Skip to main content

2.0.0

Architectural changes

Go

  • Backend rewritten from the ground up in Go, replacing Node.js and Next.js. The stack is more scalable, uses less RAM, and is significantly more performant.
  • sqlc is used for type-safe SQL against PostgreSQL (compile-time checked queries instead of ad-hoc ORM access patterns).
  • golang-migrate is used for database migrations (replacing Prisma ORM).
  • Structured logging with the standard library log/slog for cleaner, machine-parseable logs in production.

Background jobs and automation

  • Background work is handled by asynq on Redis instead of BullMQ. PatchMon no longer ships the embedded Bull Board stack; queue visibility and triggers live in the existing Automation UI, which reduces attack surface, image size, and operational complexity.

Docker

  • Docker is the officially supported deployment method going forward; bare-metal installs are discontinued. A migration document describes the upgrade path.
  • Hardened base images are used. They ship with near-zero CVEs and a smaller footprint.
  • No separate frontend container: static React build artifacts are embedded in the Go binary. The container runs that binary (by default on port 3000) with chi: /api/* is handled by the server, so nginx inside PatchMon is no longer required. You still use nginx or another reverse proxy in front for TLS termination and public access as usual.
  • A Guacamole (guacd) sidecar is included for Windows RDP. It is separate for now; RDP/VNC for Windows is an area we intend to improve.

API documentation

  • OpenAPI 3 spec is served at /api/v1/openapi.json, with Swagger UI under /api/v1/api-docs (authenticated) for exploring integration endpoints.

New features

  • Linux patching: Deploy updates per host or in bulk, on demand or on a schedule. Policies support host/group assignments and exclusions; runs support approval, stop, retry validation, and live log streaming over WebSocket.
  • Microsoft Windows agent (beta) and FreeBSD agent support.
  • Windows Updates (beta Windows agent): server APIs for update results, reboot state, superseded cleanup, and approved-guid sync, aligned with the new Windows agent.
  • Advanced monitoring & alerting: richer alert lifecycle (including assignment and bulk actions), optional advanced alert configuration for tuning and cleanup where your edition includes it.
  • Notifications: first-class destinations (SMTP, webhooks, ntfy), routes, delivery log, and scheduled reports so operational signals leave PatchMon reliably.
  • Environment variables in the GUI: many settings that were previously only in process environment can be viewed and edited from the Settings UI (per-key updates, with sensible validation), so you change less by hand in compose or shell env for day-to-day tuning.
  • OIDC / SSO: configure OpenID Connect from the same Settings area, including import from environment when you are migrating from a file-based or container env setup.

Other improvements

  • Compliance / OpenSCAP: SSG and CIS benchmarking content is bundled in the server binary at build time. Agents no longer pull scanning content from GitHub; everyone shares one versioned source of truth and less outbound traffic from agents.
  • SSO: improved sign-in flows and Entra ID integration compared to 1.4.x OIDC edge cases (e.g. redirect loops with auto SSO).
  • Dashboard: additional cards and data surfaces; dashboard layout preferences carry forward in the new UI.
  • Host integration config: apply pending config from the server so integration changes are applied to agents in a controlled, observable way.
  • Settings reliability: server URL and related configuration are reimplemented on the Go stack with database-backed resolution, addressing classes of “settings did not persist” issues from the Node era.
  • Reverse proxy awareness: continued correct use of forwarded headers for HTTPS/WSS behind proxies (without the Bull Board-specific HTTP quirks from 1.4.x).
  • Optional admin pprof: when enabled, CPU/memory profiling endpoints are available to administrators for performance investigation.

Packaging and editions

  • Features are grouped into capability modules (e.g. patching policies, advanced alerts, custom branding, Docker inventory, compliance depth, AI assist, remote access). Core workflows stay simple; larger deployments can enable more surface area where their subscription or license allows. See in-app Context / billing documentation for your tenant.

Known issues

  • Remote Desktop (RDP): there is a known bug with the RDP connection flow in this release. A fix is planned for the next release.

Migrations

This covers migration for Docker, Proxmox community scripts, and legacy setup.sh installs:

Migrating from 1.4.2 to 2.0.0

Back to top