nginx-1.30.3 stable and nginx-1.31.2 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module (CVE-2026-42055), and buffer overread vulnerability in the ngx_http_charset_module (CVE-2026-48142). Additionally, nginx-1.31.2 includes a fix for use-after-free vulnerability in the ngx_http_v3_module (CVE-2026-42530).

[0.16.9] - 2026-06-15

If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

• ACME: Allow specifying a preferred certificate chain.

Changed

Fixed

• JMAP: */changes methods leak ids of non-shared objects (reported by @5ud0er).
• Sieve: Do not allow invalid certs in http_header function.
• FoundationDB: Fix read version cache expiration logic.
• MTA: Re-scheduling or editing a queued message reports success but persists nothing for recipients in a non-default virtual queue.
• CardDAV: Version requests included in address-data are ignored.
• ACME: Add freshness check when renewing certificates.
• Autodiscover v2: Read email address from query parameters.
• Sieve: Do not keep copies of redirected messages when keep is not specified.
• Registry: Object ids are parsed as numbers.

Check binary attestation here

The Asterisk Development Team would like to announce
the release of asterisk-23.4.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.4.0
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.4.0

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-23.4.0

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 53
• Commit Authors: 24
• Issues Resolved: 43
• Security Advisories Resolved: 0

The Asterisk Development Team would like to announce
the release of asterisk-22.10.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.10.0
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.10.0

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-22.10.0

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 53
• Commit Authors: 24
• Issues Resolved: 43
• Security Advisories Resolved: 0

The Asterisk Development Team would like to announce
the release of asterisk-20.20.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.20.0
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.20.0

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-20.20.0

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 53
• Commit Authors: 24
• Issues Resolved: 43
• Security Advisories Resolved: 0

VIENNA, Austria – June 11, 2026 – Enterprise software developer Proxmox Server Solutions today announced the release of Proxmox Mail Gateway 9.1. The updated version of its enterprise email security solution introduces updated core components, comprehensive usability improvements to the spam quarantine, and data encryption options for integrated backups.

Proxmox Mail Gateway functions as a full-featured mail proxy deployed between the firewall and internal mail servers. It filters all incoming and outgoing email traffic at the gateway, protecting organizations against threats such as spam, viruses, Trojans, and phishing attacks.

Key Updates in Proxmox Mail Gateway 9.1

Updated core components

Built on Debian 13.5 “Trixie”, the platform includes updated underlying packages, utilizing a newer Linux kernel 7.0 as its stable default. Proxmox Mail Gateway 9.1 continues to align with the latest major enterprise open-source security components and incorporates stable versions of SpamAssassin 4.0.2 (with continuously updated rulesets), ClamAV 1.4.4, PostgreSQL 17, and ZFS 2.4.

Spam quarantine usability improvements

The web-based quarantine interface features several enhancements to optimize daily administrative and end-user workflows.

• Shared mailboxes: Users can now mark quarantined emails within shared mailboxes as “seen”, preventing duplicate auditing efforts across teams. The status is displayed inline as a checkmark and can be toggled via an action button.
• Granular spam scores: The quarantine overview now displays both the positive and negative components of the spam score simultaneously, providing immediate insight into why an email triggered filtering thresholds.
• On-demand image loading: To enhance privacy and security, external images in quarantined emails can now be configured to load only on demand. Users can then choose to display images by clicking a “Load Images” button in the quarantine view. This ensures email content can be inspected safely without automatically compromising privacy or being exposed to web-based threats.
• Copy Link Functionality: Administrators can now copy a recipient’s private quarantine access link directly from the admin dashboard using a new “Copy Link” option. This provides a secure and convenient way to share the link through any preferred channel or to integrate it in a custom interface.

Encrypted Proxmox Backup Server targets

Version 9.1 adds native encryption support for backups targeted at a Proxmox Backup Server instance. This option ensures that sensitive email configuration settings, user created rule system data, and historic/private statistics data are encrypted client-side before transmission and remain encrypted at rest on the backup storage target.

Availability

Proxmox Mail Gateway 9.1 is open-source software and immediately available for download. Users can obtain a complete installation image via ISO download, which contains the full feature-set of the solution and can be installed quickly on bare-metal systems using an intuitive installation wizard. The software can be installed on top of an existing Debian installation or as a lightweight Linux Container (LXC) on Proxmox VE. A seamless, fully tested upgrade path from Proxmox Mail Gateway 8.2 or 9.0 is available via the APT package management system.

For production environments, Proxmox offers comprehensive enterprise support plans that provide stable and secure updates and direct access to expert support services. These support contracts offer a cost-effective way to secure enterprise-grade stability. Pricing start at EUR 190 per host per year, including unlimited users and domains.

Resources:

• ISO Image Download: https://www.proxmox.com/en/downloads
• Forum Announcement: https://forum.proxmox.com/
• Roadmap: For published and upcoming features, see the Release Notes & Roadmap

###

About Proxmox Mail Gateway
Proxmox Mail Gateway is the leading open-source email security solution, protecting your mail server against all email threats from the moment they emerge. Organizations of any size can easily deploy and implement the comprehensive anti-spam and antivirus platform in just a few minutes. Deploying the full-featured mail proxy between the firewall and an internal mail server allows you to control all incoming and outgoing email traffic from the central, web-based interface. Proxmox filters all email traffic at the gateway before it reaches the mail server, protecting businesses against email attacks and other malicious threats.

About Proxmox Server Solutions
Proxmox Server Solutions provides powerful, intuitive open-source server software that guarantees vendor independence and minimizes total cost of ownership. Enterprises of all sizes rely on the company’s reliable vendor support, certified training services, and a global network of 3,000 integration partners to ensure business continuity. Established in 2005 and headquartered in Vienna, Austria, tens of thousands of corporate customers worldwide trust Proxmox solutions to secure their mission-critical IT environments.

Contact: Daniela Häsler, Proxmox Server Solutions GmbH, press@proxmox.com

Fixes and improvements

General

• support using regexp groups in every part of a source URL (#5766) (#5779)
• improve anti-brute force mechanism (#5835) delay authentication failure responses by a random amount of time, use the same anti-brute force mechanism with all users.
• limit size of HTTP requests shown in debug logs (#5858)
• print body of selected HTTP responses when log level is debug (#5859)

Media-over-QUIC

• fix race condition when closing server (#5836) some sessions were hanging if they were concurrently being closed by the remote peer.
• rename moqHTTPS2Address into moqHTTP2Address, moqHTTPS3Address into moqHTTP3Address (#5841)

RTSP

• support PROXY protocol (#5754) Support PROXY protocol v1/v2 on RTMP, RTMPS, RTSP, and RTSPS TCP listeners so real client IPs are visible when running behind L4 proxies (nginx stream, HAProxy, AWS NLB).
• restore support for H264 packetization-mode 0 (#5846) (#5857) H264 streams with packetization-mode=0 cannot be routed with UDP since packets are too big. Inbound streams with packetization-mode=0 are blocked by the server since v1.19.0 but this caused compatibility issues with some cameras. The server is now able to receive such streams with TCP, and automatically remuxes them in streams with packetization-mode=1, which can be routed freely.

RTMP

• support PROXY protocol (#5754) Support PROXY protocol v1/v2 on RTMP, RTMPS, RTSP, and RTSPS TCP listeners so real client IPs are visible when running behind L4 proxies (nginx stream, HAProxy, AWS NLB).

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.74.0 to v0.76.0
• github.com/bluenviron/gortsplib/v5 updated from v5.5.4 to v5.6.0
• github.com/pion/ice/v4 updated from v4.2.7 to v4.2.8-0.20260604162030-72f5001c4596
• github.com/pion/webrtc/v4 updated from v4.2.14 to v4.2.15
• github.com/quic-go/quic-go updated from v0.59.0 to v0.60.0
• golang.org/x/crypto updated from v0.52.0 to v0.53.0
• golang.org/x/net updated from v0.55.0 to v0.56.0
• golang.org/x/sync updated from v0.20.0 to v0.21.0
• golang.org/x/sys updated from v0.45.0 to v0.46.0
• golang.org/x/term updated from v0.43.0 to v0.44.0
• github.com/pion/dtls/v3 updated from v3.1.3 to v3.1.4
• github.com/pion/stun/v3 updated from v3.1.4 to v3.1.5
• github.com/pion/turn/v5 updated from v5.0.7 to v5.0.9
• golang.org/x/text updated from v0.37.0 to v0.38.0
• github.com/pires/go-proxyproto v0.12.0 added

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

[0.16.8] - 2026-06-06

If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

Changed

• OAuth: Rework access tokens to an AES-256-GCM-SIV AEAD format that carries the account name for proxy routing.
• Added more internal TLDs to the domain validation.

Fixed

• MTA:
  • Sub-addressing with external directories returns 550 Mailbox not found.
  • Disabled aliases continue receiving messages.
• JMAP for File Storage: FileNode/get returns a stale state string.
• Make SieveSystemInterpreter.defaultReturnPath and MtaQueueQuota.match optional expressions.
• Rate limiter panics when periods under 1 second are used.
• CalDAV/CardDAV: Calendar events, contacts, calendars and address books deleted via JMAP do not write a vanished tombstone.
• DNS updater: bump to dns-update-v0.5.1.

Check binary attestation here

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-23.4.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.4.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.4.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-23.4.0-rc1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 53
• Commit Authors: 24
• Issues Resolved: 43
• Security Advisories Resolved: 0

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-22.10.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.10.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.10.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-22.10.0-rc1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 53
• Commit Authors: 24
• Issues Resolved: 43
• Security Advisories Resolved: 0

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-20.20.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.20.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.20.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-20.20.0-rc1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 53
• Commit Authors: 24
• Issues Resolved: 43
• Security Advisories Resolved: 0

The PostgreSQL Global Development Group announces that the first beta release of PostgreSQL 19 is now available for download. This release contains PostgreSQL 19 feature previews ahead of general availability, though some details of the release can change during the beta period.

You can find information about all of the PostgreSQL 19 features and changes in the release notes:

https://www.postgresql.org/docs/19/release-19.html

In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 19 on your systems to help us eliminate bugs and other issues. While we do not advise you to run beta versions in production environments, we encourage you to find ways to run your typical application workloads against this beta release.

Your testing and feedback help the community ensure that PostgreSQL 19 upholds our standards of delivering a stable, reliable release of the world's most advanced open source relational database. Please read more about our beta testing process and how you can contribute:

https://www.postgresql.org/developer/beta/

PostgreSQL 19 Feature Highlights

Below are some of the feature highlights that are planned for PostgreSQL 19. This list is not exhaustive; for the full list of planned features, please see the release notes.

Performance

PostgreSQL 19 builds on the asynchronous I/O subsystem introduced in PostgreSQL 18. In this release, io_method=worker now automatically scales the number of I/O workers based on the new io_min_workers and io_max_workers settings.

This release also introduces the pg_plan_advice extension, which lets users stabilize and control planner decisions, along with pg_stash_advice to apply advice automatically using query identifiers.

This release brings improvements to vacuum and maintenance operations. Autovacuum can now use parallel workers, which can be configured with the new autovacuum_max_parallel_workers setting, and a new autovacuum scoring system helps prioritize tables to vacuum. PostgreSQL 19 further enhances vacuum with a new strategy that can automatically reduce future vacuuming work by marking pages as visible while they're being queried. Additionally, this release adds the new REPACK command and its nonblocking CONCURRENTLY option, which allow tables to be rebuilt with less operational overhead.

PostgreSQL 19 shows up to 2x better performance on inserts when foreign key checks are present. Additionally, this release improves several areas of the query planner and executor, including new anti-join optimizations, broader use of incremental sorts, eager aggregation that speeds up row processing, faster reads from storage during parallel sequential scans, and simplification of IS DISTINCT FROM and IS NOT DISTINCT FROM to plain <> and = operators when the inputs are not nullable. There are also improvements for LISTEN/NOTIFY scalability that impact multi-channel workloads.

Developer Experience

PostgreSQL 19 introduces support for SQL/PGQ, letting users execute property graph queries using SQL standard syntax. This release also expands temporal query capabilities with UPDATE and DELETE support for the FOR PORTION OF clause, complementing the temporal constraint support added in PostgreSQL 18. This release also adds ALTER TABLE ... MERGE PARTITIONS and ALTER TABLE ... SPLIT PARTITIONS to make it easier to reorganize partitioned tables in place. There is now also support for returning rows that conflict during an upsert operation using INSERT ... ON CONFLICT DO SELECT ... RETURNING.

PostgreSQL 19 introduces the new GROUP BY ALL syntax, making it easy to add all non-aggregate and non-window output columns as part of the grouping. This release extends string processing capabilities in jsonpath with the addition of lower(), upper(), initcap(), replace(), split_part(), and the trim() family of functions.

PostgreSQL 19 makes it easier to adopt "read-your-writes" query patterns when working with replicas using the new WAIT FOR LSN command. This lets a session wait until changes up to a specific log position (LSN) have been replayed on the replica before executing a SELECT query.

PostgreSQL 19 also adds new SQL functions to retrieve the DDL statements needed to recreate roles, tablespaces, and databases, simplifying scripting and migration tasks. Additionally, the random() function now works with date and timestamp types, and PL/Python now supports event triggers.

Security Features

PostgreSQL 19 adds server-side support for Server Name Indication (SNI) through a new pg_hosts.conf file, allowing a single PostgreSQL server to present different TLS certificates based on the hostname requested by the client. There is also a new password_expiration_warning_threshold setting (defaulting to 7 days) to warn users in advance of upcoming password expirations.

Further to the ongoing deprecation efforts of md5 authentication, this release issues a warning to the client after a successful md5 authentication. This is controllable via the new md5_password_warnings setting.

Monitoring and Observability

PostgreSQL 19 introduces the pg_stat_lock view, which reports per-lock-type statistics, and pg_stat_recovery which provides detailed visibility into the state of recovery operations. A stats_reset column is now available across many statistics views to show when counters were last cleared. The pg_stat_progress_vacuum and pg_stat_progress_analyze views now include a started_by column that reports the initiator of the operation, and pg_stat_progress_vacuum also has a mode column that reports how vacuum is operating.

This release also allows log_min_messages levels to be specified per process type, giving operators finer control over what each part of the system logs. Additionally, WAL full page write byte counts are now reported in VACUUM and ANALYZE log output, helping identify maintenance operations that generate large amounts of WAL. Additionally, EXPLAIN ANALYZE now supports surfacing asynchronous I/O (AIO) statistics through its IO option, providing better visibility into how queries are using the AIO subsystem.

Logical Replication and Query Federation

In PostgreSQL 19, logical replication now replicates sequence values, simplifying tasks like online upgrades. Additionally, the new CREATE PUBLICATION ... EXCEPT syntax allows you to publish all tables in a database except for a specified set, while CREATE SUBSCRIPTION ... SERVER allows subscriptions to be defined using a foreign server, simplifying credential management.

PostgreSQL 19 makes it possible to enable logical replication without restarting a server. Logical replication can now be enabled on demand even when wal_level is set to replica, and the new read-only effective_wal_level parameter reports the WAL level currently in effect. This reduces the need to commit upfront to a higher WAL level for clusters that may only occasionally need it, and avoids disrupting an active workload.

The PostgreSQL foreign data wrapper, postgres_fdw, used for query federation, includes several performance improvements, including pushing down array operations to the remote server, and retrieving and using statistics from foreign tables to support better local query planning.

Other Highlights

The PostgreSQL 19 beta period includes a temporary "grease mode" to try to find protocol compatibility problems in the wider ecosystem. This wiki page contains information on how the campaign works:

https://wiki.postgresql.org/wiki/Grease

PostgreSQL 19 allows data checksums to be enabled or disabled online, without requiring a cluster restart or reinitialization.

There are several notable changes to be aware of in PostgreSQL 19. Just-in-time compilation (JIT) is now disabled by default, and the default_toast_compression setting now defaults to lz4, providing better default compression and decompression performance. Support for RADIUS authentication is now removed. Additionally, the vacuumdb --analyze-only command by default analyzes partitioned tables.

Additional Features

Many other new features and improvements have been added to PostgreSQL 19. Many of these may also be helpful for your use cases. Please see the release notes for a complete list of new and changed features:

https://www.postgresql.org/docs/19/release-19.html

Testing for Bugs & Compatibility

The stability of each PostgreSQL release greatly depends on you, the community, to test the upcoming version with your workloads and testing tools to find bugs and regressions before the general availability of PostgreSQL 19. As this is a Beta, minor changes to database behaviors, feature details, and APIs are still possible. Your feedback and testing will help determine the final tweaks on the new features, so please test in the near future. The quality of user testing helps determine when we can make a final release.

A list of open issues is publicly available in the PostgreSQL wiki. You can report bugs using this form on the PostgreSQL website:

https://www.postgresql.org/account/submitbug/

Beta Schedule

This is the first beta release of version 19. The PostgreSQL Project will release additional betas as required for testing, followed by one or more release candidates, until the final release around September/October 2026. For further information please see the Beta Testing page.

Links

• Download
• Beta Testing Information
• PostgreSQL 19 Beta Release Notes
• PostgreSQL 19 Open Issues
• Submit a Bug
• Donate

What's Changed

Security & Fixes

• Fixed private submodule authentication during deployments (#8900, fixes #2731)
• Fixed deploy keys overwriting server root SSH keys (#10440, fixes #10203)
• Improved fork pull request safety for preview deployments (#10457, fixes #10342)
• Hardened API token team checks (#10505)
• Improved image, branch, proxy, and deployment input validation (#10501, #10502, #10503, #10504)
• Fixed generated Compose environment variables breaking preview deployments (#10186, fixes #7552)
• Fixed registry image tags being pushed for preview deployments (#10185, fixes #7616)
• Fixed Git repository imports for large repositories (#10528, fixes #5251)
• Fixed GitLab SSH webhook matching with custom ports (#10479, fixes #10450)
• Fixed log copying on non-HTTPS instances (#8942)
• Fixed unsafe HTML showing in the log viewer (#10346, fixes #10345)
• Fixed deployment and container log timestamps to use the server timezone (#10165, fixes #8003)
• Fixed in-progress form edits being wiped by live updates (#10321, fixes #6062, #6354, #9695)
• Fixed skipped service database backup links (#10527, fixes #10526)
• Fixed S3 backup storage validation before scheduling (#10389)
• Fixed current team deletion errors (#10353, fixes #10351)
• Fixed self-hosted server cleanup preserving server IPs (#10480, fixes #10471)
• Fixed API server private key updates (#10416)
• Fixed SSH usernames with dots (#9951)
• Fixed stale page loading cloak after navigation (#10518, fixes #10506)
• Fixed password field keyboard focus order (#10519, fixes #10486)
• Fixed Railpack Buildx cache metadata persistence (#10511, fixes #10507)

New Services & Templates

• Added Healthchecks as a one-click service (#10335)
• Fixed Garage startup by using the correct RPC secret length (#10425)
• Updated Chatwoot support for private API inbox webhooks (#10426)
• Fixed Hermes Agent with Web UI image tag (#10445)
• Updated Gitea runner to v1.0.7 (#10500)
• Fixed ownCloud trusted-domain login issues (#10508, fixes #9944)

Improvements

• Made exposed ports optional for portless apps (#9182, fixes #9170)
• Added configurable application restart loop limits (#9231, fixes #8669)
• Added standalone database health check settings (#10481, fixes #10444)
• Added resource details with easier access to UUIDs (#9756)
• Added destination resource listings (#9757)
• Added environment variable search (#10421, fixes #10413)
• Moved Sentinel into its own tab and improved metrics refresh (#9544)
• Improved the configuration changes modal for redeployments (#10461, fixes #10367)
• Added scrollable modals for smaller screens (#9647, fixes #9618)
• Kept long-running terminal sessions connected (#10482)
• Added mobile terminal controls (#10498)
• Added custom Docker DNS option support (#10516)
• Improved the GitHub App setup flow (#10524)
• Updated the team invitation flow (#10510)

What's Changed

• fix(livewire): stop broadcast handlers from wiping in-progress form by @adiologydev in #10321
• fix(service): set correct image tag for hermes-agent-with-webui by @ShadowArcanist in #10445
• fix(service): Chatwoot Support allowlisted private API inbox webhooks by @kunumigab in #10426
• chore(deps): bump symfony/polyfill-intl-idn from 1.37.0 to 1.38.1 by @dependabot[bot] in #10442
• chore(deps): bump ws from 8.19.0 to 8.20.1 in /docker/coolify-realtime by @dependabot[bot] in #10424
• fix(team): prevent 500 when deleting the current team by @Firsak in #10353
• fix(webhook): skip preview deployments for fork PRs by @ShadowArcanist in #10457
• fix(webhook): match GitLab SSH repos with custom ports by @andrasbacsai in #10479
• fix(cleanup): preserve self-hosted server IPs by @andrasbacsai in #10480
• feat(database): configure standalone health checks by @andrasbacsai in #10481
• fix(terminal): keep long-running sessions connected by @andrasbacsai in #10482
• fix(backups): validate S3 storage before scheduling by @andrasbacsai in #10389
• fix(deployments): filter generated compose service env vars by @andrasbacsai in #10186
• feat(terminal): add mobile shell controls by @andrasbacsai in #10498
• chore(deps): bump ws from 8.19.0 to 8.20.1 in /docker/coolify-realtime by @dependabot[bot] in #10456
• fix(deployments): skip registry image tag for previews by @andrasbacsai in #10185
• fix(git): ensure ssh credentials are propagated to submodule operations by @andrasbacsai in #8900
• fix(api): validate token team context by @andrasbacsai in #10505
• Improve proxy configuration validation by @andrasbacsai in #10503
• Improve application branch validation by @andrasbacsai in #10502
• Improve application image validation by @andrasbacsai in #10501
• Improve deployment input handling by @andrasbacsai in #10504
• chore(service): Update Gitea runner image to version 1.0.7 by @Twest2 in #10500
• fix(service): Garage doesn't start due to RPC secret being wrong length by @derdaele in #10425
• feat(service): add Healthchecks as a service by @viticodotdev in #10335
• Update team invitation flow by @andrasbacsai in #10510
• fix(deploy): persist Railpack Buildx metadata by @andrasbacsai in #10511
• fix(forms): focus password fields before visibility toggles by @andrasbacsai in #10519
• fix(navigation): remove stale cloak after Livewire navigation by @andrasbacsai in #10518
• Improve GitHub App setup flow by @andrasbacsai in #10524
• fix(service): owncloud login doesn't work by @abesmon in #10508
• fix(ui): configuration changes modal doesn't go away after redeployment for git based compose apps by @ShadowArcanist in #10461
• fix(dev): testing host downloads wrong arch docker binaries on linux by @ShadowArcanist in #10462
• fix(logs): use server timezone in deployment and container logs by @ShadowArcanist in #10165
• feat(ui): add resource details view by @ShadowArcanist in #9756
• feat: support --dns custom Docker option by @tikimo in #10516
• feat(application): make ports_exposes optional for portless apps by @ShadowArcanist in #9182
• feat(applications): add configurable restart loop limit by @ShadowArcanist in #9231
• feat(ui): move sentinel to new tab by @ShadowArcanist in #9544
• feat(destination): show resources that are deployed on the destination by @ShadowArcanist in #9757
• fix(modal): add missing scrolling behavior for better user experience… by @JanThiel in #9647
• fix(server): allow dots in ssh username by @ShadowArcanist in #9951
• fix(ui): models and slide-overs to use the same Close (x) icon button styles by @gianpaj in #9393
• fix(logs): handle missing clipboard API in non-HTTPS contexts by @devrim-1283 in #8942
• fix(scheduled-jobs): link skipped service database backups by @andrasbacsai in #10527
• fix(git): force HTTP/1.1 for repository imports by @andrasbacsai in #10528
• fix(logs): html tags is removed in log viewer by @alexzvn in #10346
• feat(ui): add search functionality for environment variables by @rohittiwari-dev in #10421
• fix(api): apply private_key_uuid in update_server by @yaroslavnovykov in #10416
• fix(git): write deploy key to per-deployment path, not root's id_rsa by @ofaruksahintr in #10440
• v4.1.2 by @andrasbacsai in #10452

New Contributors

• @Firsak made their first contribution in #10353
• @viticodotdev made their first contribution in #10335
• @abesmon made their first contribution in #10508
• @tikimo made their first contribution in #10516
• @JanThiel made their first contribution in #9647
• @gianpaj made their first contribution in #9393
• @yaroslavnovykov made their first contribution in #10416
• @ofaruksahintr made their first contribution in #10440

Full Changelog: v4.1.1...v4.1.2

New major features

Media-over-QUIC

• support reading and publishing with Media-over-QUIC (#5815) Media-over-QUIC is a streaming protocol built upon cutting edge protocols (QUIC, HTTP3) and browser APIs (WebTransport, WebCodecs). It's slightly faster than WebRTC, has an advanced data recovery mechanism, it supports additional codecs (FLAC) and is less complicated to route. Check the documentation for instructions and details.

RTMP

• support reading and writing FLAC (#5778) (#5789)

HLS

• support reading and publishing FLAC (#5778) (#5791)

Fixes and improvements

General

• Add user agent field to RTMP, RTSP, WebRTC, and HLS (#5753)
• add --check-version command line flag (#5786) this allows to check whether a new version is available without upgrading.
• use file name suffix for OS-specific code wherever possible (#5787)
• fix two hot reloading cases (#5817) * reload SRT server when metrics server is reloaded * reload API server when RTMPS server is reloaded

RTSP

• client: trigger TCP timeout only if nothing is received (bluenviron/gortsplib#1002) (bluenviron/gortsplib#968) (bluenviron/gortsplib#1067) Previously, a data packet was required, now a keepalive response from the server is enough.
• sdp: support non-standard 'meta' media type (bluenviron/gortsplib#1068)
• forbid H264 packetization mode zero (bluenviron/gortsplib#1072) Packetization mode zero requires allowing inefficient and brittle fragmented UDP packets, which we are not.

RTMP

• client: add FLAC fourCC (bluenviron/gortmplib#73)
• do not exit in case of undocumented Flash control messages (#5512) (bluenviron/gortmplib#75)

HLS

• remove redundant JavaScript argument (#5806)
• muxer: fix race condition when generating playlist (bluenviron/gohlslib#359) (bluenviron/gohlslib#360) Max age of playlist depends on segments, so it needs to be covered by the segment mutex.
• muxer: use coherent version in all playlists (#5781) (bluenviron/gohlslib#363)

WebRTC

• make JavaScript internal variables private (#5804)
• fix connectivity after network changes (#5097) (#5818)

RPI Camera

• use timestamp of frame in text overlay (#2733) (bluenviron/mediamtx-rpicamera#103)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.72.0 to v0.74.0
• github.com/abema/go-mp4 updated from v1.5.0 to v1.6.0
• github.com/bluenviron/gohlslib/v2 updated from v2.3.2 to v2.4.0
• github.com/bluenviron/gortmplib updated from v0.3.2 to v0.4.0
• github.com/bluenviron/gortsplib/v5 updated from v5.5.3 to v5.5.4
• github.com/bluenviron/mediacommon/v2 updated from v2.8.3 to v2.9.0
• github.com/go-git/go-git/v5 updated from v5.19.0 to v5.19.1
• github.com/matthewhartstonge/argon2 updated from v1.5.3 to v1.5.4
• github.com/pion/ice/v4 updated from v4.2.5 to v4.2.7
• github.com/pion/transport/v4 updated from v4.0.1 to v4.0.2
• github.com/pion/webrtc/v4 updated from v4.2.12 to v4.2.14
• golang.org/x/crypto updated from v0.51.0 to v0.52.0
• golang.org/x/net updated from v0.54.0 to v0.55.0
• golang.org/x/sys updated from v0.44.0 to v0.45.0
• github.com/pion/dtls/v3 updated from v3.1.2 to v3.1.3
• github.com/pion/sctp updated from v1.9.5 to v1.10.0
• github.com/pion/srtp/v3 updated from v3.0.10 to v3.0.11
• github.com/pion/stun/v3 updated from v3.1.2 to v3.1.4
• github.com/pion/turn/v5 updated from v5.0.3 to v5.0.7
• github.com/quic-go/webtransport-go v0.10.0 added
• golang.org/x/sync v0.20.0 added
• github.com/dunglas/httpsfv v1.1.0 added
• github.com/bluenviron/mediamtx-rpicamera updated from v2.5.7 to v2.6.0

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

[0.16.7] - 2026-05-28

If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

• RateLimit header fields for HTTP (draft-ietf-httpapi-ratelimit-headers-10)
• MTA: Implement spamtest in trusted Sieve scripts.

Changed

Fixed

• Log rejected messages to tracing store.
• MTA:
  • Always update next DSN notify times.
  • Expand lists and resolve catch-all addresses when building autogenerated messages.
• Sharing: Includes resource that themselves carry a direct ACL grant and are leaves.
• Tasks cannot be deleted in OSS builds.
• Directory: Per-domain external directory resolution fails.
• DNS updater: Keep external TXT records when updating RRSet.
• HTTP: Reject requests from blocked IPs when Keep-Alive is enabled.

Check binary attestation here

Highlights in Proxmox Datacenter Manager 1.1

Integrated automated installation workflows

Proxmox Datacenter Manager 1.1 now acts as a central configuration server for provisioning. The integration of automated installation functionality standardizes the deployment of hosts across distributed infrastructures. Administrators can centrally manage answer file configurations containing predefined installation parameters and provide them for unattended installations of new hosts. A new ‘Automated Installations’ tab in the ‘Remotes’ section provides access to these workflows, while installation progress can be tracked directly from within the Proxmox Datacenter Manager web interface. A token-based security mechanism protects the installation process and helps ensure that prepared configurations are accessed only by authorized installations.

Centralized management of subscription keys

For large-scale deployments, managing subscriptions across multiple sites can be complex. A new subscription registry in Proxmox Datacenter Manager enables administrators to manage a central pool of subscription keys, assign them to specific remotes, and remove assignments when no longer needed. A prepared answer file can also include a specific subscription key, allowing a newly provisioned host to register its subscription automatically during installation.

Unified Ceph cluster monitoring

For organizations utilizing hyper-converged infrastructure (HCI) powered by Proxmox VE, tracking storage health across distributed sites is vital. Proxmox Datacenter Manager 1.1 delivers deep, unified visibility across these distributed storage environments by introducing native monitoring for all connected Ceph clusters. A single, consolidated panel allows administrators to verify the health, capacity, and real-time performance of multiple Ceph clusters at a glance. The dashboard provides comprehensive, granular insights into the status of Object Storage Daemons (OSDs), monitors, managers, Metadata Servers (MDS), storage pools, CephFS, and specific cluster flags.

Enhanced infrastructure visualization

New dashboard widgets provide administrators with an overview of their distributed Proxmox infrastructures:

• Geographic widgets: A new world map widget visualizes the physical locations of connected remotes. Locations can be defined via the node or datacenter options on Proxmox VE remotes, or under the configuration settings for Proxmox Backup Server remotes.
• New gauge-based widgets display visual context for CPU, memory, and storage utilization at a glance.
• Local host metrics are now also collected for the Proxmox Datacenter Manager host itself, visualizing resource consumption through integrated Round-Robin Database (RRD) graphs on the node status panel.

Central guest and snapshot management

Proxmox Datacenter Manager 1.1 marks the initial milestone toward comprehensive, central guest management. A new cross-remote view expands guest management by displaying all QEMU virtual machines and LXC containers across connected remotes. Administrators can display these guests in a sortable table or in a tree grouped by remote, use text filtering to quickly locate individual guests, and access frequently used actions from a unified overview.

The same interface now also provides snapshot management for these guest environments. Administrators can view snapshots in a parent-child tree and create, roll back, delete, or edit snapshot descriptions. In addition, a new “Resume” action for paused or suspended QEMU virtual machines complements the existing start, stop, and shutdown operations. As this represents the initial phase of centralized guest orchestration, users can expect additional day-to-day management tasks to be integrated in upcoming point releases.

Updated technology stack

Proxmox Datacenter Manager 1.1 is based on Debian 13.5 “Trixie” and features Linux kernel 7.0 as the new stable default. Along with ZFS 2.4, this release provides an up-to-date open-source software stack for modern centralized infrastructure management and day-to-day lifecycle operations.

Availability

Proxmox Datacenter Manager 1.1 is open-source software and immediately available for download at the official website. Users can obtain a complete installation image via ISO download, which contains the full feature set of the solution and can be installed quickly on bare-metal systems using an intuitive installation wizard.

Seamless distribution upgrades from older versions of Proxmox Datacenter Manager are possible using the standard APT package management system. Furthermore, it is also possible to install the platform on top of an existing Debian installation. As Free/Libre and Open Source Software (FLOSS), the entire solution is published under the GNU AGPLv3.

For enterprise environments, customers with active Enterprise support plans for their managed Proxmox Virtual Environment and Proxmox Backup Server remotes also gain access to Proxmox Datacenter Manager updates and support. No separate subscription key is required.

Resources:

• ISO Image Download: https://www.proxmox.com/downloads
• Forum Announcement: https://forum.proxmox.com/
• Video: What’s new in Proxmox Datacenter Manager 1.1
• Roadmap: For published and upcoming features, see the Release Notes & Documentation

###

About Proxmox Datacenter Manager
Proxmox Datacenter Manager is a centralized open-source management layer for distributed, large-scale Proxmox infrastructures. As a core building block of the expanding Proxmox ecosystem, it unifies independent Proxmox Virtual Environment clusters and Proxmox Backup Server instances across multiple sites and data centers into a single control plane. The web interface provides consolidated dashboards for real-time health, performance, and capacity tracking of nodes, virtual machines, containers, and storage. IT teams can centrally manage guest lifecycles, perform migrations, and execute global updates across connected remotes. Developed by Proxmox Server Solutions GmbH, the software is written in Rust, based on Debian, and released under the GNU AGPLv3.

About Proxmox Server Solutions
Proxmox Server Solutions provides powerful, intuitive open-source server software that guarantees vendor independence and minimizes total cost of ownership. Enterprises of all sizes rely on the company’s reliable vendor support, certified training services, and a global network of 3,000 integration partners to ensure business continuity. Established in 2005 and headquartered in Vienna, Austria, tens of thousands of corporate customers worldwide trust Proxmox solutions to secure mission-critical IT environments. To learn more visit https://www.proxmox.com or follow us on LinkedIn and YouTube.

Media contact
Daniela Häsler, Proxmox Server Solutions GmbH, marketing@proxmox.com 

What's Changed

Security & Fixes

• Restricted source and private key selection to the current team (#10348)
• Restricted environment deletion to the current team (#10349)
• Restricted server and network selection to the current team (#10352)
• Fixed source selection during repository setup (#10354)
• Hardened API token permission handling (#10355)
• Fixed service pages opening in the correct project and environment (#10358)
• Matched manual webhooks to the exact repository only (#10361)
• Improved GitHub App setup, installation, and reinstall flow (#10362)

New Services & Templates

• Added Cloudflare DDNS template (#8099)
• Added EMQX service template (#9568)
• Added OpenObserve template (#10279, closes #6328)
• Added Hermes Agent and WebUI one-click service (#10283)

Improvements

• Pinned Ryot, Jellyfin, Audiobookshelf, Grocy, and Mealie to stable image versions (#10116)
• Updated Gitea Runner to v1.0.6 (#10282)
• Improved the configuration changes modal readability and spacing (#10365)

What's Changed (Github)

• fix(source): scope private key and source selection to current team by @andrasbacsai in #10348
• fix(destination): scope server and network selection to current team by @andrasbacsai in #10352
• fix(environment): scope DeleteEnvironment lookups to current team by @andrasbacsai in #10349
• Fix source selection flow by @andrasbacsai in #10354
• Harden token permission handling by @andrasbacsai in #10355
• Refine service resource routing by @andrasbacsai in #10358
• fix(webhook): match manual webhook repositories exactly by @andrasbacsai in #10361
• fix(github): improve GitHub App setup and installation flow by @andrasbacsai in #10362
• fix(ui): improve configuration changes modal values, colors and spacing by @ShadowArcanist in #10365
• feat(templates): add Hermes Agent + WebUI one-click service by @toanalien in #10283
• chore(service): bumped gitea-runner version by @michalzarddev in #10282
• feat(service): add openobserve template by @afurculita in #10279
• feat(service): add EMQX by @MohmmadQunibi in #9568
• feat(template): add cloudflare-ddns template by @nktnet1 in #8099
• chore(service): pin services to static version instead of using latest tag by @kiterwork in #10116
• v4.1.1 by @andrasbacsai in #10357

New Contributors

• @toanalien made their first contribution in #10283
• @afurculita made their first contribution in #10279
• @MohmmadQunibi made their first contribution in #9568
• @kiterwork made their first contribution in #10116

Full Changelog: v4.1.0...v4.1.1

nginx-1.30.2 stable and nginx-1.31.1 mainline versions have been released, with a fix for buffer overflow vulnerability in the ngx_http_rewrite_module (CVE-2026-9256).

VIENNA, Austria – May 21, 2026 – Proxmox Server Solutions GmbH today announced the immediate availability of Proxmox Virtual Environment 9.2, the latest version of its integrated open-source platform for enterprise virtualization. This major update introduces a dynamic load balancer, expanded software-defined networking (SDN) capabilities, and granular management of custom CPU models. By improving resource utilization through dynamic workload balancing and simplifying complex cluster maintenance workflows, Proxmox VE 9.2 enables organizations to scale their infrastructure with higher efficiency and significantly reduced operational complexity.

Highlights in Proxmox Virtual Environment 9.2

Dynamic Load Balancer

A highlight of version 9.2 is the introduction of the Dynamic Load Balancer, which utilizes an intelligent decision-making framework to optimize guest placement for maximum cluster balance and reliability. Operating in a new dynamic mode, the cluster resource scheduler (CRS) incorporates real-time node and guest resource utilization into every placement decision. The integrated load balancer can automatically migrate guests managed by the High Availability (HA) stack to reduce the imbalance across the cluster nodes while strictly respecting all user-defined HA rules. Administrators maintain granular control through configurable options that define the behavior and sensitivity of the load Balancer through various parameters, providing organizations with superior oversight of resource utilization in highly available environments.

Expanded software-defined networking (SDN)

This release significantly improves its SDN stack to support modern network architectures.

• New Fabric Protocols: Native support for WireGuard and BGP has been integrated into the SDN stack.
• BGP/EVPN filtering: Support for route maps and prefix lists allows for fine-grained control over route redistribution.

Further additions include route redistribution for OSPF fabrics, additional options for configuring EVPN controllers, and IPv6 underlay support for EVPN.

Custom CPU model management

To provide greater flexibility for specialized workloads, Proxmox VE 9.2 introduces a dedicated management interface for custom CPU models. Administrators can now create, edit, and remove custom CPU profiles directly in the web interface under the “Datacenter” section. This makes it easier to tailor the virtual CPU features exposed to VMs, ensuring optimal workload performance. Additionally, the integrated CPU flags selector provides instant visibility into supported flags across all cluster nodes, helping administrators identify potential cluster-wide compatibility issues during the configuration phase.

Confident maintenance with HA Arm/Disarm

Addressing common administrative challenges during maintenance windows, Proxmox VE 9.2 introduces the ability to "disarm" and "arm" the HA Manager cluster-wide. Administrators can temporarily suspend the HA stack during planned cluster maintenance to prevent unwanted actions, such as fencing nodes. HA resource states are preserved during these disarm and arm cycles, ensuring HA resources return to their previous state and node placement automatically once maintenance is completed.

Updated technology stack

Proxmox Virtual Environment 9.2 is based on Debian 13.5 "Trixie" and features Linux kernel 7.0 as the new stable default. Along with the latest versions of QEMU 11.0, LXC 7.0, and ZFS 2.4, this release offers a high-performance open-source architecture for modern infrastructure.

As a complete data center ecosystem engineered for high-density virtualization and disaster recovery, version 9.2 provides businesses with a seamless management environment for compute, storage, and backup. This includes updated support for the storage layer, with Ceph Tentacle 20.2. now available as a stable option alongside Ceph Squid 19.2.

Availability

Proxmox Virtual Environment 9.2 is open-source software and immediately available for download at the official website. Users can obtain a complete installation image via ISO download, which contains the full feature set of the solution and can be installed quickly on bare-metal systems using an intuitive installation wizard.

Seamless distribution upgrades from older versions of Proxmox Virtual Environment are possible using the standard APT package management system. Furthermore, it is also possible to install Proxmox Virtual Environment on top of an existing Debian installation.

For enterprise environments, Proxmox offers comprehensive support plans that provide direct access to expert support services and stable and secure updates. These support contracts offer a cost-effective way to secure enterprise-grade stability, with pricing starting at EUR 120 per year and CPU. 

Resources:

• ISO Image Download: https://www.proxmox.com/en/downloads
• Forum Announcement: https://forum.proxmox.com/
• Video tutorial: What’s new in Proxmox VE 9.2
• Roadmap: For published and upcoming features, see the Release Notes & Roadmap

###

About Proxmox Virtual Environment
Powering over 2 million hosts globally, Proxmox Virtual Environment is a complete open-source platform for enterprise virtualization and hyper-converged infrastructure. It natively unifies KVM virtualization, LXC containers, software-defined storage, and networking on a single platform. Alongside its dedicated Backup Server and Datacenter Manager, the Proxmox ecosystem eliminates multi-site complexity as well as dependency on proprietary stacks. Backed by a global community of over 225,000 members, the platform serves as a scalable, cost-effective foundation for modern data centers.

About Proxmox Server Solutions
Proxmox Server Solutions provides powerful, intuitive open-source server software that guarantees vendor independence and minimizes total cost of ownership. Enterprises of all sizes rely on the company’s reliable vendor support, certified training services, and a global network of 3,000 integration partners to ensure business continuity. Established in 2005 and headquartered in Vienna, Austria, tens of thousands of corporate customers worldwide trust Proxmox solutions to secure their mission-critical IT environments. To learn more visit https://www.proxmox.com or follow us on LinkedIn and YouTube.

Contact: Daniela Häsler, Proxmox Server Solutions GmbH, marketing@proxmox.com