Support

• S

  Unverified/not approved chocolatey package categorized with Vulnerabilities:None
  • svc-4x9p2a_6341  

  1
  0
  Votes
  1
  Posts
  2
  Views

  No one has replied

• S

  Open LDAP and group based permissions
  ldap • • sirko_6724  

  3
  0
  Votes
  3
  Posts
  18
  Views

  S

  Hi Dan, thank you for your reply. Allow me to share more details below. They may help to tune the LDAP settings on ProGet side. Dummy user LDAP attributes from our LDAP server: dn: cn=service_accounts,ou=Departments,dc=innogames,dc=net objectClass: top objectClass: igDepartment cn: service_accounts description: Service Accounts maintained by System Administration dn: uid=proget-testuser,ou=People,dc=innogames,dc=net uid: proget-testuser mail: proget-testuser.it@innogames.fail sn: tokentest givenName: proget cn: proget testuser birthDate: 1970-01-01 gidNumber: 31279 uidNumber: 31279 homeDirectory: /home/proget-testuser objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: evolutionPerson objectClass: uidObject objectClass: igPerson objectClass: posixAccount igMemberOf: cn=service_accounts,ou=Departments,dc=innogames,dc=net # this is the relation attribute mailVerified: TRUE userPassword:: *SECRET* Current LDAP settings in ProGet: LDAP Connection Type: OpenLDAP/Generic LDAP Host: login.innogames.de Bind DN: cn=proget-test,ou=Applications,dc=innogames,dc=net Bind Password: *** User Search Base: dc=innogames,dc=net Users: (&(uid=%s)(igMemberOf=cn=proget-test,ou=Applications,dc=innogames,dc=net)) List User's Groups: (&(objectClass=igDepartment)(member=%s)) Group Search Base: ou=Departments,dc=innogames,dc=net Groups: (&(cn=%s)(objectClass=igDepartment)) List Group's Members: (&(objectClass=inetOrgPerson)(igMemberOf=%s)) User name Property Value: uid Display Name Value: displayName Email Property Value: mail Group Name Property Value: cn Screenshots to illustrate the missing user-group relation: Thank you again and best regards, Sirko
• P

  LDAP user name suffix removal
  proget ldap • • phil.sutherland_3118  

  2
  0
  Votes
  2
  Posts
  3
  Views

  P

  @phil-sutherland_3118 I should add that I've configured the above as a v4/Generic LDAP connection, and we're running 2025.19 as a container on a Linux host.
• S

  Zabbix rpm feed not working correctly
  • Sigve.opedal_6476  

  5
  0
  Votes
  5
  Posts
  13
  Views

  

  Hi @Sigve-opedal_6476, I haven't been able to reproduce this in a Rocky 9 test environment. After setting up the feed and connector in ProGet I ran dnf install zabbix-sql-scripts, and then repeated the test a few times with different versions and variations on formatting the versions. I also tried with cached and uncached packages. I was able to get a 404 to happen one time, but it was due to the upstream repo returning a 404 at the correct URL - which then worked the next time it was tried. Is this happening consistently for you?
• T

  Universal Package Versioning
  • tyler_5201  

  2
  0
  Votes
  2
  Posts
  8
  Views

  

  hi @tyler_5201, For a case like this, I'd recommend using a custom metadata field like _vendorVersion or something like that? Of course, that's going to be relatively easy. The hart part is to "map" the vendor numbers to a SemVer. I would look at the data, and decide how you want to "pack" them into three segments. 2024.3.201 might work, assuming there are less than 100 revisions per service pack. Or maybe 2024.302.1. The number is really just for you, so whatever makes sense to you :) Cheers, Alana
• P

  Proget apt snapshot support?
  proget debian • • phil.sutherland_3118  

  3
  0
  Votes
  3
  Posts
  13
  Views

  P

  Thanks for the comprehensive response - which was very helpful. Closing the loop, we've elected for the short term to run up a parallel aptly server to manage our existing apt snapshots, but in the longer term we'll revisit how we use snapshots at all and very likely will switch our process to use upstream provided snapshots.
• C

  An error duing cargo build
  • caspacokku_2900  

  14
  0
  Votes
  14
  Posts
  54
  Views

  

  Hi @caspacokku_2900, Thanks for posting this! We are happy to hear you up and running! We are currently reviewing a default value for the concurrent request limit in ProGet. As more and more package managers push towards a larger dependency tree, this limit is becoming a requirement for some feeds (cargo, npm, and NuGet being among the highest). Thanks, Rich
• S

  Using curl to either check or download a script file in Otter
  • scusson_9923  

  5
  0
  Votes
  5
  Posts
  24
  Views

  S

  Hello Alana, I tried that, but the catch returns as error if the file doesn't exist and fails the job. Thanks, Scott
• M

  Documentation for enabling https does not work: eventId 1000
  • michael.day_7391  

  6
  0
  Votes
  6
  Posts
  15
  Views

  

  Hi @michael-day_7391, Thanks for sending this over! We'll get this resolved within the next couple of maintenance releases of ProGet. Thanks, Rich
• D

  Would it be possible to add Tags to feeds and/or packages inside a feed?
  proget package • • daniel.pardo_5658  

  3
  0
  Votes
  3
  Posts
  9
  Views

  D

  @stevedennis I understand. Thank you for your fast Reply and explanation. I see why it can be troublesome and actually go against Proget's core functionality to allow what I was talking about. Thanks! Regards.
• D

  Universal Package feed changes package name when creating a package using the UI
  proget packages package-name • • daniel.pardo_5658  

  4
  0
  Votes
  4
  Posts
  6
  Views

  D

  @stevedennis I see, Thank you for your fast reply. Regards.
• D

  Vulnerability checking on Maven packages
  • davi.morris_9177  

  2
  0
  Votes
  2
  Posts
  8
  Views

  

  Hi @davi-morris_9177 , Unfortunately, the source data for these particular vulnerabilities specify invalid version numbers. A valid Maven version is a 5-part number consisting of 1-3 integer segments (separated by a .), an optional build number (prefixed with a -), and then an optional qualifier (another -). Following these rules, 2.9.10.8, is invalid. Valid versions are semantically sorted, where as invalid versions are alphabetically sorted -- which is what's causing the big headache here, since "2.21.1" < "2.9.10.8" when you sort alphabetically. At this time, we don't have any means to "override / bypass" source data, and rewriting/updating our Maven version parsing for just a small corner case (i.e. these old/irrelevant vulnerabilities in particular) doesn't seem worthwhile. As such, for the time being, your best solution is just to "Ignore" these vulnerabilities via an assessment. They are totally irrelevant now, not just because they refer to ancient versions, but there is simply no realistic real-world exploit path: https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 FYI - for ProGet 2026, we are working on a lot of improvements in vulnerability management that will reduce the noise of these non-exploitable vulnerabilities so teams can address actual risk and focus on delivering value instead of constant patching. Thanks, Alana
• G

  Layer Scanning is not working with images which is pushed with --compression-format zstd:chunked
  • geraldizo_0690  

  5
  0
  Votes
  5
  Posts
  14
  Views

  

  Hi @geraldizo_0690 , Nice find with the busybox image... that makes it a lot easier to test/debug on our end!! We already have a ZST library in ProGet so, In theory, it shouldn't be that difficult to use that for layers like this. We'll add that via PG-3218 in an upcoming maintenance release -- currently targeting February 20. Thanks, Alana
• C

  InitContainers never start with Azure Sql on ProGet 25.0.18
  • certificatemanager_4002  

  2
  -1
  Votes
  2
  Posts
  5
  Views

  

  Hi @certificatemanager_4002 , I'm sorry but I'm not familiar enough with Kubernetes to help troubleshoot this issue. All that I recognize here is the upgradedb command, which is documented here: https://docs.inedo.com/docs/installation/linux/installation-upgrading-docker-containers#upgrading-the-database-only-optional If you run that command from the command-line (on either linux or windows), things will written to the console. I wish I could tell you why you aren't seeing the messages. Thanks, Alana
• M

  AD integration not working in ProGet 2025.18
  • michael.day_7391  

  7
  0
  Votes
  7
  Posts
  30
  Views

  M

  Thanks. I've installed certificates on our domain controllers, and now I can connect properly with LDAPS and login via my domain account.
• P

  Http Logs enabled on only one server
  • parthu.reddy  

  8
  0
  Votes
  8
  Posts
  23
  Views

  

  Hi @parthu-reddy , I'm not sure if there's a relation here, but perhaps. The "running out of disk space" is not surpsing if you're indexing mega-repositories like the public debian repos. They are gigabytes in size. Here's some more info about those: https://blog.inedo.com/inedo/proget-2025-14-major-updates-to-debian-feeds You definitely want to switch to Indexing Jobs when you connect to public repops. This can be set at operating system level (it's the %ProgramData% special folder) or in ProGet under Admin > Advanced Settings > LocalStorage. Anyway this is somethitng best brought up as a separate topic if you have follow-ups (if you don't mind), I'd hate to pollute this thread with debian/indexing questions :) Cheers, Alana
• M

  Error importing from Artifactory: The SSL connection could not be established, see inner exception.
  • michael.day_7391  

  7
  0
  Votes
  7
  Posts
  23
  Views

  

  Hi @michael-day_7391 , I can't really comment on what you're seeing in the Artifactory logs (i.e. [1] and [2]), but when an Access Token is specified, that token is sent on requests via a Bearer authorization header (unless Use Legacy API Header is selected). Otherwise, the Username/Password are sent via a Basic header. This happens on each and every request, regardless of whether it's a file download, api call, etc. Probably just easier to disable authentication during the import if this keeps coming up. OCI Registries (i.e. what you're using for your Helm charts, as opposed to a regular Helm registry) are not supported, so you'd need to export those files and use disk-based import or something like that. Cheers, Alana
• F

  Deleting and creating a signing key for a Debian Feed doesn't give a success feedback, also still signature v3 is used?
  • frei_zs  

  3
  0
  Votes
  3
  Posts
  6
  Views

  F

  @atripp Ah, thanks, I did not read https://blog.inedo.com/inedo/proget-2025-14-major-updates-to-debian-feeds well enough, my bad, sorry. I'll talk to DevOps about the update then. Thanks for the fast reply! Best, Frank
• M

  Feed Group and Feed
  • michal.roszak_0767  

  5
  1
  Votes
  5
  Posts
  37
  Views

  

  Hi @mikael , We plan to add this support via PG-3213 in an upcoming maintenance release -- perhaps Feb 20 if all goes well! Cheers, Alana
• J

  Ability to show usage of (e.g. script) assets
  • jonathan.simmonds_0798  

  2
  0
  Votes
  2
  Posts
  13
  Views

  

  Hi @jonathan-simmonds_0798, Thanks for the suggestion! This has been a long-standing wish-list item, but it's deceptively complicated. The "current idea" is a feature called "raft analysis" that will create a list of all raft items that depend on other raft items. For example, a pipeline that references a script. Or, a script that calls a module, and so on. It could also detect warnings/errors and report them. Creating this list often involves opening thousands of files and "parsing" them, which is not a trivial operation... but we're only talking "a few minutes" in most cases. However, the main challenges arise with invalidating this list (many edits will cause that to happen), and then communicating the status of the rebuild to users. I'll add a note to our BuildMaster 2026 roadmap though and see if we can explore it again; the current focus is boring..... modernization (PostgreSQL). That said, you probably noticed it but.... you should be able to see if a particular pipeline has an error (like a missing script) on the piepline overview page. Not as nice. Thanks, Alana