Skip to content

fleet-v4.55.0

Compare
Choose a tag to compare
@github-actions github-actions released this 09 Aug 18:48
· 1897 commits to main since this release
11aaa4f

Fleet 4.55.0 (Aug 9, 2024)

NOTE: Beginning with v4.55.0, Fleet no longer supports MySQL 5.7 because it has reached end of life. The minimum version supported is MySQL 8.0.36.

NOTE: Changes to software field in GitOps:

  • software field is optional for TEAMs in 4.54.1 and lower
  • software field should NOT be added to NO-TEAM before 4.55.0
  • software field is mandatory for NO-TEAM and TEAMs in 4.55.0 and up

Endpoint operations

  • Added support for generating fleetd packages for Linux ARM64.
  • Added new fleetctl package --arch flag.
  • Updated fleetctl package command to remove the --version flag. The version of the package can be controlled by --orbit-channel flag.
  • Updated maintenance window descriptions to update regularly to match the failing policy description/resolution.
  • Updated maintenance windows using Google Calendar so that calendar events are now recreated within 30 seconds if deleted or moved to the past.
    • Fleet server watches for potential changes for up to 1 week after original event time. If event is moved forward more than 1 week, then after 1 week Fleet server will check for event changes once every 30 minutes.
    • NOTE: These near real-time updates may add additional load to the Google Calendar API, so it is recommended to use API usage alerts or other monitoring methods.

Device management

  • Integrated Escrow Buddy to add enforcement of FileVault during the MacOS Setup Assistant process for hosts that are
    enrolled into teams (or no team) with disk encryption turned on. Thank you homebysix and team!
  • Updated fleetd to use Escrow Buddy to rotate FileVault keys. Removed or modified internal API endpoints documented in the API for contributors.
  • Added OS updates support to iOS/iPadOS devices.
  • Added iOS and iPadOS device details refetch triggered with the existing POST /api/latest/fleet/hosts/:id/refetch endpoint.
  • Added iOS and iPadOS user-installed apps to Fleet.
  • Added iOS and iPadOS apps to be installed using Apple's VPP (Volume Purchase Program) to Fleet.
  • Added support for VPP to GitOps.
  • Added the POST /mdm/apple/vpp_token, DELETE /mdm/apple/vpp_token and GET /vpp endpoints and related functionality.
  • Added new GET /software/app_store_apps and POST /software/app_store_apps endpoints and associated functionality.
  • Added the associated VPP apps to the GET /software/titles and GET /software/titles/:id endpoints.
  • Added the associated VPP apps to the GET /hosts/:id/software and GET /device/:token/software endpoints.
  • Added support to delete a VPP app from a team in DELETE /software/titles/:software_title_id/available_for_install.
  • Added exclude_software query parameter to "Get host by identifier" API.
  • Added ability to add/remove/disable apps with VPP in the Fleet UI.
  • Added a warning banner to the UI if the uploaded VPP token is about to expire/has expired.
  • Added UI updates for VPP feature on host software and my device pages.
  • Added global activity support for VPP-related activities.
  • Added UI features for managing VPP apps for iPadOS and iOS hosts.
  • Updated profile activities to include iOS and iPadOS.
  • Updated Fleet UI to show OS version compliance on host details page.
  • Added support for "No teams" on all software pages including adding software installers.
  • Added DB migration to support VPP software features.
  • Added DB migration to migrate older team configurations to the new version that includes both installers and App Store apps.
  • Linux lock/unlock scripts now make use of pam_nologin to keep AD users locked out.
  • Installed software list now includes Linux .deb packages that are 'on hold'.
  • Added a special-case to properly name the Notion .exe Windows installer the same as how it will be reported by osquery post-install.
  • Increased threshold to renew Apple SCEP certificates for MDM enrollments to 180 days.

Vulnerability management

  • Fixed CVEs identified as 'Rejected' in NVD not matching against software.
  • Fixed false negative vulnerabilities with IntelliJ IDEA CE and PyCharm CE installed via Homebrew.

Bug fixes and improvements

  • Dropped support for MySQL 5.7 and raised minimum required to MySQL 8.0.36.
  • Updated software pre-install to use new GitOps format for query.
  • Updated UI tooltips for pending OS settings.
  • Added a migration to migrate older team configurations to the new version that includes both installers and App Store apps.
  • Fixed a styling issue in the controls > OS settings > disk encryption table.
  • Fixed a bug in fleetctl preview that was causing it to fail if Docker was installed without support for the deprecated docker-compose CLI.
  • Fixed an issue where the app-wide warning banners were not showing on the initial page load.
  • Fixed a bug where the hosts page would sometimes allow excess pagination.
  • Fixed a bug where software install results could not be retrieved for deleted hosts in the activity feed.
  • Fixed path that was incorrect for the download software installer package endpoint GET /software/titles/:software_title_id/package.
  • Fixed a bug that set last_enrolled_at during orbit re-enrollment, which caused osquery enroll failures when FLEET_OSQUERY_ENROLL_COOLDOWN is set.
  • Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.
  • Fixed a styling issue in the Controls > OS Settings > disk encryption table.
  • Fixed a bug where Fleet google calendar events generated by Fleet <= 4.53.0 were not correctly processed by 4.54.0.
  • Fixed a bug in fleetctl preview that was causing it to fail if Docker was installed without support for the deprecated docker-compose CLI.
  • Fixed a bug where software install results could not be retrieved for deleted hosts in the activity feed.
  • Fixed a bug where a software installer (a package or a VPP app) that has been installed on a host still shows up as "Available for install" and can still be requested to be installed after the host is transferred to a different team without that installer (or after the installer is deleted).
  • Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.30.0
  2. fleet-desktop-v1.30.0 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

752e667c725e98eafad0a9ec4acebe432dd8d3adf4bd38a523ddf44bd5cdb4c4  fleet_v4.55.0_linux.tar.gz
1d07e349dd563fbda06d1cae7841c7e03dbb7204f6130bcc3d41650f099d29d0  fleetctl_v4.55.0_linux.tar.gz
324af95989785c7c76e8bc17e7acfafd1416e8c2a635e60fd7fe76cd26323a90  fleetctl_v4.55.0_linux.zip
9b70adaf92dcf3646096118bb73aaa1e15ebf79f9b17f46954b59fbcecb14ad6  fleetctl_v4.55.0_macos.tar.gz
fd40e5e4e37fff8aaa208f505b73d38faea7fabee305807e71c41db40ba708e1  fleetctl_v4.55.0_macos.zip
f4f85c7406c3dd6f1664f335203cb5cf5a0d769282e1119fc605fded00a2e643  fleetctl_v4.55.0_windows.tar.gz
cf2de2ab3811e40514623a04d0219446f331d735a619d1ee7ff8db6a69b5e5da  fleetctl_v4.55.0_windows.zip