v0.9.15 — security hardening, Cloud-layout parity & temperature monitoring
A big one. The headline is a broad security-hardening pass (a full CodeAnt + pentest sweep, re-implemented by hand), the Cloud (Preview) layout reaching full feature parity with the Corporate layout, and per-host temperature monitoring gaining history + alerting — plus a stack of scale/perf work and a real integration-test harness.
⚠️ Beta. As always, snapshot / back up before upgrading.
🔒 Security & hardening (the big theme)
A broad authorization + input-validation sweep across the API surface:
- Tenant isolation / IDOR / BOLA — per-VM ACL enforcement on VM detail/action/firewall routes; tenant-scope gates on VMware, PBS, cluster, DR-drill, history, alerts and cross-hypervisor-migration reads so one tenant can't see another's resources.
- SSRF — outbound guards on OIDC
jwks_uri, templateimage_url, and the ACME chain (redirect + second-order re-validation). - RCE — ISO/template filenames and ESXi VMDK path components are validated/quoted before they ever reach a root SSH shell.
- Web — CSRF check hoisted, HTTP-response-splitting closed at the redirect handlers,
unsafe-evaldropped from the CSP. - Logs & secrets — tainted-log-line sanitisation (CWE-117), vnc-ticket redaction in URL logs, SIEM secret masking, session invalidation on admin password reset.
- TLS — VNC/console TLS verification now honours the per-cluster
ssl_verifyflag (7 sites). - Deps — Flask 3.1.3 (CVE-2026-27205), PyJWT 2.13 (5 PyJWKClient CVEs), pyasn1 ≥ 0.6.4, pytest 9; rollback path-containment (CWE-22).
- License — adds an AGPL §7(b) attribution term (NOTICE + portal footer).
☁️ Cloud (Preview) layout — full parity
The Cloud layout now mirrors Corporate end to end: complete SDN CRUD, Plugins / Scripts / Schedules, Config Drift / SIEM / Alert Channels / Update Manager, real HA / Networks / Storage / Site-Recovery components, a Reports group (Insights, Costs, Power & Carbon, API Health), Automation (Snapshot Policies, Templates), Topology + Compliance, and the real pegasus logo.
✨ Features
- Temperature monitoring — history + alerting (#601) — the per-node lm-sensors panel now stores the hottest temperature over time (sparkline + min/max/avg), and there's a new
temperaturealert metric (per node, or cluster-wide hottest) in °C with absolute thresholds, wired into the existing alert/webhook pipeline. Thanks @jostrasser for the ask. - Show VM IDs in the sidebar — opt-in via My Profile, translated in all 7 languages.
⚡ Performance & scale
- Sidebar filter debounce + native windowing so 1000+-VM trees stay smooth.
- TTL-cached VM-ACL and cluster-topology lookups; capped concurrent syslog TCP handlers.
✅ Quality
- A full-stack integration-test harness (real app + faked managers) + 166 blueprint tests, security-invariant unit tests, and a route-authz contract test — now run on every PR in CI.
🤝 Community
- PR #617 — snapshot-name validation against PVE's rules. Thanks @MatrixNeoKozak! 🙌
💛 Sponsors
PegaProx is AGPL-3.0 and built in the open. Huge thanks to the sponsors who keep it moving:
💎 Platinum
🥈 Silver
- TechniData AG Limited — welcome aboard! 🎉
Want to help keep PegaProx going? → https://opencollective.com/pegaprox 💚
Full changelog: v0.9.14.1...v0.9.15