fleet-v4.54.0
github-actions
released this
17 Jul 22:52
·
2200 commits
to main
since this release
Fleet 4.54.0 (Jul 17, 2024)
Endpoint Operations
- Updated
fleetctl gitops
to be used to rename teams.- NOTE:
fleetctl gitops
needs to have previously run with this Fleet/fleetctl version or later. - The team name is changed if the YAML config is applied from the same filename as before.
- NOTE:
- Updated
fleetctl query --hosts
to work with hostnames, host UUIDs, and/or hardware serial numbers. - Added a host's upcoming scheduled maintenance window, if any, on the host details page of the UI and in host responses from the API.
- Added support to
fleetctl debug connection
to test TLS connection with the embedded certs.pem in
the fleetctl executable. - Added host's display name to calendar event descriptions.
- Added .yml and .yaml file type validation and error message to
fleetctl apply
. - Added a tooltip to truncated text and not to untruncated values.
Device Management (MDM)
- Added iOS/iPadOS builtin manual labels.
- NOTE: Before migrating to this version, make sure to delete any labels with name "iOS" or "iPadOS".
- Added aggregation of iOS/iPadOS OS versions.
- Added change to custom profiles for iOS/iPadOS to go from 'pending' straight to 'verified' (skip 'verifying').
- Added support for renewing SCEP certificates with custom enrollment profiles.
- Added automatic install of
fleetd
when a host turns on MDM now uses the latest releasedfleetd
version. - Added support for
END_USER_EMAIL
andFLEET_DESKTOP
parameters to Windows MSI install package. - Added API changes to support the
labels_include_all
andlabels_exclude_any
fields (and accept the deprecatedlabels
field as an alias forlabels_include_all
). - Added
fleetctl gitops
andfleetctl apply
support forlabels_include_all
andlabels_exclude_any
to configure a custom setting. - Added UI for uploading custom profiles with a target of hosts that include all/exclude any selected labels.
- Added the database migrations to create the new
exclude
column for labels associated with MDM profiles (and declarations). - Updated host script timeouts to be configurable via agent options using
script_execution_timeout
. fleetctl
now uses a polling mechanism when runningrun-script
to accommodate longer script timeout values.- Updated the profile reconciliation logic to handle the new "exclude any" labels.
- Updated so that the
fleetd
cleanup script for macOS that will return completed when run from Fleet. - Updated so that the
fleetd
uninstall script will return completed when run from Fleet. - Updated script run permissions -- only admins and maintainers can run arbitrary or saved scripts (not observer or observer+).
- Updated
fleetctl get mdm_commands
to return 20 rows and support--host
--type
filters to improve response time. - Updated the instructions for manual MDM enrollment on the "My device" page to be clearer and align with Apple updates.
- Updated UI to allow device users to reinstall self-service software.
- Updated API to not return a 500 status code if a host sends a command response with an invalid command uuid.
- Increased the timeout of the upload software installer endpoint to 4 minutes.
- Disabled credential caching and reboot on Windows lock.
Vulnerability Management
- Added "Vulnerable" filter to the host details software table.
- Fixed Microsoft Office June 2024 false negative vulnerabilities and added custom vulnerability matching.
- Fixed issue where some Windows applications were getting matched against Windows OS vulnerabilities.
Bug fixes and improvements
- Updated Go version to go1.22.4.
- Updated to render only one banner on the my device page based on priority order.
- Updated software updated timestamp tooltip.
- Removed DB error message from the UI when showing a error response.
- Updated fleetctl get queries/labels/hosts descriptions.
- Reinstated ability to sort policies by passing count.
- Improved the accuracy of the heuristic used to deterimine if a host is connected to Fleet via MDM by using osquery data for hosts that didn't send a Checkout message.
- Improved the matching of
pkg
installer files to existing software. - Improved extraction of application name from
pkg
installers. - Clarified various help and error texts around host identifiers.
- Hid CTA on inherited queries/policies from team level users.
- Hid query delete checkboxes from team observers.
- Hid "Self-service" in Fleet Desktop and My device page if there is no self-service software available.
- Hid the host detail page's "Run script" action from Global and Team Observer/+s.
- Aligned the "View all hosts" links in the Software titles and versions tables.
- Fixed counts for hosts with with low disk space in summary page.
- Fixed allowing Observer and Observer+ roles to download software installers.
- Fixed crash in
fleetd
installer on Windows if there are registry keys with special characters on the system. - Fixed
fleetctl debug connection
to support server TLS certificates with intermediates. - Fixed macOS declarations being stuck in "to be removed" state indefinitely.
- Fixed link to
fleetd
uninstall instructions in "Delete device" modal. - Fixed exporting CSVs with fields that contain commas to render properly.
- Fixed issue where the Fleet UI could not be used to renew the ABM token after the ABM user who created the token was deleted.
- Fixed styling issues with the target inputs loading spinner on the run live query/policy page.
- Fixed an issue where special characters in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall breaks the "installer_utils.ps1 -uninstallOrbit" step in the Windows MSI installer.
- Fixed a bug causing "No Team" OS versions to display the wrong number.
- Fixed various UI capitalizations.
- Fixed UI issue where "Script is already running" tooltip incorrectly displayed when the script is not running.
- Fixed the script details modal's error message on script timeout to reflect the newly dynamic script timeout limit, if hit.
- Fixed a discrepancy in the spacing between DataSet labels and values on Firefox relative to other browsers.
- Fixed bug that set
Added to Fleet
toNever
after macOS hosts re-enrolled to Fleet via MDM.
Fleet's agent
The following version of Fleet's agent (fleetd
) support the latest changes to Fleet:
- orbit-v1.27.0
fleet-desktop-v1.27.0
(included with Orbit)- fleetd-chrome-v1.3.1
While newer versions of
fleetd
still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
ef3cc05f5d86042c926a3243c081957445717960268743953793980df144b145 fleet_v4.54.0_linux.tar.gz
f4be7647922d6d458692d149c3aec12c3ecd84ed97761dd5478b1e10cbb94d7e fleetctl_v4.54.0_linux.tar.gz
2266628a8f1495e4ec904646ee77797367b359aaa3b3a1dd49449031bb5c7878 fleetctl_v4.54.0_linux.zip
4eb752de605ffcacb6aaf1e613bef1596b6a4583811d1b2fc6b0948df4febddd fleetctl_v4.54.0_macos.tar.gz
d12ea4fbcf04a2b0d848ed5b610b78055558e95b7cfd6461ee2e81ba4a7216b5 fleetctl_v4.54.0_macos.zip
6d331a0cf4808cc0a5141960acfe009d99e5b6e33b477216c9e888d55a04885e fleetctl_v4.54.0_windows.tar.gz
a0b1523b50b26c6ceb479513d2278d448d9e826cebbaf2af7decd3e01b5d7a59 fleetctl_v4.54.0_windows.zip