FIX: Malicious package database may fail to update
Created:
2/9/2026 1:40:19 PM by Rich H
Status:
Awaiting Release on 2/12/2026 9:33:13 AM
Last pulled:
2/12/2026 9:47:21 AM
Description:
If you manually create the folder (C:\ProgramData\ProGet\LocalStorage\), it will allow the malicious packages database to updated. This slipped through our testing because if you have a feed with an indexed connector (debian, rpm, alpine, etc...), that directory will have already been created. Without that directory, only the malicious packages database that ships with ProGet will be used.