Skip to content

v0.0.13

Latest

Choose a tag to compare

@emersonfelipesp emersonfelipesp released this 06 Jul 14:47
9b018d4

proxmox-sdk v0.0.13

A correctness, robustness, and security hardening release — including community contributions that fix Proxmox password/ticket authentication and add caller-supplied session support.

Highlights

  • Password/ticket authentication fixes — the ticket endpoint is now built under the service API prefix (/api2/json/access/ticket, reverse-proxy aware) and the PVEAuthCookie is sent unquoted, so user@realm + password auth works against real Proxmox nodes. Previously it failed with a JSONDecodeError and then 401. Thanks @nanomad!
  • Bring-your-own aiohttp session — pass session= to ProxmoxSDK / HttpsBackend to reuse your own connection pool, timeouts, tracing, or proxy. The SDK reuses it verbatim and never closes it (it also handles the ticket-cookie quoting for external cookie jars). Thanks @CoMPaTech!
  • Review hardening — config CLI commands (config-add/-remove/-set-default/-list/-show) now load existing config before operating, fixing silent profile loss and empty list/show; batch uses the configured default profile; download checksum auto-discovery blocks SSRF probes to loopback/private/link-local/metadata hosts; typed AuthenticationError on non-JSON auth responses; negative-retry validation and a cross-event-loop close() leak fix; idempotent synchronous close().
  • Also includes opt-in OpenTelemetry tracing and Proxmox Datacenter Manager (PDM) API codegen support merged since 0.0.12.

Pull requests in this release

Thanks to our contributors 🙏

Special thanks to @nanomad (Giovanni Condello) and @CoMPaTech (Tom Scholten) for reporting, independently reproducing, reviewing, and fixing the authentication and session issues that make this release possible.


Published to PyPI and Docker Hub (raw, nginx, granian, and per-service mock images).