GitPedia
Home/HomeSecExplorer/Proxmox-Hardening-Guide/Changelog
HomeSecExplorer

HomeSecExplorer/Proxmox-Hardening-Guide

Security hardening guides for PVE and PBS, built on CIS Debian Benchmark with Proxmox specific best practices.

6 Releases
Latest: 4mo ago
Version 0.9.5: 2026-02-090.9.5Latest
HomeSecExplorerHomeSecExplorer·4mo ago·February 9, 2026
GitHub

🐛 Fixed

  • PVE9:
  • Fixed an invalid sshd_config example in section 1.1.1 by properly closing the Match block to prevent sshd startup failures.
  • PVE8:
  • Fixed an invalid sshd_config example in section 1.1.1 by properly closing the Match block to prevent sshd startup failures.
Version 0.9.4: 2026-01-120.9.4
HomeSecExplorerHomeSecExplorer·5mo ago·January 12, 2026
GitHub

Added

  • PVE9:
  • Added Design principles
  • Added 2.1.5 Privileged Access Model (Root, Sudo, and Shell Access)
  • PBS4:
  • Added Design principles
  • Added 2.1.5 Privileged Access Model (Root, Sudo, and Shell Access)
  • PVE8:
  • Added Design principles
  • + 4 more
0.9.3: 2025-12-300.9.3
HomeSecExplorerHomeSecExplorer·5mo ago·December 30, 2025
GitHub

🐛 Fixed

  • PVE8: Minor improvements.
  • PBS3: Minor improvements.

Added

  • PVE9: Initial Proxmox VE 9.x Hardening Guide release.
  • PBS4: Initial Proxmox Backup Server 4.x Hardening Guide release.
0.9.2: 2025-10-050.9.2
HomeSecExplorerHomeSecExplorer·8mo ago·October 5, 2025
GitHub

🐛 Fixed

  • Removed unsafe recommendations for disabling access time tracking:
  • Removed `zfs set atime=off` from PBS3 section 1.2.4 ZFS dataset examples
  • Removed `relatime` from PBS3 section 1.2.4
  • Removed `noatime` from:
  • PBS3 section 1.2.5 mount options
  • PVE8 section 1.1.6 mount options
  • These settings can break PBS garbage collection or interfere with guest/system tooling.

📦 Thanks

  • Thanks to [Onslow](https://forum.proxmox.com/members/onslow.317257/) for identifying the critical risk with access-time disabling on PBS datastores.
0.9.1: 2025-09-250.9.1
HomeSecExplorerHomeSecExplorer·9mo ago·September 25, 2025
GitHub

Added

  • PVE 8.x:
  • Section 1.1.7: Enable “non-free-firmware” repositories
  • Section 1.1.8: Install CPU microcode
  • Section 1.2.7: Run container platforms inside VMs
  • Section 2.1.4: Emergency “break-glass” root access policy
  • Section 3.3: Ceph pool sizing and failure domains
  • Appendix D
  • PBS 3.x:
  • + 4 more

📋 Changed

  • PVE 8.x:
  • Moved 1.2.7 to 1.2.8
  • Moved 3.3 to 3.4
  • Moved 3.4 to 3.5
  • Relocated change notes out of appendix
  • PBS 3.x:
  • Relocated change notes out of appendix
  • Minor rewording and formatting improvements throughout

📦 Thanks

  • Thanks to Reddit feedback and [@JamesOBenson](https://github.com/JamesOBenson) for the contribution
0.9.0: Initial Release0.9.0
HomeSecExplorerHomeSecExplorer·9mo ago·August 31, 2025
GitHub

📦 Initial Release - 0.9.0

  • This is the first public release of the Proxmox Hardening Guide, covering both:
  • Proxmox VE 8.x
  • Proxmox Backup Server 3.x

📦 Project Status

  • This is an early release. Some controls are marked *“not yet validated”* and need further testing.
  • Community feedback and contributions are highly encouraged.
← Back to Proxmox-Hardening-Guide wiki