Merge pull request #336 from PatchMon/release/1-3-5

put bash in for proxmox

agents/proxmox_auto_enroll.sh

@@ -197,6 +197,40 @@ while IFS= read -r line; do
         continue
     fi
 
+    # Check if agent is already installed and working BEFORE enrollment
+    info "  Checking if agent is already configured..."
+    config_check=$(timeout 10 pct exec "$vmid" -- bash -c "
+        if [[ -f /etc/patchmon/config.yml ]] && [[ -f /etc/patchmon/credentials.yml ]]; then
+            if [[ -f /usr/local/bin/patchmon-agent ]]; then
+                # Try to ping using existing configuration
+                if /usr/local/bin/patchmon-agent ping >/dev/null 2>&1; then
+                    echo 'ping_success'
+                else
+                    echo 'ping_failed'
+                fi
+            else
+                echo 'binary_missing'
+            fi
+        else
+            echo 'not_configured'
+        fi
+    " 2>/dev/null </dev/null || echo "error")
+
+    if [[ "$config_check" == "ping_success" ]]; then
+        info "  ✓ Host already enrolled and agent ping successful - skipping enrollment"
+        ((skipped_count++)) || true
+        echo ""
+        continue
+    elif [[ "$config_check" == "ping_failed" ]]; then
+        warn "  ⚠ Agent configuration exists but ping failed - will re-enroll and reinstall"
+    elif [[ "$config_check" == "binary_missing" ]]; then
+        warn "  ⚠ Config exists but agent binary missing - will re-enroll and reinstall"
+    elif [[ "$config_check" == "not_configured" ]]; then
+        info "  ℹ Agent not yet configured - proceeding with enrollment"
+    else
+        warn "  ⚠ Could not check agent status - proceeding with enrollment"
+    fi
+
     # Call PatchMon auto-enrollment API
     info "  Enrolling $friendly_name in PatchMon..."
     
@@ -230,40 +264,6 @@ while IFS= read -r line; do
 
         info "  ✓ Host enrolled successfully: $api_id"
 
-        # Check if agent is already installed and working
-        info "  Checking if agent is already configured..."
-        config_check=$(timeout 10 pct exec "$vmid" -- bash -c "
-            if [[ -f /etc/patchmon/config.yml ]] && [[ -f /etc/patchmon/credentials.yml ]]; then
-                if [[ -f /usr/local/bin/patchmon-agent ]]; then
-                    # Try to ping using existing configuration
-                    if /usr/local/bin/patchmon-agent ping >/dev/null 2>&1; then
-                        echo 'ping_success'
-                    else
-                        echo 'ping_failed'
-                    fi
-                else
-                    echo 'binary_missing'
-                fi
-            else
-                echo 'not_configured'
-            fi
-        " 2>/dev/null </dev/null || echo "error")
-
-        if [[ "$config_check" == "ping_success" ]]; then
-            info "  ✓ Host already enrolled and agent ping successful - skipping"
-            ((skipped_count++)) || true
-            echo ""
-            continue
-        elif [[ "$config_check" == "ping_failed" ]]; then
-            warn "  ⚠ Agent configuration exists but ping failed - will reinstall"
-        elif [[ "$config_check" == "binary_missing" ]]; then
-            warn "  ⚠ Config exists but agent binary missing - will reinstall"
-        elif [[ "$config_check" == "not_configured" ]]; then
-            info "  ℹ Agent not yet configured - proceeding with installation"
-        else
-            warn "  ⚠ Could not check agent status - proceeding with installation"
-        fi
-
         # Ensure curl is installed in the container
         info "  Checking for curl in container..."
         curl_check=$(timeout 10 pct exec "$vmid" -- bash -c "command -v curl >/dev/null 2>&1 && echo 'installed' || echo 'missing'" 2>/dev/null </dev/null || echo "error")

backend/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "patchmon-backend",
-	"version": "1.3.4",
+	"version": "1.3.6",
 	"description": "Backend API for Linux Patch Monitoring System",
 	"license": "AGPL-3.0",
 	"main": "src/server.js",

backend/prisma/schema.prisma

@@ -1,6 +1,6 @@
 generator client {
   provider      = "prisma-client-js"
-  binaryTargets = ["native", "linux-musl-openssl-3.0.x"]
+  binaryTargets = ["native", "linux-musl-openssl-3.0.x", "linux-musl-arm64-openssl-3.0.x"]
 }
 
 datasource db {
@@ -103,6 +103,7 @@ model hosts {
   gateway_ip              String?
   hostname                String?
   kernel_version          String?
+  installed_kernel_version String?
   load_average             Json?
   network_interfaces      Json?
   ram_installed           Int?

backend/src/routes/autoEnrollmentRoutes.js

@@ -588,8 +588,11 @@ router.get("/script", async (req, res) => {
 		// Check for --force parameter
 		const force_install = req.query.force === "true" || req.query.force === "1";
 
+		// Use bash for proxmox-lxc, sh for others
+		const shebang = script_type === "proxmox-lxc" ? "#!/bin/bash" : "#!/bin/sh";
+
 		// Inject the token credentials, server URL, curl flags, and force flag into the script
-		const env_vars = `#!/bin/sh
+		const env_vars = `${shebang}
 # PatchMon Auto-Enrollment Configuration (Auto-generated)
 export PATCHMON_URL="${server_url}"
 export AUTO_ENROLLMENT_KEY="${token.token_key}"

backend/src/routes/dashboardRoutes.js

@@ -242,33 +242,48 @@ router.get("/hosts", authenticateToken, requireViewHosts, async (_req, res) => {
 			orderBy: { last_update: "desc" },
 		});
 
-		// OPTIMIZATION: Get all package counts in 2 batch queries instead of N*2 queries
+		// OPTIMIZATION: Get all package counts in 3 batch queries instead of N*3 queries
 		const hostIds = hosts.map((h) => h.id);
 
-		const [updateCounts, totalCounts] = await Promise.all([
-			// Get update counts for all hosts at once
-			prisma.host_packages.groupBy({
-				by: ["host_id"],
-				where: {
-					host_id: { in: hostIds },
-					needs_update: true,
-				},
-				_count: { id: true },
-			}),
-			// Get total counts for all hosts at once
-			prisma.host_packages.groupBy({
-				by: ["host_id"],
-				where: {
-					host_id: { in: hostIds },
-				},
-				_count: { id: true },
-			}),
-		]);
+		const [updateCounts, securityUpdateCounts, totalCounts] = await Promise.all(
+			[
+				// Get update counts for all hosts at once
+				prisma.host_packages.groupBy({
+					by: ["host_id"],
+					where: {
+						host_id: { in: hostIds },
+						needs_update: true,
+					},
+					_count: { id: true },
+				}),
+				// Get security update counts for all hosts at once
+				prisma.host_packages.groupBy({
+					by: ["host_id"],
+					where: {
+						host_id: { in: hostIds },
+						needs_update: true,
+						is_security_update: true,
+					},
+					_count: { id: true },
+				}),
+				// Get total counts for all hosts at once
+				prisma.host_packages.groupBy({
+					by: ["host_id"],
+					where: {
+						host_id: { in: hostIds },
+					},
+					_count: { id: true },
+				}),
+			],
+		);
 
 		// Create lookup maps for O(1) access
 		const updateCountMap = new Map(
 			updateCounts.map((item) => [item.host_id, item._count.id]),
 		);
+		const securityUpdateCountMap = new Map(
+			securityUpdateCounts.map((item) => [item.host_id, item._count.id]),
+		);
 		const totalCountMap = new Map(
 			totalCounts.map((item) => [item.host_id, item._count.id]),
 		);
@@ -276,6 +291,7 @@ router.get("/hosts", authenticateToken, requireViewHosts, async (_req, res) => {
 		// Process hosts with counts from maps (no more DB queries!)
 		const hostsWithUpdateInfo = hosts.map((host) => {
 			const updatesCount = updateCountMap.get(host.id) || 0;
+			const securityUpdatesCount = securityUpdateCountMap.get(host.id) || 0;
 			const totalPackagesCount = totalCountMap.get(host.id) || 0;
 
 			// Calculate effective status based on reporting interval
@@ -292,6 +308,7 @@ router.get("/hosts", authenticateToken, requireViewHosts, async (_req, res) => {
 			return {
 				...host,
 				updatesCount,
+				securityUpdatesCount,
 				totalPackagesCount,
 				isStale,
 				effectiveStatus,

backend/src/routes/hostRoutes.js

@@ -12,7 +12,6 @@ const {
 } = require("../middleware/permissions");
 const { queueManager, QUEUE_NAMES } = require("../services/automation");
 const { pushIntegrationToggle, isConnected } = require("../services/agentWs");
-const agentVersionService = require("../services/agentVersionService");
 const { compareVersions } = require("../services/automation/shared/utils");
 
 const router = express.Router();
@@ -170,111 +169,101 @@ router.get("/agent/version", async (req, res) => {
 			});
 		} else {
 			// Go agent version check
-			// Detect server architecture and map to Go architecture names
-			const os = require("node:os");
+			// Always check the server's local binary for the requested architecture
+			// The server's agents folder is the source of truth, not GitHub
 			const { exec } = require("node:child_process");
 			const { promisify } = require("node:util");
 			const execAsync = promisify(exec);
 
-			const serverArch = os.arch();
-			// Map Node.js architecture to Go architecture names
-			const archMap = {
-				x64: "amd64",
-				ia32: "386",
-				arm64: "arm64",
-				arm: "arm",
-			};
-			const serverGoArch = archMap[serverArch] || serverArch;
+			const binaryName = `patchmon-agent-linux-${architecture}`;
+			const binaryPath = path.join(__dirname, "../../../agents", binaryName);
 
-			// If requested architecture matches server architecture, execute the binary
-			if (architecture === serverGoArch) {
-				const binaryName = `patchmon-agent-linux-${architecture}`;
-				const binaryPath = path.join(__dirname, "../../../agents", binaryName);
+			if (fs.existsSync(binaryPath)) {
+				// Binary exists in server's agents folder - use its version
+				let serverVersion = null;
 
-				if (!fs.existsSync(binaryPath)) {
-					// Binary doesn't exist, fall back to GitHub
-					console.log(`Binary ${binaryName} not found, falling back to GitHub`);
-				} else {
-					// Execute the binary to get its version
+				// Try method 1: Execute binary (works for same architecture)
+				try {
+					const { stdout } = await execAsync(`${binaryPath} --help`, {
+						timeout: 10000,
+					});
+
+					// Parse version from help output (e.g., "PatchMon Agent v1.3.1")
+					const versionMatch = stdout.match(
+						/PatchMon Agent v([0-9]+\.[0-9]+\.[0-9]+)/i,
+					);
+
+					if (versionMatch) {
+						serverVersion = versionMatch[1];
+					}
+				} catch (execError) {
+					// Execution failed (likely cross-architecture) - try alternative method
+					console.warn(
+						`Failed to execute binary ${binaryName} to get version (may be cross-architecture): ${execError.message}`,
+					);
+
+					// Try method 2: Extract version using strings command (works for cross-architecture)
 					try {
-						const { stdout } = await execAsync(`${binaryPath} --help`, {
-							timeout: 10000,
-						});
+						const { stdout: stringsOutput } = await execAsync(
+							`strings "${binaryPath}" | grep -E "PatchMon Agent v[0-9]+\\.[0-9]+\\.[0-9]+" | head -1`,
+							{
+								timeout: 10000,
+							},
+						);
 
-						// Parse version from help output (e.g., "PatchMon Agent v1.3.1")
-						const versionMatch = stdout.match(
+						const versionMatch = stringsOutput.match(
 							/PatchMon Agent v([0-9]+\.[0-9]+\.[0-9]+)/i,
 						);
 
 						if (versionMatch) {
-							const serverVersion = versionMatch[1];
-							const agentVersion = req.query.currentVersion || serverVersion;
-
-							// Proper semantic version comparison: only update if server version is NEWER
-							const hasUpdate =
-								compareVersions(serverVersion, agentVersion) > 0;
-
-							return res.json({
-								currentVersion: agentVersion,
-								latestVersion: serverVersion,
-								hasUpdate: hasUpdate,
-								downloadUrl: `/api/v1/hosts/agent/download?arch=${architecture}`,
-								releaseNotes: `PatchMon Agent v${serverVersion}`,
-								minServerVersion: null,
-								architecture: architecture,
-								agentType: "go",
-							});
+							serverVersion = versionMatch[1];
+							console.log(
+								`✅ Extracted version ${serverVersion} from binary using strings command`,
+							);
 						}
-					} catch (execError) {
-						// Execution failed, fall back to GitHub
-						console.log(
-							`Failed to execute binary ${binaryName}: ${execError.message}, falling back to GitHub`,
+					} catch (stringsError) {
+						console.warn(
+							`Failed to extract version using strings command: ${stringsError.message}`,
 						);
 					}
 				}
-			}
 
-			// Fall back to GitHub if architecture doesn't match or binary execution failed
-			try {
-				const versionInfo = await agentVersionService.getVersionInfo();
-				const latestVersion = versionInfo.latestVersion;
-				const agentVersion =
-					req.query.currentVersion || latestVersion || "unknown";
+				// If we successfully got the version, return it
+				if (serverVersion) {
+					const agentVersion = req.query.currentVersion || serverVersion;
 
-				if (!latestVersion) {
-					return res.status(503).json({
-						error: "Unable to determine latest version from GitHub releases",
+					// Proper semantic version comparison: only update if server version is NEWER
+					const hasUpdate = compareVersions(serverVersion, agentVersion) > 0;
+
+					return res.json({
 						currentVersion: agentVersion,
-						latestVersion: null,
-						hasUpdate: false,
+						latestVersion: serverVersion,
+						hasUpdate: hasUpdate,
+						downloadUrl: `/api/v1/hosts/agent/download?arch=${architecture}`,
+						releaseNotes: `PatchMon Agent v${serverVersion}`,
+						minServerVersion: null,
+						architecture: architecture,
+						agentType: "go",
 					});
 				}
 
-				// Proper semantic version comparison: only update if latest version is NEWER
-				const hasUpdate =
-					latestVersion !== null &&
-					compareVersions(latestVersion, agentVersion) > 0;
-
-				res.json({
-					currentVersion: agentVersion,
-					latestVersion: latestVersion,
-					hasUpdate: hasUpdate,
-					downloadUrl: `/api/v1/hosts/agent/download?arch=${architecture}`,
-					releaseNotes: `PatchMon Agent v${latestVersion}`,
-					minServerVersion: null,
-					architecture: architecture,
-					agentType: "go",
-				});
-			} catch (serviceError) {
-				console.error(
-					"Failed to get version from agentVersionService:",
-					serviceError.message,
+				// If we couldn't get version, fall through to error response
+				console.warn(
+					`Could not determine version for binary ${binaryName} using any method`,
 				);
-				return res.status(500).json({
-					error: "Failed to get agent version from service",
-					details: serviceError.message,
-				});
 			}
+
+			// Binary doesn't exist or couldn't get version - return error
+			// Don't fall back to GitHub - the server's agents folder is the source of truth
+			const agentVersion = req.query.currentVersion || "unknown";
+			return res.status(404).json({
+				error: `Agent binary not found for architecture: ${architecture}. Please ensure the binary is in the server's agents folder.`,
+				currentVersion: agentVersion,
+				latestVersion: null,
+				hasUpdate: false,
+				architecture: architecture,
+				agentType: "go",
+			});
 		}
 	} catch (error) {
 		console.error("Version check error:", error);
@@ -517,6 +506,10 @@ router.post(
 			.optional()
 			.isString()
 			.withMessage("Kernel version must be a string"),
+		body("installedKernelVersion")
+			.optional()
+			.isString()
+			.withMessage("Installed kernel version must be a string"),
 		body("selinuxStatus")
 			.optional()
 			.isIn(["enabled", "disabled", "permissive"])
@@ -598,6 +591,8 @@ router.post(
 			// System Information
 			if (req.body.kernelVersion)
 				updateData.kernel_version = req.body.kernelVersion;
+			if (req.body.installedKernelVersion)
+				updateData.installed_kernel_version = req.body.installedKernelVersion;
 			if (req.body.selinuxStatus)
 				updateData.selinux_status = req.body.selinuxStatus;
 			if (req.body.systemUptime)

docker/backend.Dockerfile

@@ -10,8 +10,6 @@ ENV NODE_ENV=development \
 
 RUN apk add --no-cache openssl tini curl libc6-compat
 
-USER node
-
 WORKDIR /app
 
 COPY --chown=node:node package*.json ./
@@ -20,7 +18,10 @@ COPY --chown=node:node agents ./agents_backup
 COPY --chown=node:node agents ./agents
 COPY --chmod=755 docker/backend.docker-entrypoint.sh ./entrypoint.sh
 
-RUN npm install --workspace=backend --ignore-scripts && cd backend && npx prisma generate
+USER node
+
+RUN npm install --workspace=backend --ignore-scripts && cd backend && npx prisma generate && \
+    chmod -R u+w /app/node_modules/@prisma/engines 2>/dev/null || true
 
 EXPOSE 3001
 
@@ -66,8 +67,6 @@ ENV NODE_ENV=production \
 
 RUN apk add --no-cache openssl tini curl libc6-compat
 
-USER node
-
 WORKDIR /app
 
 COPY --from=builder --chown=node:node /app/backend ./backend
@@ -76,6 +75,14 @@ COPY --chown=node:node agents ./agents_backup
 COPY --chown=node:node agents ./agents
 COPY --chmod=755 docker/backend.docker-entrypoint.sh ./entrypoint.sh
 
+# Ensure Prisma engines directory is writable for rootless Docker (Prisma 6.1.0+ requirement)
+# This must be done as root before switching to node user
+# Order: chown first (sets ownership), then chmod (sets permissions)
+RUN chown -R node:node /app/node_modules/@prisma/engines && \
+    chmod -R u+w /app/node_modules/@prisma/engines
+
+USER node
+
 WORKDIR /app/backend
 
 EXPOSE 3001

frontend/env.example

@@ -6,5 +6,5 @@ VITE_API_URL=http://localhost:3001/api/v1
 
 # Application Metadata
 VITE_APP_NAME=PatchMon
-VITE_APP_VERSION=1.3.4
+VITE_APP_VERSION=1.3.6
 

frontend/package.json

@@ -1,7 +1,7 @@
 {
 	"name": "patchmon-frontend",
 	"private": true,
-	"version": "1.3.4",
+	"version": "1.3.6",
 	"license": "AGPL-3.0",
 	"type": "module",
 	"scripts": {

frontend/src/pages/HostDetail.jsx

@@ -1013,29 +1013,25 @@ const HostDetail = () => {
 												</div>
 											)}
 
-											{(host.kernel_version ||
-												host.installed_kernel_version) && (
-												<div className="flex flex-col gap-2">
-													{host.kernel_version && (
-														<div>
-															<p className="text-xs text-secondary-500 dark:text-secondary-300 mb-1">
-																Running Kernel
-															</p>
-															<p className="font-medium text-secondary-900 dark:text-white font-mono text-sm break-all">
-																{host.kernel_version}
-															</p>
-														</div>
-													)}
-													{host.installed_kernel_version && (
-														<div>
-															<p className="text-xs text-secondary-500 dark:text-secondary-300 mb-1">
-																Installed Kernel
-															</p>
-															<p className="font-medium text-secondary-900 dark:text-white font-mono text-sm break-all">
-																{host.installed_kernel_version}
-															</p>
-														</div>
-													)}
+											{host.kernel_version && (
+												<div>
+													<p className="text-xs text-secondary-500 dark:text-secondary-300">
+														Running Kernel
+													</p>
+													<p className="font-medium text-secondary-900 dark:text-white font-mono text-sm break-all">
+														{host.kernel_version}
+													</p>
+												</div>
+											)}
+
+											{host.installed_kernel_version && (
+												<div>
+													<p className="text-xs text-secondary-500 dark:text-secondary-300">
+														Installed Kernel
+													</p>
+													<p className="font-medium text-secondary-900 dark:text-white font-mono text-sm break-all">
+														{host.installed_kernel_version}
+													</p>
 												</div>
 											)}
 

frontend/src/pages/Hosts.jsx

@@ -248,7 +248,6 @@ const Hosts = () => {
 		const showFiltersParam = searchParams.get("showFilters");
 		const osFilterParam = searchParams.get("osFilter");
 		const groupParam = searchParams.get("group");
-		const rebootParam = searchParams.get("reboot");
 
 		if (filter === "needsUpdates") {
 			setShowFilters(true);
@@ -335,9 +334,15 @@ const Hosts = () => {
 			{ id: "status", label: "Status", visible: true, order: 10 },
 			{ id: "needs_reboot", label: "Reboot", visible: true, order: 11 },
 			{ id: "updates", label: "Updates", visible: true, order: 12 },
-			{ id: "notes", label: "Notes", visible: false, order: 13 },
-			{ id: "last_update", label: "Last Update", visible: true, order: 14 },
-			{ id: "actions", label: "Actions", visible: true, order: 15 },
+			{
+				id: "security_updates",
+				label: "Security Updates",
+				visible: true,
+				order: 13,
+			},
+			{ id: "notes", label: "Notes", visible: false, order: 14 },
+			{ id: "last_update", label: "Last Update", visible: true, order: 15 },
+			{ id: "actions", label: "Actions", visible: true, order: 16 },
 		];
 
 		const saved = localStorage.getItem("hosts-column-config");
@@ -644,11 +649,27 @@ const Hosts = () => {
 		);
 	};
 
-	const handleSelectAll = () => {
-		if (selectedHosts.length === hosts.length) {
-			setSelectedHosts([]);
+	const handleSelectAll = (hostsToSelect) => {
+		const hostIdsToSelect = hostsToSelect.map((host) => host.id);
+		const allSelected = hostIdsToSelect.every((id) =>
+			selectedHosts.includes(id),
+		);
+		if (allSelected) {
+			// Deselect all hosts in this group
+			setSelectedHosts((prev) =>
+				prev.filter((id) => !hostIdsToSelect.includes(id)),
+			);
 		} else {
-			setSelectedHosts(hosts.map((host) => host.id));
+			// Select all hosts in this group (merge with existing selections)
+			setSelectedHosts((prev) => {
+				const newSelection = [...prev];
+				hostIdsToSelect.forEach((id) => {
+					if (!newSelection.includes(id)) {
+						newSelection.push(id);
+					}
+				});
+				return newSelection;
+			});
 		}
 	};
 
@@ -781,6 +802,10 @@ const Hosts = () => {
 					aValue = a.updatesCount || 0;
 					bValue = b.updatesCount || 0;
 					break;
+				case "security_updates":
+					aValue = a.securityUpdatesCount || 0;
+					bValue = b.securityUpdatesCount || 0;
+					break;
 				case "needs_reboot":
 					// Sort by boolean: false (0) comes before true (1)
 					aValue = a.needs_reboot ? 1 : 0;
@@ -947,9 +972,15 @@ const Hosts = () => {
 			{ id: "status", label: "Status", visible: true, order: 10 },
 			{ id: "needs_reboot", label: "Reboot", visible: true, order: 11 },
 			{ id: "updates", label: "Updates", visible: true, order: 12 },
-			{ id: "notes", label: "Notes", visible: false, order: 13 },
-			{ id: "last_update", label: "Last Update", visible: true, order: 14 },
-			{ id: "actions", label: "Actions", visible: true, order: 15 },
+			{
+				id: "security_updates",
+				label: "Security Updates",
+				visible: true,
+				order: 13,
+			},
+			{ id: "notes", label: "Notes", visible: false, order: 14 },
+			{ id: "last_update", label: "Last Update", visible: true, order: 15 },
+			{ id: "actions", label: "Actions", visible: true, order: 16 },
 		];
 		updateColumnConfig(defaultConfig);
 	};
@@ -1135,6 +1166,19 @@ const Hosts = () => {
 						{host.updatesCount || 0}
 					</button>
 				);
+			case "security_updates":
+				return (
+					<button
+						type="button"
+						onClick={() =>
+							navigate(`/packages?host=${host.id}&filter=security-updates`)
+						}
+						className="text-sm text-red-600 hover:text-red-900 dark:text-red-400 dark:hover:text-red-300 font-medium hover:underline"
+						title="View security updates for this host"
+					>
+						{host.securityUpdatesCount || 0}
+					</button>
+				);
 			case "last_update":
 				return (
 					<div className="text-sm text-secondary-500 dark:text-secondary-300">
@@ -1190,7 +1234,7 @@ const Hosts = () => {
 		navigate("/hosts", { replace: true });
 	};
 
-	const handleUpToDateClick = () => {
+	const _handleUpToDateClick = () => {
 		// Filter to show only up-to-date hosts
 		setStatusFilter("active");
 		setShowFilters(true);
@@ -1627,11 +1671,14 @@ const Hosts = () => {
 																		{column.id === "select" ? (
 																			<button
 																				type="button"
-																				onClick={handleSelectAll}
+																				onClick={() =>
+																					handleSelectAll(groupHosts)
+																				}
 																				className="flex items-center gap-2 hover:text-secondary-700"
 																			>
-																				{selectedHosts.length ===
-																				groupHosts.length ? (
+																				{groupHosts.every((host) =>
+																					selectedHosts.includes(host.id),
+																				) ? (
 																					<CheckSquare className="h-4 w-4" />
 																				) : (
 																					<Square className="h-4 w-4" />
@@ -1731,6 +1778,17 @@ const Hosts = () => {
 																				{column.label}
 																				{getSortIcon("updates")}
 																			</button>
+																		) : column.id === "security_updates" ? (
+																			<button
+																				type="button"
+																				onClick={() =>
+																					handleSort("security_updates")
+																				}
+																				className="flex items-center gap-2 hover:text-secondary-700"
+																			>
+																				{column.label}
+																				{getSortIcon("security_updates")}
+																			</button>
 																		) : column.id === "needs_reboot" ? (
 																			<button
 																				type="button"

frontend/src/pages/settings/Integrations.jsx

@@ -1586,7 +1586,7 @@ const Integrations = () => {
 										<div className="flex items-center gap-2">
 											<input
 												type="text"
-												value={`curl ${curl_flags} "${getEnrollmentUrl()}" | sh`}
+												value={`curl ${curl_flags} "${getEnrollmentUrl()}" | ${selected_script_type === "proxmox-lxc" ? "bash" : "sh"}`}
 												readOnly
 												className="flex-1 px-3 py-2 border border-secondary-300 dark:border-secondary-600 rounded-md bg-secondary-50 dark:bg-secondary-900 text-secondary-900 dark:text-white font-mono text-xs"
 											/>
@@ -1594,7 +1594,7 @@ const Integrations = () => {
 												type="button"
 												onClick={() =>
 													copy_to_clipboard(
-														`curl ${curl_flags} "${getEnrollmentUrl()}" | sh`,
+														`curl ${curl_flags} "${getEnrollmentUrl()}" | ${selected_script_type === "proxmox-lxc" ? "bash" : "sh"}`,
 														"enrollment-command",
 													)
 												}

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "patchmon",
-	"version": "1.3.4",
+	"version": "1.3.6",
 	"description": "Linux Patch Monitoring System",
 	"license": "AGPL-3.0",
 	"private": true,