Skip to content

Releases: fleetdm/fleet

fleet-v4.58.0

17 Oct 23:09
e98f86d
Compare
Choose a tag to compare

Fleet 4.58.0 (Oct 17, 2024)

Endpoint Operations:

  • Added builtin label for Fedora Linux. Warning: Migrations will fail if a pre-existing 'Fedora Linux' label exists. To resolve, delete the existing 'Fedora Linux' label.
  • Added ability to trigger script run on policy failure.
  • Updated GitOps script and software installer relative paths to now always relative to the file they're in. This change breaks existing YAML files that had to account for previous inconsistent behavior (e.g. script paths declared in no-team.yml being relative to default.yaml one directory up).
  • Improved performance for host details and Fleet Desktop, particularly in environments using high volumes of live queries.
  • Updated activity cleanup job to remove all expired live queries to improve API performance in environment using large volumes of live queries. To note, the cleanup cron may take longer on the first run after upgrade.
  • Added an event for when a policy automation triggers a script run in the activity feed.
  • Added battery status to Windows host details.

Device Management (MDM):

  • Added the POST /software/fleet_maintained_apps endpoint for adding Fleet-maintained apps.
  • Added the GET /software/fleet_maintained_apps/{app_id} endpoint to retrieve details of a Fleet-maintained app.
  • Added API endpoint to list team available Fleet-maintained apps.
  • Added UI for managing Fleet-maintained apps.
  • Updated add software modal to be seperate pages in Fleet UI.
  • Added support for uploading RPM packages.
  • Updated the request timeouts for software installer edits to be the same as initial software installer uploads.
  • Updated UI for software uploads to include upload progress bar.
  • Improved performance of SQL queries used to determine MDM profile status for Apple hosts.

Vulnerability Management:

  • Fixed MSRC feed pulls (for NVD release builds) in environments where GitHub access is authenticated.

Bug fixes and improvements:

  • Added the 'Unsupported screen size' UI on the My device page.
  • Removed redundant built in label filter pills.
  • Updated success messages for lock, unlock, and wipe commands in the UI.
  • Restricted width of policy description wrappers for better UI.
  • Updated host details about section to condense information into fewer columns at smaller widths.
  • Hid CVSS severity column from Fleet Free software details > vulnerabilities sections.
  • Updated UI to remove leading/trailing whitespace when creating or editing team or query names.
  • Added UI improvements when selecting live query targets (e.g. styling, closing behavior).
  • Updated API to return 409 instead of 500 when trying to delete an installer associated with a policy automation.
  • Updated battery health definitions to be defined as cycle counts greater than 1000 or max capacity falling under 80% of designed capacity for macOS and Windows.
  • Added information on how battery health is defined to the UI.
  • Updated UI to surface duplicate label name error to user.
  • Fixed software uninstaller script for pkgs to only remove '.app' directories installed by the package.
  • Fixed "no rows" error when adding a software installer that matches an existing title's name and source but not its bundle ID.
  • Fixed an issue with the migration adding support for multiple VPP tokens that would happen if a token is removed prior to upgrading Fleet.
  • Fixed UI flow for observers to easily query hosts from the host details page.
  • Fixed bug with label display names always sentence casing.
  • Fixed a bug where a profile wouldn't be removed from a host if it was deleted or if the host was moved to another team before the profile was installed on the host.
  • Fixed a bug where removing a VPP or ABM token from a GitOps YAML file would leave the team assignments unchanged.
  • Fixed host software filter bug that resets dropdown filter on table changes (pagination, order by column, etc).
  • Fixed UI bug: Edit team name closes modal.
  • Fixed UI so that switching vulnerability search types does not cause page re-render.
  • Fixed UI policy automation truncation when selecting software to auto-install.
  • Fixed UI design bug where software package file name was not displayed as expected.
  • Fixed a small UI bug where a button overlapped some copy.
  • Fixed software icon for chrome packages.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.34.0
  2. fleet-desktop-v1.34.0 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

b64c43029e3751d738b8b9402b450aca3d79021cfc3008dc5beecfe7d04f40a5  fleet_v4.58.0_linux.tar.gz
93552ff29f5e65939c12ad6536d8b958a486635dd1134da5e230b3a133d8759d  fleetctl_v4.58.0_linux.tar.gz
13876db49b09463c70bd9b5a994e40047df5d077d5f1f35ed7cf9d6df7c84072  fleetctl_v4.58.0_linux.zip
ea4c58d760f9579b99bb9b9b35aae9e3d66dc3616aa330a7ddb74e1b6b58e8c1  fleetctl_v4.58.0_macos.tar.gz
c7c8bd5a7120bdf065dc3a19b5d73e068f448dfb0eabf1e000b4896433b21125  fleetctl_v4.58.0_macos.zip
9b0239a4f5147a34157cbd299038da0c7643460f319806909998f9804839d889  fleetctl_v4.58.0_windows.tar.gz
5267fd7905b51a88d9f8f2ad00dfcfb46cb2debdf35bc79bf235658f06640793  fleetctl_v4.58.0_windows.zip

fleet-v4.57.3

11 Oct 16:56
289a508
Compare
Choose a tag to compare

Bug fix

  • Fixed Orbit configuration endpoint returning 500 for Macs running Rapid Security Response macOS releases that are enrolled in OS major version enforcement.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

79db83177cc02b9a50c375622554f74b0c60a0fc2ad812a38eb305001348118e  fleet_v4.57.3_linux.tar.gz
d47184baff8c1de6f19fd285c276485e9a6c736fdb4bcd42e5770ce014844f6d  fleetctl_v4.57.3_linux.tar.gz
55dd22652ec98a5f54782d35e34e335e784382abdd0e5656c19b52269a319547  fleetctl_v4.57.3_linux.zip
50d8e366a99710a5636dc865d44f074d41b9555fc54dbb390c888d2ce16cf8c7  fleetctl_v4.57.3_macos.tar.gz
10edafb7a9002b3ae08e32f047820a9e5688b1f43e7af6582bbe7818ab8c769b  fleetctl_v4.57.3_macos.zip
29435a2389541a4ae7c16394bdc074845b555ef8d896a02339670dfdab7317c4  fleetctl_v4.57.3_windows.tar.gz
297175700f2607bc78afbddd1d43017d49488672f2de7e5d194d357531d31986  fleetctl_v4.57.3_windows.zip

fleet-v4.57.2

04 Oct 02:46
284b9dd
Compare
Choose a tag to compare

Bug fixes

  • Fixed software uninstaller script for pkgs to only remove '.app' directories installed by the package.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4f9678462840fdd46693a9b87cd4d024e4c0291841db61a646ccc33a032d2217  fleet_v4.57.2_linux.tar.gz
bc2f66959cdf256636cb7c0579c6dfd93318a72e154c6bb6d0d8921e1fd57236  fleetctl_v4.57.2_linux.tar.gz
2dd2f42a277ae496d552096211dce07a21fe95458da30e352fb0141f4308b86b  fleetctl_v4.57.2_linux.zip
e3fb6a535d708ee119b57ef58dd48879f26a3e704221db2ee2c942f4186049a1  fleetctl_v4.57.2_macos.tar.gz
593424c998c32dcda57e358661caa3a28ccf6c51bdac984a86a5fdb31c9041f8  fleetctl_v4.57.2_macos.zip
6d2a143622987064bf54ac614f18f400a8f44294155e11398676e6fb99624d66  fleetctl_v4.57.2_windows.tar.gz
965703982904c75140a135073afdfabc2392a002b14806e42d27ba1812d3edb4  fleetctl_v4.57.2_windows.zip

fleet-v4.57.1

01 Oct 14:03
Compare
Choose a tag to compare

Note: 4.57.1 contains two critical bugs

Two critical bugs have been identified in 4.57.1:

  1. Fleet uninstall script removes other apps from the host
  2. Software Package installs for Windows .exe and .msi installers stuck in Pending state

We are currently developing fixes for both and will issue 4.57.2 as soon as possible.

Bug fixes

  • Improved performance of SQL queries used to determine MDM profile status for Apple hosts.
  • Ensured request timeouts for software installer edits were just as high as for initial software installer uploads.
  • Fixed an issue with the migration that added support for multiple VPP tokens, which would happen if a token was removed prior to upgrading Fleet.
  • Fixed a "no rows" error when adding a software installer that matched an existing title's name and source but not its bundle ID.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

56e09992faa0f1b67c2bfe61760954a25a78fce60d8595de48686ed2913aa6ea  fleet_v4.57.1_linux.tar.gz
2a6a92bc80fe841e880ca750f6a66c6c909ebeb2e3c6ab57d7c28c057f379d16  fleetctl_v4.57.1_linux.tar.gz
86937bd7113c96b814be3ecb9c0cdafec20ebfbef6080a95f234c379a714636c  fleetctl_v4.57.1_linux.zip
2c2b3e51d0d87a7ff0d9b0dfffd2e528b16ab4a55ffa2aa7c03af8d476bc1299  fleetctl_v4.57.1_macos.tar.gz
2344a72117b71aa2419460805f04dd0f904e3e53fc4d2e06b06be28065db9144  fleetctl_v4.57.1_macos.zip
4c136e10c1d4b3dc7fedf7928392e45633defb09e6aa4906d906e0ddd101619e  fleetctl_v4.57.1_windows.tar.gz
e09ea5bef0d53cc95eced508e3ecb0a12d8def4b64260bea21924c91a2912474  fleetctl_v4.57.1_windows.zip

fleet-v4.57.0

23 Sep 23:45
d595881
Compare
Choose a tag to compare

Note: 4.57.0 contains two critical bugs

Two critical bugs have been identified in 4.57.0:

  1. Fleet uninstall script removes other apps from the host
  2. Software Package installs for Windows .exe and .msi installers stuck in Pending state

We are currently developing fixes for both and will issue 4.57.2 as soon as possible.

Fleet 4.57.0 (Sep 23, 2024)

Endpoint Operations

  • Added support for configuring policy installers via GitOps.
  • Added support for policies in "No team" that run on hosts that belong to "No team".
  • Added reserved team names: "All teams" and "No team".
  • Added support the software status filter for 'No teams' on the hosts page.
  • Enable 'No teams' funcitonality for the policies page and associated workflows.
  • Added reset install counts and cancel pending installs/uninstalls when GitOps installer updates change package contents.
  • Added support for software installer packages, self-service flag, scripts, pre-install query, and self-service availability to be edited in-place rather than deleted and re-added.

Device Management (MDM)

  • Added feature allowing automatic installation of software on hosts that fail policies.
  • Added feature for end users to enroll BYOD devices into Fleet MDM.
  • Added the ability to use Fleet to uninstall packages from hosts.
  • Added an endpoint for getting an OTA MDM profile for enrolling iOS and iPadOS hosts.
  • Added protocol support for OTA enrollment and automatic team assignment for hosts.
  • Added validation of Setup Assistant profiles on profile upload.
  • Added validation to prevent installing software on a host with a pending installation.
  • Allowed custom SCEP CA certificates with any kind of extendedKeyUsage attributes.
  • Modified POST /api/latest/fleet/software/batch endpoint to be asynchronous and added a new endpoint GET /api/latest/fleet/software/batch/{request_uuid} to retrieve the result of the batch upload.

Vulnerability Management

  • Fixed a false negative vulnerability for git.
  • Fixed false positive vulnerabilities for minio.
  • Fixed an issue where virtual box for macOS wasn't matching against the NVD product name.
  • Fixed Ubuntu python package false positive vulnerabilities by removing duplicate entries for ubuntu python packages installed by dpkg and renaming remaining pip installed packages to match OVAL definitions.

Bug fixes and improvements

  • Updated Go to go1.23.1.
  • Removed validation of APNS certificate from server startup.
  • Removed invalid node keys from server logs.
  • Improved the UX of turning off MDM on an offline host.
  • Improved clarity of GitOps VPP app ID type errors.
  • Improved gitops error message about enabling windows MDM.
  • Improved messaging for VPP token constraint errors.
  • Improved loading state for UI tables when no data is present yet.
  • Improved permissions so that hosts can no longer access installers that aren't directly assigned to them.
  • Improved verification of premium license before uploading VPP tokens.
  • Added "0 items" description on empty software tables for UI consistency.
  • Updated the macos target minimum version tooltip.
  • Fixed logic to properly catch and log APNs errors.
  • Fixed UI overflow issues with OS settings table data.
  • Fixed regression for checking email used to get a signed CSR.
  • Fixed bugs on enrollment profiles when the organization name contains invalid XML characters.
  • Fixed an issue with cron profiles delivery failing if a Windows VM is enrolled twice.
  • Fixed issue where Fleet server could start when an expired ABM certificate was provided as server config.
  • Fixed self-service checkbox appearing when iOS or iPadOS app is selected.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.33.0
  2. fleet-desktop-v1.33.0 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

5add72a4f9ebfcf7d3adbb20b37bac886c920aa055b0fbbfe4f84dccf6047cbc  fleet_v4.57.0_linux.tar.gz
42f207bf0a39df2d50e2adcf33760fdf504f9924790df2d02a4ccdb928fe31d2  fleetctl_v4.57.0_linux.tar.gz
1fbbc2618817200af95533d1682ba5c522346e49f162456ad3efc4b3fff7c3c2  fleetctl_v4.57.0_linux.zip
83afac7d2dbd4a7707e7268fa893dbdc15ae1b8dfce280720760af27d20b0063  fleetctl_v4.57.0_macos.tar.gz
688837872c0aad1a2c48d89a600b38a40f89bdb550b25d4f9f265d3a95468539  fleetctl_v4.57.0_macos.zip
588ee392e35e4e4e74606977bae8413cde82f248cb23bf053747cb3ab947d4dc  fleetctl_v4.57.0_windows.tar.gz
255e79e4b352b24d865e82a01f982b3d0ae72615b411649a20fb9780828ec87c  fleetctl_v4.57.0_windows.zip

fleet-v4.56.0

07 Sep 18:57
0111d0f
Compare
Choose a tag to compare

Fleet 4.56.0 (Sep 7, 2024)

Endpoint operations

  • Added index to query_results DB table to speed up finding last query timestamp for a given query and host.
  • Added a link in the UI to the error message when a CSR can't be downloaded due to missing private key.
  • Added a disabled overlay to the Other Workflows modal on the policy page.
  • Improved performance of live queries to accommodate for higher volumes when utilizing zero-trust workflows.
  • Improved fleetctl gitops error message when trying to change team name to a team that already exists.

Device management

  • Added server support for multiple VPP tokens.
  • Added new endpoints and updated existing endpoints for managing multiple Apple Business Manager tokens.
  • Added support for S3 to store MDM bootstrap packages (uses the same bucket configuration as for software installers).
  • Added support to UI for self service VPP software.
  • Added backend and gitops support for self service VPP.
  • Added ability for MDM migrations if the host is manually enrolled to a 3rd party MDM.
  • Added an offline screen to the macOS MDM migration flow.
  • Added new ABM page to Fleet UI.
  • Added new VPP page to the fleet UI
  • Added support to track the Apple Business Manager "terms expired" API error per token, as well as a global flag that gets set as soon as one token has its terms expired.
  • Updated the instructions on "My device" for MDM migrations on pre-Sonoma macOS hosts.
  • Updated to allow multiple teams to be assigned to the same VPP Token.
  • Updated process so that deleting installed software or VPP app now makes it available for re-installation.
  • Updated to enforce minimum OS version settings during Apple Automated Device Enrollment (ADE).
  • Updated ABM ingestion so that deleted iOS/iPadOS host will continue to report to Fleet as long as host is in Apple Business Manager (ABM).
  • Updated so that refetching an offline iOS/iPadOS host will not add new MDM commands to the queue if previous refetch has not completed yet.
  • Updated UI so that downloading a software installer package now shows the browser's built-in progress bar.
  • Updated relevant documentation to include references to multiple ABM and VPP tokens.
  • Consolidated Automatic Enrollment and VPP settings under the MDM settings integration page.
  • Cleared apps associated with a VPP token if it's moved off of a team.

Vulnerability management

  • Added ALAS bulletins as vulnerability source for Amazon Linux (instead of OVAL for Amazon Linux 2, and adds support for Amazon Linux 1, 2022, and 2023).
  • Added matching rules for July and August Microsoft 365 security updates (https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates).
  • Added the following filters to /software/titles and /software/versions API endpoints: exploit: bool, min_cvss_score: float, max_cvss_score: float.
  • Updated software titles/versions tables to allow for filtering by vulnerabilities including severity and known exploit.
  • Updated to use empty CVE description when the NVD CVE feed doesn't include description entries (instead of panicking).
  • Updated matching software that is not installed by Fleet so that it shows up as 'Available for install' on host details page.
  • Updated base images of fleetdm/fleetctl, fleetdm/bomutils and fleetdm/wix to fix critical vulnerabilities found by Trivy.
  • Updated vulnerability scanning to use macos SW target for CPEs of homebrew packages.
  • Updated vulnerability scanning to not ignore software with non-ASCII en dash and em dash characters.
  • Updated GET /api/v1/fleet/vulnerabilities/{cve} endpoint to add validation of CVE format, and a 204 response. The 204 response indicates that the vulnerability is known to Fleet but not present on any hosts.
  • Updated the UI to add new empty states for searching vulnerabilities: invalid CVE format searched, a known CVE serached but not present on hosts, not a known CVE searched, exploited vulnerability empty state, operating systems empty state, new icons.

Bug fixes and improvements

  • Added support for MySQL 8.4.2 LTS.
  • Updated Go to go1.22.6.
  • Updated Fleet server to now accept arguments via stdin. This is useful for passing secrets that you don't want to expose as env vars, in the command line, or in the config file.
  • Updated text for "Turn on MDM" banners in UI.
  • Updated ABM host tooltip copy on the manage host page to clarify when host vitals will be available to view.
  • Updated copy on auotmatic enrollment modal on my device page.
  • Updated host details activities tooltip and empty state copy to reflect recently added capabilities.
  • Updated Fleet Free so users see a Premium feature message when clicking to add software.
  • Updated usage reporting to report statistics on new AI features, maintenance window, and fleetd.
  • Fixed bug where configuration profile was still showing the old label name after the name was updated.
  • Fixed a bug when a cached prepared statement gets deleted in the MySQL server itself without Fleet knowing.
  • Fixed a bug where the wrong API path was used to download a software installer.
  • Fixed the failing_host_count so it is never 0. This count is normally updated once an hour during cleanups_then_aggregation cron job.
  • Fixed CVE-2024-4030 in Vulncheck feed incorrectly targeting non-Windows hosts.
  • Fixed a bug where the "Self-service" filter for the list of software and the list of host's software did not take App Store apps into account.
  • Fixed a bug where the "My device" page in Fleet Desktop did not show the self-service software tab when App Store apps were available as self-install.
  • Fixed a bug where a software installer (a package or a VPP app) that has been installed on a host still shows up as "Available for install" and can still be requested to be installed after the host is transferred to a different team without that installer (or after the installer is deleted).
  • Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.
  • Fixed UI popup messages bleeding off viewport in some cases.
  • Fixed an issue with the scheduling of cron jobs at startup if the job has never run, which caused it to be delayed.
  • Fixed UI to display the label names in case-insensitive alphabetical order.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.32.0
  2. fleet-desktop-v1.32.0 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

71643aa0cf144ed97cec20b85fe34b221659ec84200c126dacb5f0e60d8f8966  fleet_v4.56.0_linux.tar.gz
25bbbc05dc731d9aa2a3644f288dfa92286e66ebb611569f7a8c6b36dc7831e1  fleetctl_v4.56.0_linux.tar.gz
00cca9c8f05278aa6d8bdcec68fddebeefbd7a4f3555d77abef93e194f9fef9c  fleetctl_v4.56.0_linux.zip
c22e235acf96354bce2b164c468c7648755803a6df30e180be957a0bc133d26b  fleetctl_v4.56.0_macos.tar.gz
a106ba43047ff3b31f4dc1db54a9695430f3932b00668d4f5439eac66daf0ec2  fleetctl_v4.56.0_macos.zip
bc350b275520f5b09e6b80fc523846316e3c2d5f88fe0f603076799050651631  fleetctl_v4.56.0_windows.tar.gz
de776ea3c0a896c85d229e39fca13ce51c48b8c5ba10eb46eaed055afbf61a0a  fleetctl_v4.56.0_windows.zip

fleet-v4.55.2

05 Sep 21:26
07c520e
Compare
Choose a tag to compare

Bug fixes

  • Removed validation of APNS certificate from server startup. This was no longer necessary because we now allow for APNS certificates to be renewed in the UI.
  • Fixed logic to properly catch and log APNs errors.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

9e1dc63d1a5d106852205a7a4df992d219e56416bc7aa91866e3c5e7ac08a3bd  fleet_v4.55.2_linux.tar.gz
4f0c77ad9633856b2655aa8597f9d584180699b4cd01bca1a237504cc1707787  fleetctl_v4.55.2_linux.tar.gz
78416839860ee2a8177c5e0177428ba5e99d59b09ca4629740959dffbf0ad410  fleetctl_v4.55.2_linux.zip
8a1a954e94082da50ebc7f123499da5998064562b3203a80aeb20fdeb47d2b41  fleetctl_v4.55.2_macos.tar.gz
a4c9d1aa097c6fee9a6d84511e56ee1bb36421e67f8757b8bf275626b1b7d3ba  fleetctl_v4.55.2_macos.zip
930ee32691c3e5f433b58b6468102f185a04af6b9af191e15cc53473b69b7a6c  fleetctl_v4.55.2_windows.tar.gz
7a2154e82a287f32e103f323ecca73ffbcae3c7ec640c29f09607f86ababfeb4  fleetctl_v4.55.2_windows.zip

fleet-v4.54.2

05 Sep 04:29
Compare
Choose a tag to compare

Bug fixes

  • Removed validation of APNS certificate from server startup. This was no longer necessary because we now allow for APNS certificates to be renewed in the UI.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

963a503afebd2daf0352fd8c3d89718db0e093635602e7251ad644e69f0e7239  fleet_v4.54.2_linux.tar.gz
5c32e47c6be27df4a657a76ae7ee24412855d0b847c73516746ea37e02e7e45a  fleetctl_v4.54.2_linux.tar.gz
1e7faae0e28dce21528325c1fccb8370f507b5d196672cbbf97b83dabb33ad17  fleetctl_v4.54.2_linux.zip
492c6ee000ec272c4715c645e0f71c48440497e111d043f162142efcfe2c6891  fleetctl_v4.54.2_macos.tar.gz
3548f2763d54e11078c352ff0412f3a3413f306d7d744dd0e11c3eaf56b72401  fleetctl_v4.54.2_macos.zip
24f69cc9cbe9e124e5c51c8dec6305651f09a66bbd64d5005fc001b90ce299bf  fleetctl_v4.54.2_windows.tar.gz
a5163e187083ac9a29ab5b49f5d22b11e0a2e2b2c8baee940834ed5bbff517b7  fleetctl_v4.54.2_windows.zip

fleet-v4.55.1

15 Aug 16:59
0ce6610
Compare
Choose a tag to compare

Bug fixes

  • Added a disabled overlay to the Other Workflows modal on the policy page.
  • Updated text for "Turn on MDM" banners in UI.
  • Fixed a bug when a cached prepared statement got deleted in the MySQL server itself without Fleet knowing.
  • Continued with an empty CVE description when the NVD CVE feed didn't include description entries (instead of panicking).
  • Scheduled maintenance events are now scheduled over calendar events marked "Free" (not busy) in Google Calendar.
  • Fixed a bug where the wrong API path was used to download a software installer.
  • Improved fleetctl gitops error message when trying to change team name to a team that already exists.
  • Updated ABM (Apple Business Manager) host tooltip copy on the manage host page to clarify when host vitals will be available to view.
  • Added index to query_results DB table to speed up finding the last query timestamp for a given query and host.
  • Displayed the label names in case-insensitive alphabetical order in the fleet UI.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

795635a27e282752eab821f860f0b6dcd25705076779a1044b1c41d83cc106df  fleet_v4.55.1_linux.tar.gz
523fec46f239b69700645ecc0bb51e74afc87bb3e0f8cb141560e5a014d55b10  fleetctl_v4.55.1_linux.tar.gz
e14d3e0c110ad9575aed7a66c39acc5790c1ff0e1892f715fad1714fc5d71401  fleetctl_v4.55.1_linux.zip
4e976c19f1c000e4c1f0777bb61f9c889ebca0b0d9618edb965a2d0c5309a26e  fleetctl_v4.55.1_macos.tar.gz
4568d927c739e0edadb56565b87288595e63c327f06f1e87c1dde10e7bd004d9  fleetctl_v4.55.1_macos.zip
3e61eb6a7e3847b06ffc2c7969d631bcfe8af176c1fe578e52dacaed000b38ff  fleetctl_v4.55.1_windows.tar.gz
c62cc32c58d844362bb41626700531baa3702ce22b400465beae34bfb4854e08  fleetctl_v4.55.1_windows.zip

fleet-v4.55.0

09 Aug 18:48
11aaa4f
Compare
Choose a tag to compare

Fleet 4.55.0 (Aug 9, 2024)

NOTE: Beginning with v4.55.0, Fleet no longer supports MySQL 5.7 because it has reached end of life. The minimum version supported is MySQL 8.0.36.

NOTE: Changes to software field in GitOps:

  • software field is optional for TEAMs in 4.54.1 and lower
  • software field should NOT be added to NO-TEAM before 4.55.0
  • software field is mandatory for NO-TEAM and TEAMs in 4.55.0 and up

Endpoint operations

  • Added support for generating fleetd packages for Linux ARM64.
  • Added new fleetctl package --arch flag.
  • Updated fleetctl package command to remove the --version flag. The version of the package can be controlled by --orbit-channel flag.
  • Updated maintenance window descriptions to update regularly to match the failing policy description/resolution.
  • Updated maintenance windows using Google Calendar so that calendar events are now recreated within 30 seconds if deleted or moved to the past.
    • Fleet server watches for potential changes for up to 1 week after original event time. If event is moved forward more than 1 week, then after 1 week Fleet server will check for event changes once every 30 minutes.
    • NOTE: These near real-time updates may add additional load to the Google Calendar API, so it is recommended to use API usage alerts or other monitoring methods.

Device management

  • Integrated Escrow Buddy to add enforcement of FileVault during the MacOS Setup Assistant process for hosts that are
    enrolled into teams (or no team) with disk encryption turned on. Thank you homebysix and team!
  • Updated fleetd to use Escrow Buddy to rotate FileVault keys. Removed or modified internal API endpoints documented in the API for contributors.
  • Added OS updates support to iOS/iPadOS devices.
  • Added iOS and iPadOS device details refetch triggered with the existing POST /api/latest/fleet/hosts/:id/refetch endpoint.
  • Added iOS and iPadOS user-installed apps to Fleet.
  • Added iOS and iPadOS apps to be installed using Apple's VPP (Volume Purchase Program) to Fleet.
  • Added support for VPP to GitOps.
  • Added the POST /mdm/apple/vpp_token, DELETE /mdm/apple/vpp_token and GET /vpp endpoints and related functionality.
  • Added new GET /software/app_store_apps and POST /software/app_store_apps endpoints and associated functionality.
  • Added the associated VPP apps to the GET /software/titles and GET /software/titles/:id endpoints.
  • Added the associated VPP apps to the GET /hosts/:id/software and GET /device/:token/software endpoints.
  • Added support to delete a VPP app from a team in DELETE /software/titles/:software_title_id/available_for_install.
  • Added exclude_software query parameter to "Get host by identifier" API.
  • Added ability to add/remove/disable apps with VPP in the Fleet UI.
  • Added a warning banner to the UI if the uploaded VPP token is about to expire/has expired.
  • Added UI updates for VPP feature on host software and my device pages.
  • Added global activity support for VPP-related activities.
  • Added UI features for managing VPP apps for iPadOS and iOS hosts.
  • Updated profile activities to include iOS and iPadOS.
  • Updated Fleet UI to show OS version compliance on host details page.
  • Added support for "No teams" on all software pages including adding software installers.
  • Added DB migration to support VPP software features.
  • Added DB migration to migrate older team configurations to the new version that includes both installers and App Store apps.
  • Linux lock/unlock scripts now make use of pam_nologin to keep AD users locked out.
  • Installed software list now includes Linux .deb packages that are 'on hold'.
  • Added a special-case to properly name the Notion .exe Windows installer the same as how it will be reported by osquery post-install.
  • Increased threshold to renew Apple SCEP certificates for MDM enrollments to 180 days.

Vulnerability management

  • Fixed CVEs identified as 'Rejected' in NVD not matching against software.
  • Fixed false negative vulnerabilities with IntelliJ IDEA CE and PyCharm CE installed via Homebrew.

Bug fixes and improvements

  • Dropped support for MySQL 5.7 and raised minimum required to MySQL 8.0.36.
  • Updated software pre-install to use new GitOps format for query.
  • Updated UI tooltips for pending OS settings.
  • Added a migration to migrate older team configurations to the new version that includes both installers and App Store apps.
  • Fixed a styling issue in the controls > OS settings > disk encryption table.
  • Fixed a bug in fleetctl preview that was causing it to fail if Docker was installed without support for the deprecated docker-compose CLI.
  • Fixed an issue where the app-wide warning banners were not showing on the initial page load.
  • Fixed a bug where the hosts page would sometimes allow excess pagination.
  • Fixed a bug where software install results could not be retrieved for deleted hosts in the activity feed.
  • Fixed path that was incorrect for the download software installer package endpoint GET /software/titles/:software_title_id/package.
  • Fixed a bug that set last_enrolled_at during orbit re-enrollment, which caused osquery enroll failures when FLEET_OSQUERY_ENROLL_COOLDOWN is set.
  • Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.
  • Fixed a styling issue in the Controls > OS Settings > disk encryption table.
  • Fixed a bug where Fleet google calendar events generated by Fleet <= 4.53.0 were not correctly processed by 4.54.0.
  • Fixed a bug in fleetctl preview that was causing it to fail if Docker was installed without support for the deprecated docker-compose CLI.
  • Fixed a bug where software install results could not be retrieved for deleted hosts in the activity feed.
  • Fixed a bug where a software installer (a package or a VPP app) that has been installed on a host still shows up as "Available for install" and can still be requested to be installed after the host is transferred to a different team without that installer (or after the installer is deleted).
  • Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.30.0
  2. fleet-desktop-v1.30.0 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

752e667c725e98eafad0a9ec4acebe432dd8d3adf4bd38a523ddf44bd5cdb4c4  fleet_v4.55.0_linux.tar.gz
1d07e349dd563fbda06d1cae7841c7e03dbb7204f6130bcc3d41650f099d29d0  fleetctl_v4.55.0_linux.tar.gz
324af95989785c7c76e8bc17e7acfafd1416e8c2a635e60fd7fe76cd26323a90  fleetctl_v4.55.0_linux.zip
9b70adaf92dcf3646096118bb73aaa1e15ebf79f9b17f46954b59fbcecb14ad6  fleetctl_v4.55.0_macos.tar.gz
fd40e5e4e37fff8aaa208f505b73d38faea7fabee305807e71c41db40ba708e1  fleetctl_v4.55.0_macos.zip
f4f85c7406c3dd6f1664f335203cb5cf5a0d769282e1119fc605fded00a2e643  fleetctl_v4.55.0_windows.tar.gz
cf2de2ab3811e40514623a04d0219446f331d735a619d1ee7ff8db6a69b5e5da  fleetctl_v4.55.0_windows.zip