๐ v0.3.0 โ Stability, Security & Reliability Update
This release introduces major stability, security, and consistency improvements across all modules.
It focuses on safe process handling, input sanitization, dependency validation, and robust backup synchronization.
๐งฉ Core Libraries
/lib/utils_counting.sh
Fixes
- ๐งน Fixed nested quote syntax errors in error messages.
- ๐ Resolved compression extension pattern matching and prevented regex injection during backup counting.
/lib/utils.sh
Fixes
- ๐ง Replaced command substitution with explicit
if/elsefor path verification. - ๐ข Fixed compression ratio formatting (removed tilde and percent symbols).
- ๐ Removed command injection vulnerabilities in file search utilities.
Added
- ๐งฉ Moved missing formatting utilities from
metrics.shto restore full dependency chain.
/lib/storage.sh
Fixes
- ๐งฑ Replaced
pipefailusage with subshell isolation for sync uploads.
Added
- โ๏ธ Added
pipefailand progress logging to async upload functions. - ๐งญ Enhanced
rclonefailure detection in upload routines.
/lib/security.sh
Fixes
- ๐งฉ Fixed false error return in
install_missing_packages. - ๐
check_dependenciesnow stops correctly when dependency installation fails.
Added
- ๐จ Full completion check for safety controls โ script now issues a crash warning if errors occur.
/lib/notify.sh
Fixes
- ๐ง Added missing
statusvariable increate_email_body. - ๐ Telegram messages now use correct URL encoding.
/lib/metrics_collect.sh
Fixes
- ๐ Corrected file path extraction for calculating log age averages.
/lib/metrics.sh
Fixes
- ๐งฎ
report_metrics_errornow increments counters correctly. - ๐งฉ
validate_metrics_dependenciesnow correctly populatesmissing_optional. - ๐งพ Fixed divide-by-zero error in
calculate_compression_ratio.
Added
- ๐ Unified lock mechanism for process synchronization.
- ๐งฑ Moved formatting utilities to
utils.shfor consistency.
/lib/log.sh
Fixes
- ๐ซ Prevented
unbound variableerrors withset -u. - ๐งน Removed unsafe
trapand redundant debug initialization. - โ๏ธ Updated
setup_logging()andstart_logging()for safer initialization.
Added
- ๐งฉ Introduced guard blocks protecting
debug()andtrace()functions.
/lib/core.sh
Fixes
- ๐ Updated debug level documentation.
- ๐งน Removed redundant
set -euo pipefail. - โ ๏ธ Introduced
CRITICALerror state for unrecoverable conditions. - ๐งผ Replaced
rm -rfwithsafe_cleanup_temp_dir().
Added
- ๐ก๏ธ Added
safe_cleanup_temp_dir()with five safety guardrails.
/lib/backup_verify.sh
Fixes
- ๐ฏ Corrected exit code tracking for
critical_errorsandsample_errors. - ๐งฉ Fixed
mktempusage forrclonetemporary directories.
/lib/manager.sh
Fixes
- ๐ Fixed non-shared lock file race conditions.
- ๐งฎ Prevented PID truncation (values >255).
- ๐งฉ Fixed lost and mis-checked exit codes.
- ๐งน Ensured
cloud_storagelock release on errors.
/lib/backup_create.sh
Fixes
- ๐งญ Fixed working directory corruption after
findexecution.
/lib/backup_collect.sh
Fixes
- ๐ Wrapped
findloops in subshells and removed unsafecd /tmp.
Added
- ๐ชถ Added
.proxmox-backup-markercreation insetup_temp_dir(). - ๐พ Added save/restore of
DEBUG_LEVELincheck_env_file().
/lib/backup_collect_pbspve.sh
Fixes
- ๐ Improved
sanitize_input()to preserve valid filesystem characters. - ๐งฉ Fixed quote escaping and exit code tracking in
rclonecalls. - ๐งฎ Added detailed data quality notes and documentation.
Added
- ๐งฐ Introduced helper functions:
safe_command(),safe_mkdir(),safe_stat_size(),validate_output_file().
/lib/environment.sh
Fixes
- ๐งฉ Ensured lock directory creation before acquiring metrics lock.
Added
- ๐ชถ Added
.proxmox-backup-markeraftermkdir TEMP_DIR. - ๐พ Added save/restore of
DEBUG_LEVELincheck_env_file().
โ๏ธ Main Script
/script/proxmox-backup.sh
Fixes
- ๐ Improved lock cleanup with
flockvalidation and orphan recovery. - ๐งน Replaced
rm -rfwithsafe_cleanup_temp_dir(). - ๐ง Improved dependency and lock handling with strict
set -e.
Added
- ๐ Added flush operation in
cleanup_handler.
๐ Standalone Script โ security-check.sh
Fixes
- ๐งฉ Improved safety checks, reliable hash validation, and parent-script detection.
- ๐ Hardened kernel, port, and file scans for better accuracy and input handling.
Added
- ๐๏ธ Added
$BASE_DIR/lockdirectory validation. - โ๏ธ Added IPv6 filtering, outbound monitoring, and configurable suspicious port lists.
- ๐งพ Implemented whitelist and associative map for safe filtering.
- ๐ง Modernized detection with
sssupport and improved debug levels.
๐งฐ Standalone Script โ install.sh
Fixes
- ๐งญ Forced switching to a safe directory before cloning or copying files to prevent
fatal: Unable to read current working directoryerrors.
Added
- ๐งฉ Applied
chmod 744toinstall.shandnew-install.shimmediately after cloning.
๐งฐ Standalone Script โ fix-permissions.sh
Added
- ๐ง Included both installers in the maintenance routine.
- ๐ ๏ธ Ensured both stay at permission level
744during updates and repairs.
โ Overall Improvements
- Stronger process and lock synchronization.
- Hardened temporary directory handling and cleanup.
- Safer input, quote, and command validation.
- Enhanced dependency and metrics management.
- More accurate backup verification and reporting.
- Improved fault tolerance in standalone security tools.
- Added safe install and permission maintenance scripts.
โจ Result: The system is now significantly more stable, secure, and resilient under all runtime conditions.
Compatibility: PVE and PBS
Installation: bash -c "$(curl -fsSL https://raw.githubusercontent.com/tis24dev/proxmox-backup/main/install.sh)"