github PegaProx/project-pegaprox v0.9.8.2
v0.9.8.2 Beta – VNC for PVE 9.1.x, AD/LDAP fixes & Audit Report i18n
on GitHub

4 hours ago

🖥️ VNC Console — PVE 9.1.x Compatibility

Proxmox 9.1.8 / 9.1.9 quietly tightened how pveproxy handles the VM-console WebSocket — vncproxy now generates a fresh random VNC password per API call and the WS upgrade is rejected if the Connection header lost its Upgrade token in transit. PegaProx's old code path issued two vncproxy calls per console open (one for the JS-side noVNC password, another inside the WS handler) → on PVE 9.1.x those produced different passwords and the inner RFB DES auth failed silently with the recv=60B SHORT_OR_EMPTY pattern. Closes #352 (and the user-reported follow-up).

  • Single-vncproxy mode: the JS-issued ticket+port now flows through to the WS handler so noVNC's RFB password matches what PVE's vncterm expects. Backwards-compatible fallback for older PVE.
  • Lenient WS opening-handshake: the asyncio websockets server now restores the stripped Upgrade token instead of bouncing the request with a 426 page. Mostly affects PVE-9.1.8+ hosts where PegaProx is co-located, also helps with TLS-inspection / EDR proxies.
  • Optional Stable Mode (AES-256-GCM around RFB frames) for environments where the network mangles binary VNC bytes mid-flight. Browser-side opt-in in User → Preferences → Stable VNC Mode.
  • Optional SSH-tunnel mode (per-cluster vnc_tunnel: true) — routes the PegaProx↔PVE leg through SSH so inspection engines can't decrypt it. Multi-user-safe with one persistent transport per cluster + ephemeral local port per session.
  • HTTPS-polling fallback transport that engages automatically when the WS upgrade is hard-blocked. Same crypto, plain HTTPS POST/GET.

🔐 LDAP / Active Directory

  • Nested-group expansion for AD using LDAP_MATCHING_RULE_IN_CHAIN — Built-in Users / Domain Users style mappings now resolve through nested membership instead of falling back to the default Viewer role (#353). Best-effort: silently ignored on non-AD LDAP.
  • Config backup / restore with AD-mapped accounts: the password-verification step now re-binds against the IdP for users with auth_source=ldap instead of comparing against a non-existent local password hash. Closes #355.

🐛 Bug Fixes

  • Backup task edit (#338): PUT /cluster/backup/{id} now strips read-only fields (next-run, last-run-status, …) and converts dict-shaped fields (prune-backups, fleecing, performance, notification-policy) to PVE's property-string format. Editing a job created in PVE itself no longer fails with Parameter verification failed.
  • Replication "Last sync = Never" (#333): /cluster/replication only returns job definitions; the runtime fields (last_sync, last_try, state, fail_count, duration, error) come from the per-node /nodes/{node}/replication endpoint. PegaProx now merges both so the VM-config tab shows the actual last-run time.
  • Cross-cluster replication target node empty (#320): explicit hint in the Datacenter → Replication → Add dialog that this path only does intra-cluster replication; cross-cluster goes through VM → Configure → Replication → Cross-Cluster.
  • Pool member assignment (#349): "VM is already a pool member" is treated as success (idempotent), real PVE errors surface in the toast instead of the generic Failed to add VM to pool. allow-move=1 is now sent so VMs from another pool can be relocated.
  • Site Recovery readiness (#350): the free-memory check was reading maxmem/mem (fields from /cluster/resources) on a /nodes/X/status response → always 0 → warned <2GB free even on clusters with 13+ GB free. Reads mem_total/mem_used now.
  • Certificate management German strings (#354): (Zertifikat vorhanden) / (Schlüssel vorhanden) placeholders were hardcoded; they leaked into the English UI. Properly wrapped in t() and translated for all six languages.
  • OS-type dropdown alignment with PVE 9.1 (#358): added wvista, w2k8, w2k3, w2k, solaris, and aligned all labels with the wording PVE shows in its own UI (e.g. Linux 2.6 - 6.x Kernel, Microsoft Windows 11/2022/2025).

🌐 Audit Report — Internationalization

The Compliance / Audit Report PDFs were rendering large parts in English on non-English UIs because the cm* control labels and many table headers were missing from translations.js. 524 entries added across DE / EN / FR / ES / PT / IT — the report now renders fully in the user's language.

💎 Sponsors

Massive thanks to our Platinum Sponsor 🏆 netwolk GmbH — your support keeps this project going and directly funds ongoing PegaProx development.

Interested in sponsoring? → pegaprox.com/#sponsor | sponsor@pegaprox.com | opencollective.com/pegaprox

💬 Community

Join the Discord: https://discord.gg/AJPf3H62QW

Full Changelog: v0.9.8.1...v0.9.8.2

Check out latest releases or
releases around PegaProx/project-pegaprox v0.9.8.2

Don't miss a new project-pegaprox release

NewReleases is sending notifications on new releases.

Get notifications