Shortly after releasing Proxmox Virtual Environment 9.1, Proxmox Server Solutions GmbH has just unveiled its Backup Server 4.1, an open-source, enterprise-grade backup solution specifically designed for backing up VMs, containers, and physical hosts, bringing an updated Debian 13.2 base, a new stable Linux kernel 6.17, and ZFS 2.3.
The release expands traffic control capabilities by allowing rules based on the authenticated Proxmox Backup Server user. Administrators can now prioritize or limit backup and restore bandwidth per user, complementing the existing network-based rules.
Verification jobs also receive a notable upgrade. Because backup snapshot verification is both I/O- and CPU-intensive, the number of threads used for disk reads and checksum validation can now be configured. Depending on hardware and workload, tuning these values can reduce verification runtimes and allow verification tasks to coexist more efficiently with other operations.
For deployments using S3-compatible storage, Proxmox adds bandwidth rate limiting for S3 endpoints. Backup and restore operations to and from S3 can now be capped to prevent congestion, particularly in shared or constrained networks.
The S3 backend also receives a broad set of fixes and improvements, including adjusted timeouts, better retry logic, more permissive header handling, and corrections to cache behavior and garbage collection.
Moreover, the web interface receives several refinements, including improved high-resolution rendering, corrected list sorting, updated translations, and fixes to WebAuthn handling. Users outside the PAM realm can now access the shell after authenticating with valid PAM credentials, provided they hold the required privileges.
Backend updates range from improved locking and chunk handling to more robust behavior during sync jobs, garbage collection, and datastore operations. Removable datastores can now be automatically unmounted after a sync completes, and removable datastores can be created at a device’s root directory.
Additional changes reduce race conditions, improve fingerprint validation, and address scenarios where the server could become unresponsive.
The S3 backend, still marked as a technology preview, receives extensive stability work. Enhancements include better handling of missing headers, reduced connection churn, improved protection against malicious clients, and corrections to corruption detection and cache eviction. Numerous fixes address race conditions, chunk reuse, and restore behavior.
Client-side changes ensure ZIP archives created during directory restores preserve symlinks. Access control improvements fix issues with user creation in specific realms, OpenID Connect logins, and passkey compatibility. New API endpoints support token-owned authentication tickets.
Lastly, the installation ISO now allows pinning network interface names to prevent changes across kernel versions and adds several improvements to the automated installer. System management tools gain additional troubleshooting information, fixes for VMScape-related mitigations, improved mail handling, and more resilient upgrade tooling.
For more details, check out the release announcement or the full changelog, which lists all changes. The new version is now available for download, with easy installation via ISO on bare-metal hardware.
