This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download at

Also, for up to three years from SUSE’s distribution of the SUSE product, upon request SUSE will mail a copy of the source code. Requests should be sent by e-mail to or as otherwise instructed at SUSE may charge a fee to recover its reasonable costs of distribution.

Version Revision History

  • January 2020: 3.2.13 release

  • November 2nd 2019: 3.2.12 release

  • October 2nd 2019: 3.2.11 release

  • July 24th 2019: 3.2.10 release

  • July 9th 2019: 3.2.9 release

  • June 25th 2019: 3.2.8 release

  • April 24th, 2019: 3.2.7 release

  • March 12th, 2019: 3.2.6 release

  • February 13th, 2019: 3.2.5 release

  • December 7th, 2018: 3.2.4 release

  • October 19th, 2018: 3.2.3 release

  • September 26th, 2018: 3.2.2 release

  • September 4th, 2018: 3.2.1 release

  • June 25th, 2018: 3.2.0 release

About SUSE Manager Proxy

SUSE Manager Proxy Server is an add-on to SUSE Manager Server providing mirroring proxy support. This allows for load distribution and improved scalability.

Operation is completely transparent. The SUSE Manager Proxy looks like a managed client to SUSE Manager Server and like a Server to the managed clients. Managed clients only talk to the Proxy Server which in turn communicates to the SUSE Manager Server.

All RPM packages that pass the Proxy Server are cached and subsequent client requests for these packages are resolved from the cache.

System Requirements

SUSE Manager Proxy Server is a 64-bit application. Recommended main memory for a production server is 4 GB and approx 50 GB of disk space per distribution or channel.

See the Advanced Topics manual for more details on the system requirements.

SUSE Manager Proxy distribution

SUSE Manager Proxy is distributed as an extension (add-on) for SLES 12 SP4 x86_64.

Installation and Setup

Installation of SUSE Manager 3 Proxy is done via the SUSE Manager 3.2 Server web interface.

See the Advanced Topics manual for step-by-step instructions for installing and configuring SUSE Manager 3.2 Proxy.

Upgrade from version 3.1

Upgrading an existing SUSE Manager Proxy 3.1 system to SUSE Manager Proxy 3.2 can be done by an in-place upgrade or by setting up a new system, replacing the old one.

Both approaches are described in the SUSE Manager 3.2 "Advanced Topics" guide, look for "Migrating SUSE Manager Proxy 3.1 to SUSE Manager Proxy 3.2"

Upgrade from version 2.1 or older

Not supported. Please re-install SUSE Manager Proxy 3.2 from scratch.

SUSE Manager Server versions

SUSE Manager 3.2 Proxy can only work with SUSE Manager 3.2 Server.

SUSE Manager 3.2 Server can work with SUSE Manager 3.2 Proxy or 3.1 Proxy.

Major changes since SUSE Manager 3.2 Proxy GA

Features and changes

Version 3.2.13

This is mostly a bugfix release, with some highlights.

New products enabled
  • SUSE Linux Enterprise Real Time 12 SP5

  • SUSE Linux Enterprise Server 15 LTSS

  • SUSE Linux Enterprise Server 15 ESPOS

Regeneration of bootstrap scripts is required

Bootstrap scripts for salt managed clients should be re-generated, as we need to set additional options for the minion config for performance reasons.

Version 3.2.12

Bugfix release with enhancements for Debian and Ubuntu. Refer to the SUSE Manager 3.2.12 Server release notes for more details.

Version 3.2.11

Bugfix release

Since this version, as part of a bugfix, it is no longer allowed to delete a channel when there are cloned channels based on it.

Version 3.2.10

Bugfix release

Version 3.2.9

Bugfix release

Version 3.2.8

Bugfix release

Version 3.2.7

Add support for Ubuntu to bootstrap script

Version 3.2.6

Support token authentication for Debian/Ubuntu clients via SUSE Manager Proxy.

Version 3.2.5

Bugfix release

Version 3.2.4

SUSE Manager 3.2 Proxy enabled for SLES 12 SP4

SUSE Manager 3.2 Proxy is now based on SLES 12 SP4.

If you already have a SUSE Manager 3.2 Server or Proxy deployed, you can now initiate a service pack migration as outlined in the SLES documentation.

If you deploy a SUSE Manager 3.2 Server or Proxy anew, please start with SLES 12 SP4 as the base operating system.

Release notes and documentation have been adapted to reflect this.

Version 3.2.3

Enablement for Retail scenarios

This update provides enablement for SUSE Manager in Retail (formerly: SLEPOS) scenarios.

Version 3.2.2

Proxy can be a Salt minion

The SUSE Manager Proxy system can now be managed with Salt. See the "Proxy" chapter of the advanced topics manual.

Version 3.2.1

Bugfix release


The SUSE Patch Finder is a simple online service to view released patches.

Version 3.2.13


  • SQL scripts are now placed at /etc/jabberd/scripts to make jabberd compatible with JeOS (bsc#1148352)


  • Release Notes have the old name of SUSE (bsc#1152765)


  • Do not break communication between 3.2 and 4.0 client tools (bsc#1158799)

  • Fix problems with Package Hub repos having multiple rpms with same NEVRA but different checksums (bsc#1146683)


  • Add additional minion options to configfile when generated by bootstrap script (bsc#1159492)

  • Fix bootstrap script generator to work with Expanded Support 8 product (bsc#1158002)


  • Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160)


  • Fix problems with Package Hub repos having multiple rpms with same NEVRA but different checksums (bsc#1146683)


  • SQL scripts are now placed at /etc/jabberd/scripts to make jabberd compatible with JeOS (bsc#1148352)


Version 3.2.12

  • Add script to update additional fields in the DB for existing Deb packages

  • Import additional fields for Deb packages

  • Make traditional bootstrap more robust for unknown hostname (bsc#1152298)

  • Fix WebUI invalidation time by using the package build time instead of the WebUI version (bsc#1154868)

  • Trim strings when creating/updating image stores/profiles (bsc#1133429)

  • Show loading spin while loading salt keys data (bsc#1150180)

  • Prevent possible encoding issues on Python 3 (bsc#1152722)

Version 3.2.11

  • Remove credentials also from potential rhn.conf backup files in spacewalk-debug (bsc#1146419)

  • Do not make 'rhn-satellite-exporter' to crash with "AttributeError" (bsc#1146869)

  • Spacewalk-remove-channel check that channel doesn’t have cloned channels before deleting it (bsc#1138454)

  • Prevent duplicate changelog entries due VARCHAR(3000) db text column (bsc#1144889)

  • Avoid traceback on mgr-inter-sync when the exception message contains UTF8 characters or there are problems with the package cache (bsc#1143016)

  • Virtual guest systems registered as traditional clients are shown as foreign when the virtualization host is registered as foreign (bsc#1093381)

  • Invalidate cache 5 minutes before actual expiration(bsc#1143562)

  • Fix the 'include recommended' button on channels selection in SSM (bsc#1145086)

  • Normalize date formats for actions, notifications and clm (bsc#1142774)

  • Add unsupported browser warning when using Internet Explorer


Version 3.2.10

  • Don’t skip Deb package tags on package import (bsc#1130040)

  • Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940)

  • Add journalctl output to spacewalk-debug tarballs

  • Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715)

  • Run completely unattended on Ubuntu (bsc#1137881)

  • Remove double slashes from cobbler api endpoint (bsc#1133800)

  • Add checks for empty required entries on formula forms (bsc#1109639)

Version 3.2.9

  • Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480)

  • Fix for CVE-2019-10137. A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated, attacker could use this flaw to test the existence of arbitrary files, or if they have access to the proxy’s filesystem, execute arbitrary code in the context of the proxy. (bsc#1136476)

  • Change WebUI string version to 3.2.9

Version 3.2.8

  • Create client tools compat links also for non-SUSE systems (bsc#1131408)

  • Use new names in code for client tool packages which were renamed (bsc#1134876)

  • Fix HTTP headers handling to avoid duplicated entries (bsc#1125090)

  • Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424)

  • Add new packages names to instructions for adding remote configuration support for traditional clients

  • Print error message instead of stacktrace for

  • Fix HTTP headers handling to avoid duplicated entries (bsc#1125090)

  • Do not reset rhn.conf on proxy during upgrade (bsc#1132197)

  • Change WebUI string version to 3.2.8

Version 3.2.7

  • Fix linking of packages in reposync (bsc#1131677)

  • Fix: handle non-standard filenames for comps.xml (bsc#1120242)

  • Mgr-sign-metadata can optionally clear-sign metadata files

  • Add support for Ubuntu to bootstrap script

  • Clean up downloaded gpg keys after bootstrap (bsc#1126075)

  • Show undetected subscription-matching message object as a string anyway (bsc#1125600)

  • Fix action scheduler time picker prefill when the server is on "UTC/GMT" timezone (bsc#1121195)

  • Allow username input on bootstrap page when using Salt-SSH

  • Add cache buster for static files (js/css) to fix caching issues after upgrading.

Version 3.2.6

  • fix typo in syncing product extensions (bsc#1118492)

  • Make reposync use and append token correctly to the URL

  • Added 'mgr-sign-metadata-ctl' for repository metadata signing

  • Support token authentication for Debian/Ubuntu clients

  • Cache .deb packages

  • Fix initializing of the datetime picker (bsc#1126862)

  • Sort activation key list on create image profile page (bsc#1122770)

  • Sort channel lists on the product page of the setup wizard

  • Sort activation key list on bootstrap page (bsc#1122770)

  • Remove RH-specific warning message (bsc#1118100)

Version 3.2.5

  • Move channel update close to commit to avoid long lock (bsc#1121424)

  • Adapt Inter Server Sync code to new SCC sync backend

  • Fix issue raising exceptions 'with_traceback' on Python 2

  • Hide Python traceback and show only error message (bsc#1110427)

  • Honor renamed postgresql10 log directory for supportconfig

  • Don’t write invalid values to answer file for

  • Show feedback messages after using the retry option on the notification messages page

  • Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies

  • Fix wording for taskotop (cosmetical only)(bsc#1118112)

  • When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772)

Version 3.2.4

  • Make datetimepicker update displayed time (bsc#1041999)

  • Show human-readable system cleanup error messages

  • ActivationKey base and child channel in a reactjs component

  • Fix typo in messages (bsc#1111249)

Version 3.2.3

  • Adjusted pacakges list for Retail pattern

  • Fix applying default values to edit-group

  • Respect $name in dictionary edit-group

  • Filter out empty values in edit-group (bsc#1104837)

Version 3.2.2

  • Remove unneeded requires for minion proxy; traditional clients still will get those packages via bootstrap repo

  • Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool(bsc#1104120)

  • Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388)

  • Feat: check for Dynamic CA-Trust Updates while bootstrapping on RES (FATE#325588)

  • Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

  • Add script for retrieving the systemid file in for minions (fate#323069)

  • Fix wrong paths to scripts; ensure CA can be found

  • Allow relative path in visibleIf tag in formulas

  • Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

  • Refactor the fetching and cache the child channels and mandatory channels in System Details change channels page

Version 3.2.1

  • Fix directory permissions (bsc#1101152)

  • Feature: implement optional signing repository metadata

  • Fix truncated result message of server actions (bsc#1039043)

  • Do not copy 'foreign_entitlement' from virtual host to the registered guest (bsc#1093381)

  • Fix ordering of channel data (bsc#1083294)

  • Add RHEL 6.10 channel definitions

  • Refactor buttons.js

  • Feature: implement test-mode for highstate UI

  • Disable child channel selection only if channel is actually assigned(bsc#1097697)

  • Fix typo in 'Installed Products' label in image overview page

  • Fix css issues on minion-state pages (bsc#1083295)

  • Show feedback on button clicked (bsc#1085464)

  • Show chain of proxies correctly (bsc#1084128)

  • Improve the gulpfile watch mode performance (bsc#1096747)

  • Turn on metadata signature checking if signature is available

Major changes since SUSE Manager 3.1 Proxy

Salt 2018.3.0

Salt has been upgraded to the final 2018.3.0 release.

Spacewalk 2.8

SUSE Manager 3.2 Proxy is based on Spacewalk 2.8 with many new features added by SUSE.

See the SUSE Manager 3.2 Server release notes about details on Spacewalk 2.8

Providing feedback to our products

In case of encountering a bug please report it through your support contact.

Documentation and other information contains additional or updated documentation for SUSE Manager Server 3.2

These Release Notes are available online. Further information about SUSE Manager is available in the Wiki and the SUSE Best Practices.

Visit for the latest Linux product news from SUSE and for additional information on the source code of SUSE Linux Enterprise products.

SUSE Software Solutions Germany GmbH
Maxfeldstraße 5
90409 Nuremberg, Germany
Tel: +49 (0)911 740 53 - 0
Registrierung/Registration Number: HRB 21284 AG Nürnberg
Geschäftsführer/Managing Director: Felix Imendörffer, Mary Higgins, Sri Rasiah
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2019 SUSE LLC. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list ( All third-party trademarks are the property of their respective owners.


Thank you for using SUSE Manager Proxy Server in your business.

Your SUSE Manager Team.