Dynamic Load Balancing with the Cluster Resource Scheduler (CRS).

Proxmox VE 9.2

Released 21. May 2026

• Based on Debian Trixie (13.5)
• Latest 7.0 Kernel as new stable default
• QEMU 11.0
• LXC 7.0
• ZFS 2.4
• Ceph Squid 19.2.3
• Ceph Tentacle 20.2.1

Highlights

• Dynamic Load Balancing with the Cluster Resource Scheduler (CRS).
  In dynamic scheduling mode, the CRS uses real-time node and guest resource utilization metrics to balance HA-managed guests.
  The new load balancer can automatically migrate HA-managed guests to lower the overall node imbalance across the cluster.
  The behavior and sensitivity of the load balancer can be tuned with various parameters in the HA panel or the datacenter options.
• Numerous improvements to the Software Defined Networking (SDN) stack:
  Add WireGuard and BGP as new fabric protocols.
  Add support for route maps and prefix lists for fine-grained BGP/EVPN route filtering.
  Further additions include route redistribution for OSPF fabrics, additional options for configuring EVPN controllers, and IPv6 underlay support for EVPN.
• Management of custom CPU models from the web interface.
  A new section in the Datacenter → Guest Resources/Hardware allows creating, editing, and removing custom CPU models from the web interface.
  Custom CPU models allow tailoring the virtual CPU exposed to VMs to a specific set of features.
  The VM CPU flags selector indicates the supported flags on each cluster node, making cluster-wide compatibility issues easier to spot up front.
• Disarm and arm HA for safer cluster maintenance.
  The HA stack can now be disarmed cluster-wide via the new disarm-ha and arm-ha CRM commands.
  This allows for planned, cluster-wide maintenance work, such as changes in the cluster network, without triggering any node fencing events.
  The HA resource state is preserved during the disarm window so HA resources return to their previous state after the maintenance is completed.
• Kernel 7.0 as new stable default.
• Ceph Tentacle 20.2.1 is available as stable option.

🖥️ Web Interface (UI) Improvements

• Bulk actions now show parallel worker count (with backward-compatible fallback).
• Task viewer improved with direct “Download log” button and better task timing accuracy.
• Login flow enhancements (deep-link preservation, stable realm selection, safer logout reset).
• Improved resource views (nested pools grouping, added architecture column).
• Multiple UI fixes (sorting, scrolling issues, layout cleanup).
• Mobile UI improvements including firewall view and consistent container/VM layout.

💻 Virtual Machines (QEMU/KVM) – Major Updates

• Updated to QEMU 11.0.
• GUI support for creating and managing custom CPU models.
• Improved Windows/UEFI certificate enrollment (GUI + API).
• Stronger snapshot handling (including TPM state and long-running snapshots).
• Major migration stability fixes (race conditions, HA-related issues, cloud-init handling).
• Enhanced QEMU guest agent (better file reading, freeze/thaw controls).
• ARM/aarch64 VM support expanded (still experimental).
• Many security and compatibility warnings added for safer configurations.
• Improved VM logs and error messages for troubleshooting.

📦 Containers (LXC 7.0) – Key Changes

• New LXC 7.0 release integrated.
• Per-mount UID/GID mapping (idmap support for unprivileged containers).
• Better filesystem attribute handling (keepattrs option).
• Improved OCI image compatibility (user handling, systemd networking).
• Security hardening against AF_ALG exploitation.
• Fixes for cloning, networking, timezone handling, and IPAM duplication.
• Added tmpfs /dev/shm for OCI compliance.

⚡ High Availability (HA) System

• New dynamic load balancing (Cluster Resource Scheduler) for automatic VM redistribution.
• “Disarm/arm HA” feature for safe cluster-wide maintenance.
• Stronger enforcement of migration rules and affinity constraints.
• Improved stability during migrations and state transitions.
• Better HA logging and watchdog diagnostics.
• Fixes for stuck resources and race conditions.

💾 Backup, Storage & Ceph

• Improved backup job UI (search, filtering, selection counters).
• Storage fixes for qcow2 sizing, CIFS, LVM, and PBS token handling.
• Ceph Tentacle 20.2 support added.
• Fixed Ceph pool stats, OSD creation, and monitor logging issues.
• Improved OVF/OVA import security (sandboxed parsing).
• Better error reporting for storage failures.

🌐 Networking & SDN (Major Expansion)

• Added WireGuard fabric support (encrypted node-to-node tunnels).
• Added BGP fabric support with EVPN/OSPF enhancements.
• Support for route maps, prefix lists, and route redistribution.
• IPv6 improvements across SDN (EVPN, VXLAN, routing fixes).
• Many fixes for VLAN/QinQ, IPAM, firewall rules, and DNS issues.
• SDN now supports dry-run configuration testing.

🔐 Security Improvements

• Fixed multiple VNC API vulnerabilities (session hijacking risks).
• Patched privilege escalation issues (containers, AF_ALG, etc.).
• Stronger permission checks for HA and VM operations.
• Hardened migration tunnels and API authentication behavior.
• Improved handling of certificates and token-based access.

🛠️ Installation & System Tools

• PXE/iPXE auto-install ISO support added.
• Improved IPv6-only installation support.
• Better installer reliability and error reporting.
• Certificate validation improved to prevent TLS mismatches.
• Enhanced post-install hooks and ISO inspection tools.

⚙️ Core System & Kernel Updates

• Updated kernel support (Linux 7.x compatibility).
• Multiple backports for stability (ZFS, USB, drivers, AppArmor).
• Improved authentication error consistency.
• Fixes for crashes, memory issues, and hardware compatibility.

⚠️ Known Issue

• Upgrading while HA is disarmed during active migrations can stall upgrades.
• Fix: re-arm HA or wait for migrations to complete before upgrading.