Pterodactyl v1.12.0 key changes in the Panel and Wings 1.12.0
Pterodactyl v1.12.0 is now available alongside Wings 1.12.0, and this release actually matters: security patches (CVEs) plus fixes that hit day-to-day operations (scheduled tasks, WebSocket behavior, uploads, and API details).
If you run game server hosting or maintain production nodes with Wings, this is a “do it soon” update for stability and security.
What’s included in Pterodactyl v1.12.0 (Panel)
Included security patches
In the official changelog, Panel v1.12.0 lists these as fixed:
CVE-2025-68954
CVE-2025-69197
CVE-2025-69198
Practically speaking, this means less attack surface and fewer “surprises” around accounts, permissions, and sensitive flows.
Security tip: even if “nothing has happened,” if your Pterodactyl is internet-facing, staying behind is basically proposing to risk.
Production fixes you’ll actually notice
These are gold for support and ops:
Scheduled tasks (cron) fixed: a bug was fixed where scheduled tasks would run every minute even if your cron syntax said otherwise. That can spike usage and cause weird server behavior.
More stable WebSocket behavior: it no longer gets stuck in endless polling when connection issues happen, or when Wings disconnects the user for a reason that shouldn’t be retried.
Uploads: fixes errors when uploading 0-byte files and removes the hard 1024 MB per-node limit (any positive integer can be used now).
File editor:
Ctrl+Zno longer deletes the initial file content (yeah, that was a jumpscare).Node API/data: fixes the node description not being settable via API and other UI/default-value edge cases.
Changes that affect integrations
If you have scripts, bots, WHMCS modules, or Client API integrations:
2FA disable endpoint changed: from
DELETE /api/client/account/two-factortoPOST /api/client/account/two-factor/disable.Frontend build: minimum Node.js version for building is now 22. If you build assets yourself, this will hit you.
What’s included in Wings 1.12.0
Included security patches
Wings 1.12.0 also lists fixes for:
CVE-2025-68954
CVE-2025-69199
CVE-2026-21696
Ops fixes you’ll appreciate
Directory listing order: folders are now returned before files correctly.
Termination signals: improved handling of container termination signals (fewer “ugly” shutdowns).
Base2 memory calculations: memory limits are calculated using base2 (1024 / GiB style), reducing “why am I missing RAM?” mismatches.
Disk usage: hard-links are no longer counted multiple times (more accurate disk usage).
Labels to environment: fixes user-defined labels not being passed to the environment.
New capabilities
Relative paths in config: supports relative paths for the Wings config (useful for automated setups or non-standard paths).
Mountable generated
/etc/passwd: adds support for mounting a generated/etc/passwdinto containers (better compatibility with certain images/eggs and permissions).
Why this release matters if you sell hosting or run nodes
Because two things are mixed here—both of which break businesses when they go wrong:
Real security (CVE fixes in Panel and Wings).
Operational stability (scheduled tasks misfiring, WebSocket acting like a clingy ex, upload limits, and more consistent calculations).
This kind of release reduces tickets like “it restarts,” “uploads don’t work,” “the schedule runs 60 times,” “my panel keeps loading,” etc.
How to update to Pterodactyl v1.12.0 and Wings 1.12.0 smoothly
Before touching anything:
Make real backups: DB +
/var/www/pterodactyl+ webserver config + Wings config.If you can, test in staging first (even a quick clone).
Update the Panel to v1.12.0 (manual)
Note: “self-upgrade” may not be available, so the reliable path is manual.
Enable maintenance mode:
cd /var/www/pterodactyl
php artisan downDownload and extract the release:
curl -L https://github.com/pterodactyl/panel/releases/latest/download/panel.tar.gz | tar -xzvPermissions and dependencies:
chmod -R 755 storage/* bootstrap/cache
composer install --no-dev --optimize-autoloader
Clear caches and run migrations:
php artisan view:clear
php artisan config:clear
php artisan migrate --seed --forceFix ownership, restart queue, and exit maintenance:
chown -R www-data:www-data /var/www/pterodactyl/*
php artisan queue:restart
php artisan upUpdate Wings to 1.12.0
systemctl stop wings
curl -L -o /usr/local/bin/wings "https://github.com/pterodactyl/wings/releases/latest/download/wings_linux_$([[ "$(uname -m)" == "x86_64" ]] && echo "amd64" || echo "arm64")"
chmod u+x /usr/local/bin/wings
systemctl restart wingsPost-update checklist
Confirm your scheduled tasks follow their cron and no longer run every minute.
Check WebSocket behavior (server console, stable connections).
If you have 2FA integrations, update to the new endpoint.
If you build assets, make sure you’re on Node.js 22.
Conclusion
Pterodactyl v1.12.0 and Wings 1.12.0 are a security + stability update worth doing ASAP: CVE fixes, annoying production bugs resolved (cron and WebSocket), and improvements that make day-to-day operations smoother.
