Support

• S

  Open LDAP and group based permissions
  ldap • • sirko_6724  

  2
  0
  Votes
  2
  Posts
  7
  Views

  

  Hi @sirko_6724, Which OpenLDAP-based server are you currently using? We have seen that most OpenLDAP-based servers tend to use different attributes based on their configuration. By default we use the values suggested by OpenLdap, but you may need to modify them to suite your setup. With that said, ProGet looks up both ways; get groups from the user and get users for the group. In most operations, ProGet will first find the user, then load their groups, and then check if the user or user's groups for permissions. Typically the starting point is verify the LDAP attributes and queries are correct for your OpenLDAP based server. Can you also share what you have configured for your LDAP attributes and LDAP queries? Thanks, Dan
• S

  Zabbix rpm feed not working correctly
  • Sigve.opedal_6476  

  5
  0
  Votes
  5
  Posts
  9
  Views

  

  Hi @Sigve-opedal_6476, I haven't been able to reproduce this in a Rocky 9 test environment. After setting up the feed and connector in ProGet I ran dnf install zabbix-sql-scripts, and then repeated the test a few times with different versions and variations on formatting the versions. I also tried with cached and uncached packages. I was able to get a 404 to happen one time, but it was due to the upstream repo returning a 404 at the correct URL - which then worked the next time it was tried. Is this happening consistently for you?
• T

  Universal Package Versioning
  • tyler_5201  

  2
  0
  Votes
  2
  Posts
  7
  Views

  

  hi @tyler_5201, For a case like this, I'd recommend using a custom metadata field like _vendorVersion or something like that? Of course, that's going to be relatively easy. The hart part is to "map" the vendor numbers to a SemVer. I would look at the data, and decide how you want to "pack" them into three segments. 2024.3.201 might work, assuming there are less than 100 revisions per service pack. Or maybe 2024.302.1. The number is really just for you, so whatever makes sense to you :) Cheers, Alana
• P

  Proget apt snapshot support?
  proget debian • • phil.sutherland_3118  

  3
  0
  Votes
  3
  Posts
  11
  Views

  P

  Thanks for the comprehensive response - which was very helpful. Closing the loop, we've elected for the short term to run up a parallel aptly server to manage our existing apt snapshots, but in the longer term we'll revisit how we use snapshots at all and very likely will switch our process to use upstream provided snapshots.
• C

  An error duing cargo build
  • caspacokku_2900  

  14
  0
  Votes
  14
  Posts
  52
  Views

  

  Hi @caspacokku_2900, Thanks for posting this! We are happy to hear you up and running! We are currently reviewing a default value for the concurrent request limit in ProGet. As more and more package managers push towards a larger dependency tree, this limit is becoming a requirement for some feeds (cargo, npm, and NuGet being among the highest). Thanks, Rich
• S

  Using curl to either check or download a script file in Otter
  • scusson_9923  

  5
  0
  Votes
  5
  Posts
  20
  Views

  S

  Hello Alana, I tried that, but the catch returns as error if the file doesn't exist and fails the job. Thanks, Scott
• M

  Documentation for enabling https does not work: eventId 1000
  • michael.day_7391  

  6
  0
  Votes
  6
  Posts
  13
  Views

  

  Hi @michael-day_7391, Thanks for sending this over! We'll get this resolved within the next couple of maintenance releases of ProGet. Thanks, Rich
• D

  Would it be possible to add Tags to feeds and/or packages inside a feed?
  proget package • • daniel.pardo_5658  

  3
  0
  Votes
  3
  Posts
  9
  Views

  D

  @stevedennis I understand. Thank you for your fast Reply and explanation. I see why it can be troublesome and actually go against Proget's core functionality to allow what I was talking about. Thanks! Regards.
• D

  Universal Package feed changes package name when creating a package using the UI
  proget packages package-name • • daniel.pardo_5658  

  4
  0
  Votes
  4
  Posts
  6
  Views

  D

  @stevedennis I see, Thank you for your fast reply. Regards.
• D

  Vulnerability checking on Maven packages
  • davi.morris_9177  

  2
  0
  Votes
  2
  Posts
  8
  Views

  

  Hi @davi-morris_9177 , Unfortunately, the source data for these particular vulnerabilities specify invalid version numbers. A valid Maven version is a 5-part number consisting of 1-3 integer segments (separated by a .), an optional build number (prefixed with a -), and then an optional qualifier (another -). Following these rules, 2.9.10.8, is invalid. Valid versions are semantically sorted, where as invalid versions are alphabetically sorted -- which is what's causing the big headache here, since "2.21.1" < "2.9.10.8" when you sort alphabetically. At this time, we don't have any means to "override / bypass" source data, and rewriting/updating our Maven version parsing for just a small corner case (i.e. these old/irrelevant vulnerabilities in particular) doesn't seem worthwhile. As such, for the time being, your best solution is just to "Ignore" these vulnerabilities via an assessment. They are totally irrelevant now, not just because they refer to ancient versions, but there is simply no realistic real-world exploit path: https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 FYI - for ProGet 2026, we are working on a lot of improvements in vulnerability management that will reduce the noise of these non-exploitable vulnerabilities so teams can address actual risk and focus on delivering value instead of constant patching. Thanks, Alana
• G

  Layer Scanning is not working with images which is pushed with --compression-format zstd:chunked
  • geraldizo_0690  

  5
  0
  Votes
  5
  Posts
  14
  Views

  

  Hi @geraldizo_0690 , Nice find with the busybox image... that makes it a lot easier to test/debug on our end!! We already have a ZST library in ProGet so, In theory, it shouldn't be that difficult to use that for layers like this. We'll add that via PG-3218 in an upcoming maintenance release -- currently targeting February 20. Thanks, Alana
• C

  InitContainers never start with Azure Sql on ProGet 25.0.18
  • certificatemanager_4002  

  2
  -1
  Votes
  2
  Posts
  5
  Views

  

  Hi @certificatemanager_4002 , I'm sorry but I'm not familiar enough with Kubernetes to help troubleshoot this issue. All that I recognize here is the upgradedb command, which is documented here: https://docs.inedo.com/docs/installation/linux/installation-upgrading-docker-containers#upgrading-the-database-only-optional If you run that command from the command-line (on either linux or windows), things will written to the console. I wish I could tell you why you aren't seeing the messages. Thanks, Alana
• M

  AD integration not working in ProGet 2025.18
  • michael.day_7391  

  7
  0
  Votes
  7
  Posts
  30
  Views

  M

  Thanks. I've installed certificates on our domain controllers, and now I can connect properly with LDAPS and login via my domain account.
• P

  Http Logs enabled on only one server
  • parthu.reddy  

  8
  0
  Votes
  8
  Posts
  22
  Views

  

  Hi @parthu-reddy , I'm not sure if there's a relation here, but perhaps. The "running out of disk space" is not surpsing if you're indexing mega-repositories like the public debian repos. They are gigabytes in size. Here's some more info about those: https://blog.inedo.com/inedo/proget-2025-14-major-updates-to-debian-feeds You definitely want to switch to Indexing Jobs when you connect to public repops. This can be set at operating system level (it's the %ProgramData% special folder) or in ProGet under Admin > Advanced Settings > LocalStorage. Anyway this is somethitng best brought up as a separate topic if you have follow-ups (if you don't mind), I'd hate to pollute this thread with debian/indexing questions :) Cheers, Alana
• M

  Error importing from Artifactory: The SSL connection could not be established, see inner exception.
  • michael.day_7391  

  7
  0
  Votes
  7
  Posts
  23
  Views

  

  Hi @michael-day_7391 , I can't really comment on what you're seeing in the Artifactory logs (i.e. [1] and [2]), but when an Access Token is specified, that token is sent on requests via a Bearer authorization header (unless Use Legacy API Header is selected). Otherwise, the Username/Password are sent via a Basic header. This happens on each and every request, regardless of whether it's a file download, api call, etc. Probably just easier to disable authentication during the import if this keeps coming up. OCI Registries (i.e. what you're using for your Helm charts, as opposed to a regular Helm registry) are not supported, so you'd need to export those files and use disk-based import or something like that. Cheers, Alana
• F

  Deleting and creating a signing key for a Debian Feed doesn't give a success feedback, also still signature v3 is used?
  • frei_zs  

  3
  0
  Votes
  3
  Posts
  6
  Views

  F

  @atripp Ah, thanks, I did not read https://blog.inedo.com/inedo/proget-2025-14-major-updates-to-debian-feeds well enough, my bad, sorry. I'll talk to DevOps about the update then. Thanks for the fast reply! Best, Frank
• M

  Feed Group and Feed
  • michal.roszak_0767  

  5
  1
  Votes
  5
  Posts
  37
  Views

  

  Hi @mikael , We plan to add this support via PG-3213 in an upcoming maintenance release -- perhaps Feb 20 if all goes well! Cheers, Alana
• J

  Ability to show usage of (e.g. script) assets
  • jonathan.simmonds_0798  

  2
  0
  Votes
  2
  Posts
  13
  Views

  

  Hi @jonathan-simmonds_0798, Thanks for the suggestion! This has been a long-standing wish-list item, but it's deceptively complicated. The "current idea" is a feature called "raft analysis" that will create a list of all raft items that depend on other raft items. For example, a pipeline that references a script. Or, a script that calls a module, and so on. It could also detect warnings/errors and report them. Creating this list often involves opening thousands of files and "parsing" them, which is not a trivial operation... but we're only talking "a few minutes" in most cases. However, the main challenges arise with invalidating this list (many edits will cause that to happen), and then communicating the status of the rebuild to users. I'll add a note to our BuildMaster 2026 roadmap though and see if we can explore it again; the current focus is boring..... modernization (PostgreSQL). That said, you probably noticed it but.... you should be able to see if a particular pipeline has an error (like a missing script) on the piepline overview page. Not as nice. Thanks, Alana
• P

  Deleting Debian feed and connectors didn't delete local index files
  • parthu.reddy  

  2
  0
  Votes
  2
  Posts
  6
  Views

  

  Hi @parthu-reddy , At this time, we don't have a disk cleanup procedure for local storage like this; we may add it in the future, but for the time being you can just delete them. The LocalStorage folder is ephemeral -- not quite "temp" storage, but the contents can be deleted. They will just be recreated next time it's needed. Thanks, Alana
• M

  Nuget connector stuck in failed state ("'0x00' is an invalid start of a property name")
  • mayorovp_3701  

  4
  0
  Votes
  4
  Posts
  10
  Views

  

  Hi @mayorovp_3701 Actually zero byte in position 1 looks like attempt to read UTF16-LE-encoded json as UTF8 Oh that's a great observation! Yeah that sounds like a reasonable explanation. But still... how could that even be possible? It's not like ProGet is going to randomly swap an encoding like that, and it's not like NuGet is going to store .json files incorrectly. As for experimentation, next time it happens: remove one of the connectors from the feed to which one navigate to the JSON endpoints of the connector in question, to see if you see the bad JSON try to identify a pattern of behavior that causes this watch for HTTP access logs to see if you can find the exact URL that's being accessed at the time of the connector failure (assuming it's a self-connector) be prepared to attach a MITM proxy to ProGet (Admin > Proxy) Thanks, Alana