fleet-v4.55.0
github-actions
released this
09 Aug 18:48
·
1897 commits
to main
since this release
Fleet 4.55.0 (Aug 9, 2024)
NOTE: Beginning with v4.55.0, Fleet no longer supports MySQL 5.7 because it has reached end of life. The minimum version supported is MySQL 8.0.36.
NOTE: Changes to software field in GitOps:
software
field is optional for TEAMs in 4.54.1 and lowersoftware
field should NOT be added to NO-TEAM before 4.55.0software
field is mandatory for NO-TEAM and TEAMs in 4.55.0 and up
Endpoint operations
- Added support for generating
fleetd
packages for Linux ARM64. - Added new
fleetctl package
--arch flag. - Updated
fleetctl package
command to remove the--version
flag. The version of the package can be controlled by--orbit-channel
flag. - Updated maintenance window descriptions to update regularly to match the failing policy description/resolution.
- Updated maintenance windows using Google Calendar so that calendar events are now recreated within 30 seconds if deleted or moved to the past.
- Fleet server watches for potential changes for up to 1 week after original event time. If event is moved forward more than 1 week, then after 1 week Fleet server will check for event changes once every 30 minutes.
- NOTE: These near real-time updates may add additional load to the Google Calendar API, so it is recommended to use API usage alerts or other monitoring methods.
Device management
- Integrated Escrow Buddy to add enforcement of FileVault during the MacOS Setup Assistant process for hosts that are
enrolled into teams (or no team) with disk encryption turned on. Thank you homebysix and team! - Updated
fleetd
to use Escrow Buddy to rotate FileVault keys. Removed or modified internal API endpoints documented in the API for contributors. - Added OS updates support to iOS/iPadOS devices.
- Added iOS and iPadOS device details refetch triggered with the existing
POST /api/latest/fleet/hosts/:id/refetch
endpoint. - Added iOS and iPadOS user-installed apps to Fleet.
- Added iOS and iPadOS apps to be installed using Apple's VPP (Volume Purchase Program) to Fleet.
- Added support for VPP to GitOps.
- Added the
POST /mdm/apple/vpp_token
,DELETE /mdm/apple/vpp_token
andGET /vpp
endpoints and related functionality. - Added new
GET /software/app_store_apps
andPOST /software/app_store_apps
endpoints and associated functionality. - Added the associated VPP apps to the
GET /software/titles
andGET /software/titles/:id
endpoints. - Added the associated VPP apps to the
GET /hosts/:id/software
andGET /device/:token/software
endpoints. - Added support to delete a VPP app from a team in
DELETE /software/titles/:software_title_id/available_for_install
. - Added
exclude_software
query parameter to "Get host by identifier" API. - Added ability to add/remove/disable apps with VPP in the Fleet UI.
- Added a warning banner to the UI if the uploaded VPP token is about to expire/has expired.
- Added UI updates for VPP feature on host software and my device pages.
- Added global activity support for VPP-related activities.
- Added UI features for managing VPP apps for iPadOS and iOS hosts.
- Updated profile activities to include iOS and iPadOS.
- Updated Fleet UI to show OS version compliance on host details page.
- Added support for "No teams" on all software pages including adding software installers.
- Added DB migration to support VPP software features.
- Added DB migration to migrate older team configurations to the new version that includes both installers and App Store apps.
- Linux lock/unlock scripts now make use of pam_nologin to keep AD users locked out.
- Installed software list now includes Linux .deb packages that are 'on hold'.
- Added a special-case to properly name the Notion .exe Windows installer the same as how it will be reported by osquery post-install.
- Increased threshold to renew Apple SCEP certificates for MDM enrollments to 180 days.
Vulnerability management
- Fixed CVEs identified as 'Rejected' in NVD not matching against software.
- Fixed false negative vulnerabilities with IntelliJ IDEA CE and PyCharm CE installed via Homebrew.
Bug fixes and improvements
- Dropped support for MySQL 5.7 and raised minimum required to MySQL 8.0.36.
- Updated software pre-install to use new GitOps format for query.
- Updated UI tooltips for pending OS settings.
- Added a migration to migrate older team configurations to the new version that includes both installers and App Store apps.
- Fixed a styling issue in the controls > OS settings > disk encryption table.
- Fixed a bug in
fleetctl preview
that was causing it to fail if Docker was installed without support for the deprecateddocker-compose
CLI. - Fixed an issue where the app-wide warning banners were not showing on the initial page load.
- Fixed a bug where the hosts page would sometimes allow excess pagination.
- Fixed a bug where software install results could not be retrieved for deleted hosts in the activity feed.
- Fixed path that was incorrect for the download software installer package endpoint
GET /software/titles/:software_title_id/package
. - Fixed a bug that set
last_enrolled_at
during orbit re-enrollment, which caused osquery enroll failures whenFLEET_OSQUERY_ENROLL_COOLDOWN
is set. - Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.
- Fixed a styling issue in the Controls > OS Settings > disk encryption table.
- Fixed a bug where Fleet google calendar events generated by Fleet <= 4.53.0 were not correctly processed by 4.54.0.
- Fixed a bug in
fleetctl preview
that was causing it to fail if Docker was installed without support for the deprecateddocker-compose
CLI. - Fixed a bug where software install results could not be retrieved for deleted hosts in the activity feed.
- Fixed a bug where a software installer (a package or a VPP app) that has been installed on a host still shows up as "Available for install" and can still be requested to be installed after the host is transferred to a different team without that installer (or after the installer is deleted).
- Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.
Fleet's agent
The following version of Fleet's agent (fleetd
) support the latest changes to Fleet:
- orbit-v1.30.0
fleet-desktop-v1.30.0
(included with Orbit)- fleetd-chrome-v1.3.1
While newer versions of
fleetd
still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
752e667c725e98eafad0a9ec4acebe432dd8d3adf4bd38a523ddf44bd5cdb4c4 fleet_v4.55.0_linux.tar.gz
1d07e349dd563fbda06d1cae7841c7e03dbb7204f6130bcc3d41650f099d29d0 fleetctl_v4.55.0_linux.tar.gz
324af95989785c7c76e8bc17e7acfafd1416e8c2a635e60fd7fe76cd26323a90 fleetctl_v4.55.0_linux.zip
9b70adaf92dcf3646096118bb73aaa1e15ebf79f9b17f46954b59fbcecb14ad6 fleetctl_v4.55.0_macos.tar.gz
fd40e5e4e37fff8aaa208f505b73d38faea7fabee305807e71c41db40ba708e1 fleetctl_v4.55.0_macos.zip
f4f85c7406c3dd6f1664f335203cb5cf5a0d769282e1119fc605fded00a2e643 fleetctl_v4.55.0_windows.tar.gz
cf2de2ab3811e40514623a04d0219446f331d735a619d1ee7ff8db6a69b5e5da fleetctl_v4.55.0_windows.zip