Skip to content

fleet-v4.54.0

Compare
Choose a tag to compare
@github-actions github-actions released this 17 Jul 22:52
· 2200 commits to main since this release
ad26462

Fleet 4.54.0 (Jul 17, 2024)

Endpoint Operations

  • Updated fleetctl gitops to be used to rename teams.
    • NOTE: fleetctl gitops needs to have previously run with this Fleet/fleetctl version or later.
    • The team name is changed if the YAML config is applied from the same filename as before.
  • Updated fleetctl query --hosts to work with hostnames, host UUIDs, and/or hardware serial numbers.
  • Added a host's upcoming scheduled maintenance window, if any, on the host details page of the UI and in host responses from the API.
  • Added support to fleetctl debug connection to test TLS connection with the embedded certs.pem in
    the fleetctl executable.
  • Added host's display name to calendar event descriptions.
  • Added .yml and .yaml file type validation and error message to fleetctl apply.
  • Added a tooltip to truncated text and not to untruncated values.

Device Management (MDM)

  • Added iOS/iPadOS builtin manual labels.
    • NOTE: Before migrating to this version, make sure to delete any labels with name "iOS" or "iPadOS".
  • Added aggregation of iOS/iPadOS OS versions.
  • Added change to custom profiles for iOS/iPadOS to go from 'pending' straight to 'verified' (skip 'verifying').
  • Added support for renewing SCEP certificates with custom enrollment profiles.
  • Added automatic install of fleetd when a host turns on MDM now uses the latest released fleetd version.
  • Added support for END_USER_EMAIL and FLEET_DESKTOP parameters to Windows MSI install package.
  • Added API changes to support the labels_include_all and labels_exclude_any fields (and accept the deprecated labels field as an alias for labels_include_all).
  • Added fleetctl gitops and fleetctl apply support for labels_include_all and labels_exclude_any to configure a custom setting.
  • Added UI for uploading custom profiles with a target of hosts that include all/exclude any selected labels.
  • Added the database migrations to create the new exclude column for labels associated with MDM profiles (and declarations).
  • Updated host script timeouts to be configurable via agent options using script_execution_timeout.
  • fleetctl now uses a polling mechanism when running run-script to accommodate longer script timeout values.
  • Updated the profile reconciliation logic to handle the new "exclude any" labels.
  • Updated so that the fleetd cleanup script for macOS that will return completed when run from Fleet.
  • Updated so that the fleetd uninstall script will return completed when run from Fleet.
  • Updated script run permissions -- only admins and maintainers can run arbitrary or saved scripts (not observer or observer+).
  • Updated fleetctl get mdm_commands to return 20 rows and support --host --type filters to improve response time.
  • Updated the instructions for manual MDM enrollment on the "My device" page to be clearer and align with Apple updates.
  • Updated UI to allow device users to reinstall self-service software.
  • Updated API to not return a 500 status code if a host sends a command response with an invalid command uuid.
  • Increased the timeout of the upload software installer endpoint to 4 minutes.
  • Disabled credential caching and reboot on Windows lock.

Vulnerability Management

  • Added "Vulnerable" filter to the host details software table.
  • Fixed Microsoft Office June 2024 false negative vulnerabilities and added custom vulnerability matching.
  • Fixed issue where some Windows applications were getting matched against Windows OS vulnerabilities.

Bug fixes and improvements

  • Updated Go version to go1.22.4.
  • Updated to render only one banner on the my device page based on priority order.
  • Updated software updated timestamp tooltip.
  • Removed DB error message from the UI when showing a error response.
  • Updated fleetctl get queries/labels/hosts descriptions.
  • Reinstated ability to sort policies by passing count.
  • Improved the accuracy of the heuristic used to deterimine if a host is connected to Fleet via MDM by using osquery data for hosts that didn't send a Checkout message.
  • Improved the matching of pkg installer files to existing software.
  • Improved extraction of application name from pkg installers.
  • Clarified various help and error texts around host identifiers.
  • Hid CTA on inherited queries/policies from team level users.
  • Hid query delete checkboxes from team observers.
  • Hid "Self-service" in Fleet Desktop and My device page if there is no self-service software available.
  • Hid the host detail page's "Run script" action from Global and Team Observer/+s.
  • Aligned the "View all hosts" links in the Software titles and versions tables.
  • Fixed counts for hosts with with low disk space in summary page.
  • Fixed allowing Observer and Observer+ roles to download software installers.
  • Fixed crash in fleetd installer on Windows if there are registry keys with special characters on the system.
  • Fixed fleetctl debug connection to support server TLS certificates with intermediates.
  • Fixed macOS declarations being stuck in "to be removed" state indefinitely.
  • Fixed link to fleetd uninstall instructions in "Delete device" modal.
  • Fixed exporting CSVs with fields that contain commas to render properly.
  • Fixed issue where the Fleet UI could not be used to renew the ABM token after the ABM user who created the token was deleted.
  • Fixed styling issues with the target inputs loading spinner on the run live query/policy page.
  • Fixed an issue where special characters in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall breaks the "installer_utils.ps1 -uninstallOrbit" step in the Windows MSI installer.
  • Fixed a bug causing "No Team" OS versions to display the wrong number.
  • Fixed various UI capitalizations.
  • Fixed UI issue where "Script is already running" tooltip incorrectly displayed when the script is not running.
  • Fixed the script details modal's error message on script timeout to reflect the newly dynamic script timeout limit, if hit.
  • Fixed a discrepancy in the spacing between DataSet labels and values on Firefox relative to other browsers.
  • Fixed bug that set Added to Fleet to Never after macOS hosts re-enrolled to Fleet via MDM.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.27.0
  2. fleet-desktop-v1.27.0 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

ef3cc05f5d86042c926a3243c081957445717960268743953793980df144b145  fleet_v4.54.0_linux.tar.gz
f4be7647922d6d458692d149c3aec12c3ecd84ed97761dd5478b1e10cbb94d7e  fleetctl_v4.54.0_linux.tar.gz
2266628a8f1495e4ec904646ee77797367b359aaa3b3a1dd49449031bb5c7878  fleetctl_v4.54.0_linux.zip
4eb752de605ffcacb6aaf1e613bef1596b6a4583811d1b2fc6b0948df4febddd  fleetctl_v4.54.0_macos.tar.gz
d12ea4fbcf04a2b0d848ed5b610b78055558e95b7cfd6461ee2e81ba4a7216b5  fleetctl_v4.54.0_macos.zip
6d331a0cf4808cc0a5141960acfe009d99e5b6e33b477216c9e888d55a04885e  fleetctl_v4.54.0_windows.tar.gz
a0b1523b50b26c6ceb479513d2278d448d9e826cebbaf2af7decd3e01b5d7a59  fleetctl_v4.54.0_windows.zip