations by @franklupo in #291
  • refactor: remove redundant async/await on single-expression Task methods by @franklupo in #292
  • feat(identity): add email confirmation flow for new users by @franklupo in #293
  • fix: misc improvements — async render, task logs, translations by @franklupo in #294
  • chore: bump dependencies (CE) by @franklupo in #295
  • feat(core): BrowserService.DownloadFileAsync API + minor improvements by @franklupo in #296
  • refactor: use IBrowserService.DownloadFileAsync across modules by @franklupo in #297
  • fix(resources): align with Report 2.3.0 (restores CI build) + SDN tab + Disks Kind column by @franklupo in #298
  • feat(system-report): report format selector + single-file output by @franklupo in #299
  • fix(build): silence the 4 Release-build warnings (CS8604, IDE0063, CS9107×2) by @franklupo in #300
  • chore: dotnet format --severity info pass over the codebase by @franklupo in #301
  • feat(tasks): auto-ack failed tasks on menu open + refine Active filter by @franklupo in #302
  • chore: bump packages by @franklupo in #303
  • refactor(health-score): make Score nullable, drop local extensions by @franklupo in #304
  • feat(diagnostic): real PDF + Excel export in CE, dropdown UI by @franklupo in #305
  • feat(updater): real PDF + Excel export in CE, parallel scan, split-button UI by @franklupo in #306
  • chore: enqueue manual scan jobs immediately, drop 5s delay by @franklupo in #307
  • feat(diagnostic): compliance mapping, bump diag 2.3.2, PDF/Excel toggle by @franklupo in #308
  • chore(core): a few Core fixes by @franklupo in #309
  • Maintenance: per-schema operations + Compact + UI refactor by @franklupo in #310
  • Docker compose: optional fixed project name + bump Apprise to v1.11.0 by @franklupo in #311
  • Diagnostic: CE Compliance placeholder + PDF wrap + clearable inputs by @franklupo in #312
  • Embed user documentation in the container + dual Documentation menu by @franklupo in #313
  • BuildInfo: testing expiration 2 months + cleanup of dead Login scaffolding by @franklupo in #314
  • Docs: restructure Admin Area into sub-pages + help menu inline cloud icon by @franklupo in #315
  • fix(docker): use caronc/apprise:latest tag by @franklupo in #316
  • chore: release 2.1.0-rc1 by @franklupo in #317
  • docs: correct stale wwwroot/help references in build files by @franklupo in #318
  • feat(adminctl): add self-update command by @franklupo in #319
  • refactor(core): centralize cv4pve.{js,css} + HTTP clipboard fallback by @franklupo in #320
  • chore(deps): bump Aspire 13.4.0, pin Postgres 17, Corsinvest API Extension 9.2.1 by @franklupo in #321
  • refactor(core): introduce GridLoader for paginated data grids by @franklupo in #322
  • fix: show group header totals on outer levels of multi-level groupings by @franklupo in #323
  • chore: release 2.1.0-rc2 by @franklupo in #324
  • chore(tasks): stream per-step progression logs to the Tasks page by @franklupo in #325
  • chore: align .editorconfig end_of_line with .gitattributes (lf) by @franklupo in #326
  • chore(autosnap): enqueue manual scan jobs immediately, drop 5s delay by @franklupo in #327
  • feat(security): built-in system user + propagated permission fix + Hangfire user context by @franklupo in #328
  • feat(ui): status badge in Tasks page + cleanup post system-user merge by @franklupo in #329
  • chore: release 2.1.0-rc3 by @franklupo in #330
  • feat(ui): ModuleOverview component + thumb-details widget redesign by @franklupo in #331
  • chore: release 2.1.0-rc4 by @franklupo in #332
  • fix(backup-analytics): convert failed-at timestamp to UTC before saving by @franklupo in #333
  • chore: release 2.1.0-rc5 by @franklupo in #334
  • chore: release 2.1.0 by @franklupo in #335

Full Changelog: v2.0.0...v2.1.0

Check out latest releases or
releases around Corsinvest/cv4pve-admin v2.1.0

Don't miss a new cv4pve-admin release

NewReleases is sending notifications on new releases.

Get notifications