This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version revision history

  • October 2023: 4.3.9 release

  • September 28th 2023: 4.3.8 release

  • August 2nd 2023: 4.3.7 release

  • June 21th 2023: 4.3.6 release

  • March 20th 2023: 4.3.5 release

  • February 10th, 2023: 4.3.4 release

  • December 14th, 2022: 4.3.3 release

  • October 26th, 2022: 4.3.2 release

  • September 8th, 2022: 4.3.1 release

  • June 20th, 2022: 4.3 GA

About SUSE Manager 4.3

SUSE Manager 4.3, the latest release from SUSE based on SUSE Linux Enterprise Server 15 SP4 and the Uyuni Project, delivers a best-in-class open source infrastructure management and automation solution that lowers costs, identifies risk, enhances availability and reduces complexity.

As a key component of a software-defined infrastructure, SUSE Manager 4.3 delivers the following new or enhanced capabilities to your Edge, Cloud & Datacenter environments.

Expanded operating system support

Adding to its extensive list of Linux distributions, SUSE Manager 4.3 introduces support for Debian 11, further enabling the management of all your Enterprise Linux distributions from a single tool – no matter where they are located.

SUSE Manager now supports the management of SLES, SLES for SAP, SLE-Micro, RHEL, openSUSE, SUSE Liberty Linux, Oracle Linux, CentOS, AlmaLinux, Rocky Linux, Ubuntu, Debian, and Amazon Linux.

Scaling SUSE Manager

With the "SUSE Manager Hub" multi-server architecture we are gradually introducing a framework that allows you to scale SUSE Manager deployments to hundreds of thousands of nodes using tiered management servers.

SUSE Manager 4.3 further introduces new features in Hub framework, optimizing it for the edge deployments, and fill the gaps by introducing centralized reporting and enhancing ISSv2 by adding capabilities to transfer OS Images and configuration channels from Hub to peripheral servers.

With ever growing Linux footprints you need your management tool be able to scale to tens of thousands of Linux devices and beyond. With the performance and scalability enhancements in 4.3, your SUSE Manager deployment can easily scale in your environment in any direction, while providing better performance than any previous version even in very large-scale environments.

This allows you the flexibility to grow your infrastructure as required by your business needs, with the peace of mind that SUSE Manager will be able to manage your large estate, and the cost implications of growing their footprint will not be exaggeratedly high.

Before you begin , you should always get advice from a SUSE partner, sales engineer, or consultant.

Updating and Configuration Management

With SUSE Manager 4.3, one of the goal is to make typical system administration tasks even more easier. There will be number of improvments when it comes to SSM, action status at given time, to name a few.


One of the main areas that we wanted to improve with SUSE Manager 4.3 is interoperability. Our goal was to make SUSE Manager play well with the existing tools that users already have.

Salt bundle

One effort in this regard has been around salt. SUSE Manager 4.3 comes with salt-bundle. The Salt Bundle can be used on systems that already run another Salt Minion or systems which do not meet Salt’s requirements or already provide a newer salt version that is used instead of the version provided by SUSE Manager.


Another goal that we want to achieve in a long run is to enable SUSE Manager to be deployed in container-only environments, independently from the base OS. Allow SUSE Manager components (specifically Proxies/Retail Branch servers) to run in more resource-constrained environments. Edge market is our main audience here with this effort. It will allow users to install SUSE Manager components on top of kubernetes, increasing flexibility and future viability

Enabling SUSE Manager Proxy and Retail Branch Servers to also run in containers, is in SUSE Manager 4.3 scope.


With SUSE Manager 4.3, in addition to the current XML-RPC API, a new JSON over HTTP API will also be provided to make SUSE Manager API even easier to consume.

SUSE Manager is seeing more and more use in automated scenarios, where it is a part of a bigger system and is driven via its APIs. The XML-RPC protocol has served users well so far and will continue to do so, but HTTP APIs are more in demand and have better tooling support.

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:



SUSE Manager Server 4.3 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 Service Pack 4. It is available for x86-64, POWER (ppc64le), or IBM Z (s390x). No separate SUSE Linux Enterprise subscription is required.

With the adoption of a unified installer in SUSE Linux Enterprise 15, system roles are used to customize the installation for each product. The unified installer provides an easier way to install the operating system and the SUSE Manager Server application together with specific pre-configured system settings. This addresses the need for enterprise deployments to standardize on the base operating system as well as on specific storage setups.

PostgreSQL is the only supported database. Using a remote PostgreSQL database is not supported.

Note: In order to achieve optimal performance, we are updating the minimal memory requirement for the server from 8GB to 16GB. To ensure smooth operations, we suggest updating your system accordingly.

Update from previous versions of SUSE Manager Server

In-place update from SUSE Manager Server 4.1 and 4.2 is supported.

All connected clients will continue to run and remain unchanged.

For detailed upgrading instructions, see the Installation and Upgrade Guide

Major changes since SUSE Manager Server 4.3 GA

Important Note

We have recently undertaken a strategic roadmap revamp for SUSE Manager, leading to adjustments in its release cycle. Notably, we have decided to drop the release of SUSE Manager 4.4, which was originally planned to be based on SUSE Linux Enterprise Server 15 SP5. Instead, we have opted to backport all the intended features of 4.4 to SUSE Manager 4.3. The next major SUSE Manager release will be SUSE Manager 5.0, planned to be released around mid 2024.

As part of this initiative, we have also extended the lifecycle of SUSE Manager 4.3 by an additional year. It is important to note that the Unified Installer will not include SUSE Manager 4.4 due to these changes.

Please be aware that SUSE Manager 4.3 is built on SUSE Linux Enterprise Server 15 SP4, and it will remain in its current state. It is advised not to upgrade the underlying operating system to SUSE Linux Enterprise Server 15 SP5 where SUSE Manager is running on.

We believe these adjustments to the release cycle and extended lifecycle will facilitate a smoother transition and ensure that users can benefit from the planned enhancements without disruption.

Note: While SUSE Manager 4.3 remains on SUSE Linux Enterprise Server 15 SP4, following the conclusion of general support for 15 SP4, the SUSE Manager 4.3 Update channel will receive SUSE Linux Enterprise Server 15 SP4 LTSS updates automatically, with no extra charges. This ensures that users will continue to receive crucial updates, including security updates, through the server channels during the lifecycle of SUSE Manager 4.3.

Features and changes

Version 4.3.9

Debian 12 support

SUSE Manager 4.3 broadens its support to a wider range of operating system releases. We are delighted to announce the inclusion of support for Debian 12. With this update, you can manage Debian 12 clients directly from SUSE Manager, ensuring that you can efficiently keep their instances updated and secure.

For additional details on the registration process, please consult the Registration section in our documentation.

New Mailing list

We are excited to introduce a valuable addition to our communication channels - the suma-updates mailing list. This mailing list is specifically dedicated to providing you with the latest Update Advisories for SUSE Manager.

Keeping your SUSE Manager deployment up to date is crucial, and suma-updates is your gateway to receiving real-time notifications and advisories regarding all updates related to SUSE Manager. This mailing list is designed to ensure that you stay well-informed and up to date with the latest developments and improvements.

Subscribing to 'suma-updates' is a simple and effective way to guarantee that you are always in the loop. Whether it’s important security updates or exciting new features, you can count on this mailing list to deliver the information you need.

To join 'suma-updates' and never miss an important update, please visit the subscription page here: suma-updates. Stay connected, stay updated with SUSE Manager.

New Update Notification

In addition to the mailing list, SUSE Manager will now deliver notifications about new maintenance updates directly within the SUSE Manager user interface. This feature offers users a convenient and efficient means to stay informed and keep their SUSE Manager up-to-date.

Monitoring: Grafana upgraded to 9.5.8

Grafana has been updated from version 9.5.5 to 9.5.8, signifying a minor update that addresses several bugs.

For detailed information about the fixes and features, you can refer to the following links:

Update 'saltkey' endpoints to accept GET instead of POST requests.

The saltkeys namespace now accepts GET requests instead of POST for the following endpoints:

  • acceptedList

  • pendingList

  • rejectedList

  • deniedList

Salt CVEs

Following CVE has been fixed for Salt with this MU.

  • CVE-2023-34049 - arbitrary code execution via symlink attack (bsc#1215157)

Version 4.3.8

Important Salt Minion update

Salt version 3006.0 introduced a significant regression that led to communication issues between Salt Minions and the Salt Master. These communication problems manifest in two distinct ways:

  • In some instances, Minions send duplicate job results to the Master.

  • In specific scenarios, particularly when using Salt to install or update a Salt Minion, the job result is lost. This loss of a job response keeps SUSE Manager actions in "pending" state, effectively tying up system resources.

Both Salt Minion (classic) and Salt Bundle are impacted by these issues.

This update provides the necessary fix to address the communication problems. However, there is a minor caveat to consider. Installing this update on Salt Minions carries a high probability of causing the previously mentioned job result loss. Consequently, the SUSE Manager action responsible for updating the Salt Minion may remain in a permanent "pending" state until manually cancelled. To be clear, we expect this to be a one-time issue happening when this update is installed. Subsequent interactions with Salt Minions are expected to function without any problems.

IMPORTANT: We strongly advise upgrading the Salt Minion (classic or Salt bundle) on all minions, ideally as a separate action. Please note that this action may remain in a pending state as expected. After some time has passed, you can execute a package refresh to verify the successful completion of the update and confirm that the Salt Minion package has been upgraded.

SUSE Manager Pay-as-you-go (PAYG)

With this maintenance update, we are excited to announce the availability of a Pay-as-you-go (PAYG) image on Amazon Web Services (AWS). This addition complements our existing deployment options, which include on-premises installations and Bring-your-own-subscription (BYOS) models. With the introduction of PAYG, you now have an additional cloud-native choice for deploying SUSE Manager on AWS. PAYG simplifies how you can deploy SUSE Manager on AWS, as it enables you to pay only for what you utilize. It eliminates complex billing structures and offers a straightforward way to manage your infrastructure on the cloud.

Additionally, we are also working on PAYG image options for SUSE Manager on Microsoft Azure too. This will further broaden the range of cloud deployment alternatives available to you.

For more detailed information on this, please refer to the PAYG Guide in the SUSE Manager 4.3 documentation.

Please consult the Known issues section for some issues around SUSE Manager PAYG image.

Automated RHUI credential update

In the past, there was a requirement to manually import certificates and entitlement data into the SUSE Manager Server.

Now, we have streamlined this procedure by integrating the same mechanism employed for SUSE PAYG instances. The PAYG connection regularly communicates with the client to retrieve the most current authentication data. It’s crucial to ensure that the client remains operational and undergoes regular updates.

For more detailed information on this, please refer to the Red Hat Clients - RHUI section in the SUSE Manager 4.3 documentation.

Please consult the Known issues section for some issues around this.

Monitoring: Prometheus upgraded to 2.45.0

Prometheus golang-github-prometheus-prometheus has been upgraded from 2.37.6 to 2.45.0. Prometheus 2.45.x is the new LTS release that will receive security, documentation and bugfix patches for at least 12 months. The update includes number of enhancements and bug fixes. There was a breaking change around changed WAL record format for the experimental native histograms coming from 2.42.0. This upgrade also includes the fix for the following CVE.

Check the upstream changelogs for more details:

Monitoring: Apache exporter updated to version 1.0.0

Prometheus exporter for Apache golang-github-lusitaniae-apache_exporter has been upgraded from version 0.11.0 to the version 1.0.0. This upgrade includes the fix for the following CVEs.

Check the upstream release notes for more details, including new metrics.

Salt CVEs

Following CVEs have been fixed for Salt with this MU.

Force saltboot image redeployment

Saltboot systems typically undergo automatic redeployment or repartitioning when a new image becomes available or when there are changes to the Saltboot partitioning.

Nevertheless, there may be instances where it becomes necessary to manually trigger Saltboot to redeploy an image or repartition a disk, even when automation wouldn’t typically initiate these actions.

In such scenarios, apart from utilizing salt grains, we now also offer a method to achieve this through pillars.

For more detailed information on this, please refer to the Force image redeployment section in the SUSE Manager 4.3 documentation.

Version 4.3.7

Ansible integration

Given the widespread usage and advocacy of Ansible by various vendors and tools, it was a logical step to incorporate Ansible integration into SUSE Manager.

Initially introduced as a Technology Preview in SUSE Manager 4.2, we are delighted to announce that starting with SUSE Manager 4.3.7, Ansible integration will be officially supported.

You can now effortlessly utilize and execute your existing Ansible playbooks. This feature not only saves time and resources but also consolidates tools, preserving your prior automation investments. The integration eliminates the need to re-implement your Ansible automation solution, simplifying the migration process.

Furthermore, when combined with SUSE Manager’s powerful Salt capabilities, it enhances the configuration and automation functionalities of the platform. This comprehensive solution empowers you to efficiently orchestrate even the most complex environments, spanning across both cloud and on-premise infrastructure.

For more detailed information on this integration, please refer to the Ansible Integration section in the SUSE Manager 4.3 documentation.

Monitoring: Grafana upgraded to 9.5.5

Grafana has been upgraded to 9.5.5. This update fixes the following security vulnerabilities:

Check the offical page for more details.

Version 4.3.6

Salt 3006.0

Salt has been upgraded to upstream version 3006.0, plus a number of patches, backports, and enhancements by SUSE, for the SUSE Manager Server, Proxy, and Client Tools.

Salt 3006.0 is the first LTS release of Salt based on the newly defined release strategy. The purpose of the LTS release is to provide users with a stable version of Salt for a longer period.

For more details about this release, see the Salt 3006.0 upstream release notes.

WARNING: This release updates the Salt version for master and minions. Make sure you update the SUSE Manager Server before updating the clients, as stated here

New products enabled

SUSE Manager 4.3 now supports even a wider range of operating system releases. The following additional OS releases will be supported starting from 4.3.6

  • SUSE Linux Enterprise Server 15 SP5 Family

  • SUSE Linux Enterprise Server Micro 5.4

  • openSUSE Leap 15.5

For more information about the registration process, refer to the Registration section, and for more information about supported features, consult the Supported Features.

Installing PTFs from SUSE Manager

SUSE provides temporary fixes for all currently supported solutions delivered directly to its customers. These PTFs (Program Temporary Fixes) are now available as repositories, which can be synced in SUSE Manager. This enables users to conveniently install the PTFs on clients wherever necessary, directly from SUSE Manager.

For more information about this feature, see the Using PTFs in SUSE Manager.

Note: PTF packages are currently only supported for SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15 based systems. Other versions or operating systems do not have this feature yet and the related pages are not visible for them.

Recurrent Custom States

Our recent focus has been on enhancing automation capabilities, particularly through the recurrent highstate feature. While that capability received positive feedback, it was deemed somewhat restricted. To address this, we have extended the initiative by enabling users to schedule custom states on a recurrent basis. With this new feature, users can now automate their workflows more effectively and efficiently. Users can schedule automated recurring actions for Salt clients both from the webUI and the API. One can apply recurring action to individual clients, to all clients in a system group, or to an entire organization.

For more information about this feature, see the Recurring Actions section in the administration guide.

Note: We would like to inform our users that the recurringaction namespace in the API has been deprecated. In its place, we have introduced three new namespaces: recurring, recurring.custom, and recurring.highstate. These new namespaces are now available for use and we recommend updating your code to reflect these changes.

Note: As part of this feature, we have also exposed some internal states and a new state called uptodate that helps users to keep clients up to date. Users can combine all these states in any order, but states with a reboot should be scheduled last. Note that the execution order may differ from what it seems if a state includes any ordering or condition using order or requires.

Syncing optional channels from the webUI

Until SUSE Manager 4.3.5, syncing optional channels was only possible with the CLI tool mgr-sync, but not from the Setup Wizard in the webUI.

Starting with SUSE Manager 4.3.6, this is now also possible from the webUI.

Each product at the Setup Wizard will now allow syncing optional channels, provided that the mandatory channels for the product are already synced.

To enable the optional channels:

  1. Go to Admin → Setup Wizard → Products

  2. Look for the product you want to sync an optional channel for

  3. Use the Show the product’s channels button (next to the sync status)

  4. A popup will appear, allowing you to use checkboxes to enable optional channels. Mark as many as needed.

  5. Use the Confirm button to schedule the sync

All Tomcat logs are now rotated with logrotate

Until SUSE Manager 4.3.5, localhost.log, manager.log, host-manager.log, localhost_access_log.txt and catalina.out were rotated with Valve.

Valve does not support archiving, so now the Tomcat logs are configured to rotate with logrotate and support archiving.

The configuration is the same as for the other Tomcat logs: weekly rotation, one year of retention and compression enabled.

'system-profile-refresh' Taskomatic job

To ensure a consistent view in SCC for clients registered through SUSEconnect, RMT, SMT, and SUSE Manager, a new taskomatic job called system-profile-refresh was introduced specifically for SUSE Manager. This job is necessary to send accurate subscription information to SCC, as up-to-date hardware data is required for that purpose. The task runs once every month on the 15th at 5:00 AM, which may impose some load on the systems. However, no significant performance issues are anticipated during that time.

Monitoring: Grafana upgraded to 9.5.1

Grafana has been upgraded from 8.5.20 to 9.5.1. This is a big upgrade and include several breaking changes, new features and some important fixes for several security vulnerabilities.

Check the What’s new in Grafana section and the upstream changelog for all the details.

Monitoring: Node exporter upgraded to 1.5.0

With SUSE Manager 4.3.6, golang-github-prometheus-node_exporter has been updated from version 1.3.0 to 1.5.0

The new version changes the Go runtime GOMAXPROCS to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads.

This update fixes the following security vulnerabilities:

  • CVE-2022-27191

  • CVE-2022-27664

  • CVE-2022-46146

The update includes also several bugfixes and features but no breaking changes.

Check the upstream changelogs for more details:

Monitoring: Prometheus upgraded to 2.37.6

Prometheus golang-github-prometheus-prometheus has been upgraded from 2.32.1 to 2.37.6. Prometheus 2.37 is the first Long-Term Supported release of Prometheus.

This version contains two noticeable changes related to TLS:

  • TLS 1.0 and 1.1 disabled by default client-side. Prometheus users can override this with the min_version parameter of tls_config.

  • Certificates signed with the SHA-1 hash function are rejected. This doesn’t apply to self-signed root certificates.

This update fixes the following security vulnerabilities:

  • CVE-2022-46146

  • CVE-2022-41715

  • CVE-2022-24921

The update includes also several bugfixes and features but no breaking changes.

Check the upstream changelogs for more details:

Monitoring: Prometheus alert manager

Prometheus golang-github-prometheus-alertmanager has been patched to include the fix for the following CVE.

Monitoring: Postgres exporter upgraded to 0.10.1

prometheus-postgres_exporter has been updated from version 0.10.0 to version 0.10.1, with the update fixing the following security vulnerability:

This update does not include any breaking changes or features.

Check the upstream release notes for all the details.

Monitoring: Blackbox exporter

Prometheus prometheus-blackbox_exporter has been patched to include the fix for the following CVE.

Version 4.3.5

Salt 3000 EOL

Upstream Salt 3000 went End of life on August 31, 2021. However, because it was part of the Advanced Systems Management Module of SUSE Linux Enterprise 12 and there was no bundle available for SUSE Manager 4.1, we needed to keep it supported for the life of SUSE Manager 4.1.

Salt 3000 will no longer be supported in the context of SUSE Manager now that both SUSE Manager 4.1 and the Advanced Systems Management Module of SUSE Linux Enterprise 12 are End of Life. Customers are required to migrate existing Salt 3000 minions for SUSE Linux Enterprise Server 12, Red Hat Enterprise Linux 7, CentOS 7, Oracle Linux 7, and Amazon Linux 2 to the Salt Bundle in order to get the support.

For more information about performing Salt 3000 to Salt Bundle migrations, please consult the Client Configuration Guide.

IMPORTANT: The Salt 3000 will no longer receive updates or L3 support. For updates and support, all minions currently using Salt 3000 must be migrated to the Salt Bundle.

Content Lifecycle Management: Disabling modularity for AppStream repositories

Starting with SUSE Manager 4.3.5, AppStream modularity can be disabled by removing the module metadata from the target repositories without having to enable any modules. This can be achieved by using the new none matcher with the AppStream filters.

This new feature is especially useful for RHEL 9, SUSE Liberty Linux 9, AlmaLinux 9, Rocky Linux 9 or Oracle Linux 9, as default versions of most applications are now served as regular packages.

Check the Administration Guide for more information.

SUSE Linux Enterprise Server Micro product migration

We resolved known issues related to SUSE Linux Enterprise Server Micro. In addition, SUSE Manager 4.3.5 now supports the migration of SUSE Linux Enterprise Server Micro to newer versions.

Check the Client Configuration Guide for a complete list of supported features.

Monitoring: Grafana update to 8.5.20

Grafana has been upgraded to 8.5.20. This update fixes some important security vulnerabilities:

  • CVE-2022-23552

  • CVE-2022-39324

  • CVE-2022-41723

  • CVE-2022-46146

Check the upstream changelog for all the details.

Subscription warning notifications will now happen weekly

Previous versions of SUSE Manager created a notification each day when a SUSE Customer Center (SCC) subscription was about to expire, starting 90 days before the subscription expiration and 30 days after expiration.

With SUSE Manager 4.3.5 we are adressing the feedback we got about the frequency, and we are changing it to happen weekly, on Mondays.

The warning box at the Dashboard (Home > Overview) will still show up any time there is a subscription expiring in the next 90 days, or expired in the last 30 days.

Documentation: New look and feel

We have recently introduced a new branding for our documentation. The documentation team has created a modern and visually appealing design that enhances the overall user experience. With this new update, we aim to provide a more intuitive and streamlined approach to accessing the information you need. We believe this new design will make it easier for users to navigate and locate the information they need quickly and efficiently.

We look forward to receiving your feedback.

New API methods for kickstart.tree

The following new API endpoints have been added to the kickstart.tree namespace.

create : API endpoint to create a Kickstart Tree (Distribution) that also accepts kernel options and post kernel options

update : API endpoint to update an existing Kickstart Tree (Distribution) that also accepts kernel options and post kernel options

These methods could further help in improving the automation workflows.

Version 4.3.4

SUSE Liberty Linux 9 support as client

SUSE has announced the general availability of SUSE Liberty Linux 9 (SLL9). The SLL9 and SLL9-HA products are immediately available for customers. With SUSE Manager 4.3.4, we are happy to announce that SLL9 is a fully supported client in SUSE Manager. SUSE Liberty Linux 9 instances can now be managed right from SUSE Manager.

Check the Client Configuration Guide for information about it.

SUSE Linux Enterprise Server Micro support as client

SUSE Linux Enterprise Server Micro is an ultra-reliable, lightweight operating system purpose built for containerized and virtualized workloads. It leverages the enterprise hardened security and compliance components of SUSE Linux Enterprise and merges them with a modern, immutable, developer-friendly OS platform.

Support for SUSE Linux Enterprise Server Micro in SUSE Manager was added as a tech preview. In the meanwhile, we have made some significant improvements around it to make sure that user get the seamless usability experience in case of an immutable OS such as SUSE Linux Enterprise Server Micro.

Check the Client Configuration Guide for information about the supported features.

Please consult the Known issues section for some issues around SUSE Linux Enterprise Server Micro support.

Note: SUSE Linux Enterprise Server Micro is only supported as regular minion for the time being; we are working on managing it as Salt SSH client.

Indications for systems requiring reboot or with a scheduled reboot

SUSE Manager 4.3.4 brings several improvements to the reboot status of the managed clients:

  • The System List page now provides a new icon at the Updates column when a reboot is required. This new icon allows scheduling the reboot.

  • The System Overview page for the clients will show the text System reboot scheduled when a reboot is scheduled.

Notification messages via email

SUSE Manager shows notification messages on the webUI, but they are not very useful for those users that do not login very often.

With SUSE Manager 4.3.4, each user can enable such notifications to be delivered via email using the user preferences (checkbox Receive email notifications).

Monitoring: Grafana update to 8.5.15

This update fixes several security vulnerabilities:

  • CVE-2022-39306

  • CVE-2022-39307

  • CVE-2022-39201

  • CVE-2022-31130

  • CVE-2022-31123

  • CVE-2022-39229

No other bugfixes, features or changelogs are part of this update.

Check the upstream changelog for all the details.

Subscription warning notifications

In order to help users with the compliance and to be notified of SUSE subscriptions which are already expired or about to expire in near future, SUSE Manager will show the alert at the Overview page and also as a notification under notifications tab. This will not affect users not using SUSE subscriptions.

Limit changelogs at repositories metadata to the last 20 entries

Up until recently, SUSE Manager added all the changelog entries for all packages to the generated metadata for each repository generated at the SUSE Manager Server. This caused the file others.xml.gz to be very big in some situations, and therefore increasing the time it takes to synchronize the metadata on the SUSE Manager clients.

Starting with SUSE Manager 4.3.4, this is now limited to 20 entries for each package by default for new packages. Already synced packages will keep the whole changelog.

This change is only about the repository metadata and will not affect the packages themselves, which will keep the complete changelogs.

If you want to go back to keeping all the changelog entries, increase the number of entries, or apply the new default for all existing packages, check the Administration Guide.

Drop legacy way to prevent disabling local repositories at bootstrap scripts

In the past, using DISABLE_LOCAL_REPOS=0 with the bootstrap script allowed users to keep local repositories enabled after registration. This has been dropped now.

One can still prevent disabling local repositories for any kind of onboarding (webUI, API, Bootstrap script, etc.) using instructions as explained at the Client Configuration Guide.

Version 4.3.3

RHEL 9 and clones support as client

Now RHEL 9 and its clones, Rocky Linux 9, AlmaLinux 9, and Oracle Linux 9, can be managed by SUSE Manager as Salt or Salt SSH minions. All the features that work in previous versions of RHEL and its clones will work now for RHEL 9 and clones as well. Check the Client Configuration Guide for information about how to configure the SUSE Manager Server to work with these distributions.

Please consult the Known issues section for an issue around Rocky 9 Linux support with SELinux enabled.

Improved SUSE Linux Enterprise Micro support

SUSE Manager 4.3.3 includes a number of enhancements to SUSE Linux Enterprise Micro support in SUSE Manager.

These changes include the following:

  • The onboarding process has been improved to be more fluid and to behave the same way as with any other SUSE Linux Enterprise minion. The only exception from the general workflow is that after onboarding is done, the SUSE Linux Enterprise Micro minion needs to be restarted to activate it.

  • The handling of SUSE Linux Enterprise Micro’s need for a reboot has been improved so that the user always has correct and up-to-date information in the Web UI about whether or not a reboot is required.

  • The action chains can now handle reboot actions correctly for SUSE Linux Enterprise Micro as well.

Note: Onboarding of SUSE Linux Enterprise Micro from WebUI is not functioning right now, however we are working on a fix. All other ways of bootstrapping should be working.

Instructions to disable custom channel automatic syncronization

With SUSE Manager 4.3.3, the custom channels are now synced automatically.

By default, a synchronization will start automatically after adding a new repository to a custom channel. Moreover, they will all update daily as a part of the mgr-sync-refresh-default scheduled task.

To disable this new feature and revert back to the old behaviour, you can set in /etc/rhn/rhn.conf:

java.unify_custom_channel_management = 0

Custom Channels section of the Administration guide for information about the custom channel synchronization.

Monitoring: Grafana update to 8.5.13

SUSE Manager 4.3.3 updates Grafana from version 8.3.5 to 8.5.13.

This update fixes several security vulnerabilities:

  • CVE-2022-36062

  • CVE-2022-35957

  • CVE-2022-31107

  • CVE-2022-31097

  • CVE-2022-29170

Check the upstream changelog for all the details on what has changed.

There is one breaking change: - For a data source query made via /api/ds/query, if the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now 207 Multi Status instead of 400 Bad gateway.

Updating Grafana is strongly recommended.

Monitoring: Fix TLS configuration and enable client certificate authentication for Blackbox exporter

Previous SUSE Manager versions were using basic authentication for the Blackbox exporter scrapping, even when using TLS client certificates was enabled at the prometheus-formula.

With SUSE Manager 4.3.3, the Prometheus formula adds a section for the Blackbox exporter with TLS certificate and key for client certificate authentication.

Version 4.3.2

Fully supported Containerized Proxy/RBS and HTTP API

SUSE Manager 4.3 came with containerized SUSE Manager Proxy and Retail branch server as Tech Preview. We can now happily announce that we are moving this feature from the Technology Preview umbrella to under the fully supported one. Please consult the Known issues section for some limitations around this.

The same goes for our other initiative around the SUSE Manager API where besides the current XML-RPC API, a new JSON over HTTP API was provided to make SUSE Manager API even easier to consume. This new API was also a Technology Preview but starting with SUSE Manager 4.3.2, this would not be the case and this will be a fully supported alternate API.

Ubuntu 22.04 as client

To keep up with our goal to be OS agnostic, SUSE Manager is now able to manage Ubuntu 22.04 clients as Salt or Salt SSH minions. All other features that work for previous versions of Ubuntu will work now, with the exception of the Prometheus Exporters(for now Prometheus Exporters are available in the Universe repositories) and OpenSCAP (as profiles for Ubuntu 22.04 are not available yet), which will be part of a future SUSE Manager release. For more details about the supported features, check the Client Configuration Guide.

The following architectures can be managed:

  • amd64 (x86_64)

Check the Client Configuration Guide for information about how to configure SUSE Manager Server to work with Ubuntu 22.04 clients.

Cobbler updated to version 3.3.3

Cobbler was updated from version 3.1.2 to version 3.3.3. This upgrade comes with the frequently requested feature of building ISOs with UEFI support. Major changes in the context of SUSE Manager are the following

  • cobbler buildiso now supports building ISOs with UEFI support

  • Cobbler has a new command "cobbler mkloaders" that can be called optionally after GRUB or Syslinux was updated on the Uyuni Server

For the complete list of changes, see the upstream release notes:

NOTE: The migration of stored Cobbler collections and settings from previous Cobbler version to 3.3.3 will run automatically during this upgrade.

A backup of old Cobbler settings file will be created at /etc/cobbler/settings.before-migration-backup and old collections backup under /var/lib/cobbler/.

pip support for the Salt Bundle

The Salt Bundle now includes support for pip, allowing users to extend the functionality of the bundled Salt Minion with extra Python modules.

Check the official Saltstack documentation on how to do it as a module and a state.

Keep in mind that not all of the functions are available with the state, but the missing functionality can still be accessed with

Monitoring: Apache exporter updated to version 0.11.0 for SUSE Linux Enterprise and openSUSE

Prometheus exporter for Apache has been upgraded from version 0.7 to the version 0.10.0 for SUSE Linux Enterprise and openSUSE, including the SUSE Manager Server, the SUSE Manager Proxy and the SUSE Manager Retail Branch Server.

Check the upstream release notes for more details, including new metrics.

Version 4.3.1

GPG key handling in SUSE Manager

SUSE Manager is now taking care of trusting the required GPG keys on the clients, in order to install packages from assigned channels

The GPG key URL can be defined for Software Channels which will be used to find the key needed for that channel.

When the channel is assigned to the client the key will be trusted on repository refresh or when installing a package out of the channels.

For more information, check the documentation.

Disabling locally defined repositories

To prevent problems with local defined repositories providing wrong or unwanted packages, we disable now all these repositories as the first step in bootstraping.

Additionlly we try to keep local repositories disabled and perform this in the channel state which is also used during highstate.

For more information, check the documentation.

Technology Preview: Helm chart to deploy containerized SUSE Manager Proxy and Retail Branch Server

Deploying Proxy and Retail Branch Servers as containers is now also possible using a Helm chart.

For more information check this README file. The information will be part of the SUSE Manager official documentation in a future release.

WARNING: The container images configuration has a new format and it is now packaged as tar.gz file. All previously deployed container Proxies and Retail Branch Servers will need to get their configuration regenerated and deployed again before pulling these images.


The SUSE Patch Finder is a simple online service to view released patches.

Version 4.3.9


  • Version 4.3.1-1

    • Align the package version with the SUSE Manager major version 4.3


  • Buildiso: copy grub into ESP using mtools to allow execution in containers

  • Add mtools as dependency for Cobbler


  • Version 1.7.12

    • Re-use configured max_connection value

    • Keep previous selected value for SSD configuration


  • Version 4.3.24-1

    • Change default scheduler from (none) to (system)


  • Version 4.3.24-1

    • Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)


  • Version 4.3.16-1

    • Update translation strings


  • Version 4.3.12-1


  • Version 4.3.68-1

    • Sync GPG properties on each build in CLM (bsc#1213689)

    • Change list endpoints in saltkey namespace to accept GET requests instead of POST (bsc#1214463)

    • Respect user email preferences when sending 'user creation' emails (bsc#1214553)

    • Fix server error when visiting the notifications page

    • Fixed the value of the advisory release for Ubuntu erratas

    • Restart the bunch from where it was interrupted when rescheduling

    • Moved the Ubuntu errata processing in its own separate taskomatic task (bsc#1211145)

    • Stop the taskomatic bunch execution if it was not possible to execute one of the tasks

    • Add detection of Debian 12

    • Implement different way to copy data for SystemPackageUpdate report database table (bsc#1211912)

    • Avoid SCC credentials check if server.susemanager.fromdir is set (bsc#1211270)

    • Fix bug about listing Ansible inventories (bsc#1213132)

    • Remove SUSE Manager proxy 4.2 product channel for PAYG instance (bsc#1215412)

    • Show a notification when an update for SUSE Manager is available (jsc#SUMA-111)

    • Optimize memory usage in UbuntuErrataManager

    • Handle spaces in /ks/dist/ file names (bsc#1213680)

    • Change default scheduler from (none) to (system)

    • Set user for package list refresh action if possible

    • Fix recurring state execution not using the correct order (bsc#1215027)

    • Ignore mandatory channels results that don’t match list of channels (bsc#1204270)

    • Token cleanup process removing invalid tokens using sql query (bsc#1213376)

    • Fix failed actions rescheduling (bsc#1214121)

    • Fix unscheduling actions when the trigger name changed after retry (bsc#1214121)

    • Improve Taskomatic by removing invalid triggers before starting and enhancing logs

    • Revert action executor fix that was intended to prevent blocking of Taskomatic threads (bsc#1214121)

    • Extend success message after adding monitoring property (bsc#1212168)


  • Version 4.3.18-1

    • Add Debian 12 repositories


  • Version 4.3.35-1

    • Add missing translation wrappers for Salt formula catalog

    • Shows a notification when an update for SUSE Manager is available


  • Version 4.3.32-1

    • Add bootstrap repository definition for OES2023.4 (bsc#1215514)

    • Add bootstrap repository definitions for Debian 12

    • Fix SLES 15 for SAP not being listed in mgr-create-bootstrap-repo (bsc#1215120)

    • Add missing PKGLIST15_TRAD for SLES 15 SAP mgr-create-bootstrap-repo entries (bsc#1215120)

    • Fix possible permission issues with database migration script (bsc#1214746)


  • Removed technical preview statement about Ansible in Administration Guide (bsc#1216661)

  • Replaced the "Quick Start: Public Cloud" with "Public Cloud Guide" in Specialized Guides

  • Added comment about SCC subscription to Administration Guide (bsc#1211270)

  • Added Debian 12 as supported client in Client Configuration Guide

  • Fixed over-long table issue in openSCAP chapter in Administration Guide

  • Update Hardware Requirements section about disk space for /var/spacewalk in the Installation and Upgrade Guide

  • Documented disabling automatic channel selection for cloned channels in Content Lifecycle Management chapter of Administration Guide (bsc#1211047)

  • Fixed broken links and references in the Image building file in

  • Updated autoinstallation chapter in Client Configuration Guide about buildiso command in the context of Cobbler

  • Removed end-of-life openSUSE Leap clients from the support matrix in the Client Configuration Guide

  • Added note about Jinja templating for configuration files management on Salt Clients in Client Configuration Guide

  • Fixed DHCP example for Cobbler autoinstallation and added one per architecture in Client Configuration Guide (bsc#1214041)

  • Fixed wrong references to SLES 15 SP5 instead of SP4 (bsc#1213469)


  • Version 4.3.21-1

    • Add index on server needed cache to improve performance for some queries (bsc#1211912)

    • Moved the Ubuntu errata processing in its own separate taskomatic task (bsc#1211145)


  • Version 4.3.36-1

    • Do not install instance-flavor-check tool on openSUSE


  • Version 4.3.13-1

Version 4.3.8


  • Version 0.3-1

    • Add required dependencies to package and service

    • Change billing api datastructure

    • Require csp-billing-adapter service



  • Version 0.9.0


  • CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.


  • Update to version 0.1.1692188980.9aa0455

    • Fix boot image version compare to use numeric instead of string (bsc#1214002)

    • Add support to filter individual image versions in whitelist

    • Delete cache files that are no longer needed


  • Version 0.3.0

    • Require at least Go 1.19 for building due to CVE-2023-29409

    • Require at least Go 1.18 for building Red Hat packages

    • CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880)


  • Version 1.3.0

    • Add support for Apache exporter >= 1.0.0 (bsc#1214266)


  • CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.


  • Update to version 0.1.1692188980.9aa0455

    • Add pillar based saltboot redeploy and repartitioning (jsc#SUMA-158)


  • Version 4.3.23-1

    • Update translation strings


  • Version 4.3.13-1

    • Integrate instance-flavor-check to detect if the instance is Pay-as-you-go

    • Add checks for csp-billing-adapter in case of a Pay-as-you-go instance


  • Version 4.3.23-1

    • Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943)

    • Add key import debug logging to reposync (bsc#1213675)

    • Add hint about missing auth header for Pay-as-you-go instances (bsc#1213445)

    • rhn-ssl-dbstore read CA from STDIN (bsc#1212856)

    • Implement new RHUI support in reposync


  • Version 4.3.19-1

    • Support EC Cryptography with mgr-ssl-cert-setup

    • mgr-ssl-cert-setup: store CA certificate in database (bsc#1212856)


  • Version 4.3.11-1

    • Allow calling instance-flavor-check via sudo


  • Version 4.3.67-1

    • Do not call SCC when updating the repositories authentication for PAYG (bsc#1215857)

  • Version 4.3.66-1

  • Version 4.3.65-1

    • Combine the PAYG credentials and the repository paths when they collide (bsc#1215413)

  • Version 4.3.64-1

    • Fix token issue with cloned deb channels (bsc#1214982)

    • Fix PAYG credentials extraction for SLES 12 clients (bsc#1215352)

    • Improved detection of the best authentication for accessing a repository in case of PAYG credentials (bsc#1215362)

    • Do not warn about missing Client Tools Channel subscription in a PAYG environment

  • Version 4.3.63-1

    • Fix X-Instance-Identifier header when doing a product refresh at Cloud RMT Server (bsc#1214889)

  • Version 4.3.62-1

    • Add environment build/promote date to CLM API output (jsc#SUMA-280)

    • Call mgr-libmod with its absolute path

    • Introduce new API to update the products page metadata

    • Extract additional authentication information needed for Pay-as-you-go

    • Fix handling of null credentials in RMT credentials check

    • Integrate instance-flavor-check to detect if the instance is Pay-as-you-go

    • Add rule to count only servers with SUSE Manager Tools as managed clients

    • Create flag to disable update status (bsc#1212730)

    • Fix syntax error in sql query for source package search

    • Catch exceptions and log a message when mailer setup failed (bsc#1213009)

    • Fix logging of libraries using apache-commons-logging

    • Invalidate Pay-as-you-go client credentials after repeated connection failure (bsc#1213445)

    • Restrict product migrations for Pay-as-you-go

    • Add warning message in login UI for Pay-as-you-go with SCC credentials and no forward registration

    • Restrict cloning channels under different product channels for Pay-as-you-go

    • Avoid sending data to SCC about Pay-as-you-go instances

    • Add saltboot redeploy and repartition based on pillars (jsc#SUMA-158)

    • Add system pillar API access {get|set}Pillar

    • Consider the venv-salt-minion package update as Salt update to prevent backtraces on upgrading Salt with itself (bsc#1211884)

    • Fix processing of pkg.purged results (bsc#1213288)

    • Fix Null Pointer Exception in auth endpoint when an empty body is provided

    • Do not ignore scheduling error in Taskomatic

    • Add compliance checks when running as Pay-as-you-go

    • Add RHUI support to Pay-as-you-go connection feature

    • Fix Debian Packages file generation (bsc#1213716)

    • Fix action executor to prevent blocking Taskomatic for actions that are already finished (bsc#1214121)

    • Fix detection in case RHEL-based products (bsc#1214280)

    • Improve error message when instance-flavor-check tool is not installed

    • Fix auto product refresh in case of SUSE Manager Pay-as-you-go Server

    • Optimize org channel accessibility query (bsc#1211874)

    • Check csp billing adapter status


  • Version 4.3.18-1

    • Do not rely on rpm runtime status, rather check rhn.conf if is configured (bsc#1210935)

    • Remove storing CA in DB directly as it is now part of mgr-ssl-cert-setup (bsc#1212856)


  • Version 4.3.34-1

  • Version 4.3.33-1

    • Update the messages after syncing the products

    • Fix issue that prevented to delete credentials

    • Add warning message in login UI for Pay-as-you-go with SCC credentials and no forward registration.

    • Hide SSH info for localhost in Pay-as-you-go section

    • Integrate @formatjs/intl as a replacement for t()

    • Fix link interpolation in message maps


  • Version 4.3.9-1

    • Add cloud and Pay-as-you-go checks

    • Write configured crypto-policy in supportconfig


  • subscription-matcher-0.32 has been released (bsc#1213922)


  • Version 4.3.31-1

    • Require LTSS channel for SUSE Manager Proxy 4.2 (bsc#1214187)


  • Added background information on Ansible playbooks in the Ansible chapter in Administration Guide (bsc#1213077)

  • Added Best practices and image pillars files to Retail Guide

  • Added a warning about channel synchronization failure because of invalidated credentials in Connect Pay-as-you-go instance section of the Installation and Upgrade Guide

  • Added detailed information about all supported SUSE Linux Enterprise Micro versions

  • Updated Ansible chapter in Administration Guide for clarity (bsc#1213077)

  • Added Saltboot redeployment subchapter in the Retail Guide

  • Added a note for SUSE Linux Enterprise Micro clients only having Node and Blackbox exporter for monitoring available, in the Administration Guide (bsc#1212246)

  • Removed the step calling rhn-ssl-dbstore from the SSL setup as it is now integrated into mgr-ssl-cert-setup in Administration Guide

  • Added a workflow describing channel removal to the Common Workflows Guide

  • Minimal memory requirement is now 16 GB for a SUSE Manager Server installation

  • Listed supported key types for SSL certificates in Import SSL Certificates section of the Administation Guide

  • Fixed Ubuntu channel names in Ubuntu chapter of the Client Configuration Guide (bsc#1212827)

  • Typo correction for cobbler buildiso command in Client Configuration Guide

  • Replaced plain text with dedicated attribute for AutoYaST

  • Changed filename for configuring Tomcat memory usage in Specialized Guides (bsc#1212814)

  • Wrong mentions for SLES 15 SP5 has been replaced with correct SLES 15 SP4 (bsc#1213469)


  • Version 4.3.20-1

    • Add new credentials type RHUI

    • Store the Pay-as-you-go products


  • Version 4.3.35-1

    • Integrate instance-flavor-check to detect if the instance is Pay-as-you-go

    • Do not disable salt-minion on salt-ssh managed clients

    • Keep original traditional stack tools for RHEL7 RHUI connection

    • Include automatic migration from Salt 3000 to Salt Bundle in highstate

    • Use recurse stratedy to merge formula pillar with existing pillars

    • Mask Uyuni roster module password on logs


Version 4.3.7


  • version 0.2-1

    • Show data for managed systems and monitored systems

  • version 0.1-1

    • initial release


  • Include install append line in all cases (bsc#1207330)

  • Adjust dockerfiles use to build CI images at OBS.


  • Update to version 0.1.1687520761.cefb248

    • Do not delete boot images which are referenced in PXE entries


  • Version 0.2.8

    • Correctly detect product name and product version number

    • Import image channel data only when related software channel is available (bsc#1211330)


  • Update to version 0.1.1687872218.961c926

  • Update to version 0.1.1687520761.cefb248

    • Add option to freeze the deployed image


  • Version 4.3.22-1

    • Bypass traditional systems check on older SUMA instances (bsc#1208612)


  • Version 4.3.12-1

    • Add mgr-check-payg service


  • Version 4.3.22-1

    • Use credentials file for reposync if password is in URL

    • Fix the mgr-inter-sync not creating valid repository metadata when dealing



  • Version 4.3.61-1

    • Filter out modules properly with 'none' matcher (bsc#1212770)

  • Version 4.3.60-1

    • Show reasons for state apply errors in UI

    • Fix system tab not visible in Ansible / Inventories tab (bsc#1211897)

    • Show recurring states names in events history (bsc#1211929)

    • Show error message in action result even on parser error

    • Restrict registration on pure pay-as-you-go Server

    • Added taskomatic job to compute and store billing dimensions for pay-as-you-go

    • Access SUSE Manager Proxy repositories from cloud RMT infrastructure

    • Detect a Cloud pay-as-you-go instance and connect it to the RMT infrastructure

    • Cache debian package metadata snippets in DB

    • Fixed a bug that caused the tab Autoinstallation to hide when clicking on Power Management Management/Operations on SSM -> Provisioning

    • Catch yaml exceptions and report which metadata file is wrong (bsc#1208720)

    • Improve handling of websocket exceptions

    • Release DB connection in RHN Message Dispatcher thread

    • Disable jinja processing for the roster file (bsc#1211650)

    • Regenerate random passwords with new cipher algorithm

    • Fix misleading error message regarding SCC credentials removal (bsc#1207941)

    • Fix image size entries in xml-rpc

    • Do not throw on missing saltboot group

    • Fix server error in HTTP API authentication (bsc#1210394)

    • Fix Internal Server Error when downloading static assets (bsc#1207691)

    • Add systems and hibernate metrics collectors

    • Allow processing big state results (bsc#1210957)

    • Fix issue with aclChannelTypeCapable that prevented errata view in deb arch

    • Refresh pillars after setting custom values via SSM (bsc#1210659)

    • Report SSM power management errors in 'rhn_web_ui' (bsc#1210406)

    • Show virtualization host info in systems overview page

    • OES credentials do not allow access to SCC. Skip them when an SCCClientException is thrown and move forward (bsc#1212550)

    • Set swap memory value if available

    • Set primary FQDN to hostname if none is set (bsc#1209156)

    • Fix ISE when neither SCC credentials nor a local mirror is configured

    • Only set self_update URL if functionality is not disabled in distro or profile

    • Execute highstate on registration with a user if available

  • Version 4.3.59-1

    • Update jetty-util to version 9.4.51


  • Version 4.3.5-1


  • Version 4.3.17-1

    • Drop usage of salt.ext.six in embedded_diskspace_check


  • Version 4.3.17-1

    • Drop Python2 compatibility

    • spacewalk-hostname-rename remains stuck at refreshing pillars (bsc#1207550)


  • Version 4.3.32-1

    • Disable editing for special local payg connection

    • Fix VHM CPU and RAM display when 0 (bsc#1175823)

    • Fix layout alignment on pages showing failed states logs (bsc#1211713)

    • Fix parsing error when showing notification message details (bsc#1211469)

    • Fix font contrast in dark theme search field (bsc#1201337)

    • Fix wrong credentials error message (bsc#1210456)

    • Fix spelling on monitoring-admin page.

    • Show loading indicator on formula details pages (bsc#1179747)

    • Force all mandatory channels being selected in software channel change page (bsc#1211062)


  • Version 4.3.8-1

    • Fixed property name to tune for salt events queue processing


  • Version 4.3.30-1

    • Make mgr-salt-ssh to properly fix HOME environment to avoid issues with gitfs (bsc#1210994)

  • Version 4.3.29-1

    • Require LTSS channels for SUSE Linux Enterprise 15 SP1, SUSE Linux Enterprise 15 SP2 and SUSE Linux Enterprise 15 SP3 (bsc#1213432)

  • Version 4.3.28-1

    • Add missing Salt 3006.0 dependencies to bootstrap repo definitions (bsc#1212700)

    • Adjust product name in setup script output (bsc#1195380)


  • Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032)

  • Fixed missing tables of content in the Reference Guide (bsc#1208577)

  • Fixed instruction for SSO implementation example in the Administration Guide (bsc#1210103)

  • Warned about the impossibility of moving chained proxies in the Client Configuration Guide

  • Recommended using Cobbler to build ISO images also for other systems but SUSE systems in the Autoinstallation chapter of the Client Configuration Guide

  • Removed reference to non-existent files in Reference Guide (bsc#1208528)

  • Corrected the instructions for troubleshooting repository via proxy in the Administration Guide (bsc#1211276)

  • Configured reboot method for SUSE Linux Enterprise Micro clients and other transactional update systems in Client Configuration Guide

  • Added note about PostgreSQL user in DB migration chapter of Installation and Upgrade Guide

  • Added note for clarification between self-installed and cloud instances of Ubuntu

  • Added server metrics list in Monitoring chapter of the Administration

  • Improved pay-as-you-go documentation in the Install and Upgrade Guide (bsc#1208984)

  • Added comment about activation keys for Long Term Service Pack Support clients in Client Configuration Guide (bsc#1210011)

  • Updated API script examples to Python 3 in Administration Guide and Large Deployment Guide

  • Replaced Expanded Support with SUSE Liberty Linux in navigation bar of

  • Added note about GPG key for Red Hat custom channels in Client Configuration


  • Version 4.3.19-1

    • Added pay-as-you-go dimension computation taskomatic job configuration

    • Added new tables to handle pay-as-you-go instances computations

    • Speedup old schema migration


  • Version 4.3.34-1

    • Prevent product installation from being executed before executing product migration (bsc#1210475)

    • Fix enabling bundle build via custom info


  • Version 4.3.7-1

    • Use synced_date to compute the inactivity period to correctly describe when reporting database was updated (bsc#1211621)

Version 4.3.6


  • Update to version 0.1.1680167239.23f2fec

    • Remove unnecessary import of "salt.ext.six"


  • "cobbler buildiso" arguments "--system" and "--profile" are now accepted in the right order (bsc#1210776)

  • Fix cobbler buildiso so that the artifact can be booted by EFI firmware. (bsc#1206060)

  • Switch packaging from patch based to Git tree based development

  • S390X systems require their kernel options to have a linebreak at 79 characters (bsc#1207595)

  • will now handle paths with whitespace correctly

  • Fix renaming Cobbler items (bsc#1204900, bsc#1209149)


  • Update to version 0.5.0:

    • Mark all SUSE Linux Enterprise 15 SP4 and newer and openSUSE 15.4 and newer as supported (bsc#1210835)


  • Do not strictly require Go 1.18 on SUSE Linux Enterprise 15 SP3 (bsc#1203599)


  • Version 4.3.2-1

    • accept keys with dots


  • Raise proper exception from urlgrab() when local file is not found (bsc#1208288)


  • Version 4.3.21-1

    • fix argument parsing of distribution_update (bsc#1210458)

  • Version 4.3.20-1

    • Display activation key details after executing the corresponding command (bsc#1208719)

    • Show targeted packages before actually removing them (bsc#1207830)


  • Version 4.3.11-1

    • change backup file extension from .orig to .current_time (bsc#1206783)


  • Version 4.3.21-1

    • Add package details to reposync error logging

    • Fix the mgr-inter-sync not creating valid repository metadata when dealing with empty channels (bsc#1207829)

    • Filter CLM modular packages using release strings (bsc#1207814)

    • Fix issues with kickstart syncing on mirrorlist repositories

    • Do not sync .mirrorlist and other non needed files

    • reposync: catch local file not found urlgrabber error properly (bsc#1208288)

  • Version 4.3.20-1

    • fix repo sync for cloud payg connected repositories (bsc#1208772)


  • Version 4.3.10-1

    • Add /saltboot directory

    • Mark /os-images and /tftp as static content


  • Version 4.3.56-1

    • fix session information leak CVE-2023-22644 (bsc#1210107)

  • Version 4.3.55-1

    • Fix breadcrumbs on recurring actions pages

  • Version 4.3.54-1

    • kernel options: only add quotes if there is a space in the value (bsc#1209926)

  • Version 4.3.53-1

    • Update Cobbler profile when a new image is deployed

    • Add mapping of image URLs for containerized proxy

    • Do not output cobbler xmlrpc token in debug logs CVE-2023-22644 (bsc#1210162)

    • remove channels from client after transfer to a different organization (bsc#1209220)

    • Fix RHEL9 / SLL9 product discovery (bsc#1209993)

    • Fix displaying system channels when no base product is installed (bsc#1206423)

    • Fix NPE in cobbler system sync when server has no creator set

    • Recurring custom states

    • Fix credentials and other secrets disclosure when debug log is enabled CVE-2023-22644 (bsc#1210154)

    • Removed the expensive 'diff' column (bsc#1208427)

    • Don’t output URL parameters for tiny urls CVE-2023-22644 (bsc#1210101)

    • Do not log SSL certificate / key file content CVE-2023-22644 (bsc#1210094)

    • Remove web session swap secrets output in logs CVE-2023-22644 (bsc#1210086)

    • Fix possible "NullPointerException" when clicking on the "Create PXE installation configuration" button from Provising page

    • Fix possible "NullPointerException" issues when running cobbler-sync-bunch

    • Do not trigger extra cobbler sync when changing kickstart data (bsc#1208536)

    • Set jasper development mode to false (bsc#1206191)

    • Fixed select all for ptf packages list (bsc#1209143)

    • Added SLES 12 support for ptf removal

    • Fixed issue with checking ptf repositories on cloned channels

    • Add support to add optional channels via webUI

    • Added APIs to allow frontend to install and remove ptf

    • Show the package summary where applicable to better describe PTF packages

    • Added CLM filters to match product temporary fixes packages

    • Restrict product temporary fixes visibility in the UI and in the APIs responses

    • Fixed empty selection warning in the lock/unlock page

    • Set GPG Key Url for PTF repositories

    • Fix deleting custom info pillar (bsc#1209253)

    • Update report outdated system query to de-duplicate errata id’s

    • Refactor Software / Manage / Packages to use SQL paging (bsc#1206725)

    • Filter CLM modular packages using release strings (bsc#1207814)

    • Fix systems subscribed to channel CSV download (bsc#1201063)

    • Fix cobbler system entries for retail terminals (bsc#1208661)

    • Make API method systemgroup.listSystemsMinimal read-only (bsc#1208550)

    • Add missing text for user preferences page

    • Do not include channels from different organizations when listing mandatory channels (bsc#1204270)

    • Save scheduler user when creating Patch actions manually (bsc#1208321)

  • version 4.3.52-1

  • Version 4.3.51-1

    • support multiple gpgkey urls for a channel (bsc#1208540)


  • Version 4.3.9-1

    • Add maxPoolSize option to search


  • Version 4.3.16-1

    • Enable netapi clients in master configuration (required for Salt 3006)

    • The report_db_sslrootcert value is now persistent (bsc#1210349)

    • Fix migration test

    • Escape % in spec file.

    • Remove useless tomcat configuration (bsc#1206191)

    • use template for reportdb configuration (bsc#1206783)


  • Version 4.3.31-1

    • Fix title on recurring actions edit page

  • Version 4.3.30-1

    • Disable login button with empty password

    • Ignore mandatory channels results that don’t match list of channels (bsc#1204270)

    • Increase datetimepicker font sizes (bsc#1210437)

    • Recurring custom states

    • Fix incorrect date rendered by the datetimepicker (bsc#1209231)

    • Add support to add optional channels via webUI

    • Added pages to install and remove ptf

    • Added CLM filters to match product temporary fixes packages

    • Refactor Software / Manage / Packages to use SQL paging (bsc#1206725)


  • Relax antlr version requirement


  • Version 4.3.7-1


  • Version 4.3.27-1

    • Use newest venv-salt-minion version available to generate the venv-enabled-*.txt file in bootstrap repos (bsc#1211958)

  • Version 4.3.26-1

    • Add bootstrap repository definitions for SLE-Micro 5.4

    • Make python3-ordered-set optional for the SLE15 bootstrap repo as it is not required or present in SLE15SP3 or older

    • Add bootstrap repository definitions for openSUSE Leap 15.5

    • add bootstrap repository definitions for SLE-Micro 5.1 (bsc#1209557)

    • Add SLES15SP5 to bootstrap repo definitions


  • Version 15.4.9

    • add Debian 12 (bookworm) GPG keys (bsc#1212363)

      • debian-archive-key-12-security-254CF3B5AEC0A8F0.asc

      • debian-archive-key-12-B7C5D7D6350947F8.asc

      • debian-release-12-F8D2585B8783D481.asc

    • add new 4096 bit RSA SUSE Package Hub key

      • packagehub-gpg-pubkey-8A49EB0325DB7AE0.asc

  • Version 15.4.8

    • add new 4096 bit RSA openSUSE build key gpg-pubkey-29b700a4.asc


  • Change cleanup Salt Client description

  • Documentation Salt version updated to 3006

  • Added SUSE Linux Enterprise Micro 5.4 support

  • Added openSUSE Leap version 15.5

  • Added SUSE Linux Enterprise version 15 SP5

  • Documented new Recurring Actions feature

  • Adjusted Single Sign-On example in Administration Guide according to Keycloak 21.0.1 update

  • Add multiple GPG key url usage to Client Configuration Guide to Keycloak 22.0.1 update

  • Documented custom info is available via pillars in Client Configuration Guide (bsc#1209253)

  • Added updated options for rhn.conf file in the Administration Guide (bsc#1209508)

  • Added instruction for Cobbler to use the correct label in Client Config Guide distro label (bsc#1205600)

  • Adjusted python version and openSUSE Leap version in public cloud document (bsc#1209938)

  • Fixed calculation of DB max-connections and align it with the supportconfig checking tool in the Tuning Guide

  • Fixed Troubleshooting Corrupt Repositories procedure

  • Branding updated for 2023

  • New search engine optimization improvements for documentation

  • Translations are now included in the WebUI help documentation

  • Local search is now provided with the WebUI help documentation


  • Version 4.3.18-1

    • Recurring custom states

    • Added view to handle ptf packages and updated the procedures to refresh the updatable/installable packages

    • Fix update of sql function create_new_org

    • Filter CLM modular packages using release strings (bsc#1207814)


  • Version 4.3.33-1

    • Trust new Liberty Linux v2 key (bsc#1212096)

    • fix duplicate packages in state

  • Version 4.3.32-1

    • disable salt-minion and remove its config file on cleanup (bsc#1209277)

    • Add kiwi supported disk images to be collectable (bsc#1208522)

    • Rename internal state 'synccustomall' to 'syncall'

    • Recurring custom states

    • to update everything on a debian system, call dist-upgrade to be able to install and remove packages

    • Allow KiwiNG to be used on SLE12 buildhosts (bsc#1204089)

    • Enforce installation of the PTF GPG key package

    • Improve error handling in (bsc#1208687)

  • Version 4.3.31-1

    • support multiple gpgkey urls for a channel (bsc#1208540)

    • make SUSE Addon GPG key available on all instance (bsc#1208540)


  • Version 4.3.4-1

    • Fix server-side cache that’s used for only pushing files to proxies that need to be pushed, as well as propagating deletions (bsc#1209215)

    • Fix removal of proxies section in cobbler settings (bsc#1207063)


  • Version 4.3.8-1

    • Allow default component for context manager


  • Version 1.0.26-1

    • fix cpu calculation in the libvirt module and enhance the data structure by os value

Version 4.3.5


  • Items: Fix creation of "default" NetworkInterface (bsc#1206520)


  • Version 0.8.1

    • Fix Uyuni/SUMA dashboard names


  • Version 0.2.7

    • Do not update pillars table if it does not exists like in 4.2


  • Version 4.3.4-1

    • Ignore extra metadata fields for Liberty Linux (bsc#1208908)


  • Move the required cobbler version from the packages to the Server pattern



  • Version 4.3.19-1

    • Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352)

    • Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759)


  • Version 4.3.6-1

    • Do not specify a cobbler version, as that is now centralized at the patterns


  • Version 4.3.19-1

    • set new CPU core value for traditional registration

    • Fix reposync error about missing "content-type" key when syncing certain channels

    • Enhance passwords cleanup and add extra files in spacewalk-debug (bsc#1201059)

    • Do not specify a cobbler version, as that is now centralized at the patterns


  • Version 4.3.15-1

    • Update translation strings


  • Version 4.3.49-1

    • Refactor Java notification synchronize to avoid dead locks (bsc#1209369)

  • Version 4.3.48-1

    • Fix rendering of notifications list with subscription warnings (bsc#1209259)

  • Version 4.3.47-1

    • Allow single-value lists in query strings in HTTP API (bsc#1207297)

    • send subscription warning notifications only on monday

    • set uptime at package profile update

    • Install the reboot info beacon using a conf file instead of using pillars

    • Do not execute immediately Package Refresh action for the SSH minion (bsc#1208325)

    • Mark as failed actions that cannot be scheduled because earliest date is too old

    • Update earliest date when rescheduling failed actions (bsc#1206562)

    • send virtualization information to SCC

    • Prevent HTTP API restricted args from being logged (bsc#1208119)

    • Fix reconnection of postgres event stream

    • Add the create/update methods for kickstart to accepts kernel and kernel post options (jsc#suma-251)

    • Fix duplicate keys in suseImageFile and other tables (bsc#1207799)

    • Fix CLM environments UI for environment labels containing dots (bsc#1207838)

    • fix NumberFormatException when syncing ubuntu errata (bsc#1207883)

    • Fix taskomatic logging (bsc#1207867)

    • Do not specify a cobbler version, as that is now centralized at the patterns

    • Fix not being able to delete CLM environment if there are custom child channels that where not built by the environment (bsc#1206932)

    • Add 'none' matcher to CLM AppStream filters (bsc#1206817)

    • Makes systems column sortable on relevant patch page, to list by most affected systems

    • Fix issue where subscription warning would show incorrectly

    • Include missing 'gpg' states to avoid issues on SSH minions.

    • Standardize the login response format with other HTTP API endpoints (bsc#1206800)

    • Add mgr_server_is_uyuni minion pillar item

    • disable cloned vendor channel auto selection by default (bsc#1204186)


  • Version 4.3.15-1

    • Do not specify a cobbler version, as that is now centralized at the patterns


  • Version 4.3.28-1

    • Deprecate jQuery datepicker, integrate React datepicker

    • Fix UI inconsistencies in susemanager-light and susemanager-dark theme

    • Fix CLM environments UI for environment labels containing dots (bsc#1207838)

    • Add 'none' matcher to CLM AppStream filters (bsc#1206817)


  • Version 4.3.25-1

    • Tune the database after copying the old configuration (bsc#1208611)

  • Version 4.3.24-1

    • Create repostories with sha256 instead of sha1.

    • fix bootstrap repo path for SLES for SAP 12 (bsc#1207141)

    • show RHEL target for bootstrap repo creation only if it is really connected to the CDN (bsc#1206861)


  • Version 15.4.7 (jsc#PED-2777):

    • add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc

    • add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc

    • add new 4096 bit RSA PTF key suse_ptf_key_2023.asc


  • Reworked Retail documentation to contain generic configuration examples

  • Warned about installing a containerized proxy on a traditional container host in Installation and Upgrade Guide

  • Branding updated for 2023

  • New search engine optimization improvements for documentation

  • Translations are now included in the webui help documentation

  • Local search is now provided with the webui help documentation

  • Removed z196 and z114 from listing in System Z chapter of the Installation and Upgrade Guide (bsc#1206973)

  • Updated System Security with OpenSCAP chapter in Administration Guide replacing the "standard" by "stig" profile

  • Added description for using a custom container image in a containerized proxy

  • Remove SUSE Linux Enterprise Micro requirement to preinstall salt-transactional package

  • Added information about java.salt_event_thread_pool_size in Large Deployments Guide

  • Re-added statement about Cobbler support in Reference Guide and Client Configuration Guide (bsc#1206963)


  • Version 4.3.17-1

    • Remove rhnTaskoRun log paths

    • enhance CPU table by core and thread information

    • add trigger on cpu and virtual instance to re-sending virtualization information to SCC

    • Add 'none' matcher to CLM AppStream filters (bsc#1206817)


  • Version 4.3.30-1

    • get uptime with package profile update

    • Fix missing module when bootstraping transactional systems (bsc#1207792)

    • Install the reboot info beacon using a conf file instead of using pillars

    • add CPU sockets, threads and total number to standard CPU grains

    • Fix current limitation on Action Chains for SLE Micro

    • Support SLE Micro migration (bsc#1205011)

    • Do not pass server grains to minions (bsc#1207087)

    • Fix mgrnet custom module to be compatible with old Python 2.6 (bsc#1206979) (bsc#1206981)

    • Do not use non-compatible unique filter in old jinja2 (bsc#1206979) (bsc#1206981)

    • Fix custom "mgrcompat.module_run" state module to work with Salt 3005.1

    • filter out libvirt engine events (bsc#1206146)


  • Version 4.3.7-1

    • improve postgres user check

    • uyuni-setup-reportdb: Test postgres user (bsc#1205088)


  • Version 1.0.25-1

    • Report total CPU numbers in the libvirt module

Version 4.3.4


  • Improve Cobbler performance with item cache and threadpool (bsc#1205489)

  • Skip collections that are inconsistent instead of crashing (bsc#1205749)

  • Add new "cobbler-tests-containers" subpackage which contains setup and configuration files to run Cobbler tests in containers.

  • Add missing code for previous patch file around boot_loaders migration.

  • Avoid possible override of existing values during migration of collections to 3.0.0 (bsc#1206160)

  • Fix regression: allow empty string as interface_type value (bsc#1203478)

  • Fix failing Cobbler tests after upgrading to 3.3.3.


  • Deserialization of Untrusted Data: unsafe data deserialization in (bsc#1204879, CVE-2022-1415)


  • Version 0.8.0

    • Set dashboard names depending on project

    • Update dashboards to use new JSON schema

    • Fix PostgreSQL dashboard queries

    • Migrate deprecated panels to their current replacements


  • Update to version 0.1.1673279145.e7616bd

    • Add form entry for use lates boot image pillar value (bsc#1206055)


  • Version 0.2.6

    • Export package extra tags for complete debian repo metatdata (bsc#1206375)

    • Replace URLs in OS Images pillars when exporting and importing images


  • Version 4.3.7-1


  • Version 4.3.5-1

    • Update translation strings


  • Version 4.3.5-1

    • Don’t get stuck at the end of SSL transfers (bsc#1204032)


  • Update to version 0.1.1673279145.e7616bd

    • Add failsafe stop file when salt-minion does not stop (bsc#1172110)

    • Add use case of saltboot group formula outside containerized env (bsc#1206186)

    • Add 'kernel_action' to saltboot form (bsc#1206055)


  • Version 4.3.18-1

    • Add python-dateutil dependency, required to process date values in spacecmd api calls

  • Version 4.3.17-1

    • Remove python3-simplejson dependency

    • Correctly understand 'ssm' keyword on scap scheduling

    • Add vendor_advisory information to errata_details call (bsc#1205207)

    • Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126)

    • Changed schedule product migration to use the correct API method

    • Change default port of "Containerized Proxy configuration" 8022


  • Version 4.3.18-1

    • Add 'octet-stream' to accepted content-types for reposync mirrorlists

    • Exclude invalid mirror urls for reposync (bsc#1203826)

    • Compute headers as list of two-tuples to be used by url grabber (bsc#1205523)

    • Updated logrotate configuration (bsc#1206470)

    • Add rhel_9 as Salt-enabled kickstart installation

    • do not fetch mirrorlist when a file url is given


  • Version 4.3.17-1

    • Backport SLE Micro bootstrap fixes


  • Version 4.3.14-1

    • Update translation strings


  • Version 4.3.45-1

    • Improve logs when sls action chain file is missing

  • Version 4.3.44-1

    • Add reboot needed indicator to systems list

    • Fix transaction commit behavior for Spark routes

    • Fix modular channel check during system update via XMLRPC (bsc#1206613)

    • Fix CVE Audit ignoring errata in parent channels if patch in successor product exists (bsc#1206168)

    • Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663)

    • Improve automatic dependency selection for vendor clones

    • Optimize the number of salt calls on minion startup (bsc#1203532)

    • Fix name for autoinstall snippets after Cobbler 3.3.3

    • prevent ISE on activation key page when selected base channel value is null

    • Trigger a package profile update when a new live-patch is installed (bsc#1206249)

    • Fix HTTP API login status code when using wrong credentials (bsc#1206666)

    • Configure the reboot action for transactional systems appropriately

    • Fix link to documentation in monitoring page

    • Fix server error in product migration outside maintenance window (bsc#1206276)

    • Updated logrotate configuration (bsc#1206470)

    • Only remove product catalog if PAYG ssh credentials are defined (bsc#1205943)

    • Source Select2 and jQuery UI from susemanager-frontend-libs

    • Don’t use hash in apidoc links

    • Limit changelog data in generated metadata to 20 entries

    • Fix internal server error when transferring system between organizations

    • Fix products controller to keep loading mandatory channels even when there are broken channels (bsc#1204270)

    • Move web dependencies from susemanager-frontend-libs to spacewalk-web

    • Fix server error while bootstrapping SSH-managed Red Hat-like minion (bsc#1205890)

    • send notifications also as email if email notifications are enabled

    • Add subscription warning notification to overview page

    • Fix CLM to not remove necessary packages when filtering erratas (bsc#1195979)

    • Add vendor_advisory to errata.getDetails (bsc#1205207)

    • Fix ClassCastException

    • disable cloned vendor channel auto selection by default (bsc#1204186)

    • Add SUSE Liberty Linux support for RHEL9 based clients

    • Removed contents of certificates from the web UI logs (bsc#1204715)

    • Fix kickstart for RHEL 9 to not add install command

    • Remove RHEL kickstart types below 6

    • Don’t persist the YAML parser in FormulaFactory (bsc#1205754)

    • format results for package, errata and image build actions in system history similar to state apply results

    • check for NULL in DEB package install size value

    • adapt permissions of temporary ssh key directory

    • Fixed traditional stack warning message to be displayed only when the system has enterprise entitlement (bsc#1205350)

    • Remove invalid errata selection after patch installation (bsc#1204235)

    • Ignore insert conflicts during reporting database update (bsc#1202150)

    • Allowed cancelling pending actions with a failed prerequisite (bsc#1204712)

    • Run only minion actions that are in the pending status (bsc#1205012)

    • Allow usage of one FQDN to deploy containerized proxy in VM (#19586)

    • Migrate formulas with default values to database (bsc#1204932)


  • Version 4.3.8-1


  • Version 4.3.16-1

    • spacewalk-hostname-rename changes also report db host(bsc#1200801)

    • Add Uyuni SLE-Micro Client Tools repositories


  • Version 4.3.27-1

    • Add reboot needed indicator to systems list

    • Fix salt keys page keeps loading when no key exists (bsc#1206799)

    • Fix link to documentation in monitoring page

    • Source Select2 and jQuery UI from susemanager-frontend-libs

    • fix frontend logging in react pages

    • Move web dependencies from susemanager-frontend-libs to spacewalk-web


  • Version 4.3.6-1

    • update susemanager plugin to export the number of pending salt events


  • Version 4.3.23-1

    • fix bootstrap repo definition for SUSE Liberty Linux 9 and RHEL9 (bsc#1207136)

  • Version 4.3.22-1

    • fix tools channel detection on Uyuni


  • Version 15.4.7:

    • add SUSE Liberty v2 key


  • Remove SUSE Linux Enterprise Micro requirement to preinstall salt-transactional package

  • Organized navigation bar in the Installation and Upgrade Guide

  • Fixed SUSE Linux Enterprise Micro channel names in the Client Configuration Guide

  • Added SUSE Liberty Linux 9 clients as supported and now use the SUSE Liberty Linux name more consistently

  • Containerized proxy now allows usage of single FQDN. Documented in the Installation and Upgrade Guide

  • Added information about GPG key usuage in the Debian section of the Client Configuration Guide

  • Clarified monitoring components support matrix in the Client Configuration Guide

  • Added information on using Hub when managing greater than 10K clients to the Hardware Requirements in the Installation and Upgrade Guide

  • Improved Grafana configuration instructions in the Administration Guide

  • Limit the changelog data in generated metadata in Administration Guide. The default number of entries is now 20 and it is consistent with the number of entries from SUSE Linux Enterprise

  • Warning to emphasize about storage requirements before migration in the Installation and Upgrade Guide


  • Version 4.3.16-1

    • Remove legacy cluster_admin user group

    • add subscription warning info pane

    • Remove data related to RHEL below 6

    • Increase cron_expr varchar length to 120 in suseRecurringAction table (bsc#1205040)


  • Version 4.3.29-1

    • Improve _mgractionchains.conf logs

    • Prevent possible errors from "mgractionschains" module when there is no action chain to resume

  • Version 4.3.28-1

    • Move transactional_update.conf to correct location

  • Version 4.3.27-1

    • Do not include pillar_only formulas in highstate

    • Optimize the number of salt calls on minion startup (bsc#1203532)

    • install SUSE Liberty v2 GPG key

    • Bootstrap state now writes salt config in correct overlay on SLE Micro (bsc#1206294)

    • Fix reboot info beacon installation

    • Add state to properly configure the reboot action for transactional systems

    • Updated logrotate configuration (bsc#1206470)

    • Fix server error while bootstrapping SSH-managed Red Hat-like minion (bsc#1205890)

    • Avoid installing recommended packages from assigned products (bsc#1204330) with suma_minion salt pillar extension module (bsc#1205255)


  • Version 4.3.12-1

    • change OES 2023 URL to https and make the tools channels mandatory (bsc#1205644)

    • remove version from product names as they are held separate


  • Version 4.3.3-1

    • Introduce threadpool for tftpsync to increase performance while syncing files to proxies (bsc#1205489)


  • Version 4.3.7-1

    • unify user notification code on java side


  • Version 4.3.6-1

    • Fix password generation in uyuni-setup-reportdb (bsc#1205919)


  • Version 1.0.24-1

    • Report total memory of a libvirt hypervisor

    • Improve interoperability with other Python projects

Version 4.3.3


  • Version 0.7.1

    • Fix default password field description (bsc#1203698)

    • Do not require default admin and password fields


  • Use golang(API) = 1.18 for building on SUSE (bsc#1203599) This source fails to build with the current go1.19 on SUSE and we need to use go1.18 instead.


  • Version 0.2.5

    • Correct error when importing without debug log level (bsc#1204699)

  • Version 0.2.4

    • Improve memory usage and log information #17193

    • Conditional insert check for FK reference exists (bsc#1202785)

    • Correct navigation path for table rhnerratafilechannel (bsc#1202785)


  • Version 0.7.0

    • Switch from basic authentication to TLS certificate client authentication for Blackbox exporter

    • Fix scheme label in clients targets configration

    • Add


  • Incorporate latest changes for the fix of wrong logic on find_proxy method causing proxy not being used (bsc#1201788)


  • Version 1.7.11

    • Fix config update from wal_keep_segments to wal_keep_size for newer postgresql versions (bsc#1204519)


  • Version 4.3.16-1

    • Fix dict_keys not supporting indexing in systems_setconfigchannelorger

    • Improve Proxy FQDN hint message

    • Added a warning message for traditional stack deprecation

    • Stop always showing help for valid proxy_container_config calls

    • Remove "Undefined return code" from debug messages (bsc#1203283)


  • Version 4.3.17-1

    • Require python3-debian version which supports new compression methods to sync ubuntu22-04 repositories (bsc#1205212)

    • Used the legacy reporting system in spacewalk-debug to obtain up-to-date information

    • Keep older module metadata files in database (bsc#1201893)

    • Added an optional component_type property to the LOG object and included it to a log message

    • Add an optional component property to the log messages


  • Version 4.3.16-1

    • Generated bootstrap scripts installs all needed Salt 3004 dependencies for Ubuntu 18.04 (bsc#1204517)

    • add transactional system support to the bootstrap generator

    • change bootstrap script generator to detect SLE Micro


  • Version 4.3.13-1

    • Update translation strings


  • Version 4.3.43-1

    • Changed proxy settings retrieval to not include password (bsc#1205339)

  • Version 4.3.42-1

    • Update jackson-databind version

  • Version 4.3.41-1

    • Manage reboot in transactional update action chain (bsc#1201476)

    • Enable monitoring for RHEL 9 Salt clients

    • Optimize performance of config channels operations for UI and API (bsc#1204029)

    • Don’t add the same channel twice in the System config addChannel API (bsc#1204029)

    • Optimize action chain processing on job return event (bsc#1203532)

    • Re-calculate salt event queue numbers on restart

    • Improved reboot needed handling for SLE Micro

    • Check if system has all formulas correctly assigned (bsc#1201607)

    • Remove group formula assignements and data on group delete (bsc#1201606)

    • Process salt events in FIFO order (bsc#1203532)

    • Remove 'SSM' column text where not applicable (bsc#1203588)

    • Fix rendering of ssm/MigrateSystems page (bsc#1204651)

    • Pass mgr_sudo_user pillar on salt ssh client cleanup (bsc#1202093)

    • Upgrade Bootstrap to 3.4.1

    • Refresh pillar data for the assigned systems when a CLM channel is built (bsc#1200169)

    • Improve Amazon EC2/Nitro detection (bsc#1203685)

    • Add channel availability check for product migration (bsc#1200296)

    • Deny packages from older module metadata when building CLM projects (bsc#1201893)

    • fix xmlrpc call randomly failing with translation error (bsc#1203633)

    • Do not explicitely remove old pillars on minion rename (bsc#1203451)

    • Fix out of memory error when building a CLM project (bsc#1202217)

    • Added a warning message for traditional stack deprecation

    • Fix hardware update where there is no DNS FQDN changes (bsc#1203611)


  • Version 4.3.15-1

    • Add EL9 Client Tools for SUSE Liberty Linux


  • Version 4.3.26-1

  • Version 4.3.25-1

    • Fix checkbox and radio input misalignment

    • Upgrade Bootstrap to 3.4.1

    • Update translation strings


  • Version 4.3.5-1

    • Added dependency for XML Simple


  • Version 4.3.20-1

    • add bootstrap repository definitions for SLE-Micro 5.2 and 5.3

    • add bootstrap repo definitions for oracle, alma and rocky linux 9

    • add bootstrap repo data for SUSE Liberty Linux 9

    • add python3-extras to bootstrap repo as dependency of python3-libxml2 (bsc#1204437)


  • Version 15.4.6:

    • rename and update old SUSE PTF key + Removed: gpg-pubkey-b37b98a9-5aaa951b.asc + Added: suse_ptf_key_old-B37B98A9.asc

    • add new SUSE PTF Key + Added: suse_ptf_key-6F5DA62B.asc

  • Version 15.4.5:

    • Add rpmlintrc configuration, so "W: backup-file-in-package" for the keyring is ignored. We do not ship backup files, but we own them because they are created each time gpg is called, and we want them removed if the package is removed

  • uyuni-build-keys.rpmlintrc

  • Version 15.4.4:

    • Add key for SUSE product addons (required for SUSE Manager EL9 client tools)


  • Fixed Rocky Linux documentation in Client Configuration Guide. Rocky Linux 8 was partially removed by accident (bsc#1205470)

  • Added explanation of automatic custom channels synchronization to the Administration Guide

  • Added Almalinux 9, Oracle Linux 9, and Rocky Linux 9 as supported Client systems

  • Added Rocky Linux 9 in Client Configuration Guide

  • Added note about shell quotation in Mass Migration section of Client Configuration Guide.

  • Added information about OES repository enablement to Troubleshooting section in the Administration Guide (bsc#1204195)

  • Documented the mgr-bootstrap command in Client Configuration Guide


  • Version 4.3.15-1

    • added kickstart distribution data for RHEL 9

    • Fix previous 'Amazon EC2' schema upgrade script to prevent possible issues on schema upgrade.

    • Change 'Amazon EC2/KVM' to 'Amazon EC2/Nitro' (bsc#1203685)

    • Keep older module metadata files in database (bsc#1201893)

    • Fix setting of last modified date in channel clone procedure


  • Version 4.3.26-1

    • Manager reboot in transactional update action chain (bsc#1201476)

    • Detect bootstrap repository path for SLE Micro

    • Fix kiwi inspect regexp to allow image names with "-" (bsc#1204541)

    • Add beacon to check if a reboot is required in transactional systems

    • Use the actual sudo user home directory for salt ssh clients on bootstrap and clean up (bsc#1202093)

    • dnf repo definition does not support multiline gpgkeys (bsc#1204444)

    • remove forced refresh in channel state as gpg key trust is now handled in a different way (bsc#1204061)

    • import gpg keys directly to prevent using gpg-auto-import-keys on package operations (bsc#1203580)

    • Perform refresh with packages.pkgupdate state (bsc#1203884)

    • Prevent possible tracebacks on reading postgres opts with suma_minion salt pillar extension module


  • version 4.3.11-1

    • change "EL 9 Base" to "RHEL and Liberty 9 Base"

  • Version 4.3.10-1

    • add SLES15 SP3 LTSS

    • add sll 9, oraclelinux 9, almalinux 9 and rockylinux 9

    • release oes2023 products

Version 4.3.2


  • Consider case of "next_server" being a hostname during migration of Cobbler collections.

  • Fix problem with "proxy_url_ext" setting being None type.

  • Fix settings migration schema to work while upgrading on existing running Uyuni and SUSE Manager servers running with old Cobbler settings (bsc#1203478)

  • Do generate boot menus even if no profiles or systems - only local boot

  • Avoid crashing running buildiso in certain conditions.

  • Fix issue that a custom kernel with the extension ".kernel" is not accepted by "cobbler distro add"

  • Fix issue with "get_item_resolved_value" that prevented it from returning in cases where a complex object would have been returned

  • Fix issue where the logs would have been spammed with "grab_tree" messages that are meant for debugging

  • Buildiso - Fix DNS append line generation

  • Change apache2 conf dir for SUSE distros to allow integration with Uyuni and SUSE Manager

  • Avoid permissions errors during cobbler sync

  • Update to version 3.3.3

  • Add UEFI capabilities to "cobbler buildiso" (jsc#SUMA-112)

  • Relevant changes on this release:

    • New:

    • Uyuni Proxies can now be set with the schema validation.

    • Cobbler should now build on AlmaLinux.

    • The initrd is not required anymore as it is an optional file.

    • XML-RPC: Added dump_vars endpoint. This is intended to replace get_blended_data as of 3.4.0.

    • XML-RPC: Added get_item_resolved_value & set_item_resolved_value endpoints.

    • Breaking Changes:

    • The field virt_file_size is now a float and the related settings as well.

    • Changes:

    • The error messages for duplicated objects now contains the name of the duplicated object.

    • Bugfixes:

    • Dictionaries had the wrong value set for [inherit].

    • There were some cases in which the autoinstallation manager was handed the wrong object and then crashed.

    • The inheritance of the owners field was fixed.

    • Serial Console options should not contain bogous -1 value anymore.

    • HTTP API should not throw permission errors anymore.

    • During build the log was not visible due to a custom logger without output.

    • cobbler mkloaders now also copies dependencies of menu.c32.

    • We now generate the grub configuration for the architectures correct again.

    • virt_file_size now is a float at all times.

    • Cobbler should restart successfully now if you have attached an image to a system.

    • If you have a system named default the bootloader was not removed properly before.

    • cobbler buildiso: The isolinux.cfg was not properly formatted.

    • There were unharmful templating errors in the log related to redhat_management_type. The parts depending on this were removed.

    • The DNS managers were non-functional before because of a not existing function call.

    • cobbler buildiso failed with --tmpdirs that don’t end in buildiso.

    • cobbler buildiso had outdated docs and help messages for some parameters.

    • cobbler import: It was impossible to import Rocky Linux 8.5 successfully.

    • Cobbler created duplicated settings files before.

    • cobbler sync was broken by refactoring to shell=False before.

  • CVE-2022-0860: Improper Authorization in Cobbler. (bsc#1197027)

  • Version 3.3.0 fixed jsc#SUMA-112

  • Update to version 3.3.2

    • cobbler sync doesn’t have to be executed no more after enable_ipxe was flipped

    • Auth: Support for Global Secure Catalog via LDAP provider

    • Reposync now deletes old metadata to prevent metadata merge conflicts

    • The automigration of the settings is now not enabled per default.

    • We removed ppc from RedHat EL 7 as it is not supported

    • Network interface is not subscriptable errors were fixed

    • The stacktraces related to the package and file pre & post triggers should no longer appear

    • You should be able to add multiple initrds if needed again

    • Debian: Fix regex for SHIM_FILE which now provides a working reasonable default


  • CVE-2021-41411: XML External Entity injection in (bsc#1200629)


  • Update to version 0.1.1661440542.6cbe0da

    • Sort boot images by version instead of name-version (bsc#1196729)

    • Do not send events if syncing fails


  • Compress exported sql data and decompress during import

  • Add gzip dependency to decompress data file during import process


  • Update to version 0.3


  • Avoid crashing when setting URLGRABBER_DEBUG=1 environment variable


  • Update from version 5.3.0 to version 5.4.0

    • Add shunit2 based tests

    • Support multiple versions

    • Add the commands move, movesrc, movematched, movefilter

    • Add Limit and Archive option

    • fix manpage to add the behaviour if reprepro is linked against liblzma

    • Mark 'dumpcontents' command as deprecated


  • Update to version 0.1.1661440542.6cbe0da

    • Fallback to local boot if the configured image is not synced

    • Support salt bundle


  • Version 4.3.15-1

    • Process date values in spacecmd api calls (bsc#1198903)


  • Version 4.3.10-1

    • Ensure "cobbler mkloaders" is executed after restarting services

    • Add --help option to mgr-monitoring-ctl

    • reportdb access: force new report_db_sslrootcert if previous default is set


  • Version 4.3.16-1

    • Prevent mixing credentials for proxy and repository server while using basic authentication and avoid hiding errors i.e. timeouts while having proxy settings issues with extra logging in verbose mode (bsc#1201788)

    • Fix the condition of hiding the token from URL on logging

    • export armored GPG key to salt filesystem as well

    • Upgrade Cobbler requirement to 3.3.3 or later

    • Make reposync use the configured http proxy with mirrorlist (bsc#1198168)


  • Version 4.3.15-1

    • fix mgr-ssl-cert-setup for root CAs which do not set authorityKeyIdentifier (bsc#1203585)


  • Version 4.3.12-1

    • Update translation strings


  • version 4.3.38-1

    • delay hardware refresh action to avoid missing channels (bsc#1204208)

  • Version 4.3.37-1

    • Fix get_item_resolved_value call

  • Version 4.3.36-1

    • Fix prerequisite action serialization (bsc#1202899, bsc#1203484)

    • Fix hardware update where there is no DNS FQDN changes (bsc#1203611)

    • Fix UI crash when filtering on systems list (bsc#1203169)

    • Filter out successors that have no repositories on SP migration (bsc#1202367)

    • Reduced the usage of deprecated Hibernate API

    • Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726)

    • Support Pay-as-you-go new CA location for SUSE Linux Enterprise Server 15 SP4 and higher (bsc#1202729)

    • Fixed pagination for completed/failed systems in action details

    • Add support in rhn.conf for smtp port, auth, ssl/tls config

    • Calculate dependencies between cloned channels of vendor channels (bsc#1201626)

    • Fix sync for external repositories (bsc#1201753)

    • Detect the clients running on Amazon EC2 (bsc#1195624)

    • Adjust cobbler requirement to version 3.3.3

    • Support inherited values for kernel options from Cobbler API

    • Fix virtFileSize type after cobbler upgrade

    • Redefine available power_management.types for cobbler >= 3.3.1

    • fix state.apply result parsing in test mode (bsc#1201913)

    • require tomcat native interface to prevent misleading warning in tomcat startup log (bsc#1202455)

    • Reduce the length of image channel URL (bsc#1201220)

    • Fixed formula deselection in systemgroup (bsc#1202271)

    • Added a new configuration property to allow custom channels to be synced together with vendor channels.

    • add onlyRelevant argument to addErrataUpdate API

    • fix taskomatic task remain in progress


  • Version 4.3.7-1

    • update dependencies after package rename


  • version 4.3.12-1

    • Fix detected issues to perform migration of Cobbler settings and collections.

  • Version 4.3.11-1

    • Trigger migration of Cobbler settings and collections if necessary during package installation (bsc#1203478)

    • Execute "cobbler mkloaders" when setting up cobbler

    • Adjust next_server cobbler settings for cobbler >= 3.3.1

    • fix prototype missmatch in idn_to_ascii (bsc#1203385)


  • Version 4.3.14-1

    • Make spacewalk-hostname-rename working with settings.yaml cobbler config file (bsc#1203564)

    • spacewalk-common-channels now syncs the channels automatically on creation, if the new configuration property named 'unify_custom_channel_management' is enabled


  • Version 4.3.24-1

    • Upgrade moment-timezone

    • CVE-2021-43138: Obtain privileges via the mapValues() method. (bsc#1200480)

    • CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287)

    • CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288)

    • Fix table header layout for unselectable tables


  • Added Guava maximum version requirement


  • Version 4.3.19-1

    • mark new dependencies for python-py optional in bootstrap repo to fix generation for older service packs (bsc#1203449)

    • add bootstrap repository definition for OES2023 (bsc#1202602)

    • add missing packages on SUSE Linux Enterprise Server 15

    • remove from SUSE Manager installations (bsc#1202728)

    • create bootstrap repository data for Ubuntu 22.04 Vendor Channels

    • remove obsoleted sysv init script (bsc#1191857)

    • mgr-create-bootstrap-repo: flush directory also when called for a specific label (bsc#1200573)

    • improve output (bsc#1201260)

    • remove python-tornado from bootstrap repo, since no longer required for salt version >= 3000

    • add missing packages on SUSE Linux Enterprise Server 12 SP5 bootstrap repo (bsc#1201918)

    • revert "bootstrap repo: set optional packages"


  • Add release and auxiliary GPG keys for RedHat

  • Add keys for Rocky Linux 9

    • RPM-GPG-KEY-redhat-release

    • RPM-GPG-KEY-redhat-auxiliary

    • RPM-GPG-KEY-Rocky-9


  • Removed Debian 9 references due to end of life and added missing Debian 11 info

  • Fixed description of default notification settings (bsc#1203422)

  • Added missing Debian 11 references

  • Documented helm deployment of the proxy on k3s and MetalLB in Installation and Upgrade Guide

  • Added secure mail communication settings in Administration Guide

  • Fixed path to state and pillar files

  • Documented how pxeboot works with Secure Boot enabled in Client Configuration Guide

  • Add repository via proxy issues troubleshooting page

  • Change import GPG key description

  • Added SLE Micro 5.2 and 5.3 as available as a technology preview in Client Configuration Guide, and the IBM Z architecture for 5.1, 5.2, and 5.3

  • Added command to remove the obsolete Python module on SUSE Manager Server 4.1 in the Installation and Upgrade Guide (bsc#1203026)

  • Mention CA certificate directory in the proxy setup description in the Installation and Upgrade Guide (bsc#1202805)

  • Documented mandatory channels in the Disconnected Setup chapter of the Administration Guide (bsc#1202464)

  • Documented how to onboard Ubuntu clients with the Salt bundle as a regular user

  • Documented how to onboard Debian clients with the Salt bundle or plain Salt as a regular user

  • Fixed the names of updates channels for Leap

  • Fixed errors in OpenSCAP chapter of Administration Guide

  • Removed CentOS 8 from the list of supported client systems

  • Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)

  • Added Extend Salt Bundle functionality with Python packages using pip

  • Salt Configuration Modules are no longer Technology Preview in the Salt Guide


  • Version 4.3.14-1

    • Add subtypes for Amazon EC2 virtual instances (bsc#1195624)

    • Fix migration of image actions (bsc#1202272)

    • improve schema compatibility with Amazon RDS


  • Version 4.3.25-1

    • Fix mgrnet availability check

    • Remove dependence on Kiwi libraries

    • disable always the bootstrap repository also when "mgr_disable_local_repos" is set to False

    • Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726)

    • fix syntax error - remove trailing colon (bsc#1203049)

    • Add mgrnet salt module with mgrnet.dns_fqnd function implementation allowing to get all possible FQDNs from DNS (bsc#1199726)

    • Copy grains file with util.mgr_switch_to_venv_minion state apply (bsc#1203056)

    • Remove the message 'rpm: command not found' on using Salt SSH with Debian based systems which has no Salt Bundle


  • Version 4.3.9-1


  • Version 4.3.2-1

    • Adjust sync_post_tftpd_proxies module to cobbler >= 3.3.1


  • Version 4.3.6-1

    • Do not allow creating path if nonexistent user or group in fileutils.


  • Version 4.3.6-1

    • improve schema compatibility with Amazon RDS

Version 4.3.1


  • Fix the URL for the package

  • Declare the LICENSE file as license and not doc


  • Fix the URL for the package

  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Update to version 0.1.1658330139.861779d

    • Fix deleting of unused boot images

    • Support deltas for system images (bsc#1201498)

    • Do not try to show changes in images (bsc#1199998)


  • Version 0.2.3

    • Compress exported sql data #16631


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Update to version 0.1.1658330139.861779d


  • Fix wrong logic on find_proxy method causing proxy not being used


  • Bump up the maxsize on a fixed-size C buffer to avoid breaking on some autogenerated rust packages

  • Flush stdout and stderr before execv of an end hook

  • Add support for Zstd compressed debs

  • Added alternative package name for db4-devel.


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Version 4.3.14-1

    • Fix missing argument on system_listmigrationtargets (bsc#1201003)

    • Show correct help on calling kickstart_importjson with no arguments

    • Fix tracebacks on spacecmd kickstart_export (bsc#1200591)

    • Change proxy container config default filename to end with tar.gz


  • Version 4.3.5-1

    • Simplified PostgreSQL14 requirement.

    • Update server-migrator to dist-upgrade to openSUSE 15.4


  • Version 4.3.15-1

    • cleanup leftovers from removing unused xmlrpc endpoint

    • Fix issues with "http proxy" not being used by reposync in some cases


  • Version 4.3.14-1

    • traditional stack bootstrap: install product packages (bsc#1201142)

    • display messages to restart services after certificate change

    • improve CA Chain checking by comparing authorityKeyIdentifier with subjectKeyIdentifier


  • Version 4.3.11-1

    • Update translation strings


  • Version 4.3.9-1

    • fix posttrans error "RHN-ORG-TRUSTED-SSL-CERT" not found


  • Version 4.3.35-1

    • Modify parameter type when communicating with the search server (bsc#1187028)

    • Fix hibernate error on deleting an image with delta

    • Changed logout method to POST on HTTP API (bsc#1199663)

    • Turned API information endpoints public (bsc#1199817)

    • Fix typo and ordering of JSON over HTTP API example scripts

    • Improved log handling in HTTP API (bsc#1199662)

    • set Channel GPG Key info from SCC data

    • set GPG Key Url as channel pillar data (bsc#1199984)

    • new API endpoint for addErrataUpdate, that take multiple servers as argument

    • Move ImageSync pillars to database (bsc#1199157)

    • Fix conflict when system is assigned to multiple instances of the same formula (bsc#1194394)

    • Fix initial profile and build host on Image Build page (bsc#1199659)

    • Convert formula integer values when upgrading (bsc#1200347)

    • Cleanup salt known_hosts when generating proxy containers config

    • Modify proxy containers configuration files set output

    • Change proxy containers config to tarball with yaml files

    • Fixed date format on scheduler related messages (bsc#1195455)

    • Improved dropdown layout handling

    • Fix download CSV

    • Hide authentication data in PAYG UI (bsc#1199679)

    • Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)

    • Show reboot alert message on all system detail pages (bsc#1199779)

    • Show patch as installed in CVE Audit even if successor patch affects additional packages (bsc#1199646)

    • Fix refresh action confirmation message when no system is selected

    • Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011)

    • Fix notification message on system properties update to ensure style consistency (bsc#1172179)

    • Fix containerized proxy configuration machine name

    • Improve CLM channel cloning performance (bsc#1199523)

    • Keep the websocket connections alive with ping/pong frames (bsc#1199874)

    • add detection of Ubuntu 22.04

    • fix missing remote command history events for big output (bsc#1199656)

    • fix api log message references the wrong user (bsc#1179962)

    • Consistently use conf value for SPA engine timeout

    • fix download of packages with caret sign in the version due to missing url decode

    • Add specific requirement for Cobbler 3.2.1 to not conflict with Leap 15.4

    • Fix send login(s) and send password actions to avoid user enumeration (bsc#1199629) (CVE-2022-31248)


  • Version 4.3.6-1

    • Add method to handle session id as String

    • Migrated from log4j1.x.x to log4j2.x.x

    • update ivy development files


  • Version 4.3.10-1

    • spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default instead of /etc/httpd/conf.d (bsc#1198356)

    • Allow alternative usage of perl-Net-LibIDN2.


  • Version 4.3.13-1

    • change gpg key urls to file urls where possible

    • spacewalk-hostname-rename now correctly replaces the hostname for the mgr-sync configuration file (bsc#1198356)

    • spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag for spacewalk-setup-cobbler

    • Add repositories for Ubuntu 22.04 LTS

    • Add AlmaLinux 9 and Oracle Linux 9 to spacewalk-common-channels

    • Add missing SLES 15 SP4 client tools repositories to spacewalk-common-channels.ini

    • add deprecation warning for spacewalk-clone-by-date

    • Add EPEL8 for Almalinux 8 and Rocky 8 in spacewalk-common-channels.ini

    • openSUSE Leap 15.4 repositories


  • Version 4.3.23-1

    • Update the version for the WebUI

    • Fix initial profile and build host on Image Build page (bsc#1199659)

    • Handle multi line error messages in proxy containers config creation

    • Hide authentication data in PAYG UI (bsc#1199679)

    • add textarea to formulas

    • Consistently use conf value for SPA engine timeout

    • Remove nodejs-packaging as a build requirement

    • Update translation strings


  • Declare the LICENSE file as license and not doc


  • Version 4.3.18-1

    • Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842)

    • Add clients tool product to generate bootstrap repo on OpenSUSE 15.x (bsc#1201189)

    • Add Oracle Linux 9 bootstrap repositories for Uyuni

    • Add AlmaLinux 9 bootstrap repositories for Uyuni

    • Add Red Hat Enterprise Linux 9 repositories for Uyuni

    • Make the Salt Bundle optional for bootstrap repositories for Debian 9 and SUSE Manager Proxy 4.2

    • Enable bootstrapping for Ubuntu 22.04 LTS

    • fix comment: migration without creating backup use -f option

    • bootstrap repo: set optional packages

    • Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606)

    • Update server-migrator to dist-upgrade to openSUSE 15.4


  • Version 15.4.3

    • Add Uyuni Client Tools key

    • Install keys for Client Tools Channels in salt filesystem to be able to deploy them to clients

    • Add openEuler 22.03 key

    • Add AlmaLinux 9 key

    • Add Oracle Linux 9 keys

    • RPM-GPG-KEY-openEuler

    • RPM-GPG-KEY-AlmaLinux-9

    • RPM-GPG-KEY-oracle

    • RPM-GPG-KEY-oracle-backup


  • Described disabling local repositories in Client Configuration Guide

  • Remove misleading installation screen shots in the Installation and Upgrade Guide (bsc#1201411)

  • Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)

  • Removed sle-module-pythonX in VM Installation chapter of Installation and Upgrade Guide because SUSE Manager 4.3 does not require it

  • In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly

  • Removed SUSE Linux Enterprise 11 from the list of supported client systems

  • Update section about changing SSL certificates

  • Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532)

  • Fixed 'fast' switch ('-f') of the database migration script in Installation and Upgrade Guide

  • Updated Virtualization chapter in Client Configuration Guide; more on limitation other than Xen and KVM

  • Added information about registering RHEL clients on Azure in the Import Entitlements and Certificates section of the Client Configuration Guide (bsc#1198944)

  • Fixed VisibleIf documentation in Formula section of the Salt Guide

  • Added note about importing CA certifcate in Installation and Upgrade Guide (bsc#1198358)

  • Documented defining monitored targets using file-based service discovery provided in the Prometheus formula in the Salt Guide

  • In Supported Clients and Features chapter in Client Configuration Guide, remove SUSE Linux Enterprise 11 (bsc#1199147)

  • Improve traditional client deprecation statement in Client Configuration Guide (bsc#1199714)


  • Version 4.3.13-1

    • update GPG key urls in channels set by spacewalk-common-channels

    • add gpg key info to suseProductSCCRepository (bsc#1199984)

    • Move ImageSync pillars to database (bsc#1199157)


  • Version 4.3.24-1

    • Fix issue bootstrap issue with Debian 9 because missing python3-contextvars (bsc#1201782)

    • Fix deploy of SLE Micro CA Certificate (bsc#1200276)

    • disable local repos before bootstrap and at highstate (bsc#1191925)

    • deploy GPG keys to the clients and define trust in channels (bsc#1199984)

    • Enable basic support for Ubuntu 22.04

    • Add port parameter to mgrutil.remove_ssh_known_host

    • Prevent possible tracebacks on calling from mgrcompat by setting proper globals with using LazyLoader

    • Fix bootstrapping for Ubuntu 18.04 with classic Salt package (bsc#1200707)

    • create CA certificate symlink on Proxies which might get lost due to de-installation of the ca package


  • Version 4.3.5-1

    • Fix reposync issue about 'rpm.hdr' object has no attribute 'get'


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc

Major changes since SUSE Manager Server 4.2

Base system upgrade

The base system has been upgraded to SUSE Linux Enterprise Server 15 SP4.

PostgreSQL 14

The database engine has been updated from PostgreSQL 13 to PostgreSQL 14, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, SUSE Manager 4.3 will refuse to start until the database migration from PostgreSQL 13 to PostgreSQL 14 has been completed successfully.


Salt 3004

Salt has been upgraded to upstream version 3004, plus a number of patches, backports, and enhancements by SUSE, for the SUSE Manager Server, Proxy, and Client Tools.

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt 3004 upstream release notes.

Salt as a Bundle

One of the areas that we want to address in SUSE Manager 4.3 is to co-exist with other configuration management tools, especially Salt-based, and Salt Bundle is what the team came up with as the solution. The Salt Bundle can be used on systems that already run another Salt Minion, that does not meet Salt’s requirements or already provide a newer salt version that is used instead of the version provided by SUSE Manager.

Salt Bundle is a single package called venv-salt-minion containing the Salt Minion, Python, and all Python modules. It is exactly the same version and codebase for the current salt-minion RPM package.

SUSE Manager 4.3 comes with the salt bundle and use it as the default way to bootstrap systems for all the supported operating systems.

On bootstrapping new clients the Salt Bundle package will be used instead of salt-minion if the package venv-salt-minion is present in the bootstrap repo.

Clients already registered will not be changed, but can be switched to Salt Bundle by applying the state util.mgr_switch_to_venv_minion to them. For more information see the Client Configuration Guide.

Salt SSH now uses the Salt Bundle

The Salt Bundle is now used to handle Salt SSH executions on the client side. The bootstrap of new Salt clients using webUI or API is now also using the Salt Bundle.

To ensure bootstrap works in the proper way, the bootstrap repositories for the clients must be regenerated before bootstrapping new clients.

The bootstrap repository regeneration happens for any given product when a resync for the product repositories happens:

  • For products provided by the SUSE Customer Center, added via de Setup Wizard or mgr-sync, this happens each night.

  • For products added via spacewalk-common-channels there is no automated resync by default, unless it was configured after adding the product. In this case, the regeneration needs to be trigger manually.

To manually trigger the regeneration, use the tool mgr-create-bootstrap-repo at the SUSE Manager Server.


Reporting Database

The reporting database provides SUSE Manager data used for reports in a simplified schema and is accessible by any reporting tool with support for SQL databases as content sources.

This new database is isolated from the one used for the SUSE Manager Server, and created automatically.

The tool uyuni-setup-reportdb-user can create new users who have read-only access to the data.

For more information on this topic, see Hub reporting.

Reporting Database documentation

The reporting database schema is now fully documented.

The documentation describes the schema in detail, showing all the tables and the views available and highlighting the relationships among them.

You can access it from the SUSE Manager Server WebUI, at Help > Report Database Schema, from the left navigation bar.

spacewalk-report now uses data from the reporting database

spacewalk-report will use the data from the report database by default. This change affects both new and updated setups.

This means that the newly generated reports will differ in the structure and the format of the data and might break existing integrations.

If this change causes trouble in your use case, the new option --legacy-report can be used to fall back to the old report engine.

For a comprehensive list of what is changed and what reports are affected, see the section "Generate Reports" at the Administration Guide.

Improved image management

SUSE Manager 4.3 comes with a lot of improvements for image management.

  • Kiwi images:

    • Uses name and version from Kiwi config file, revision is increased on each build

    • Built image files are referenced in the database and deleted with the image entry

    • Image pillars are stored in the database

    • The build log is visible in the User Interface

  • Docker images:

    • Use a new database entry for each revision

    • Old revision can be shown with the "Show obsolete" checkbox

  • Updated XML RPC API to manipulate with images, image files and pillars:

Technology Previews

Containerized SUSE Manager Proxy and Retail Branch Server

Starting with SUSE Manager 4.3, it will be possible to run the SUSE Manager proxy and Retail branch server also in containers. This could be very helpful in scenarios where adding new virtual machines is not feasible for some reason. Additionally, the ability to run SUSE Manager Proxy and Retail branch servers in containers make it more flexible to run them anywhere without worrying about the underlying OS. Moreover in the future, it will allow users to install SUSE Manager components on top of Kubernetes, increasing flexibility and future viability.


With SUSE Manager 4.3, in addition to the current XML-RPC API, a new JSON over HTTP API will also be provided to make SUSE Manager API even easier to consume.

SUSE Manager is seeing more and more use in automated scenarios, where it is a part of a bigger system and is driven via its APIs. The XML-RPC protocol has served users well so far and will continue to do so, but HTTP APIs are more in demand and have better tooling support.

The API documentation has been updated to reflect the changes to support the HTTP API, and is available at the SUSE Manager Server WebUI under About > API, and at the online documentation

Usage examples can be found in the "Sample scripts" section of the documentation.

With the addition of the JSON over HTTP API documentation:

  • Mandatory names to the input parameters for each method were added

  • Information about the HTTP request type (GET or POST) was added

  • Example scripts to consume the HTTP API via Curl were added

New products enabled

  • Debian 11

  • SUSE Linux Enterprise 15 SP4

  • SUSE Linux Enterprise Micro 5.2 (tech preview)

For more information about the registration process, refer Registration section, and for more information about supported features, consult Supported Features.


HTTP Strict Transport Security

HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.

SUSE Manager allows enabling HSTS, to enable it for a SUSE Manager Server:

  • Edit /etc/apache2/conf.d/zz-spacewalk-www.conf

  • Uncomment the line # Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

  • Restart Apache with systemctl restart apache2

To enable it for SUSE Manager Proxies:

  • Edit /etc/apache2/conf.d/spacewalk-proxy.conf

  • Uncomment the line # Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

  • Restart Apache with systemctl restart apache2

IMPORTANT: Once HSTS is enabled while using the default SSL certificate generated by SUSE Manager or a self-signed certificate, browsers will refuse to connect using HTTPS unless the CA used to sign such certificates is trusted by the browser. If you are using the SSL certificate generated by SUSE Manager, you can trust it by importing the file located at http://<SERVER-HOSTNAME>/pub/RHN-ORG-TRUSTED-SSL-CERT to the browsers of all users.


Grafana 8.3.5

SUSE Manager 4.3 comes withe the newer Grafana from version 7.5.12 to 8.3.5.

This update fixes several security vulnerabilities:

  • XSS vulnerability in handling data sources (CVE-2022-21702)

  • Cross-origin request forgery vulnerability (CVE-2022-21703)

  • Insecure Direct Object Reference vulnerability in Teams API (CVE-2022-21713)

  • GetUserInfo: return an error if no user was found (CVE-2022-21673)

Updating Grafana is strongly recommended.

Relevant changes are:

  • New Alerting for Grafana 8

  • CloudWatch: Add support for AWS Metric Insights

  • CloudWatch: Add AWS RoboMaker metrics and dimension

  • CloudWatch: Add AWS Transfer metrics and dimension

  • CloudWatch: Add AWS LookoutMetrics

  • CloudWatch: Add Lambda@Edge Amazon CloudFront metrics

  • CloudMonitoring: Add support for preprocessing

  • CloudWatch: Add AWS/EFS StorageBytes metric

  • CloudWatch: Add Amplify Console metrics and dimensions

  • CloudWatch: Add metrics for managed RabbitMQ service

  • Elasticsearch: Add support for Elasticsearch 8.0

  • AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers

  • AzureMonitor: Add Azure Resource Graph

  • AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics

Check the upstream changelog for more details on what has changed.

There is one breaking change:

  • Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.

SUSE Manager does not use Grafana alerting, so if you do not need it, you can disable it at the Grafana WebUI.

If you use legacy Grafana alerting in your environment, consider migrating to new Grafana 8 alerting.

Prometheus 2.32.1

SUSE Manager 4.3 comes withe the newer Prometheus from version 2.27.1 to 2.32.1.

The new version contains some breaking changes that need to be addressed after the SUSE Manager is updated.

Breaking changes:

  • Uyuni Service Discovery: The configuration and the returned set of meta labels have changed. Please check the upstream documentation for more details.

  • As a consequence all users with existing monitoring setup must reapply the highstate on the monitoring server(s).

Important changes:

  • Introduced generic HTTP-based service discovery.

  • New expression editor with advanced autocompletion, inline linting, and syntax highlighting.

  • Discovering Kubernetes API servers using a kubeconfig file.

  • Faster server restart times via snapshotting.

  • Controlling scrape intervals and timeouts via relabeling.

Check the upstream changelog for more details on what has changed.


Adding systems with failed/completed actions to System Set Manager

It is now possible to select and add systems that failed or completed actions, with a new button Add Selected to SSM that shows for the actions at "Completed Systems" and "Failed Systems".

You can the find the actions at the SUSE Manager Server WebUI, at Schedule on the left navigation bar.

This can be useful to fix issues with systems that failed to complete actions, or to run more actions on those that completed them.

Product Migration

With SUSE Manager 4.3, it is now possible to migrate products even if the target product doesn’t have some of the successors. This is a common scenario in the case of LTSS, where migrating from an LTSS version to the next service pack doesn’t have LTSS successor module.

Now it is up to the user to decide if they want to migrate or not. SUSE Manager will display enough information about the missing successors.

Besides the UI, it is also possible to do it using the API.

New XML-RPC API version 26

SUSE Manager 4.3 updates the XML-RPC API version from 25 to 26.

As CaaSP support has been dropped that also means that corresponding cluster Management APIs have been also removed.

If any of your scripts are checking for the version 25, you can change them to use version 26 without any further changes.

smdba: changed defaults for newer PostgreSQL versions

Starting with PostgreSQL 13, some defaults have changed.

To improve performance, smdba autotuning was adapted to use the new values.

Additionally an extra paramater --ssd was added to autotuning to tell smdba that the database is stored on ssd or fast network storage.

To change an existing configuration with the new defaults call

  smdba system-check autotuning

Remember you can also adjust some other parameters, in case you need them:

   smdba system-check autotuning [--max_connections=<number>] [--ssd]

Dropped features

CaaSP support

We had added CaaSP support in previous versions but unfortunately, CaaSP got disconnected and no further development will be happening there.

The currently released versions of CaaSP will soon be going EOL and this naturally implies that we should also remove all the bits related to it from SUSE Manager.

Deprecated features

Traditional Stack has been deprecated

With SUSE Manager 4.3 release, traditional stack has been deprecated.

The release that follows SUSE Manager 4.3 will not support traditional clients and traditional proxies, and is planned for 2023. We encourage all new deployments to use Salt clients and Salt proxies exclusively, and to migrate existing traditional clients and proxies to Salt.

'spacewalk-clone-by-date' has been deprecated

With SUSE Manager 4.3 release, spacewalk-clone-by-date tool has been deprecated. With CLM (Content Lifecycle Management), we believe customers have a better alternative to spacewalk-clone-by-date, which is much more flexible and powerful. CLM provides a comprehensive API to cover all the important features that spacewalk-clone-by-date tool offers.

We highly encourage users to migrate their workload and scripts to CLM.

Unsupported products

  • Red Hat Enterprise Linux 6

  • SUSE Linux Enterprise Server Expanded Support 6

  • Oracle Linux 6

  • CentOS 6

  • CentOS 8

  • CentOS stream

  • Ubuntu 16.04

  • SUSE Linux Enterprise Server 11

  • Debian 9

We encourage you to migrate your workload to a newer version of each distribution, or to an alternative distribution that is still supported, so you can continue managing your infrastructure with SUSE Manager.

Please note that we will not break things on purpose for these unsupported products, and there is a possibility that they could still continue to work. But if things break, there will not be any support provided, not even on a best-effort basis.

Deprecated products

  • Ubuntu 18.04

The support policy of SUSE Manager clients can be summarized as: "if the operating system is under general support by its vendor, then SUSE Manager supports it as a client".

After the EOL of a product, for a grace period of 3 months, a product will be considered as deprecated before moving to unsupported.

For deprecated products, support will only be provided on a best-effort basis.


Upgrading with SUSE Manager Proxy

SUSE Manager Server 4.3 works with SUSE Manager Proxy 4.1/4.2 and SUSE Manager Retail Branch Server 4.1/4.2 but only for upgrade purposes. The product is not intented to be used in a mixed-version scenario in production. When upgrading, upgrade the SUSE Manager Server first, followed by the SUSE Manager Proxy and Retail Branch Servers.

There is a known issue when migrating to 4.3, please consult the Known Issues section for more detail.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail Branch Servers are in use, see the Upgrade Guide on

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.


Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig on the SUSE Manager Server, the output will contain information about your clients as well as about the Server. In particular, debug data for the subscription matching feature contains a list of registered clients, their installed products, and some minimal hardware information (such as the CPU socket count). It also contains a copy of the subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball before sending it to SUSE.

Support for Ansible package

Ansible package is only L2 supported on SUSE Linux Enteprise 15 SP3 or newer. It is also provided on SUSE Manager Proxy and SUSE Manager Retail Branch Server. However, it is not available on SLE-Micro.

Support for SLE Micro

SLE Micro is only supported as a Salt minion. The traditional stack will not be supported.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage (e. g. Cobbler command-line) is not supported.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. For more information about product support, see Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to assisting you to bring production systems to a supported state. This could be either by migrating to a supported service pack or by upgrading to a supported product version.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports RHEL/Oracle Linux 7, 8 and 9.

SUSE Manager has the ability to mirror all entitled content for the supported operating systems. Although SUSE Manager doesn’t assign content for specific systems using subscription-manager, it does rely on it initially to retrieve the list of repositories that are available. By utilizing the same EUS channels that RedHat provides, customers can limit content to individual dot releases.

CentOS Stream is explicitly not supported by SUSE. You may try to register CentOS Stream clients by:

  1. Using the spacewalk-common-channels command-line tool to synchronize the product

  2. Using the CentOS Stream client tools from the upstream Uyuni Project.

Note: Direct sync’ing ULN repos with SUSE Manager are not currently supported. An Oracle Local Distribution for ULN must be used. To set up a local ULN mirror, please consult the Oracle documentation provided at the following link

Support for SUSE Liberty Linux

SUSE Manager supports SUSE Liberty Linux 7, 8 and 9. SUSE Liberty Linux clients are sometimes also called SUSE Linux Enterprise Server with Expanded Support (SLESES) or simply RES.

For a detailed list of supported features, check the Client Configuration Guide.

Support for Rocky Linux & AlmaLinux

SUSE Manager supports Rocky Linux 8/9 and AlmaLinux 8/9.

For a detailed list of supported features for AlmaLinux, check the Client Configuration Guide. For a detailed list of supported features for Rocky Linux, check the Client Configuration Guide.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 18.04 LTS, 20.04 LTS and 22.04 LTS clients using Salt. Traditional clients are not supported.

Support for Ubuntu is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 10 "Buster" & Debian 11 "bullseye" clients using Salt. Traditional clients are not supported.

Support for Debian is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers the same functionality that is supported for the x86_64 architecture. Client tools are not available yet from SCC but the CentOS 7 client tools from Uyuni can be enabled using spacewalk-common-channels. CentOS 8 is dead.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is limited to problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering, and basic troubleshooting using available documentation. At the time of writing, any problems or bugs specific to RHEL and CentOS on ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional support or features for these operating systems.

SCAP Security Guide support

SUSE provide scap-security-guide package for different openscap profiles. In the current version of scap-security-guide, SUSE supports the following profiles:

  • DISA STIG profile for SUSE Linux Enterprise Server 12 and 15

  • PCI-DSS profile for SUSE Linux Enterprise Server 12 and 15

  • HIPAA profile for SUSE Linux Enterprise Server 12 and 15

Other profiles, like the CIS profile, are community supplied and not officially supported by SUSE.

For Non-SUSE OSs, please note that the included profiles are community supplied and not officially supported by SUSE.

Browser support

Microsoft Internet Explorer fails to render some parts of the SUSE Manager Web UI and is therefore not a supported browser, in any version.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The SUSE Unified Installer, and installing SUSE Manager on top of Minimal-VM images (formely known as SLE JeOS), are the only supported mechanisms to install SUSE Manager.

Known issues

PAYG Connection requirement

For a fully operational PAYG Connection for clients, it’s crucial to have the "instance-flavor-check" tool, which is bundled within the "python-instance-billing-flavor-check" package. While this package is automatically installed on all newly created instances, for older running instances, manual installation is necessary to prevent potential errors. If you’re working with older Cloud instances, you can install this package manually from the Public Cloud Module.

Ubuntu/Debian: duplicate entries in sources.list

Due to a (bug) in the python3-apt package, a conflict arises with the signed-by repository option. This issue stems from the interaction between the Salt aptpkg module, which relies on the aptsources module provided by the python-apt package.

Presently, the code only recognizes arch and trust options, while any other valid options cause "aptsources" to classify the repository as invalid. This can lead to duplicated entries in the /etc/apt/sources.list file on each highstate run, potentially inflating its size significantly.

Although the patch has been submitted upstream, we are still awaiting its official release.

In the meanwhile, please vist for more information about the issue and possible workarounds.

No Ubuntu/Debian support in PAYG image in AWS

SUSE Manager PAYG syncs products from the SUSE Update infrastructure, which is powered by RMT underneath. Unfortunately, RMT currently only supports repomd structures, preventing the inclusion of Ubuntu/Debian products in SUSE Manager PAYG.

Nonetheless, users who need to manage on-premise or BYOS systems must include SCC credentials. Once SUSE Manager establishes a connection with SCC, it can seamlessly synchronize the Ubuntu/Debian products, allowing users to access them.

We are actively working to overcome this limitation on the RMT side, with the goal of enabling Ubuntu/Debian product synchronization in SUSE Manager PAYG without the need for additional SCC credentials.

Automated RHUI credential update

Red Hat Enterprise Linux 9 clients may encounter SSH connectivity issues with the standard configuration. To resolve this, they must be configured with the crypto policy set to "LEGACY" in order to establish a connection.

Before attempting to set up the SSH connection, please use the following command:

sudo update-crypto-policies --set LEGACY

While for Red Hat Enterprise Linux 7 clients, ensure that you update the instance first before proceeding with any further steps.

Upgrading clients

SUSE Manager 4.3.6 includes Salt 3006.0, which brings along a patch for this Salt update. However, applying this patch through SUSE Manager along with other updates may introduce a well-known issue known as "upgrading Salt with Salt scenario." This scenario can be problematic and may lead to errors similar to the one mentioned below.

File "/usr/lib/venv-salt-minion/lib64/python3.10/site-packages/salt/loader/", line 72, in value
        return loader.pack[]
    KeyError: '__opts__'

While we address this concern for the salt-minion, it was inadvertently overlooked for the venv-salt-minion. While the upcoming MU will incorporate the necessary fix, it is generally advised to upgrade salt separately from other updates.

Workaround: Upgrade the salt package separately from other updates, in isolation.

SUSE Linux Enterprise Server Micro 5.x onboarding issue

When onbaording SUSE Linux Enterprise Server Micro 5.x, the necessary files are failing to synchronize from the server to the minion, leading to unsuccessful minion registration. As a consequence, the /var/cache/venv-salt-minion directory may not be fully populated after attempting to onboard the SUSE Linux Enterprise Server Micro minion. This issue can hinder proper onboarding and may result in a warning message similar to the one shown below:

/var/log/venv-salt-minion.log: No validate function found for reboot_info, running basic beacon validation.

Workaround: Execute venv-salt-call saltutil.sync_all on the minion and then restart the venv-salt-minion service

CVE-2022-46146 fix for Ubuntu 22.04

CVE-2022-46146 has impacted Ubuntu 22.04, and unfortunately, there is currently no solution in place due to the unavailability of an upstream fix for the toolkit. However, it is important to note that other versions of Debian and Ubuntu either remain unaffected or have already been addressed with the necessary fixes.

Proxy sync issue

We have received reports of an issue where the /var/lib/cobbler/pxe_cache.json does not accurately reflect the files pushed to the proxies, causing problems for some customers.

To resolve this, we recommend deleting the entire tree once on each proxy and deleting the /var/lib/cobbler/pxe_cache.json file. After this, performing a cobbler sync will correctly update the pxe_cache.json and push all necessary files. From then on, deletions will be propagated correctly.

Monitoring: SUSE Linux Enterprise Server Micro

When enabling the monitoring formula on a transactional system like SUSE Linux Enterprise Server Micro 5, the necessary services are not enabled and started by the highstate.

Workaround: The proposed workaround is to manually enable and start the corresponding exporter’s service on the minion.

Containerized Proxy & Retail Branch server

Although this is fully supported, there are a couple of limitations that the user needs to be aware of.

  • Scaling the pod up in a Kubernetes environment will not work since multiple squid instances would access the same cache volume.

  • The Containerized Proxy cannot be used to set up DHCP and DNS services on the same host like a normal Proxy. By design, it can only work with external DHCP and DNS servers.

  • Once POS image is build and made available on SUSE Manager Server, it is immediately available to the Saltboot clients as well. Image synchronization is not needed, nor available. This may have implications on how images are deployed to production.

GPG keys acceptance issue

Some Enterprise Linux distributions do not trust their own GPG key for package installation. In case of GPG key errors, try to import the GPG key manually. The key files are installed but the name depends on the OS

CentOS Linux 7: '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7'
CentOS Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial'
AlmaLinux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux'
AlmaLinux 9: '/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux'
Rocky Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial'
Rocky Linux 9: '/etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial'
Red Hat Enterprise Linux Server 7: '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release'
Red Hat Enterprise Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release'
Red Hat Enterprise Linux 9: '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release'
Amazon Linux 2: '/etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-linux-2'
Oracle Linux 7: '/etc/pki/rpm-gpg/RPM-GPG-KEY-oracle'
Oracle Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-oracle'
Oracle Linux 9: '/etc/pki/rpm-gpg/RPM-GPG-KEY-oracle'

Workaround: Import the keys using the following command:

$> rpm --import /path/to/key/file

We are working on a final solution to automate this.


  • AlmaLinux 8 repository URLs have been changed to use the mirrors list. To use the new URLs on an existing installation, updating and then running "mgr-sync refresh" or waiting for its nightly execution is required. Please update as soon as possible. New updates for AlmaLinux cannot be fetched from the server until this change happened.

  • Because of an upstream bug, the original package shipped with AlmaLinux 8.5 is providing a broken repository file (containing duplicated identificators). We have already reported this issue to AlmaLinux.

    Workaround: Update the package almalinux-release before registering the instance to SUSE Manager so at least the version 8.5-3 is installed.

UI discrepancies

SUSE Manager 4.3 comes with a new look and feel. We have fixed most of the known issues related to this but there could be still some UI discrepancies because susemanager-light and susemanager-dark themes are under active development. If the user faces any issue related to UI, we suggest reporting a bug. In the meanwhile, one can also choose to fall back to uyuni theme which is older but more mature.

To change a theme, the user needs to login into SUSE Manager and then choose the needed theme from the dropdown list under Home → My Preferences→ Style Theme.

Migration from 4.1 and 4.2 to 4.3

SUSE Manager 4.3 is the base product for SLE15 SP4, this applies to Server, Proxy, and Retail Branch Server. In SLE 15 SP4, sle-module-python2 is no longer available (in favor of sle-module-python3). This means that migration(using yast2 migration or zypper migration) from 4.1/4.2 to 4.3 will not work without deactivating this module first. yast2 and zypper raise the following error if the module is still activated during migration

Can't get available migrations from server: SUSE::Connect::ApiError: There are activated extensions/modules on this system that cannot be migrated.
Deactivate them first, and then try migrating again.
The product(s) are 'Python 2 Module 15 SP3 x86_64'.
You can deactivate them with:
SUSEConnect -d -p sle-module-python2/15.3/x86_64

As suggested in the error message one can deactivate the module using SUSEConnect -d -p sle-module-python2/15.3/x86_64.

After this, migration should work.

Migration of SUMA Proxy 4.2 to 4.3

When upgrading SUSE Manager Proxy 4.2 based on JeOS image to 4.3, before proceeding with the migration, please uninstall the kernel-default-base package, otherwise, the migration will not work.

CLM and custom repositories

When building a CLM project, if it includes custom channels with custom repositories. The custom repositories might not be selected in the new cloned custom channels. As workaround, one can go to the new cloned custom channels, select the custom repositories and synchronize them.

Container build host and salt bundle

Container build host will not work with salt bundle. We are working on the fix. In the meanwhile, in the case of Container build host, don’t use Salt bundle but rather a normal Salt.

Bootstrap with web UI using non-root user

Onboarding of clients with the non-root user from SUSE Manager UI fails the following error:

ERROR com.suse.manager.webui.controllers.utils.AbstractMinionBootstrapper - Error during bootstrap: SaltSSHError(13, stderr: "", stdout: "ERROR: Failure deploying ext_mods:"

The root cause of this problem is wrong ownership of salt thin directory when using the salt bundle.

Workaround: Once bootstrap fails, run chown -R $USER:$GROUP /var/tmp/.*_salt once and try onboarding again, it shouldn’t fail this time.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager as Salt minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it to SUSE Manager as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a SUSE Manager traditional client works fine.

Registering a SUSE Manager traditional client as a SUSE Manager Salt minion will also work.

Works Fails

RH Satellite 5.x ⇒ SUSE Manager traditional

RH Satellite 5.x ⇒ SUSE Manager Salt minion

SUSE Manager traditional ⇒ SUSE Manager Salt minion

In order to register Red Hat Satellite 5.x clients to SUSE Manager as Salt minions, you will need to modify the bootstrap script to remove the Satellite agent packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as Red Hat Satellite 5.x clients

Providing feedback

If you encounter a bug in any SUSE product, please report it through your support contact or in the SUSE Forums:


Latest product documentation:

Technical product information for SUSE Manager:

These release notes are available online:

Visit for the latest Linux product news from SUSE.

Visit for additional information on the source code of SUSE Linux Enterprise products.

SUSE Software Solutions Germany GmbH
Frankenstraße 146
D-90461 Nürnberg
Tel: +49 (0)911 740 53 - 0
Registrierung/Registration Number: HRB 36809 AG Nürnberg
Managing Director/Geschäftsführer: Ivo Totev

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2023 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list ( All third-party trademarks are the property of their respective owners.


Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.