Skip to content

Commit

Permalink
Prepare for Fleet 4.10.0 (#4161)
Browse files Browse the repository at this point in the history
Co-authored-by: Zach Wasserman <[email protected]>
  • Loading branch information
noahtalerman and zwass authored Feb 14, 2022
1 parent e0716d0 commit 6782747
Show file tree
Hide file tree
Showing 44 changed files with 76 additions and 66 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/goreleaser-fleet.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17.2
go-version: 1.17.7

- name: Install JS Dependencies
run: make deps-js
Expand Down
51 changes: 51 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,54 @@
## Fleet 4.10.0 (Feb 10, 2022)

* Upgrade Go to 1.17.7 with security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772), and cmd/go (CVE-2022-23773). These are not likely to be high impact in Fleet deployments, but we are upgrading in an abundance of caution.

* Add aggregate software and vulnerability information on the new **Software** page.

* Add ability to see how many hosts have a specific vulnerable software installed on the
**Software** page. This information is also available in the `GET /api/v1/fleet/software` API route.

* Add ability to send a webhook request if a new vulnerability (CVE) is
found on at least one host. Documentation on what data is included the webhook
request and when the webhook request is sent can be found here on [fleedm.com/docs](https://fleetdm.com/docs/using-fleet/automations#vulnerability-automations).

* Add aggregate Mobile Device Management and Munki data on the **Home** page.

* Add email and URL validation across the entire Fleet UI.

* Add ability to filter software by "Vulnerable" on the **Host details** page.

* Update standard policy templates to use new naming convention. For example, "Is FileVault enabled on macOS
devices?" is now "Full disk encryption enabled (macOS)."

* Add db-innodb-status and db-process-list to `fleetctl debug` command.

* Fleet Premium: Add the ability to generate a Fleet installer and manage enroll secrets on the **Team details**
page.

* A ability for users with the observer role to view which platforms (macOS, Windows, Linux) a query
is compatible with.

* Improve the experience for editing queries and policies in the Fleet UI.

* Improve vulnerability processing for NPM packages.

* Support triggering a webhook for newly detected vulnerabilities with a list of affected hosts.

* Add filter software by CVE.

* Add the ability to disable scheduled query performance statistics.

* Add ability to filter the host summary information by platform (macOS, Windows, Linux) on the **Home** page.

* Fix a bug in Fleet installers for Linux in which a computer restart would stop the host from
reporting to Fleet.

* Make sure ApplyTeamSpec only works with premium deployments.

* Disable MDM, Munki, and Chrome profile queries on unsupported platforms to reduce log noise.

* Properly handle paths in CVE URL prefix.

## Fleet 4.9.1 (Feb 2, 2022)

### This is a security release.
Expand Down
1 change: 0 additions & 1 deletion changes/add-enable-scheduled-query-stats-to-fleetconfig

This file was deleted.

1 change: 0 additions & 1 deletion changes/disable-mdm-queries

This file was deleted.

1 change: 0 additions & 1 deletion changes/fix-cve-url-prefix

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-2998-software-cve-search

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3029-team-details-modals

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3050-settings

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3050-trigger-vulnerabilities-webhook

This file was deleted.

2 changes: 0 additions & 2 deletions changes/issue-3054-3208-host-details-software

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3086-add-hosts-count-to-software

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3086-cleanup-unused-software

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3099-3195-improve-query-editing

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3173-debug-status-processlist

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3263-aggregation

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3263-host-summary-filter

This file was deleted.

3 changes: 0 additions & 3 deletions changes/issue-3397-software-page

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3507-url-email-validators

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3584-fix-webhooks-lock-duration

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3634-user-actions-flash-messages

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3706-input-max-length

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3762-software-vulnerability-webhook-modal

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3782-apply-team-specs-ee

This file was deleted.

2 changes: 0 additions & 2 deletions changes/issue-3800-macOS-homepage

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3872-fix-label-search

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3879-preview-apply-policies

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3882-clean-team-packs

This file was deleted.

2 changes: 0 additions & 2 deletions changes/issue-3899-revamp-nav-bar

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3901-match-target-sw

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3904-get-team-by-id-api

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3921-logout-automatically

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3953-apply-queries-missing-authorization

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3988-3989-query-policy-validations

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-3991-fix-get-failing-policies-webhook

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-4095-observer-view-compatibility

This file was deleted.

1 change: 0 additions & 1 deletion changes/issue-4118-software-automation-details

This file was deleted.

1 change: 0 additions & 1 deletion changes/linux-packaging-service-persistence

This file was deleted.

2 changes: 0 additions & 2 deletions changes/update-standard-policies

This file was deleted.

4 changes: 2 additions & 2 deletions charts/fleet/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ name: fleet
keywords:
- fleet
- osquery
version: v4.9.1
version: v4.10.0
home: https://github.com/fleetdm/fleet
sources:
- https://github.com/fleetdm/fleet.git
appVersion: v4.9.1
appVersion: v4.10.0
2 changes: 1 addition & 1 deletion charts/fleet/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# All settings related to how Fleet is deployed in Kubernetes
hostName: fleet.localhost
replicas: 3 # The number of Fleet instances to deploy
imageTag: v4.9.1 # Version of Fleet to deploy
imageTag: v4.10.0 # Version of Fleet to deploy
createIngress: true # Whether or not to automatically create an Ingress
ingressAnnotations: {} # Additional annotation to add to the Ingress
podAnnotations: {} # Additional annotations to add to the Fleet pod
Expand Down
19 changes: 10 additions & 9 deletions docs/03-Contributing/05-Releasing-Fleet.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,11 @@ Add a "Performance" section below the list of changes. This section should summa
hosts that the Fleet server can handle, call out if this number has
changed since the last release, and list the infrastructure used in the load testing environment.

Update the NPM [package.json](../../tools/fleetctl-npm/package.json) with the new version number (do
not yet `npm publish`). Update the [Helm chart](../../charts/fleet/Chart.yaml) and [values
file](../../charts/fleet/values.yaml) with the new version number.
Update version numbers in the relevant files:

- [package.json](../../tools/fleetctl-npm/package.json) (do not yet `npm publish`)
- [Helm chart](../../charts/fleet/Chart.yaml) and [values file](../../charts/fleet/values.yaml)
- [Terraform variables](../../tools/terraform/variables.tf)

Commit these changes via Pull Request and pull the changes on the `main` branch locally. Check that
`HEAD` of the `main` branch points to the commit with these changes.
Expand Down Expand Up @@ -54,7 +56,7 @@ Please visit our [update guide](https://fleetdm.com/docs/using-fleet/updating-fl
### Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/<VERSION>/docs/README.md
Documentation for Fleet is available at [fleetdm.com/docs](https://fleetdm.com/docs).
### Binary Checksum
Expand All @@ -73,7 +75,7 @@ When editing is complete, publish the release.

> If releasing a "prerelease" of Fleet, run `npm publish --tag prerelease`. This way, you can
> publish a prerelease of fleetctl while the most recent fleetctl npm package, available for public
> download, is still the latest *official* release.
> download, is still the latest _official_ release.
5. Announce the release in the #fleet channel of [osquery
Slack](https://osquery.slack.com/join/shared_invite/zt-h29zm0gk-s2DBtGUTW4CFel0f0IjTEw#/) and
Expand Down Expand Up @@ -110,7 +112,7 @@ must be created and relevant changes cherry-picked onto that branch:
```

2. Cherry pick the necessary commits into the new branch:

```
git cherry-pick d34db33f
```
Expand All @@ -123,8 +125,7 @@ must be created and relevant changes cherry-picked onto that branch:

When a `patch-*` branch is pushed, the [Docker publish
Action](https://github.com/fleetdm/fleet/actions/workflows/goreleaser-snapshot-fleet.yaml) will
be invoked to push a container image for QA with `fleetctl preview` (eg. `fleetctl preview
--tag patch-fleet-v4.3.1`).
be invoked to push a container image for QA with `fleetctl preview` (eg. `fleetctl preview --tag patch-fleet-v4.3.1`).

4. Check in the GitHub UI that Actions ran successfully for this branch and perform [QA smoke
testing](../../.github/ISSUE_TEMPLATE/smoke-tests.md).
Expand All @@ -142,4 +143,4 @@ must be created and relevant changes cherry-picked onto that branch:
timestamps. If they do not, submit a new Pull Request to increase the timestamps and ensure that
migrations are run in the appropriate order.

TODO [#2850](https://github.com/fleetdm/fleet/issues/2850): Improve docs/tooling for this.
TODO [#2850](https://github.com/fleetdm/fleet/issues/2850): Improve docs/tooling for this.
2 changes: 1 addition & 1 deletion server/datastore/mysql/schema.sql
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ CREATE TABLE `app_config_json` (
UNIQUE KEY `id` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
/*!40101 SET character_set_client = @saved_cs_client */;
INSERT INTO `app_config_json` VALUES (1,'{\"org_info\": {\"org_name\": \"\", \"org_logo_url\": \"\"}, \"sso_settings\": {\"idp_name\": \"\", \"metadata\": \"\", \"entity_id\": \"\", \"enable_sso\": false, \"issuer_uri\": \"\", \"metadata_url\": \"\", \"idp_image_url\": \"\", \"enable_sso_idp_login\": false}, \"agent_options\": {\"config\": {\"options\": {\"logger_plugin\": \"tls\", \"pack_delimiter\": \"/\", \"logger_tls_period\": 10, \"distributed_plugin\": \"tls\", \"disable_distributed\": false, \"logger_tls_endpoint\": \"/api/v1/osquery/log\", \"distributed_interval\": 10, \"distributed_tls_max_attempts\": 3}, \"decorators\": {\"load\": [\"SELECT uuid AS host_uuid FROM system_info;\", \"SELECT hostname AS hostname FROM system_info;\"]}}, \"overrides\": {}}, \"host_settings\": {\"enable_host_users\": true, \"enable_software_inventory\": false, \"enable_scheduled_query_stats\": true}, \"smtp_settings\": {\"port\": 587, \"domain\": \"\", \"server\": \"\", \"password\": \"\", \"user_name\": \"\", \"configured\": false, \"enable_smtp\": false, \"enable_ssl_tls\": true, \"sender_address\": \"\", \"enable_start_tls\": true, \"verify_ssl_certs\": true, \"authentication_type\": \"0\", \"authentication_method\": \"0\"}, \"server_settings\": {\"server_url\": \"\", \"enable_analytics\": false, \"deferred_save_host\": false, \"live_query_disabled\": false}, \"webhook_settings\": {\"interval\": \"24h0m0s\", \"host_status_webhook\": {\"days_count\": 0, \"destination_url\": \"\", \"host_percentage\": 0, \"enable_host_status_webhook\": false}, \"vulnerabilities_webhook\": {\"destination_url\": \"\", \"host_batch_size\": 0, \"enable_vulnerabilities_webhook\": false}, \"failing_policies_webhook\": {\"policy_ids\": null, \"destination_url\": \"\", \"host_batch_size\": 0, \"enable_failing_policies_webhook\": false}}, \"host_expiry_settings\": {\"host_expiry_window\": 0, \"host_expiry_enabled\": false}, \"vulnerability_settings\": {\"databases_path\": \"\"}}','2020-01-01 01:01:01','2020-01-01 01:01:01');
INSERT INTO `app_config_json` VALUES (1,'{\"org_info\": {\"org_name\": \"\", \"org_logo_url\": \"\"}, \"sso_settings\": {\"idp_name\": \"\", \"metadata\": \"\", \"entity_id\": \"\", \"enable_sso\": false, \"issuer_uri\": \"\", \"metadata_url\": \"\", \"idp_image_url\": \"\", \"enable_sso_idp_login\": false}, \"agent_options\": {\"config\": {\"options\": {\"logger_plugin\": \"tls\", \"pack_delimiter\": \"/\", \"logger_tls_period\": 10, \"distributed_plugin\": \"tls\", \"disable_distributed\": false, \"logger_tls_endpoint\": \"/api/v1/osquery/log\", \"distributed_interval\": 10, \"distributed_tls_max_attempts\": 3}, \"decorators\": {\"load\": [\"SELECT uuid AS host_uuid FROM system_info;\", \"SELECT hostname AS hostname FROM system_info;\"]}}, \"overrides\": {}}, \"host_settings\": {\"enable_host_users\": true, \"enable_software_inventory\": false}, \"smtp_settings\": {\"port\": 587, \"domain\": \"\", \"server\": \"\", \"password\": \"\", \"user_name\": \"\", \"configured\": false, \"enable_smtp\": false, \"enable_ssl_tls\": true, \"sender_address\": \"\", \"enable_start_tls\": true, \"verify_ssl_certs\": true, \"authentication_type\": \"0\", \"authentication_method\": \"0\"}, \"server_settings\": {\"server_url\": \"\", \"enable_analytics\": false, \"deferred_save_host\": false, \"live_query_disabled\": false}, \"webhook_settings\": {\"interval\": \"24h0m0s\", \"host_status_webhook\": {\"days_count\": 0, \"destination_url\": \"\", \"host_percentage\": 0, \"enable_host_status_webhook\": false}, \"vulnerabilities_webhook\": {\"destination_url\": \"\", \"host_batch_size\": 0, \"enable_vulnerabilities_webhook\": false}, \"failing_policies_webhook\": {\"policy_ids\": null, \"destination_url\": \"\", \"host_batch_size\": 0, \"enable_failing_policies_webhook\": false}}, \"host_expiry_settings\": {\"host_expiry_window\": 0, \"host_expiry_enabled\": false}, \"vulnerability_settings\": {\"databases_path\": \"\"}}','2020-01-01 01:01:01','2020-01-01 01:01:01');
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `carve_blocks` (
Expand Down
2 changes: 1 addition & 1 deletion tools/fleetctl-npm/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "fleetctl",
"version": "v4.9.1",
"version": "v4.10.0",
"description": "Installer for the fleetctl CLI tool",
"bin": {
"fleetctl": "./run.js"
Expand Down
18 changes: 9 additions & 9 deletions tools/terraform/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,20 +24,20 @@ variable "vulnerabilities_path" {

variable "fleet_backend_cpu" {
default = 256
type = number
type = number
}

variable "fleet_backend_mem" {
default = 512
type = number
type = number
}

variable "async_host_processing" {
default = "false"
}

variable "logging_debug" {
default = "false"
default = "false"
}

variable "logging_json" {
Expand All @@ -51,12 +51,12 @@ variable "database_user" {

variable "database_name" {
description = "the name of the database fleet will create/use"
default = "fleet"
default = "fleet"
}

variable "fleet_image" {
description = "the name of the container image to run"
default = "fleetdm/fleet:v4.9.0"
default = "fleetdm/fleet:v4.10.0"
}

variable "software_inventory" {
Expand All @@ -72,13 +72,13 @@ variable "vuln_db_path" {
variable "cpu_migrate" {
description = "cpu units for migration task"
default = 1024
type = number
type = number
}

variable "mem_migrate" {
description = "memory limit for migration task in MB"
default = 2048
type = number
type = number
}

variable "fleet_max_capacity" {
Expand All @@ -103,5 +103,5 @@ variable "cpu_tracking_target_value" {

variable "fleet_license" {
description = "Fleet Premium license key"
default = ""
}
default = ""
}

1 comment on commit 6782747

@vercel
Copy link

@vercel vercel bot commented on 6782747 Feb 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.