SUSE Manager Server 5.0

Release Notes
2025-07-10 22:51:07 +0400
Table of Contents

  * Version revision history
  * About SUSE Manager 5.0
      + Containerization
      + Native AppStream support
      + Confidential Computing Attestation
      + Enhanced CVE Audit
      + Expanded operating system support
      + Health Check Tool
  * Installation
      + Requirements
      + Upgrade from previous version of SUSE Manager Server
      + Virtual Machine images for SUSE Manager Server 5.0
  * Major changes since SUSE Manager Server 5.0 GA
      + Features and changes
          o Version 5.0.5
              # Important Salt Security Update
              # Backup and Restore Support
              # SUSE Linux Enterprise 15 SP7 support as client
              # Container-Based KIWI Image Build Support
          o Version 5.0.4.1
              # SUSE Manager 4.3 LTS
              # Monitoring: Node exporter upgraded to 1.9.1
              # Monitoring: Grafana upgraded to 11.5.5
              # Monitoring: Prometheus upgraded to 2.53.4
              # Monitoring: Prometheus Alertmanager
              # Monitoring: Blackbox exporter
          o Version 5.0.4
              # Host OS Support Expanded to Include SLES 15 SP6
              # Improved CVE Audit with OVAL Data (Tech Preview)
              # Password Policy Enforcement for New Users
              # CVE fixes
          o Version 5.0.3
              # SUSE CDN Upgrade
              # SL Micro 6.1 support as client
              # Data Forwarding to SCC
              # Add MAC based terminal naming option
              # POS image templates updates
          o Version 5.0.2.1
              # Updated Images for SUSE Manager 5.0
          o Version 5.0.2
              # Ubuntu 24.04 support as client
              # Product migration from RHEL and Clones to SUSE Liberty Linux
              # POS image templates now produce compressed images
              # Date format for API endpoints
              # CVE fixes
          o Version 5.0.1
              # SUSE Manager Server cloud images
              # Configure AppStreams via Activation Keys
              # Migration: Prepare command
              # Transactional-update.timer Disabled
      + Patches
          o Version 5.0.5
          o Version 5.0.4.1
          o Version 5.0.4
          o Version 5.0.3
          o Version 5.0.2
          o Version 5.0.1
  * Major changes since SUSE Manager Server 4.3
      + Base system changed
      + Salt 3006.0
      + PostgreSQL 16
      + Upgrade to Java 17
      + New products enabled
      + Native support for AppStream repositories
      + Confidential Computing Attestation
      + New update-salt recurring state
      + System getRelevantErrata API endpoint
      + Monitoring
          o Node exporter upgraded to 1.7.0
          o Grafana upgraded to 9.5.18
      + Changed behaviour of repo-sync
      + Removed features
          o Traditional Stack removed
          o Bare metal discovery/provisioning
          o Visualization pages
      + Deprecated features
          o Virtualization
          o ISSv1
          o 'spacewalk-manage-channel-lifecycle' has been deprecated
  * Upgrade
      + Upgrading with SUSE Manager Proxy
      + Upgrading with inter-server synchronization
  * Unsupported products
  * Deprecated products
  * Support
      + Supportconfig confidentiality disclaimer
      + Supportability of embedded software components
      + Support for older products
      + Support for SUSE Liberty Linux
      + Support for RHEL, CentOS and Oracle Linux Clients
      + Support for Rocky Linux & AlmaLinux
      + Support for Ubuntu Clients
      + Support for Debian Clients
      + L1 support for RHEL and CentOS ppc64le clients
      + SCAP Security Guide support
      + Browser support
      + SUSE Manager installation
  * Known issues
      + SUSE Manager 5.0 on SLES 15 SP6
      + KIWI Image Template Update: Switch to venv-salt-minion
      + No network interface in Raw DASD image for s390x
      + Important: Migration from 4.3 to 5.0 Issue
      + Salt - IPv6 Connection refusal after migrating to SUSE Manager 5.0
      + Monitoring for SUSE Linux Micro 6.0
      + Migration from SLE Micro 5.5 to SUSE Linux Micro 6.0
      + Migration from SLES 15 SP3 to SLES 15 SP4 issue
      + Retail: Local boot issue of SLE12 SP5 based images
      + Transactional systems - Salt SSH execution
      + mgrpush tool
      + mgr-bootstrap tool removed from the Proxy
  * Keep Informed
  * Providing feedback
  * Resources
  * Legal Notices
  * Colophon

5.0.5

This SUSE product includes materials licensed to SUSE under the GNU General
Public License (GPL). The GPL requires that SUSE makes available certain source
code that corresponds to the GPL-licensed material. The source code is
available for download.

For up to three years after SUSE's distribution of the SUSE product, SUSE will
mail a copy of the source code upon request. Requests should be sent by e-mail
or as otherwise instructed here. SUSE may charge a fee to recover reasonable
costs of distribution.

Version revision history

  * July 2025: 5.0.5 release

  * June 18th 2025: 5.0.4.1 release

  * April 18th 2025: 5.0.4 release

  * February 18th 2025: 5.0.3 release

  * December 16th 2024: 5.0.2.1 release

  * November 18th 2024: 5.0.2 release

  * September 17th 2024: 5.0.1 release

  * July 16th 2024: 5.0 GA

About SUSE Manager 5.0

SUSE Manager 5.0, the latest release from SUSE Manager based on the Uyuni
Project, delivers a best-in-class open source infrastructure management and
automation solution that is designed to seamlessly manage and automate your
infrastructure. It helps lower costs, reduce complexity, and enhance
availability across Edge, Cloud, and Datacenter environments.

As an integral part of modern software-defined infrastructure, SUSE Manager 5.0
brings forth the following new or improved capabilities to your Edge, Cloud,
and Datacenter environments.

Containerization

SUSE Manager 5.0 represents a significant evolution with its delivery in
containers, offering enhanced modularity and efficiency. In version 4.3, the
SUSE Manager Proxy and Retail Branch Server were containerized. However, with
this release, the SUSE Manager Server is now delivered in containers.

This shift allows for improved portability, simplifying deployment and
management in modern container-centric environments. By containerizing the
Server, flexibility is increased and it becomes easier to adapt to various
infrastructure setups. This is the first step toward further modularization,
preparing SUSE Manager Server for resilience and scalability. Future versions
of SUSE Manager are expected to continue this journey.

Containerization streamlines deployment and management processes, resulting in
better resilience and improved infrastructure availability. These changes
reflect a commitment to delivering a more adaptable and efficient solution for
managing different environments.

These enhancements are expected to greatly benefit users, providing them with a
more flexible and efficient SUSE Manager.

Native AppStream support

AppStreams in Red Hat Enterprise Linux (RHEL) are repositories that provide
curated software packages, solving the problem of discovering and installing
applications, libraries, and development tools efficiently on RHEL systems
while simplifying the required list of RPM repositories.

However, SUSE Manager has been supporting RHEL 8 and RHEL 9 by removing modular
data from the AppStream. This process involved flattening the repository by
removing the modular data, essentially reverting it to a traditional repository
format.

With SUSE Manager 5.0, we will be removing this limitation so SUSE Manager can
natively support AppStreams. This enhancement will significantly improve the
user experience, enabling users to manage systems consistently both from SUSE
Manager and directly from the clients using DNF.

Confidential Computing Attestation

Confidential Computing is becoming increasingly crucial in our industry. While
there is significant ongoing work in the industry and within SUSE on this
topic, SUSE Manager will play a role in aiding confidential computing
attestation. We will adopt a phased approach, starting with a small-scale
implementation and gradually expanding. Initially, our offering will be
exclusively on AMD-based hardware, aligning with available tools.

Enhanced CVE Audit

SUSE Manager's CVE audit feature scans systems and images for known security
vulnerabilities (CVEs), providing administrators with visibility and enabling
prioritization and mitigation based on severity. Previously, it relied on
channel metadata to determine system vulnerability, leading to limitations in
distinguishing between unaffected systems and those lacking needed patches.

To expand this, we are enhancing the approach by integrating OVAL data provided
by the upstream. This helps us avoid false positives and allows for system
scanning without the need to synchronize channels. Channel information will
continue to be for patch application and remediation.

Expanded operating system support

With the release of SUSE Manager 5.0, the platform now supports next-generation
SL Micro 6.0, SLE 15 SP6 family, and Liberty 7 LTSS, allowing for centralized
management of Enterprise Linux distributions irrespective of their location.

SUSE Manager now boasts management capabilities for various distributions, such
as SUSE Linux Enterprise Server, SUSE Linux Enterprise Server for SAP
Applications, SUSE Linux Enterprise Server Micro, Red Hat Enterprise Linux,
openSUSE, SUSE Liberty Linux, Oracle Linux, CentOS, AlmaLinux, Rocky Linux,
Ubuntu, Debian, and Amazon Linux.

Health Check Tool

SUSE Manager 5.0 will introduce a standalone Health Check tool. This tool
provides a detailed dashboard, metrics, and logs from a SUSE server, showcasing
its current health status. Users can efficiently evaluate the health of their
running instance and identify any potential errors for effective
troubleshooting.

Installation

Requirements

SUSE Manager 5.0 will not be a base product. Instead, it will be an extension
for SUSE Linux Enterprise Micro 5.5, provided through the SUSE Customer Center.
This extension will include all the necessary tools to install and manage SUSE
Manager. It is compatible with SUSE Enterprise Linux Micro 5.5 and supports
x86_64, s390x, IBM POWER (ppc64le) and now also ARM64 (AArch64) architectures.

SUSE Manager Server, Proxy, and Retail Branch Server will be delivered in
containers, accessible from the SUSE Registry.

Only the containerized versions of SUSE Manager Server, Proxy and Retail Branch
Server will be available for SUSE Manager 5.0.

No separate subscription is required for SUSE Linux Enterprise Micro.
Additionally, VM images are provided for simplified setup, featuring preloaded
configurations for easy customization.

Currently, the PostgreSQL database is locally deployed within the same
container environment as the Server. In an upcoming version of SUSE Manager, we
are considering adding support for remote PostgreSQL databases.

Note An external database is currently unsupported, despite the option
     appearing under the mgradm tool's help section.

For more details on system requirements, see the Installation Guide on https://
documentation.suse.com/suma/5.0/.

          SUSE Linux Enterprise Micro 5.5 has been chosen as the supported host
          OS for SUSE Manager 5.0 and will remain so throughout SUSE Manager
Important 5.0 lifecycle. Please do not upgrade the host OS where SUSE Manager
          5.0 is running to a newer version unless explicitly instructed
          otherwise.

          In SUSE Manager 5.0, Netavark is the only supported network
Important management tool for containerized environments. If it does not meet
          your requirements and you prefer an alternative, please contact our
          support team for evaluation.

          A full database volume can cause significant issues with system
          operation. As disk usage notifications have not yet been adapted for
          containerized environments, users are encouraged to monitor the disk
Important space used by Podman volumes themselves, either through tools such as
          Grafana, Prometheus, or any other preferred method. Pay particular
          attention to the var-pgsql volume, located under /var/lib/containers/
          storage/volumes/.

Upgrade from previous version of SUSE Manager Server

Please be aware that an in-place upgrade from SUSE Manager Server 4.3 is not
supported. However, SUSE Manager 5.0 comes equipped with the necessary tools to
streamline the migration process. This involves running both versions in
parallel and transferring data from the existing 4.3 Server to the new 5.0
Server though.

          After successfully running the `mgradm migrate command for migration,
          the Salt setup on all minions will still point to the old server. To
Important redirect them to the new server (destination server), it is required
          to rename the new server at the infrastructure level (DHCP and DNS)
          to use the same Fully Qualified Domain Name and IP address as old
          server (source server).

Once the migration is complete, all connected clients will seamlessly continue
to run without any changes.

For detailed instructions on upgrading, please refer to the Upgrade Guide
available at https://documentation.suse.com/suma/5.0/.

Virtual Machine images for SUSE Manager Server 5.0

SUSE Manager 5.0 will come with virtual machine images tailored for KVM and
VMware. These images will support x86_64, s390x, IBM POWER (ppc64le), and now
also ARM64 (AArch64) architectures.

These virtual machine images provide pre-configured environments that can be
quickly deployed in KVM and VMware environments, saving time and effort in
setting up virtual machines from scratch.

Using these images is the recommended and supported method for deploying new
instances of SUSE Manager Server on these platforms.

For detailed instructions, see the Deploy as a Virtual Machine section in the
official documentation.

          On transactional systems like SLE Micro, the system is automatically
          updated and restarted nightly by the reboot manager. Although we have
          disabled this feature in the VM images we provide, it remains enabled
          by default if SUSE Manager is installed using the SLE Micro ISO. We
          highly recommend disabling this on the system running SUSE Manager.
Important Users can do so by:

          systemctl --now disable transactional-update.timer

          For more information on this https://documentation.suse.com/sle-micro
          /5.5/html/SLE-Micro-all/sec-transactional-udate.html#
          sec-automatic-updates

Major changes since SUSE Manager Server 5.0 GA

Features and changes

          With the next version, SUSE Manager will be rebranded and renamed to
          SUSE Multi-Linux Manager. This new name better reflects the product's
Important capabilities and emphasizes its operating system-agnostic nature,
          showcasing its ability to manage multiple Linux distributions. You
          may have already noticed the new name being used in some places.

Version 5.0.5

Important Salt Security Update

This update includes some critical fixes for Salt. The following CVE fixes are
part of this release:

  * CVE-2024-38824 - bsc#1244565

  * CVE-2025-22239 - bsc#1244574

  * CVE-2025-22236 - bsc#1244568

  * CVE-2025-22237 - bsc#1244571

  * CVE-2024-38825 - bsc#1244566

  * CVE-2025-22240 - bsc#1244567

  * CVE-2024-38823 - bsc#1244564

  * CVE-2025-22241 - bsc#1244570

  * CVE-2025-22238 - bsc#1244572

  * CVE-2025-22242 - bsc#1244575

  * CVE-2024-38822 - bsc#1244561

          These CVEs affect both the Salt master and the minions. Some of these
          vulnerabilities are very critical and could pose significant security
          risks if not addressed. User must upgrade both the Salt master and
          the minions to ensure their environment is protected.
Important
          As always, the Salt master must be upgraded before upgrading the
          minions. This is especially important in this case to prevent
          exceptions or errors on the minions if the master has not been
          updated first.

Backup and Restore Support

SUSE Manager 5.0.5 introduces a built-in backup and restore solution via the
mgradm backup command-line tool. It provides a reliable and consistent way to
safeguard your Multi-Linux Manager installation, simplifying disaster recovery
and system migration.

The mgradm backup create command performs a full backup of all critical data,
while mgradm backup restore enables system recovery. Additional subcommands and
options are available and can be viewed using the tool's help output.

Regular use of this tool is recommended to prevent data loss and ensure quick
recovery in case of failure.

Note This approach may require substantial disk space and time to complete,
     depending on the size of your environment.

SUSE Linux Enterprise 15 SP7 support as client

SUSE Manager 5.0 now supports managing SUSE Linux Enterprise 15 SP7 family as
client.

For more details about the supported features, check the Client Configuration
Guide.

Check the Client Configuration Guide for information about how to manage SUSE
Linux Enterprise 15 SP7 clients with SUSE Manager 5.0.

Container-Based KIWI Image Build Support

SUSE Manager 5.0.5 introduces a container-based KIWI image build system, in
addition to the existing legacy KIWI and KIWI NG tools.

The build system used depends on the underlying OS or specific pillar values:

  * SLE 11 / SLE 12 ? legacy KIWI v7

  * SLE 15 ? KiwiNG (v9 and containerized KIWI 10)

Administrators can override the default behavior using the following pillar or
custom values:

  * use_kiwi_ng ? force the use of KIWI 9

  * use_kiwi_container ? force the use of containerized KIWI 10

          This enhancement will not be included in the upcoming SUSE
          Multi-Linux Manager 5.1.0 release. Instead, it is planned for one of
          the future maintenance updates of version 5.1.
Important
          If you require this feature and are planning to migrate from version
          5.0.5 to 5.1, we recommend postponing the migration until the
          enhancement becomes available in a 5.1 maintenance update.

Version 5.0.4.1

SUSE Manager 4.3 LTS

This is an informational note for users running SUSE Manager 4.3 Proxies
alongside SUSE Manager 5.0 server.

SUSE Manager 4.3 will enter Long-Term Support (LTS) status after 30 June 2025
and will remain supported for one additional year for customers with an active
LTS subscription. During this period, it will continue to receive critical bug
fixes and security updates until June 2026.

You can find more information about the lifecycle at https://www.suse.com/
lifecycle/

Monitoring: Node exporter upgraded to 1.9.1

golang-github-prometheus-node_exporter has been updated from version 1.7.0 to
1.9.1

Check the upstream changelogs for more details (including some release upgrades
not previously mentioned in the release notes):

  * https://github.com/prometheus/node_exporter/releases/tag/v1.9.1

  * https://github.com/prometheus/node_exporter/releases/tag/v1.9.0

  * https://github.com/prometheus/node_exporter/releases/tag/v1.8.2

  * https://github.com/prometheus/node_exporter/releases/tag/v1.8.1

  * https://github.com/prometheus/node_exporter/releases/tag/v1.8.0

The following CVEs have been addressed:

  * CVE-2025-22870: Matching of hosts against proxy patterns can improperly
    treat an IPv6 zone ID as a hostname component

  * CVE-2023-45288: An attacker may cause an HTTP/2 endpoint to read arbitrary
    amounts of header data by sending an excessive number of CONTINUATION
    frames

Monitoring: Grafana upgraded to 11.5.5

Grafana has been updated from version 10.4.13 to version 11.5.5, including
breaking changes. The following CVEs have been addressed:

  * CVE-2025-22872

  * CVE-2025-3580

  * CVE-2025-3454

  * CVE-2025-2703

  * CVE-2025-22870

  * CVE-2024-9476

  * CVE-2024-9264

  * CVE-2023-45288

  * CVE-2025-4123

  * CVE-2025-27144

  * CVE-2024-51744

  * CVE-2024-45339

  * CVE-2024-11741

  * CVE-2024-45337

Check the upstream changelog for all the details.

For detailed information about the fixes and features, you can refer to the
following links:

  * Grafana Release v10.4.14

  * Grafana Release v10.4.15

  * Grafana Release v11.0.0

  * Grafana Release v11.0.1

  * Grafana Release v11.1.0

  * Grafana Release v11.1.1

  * Grafana Release v11.1.3

  * Grafana Release v11.1.4

  * Grafana Release v11.1.5

  * Grafana Release v11.2.0

  * Grafana Release v11.2.1

  * Grafana Release v11.2.2

  * Grafana Release v11.3.0

  * Grafana Release v11.3.1

  * Grafana Release v11.4.0

  * Grafana Release v11.4.1

  * Grafana Release v11.5.0

  * Grafana Release v11.5.1

  * Grafana Release v11.5.2

  * Grafana Release v11.5.3

  * Grafana Release v11.5.4

  * Grafana Release v11.5.5

Monitoring: Prometheus upgraded to 2.53.4

Prometheus golang-github-prometheus-prometheus has been upgraded from version
2.45.6 to version 2.53.4. The update includes number of enhancements and bug
fixes.

This upgrade also includes the fix for the following CVEs:

  * CVE-2023-45288

  * CVE-2025-22870

  * CVE-2024-51744

Check the upstream changelogs for more details:

  * https://github.com/prometheus/prometheus/releases/tag/v2.53.4

  * https://github.com/prometheus/prometheus/releases/tag/v2.53.3

  * https://github.com/prometheus/prometheus/releases/tag/v2.53.2

  * https://github.com/prometheus/prometheus/releases/tag/v2.53.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.53.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.52.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.51.2

  * https://github.com/prometheus/prometheus/releases/tag/v2.51.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.51.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.50.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.50.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.49.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.49.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.48.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.48.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.47.2

  * https://github.com/prometheus/prometheus/releases/tag/v2.47.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.47.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.46.0

Monitoring: Prometheus Alertmanager

Prometheus golang-github-prometheus-alertmanager has been patched to include
the fix for the following CVEs:

  * CVE-2023-45288: Fix HTTP/2 CONTINUATION flood in net/http

  * CVE-2025-22870: Fix proxy bypassing using IPv6 zone IDs

Monitoring: Blackbox exporter

Prometheus prometheus-blackbox_exporter has been updated from version 0.24.0 to
version 0.26.0.

Check the upstream changelogs for more details:

  * https://github.com/prometheus/blackbox_exporter/releases/tag/v0.26.0

  * https://github.com/prometheus/blackbox_exporter/releases/tag/v0.25.0

The fixes for the following CVEs have been included:

  * CVE-2025-22870: Fix proxy bypassing using IPv6 zone IDs

  * CVE-2023-45288: Fix closing connections when receiving too many

Version 5.0.4

Host OS Support Expanded to Include SLES 15 SP6

SLE Micro 5.5 was initially selected as the host operating system for SUSE
Manager 5.0 due to its modern architecture and suitability for containerized
environments, with the goal of enabling it on more operating systems in the
future.

Soon after, based on valuable feedback from users, it became clear that there
was a demand to run Multi-Linux Manager on more traditional operating systems
like SLES, even before the release of 5.1.

Therefore, SUSE Manager 5.0 will now be also supported when running on SUSE
Linux Enterprise Server 15 SP6 as a host operating system. This applies to the
Server, Proxy, and Retail Branch Server components.

This change provides more flexibility and lowers the barrier for existing users
transitioning to SUSE Manager 5.0.

     Images that bundle the operating system with SUSE Manager 5.0, including
Note those used in cloud environments, will continue to be based on SLE Micro.
     If you prefer to use SLES 15 SP6, you can do so by manually installing
     SUSE Manager on top of it.

     When running SUSE Manager 5.0 on top of SLE Micro 5.5, no separate
Note subscription is required for the operating system. However, for SLES 15
     SP6, users must bring their own subscription (BYOS).

For more information, see Deploy Server on SUSE Linux Enterprise Server 15 SP6
for the server and Deploy Proxy on SUSE Linux Enterprise Server 15 SP6 for the
proxy.

Improved CVE Audit with OVAL Data (Tech Preview)

The CVE Audit feature in SUSE Manager has traditionally relied on patch
metadata from channels to identify affected systems.

With this release, SUSE Manager introduces a new and improved CVE Audit
mechanism based on OVAL (Open Vulnerability and Assessment Language) data. This
new approach allows for more precise and accurate vulnerability assessments by
evaluating system packages directly against OVAL definitions.

This feature is currently released as a Tech Preview. Users can begin testing
the OVAL-based CVE Audit to gain better insights into their systems' exposure
to known vulnerabilities.

     This enhancement is disabled by default. Users can manually enable it to
Note try the new functionality. If any issues arise, the system can easily
     revert to the previous patch-based CVE Audit by changing the relevant
     configuration setting.

For more information, see Oval section.

Password Policy Enforcement for New Users

In previous versions, SUSE Manager did not support password policy enforcement.
Administrators could set any password for users, regardless of complexity.

With this release, administrators can now define and enforce password policies
for SUSE Manager users. Once configured, the system ensures that all newly
created user passwords adhere to the specified rules.

This helps organizations comply with internal security standards and improve
overall password security.

     Existing user accounts are not affected retroactively. This enforcement
Note applies only to newly created user accounts. Users are encouraged to
     review and adjust their password policy settings under the Admin section
     to match their organization?s security needs.

CVE fixes

This update includes a critical CVE fix. We highly recommend upgrading your
SUSE Manager instances as soon as possible to ensure they remain secure.

  * CVE-2025-23392 - Filter user input in systems list page.

Version 5.0.3

SUSE CDN Upgrade

SUSE has transitioned to a new content delivery network (CDN) provider, Akamai,
as of January 9th, 2025. This upgrade enhances the security and performance of
patch and update distribution for all SUSE Linux-based products, excluding
those in the SUSE Rancher family.

We don?t expect any issues with this transition for our users, but if you
encounter any problems, please reach out to us.

For more details about this change, please visit SUSE CDN Upgrade (login to SCC
required).

SL Micro 6.1 support as client

SUSE Manager 5.0 now supports managing SUSE Linux Micro 6.1 as client. For more
details about the supported features, check the Client Configuration Guide.

Check the Client Configuration Guide for information about how to manage SUSE
Linux Micro 6.1 clients with SUSE Manager 5.0.

Data Forwarding to SCC

To ensure consistency and avoid surprises, all client systems connected through
SUSEconnect, RMT, or SMT are displayed in SCC. Similarly, SUSE Manager Server
also forwards relevant data to SCC to provide a unified view.

Building on this, SUSE Manager will now forward additional details, such as SAP
workload information and the running container runtime, aligning its behavior
with other tools.

Moreover, to make it easier for users who may have disabled this option, a
notification will appear every three months, offering a simple way to enable
data forwarding to SCC with just a single click.

To view the exact data collected in SCC, please refer to the official
documentation https://documentation.suse.com/subscription/suseconnect/
single-html/SLE-suseconnect-visibility/#system-data-gathered-by-scc

Add MAC based terminal naming option

SUSE Manager now allows users to configure Minion registration to use a MAC
address instead of HW-TYPE-MACHINE-ID during the setup of SUSE Manager for
Retail.

By using the MAC address in the registration string, each machine becomes
uniquely identifiable, reducing confusion in scenarios such as network or boot
issues, where multiple entries for the same hardware might have previously
occured.

This enhancement improves clarity and simplifies hardware identification and
management within SUSE Manager for Retail environments.

POS image templates updates

Following updates have been made in the POS image templates

  * JeOS7 and Graphical7 templates can now be built also on SLE15SP6 build host

  * JeOS7 and Graphical7 templates no longer silently ignore saltboot dracut
    module installation failure

Version 5.0.2.1

Updated Images for SUSE Manager 5.0

SUSE Manager 5.0 offers custom images for virtual machines and bare-metal
deployments, supporting multiple architectures and formats. We are now
refreshing these images to incorporate SUSE Manager version 5.0.2. The updated
images will feature the latest available version of SUSE Manager along with
various improvements and fixes.

Version 5.0.2

Ubuntu 24.04 support as client

SUSE Manager 5.0 now supports managing Ubuntu 24.04 (amd64) clients as both
Salt and Salt SSH minions. All features previously available for managing older
Ubuntu versions are also functional for Ubuntu 24.04. For more details about
the supported features, check the Client Configuration Guide.

Check the Client Configuration Guide for information about how to manage Ubuntu
24.04 clients with SUSE Manager 5.0.

Note: SCAP profiles for Ubuntu 24.04 are not yet available in the
scap-security-guide package. Users will need to source and provide the
necessary SCAP content from an alternative location to use SUSE Manager SCAP
auditing features for Ubuntu 24.04.

Product migration from RHEL and Clones to SUSE Liberty Linux

Previously, we added the 'liberate' Salt formula for simplifying the process
for users to migrate from CentOS and RHEL instances to SUSE Liberty Linux. With
this latest release, we are enhancing this migration process even further. Now,
users can easily migrate systems already onboarded in SUSE Manager by
leveraging our enhanced product migration feature, previously limited to SUSE
products. This should significantly improve the user experience and make system
migrations to SUSE Liberty Linux smoother.

POS image templates now produce compressed images

Base POS image templates were updated and POS images built from base templates
are now compressed by default.

Date format for API endpoints

All API endpoints now return dates in the ISO-8601 format, simplifying the
process of chaining API calls where the expected date format is ISO-8601.
Please note that this change might require adjustments to your existing scripts
to ensure compatibility with the updated date format.

CVE fixes

This update includes critical CVE fixes. We highly recommend upgrading your
SUSE Manager instances as soon as possible to ensure they remain secure.

  * CVE-2024-47533 - Cobbler: Authentication Exploit

  * CVE-2024-22037 - SUSE Manager: Database password leaked by systemd
    uyuni-server-attestation service

  * CVE-2024-49502 - Validate proxy hostname format and escape proxy username
    to mitigate XSS vulnerabilities

  * CVE-2024-49503 - Escape organization credentials username to mitigate XSS
    vulnerability

Version 5.0.1

SUSE Manager Server cloud images

With this update, we are excited to announce the availability of
Bring-your-own-subscription (BYOS) images on Amazon Cloud, Microsoft Azure and
Google cloud. These new options complement our existing on-premises deployment
model, giving you more flexibility in how you use SUSE Manager.

For more detailed information, please refer to the BYOS section under Public
cloud guide in the SUSE Manager 5.0 documentation.

Configure AppStreams via Activation Keys

With the 5.0 release, we removed the restriction on flattening AppStream
repositories. This improvement allows users to manage their clients both from
SUSE Manager and directly on the client using DNF if needed.

We had also introduced a new Web UI page under System > Software > AppStreams,
where users can enable or disable modules and their streams on the client.

This enhancement now extends to Activation Keys as well. You can configure an
activation key with the desired AppStreams modules, and when a client will be
onboarded using that Activation Key, the correct AppStream modules will be
automatically enabled on that client.

Additionally, this update also introduces addAppStreams and removeAppStreams
methods to the ActivationKey namespace, allowing users to configure activation
keys and achieve the same through the API.

Migration: Prepare command

SUSE Manager 5.0 comes with the migrate command to facilitate the upgrade from
4.3 to 5.0. However, for large deployments with a substantial number of
packages and a large database, the migration process can be complex and
time-consuming.

To address this, we've added a --prepare option to the mgradm migrate command.
This option uses rsync to pre-copy content, significantly reducing the time
required for the actual migration. Additionally, the source server doesn't need
to be stopped during this pre-copy phase. Since it uses rsync, this command can
be run multiple times without any issues.

During the final migration, services on the source server are stopped, and the
migration command is executed to rsync everything once more and perform the
necessary transformations.

Transactional-update.timer Disabled

On transactional systems, such as SLE Micro, the transactional-update.timer
service will be automatically disabled during onboarding. This prevents
unexpected updates and reboots, giving users full control over system
management through SUSE Manager.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 5.0.5

cobbler:

  * Prevent crash during Cobbler startup on NFS environments (bsc#1240666)

  * Synchronize cobbler add and sync actions (bsc#1233371)

  * Exclude disabled profiles from buildiso gen (bsc#1230908)

grafana-formula:

  * Version 5.0.0

      + Add SUSE Linux Enterprise Server 15 SP7 to the supported versions (bsc#
        1245368)

      + Drop old unsupported SUSE versions from the supported versions list

  * Version 0.12.0

      + Migrate from deprecated Graph panels to new timeseries panels

inter-server-sync:

  * Version 0.3.7-0

      + Add SSL signed export and import validation (bsc#1241239)

  * Version 0.3.6-0

      + Package /var/log/hub (bsc#1243724)

saltboot-formula:

  * Update to version 0.1.1750679229.f368550

      + Support local boot to deployed kernel even when version does not match
        pillar boot version (bsc#1238514)

  * Update to version 0.1.1728559936.c16d4fb

spacecmd:

  * Version 5.0.13-0

      + Improve translation update process

      + Update translation strings

spacewalk-admin:

  * Version 5.0.11-0

      + Support environment variables in rhn-config-satellite (bsc#1242148)

      + mgr-monitoring-ctl: avoid possible UnicodeDecoreError due to non-ascii
        characters (bsc#1242030)

spacewalk-backend:

  * Version 5.0.14-0

      + CVE-2025-46809: Do not expose HTTP Proxy password when breaking URL
        format (bsc#1245005)

      + Enhance permissions for reposync zypper cache

  * Version 5.0.13-0

      + Use localhost instead of getfqdn as server_url (bsc#1238320)

      + Do not log debug messages as errors (bsc#1240124)

      + Improve translation update process

      + Fix fetching the mirrorlist with a CA bundle which includes only the
        intermediate CAs. This is the case for RHUI CA bundles (bsc#1243241).

      + Make reposync allow commas as part of HTTP Proxy password (bsc#1243460)

      + Remove bootloader linux and initrd files from spacewalk-debug

      + Fix zstd-compressed comps file reposync use case (bsc#1243821)

      + Use libzypp's Curl2 backend during reposync (bsc#1245222)

spacewalk-certs-tools:

  * Version 5.0.10-0

      + Add the possibility to use env variables for ACTIVATION_KEYS and
        ORG_GPG_KEY

      + Add the possibility to use env variable for HOSTNAME

spacewalk-client-tools:

  * Version 5.0.10-0

      + Improve translation update process

      + Update translation strings

spacewalk-config:

  * Version 5.0.7-0

      + Allow passing env variables to rhn-config-satellite (bsc#1242148)

      + Disable directory listing (bsc#1241094)

spacewalk-java:

  * Version 5.0.27-0

      + CVE-2025-46811: Clean up stale sessions on websocket open (bsc#1246119)

  * Version 5.0.26-0

      + Fix tooltip text for icons in the patches list (bsc#1234608)

      + Fix: openscap audit is running immediately even when scheduled for next
        days (bsc#1239743)

      + Adds calling a highstate in the API for actionchain (bsc#1157520)

      + Fix: Using reboot_suggested or restart_suggested by API always responds
        false (bsc#1236910)

      + Fix: severity levels are missing in API output of errata.getDetails (
        bsc#1240038)

      + Fix http_proxy_password stored as clear text in /var/log/messages (bsc#
        1242148)

      + Fix: manage errors in user-defined pillars (bsc#1230403)

      + Fix: remove SCAP file upload size limit setting (bsc#1240050)

      + In CLM live-patching template form, show kernel versions from base
        product as well (bsc#1239907)

      + Fix several pages returning 500 status

      + CVE-2025-23393: Filter user input in systems list page (bsc#1240386)

      + Remove unneeded debug message

      + Better handling of system list filtering (bsc#1242004) string escape in
        the paged query builder

      + Automatically expand channels when searching (bsc#1230282)

      + Ensure browser cache is busted when newer assets are available (bsc#
        1240984)

      + Update notification message styles

      + Fix system/listActiveSystems queries (bsc#1242010)

      + Improve performance when changing channels on multiple system through
        SSM (bsc#1239154)

      + Fix package locking for packages not available anymore in the assigned
        repositories (bsc#1236877)

      + Fix state apply result formatting by splitting one the correct string
        token

      + Do not show Vendor Advisory link for SL-Micro 6.0 and 6.1 products.
        They are not published yet on the web (bsc#1237770)

      + Fix ISE when adding package to channel (bsc#1240076)

      + Change releasenotes URL for SUSE Multi-Linux Manager 5.1

      + Fix semantic version validation to allow optional suffixes (bsc#1243292
        )

      + Adapt new version update checker for containers

      + Improve Ubuntu OVAL data parsing to detect more CVEs

      + Fix: Removed old xsd dynaform validation (bcs#1241140)

      + Fix CLM channel name definition (bsc#1239868)

      + Add custom 403 error page for unauthorized access (bsc#1243375)

      + Fix content visibility issues on the Action Chains page (bsc#1239558,
        bsc#1239559)

      + Fix action chain scheduled within SSM creates no link for the new
        action chain (bsc#1243825)

      + CVE-2025-23392: Filter user input in systems list page (bsc#1239826)

spacewalk-proxy:

  * Version 5.0.6-0

      + Disable directory listing (bsc#1241094)

spacewalk-reports:

  * Version 5.0.3-0

      + Fix system/listActiveSystems queries (bsc#1242010)

spacewalk-search:

  * Version 5.0.4-0

      + Update ivy development files

spacewalk-utils:

  * Version 5.0.7-0

      + Fix SSL error when connecting to localhost in the container (bsc#
        1240023)

      + Fix spacewalk-hostname-rename with containers (bsc#1229825)

spacewalk-web:

  * Version 5.0.21-0

      + Fix button alignment in filter modal (bsc#1240160)

      + Adjust modal height for small screens

      + Update brand name in Admin proxy page

      + Fix setup wizard organization credentials list subscriptions not
        showing correctly the first time (bsc#1243765)

      + Fix: Filters of type Product Temporary Fix cannot be created bsc#
        1238922

      + Better handling of system list filtering (bsc#1242004)

      + CVE-2025-23392: Filter user input in systems list page (bsc#1239826)

      + CVE-2025-23393: Filter user input in systems list page (bsc#1240386)

      + Fix NPM dependency license aggregation bug

      + Fix layout issues on Ansible pages

      + Fix sticky toolbar hiding notification messages on packages page (bsc#
        1239621)

      + Fix layout issues in product page (bsc#1240131)

      + Ensure browser cache is busted when newer assets are available (bsc#
        1240984)

      + Update web UI dependencies

      + Improve translation update process

      + Fix: better react state handling (bcs#1241140)

      + Fix the date picker in CLM filter creation (bsc#1237710)

      + Fix content visibility issues on the Action Chains page (bsc#1239558,
        bsc#1239559)

      + Fix datetime picker opening unexpectedly (bsc#1237710)

      + Bump the WebUI version to 5.0.5

subscription-matcher:

  * Version 0.40

      + Fix integer overflow which can cause a division by zero error (bsc#
        1243239)

susemanager:

  * Version 5.0.13-0

      + Use a persisting folder for custom modules to import in
        mgr-create-bootstrap-repo (bsc#1242135)

      + Improve translation update process

      + Fix creating bootstrap repositories for products which have only a base
        channel (bsc#1239747)

susemanager-build-keys:

  * Changed keys to use SHA256 UIDs instead of SHA1. (bsc#1237294 bsc#1236779
    jsc#PED-12321)

  * rename: build-alp-09d9ea69-645b99ce.asc to build-alp-09d9ea69.asc

  * rename: gpg-pubkey-3fa1d6ce-63c9481c.asc to gpg-pubkey-3fa1d6ce.asc

  * addjust: suse_ptf_key_2023.asc, suse_ptf_key.asc

susemanager-docs_en:

  * Added containers file and linked it to navigation list in Installation and
    Upgrade Guide

  * Added new backup/restore implementation in Administration Guide

  * Added information about passing environment variables to bootstrap script
    in Client Configuration Guide

  * Enhanced instructions about router advertisements and parameter value
    needed for IPv6 route in Installation and Upgrade Guide (bsc#1241034)

  * Added SLE15 SP7 as supported client

  * Added missing 4505 and 4506 Salt ports in network requirements in

  * Added parameter value needed for IPv6 route to Installation and Upgrade
    Guide (bsc#1241034)

  * Improved proxy deployment sections in Installation and Upgrade Guide

  * Updated Network Requirement section to add settings for server
    configuration behind HTTP OSI level 7 proxy.

  * Improved server migration in Installation and Upgrade Guide

  * Clarified that NFS with Cobbler is not supported (bsc#1240666)

  * Removed SCAP file size limit from Reference Guide

  * Documented uptodate action in Common Workflows Guide as background
    information

  * Documented in Administration Guide that action chains are user-specific (
    bsc#1242561)

  * Added background information about installing PTF on an air-gapped server
    in Installation and Upgrade Guide

  * Documented renaming the journal folder when changing machine ID in
    Administration Guide (bsc#1241286)

  * Added java.smtp_server parameter for mail configuration in Administration
    Guide (bsc#1241490)

  * Unified hardware requirements for proxy and server installation in
    Installation and Upgrade Guide (bsc#1240635); images now default to 40 GB
    root partition

  * Documented SUSE Linux Enterprise Server 15 as valid migration target (bsc#
    1240901)

  * Marked OVAL data consumption as Technology Preview

  * Added password definition requirements to Administration Guide

  * Restructured Server Installation to better distinguish between SUSE Linux
    Enterprise Micro and SUSE Linux Enterprise Server as host operating system
    respectively (bsc#1239801)

  * Implemented PDF branding update for 2025 branding

  * Enhanced CVE auditing feature in Administration Guide

  * Added additional registry link to Installation and Upgrade Guide (bsc#
    1240010)

  * Added instructions for Proxy installation on SUSE Linux Enterprise Server
    15 SP6 to Installation and Upgrade Guide

  * Documented handling of pub directory of the web server in the context of
    proxy (bsc#1238827)

  * Fixed removing Salt bundle client procedure in Client Configuration

  * Added system_listeventhistory to spacecmd reference in Reference Guide (bsc
    #1239604)

  * Fix report-db schema doc layout according to standards

  * Update report-db docs to schema version 5.0.6

  * Define apache configuration file just as %config without "noreplace" to
    make config changes in the container possible (bsc#1236565)

susemanager-schema:

  * Version 5.0.15-0

      + Fix system/listActiveSystems queries (bsc#1242010)

      + Fix typo in OES 24.4 channel definition

      + Improve CLM build time through query optimization (bsc#1235847)

susemanager-sls:

  * Version 5.0.14-0

      + Read CWD for remote commands from pillar (bsc#1238173)

      + Adjust SLS files for SUSE Linux Enterprise 15SP7 and other systems
        running higher Python versions

      + Add container based kiwi10 build system

      + Optimize SAP module to prevent high IO workload (bsc#1241455)

      + Move Prometheus PostgreSQL exporter configuration to the persisting
        volume /etc/sysconfig (bsc#1239903)

susemanager-sync-data:

  * Version 5.0.13-0

      + Fix typo in OES 24.4 product definition

uyuni-common-libs:

  * Version 5.0.7-0

      + Fix decompress function for the zst format (bsc#1243821)

uyuni-storage-setup:

  * Version 5.0.4-0

      + Ensure selinuxenabled exists before executing it (bsc#1241060)

uyuni-tools:

  * Version 0.1.31-0

      + Add the info message about End User License Agreement

      + Don't migrate py2*-compat-salt.conf files (bsc#1240626)

      + Check for restorecon before using it (bsc#1240698)

      + Adjust the distro path in cobbler files after migration (bsc#1238929)

      + Add mgradm support ptf podman --pullPolicy flag (bsc#1236877)

      + Support: don't dump files in bound folders (bsc#1243297)

      + Cleanup host supportconfig files (bsc#1242174)

      + During migration, check if backup already exists (bsc#1243105)

      + Remove SHM size limits from all containers (bsc#1243274)

      + Don't migrate /etc/apache2/vhosts.d/cobbler.conf

      + Fix migration --prepare for autoinstallable distributions (bsc#1243802)

      + Skip instalation if the server is already set up (bsc#1238849)

      + Bump the default image tag to 5.0.5

Version 5.0.4.1

spacewalk-java:

  * Version 5.0.25-0

      + Fix: Internal server error when accessing groups in activation keys (
        bsc#1237581)

      + Fix UI accordions (bsc#1239795)

spacewalk-web:

  * Version 5.0.19-0

      + Fix UI accordions (bsc#1239795)

Version 5.0.4

patterns-suse-manager:

  * Do not hardcode the product pretty name but make it configurable

  * Require Java 17 JDK

spacecmd:

  * Version 5.0.12-0

      + Allow translation to wrap strings as weblate forces it

      + Show Source String change for translations

spacewalk-admin:

  * version 5.0.10-0

      + Fix billing-data-service configuration after upgrade from 4.3(bsc#
        1236118)

  * Version 5.0.9-0

      + Add tool to migrate configuration values into the database

spacewalk-backend:

  * Version 5.0.12-0

      + Allow translation to wrap strings as weblate forces it

      + Show Source String change for translations

      + Make ISSv1 timezone independent (bsc#1221505)

      + Allow spacewalk-repo-sync filtering using NEVRA instead of package name
        only (bsc#1234226)

      + Fix AttributeError: ENABLE_NVREA for reposyncing (bsc#1226273)

      + Fix wrong timestamp when importing packages with rhnpush (bsc#1235970)

      + Implement module to get configuration values from the database

      + Cast float pkg metadata to int (gh#uyuni-project/uyuni#9613)

      + New password policy implemented, removal of old defaults

      + Improve Debian reposync logging (bsc#1227859)

spacewalk-certs-tools:

  * Version 5.0.9-0

      + Copy generated CA rpms instead of moving them to prevent SELinux
        context category issues

spacewalk-client-tools:

  * Version 5.0.9-0

      + Allow translation to wrap strings as weblate forces it

      + Show Source String change for translations

spacewalk-config:

  * Version 5.0.6-0

      + Add new config: reposync_nevra_filter (bsc#1234226)

spacewalk-java:

  * Version 5.0.24-0

      + Fix: refactor usage of js fetch with internal utility and more robust
        update-only behavior when saving/resetting policy (bsc#1240960)

  * Version 5.0.23-0

      + Fix: Automatic transaction management when saving the password policy (
        bsc#1240960)

  * Version 5.0.22-0

      + Add support for OVAL CVE analyzes on Ubuntu

  * Version 5.0.21-0

      + CVE-2025-23392: Filter user input in systems list page.(bsc#1239826)

  * Version 5.0.20-0

      + Enable the synchronization of OVAL data

      + Enable the configuration of OVAL data sources

      + Add support for OVAL based CVE auditing to SLE & Leap Micro

      + Filter away Debian12 boostrap extra log messages

      + Fixes: update packages list when a SLE micro gets updated (bsc#1227118)

      + Fix formatting in 'contentmanagement' API docs (bsc#1225287)

      + Simplify HTTP proxy setup in setup wizard (bsc#1235527)

      + Layout improvements for the login page and error page

      + Fix Monitoring detection on Oracle Linux (bsc#1234033)

      + Set a send date when preparing emails

      + Proxy server FQDN merge java filter (bsc#1236011)

      + Better logs on SP migration

      + Fix issue preventing OES products from showing up (bsc#1236268)

      + Fix config channels not following priority in highstate (bsc#1237694)

      + Fix API namespace for AdminPaygHandler

      + Fix race at updating system overview table (bsc#1235853)

      + Fix double-delete in Cancel Actions

      + Replace server hostname in chained proxy tftp container (bsc#1236166)

      + Add option to set kernel and post kernel options on provisioning via
        API

      + Password policy restrictions and functions first release

spacewalk-web:

  * Version 5.0.18-0

      + Fix: refactor usage of js fetch with internal utility (bsc#1240960)

  * Version 5.0.17-0

      + Add a column to the CVE auditing result table to show the data source
        (OVAL or channels) used for auditing the system

      + Increase complexity for generated passwords (bsc#1231983)

      + Simplify HTTP proxy setup in setup wizard (bsc#1235527)

      + Layout improvements for the login page and error page

      + Allow translation to wrap strings as weblate forces it

      + Show Source String change for translations

      + Adjusted login page theme to align with branding

      + Password policy restrictions and functions first release

subscription-matcher:

  * Version 0.39

      + Cleaup the code

      + Fix wrong matching for 2 Sockets or 2 VMs subscription string (bsc#
        1238924)

      + Fix logging

      + Update runtime dependencies

subscription-matcher-kit:

  * Update kit for subscription-matcher version v0.39

susemanager:

  * Version 5.0.12-0

      + Create SLE15SP7 bootstrap repo definitions

      + Allow translation to wrap strings as weblate forces it

      + Show Source String change for translations

      + Write new pg_hba conf to correct directory to prevent SELinux context
        category problem

susemanager-docs_en:

  * Added new workflow for installing the product on ppc64le to Common
    Workflows book

  * Updated instructions for deploying PAYG on Azure

  * Added instructions for Server installation on SUSE Linux Enterprise Server
    15 SP6 to Installation and Upgrade Guide

  * Add section about container image inspection to Image

  * Fixed procedure in Troubleshooting section about full disk event in the
    Administration Guide (bsc#1237535)

  * Removed misleading admonition at the beginning of the Replace Certificates
    section in the Administration Guide

  * Added section about container image inspection to Image Management chapter
    in Administration Guide (bsc#1236323)

  * Added note about cache_dir size in Installation and Upgrade Guide

  * Fixed typo in Installation and Upgrade Guide (bsc#1237403)

  * Updated host renaming in Troubleshooting section of the Administration
    Guide

  * Set version number of host operating system back to SUSE Linux Enterprise
    Micro 5.5

  * Improved SSL certificate importing in Administration Guide (bsc#1236707)

  * Removed image with beta reference in Installation and Upgrade Guide (bsc#
    1236678)

  * Clarified functionality of CLM package/patch allow filters (bsc#1236234)

  * Updated Backup and Restore chapter regarding containerization in

  * Corrected the instruction for logging in to Azure instance in Specialized
    Guides (bsc#1234442)

  * Corrected the wording in the procedure in Administration Guide (bsc#1236625
    )

  * Improved documentation on CLM filters in Administration Guide (bsc#1234202)

  * Corrected contact method in autoinstallation chapter in Client
    Configuration Guide

  * Added admonition that NFS does not support SELinux labeling and should not
    be used in Installation and Upgrade Guide

  * Improved Remove Channel chapter in the Administration Gudie (bsc#1233500)

  * Corrected server SSL self-signed certificates renewal procedure in
    Administration Guide (bsc#1235696)

  * Updated external Link in Client Configuration Guide (bsc#1235825)

  * Fixed Retail Branch Server documention in the Retail Guide.

susemanager-schema:

  * Version 5.0.14-0

      + Add a new task to handle OVAL data synchronization

      + Password policy restrictions and functions first release

      + Fix for bad schema migration

susemanager-sls:

  * Version 5.0.13-0

      + Remove unnecessary Salt Minion upgrade cleanup from highstate

      + Change uptodate recurring action to use dist-upgrade instead of upgrade
        for Deb systems (bsc#1237060)

susemanager-sync-data:

  * Version 5.0.11-0

      + Add OVAL data download location for Ubuntu

  * Version 5.0.10-0

      + Deploy a configuration file named oval.config.json to configure OVAL
        data sources

susemanager-tftpsync-recv:

  * Version 5.0.2-0

      + Fix possible errors replacing IP addresses and FQDNs for proxies on pxe
        and grub files (bsc#1236601)

uyuni-common-libs:

  * Version 5.0.6-0

      + Make ISSv1 timezone independent (bsc#1221505)

uyuni-tools:

  * version 0.1.29-0

      + Revert use of :z flag on server volumes (bsc#1235861)

      + Escape lang_package macro properly

      + Relabel proxy config files on SELinux (bsc#1235658)

      + Bump the default image tag to 5.0.4

init-image:

  * version 5.0.11

      + Image rebuilt to the newest version with updated dependencies

server-attestation-image:

  * Version 5.0.8

      + Image rebuilt to the newest version with updated dependencies

server-hub-xmlrpc-api-image:

  * Version 5.0.10

      + Image rebuilt to the newest version with updated dependencies

server-image:

  * Version 5.0.13

      + Image rebuilt to the newest version with updated dependencies

server-migration-14-16-image:

  * Version 5.0.11

      + Image rebuilt to the newest version with updated dependencies

Version 5.0.3

branch-network-formula:

  * Update to version 0.1.1728559936.c16d4fb

      + Add MAC based terminal naming option (jsc#SUMA-314)

cobbler:

  * Remove xmlrpc_privilege_escalation_prevention.patch: patch has been merged
    upstream

  * Mention cobbler.rpmlintrc file in spec

  * Let users specify ESP for the buildiso command (bsc#1220902)

locale-formula:

  * Update to version 0.4.0

      + Refresh spec file

      + Changed ids to avoid conflicts(bsc#1027642)

      + Add missing group spec file

      + Updated files with gpl header + copying file

pxe-formula:

  * Update to version 0.3.0

      + spec file updates

  * Fix license snippets in source to be correctly GPL-2.0+

  * Update to version 0.2.0

      + Add MAC based terminal naming option (jsc#SUMA-314)

      + Store pxe configuration in grains

saltboot-formula:

  * Update to version 0.1.1728559936.c16d4fb

      + Add MAC based terminal naming option (jsc#SUMA-314)

  * Update to version 0.1.1723628891.ffb1da5

      + Rework request stop function to avoid unnecessary warnings (bsc#1212985
        )

spacecmd:

  * Version 5.0.11-0

      + Update translation strings

spacewalk-backend:

  * Version 5.0.11-0

      + Rename table suseProductSCCRepository to the more meaningful name
        suseChannelTemplate (bsc#1234994)

      + Add dependency to libzypp to support new token style

      + Fix mgr-sign-metadata-ctl check-channels when checking for signatures
        in repomd metadata (bsc#1233884)

      + Set default rpm package summary if it's missing (bsc#1232530)

      + Detect and update errata when not all repository packages are linked (
        bsc#1227644)

spacewalk-client-tools:

  * Version 5.0.8-0

      + Update translation strings

spacewalk-config:

  * Version 5.0.5-0

      + Remove no longer valid PAM configuration (bsc#1231377)

spacewalk-java:

  * Version 5.0.19-0

      + Update spacewalk-java to next release

  * Version 5.0.18-0

      + Fix internal server error in 'listSystemsByPatchStatus' API endpoint (
        bsc#1235908)

  * Version 5.0.17-0

      + SUSE CDN token identifier changed

  * Version 5.0.16-0

      + Update UI tip pointing to new kickstarts template directory(bsc#1221219
        )

      + Re-wording 'Monitoring' to 'Monitor this host' on the UI systems
        properties page (bsc#1212161)

      + Fix bug when accessing menu Systems | System Set Manager | Misc |
        Reboot with no system selected (bsc#1222820)

      + Fix migration options after migrating a Minion to SUSE Liberty Linux 9
        (bsc#1233258)

      + Only show versions for 'kernel-default' in CLM Live Patching template (
        bsc#1233400)

      + Ensure channel lists are reliably sorted by name (bsc#1233724)

      + More robust parsing of max memory configuration (bsc#1229000)

      + Fix All Managed packages list (bsc#1233450)

      + Use dots instead of underscores in apidoc (bsc#1233761)

      + Prevent class cast exceptions when getting cobbler profiles (bsc#
        1227759)

      + Fix parsing UpdateAvailable notifications (bsc#1228261)

      + Fix missing FROM-clause entry for table 'pn' in managed software list (
        bsc#1233450)

      + Update numerous page layouts

      + Ensure icon fonts are loaded correctly on buttons (bsc#1231378)

      + Update login page layout

      + Reduce Bundle size for the web UI

      + Ignore missing or unreadable paths when parsing the configuration

      + Remove DWR from the package dependency since it's no longer used

      + Ensure the reporting DB uses a lowercase username (bsc#1220494)

      + Fix NPE if child channel has no parent (bsc#1231053)

      + Show Confidential Compute Attestation tab also for Salt SSH managed
        clients

      + Introduce API endpoint to get the product name

      + Call state.apply as direct_call when specified

      + Rename SUSEProductSCCRepository to the more meaningful name
        ChannelTemplate

      + Various improvements for ContentSyncManager in regard of hibernate
        schema and performance

      + Adapt changing software channels to first perform the changes in the
        database and apply the channel state later too. This allows better
        handling of offline minions (bsc#1216683)

      + Do not iterate over all actions when only reboot actions are handled

      + Show an error notification only when we invalidate the PAYG credentials
        (bsc#1228956)

      + Make the list for package actions unique so it can be passed to Salt (
        bsc#1232042)

      + Handle new kind of auth tokens

      + Support new official SUSE update hosts

      + Use external hostname in title of traceback emails

      + Support removing all channels with scheduleChangeChannels()

      + Support finding compatible child channels when changing the base
        channels with scheduleChangeChannels()

      + Check consistence of base and child channels (bsc#1232713)

      + Allow group assignment for foreign servers (bsc#1222447)

      + saltboot: add MAC based terminal naming (jsc#SUMA-314)

      + Add proxy option to provisionSystem API (bsc#1232125)

      + Fix appstream list of packages in stream (bsc#1231459)

      + Fix enabled flag for users listed via API (bsc#1233431)

      + Chained proxy configuration create refactoring

      + Prevent return duplicated packages on XML-RPC API endpoint
        listLatestUpgradablePackages (bsc#1231430)

      + Allow the listing of already included patches when importing them into
        a custom channel (bsc#1228856)

      + Add notification for users with disabled SCC data forwarding (jsc#
        SUMA-431)

      + Send additional data to SCC (jsc#SUMA-406)

      + Fix table filters for description, first character dropdown and toggle
        button

spacewalk-proxy:

  * Version 5.0.5-0

      + Add IPv6 support for salt-broker (bsc#1227827)

      + Make salt-broker reconnecting if master IP has changed (bsc#1228182)

      + Make salt-broker less dependant on spacewalk libs

      + Make socket opt setting more strict and verbose (bsc#1229286)

spacewalk-search:

  * Version 5.0.3-0

      + More robust parsing of max memory configuration (bsc#1229000)

spacewalk-setup:

  * Version 5.0.7-0

      + Remove now unneeded hostname calls (bsc#1231255)

spacewalk-utils:

  * Version 5.0.6-0

      + Force login to spacecmd from spacewalk-hostname-rename (bsc#1229848)

      + Remove unmaintained snapshot and export tools from package
        spacewalk-utils-extras

      + Remove tools from spacewalk-utils-extra and move them to Uyuni contrib
        repository

spacewalk-web:

  * Version 5.0.16-0

      + Fixed misleading error while waiting for SCC credentials
        synchronisation (bsc#1227374)

      + Add safeguard against CVE-2024-21528

      + Update numerous page layouts

      + Upgrade DOMPurify to fix CVE-2024-45801

      + Ensure icon fonts are loaded correctly on buttons (bsc#1231378)

      + Update shared Javascript dependencies

      + Reduce Bundle size for the web UI

      + Update web UI build tooling

      + Update the Web UI version

      + Introduce numeric search field in table filters

      + Add notification for users with disabled SCC data forwarding (jsc#
        SUMA-431)

supportutils-plugin-salt:

  * Adjust requires for plugin to allow compatibility with supportutils 3.2.9
    release (bsc#1235145)

  * Update to version 1.2.3

      + Add "CONTRIBUTING.md" with notes about Pull Requests

      + Provide backwards-compatible scripts version

supportutils-plugin-susemanager:

  * Version 5.0.5-0

      + Adjust requires for plugin to allow compatibility with supportutils
        3.2.9 release (bsc#1235145)

supportutils-plugin-susemanager-client:

  * Version 5.0.4-0

      + Adjust requires for plugin to allow compatibility with supportutils
        3.2.9 release (bsc#1235145)

supportutils-plugin-susemanager-proxy:

  * Version 5.0.3-0

      + Adjust requires for plugin to allow compatibility with supportutils
        3.2.9 release (bsc#1235145)

susemanager:

  * Version 5.0.11-0

      + Remove now unneeded hostname calls (bsc#1231255)

      + Mark dmidecode and logrotate as optional for SUSE Liberty Linux 7 LTSS
        (bsc#1226958)

      + Rename table suseProductSCCRepository to the more meaningful name
        suseChannelTemplate (bsc#1234994)

      + Add bootstrap repo definitions for SL Micro 6.1 (bsc#1233595)

susemanager-build-keys:

  * Version 15.5.3

      + Add 4096-bit RSA GPG key for third-party NVIDIA graphics drivers
        repository.

  * Refresh extended Uyuni GPG public key

      + Modified: gpg-pubkey-0d20833e.asc

susemanager-docs_en:

  * Deprecated Debian 11 as it is End of Life

  * Deprecated the Quickstart Guide as it duplicated documentation from the
    Installation and Upgrade Guide

  * Added retail MAC based terminal naming in Retail Guide (jsc#SUMA-314)

  * Added support for SUSE Linux Micro 6.1

  * Added example for LDAP integration with Active Directory in Administration
    Guide (bsc#1233696)

  * Updated ports listing according to hidden ports file and fixed references
    in Installation and Upgrade Guide

  * Added step to refresh repository before calling transactional-update in
    Installation and Upgrade Guide

  * Updated Troubleshooting Autoinstallation in Administration Guide

  * Added ports overview images in Installation and Upgrade Guide (bsc#1217338)

  * Added external link for creating virtual network peer for Azure in
    Specialized Gudes (bsc#1234441)

  * Documented how to replace existing certificates via mgrtcl (bsc#1233793)

  * Clarified SSH authentication methods during Web UI bootstrap process in
    Client Configuration Guide (bsc#1233497)

  * Changes proxy Helm installation to use package from OS channel in
    Installation and Upgrade Guide

  * Documented onboarding SSH connected Ubuntu clients with install-created
    user in Client Configuration Guide (bsc#1213437)

  * Added Saline documentation to Salt Guide

  * Replaced mgradm with mrgctl in Installation and Upgrade Guide

  * Corrected metadata signing section in Administration Guide

  * Added Open Enterprise Server 24.4 and 23.4 as supported client systems (bsc
    #1230585)

  * Improved SSL certificate handling in Administration Guide

  * Make proper use of terminal inside the container in Retail Guide (bsc#
    1233871)

  * Added new workflow with the instructions about RAW image usage to Common
    Workflows book

  * Added reminder note to unregister before registration to Client
    Configuration Guide

  * Fixed podman parameter name in Disconnected Setup chapter of the
    Administration Guide (bsc#1233383)

  * Added details on image management in Administration Guide(bsc#1222574)

  * Documented Cobbler option to enable boot ISOs with Secure Boot in Client
    Configuration Guide

  * Added documentation on deploying SUSE Manager Proxy in Public Cloud in
    Large Deployment Guide

  * Added admonition about disabling data synchronization with SCC in
    Administration Guide

  * Added note about SLE Micro entitlement being included in SUSE Manager
    extensions' entitlements (bsc#1230833)

  * Added VMware image deployment documentation for Proxy in the Installation
    and Upgrade Guide (bsc#1227852)

  * Added information on upgrading server and proxy containers

  * Added note about case sensitivity of organization name to Inter-Server
    Synchronization chapter of Administration Guide

  * Added reminder note to de-register before registration to Client
    Configuration Guide (bsc#1216946)

  * Added admonition about podman related IP forwarding configuration to
    Requirements in Installation and Upgrade Guide (bsc#1224318)

  * Updated Hub chapter in Large Deployments Guide (bsc#1215815)

  * Add registry.suse.com to the list of required URLs in the Network
    Requirements section of the Installation and Upgrade Guide

  * Fixed SSH Push and SSH Push (with tunnel) contact method sections in Client
    Configuration Guide

  * Added missing architecture to Installation and Upgrade Guide (bsc#1230670)

  * Corrected command for containerized proxy in Installation and Upgrade Guide
    (bsc#1231398)

  * List of required URLs extended in Installation and Upgrade Guide (bsc#
    1230741)

  * Fixed incorrect URL references for both Server and Proxy in the
    Installation Guide

  * Removed 4.3 version entries in migration documentation

  * Added information for running mgr-ssl-cert-setup in Administration Guide(
    bsc#1229079)

  * Added reference to Inter-Server Synchronization in Administration Guide(bsc
    #1230943)

  * Documented that is LVM not needed in default cases in Installation and
    Upgrade Guide (bsc#1228319)

  * Removed inconsistent information about persistent storage (bsc#1230502)

  * Updated database backup and restore procedures using smdba in
    Administration Guide

  * Documented krb5.conf configuration (bsc#1229077)

  * Added VMware image deployment documentation for Server in the Installation
    and Upgrade Guide (bsc#1227852 and bsc#1228351)

  * Documented migrating clients such as AlmaLinux, CentOS, Oracle Linux, and
    Rocky Linux to SUSE Liberty Linux and SUSE Liberty Linux 7 to SUSE Liberty
    Linux 7 LTSS

  * Added documentation about orphaned packages in Client Configuration Guide (
    bsc#1227882)

  * Clarified meaning of Default contact method in Client Configuration Guide

  * Added prerequisite for server migration in Installation and Upgrade Guide (
    bsc#1229902)

  * Updated information on PostgreSQL version in Installation and Upgrade Guide

susemanager-schema:

  * Version 5.0.13-0

      + Ensure the reporting DB uses a lowercase username (bsc#1220494)

      + Store direct call request in action details

      + Rename table suseProductSCCRepository to the more meaningful name
        suseChannelTemplate

      + Allow group assignment for foreign servers (bsc#1222447)

      + Improve appstreams context selection (bsc#1231459)

      + Add table and columns to store additional telemetry data (jsc#SUMA-406)

susemanager-sls:

  * Version 5.0.12-0

      + Adapt mgr_server grain and reportdb_user state to work with
        containerized server

      + Fix rebootifneeded state which misses definition of a variable (bsc#
        1233426)

      + Prevent warning message for unsigned Debian repositories when using new
        deb822 format (bsc#1234251)

      + Do not set "Trusted" for Debian repositories when the repo should be
        signed

      + suma_minion: prevent issues when calling Salt runners (bsc#1228232)

      + Prevent a crash on "reboot_info" module for Liberty 6, RHEL 6 & clones
        (bsc#1231404)

      + Improve appstreams context selection (bsc#1231459)

      + Collect uname, SAP workloads and container runtime data on hardware
        profile update (jsc#SUMA-406)

susemanager-sync-data:

  * Version 5.0.9-0

      + Add support for OES 24.4 (bsc#1230585)

      + Set Ubuntu 24.04 as released

server-attestation-image:

  * Version 5.0.7

      + Update for next release

server-hub-xmlrpc-api-image:

  * Version 5.0.9

      + Update for next release

server-image:

  * version 5.0.11

      + Fix timezone alignment on container restart (bsc#1235692)

  * version 5.0.10

      + Add aarch64 and ppc64 grub loaders (bsc#1231762)

      + Use FILE: type for krb5 ccache

      + Remove pam_ldap as it is no longer shipped (bsc#1231377)

server-migration-14-16-image:

  * Version 5.0.10

      + Update for next release

uyuni-coco-attestation:

  * Version 5.0.6-0

      + Stop the attestation processing gracefully when receiving a termination
        signal

uyuni-java-common:

  * Version 5.0.6-0

      + Ensure the files stream is correctly closed

uyuni-java-parent:

  * Version 5.0.6-0

      + Update for next release

woodstox:

  * Provide maven module name for stax2-api

uyuni-tools:

  * Version 0.1.28-0

      + Persist search server indexes (bsc#1231759)

      + Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)

      + Only raise an error if cloudguestregistryauth fails for PAYG (bsc#
        1233630)

      + Consider the configuration file to detect the coco or Hub API images
        should be pulled (bsc#1229104)

      + Only add java.hostname on migrated server if not present

      + Add --registry back to mgrpxy (bsc#1233202)

      + Ignore coco and Hub images when applying PTF if they are not available
        (bsc#1229079)

      + Sync deletes files during migration (bsc#1233660)

      + Run systemctl daemon-reload after changing the container image config (
        bsc#1233279)

      + coco-replicas-upgrade

      + IsInstalled function fix

      + Bump the default image tag to 5.0.3

      + Use the uyuni network for all podman containers (bsc#1232817)

  * Version 0.1.27.0

      + Bump the default image tag to 5.0.2

  * Version 0.1.26-0

      + Ignore all zypper caches during migration (bsc#1232769)

      + Use the uyuni network for all podman containers (bsc#1232817)

Version 5.0.2

cobbler:

  * Increase start timeout for cobblerd unit (bsc#1219450)

  * CVE-2024-47533: cobbler: Authentication Exploit (bsc#1231332)

patterns-suse-manager:

  * Remove not needed filters from patterns-suse-manager-rpmlintrc

      + no-binary

      + devel-package-with-non-devel-group

      + conflicts-with-provides

      + description-shorter-than-summary

      + useless-provides

  * Remove duplicated monitoring packages from patterns-suma_server

  * Spec file cleanup

      + Use macros instead of hardcoded paths

      + Sort package metadata according to spec-cleaner

  * Remove unneeded yast2-migration

  * Add supportutils-plugin-salt to both Server and Proxy patterns

python-susemanager-retail:

  * Update to version 1.0.1722253762.9f01ce8

      + Fix delta creation on containerized server (bsc#1226369)

saltboot-formula:

  * Update to version 0.1.1723628891.ffb1da5

      + Rework request stop function to avoid unnecessary warnings (bsc#1212985
        )

spacecmd:

  * Version 5.0.10-0

      + Speed up softwarechannel_removepackages (bsc#1227606)

      + Fix error in 'kickstart_delete' when using wildcards (bsc#1227578)

      + Spacecmd bootstrap now works with specified port (bsc#1229437)

      + Fix sls backup creation as directory with spacecmd (bsc#1230745)

spacewalk-backend:

  * Version 5.0.10-0

      + Ignore 'buildorder' parsing errors when parsing entries in module
        metadata (bsc#1230274)

      + Provide http_headers also to Debian repository syncer

      + Make spacewalk-data-fsck aware of orphaned RPMs (bsc#1227882)

      + reposync: import GPG keys to RPM DB individually (bsc#1217003)

      + Add log string to the journal when services are stopped because of
        insufficient disk space

spacewalk-certs-tools:

  * Version 5.0.8-0

      + Fix parsing Authority Key Identifier when keyid is not prefixed (bsc#
        1229079)

spacewalk-java:

  * Version 5.0.14.0

      + limit frontend-log message size (bsc#1231900)

  * Version 5.0.13-0

      + Fix stretched button issue in Audit Search and Subscription Matching
        pages

      + Fix date input in 'errata.setDetails' endpoint in the HTTP API

      + Fix layout mismatch in patches management

      + Fix column alignment on repository and system pages

      + Integrate UI debugging stories

      + Require correct SCAP packages for Ubuntu and Debian (bsc#1227746)

      + Add detection of Ubuntu 24.04

      + Remove session timeout from webapp, in order to use the persisting one
        in /etc/tomcat/web.xml

      + Allow changing base channel to SUSE Liberty Linux LTSS when the system
        is on SUSE Liberty Linux (bsc#1228326)

      + Implement product migration from RHEL and Clones to SUSE Liberty Linux

      + Remove system also from Proxy SSH known_hosts (bsc#1228345)

      + Remove restrictions for Debian repositories in public cloud

      + Fix NullPointerException when generating subscription matcher input (
        bsc#1228638)

      + Open bootstrap script directory URL in a new page (bsc#1225603)

      + Delay package list refresh when Salt was updated (bsc#1217978)

      + Add SLE-Micro 5 to the list of systems which support monitoring (bsc#
        1227334)

      + Add all SLE-Micro systems to the list of systems which get PTF
        repositories

      + Use custom select instead of errata view for better performance (bsc#
        1225619)

      + Fix the date format output when using the HTTP API to use ISO8601
        format (bsc#1227543)

      + Change localhost PAYG header to match SUSE Manager product

      + ErrataManager.truncateErrata now tries to clean orphan erratas at the
        end (erratas with no channel)

      + Improve score comparison in system search to fix ISE (bsc#1228412)

spacewalk-proxy:

  * Version 5.0.4-0

      + Set proxy authtoken FQDN based on config file (bsc#1230255)

      + Allow execute of ssh-keygen command on the Proxy to cleanup SSH
        known_hosts (bsc#1228345)

spacewalk-setup:

  * Version 5.0.6-0

      + Collect spacewalk-setup-cobbler return code (bsc#1226847)

spacewalk-utils:

  * Version 5.0.5-0

      + Add repositories for Ubuntu 24.04 LTS

      + Drop unsupported tool spacewalk-final-archive as it is broken and may
        disclose sensitive information (bsc#1228945)

      + Move taskotop tool to spacewalk-utils package

spacewalk-web:

  * Version 5.0.14-0

      + CVE-2024-49502: Validate proxy hostname format and escape proxy
        username to mitigate XSS vulnerabilities (bsc#1231852)

      + CVE-2024-49503: Escape organization credentials username to mitigate
        XSS vulnerability (bsc#1231922)

  * Version 5.0.13-0

      + Fix Find Targets button behavior for the feature Salt > Remote Commands
        page

      + Fix the missing background color for the pending status badge and show/
        hide the response badge component.

      + Fix stretched button issue in Audit Search and Subscription Matching
        pages

      + Fix alert layout in formula catalog

      + Fix sticky header infinite scroll

      + Fix layout mismatch in patches management

      + Fix column alignment on repository and system pages

      + Integrate UI debugging stories

      + Fix Extra Packages column in systems list (bsc#1228980)

      + Update the WebUI version

susemanager:

  * Version 5.0.10-0

      + Enable bootstrapping for Ubuntu 24.04 LTS

      + Add missing package python3-ply to bootstrap repo definition (bsc#
        1228130)

      + Use different exit codes for different failures in mgr-setup (bsc#
        1230139)

      + Remove yast2 dependency from installation

susemanager-docs_en:

  * Documented Ubuntu 24.04 LTS as a supported client OS in Client
    Configuration Guide

  * Documented setting krb5_keytab in Administration Guide (bsc#1229077)

  * Added VMware image deployment documentation for Server in the Installation
    and Upgrade Guide (bsc#1227852 and bsc#1228351)

  * Documented migrating clients such as AlmaLinux, CentOS, Oracle Linux, and
    Rocky Linux to SUSE Liberty Linux and SUSE Liberty Linux 7 to SUSE Liberty
    Linux 7 LTSS

  * Added documentation about orphaned packages in Client Configuration Guide (
    bsc#1227882)

  * Clarified meaning of the Default contact method in Client

  * Added prerequisite for server migration in Installation and Upgrade Guide (
    bsc#1229902)

  * Updated outdated links in Retail Guide

  * Added troubleshooting section about full disk with containers in
    Administration Guide and notes to persistent storage setup in Installation
    and Upgrade Guide

  * Added volume SSSD to the list of etc persistent volumes to

  * Documented Cobbler kernel options in Client Configuration Guide

  * In network ports section, added port 443 for clients and removed Cobbler
    only used internally (bsc#1217338)

  * Added installer-updates.suse.com to the list of URLs in Installation and
    Upgrade Guide (bsc#1229178)

  * Improved documentation around non-compliant packages (also known as extra
    packages) in Reference Guide

  * Restructured documentation of Systems menu and system details tab in
    Reference Guide

  * Enhanced instructions about the permissions for the IAM role in Public
    Cloud Guide

  * Removed Verify Packages section from Package Management chapter in Client
    Configuration Guide

  * Documented activating AppStreams automatically with an activation key in
    Client Configuration Guide

susemanager-schema:

  * Version 5.0.12-0

      + During schema upgrade, avoid insert problem when Extern - Oracle Linux
        9 is not present (bsc#1230021)

      + Remove superfluous joins from errata view

susemanager-sls:

  * Version 5.0.11-0

      + Implement product migration from RHEL and Clones to SUSE Liberty Linux

susemanager-sync-data:

  * Version 5.0.8-0

      + add SUSE Linux Enterprise 15 SP5 LTSS channel families

      + add MicroOS PPC channel family

      + set Ubuntu 22.04 to released

  * Version 5.0.7-0

      + Add Ubuntu 24.04 support

      + Add channel family for SLES 12 SP5 LTSS Extended Security

uyuni-common-libs:

  * Version 5.0.5-0

      + Enforce directory permissions at repo-sync when creating directories (
        bsc#1229260)

uyuni-tools:

  * Version 0.1.25.0

      + Don't migrate enabled systemd services, recreate them (bsc#1232575)

  * Version 0.1.24-0

      + CVE-2024-22037: Use podman secret to store the database credentials (
        bsc#1231497)

      + Redact JSESSIONID and pxt-session-cookie values from logs and console
        output (bsc#1231568)

  * Version 0.1.23-0

      + Ensure namespace is defined in all kubernetes commands

      + Use SCC credentials to authenticate against registry.suse.com for
        kubernetes (bsc#1231157)

      + Fix namespace usage on mgrctl cp command

  * Version 0.1.22-0

      + Set projectId also for test packages/images

      + mgradm migration should not pull Confidential Computing and Hub image
        is replicas == 0 (bsc#1229432, bsc#1230136)

      + Do not allow SUSE Manager downgrade

      + Prevent completion issue when /var/log/uyuni-tools.log is missing

      + Fix proxy shared volume flag

      + During migration, exclude mgr-sync configuration file (bsc#1228685)

      + Migrate from PostgreSQL 14 to PostgreSQL 16 pg_hba.conf and
        postgresql.conf files (bsc#1231206)

      + During migration, handle empty autoinstallation path (bsc#1230285)

      + During migration, handle symlinks (bsc#1230288)

      + During migration, trust the remote sender's file list (bsc#1228424)

      + Use SCC flags during podman pull

      + Restore SELinux permission after migration (bsc#1229501)

      + Share volumes between containers (bsc#1223142)

      + Save supportconfig in current directory (bsc#1226759)

      + Fix error code handling on reinstallation (bsc#1230139)

      + Fix creating first user and organization

      + Add missing variable quotes for install vars (bsc#1229108)

      + Add API login and logout calls to allow persistent login

uyuni-storage-setup:

  * Version 5.0.3-0

      + Do not create partition on extra storage disk

  * Version 5.0.2-0

      + Do not build debuginfo package

server-attestation-image:

  * Version 5.0.6

      + Update for next release

server-hub-xmlrpc-api-image:

  * Version 5.0.8

      + Update for next release

server-image:

  * Version 5.0.9

      + Add HANA and cluster formulas to Server image (bsc#1230536)

      + Use /etc/krb5.conf.d for all kerberos related configurations (bsc#
        1229077)

      + Do not install outdated package "spacewalk-utils-extras" on Server
        image (bsc#1228945)

      + Fix package name search when syncing volumes data (bsc#1229923)

server-migration-14-16-image:

  * Version 5.0.9

      + Update for next release

Version 5.0.1

rhnlib:

  * Version 5.0.4-0

      + Add the old TLS code for very old traditional clients still on python
        2.7 (bsc#1228198)

spacewalk-admin:

  * Version 5.0.8-0

      + Remove mgr-check-payg service

spacewalk-backend:

  * Version 5.0.9-0

      + Support more NEVRA types when importing module metadata

      + yum_src: use proper name variable name for subprocess.TimeoutExpired

      + Check and populate PTF attributes at the time of importing packages (
        bsc#1225619)

      + reposync: introduce timeout when syncing DEB channels (bsc#1225960)

      + Refresh channel newest packages after importing Appstreams metadata

spacewalk-certs-tools:

  * Version 5.0.7-0

      + Support multiple certificates for root-ca-file and server-cert-file

spacewalk-client-tools:

  * Version 5.0.7-0

      + Update translation strings

spacewalk-config:

  * Version 5.0.4-0

      + Trust the Content-Length header from ajp (bsc#1226439)

spacewalk-java:

  * Version 5.0.12-0

      + Update setup wizard UI

      + Report a server/report id mismatch when calling
        getCoCoAttestationResultDetails

      + Prevent the API for confidential computing to work on systems without
        OS support

      + Ensure getCoCoAttestationConfig works when a configuration is not
        present

      + Prevent error while serializing an attestation report without an
        attested date

      + Add missing support for field attest on boot in the
        getCoCoAttestationConfig and setCoCoAttestationConfig API

      + Require byte-buddy and byte-buddy-dep using maven dependencies

      + Fix NullPointerException when context has no timezone set

      + Enhance optional type adapter to parse legacy JSON data from DB

      + Update last sync refresh timestamp only when at least one time products
        were synced before

      + Prevent error when listing history events without completion time (bsc#
        1146701)

      + Autoinstallation: prevent "duplicate IP address" issues cause by
        container networks (bsc#1226461)

      + Check the correct Salt package before product migration (bsc#1224209)

      + Remove reboot from uptodate state, introduce reboot and rebootifneeded
        states

      + Add API calls getNotifications, makeNotificationRead,
        makeAllNotificationsRead, deleteNotification to UserNotificationHandler

      + Configure AppStreams via Activation Keys

      + Fix package profile update on CentOS 7 when yum-utils is not installed
        (bsc#1227133)

      + Fix layout of advanced package search page

      + Add info URL for Cobbler to clean the system profile (bsc#1219645)

      + Fix the URL to download the autoinstallation file (bsc#1226313)

      + Fix input alignment and style issues on schedule creation page

      + Add entry to apidoc faqs about methods listed more than ones (bsc#
        1217248)

      + Remove unused MinionActionChainCleanup job

      + Allow free products and SUSE Manager Proxy being managed by SUSE
        Manager Server PAYG

      + Fix a race condition during PAYG setup by re-detecting compliance when
        the instance report BYOS but payg_compliance.json is available

      + Show SUSE Manager Proxy for different architectures when using SUSE
        Manager Server PAYG

      + Do not explicitly trigger Cobbler sync when adding a system via SUMA
        API (bsc#1219450)

      + Improve SQL queries and performance to check for PTF packages (bsc#
        1225619)

      + Fix false positive SSH key generation error (bsc#1226491)

      + Change syncAll call at start-up to be asynchronous (bsc#1224004)

      + Fix transactional update check for SL Micro (bsc#1227406)

      + Fix Appstream queries to avoid duplicates in packages lists

spacewalk-web:

  * Version 5.0.12-0

      + Update the WebUI version

  * Version 5.0.11-0

      + Fix btn-info style in new theme

      + Fix missing margin in CVE audit list on cve page

      + Fix broken layout of system formulas configuration page

      + Fix table filters for description, first character dropdown and toggle
        button.

      + Fix channel selection using SSM (bsc#1226917)

      + Fix broken layout in monitoring page

      + Fix missing margin between inline radio buttons

      + Fix OpenSCAP search page layout

      + Remove Bare metal systems tab from General Configuration page

      + Update setup wizard UI

      + Remove reboot from uptodate state, introduce reboot and rebootifneeded
        states

      + Fix space between radio button and label in forms

      + Fix layout of SSM subpages in updated theme

      + Fix broken layout of build image page

      + Fix layout of advanced package search page

      + Fix badege color in salt key table

      + Fix hidden section issue in Monitoring and General Configuration pages

      + Fix double padding in recurring actions table

      + Fix missing top border in table footer

      + Fix broken layout of system highstate page

      + Fix input alignment and style issues on schedule creation page

      + Fix datetime selection when using maintenance windows (bsc#1228036)

      + Configure AppStreams via Activation Keys

susemanager:

  * Version 5.0.9-0

      + Create special bootstrap data for SUSE Manager Server 4.3 with LTSS
        updates for Hub scenario (bsc#1211899)

      + Add LTSS updates to SUSE Manager Proxy 4.3 bootstrap data

susemanager-build-keys:

  * Vesion 15.5.1

      + extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339)

          o gpg-pubkey-39db7c82-66c5d91a.asc

susemanager-schema:

  * Version 5.0.11-0

      + Remove unused MinionActionChainCleanup job

      + Execute the cobbler-sync-default task once per 5 minutes by default (
        bsc#1219450)

      + Introduce new attributes to detect PTF packages (bsc#1225619)

      + Remove reboot from uptodate state, introduce reboot and rebootifneeded
        states

      + Fix queries related to Appstreams to avoid inconsistencies when listing
        packages

susemanager-sync-data:

  * Version 5.0.6-0

      + Fix CentOS 7 repo URLs (bsc#1227526)

susemanager-sls:

  * Version 5.0.10-0

      + Speed-up mgrutil.remove_ssh_known_host runner (bsc#1223312)

      + Start using DEB822 format for repository sources beginning with Ubuntu
        24.04

      + Disable transactional-update.timer on SUSE Linux Enterprise Micro at
        bootstrap

      + sumautil: properly detect bridge interfaces (bsc#1226461)

      + Fix typo on directories to cleanup when deleting a system (bsc#1228101)

      + Granslate GPG URL if URL has server name and client behind proxy (bsc#
        1223988)

      + Fix yum-utils package missing on CentOS7 minions (bsc#1227133)

      + Remove reboot from uptodate state, introduce reboot and rebootifneeded
        states

      + Fix package profile update on CentOS 7 when yum-utils is not installed
        (bsc#1227133)

spacecmd:

  * Version 5.0.9-0

      + Update translation strings

uyuni-payg-timer:

  * Version 5.0.2-0

      + Adapt packages to check for modifications

  * Version 5.0.1-0

      + Do not check for billing-data-service outside of the container

      + Fix accessing 'has_metering_access' on BYOS systems (bsc#1226483)

      + Implement a timer to collect PAYG data of the Uyuni host and copy them
        in the container

uyuni-storage-setup:

  * Version 5.0.1-0

      + Provide uyuni-storage-setup-server

uyuni-tools:

  * Version 0.1.21-0

      + mgrpxy: Fix typo on Systemd template

  * Version 0.1.20-0

      + Update the push tag to 5.0.1

      + mgrpxy: expose port on IPv6 network (bsc#1227951)

  * Version 0.1.19-0

      + Skip updating Tomcat remote debug if conf file is not present

  * Version 0.1.18-0

      + Setup Confidential Computing container during migration (bsc#1227588)

      + Add the /etc/uyuni/uyuni-tools.yaml path to the config help

      + Split systemd config files to not loose configuration at upgrade (bsc#
        1227718)

      + Use the same logic for image computation in mgradm and mgrpxy (bsc#
        1228026)

      + Allow building with different Helm and container default registry paths
        (bsc#1226191)

      + Fix recursion in mgradm upgrade podman list --help

      + Setup hub xmlrpc API service in migration to Podman (bsc#1227588)

      + Setup disabled hub xmlrpc API service in all cases (bsc#1227584)

      + Clean the inspection code to make it faster

      + Properly detect IPv6 enabled on Podman network (bsc#1224349)

      + Fix the log file path generation

      + Write scripts output to uyuni-tools.log file

      + Add uyuni-hubxml-rpc to the list of values in mgradm scale --help

      + Use path in mgradm support sql file input (bsc#1227505)

      + On Ubuntu build with go1.21 instead of go1.20

      + Enforce Cobbler setup (bsc#1226847)

      + Expose port on IPv6 network (bsc#1227951)

      + show output of podman image search --list-tags command

      + Implement mgrpxy support config command

      + During migration, ignore /etc/sysconfig/tomcat and /etc/tomcat/
        tomcat.conf (bsc#1228183)

      + During migration, remove java.annotation,com.sun.xml.bind and
        UseConcMarkSweepGC settings

      + Disable node exporter port for Kubernetes

      + Fix start, stop and restart in Kubernetes

      + Increase start timeout in Kubernetes

      + Fix traefik query

      + Fix password entry usability (bsc#1226437)

      + Add --prepare option to migrate command

      + Fix random error during installation of CA certificate (bsc#1227245)

      + Clarify and fix distro name guessing when not provided (bsc#1226284)

      + Replace not working Fatal error by plain error return (bsc#1220136)

      + Allow server installation with preexisting storage volumes

      + Do not report error when purging mounted volume (bsc#1225349)

      + Preserve PAGER settings from the host for interactive sql usage (bsc#
        1226914)

      + Add mgrpxy command to clear the Squid cache

      + Use local images for Confidential Computing and Hub containers (bsc#
        1227586)

uyuni-java-parent:

  * Version 5.0.5-0

      + Update for next release

uyuni-java-common:

  * Version 5.0.5-0

      + Update for next release

coco-attestation:

  * Version 5.0.5-0

      + Ensure the report and the nonce are not empty before attempting to
        validate

      + Mark Secure Boot as succeeded only if the correct message is present

init-image:

  * Version 5.0.8

      + Update for next release

server-attestation-image:

  * Version 5.0.5

      + Correctly handle podman stop command

server-helm:

  * Version 5.0.7

      + Update for next release

server-hub-xmlrpc-api-image:

  * Version 5.0.7

      + Update for next release

server-image:

  * Version 5.0.8

      + Update for next release

server-migration-14-16-image:

  * Version 5.0.8

      + Update for next release

Major changes since SUSE Manager Server 4.3

Base system changed

SUSE Manager 4.3 was built on SUSE Linux Enterprise 15 SP4. SUSE Manager 5.0,
moves to SUSE Linux Enterprise Micro 5.5 as the container host system. This
change was made because SLE Micro is designed for container workloads and has a
longer lifecycle. The SLE Micro subscription for the Server will be included in
the SUSE Manager subscription, eliminating the need for customers to purchase
the underlying OS subscription separately.

The supported container host is SLE Micro 5.5, while the image itself will be
based on bci-init image, which is then based on SLES 15 SP6.

Salt 3006.0

SUSE Manager 5.0, continues to use Salt 3006.0. It is considered by upstream to
be a long-term support (LTS) version. Our plan is to upgrade to the next LTS
version, which will be 3008.0 when available. Short-term support (STS) versions
of salt are not supported for use with SUSE Manager.

Throughout this process, all critical bug fixes, including CVEs, L3 fixes, and
essential features needed for SUSE Manager, will be provided.

     The Python version for the Salt bundle has been upgraded from 3.10 to
Note 3.11. This upgrade aligns with the Python version available in SLE and
     also offers better performance.

PostgreSQL 16

The database engine has been updated from PostgreSQL 14 to PostgreSQL 16, which
brings a number of performance and reliability improvements. A detailed
changelog is available upstream.

Upgrade to Java 17

In SUSE Manager 5.0, we're upgrading to the next LTS version of Java, which is
Java 17. This update brings several new features, security enhancements,
including support for new TLS versions and improved certificate validation.

For more information on this topic, see https://www.oracle.com/java/
technologies/javase/17-relnote-issues.html

New products enabled

SUSE Manager 5.0 supports an even wider range of operating systems as clients.
The following additional OS releases will be supported in SUSE Manager 5.0.

  * SUSE Linux Enterprise Server 15 SP6 Family

  * SUSE Linux Micro 6.0

  * openSUSE Leap 15.6

For more information about the registration process, refer Registration section
, and for more information about supported features, consult Supported Features
.

Native support for AppStream repositories

Following the integration of modularity and modular repositories in Red Hat
Enterprise Linux and its derivatives, SUSE Manager initially implemented
modularity through Content Lifecycle Management (CLM) and the introduction of
AppStream filters. These filters effectively removed the modularity features
from a repository by flattening it, enabling consumption through the SUSE
Manager UI and API. However, this approach introduced complexity and limited
functionality, prompting the need for a more comprehensive solution.

With this milestone, we have eliminated the restriction on flattening the
AppStream repositories. This enhancement allows users to manage their clients,
both from SUSE Manager and directly from the client using DNF if necessary.

Additionally, a new UI page has been introduced under System > Software >
AppStreams. This page enables users to select the modules and their respective
streams they wish to enable/disable on the client.

SUSE Manager 5.0 also introduces two new API namespaces: channel.appstreams and
system.appstreams. These namespaces provide different endpoints that can be
used to retrieve more information about available module streams, and enable or
disable them on a specific system using API.

For further details about these endpoints, please refer to the SUSE Manager API
Documentation.

Confidential Computing Attestation

SUSE Manager will be assisting in supporting Confidential Computing
Attestation, specifically for AMD SEV-SNP clients. This functionality is
compatible with hardware featuring either an AMD EPYC Milan CPU or an AMD EPYC
Genoa CPU. Additionally, there is a Secure Boot module that handles the Secure
Boot check in the context of Confidential Computing Attestation. For the Secure
Boot module, offline RPMs for aarch64, ppc64le, and s390x will be made
available with the next MU 5.0.1, while the RPM for x86_64 is already
available.

SUSE Manager offers both a user-friendly UI and API to simplify the utilization
of this feature for users.

For more information, please refer to the Confidential Computing

New update-salt recurring state

SUSE Manager 5.0 also comes with new state to update Salt in recurring states.
Additionally, we enhance the detection of needed reboots and the update-to-date
state.

These improvements have led to the update of a common workflow for keeping the
system up to date with SUSE Manager.

For more information, please refer to Clients Update Using Recurring Actions
workflow in the official documentation.

System getRelevantErrata API endpoint

A new API endpoint, System.getRelevantErrata , has been introduced. This
endpoint accepts a list of systems and returns all errata relevant to those
systems.

For further details about these endpoint, please refer to the SUSE Manager API
Documentation

Monitoring

Node exporter upgraded to 1.7.0

golang-github-prometheus-node_exporter has been updated from version 1.5.0 to
1.7.0

The update includes also several bug fixes and features but no breaking
changes.

Please note that supervisord and ntp collectors have been deprecated in version
1.6.0 and they will be removed in future versions.

Check the upstream changelogs for more details:

  * https://github.com/prometheus/node_exporter/releases/tag/v1.6.0

  * https://github.com/prometheus/node_exporter/releases/tag/v1.6.1

  * https://github.com/prometheus/node_exporter/releases/tag/v1.7.0

Grafana upgraded to 9.5.18

Grafana has been updated from version 9.5.16 to 9.5.18, signifying a minor
update that addresses several bugs.

This update also fixes the following security vulnerability:

  * CVE-2024-1313 - bsc#1222155

For detailed information about the fixes and features, you can refer to the
following links:

  * Grafana Release v9.5.17

  * Grafana Release v9.5.18

Changed behaviour of repo-sync

Repositories are now kept strictly in sync with the upstream repository. For
example, when a package is removed from the upstream repo, it is also removed
from the channel directly connected to that repo. Cloned channels will remain
unchanged unless the admin syncs them with the original parent channel.

Users can disable this behavior for custom channels; however, it cannot be
changed for vendor channels.

Removed features

Traditional Stack removed

Starting with the SUSE Manager 4.3 release, the traditional client stack was
marked as deprecated. Now, with the release of SUSE Manager 5.0, we are
completely removing support for the traditional (Spacewalk client) stack.

For additional details on migrating traditional clients to Salt clients, please
refer to Migrate traditional clients to Salt clients.

          In SUSE Manager 5.0, the same set of client tools as in SUSE Manager
          4.3 is utilized to deliver the necessary packages for the clients.
          However, it is essential to recognize that while certain traditional
          stack-related packages are still supported in 4.3, they are no longer
Important supported in 5.0. Therefore, although users may still observe some of
          these packages, and zypper may list them as L3 supported sources,
          they are only supported within the context of SUSE Manager 4.3. Any
          packages related to the traditional stack are not supported in SUSE
          Manager 5.0.

Bare metal discovery/provisioning

This feature was implemented using the traditional stack and will be dropped
with SUSE Manager 5.0.

Visualization pages

Visualization pages have been removed from SUSE Manager 5.0.

Deprecated features

Virtualization

Starting from the SUSE Manager 5.0 release, the libvirt management feature will
be deprecated and subsequently removed in future versions. If you still rely on
VM management functionalities, we highly recommend considering alternatives
like Harvester.

ISSv1

Starting from the SUSE Manager 5.0 release, ISSv1 will be deprecated and
eventually removed in future versions. We strongly advise transitioning to
ISSv2 or newer synchronization solutions. If you encounter any gaps or issues
during this transition, please contact us.

'spacewalk-manage-channel-lifecycle' has been deprecated

With SUSE Manager 4.3, the spacewalk-clone-by-date tool was deprecated in favor
of Content Lifecycle Management (CLM), a more powerful and flexible solution.

We are now also deprecating spacewalk-manage-channel-lifecycle, as CLM fully
covers the functionality of both tools.

CLM?s comprehensive API provides all key capabilities previously offered, and
we strongly recommend migrating existing workflows and scripts to CLM.

Upgrade

Upgrading with SUSE Manager Proxy

Although SUSE Manager Server 5.0 works with SUSE Manager Proxy 4.3 and SUSE
Manager Retail Branch Server 4.3, we highly recommend upgrading your Proxy and
Retail Branch Server when feasible. The product is designed for optimal
performance when used in a scenario where all components ? SUSE Manager Server,
SUSE Manager Proxy, and Retail Branch Server ? are of the same version. It's
generally advised to avoid using mixed versions long-term in production
environments.

When upgrading, upgrade the SUSE Manager Server first, followed by the SUSE
Manager Proxy and Retail Branch Servers.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail
Branch Servers are in use, see the Upgrade Guide on https://
documentation.suse.com/suma/5.0/.

Important Only the containerized versions of SUSE Manager Proxy and Retail
          Branch Server will be available for SUSE Manager 5.0.

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.

Unsupported products

  * SUSE Linux Enterprise Server Expanded Support 6

  * SUSE Linux Enterprise Server 11

  * Red Hat Enterprise Linux 6

  * Oracle Linux 6

  * CentOS 6

  * CentOS 8

  * CentOS Stream

  * Ubuntu 16.04

  * Ubuntu 18.04

  * Debian 9

  * Debian 10

  * Debian 11

We encourage you to migrate your workload to a newer version of each
distribution, or to an alternative distribution that is still supported, so you
can continue managing your infrastructure with SUSE Manager.

Please note that we will not break things on purpose for these unsupported
products, and there is a possibility that they could still continue to work.
But if things break, there will not be any support provided, not even on a
best-effort basis.

Deprecated products

The support policy of SUSE Manager clients can be summarized as: "if the
operating system is under general support by its vendor, then SUSE Manager
supports it as a client".

After the EOL of a product, for a grace period of 3 months, a product will be
considered as deprecated before moving to unsupported.

For deprecated products, support will only be provided on a best-effort basis.

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output
of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig or mgradm support, the output will contain
information about your clients as well as about the Server. In particular,
debug data for the subscription matching feature contains a list of registered
clients, their installed products, and some minimal hardware information (such
as the CPU socket count). It also contains a copy of the subscription data
available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory
in the spacewalk-debug tarball before sending it to SUSE.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE
booting, are only supported in the context of SUSE Manager. Stand-alone usage
(e. g. Cobbler command-line) is not supported.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products
past their end-of-life date. For more information about product support, see
Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to
assisting you to bring production systems to a supported state. This could be
either by migrating to a supported service pack or by upgrading to a supported
product version.

Support for SUSE Liberty Linux

SUSE Manager supports SUSE Liberty Linux 7, 8 and 9. SUSE Liberty Linux clients
are sometimes also called SUSE Linux Enterprise Server with Expanded Support
(SLESES) or simply RES.

SUSE has offered LTSS support for SUSE Liberty Linux 7, and SUSE Manager will
continue to support it throughout the LTSS phase.

For a detailed list of supported features, check the Client Configuration Guide
.

          SUSE Liberty Linux includes a compatible scap-security-guide package.
Important However, the version shipped with the client tools is not compatible,
          so it should not be used for SCAP content.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports RHEL/Oracle Linux 8 and 9.

SUSE Manager has the ability to mirror all entitled content for the supported
operating systems. Although SUSE Manager doesn't assign content for specific
systems using subscription-manager, it does rely on it initially to retrieve
the list of repositories that are available. By utilizing the same EUS channels
that Red Hat provides, customers can limit content to individual dot releases.

CentOS Stream is explicitly not supported by SUSE.

Note: Direct sync'ing ULN repos with SUSE Manager are not currently supported.
An Oracle Local Distribution for ULN must be used. To set up a local ULN
mirror, please consult the Oracle documentation provided at the following link

Support for Rocky Linux & AlmaLinux

SUSE Manager supports Rocky Linux 8/9 and AlmaLinux 8/9.

For a detailed list of supported features for AlmaLinux, check the Client
Configuration Guide. For a detailed list of supported features for Rocky Linux,
check the Client Configuration Guide.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 20.04 LTS, 22.04 and 24.04 LTS clients using Salt.

Support for Ubuntu is limited to a growing list of specific features. For a
detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 12 "bookworm" clients using Salt.

Support for Debian is limited to a growing list of specific features. For a
detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers
the same functionality that is supported for the x86_64 architecture. Client
tools are not available yet from SCC but the CentOS 7 client tools from Uyuni
can be enabled using spacewalk-common-channels. There's no CentOS 8 support.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is
limited to problem determination, which means technical support designed to
provide compatibility information, usage support, on-going maintenance,
information gathering, and basic troubleshooting using available documentation.
At the time of writing, any problems or bugs specific to RHEL and CentOS on
ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional
support or features for these operating systems.

SCAP Security Guide support

SUSE provides scap-security-guide package for different OpenSCAP profiles. In
the current version of scap-security-guide, SUSE supports the following
profiles:

  * DISA STIG profile for SUSE Linux Enterprise Server 12 and 15

  * PCI-DSS profile for SUSE Linux Enterprise Server 12 and 15

  * HIPAA profile for SUSE Linux Enterprise Server 12 and 15

Other profiles, like the CIS profile, are community supplied and not officially
supported by SUSE.

For Non-SUSE OSs, please note that the included profiles are community supplied
and not officially supported by SUSE.

Browser support

To effectively manage your SUSE Manager environment via the Web UI, it's
essential to use an up-to-date web browser. SUSE Manager is compatible with:

  * The latest Firefox browser provided with SUSE Linux Enterprise Server

  * The latest Chrome browser across all operating systems

  * The latest Edge browser provided with Windows

Please note that Windows Internet Explorer is not supported. The SUSE Manager
Web UI may not render correctly when accessed through Windows Internet
Explorer.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The only supported methods for installing SUSE Manager is by utilizing images
provided by SUSE, or the tools provided in the SUSE Manager 5.0 Extension, on
top of SUSE Linux Enterprise Micro 5.5.

Known issues

SUSE Manager 5.0 on SLES 15 SP6

Support for SUSE Manager 5.0 on SLES 15 SP6 as a host OS (for Server, Proxy,
and RBS roles) is officially available. However, there are a couple of known
issues to be aware of:

 1. Support is available on SLES 15 SP6, but in some places, such as the
    migration page, only SLE Micro 5.5 is mentioned. This is not correct and
    documentation will be updated soon.

    If you come across any other places where SLES 15 SP6 is not mentioned but
    should be, report them so they can be corrected.

 2. During migration, the following error might occur:

    exec: "restorecon": executable file not found in $PATH

    This happens because the migration script assumes SELinux-related tools are
    installed. To fix this, install the policycoreutils package before starting
    the migration process. This should be fixed with next MU.

KIWI Image Template Update: Switch to venv-salt-minion

If you are still using the salt-minion package in your KIWI image templates, we
recommend switching to the venv-salt-minion package instead. All SUSE-provided
templates have already been updated, but If you are using older custom
templates, we advise making this change to avoid potential issues, as the old
setup is no longer tested and may break in the future.

No network interface in Raw DASD image for s390x

After installing the raw DASD image on s390x, no network interface is detected.
We are actively working on a fix and expect it to be included in the next
update.

Important: Migration from 4.3 to 5.0 Issue

This note is specifically for users who have already migrated from SUSE Manager
4.3 to 5.0.

During the migration, a step was overlooked, which caused an issue that has now
been addressed in this maintenance update. However, if you have made any
changes to the following files post-migration:

  * /var/lib/pgsql/data/pg_hba.conf

  * /var/lib/pgsql/data/postgresql.conf

These changes will be overwritten after this update. Please double-check these
files and reapply any modifications if needed.

Salt - IPv6 Connection refusal after migrating to SUSE Manager 5.0

In an IPv6-enabled environment, migrating from a 4.3 server to a new 5.0 server
might result in Salt connections to ports 4505 and 4506 on the new server being
refused.

Workaround: Inside the container, make sure /etc/salt/master has the following
configuration:

# The address of the interface to bind to:
#interface: 0.0.0.0
interface: '::'

# Whether the master should listen for IPv6 connections. If this is set to True,
# the interface option must be adjusted, too. (For example: "interface: '::'")
#ipv6: False
ipv6: True

Monitoring for SUSE Linux Micro 6.0

Monitoring is currently unavailable on SUSE Linux Micro 6.0 clients. We are
working on it and expect it to be resolved with upcoming maintenance updates.

Migration from SLE Micro 5.5 to SUSE Linux Micro 6.0

Currently, there are some issues with migrating from SLE Micro 5.5 to SUSE
Linux Micro 6.0. Before a migration, users need to manually import the ALP key
for SUSE Linux Micro 6.0 into SLE Micro 5.5 and additionally sync the SUSE
Linux Extras 6.0 module too. This is a known bug, and once fixed, these manual
steps will no longer be necessary.

Migration from SLES 15 SP3 to SLES 15 SP4 issue

In some cases, the action for product migration from SLES 15 SP3 minion to SLES
15 SP4 fails with the error message Unable to parse migration result, even
though the actual migration was successful.

We are investigating this issue. For now, if the migration was successful, you
can ignore this message.

Retail: Local boot issue of SLE12 SP5 based images

If, after PXE booting and rebooting, the SLES 12 SP5 terminal gets stuck at the
"GRUB" message, users need to use the latest profile available in the SUSE/
manager-build-profiles repository.

Transactional systems - Salt SSH execution

The Salt SSH execution utilized during the onboarding process may face
inconsistencies if a Salt Minion or the Salt Bundle is already present on the
Minion, which could potentially result in onboarding failure.

Workaround: If the salt-minion or venv-salt-minion packages are already
installed, remove them, and then proceed to onboard the SUSE Linux Enterprise
Micro or openSUSE Leap Micro system.

mgrpush tool

The mgrpush tool will be functional only from the client side. Although it
remains on the Server for the time being, it will no longer function and will
eventually be removed.

mgr-bootstrap tool removed from the Proxy

The mgr-bootstrap tool has been taken out from the Proxy and will be removed
from the Server as well in future. Overall, several tools on both the Server
and Proxy will be phased out in favor of the API or integrated into mgrpxy/
mgradm.

If users wish to create a bootstrap script to register against the Proxy, they
can do so using the following command from the Server container:

mgr-boostrap --hostname $proxyfqdn

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE
products:

  * Check the newest SUSE Manager 5.0 release notes

  * Read the SUSE Blog

  * Use the SUSE Best Practices for SUSE Manager

  * Join the upstream Uyuni community and monthly community meetings

  * Join the channels users and devel at Gitter to chat with upstream
    community.

Providing feedback

If you encounter a bug in any SUSE product, please report it through your SUSE
Customer Service or Sales representatives

Resources

Latest product documentation: https://documentation.suse.com/suma/5.0/.

Technical product information for SUSE Manager: https://www.suse.com/products/
suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/source-code/ for additional information on the
source code of SUSE Linux Enterprise products.

Legal Notices

SUSE Software Solutions Germany GmbH
Frankenstra?e 146
D-90461 N?rnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com

SUSE makes no representations or warranties with regard to the contents or use
of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
SUSE reserves the right to revise this publication and to make changes to its
content, at any time, without the obligation to notify any person or entity of
such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, SUSE reserves
the right to make changes to any and all parts of SUSE software, at any time,
without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You
agree to comply with all export control regulations and to obtain any required
licenses or classifications to export, re-export, or import deliverables. You
agree not to export or re-export to entities on the current U.S. export
exclusion lists or to any embargoed or terrorist countries as specified in U.S.
export laws. You agree to not use deliverables for prohibited nuclear, missile,
or chemical/biological weaponry end uses. Please refer to the SUSE Legal
information page for more information on exporting SUSE software. SUSE assumes
no responsibility for your failure to obtain any necessary export approvals.

Copyright ? 2012-2024 SUSE LLC.

This release notes document is licensed under a Creative Commons
Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should
have received a copy of the license along with this document. If not, see
https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the
product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the
U.S. patents listed at https://www.suse.com/company/legal/ and one or more
additional patents or pending patent applications in the U.S. and other
countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://
www.suse.com/company/legal/). All third-party trademarks are the property of
their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Team.

Last updated 2025-07-10 22:51:07 +0400
