I repackaged the Owin package but didn't relalize that that would break all my builds as the dll's are now in a 1.0.0 folder where all the project files expect them in the 1.0 folder.
I guess this would work if the projects are in sdk project format but most of them are not.
Hi,
I upgraded from 2025.27 to 2026 but was no longer able to access proget through https
Our internal address: https://packages.vicrea.nl/
The local http address still worked: http://localhost:8624/
I reverted back to 2025.27 and that works again.
Could not find much more info then this in the event viewer
Category: Microsoft.AspNetCore.Server.Kestrel
EventId: 0
Overriding address(es) 'http://*:8624, https://packages.vicrea.nl:443'. Binding to endpoints defined via IConfiguration and/or UseKestrel() instead.
Kind regards,
Valentijn
Hi,
I was on a short vacation but today I upgraded to 2026.3 (build 14) without any problems.
This probably fixed it:
PG-3299 2026.3 FIX: Hostname based binding fails when hosting on Windows with HTTP.SYS
Kind regards,
Valentijn
I tried http://:8624, https://:443 before upgrading but that does not work and gives the same event viewer warning:
Overriding address(es) 'http://:8624, https://:443'. Binding to endpoints defined via IConfiguration and/or UseKestrel() instead.
Hi,
I upgraded from 2025.27 to 2026 but was no longer able to access proget through https
Our internal address: https://packages.vicrea.nl/
The local http address still worked: http://localhost:8624/
I reverted back to 2025.27 and that works again.
Could not find much more info then this in the event viewer
Category: Microsoft.AspNetCore.Server.Kestrel
EventId: 0
Overriding address(es) 'http://*:8624, https://packages.vicrea.nl:443'. Binding to endpoints defined via IConfiguration and/or UseKestrel() instead.
Kind regards,
Valentijn
Hi,
My instance says that build 22 is available but Inedo Hub only shows build 21.
Am I too early is something missing?
Kind regards,
Valentijn
Thanks for the confirmition we downgraded to 2025.19
Hi,
We updates to Proget 2025.21 and a build started failing with this message.
npm error 400 Bad Request - GET https://packages.vicrea.nl/npm/VicreaNpmJs/eslint-config-prettier/-/eslint-config-prettier-9.1.0.tgz - Package is known to contain malicious code.
Which is great but it seems all versions of eslint-config-prettier are now blocked although not all are versions actually malicious
https://nvd.nist.gov/vuln/detail/CVE-2025-54313
Is this by design or am i missing something?
@stevedennis I tried in a docker image but also could not reproduce it reading SBOM from the UI. We have a major release ahead perhaps i can try after the release, but failing builds scares people me included.
@stevedennis we went back to an older version that doesn't break our builds and accepts this SBOM
I tried to reproduce it in a docker image but then i need a license key and the latest docker image version isn't build 9 but 6
@stevedennis I sent the SBOM to support
@stevedennis we switched back to latest 2024 version and SQL server and the builds are working again. I can't include the SBOM in the post as its to large, can I mail it or upload it somewhere?
I switched the nps feed audit to enabled (use ProGet's vulnerabilities and assessments)