github PegaProx/project-pegaprox v0.9.14
v0.9.14 — StarWind shared storage, ProxLB tags + more

3 hours ago

v0.9.14 — StarWind shared storage, ProxLB-tag placement, and a batch of features, fixes & performance work

✨ Features

  • StarWind VSAN LVM (starlvm) storage — PegaProx now recognises, creates, edits and rescans StarWind's starlvm type as first-class shared block storage, with thin-provisioned snapshots on a shared LUN. A one-click installer deploys the StarWind SAN plugin across your cluster nodes over SSH (signed apt source, admin-gated). → Docs
  • ProxLB VM tags drive placement (#426) — an opt-in, per-cluster option that derives affinity / anti-affinity / ignore / pin rules from ProxLB-style VM tags (plb_affinity_*, plb_anti_affinity_*, plb_ignore, plb_pin_<node>), feeding the existing balancer.
  • Extra CPU Flags editor (#410) — a tri-state (+enabled / −disabled / default) toggle panel in the VM Hardware tab for the standard Proxmox CPU flag set.
  • Site Recovery — Test Failover NIC isolation (#413) — test-failover clones can be brought up with every NIC disconnected so a DR test can't collide with production IPs; planned / failback now fails fast with clear guidance when the target VMID is already replication-seeded.
  • Client Portal self-service containers (#556) — portal users can create LXC containers within their tenant quota, from an admin-curated template / target set.
  • Ceph metrics in the Prometheus exporter (#540)pegaprox_ceph_health_status, pegaprox_ceph_osd_up, pegaprox_ceph_osd_in.
  • French compliance frameworks — Diffusion Restreinte (II 901) and RGS, both mapped to the ANSSI-BP-028 control set.
  • ESXi migration wizard — a non-root ESXi SSH user (#602) and a VLAN tag on the target NIC (#598).
  • LXC OS type + IP are now shown in the VM detail views (#560).

🐛 Fixes

  • Single-node maintenance no longer hangs ~5 minutes when there is no other node to evacuate to.
  • The datastore browser no longer shows 0 bytes for a disk whose VM lives on another node (shared/SAN storage).
  • The task bar attributes a VNC console session to the PegaProx user who opened it; blank Windows console previews get an RFB frame-grab fallback.
  • Cross-cluster Site-Recovery failover maps source→target storage correctly (it previously fell back to the default target storage on every run).
  • Offline / air-gapped browsers auto-latch and no longer route cluster API calls through an ambient proxy; the update check no longer spins.

🔒 Security & hardening

  • The VMs-backup-status endpoint is now scoped to the caller (cluster access + per-VM ACL) — closes a read BOLA.
  • The Site-Recovery pre-flight sanitises the plan VM name before it reaches any log line (CWE-117 log-injection). A pre-release Aikido security scan came back clean.

⚡ Performance

  • Real-time SSE broadcasts are de-duplicated, the heavy poll aggregates gained short-TTL caches, datacenter/status is parallelised, and the unused 3 MB @babel/standalone bundle was dropped from production — the WebUI is noticeably snappier at scale.

Full documentation: https://docs.pegaprox.com

❤️ Sponsors

PegaProx lives entirely from sponsorships and donations. Huge thanks to our sponsors — and especially our 💎 Platinum partners:

Want to support PegaProx? Become a sponsor. Every euro keeps the lights on. 💛

Don't miss a new project-pegaprox release

NewReleases is sending notifications on new releases.