fleet-v4.17.0

Changes

• Added the number of hosts enrolled by operating system (OS) and its version to usage statistics. Also added the weekly active users count to usage statistics. Documentation on how to disable usage statistics, can be found here on fleetdm.com.

• Fleet Premium and Fleet Free: Fleet Desktop is officially out of beta. This application shows users exactly what's going on with their device and gives them the tools they need to make sure it is secure and aligned with policies. They just need to click an icon in their menu bar.

• Fleet Premium and Fleet Free: Fleet's osquery installer is officially out of beta. Orbit is a lightweight wrapper for osquery that allows you to easily deploy, configure and keep osquery up-to-date across your organization.

• Added native support for M1 Macs in Fleet Desktop.

• Added battery health tracking to Host details page.

• Improved reporting of error states on the health dashboard and added separate health checks for MySQL and Redis with /healthz?check=mysql and /healthz?check=redis.

• Improved SSO login failure messaging.

• Fixed osquery tables that report incorrect platforms.

• Added docker_container_envs table to the osquery table schema on the *Query page.

• Updated Fleet host detail query so that the os_version for Ubuntu hosts reflects the accurate patch number.

• Improved accuracy of software_host_counts by removing hosts from the count if any software has been uninstalled.

• Improved accuracy of the last_restarted date.

• Fixed /api/_version_/fleet/hosts/identifier/{identifier} to return the correct value for host.status.

• Improved logging when fleetctl encounters permissions errors.

• Added support for scanning RHEL-based and Fedora hosts for vulnerable software using OVAL definitions.

• Fixed SQL generated for operating system version policies to reduce false negatives.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

5e33fda754a0530464843b876630e44e8a5bc8ce5ddb41af0976f8eb7d5c8dfa  fleetctl_v4.17.0_linux.tar.gz
78c68d8033cdeaab2720e58ddde663c807ce865ea8d39d91358f1d90cbfee3fd  fleetctl_v4.17.0_windows.zip
9ab0f76ad56bc8de1402c0bc5446263ea4bbfcd7842b446e0c258a709a4e42b7  fleetctl_v4.17.0_linux.zip
a2c55ceb92a88cc83f376ef08fc275412d8fa86788b6d16718782c799b73e0e6  fleetctl_v4.17.0_windows.tar.gz
f43c3a13c0de38332f24860c49a1c53c260a94a5e8dfe6ef18fe55d73504dee5  fleet_v4.17.0_linux.tar.gz
11b8fd0af84363a3eb0f44dcf96048df0f0df3420daaf9d9873b2c4b8e6c77d5  fleetctl_v4.17.0_macos.tar.gz
471e23651feb6a52a6b3c6500e2018d1a936c08ac70bbb0c55cbe1cb335d3c2a  fleetctl_v4.17.0_macos.zip

fleet-v4.16.0

Fleet 4.16.0 (Jun 20, 2022)

• Fleet Premium: Added the ability to set a Custom URL for the "Transparency" link included in Fleet Desktop. This allows you to use custom branding, as well as gives you control over what information you want to share with your end-users.

• Fleet Premium: Added scoring to vulnerability detection, including EPSS probability score, CVSS base score, and known exploits. This helps you to quickly categorize which threats need attention today, next week, next month, or "someday."

• Added a ticket-workflow for policy automations. Configured Fleet to automatically create a Jira issue or Zendesk ticket when one or more hosts fail a specific policy.

• Added Open Vulnerability and Assement Language (OVAL) processing for Ubuntu hosts. This increases the accuracy of detected vulnerabilities.

• Added software details page to the Fleet UI.

• Improved live query experience by saving the state of selected targets and adding count of visible results when filtering columns.

• Fixed an issue where the Device user page redirected to login if an expired session token was present.

• Fixed an issue that caused a delay in availability of My device in Fleet Desktop.

• Added support for custom headers for requests made to fleet instances by the fleetctl command.

• Updated to an improved users query in every query we send to osquery.

• Fixed no such table errors for mdm and munki_info for vanilla osquery MacOS hosts.

• Fixed data inconsistencies in policy counts caused when a host was re-enrolled without a team or in a different one.

• Fixed a bug affecting fleetctl debug archive and errors commands on Windows.

• Added /api/_version_/fleet/device/{token}/policies to retrieve policies for a specific device. This endpoint can only be accessed with a premium license.

• Added POST /targets/search and POST /targets/count API endpoints.

• Updated GET /software, GET /software/{:id}, and GET /software/count endpoints to no include software that has been removed from hosts, but not cleaned up yet (orphaned).

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksums

SHA256

6e07d250d31c0614d879dd24e8649c8b7fa460a789dd10b87d09166bbdabdef5  fleetctl_v4.16.0_windows.zip
9102a84cdeaed83e36079a63639d84c72a5cde4661cc8c35baac5768448dda69  fleet_v4.16.0_linux.tar.gz
960a9eb2aa2afaebe22bc979549851720feedfa4b194bd56146beb41272b7704  fleetctl_v4.16.0_linux.tar.gz
9ad3352d16fa53ce2a1da2a41e95a231c559265bd2307b7521fe731af7dd9671  fleetctl_v4.16.0_windows.tar.gz
d82f6f404b5bb43f38fca4ff437bb50376ad1e43f375ce60726893ea09c21ad5  fleetctl_v4.16.0_linux.zip
7d8a5263a344d7e4a307503526cdd9da08e9420f4363197c069dd790574e3f4d  fleetctl_v4.16.0_macos.tar.gz
3230af343abf3c0a1627b3082a5676ba19416bf0f3df1bd8f07037174d50a788  fleetctl_v4.16.0_macos.zip

fleet-v4.15.0

Changes

• Expanded beta support for vulnerability reporting to include both Zendesk and Jira integration. This allows users to configure Fleet to
  automatically create a Zendesk ticket or Jira issue when a new vulnerability (CVE) is detected on your hosts.

• Expanded beta support for Fleet Desktop to Mac and Windows hosts. Fleet Desktop allows the device user to see
  information about their device. To add Fleet Desktop to a host, generate a Fleet-osquery installer with fleetctl package and include the --fleet-desktop flag. Then, open this installer on the device.

• Added the ability to see when software was last used on Mac hosts in the Host Details view in the Fleet UI. Allows you to know how recently an application was accessed and is especially useful when making decisions about whether to continue subscriptions for paid software and distributing licensces.

• Improved security by increasing the minimum password length requirement for Fleet users to 12 characters.

• Added Policies tab to Host Details page for Fleet Premium users.

• Added device_mapping to host information in UI and API responses.

• Deprecated "MIA" host status in UI and API responses.

• Added CVE scores to /software API endpoint responses when available.

• Added all_linux_count and builtin_labels to GET /host_summary response.

• Added "Bundle identifier" information as tooltip for macOS applications on Software page.

• Fixed an issue with detecting root directory when using orbit shell.

• Fixed an issue with duplicated hosts being sent in the vulnerability webhook payload.

• Added the ability to select columns when exporting hosts to CSV.

• Improved the output of fleetclt debug errors and added the ability to print the errors to stdout via the -stdout flag.

• Added support for Docker Compose V2 to fleetctl preview.

• Added experimental option to save responses to host_last_seen queries to the database in batches as well as the ability to configure enable_async_host_processing settings for host_last_seen, label_membership and policy_membership independently.

• Expanded wifi_networks table to include more data on macOS and fixed compatibility issues with newer MacOS releases.

• Improved precision in unseen hosts reports sent by the host status webhook.

• Increased MySQL group_concat_max_len setting from default 1024 to 4194304.

• Added validation for pack scheduled query interval.

• Fixed instructions for enrolling hosts using osqueryd.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

08153d5f3e2f5f72fec7692809f23d1d9e8c5d94073c7cb5a889ebaf703079be  fleetctl_v4.15.0_linux.tar.gz
14efca77f84c4f4a908fa95cfc08b47cb0d0c723ca102b86c2d3ad7cd0b31c11  fleetctl_v4.15.0_windows.zip
2eaf1d24793dcd2f22d5e89fb4c331d3e2737a59b9cedf67de1f2c60a70eb049  fleetctl_v4.15.0_linux.zip
557d7b9986d0b07dc4afb279fdf53cbbc69c693da478c1a949e1fcee1b644d47  fleetctl_v4.15.0_macos.zip
80c5062704e6bf5f26e2e07abf3d7577458ed3df51c64b78bd3e1ef79f0f8336  fleet_v4.15.0_linux.tar.gz
8d73afbb4e5dd68359acf6d11f8d2fc02af81111b713300b57f4228053ebb1a6  fleetctl_v4.15.0_macos.tar.gz
9975000159979de37c11176f0b4237a8d0ba0abce5b6b61ee2ce4a8b6fce9f9a  fleetctl_v4.15.0_windows.tar.gz

fleet-v4.14.0

Changes

• Add beta support for Jira integration. This allows users to configure Fleet to automatically create a Jira issue when a new vulnerability (CVE) is detected on your hosts.

• Add a "Show query" button on the live query results page. This allows users to double-check the syntax used and compare this to their results without leaving the current view.

• Add a Postman Collection for the Fleet API. This allows users to easily interact with Fleet's API routes so that they can build and test integrations.

• Add beta support for Fleet Desktop on Linux. Fleet Desktop allows the device user to see information about their device. To add Fleet Desktop to a Linux device, first add the --fleet-desktop flag to the fleectl package command to generate a Fleet-osquery installer that includes Fleet Desktop. Then, open this installer on the device.

• Add last_opened_at property, for macOS software, to the Host details API route (GET /hosts/{id}).

• Improve the Settings pages in the the Fleet UI.

• Improve error message retuned when running fleetctl query command with missing or misspelled hosts.

• Improve the empty states and forms on the Policies page, Queries page, and Host details page in the Fleet UI.

• All duration settings returned by fleetctl get config --include-server-config were changed from nanoseconds to an easy to read format.

• Fix a bug in which the "Bundle identifier" tooltips displayed on Host details > Software did not
  render correctly.

• Fix a bug in which the Fleet UI would render an empty Google Chrome profiles on the Host details page.

• Fix a bug in which the Fleet UI would error when entering the "@" characters in the Search targets field.

• Fix a bug in which a scheduled query would display the incorrect name when editing the query on
  the Schedule page.

• Fix a bug in which a deprecation warning would be displayed when generating a deb or rpm
  Fleet-osquery package when running the fleetctl package command.

• Fix a bug that caused panic errors when running the fleet serve --debug command.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

1198ff837f228d786ade25af7cc7db8478aab49f1cbff49ceba7d9c7e025111e  fleetctl_v4.14.0_windows.tar.gz
37ecb349b478340d89c20979b5ef95c4408589eaa0a388be7ffea83514145086  fleetctl_v4.14.0_linux.zip
869750e96fceb615a29186577bc81c3aedd4f36c6e6ccb41d233cb6d6fbe7fc7  fleetctl_v4.14.0_windows.zip
efd4d60d6ccb0ef41279969f8215da31dd6fb64d29225c4607065a5b1419ef3d  fleetctl_v4.14.0_macos.tar.gz
09a82fe3ebb60a63b45d317854029dc95b16984ad6878a5c3bc3ebbe9422b223  fleetctl_v4.14.0_macos.zip
cd50f058724cdde07edcc3cf89c83e9c5cd91ca41974ea470ae660cb50dd04a1  fleetctl_v4.14.0_linux.tar.gz
ec8c6282955adc49d9dde92d5adbf41465b1e2e8174fd8ca548d0132f9b0a217  fleet_v4.14.0_linux.tar.gz

fleet-v4.13.2

Changes

• Fix a bug in which the "Operating systems" table on the Home > macOS page wouldn't update. This bug only affects deployments using MySQL < 5.7.22 or equivalent AWS RDS Aurora < 2.10.1. Note that this bug affects deployments that use Fleet's Terraform (uses AWS RDS Aurora 2.10.0).

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

15409c39b5b7719064e9b30cd17682918e890dd0964be52d031f1921de96c8f9  fleetctl_v4.13.2_macos.tar.gz
1a3ea0f5774139073e4c7dcf40b9eda2b67ba985245639a71e101d0e5b9e76e7  fleetctl_v4.13.2_windows.zip
3c3fdecf86fe70ac3eb99824437f80b5dd8b3bfb67d2870ed5453322f288d3df  fleetctl_v4.13.2_linux.zip
543d2bafbba99f732b2fb0531cb2f54150853f37694b92bb6e31099af7e34557  fleetctl_v4.13.2_linux.tar.gz
867181a136208061c09cd91ec975746aaf65ec2fffab8427c02fbfb1bae92627  fleetctl_v4.13.2_macos.zip
af6549dc5c754172a00d312cfb7b3d8cd046482690668ffcbff765159487478a  fleetctl_v4.13.2_windows.tar.gz
fc6b741d668834f4574d336b5fdfb6165c65fcab14abf91cd254b5e2a1484d8f  fleet_v4.13.2_linux.tar.gz

fleet-v4.13.1

Changes

• Fixes an SSO login issue introduced in 4.13.0.

• Fixes authorization errors encountered on the frontend login and live query pages.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

1991f5bd8d7d2bad323cc00ffadb248e605437f363396c214b8ad9ed492cec20  fleetctl_v4.13.1_linux.zip
3ef961a43c0b0d7d82973139beff17136cf2d0d5a86278e46214f33e693cda29  fleetctl_v4.13.1_linux.tar.gz
ba8b49a9d9d9f169322106b53ed3dfb58a22f224b0025fbec57afac5a0fc490e  fleet_v4.13.1_linux.tar.gz
3a1890e5a1d742bedf6d090007c85365470d2885e3876c03364e1a3057a911eb  fleetctl_v4.13.1_macos.tar.gz
4c3aadb0d536075e690bf6909a02d119f5f6661470b97f4bd4218db4aed6422d  fleetctl_v4.13.1_macos.zip
d72c3c113d267bbc0de47152c38f107b4644f79e9696f8a507aad97ca72a4c7a  fleetctl_v4.13.1_windows.tar.gz
eac49845d9c9e694adfdb278447f6bf378ed92b5d86a5a9fe3fd7fc5f28bc1e5  fleetctl_v4.13.1_windows.zip

fleet-v4.13.0

Changes

Known issues

This release contains an issue with path validation in SSO, resulting in SSO users not able to login following an upgrade from a previous version of Fleet. If you use SSO we recommend installing 4.13.1.

This is a security release.

• Security: Fix several post-authentication authorization issues. Only Fleet Premium users that
  have team users are affected. Fleet Free users do not have access to the teams feature and are
  unaffected. See the following security advisory for details: GHSA-pr2g-j78h-84cr

• Improve performance of software inventory on Windows hosts.

• Add basic​_auth.username and basic_auth.password Prometheus configuration options. The GET /metrics API route is now disabled if these configuration options are left unspecified.

• Fleet Premium: Add ability to specify a team specific "Destination URL" for policy automations.
  This allows the user to configure Fleet to send a webhook request to a unique location for
  policies that belong to a specific team. Documentation on what data is included the webhook
  request and when the webhook request is sent can be found here on fleedm.com/docs

• Add ability to see the total number of hosts with a specific macOS version (ex. 12.3.1) on the
  Home > macOS page. This information is also available via the GET /os_versions API route.

• Add ability to sort live query results in the Fleet UI.

• Add a "Vulnerabilities" column to Host details > Software page. This allows the user see and search for specific vulnerabilities (CVEs) detected on a specific host.

• Update vulnerability automations to fire anytime a vulnerability (CVE), that is detected on a
  host, was published to the
  National Vulnerability Database (NVD) in the last 30 days, is detected on a host. In previous
  versions of Fleet, vulnerability automations would fire anytime a CVE was published to NVD in the
  last 2 days.

• Update the Policies page to ask the user to wait to see accurate passing and failing counts for new and recently edited policies.

• Improve API-only (integration) users by removing the requirement to reset these users' passwords
  before use. Documentation on how to use API-only users can be found here on fleetdm.com/docs.

• Improve the responsiveness of the Fleet UI by adding tablet screen width support for the Software,
  Queries, Schedule, Policies, Host details, Settings > Teams, and Settings > Users pages.

• Add Beta support for integrating with Jira to automatically create a Jira issue when a
  new vulnerability (CVE) is detected on a host in Fleet.

• Add Beta support for Fleet Desktop on Windows. Fleet Desktop allows the device user to see
  information about their device. To add Fleet Desktop to a Windows device, first add the
  --fleet-desktop flag to the fleectl package command to generate a Fleet-osquery installer that
  includes Fleet Desktop. Then, open this installer on the device.

• Fix a bug in which downloading Fleet's vulnerability database failed if the destination directory specified
  was not in the tmp/ directory.

• Fix a bug in which the "Updated at" time was not being updated for the "Mobile device management
  (MDM) enrollment" and "Munki versions" information on the Home > macOS page.

• Fix a bug in which Fleet would consider Docker network interfaces to be a host's primary IP address.

• Fix a bug in which tables in the Fleet UI would present misaligned buttons.

• Fix a bug in which Fleet failed to connect to Redis in standalone mode.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

07a377b78a973192d8eb5380d3effb6323f08700a44a6bf9da0f7906bd71eb7c  fleetctl_v4.13.0_windows.tar.gz
36c59106d083476396983a44c53f06d91107cafb1ec08943a30a2385ec4b55b1  fleetctl_v4.13.0_linux.tar.gz
41580e1696c25e12ab882d5d40cd28b3947f131870da9c897ddf93304eb10015  fleetctl_v4.13.0_windows.zip
7a861552e6687364def9c55478d626e3da9a56ecf37ec978a17f9f8d77471522  fleet_v4.13.0_linux.tar.gz
3b97db442762a8c7acbdc8949b42637cb3f1c830b623e0d368b54fadd150b68b  fleetctl_v4.13.0_macos.tar.gz
0da2cfd4936c5e359c3e4347ef7214cbf5543f3c0e1e621a59bf146531f0cf06  fleetctl_v4.13.0_macos.zip
daaddb3837c3bbfd68881756c56725fddd3320469efb69e9fcc41cd6c17cd568  fleetctl_v4.13.0_linux.zip

fleet-v4.12.1

Changes

• Fix login error for non-SSO users when Fleet is deployed with a MySQL read replica.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

05103f811a9fbbe0224c6fa34170bea4f856aaee2536c3fb9f531214d2e3cc2e  fleetctl_v4.12.1_windows.zip
1198363148c73aae8d52cae2980807011b607861525016221520ebefa76772b8  fleet_v4.12.1_linux.tar.gz
4ab2110fcd0ca3b910144884df77998d0c6ae30c0d3d2c6f7ddd48375d0a6c8f  fleetctl_v4.12.1_windows.tar.gz
795079e35b78f5f4e7b90dbf55cba457a09130739ce8ab1d9e7281c1f420fc0c  fleetctl_v4.12.1_linux.zip
9b4f1d7e09fb9a5222e7d733766d35d9305643ae5c544cf39cb724bca3f4b321  fleetctl_v4.12.1_linux.tar.gz
590bfee426f7c2a122f06bc2502d4b47a23d25f613c3e7f2dfcd18324e9aa60f  fleetctl_v4.12.1_macos.tar.gz
f360795aac7a27f73faf5a9476c72b62712f6c9f8113ab540550c2fe62cb2dca  fleetctl_v4.12.1_macos.zip

fleet-v4.12.0

Changes

• Add ability to update which platform (macOS, Windows, Linux) a policy is checked on.

• Add ability to detect compatibility for custom policies.

• Increase the default session duration to 5 days. Session duration can be updated using the
  session_duration configuration option.

• Add ability to see the percentage of hosts that responded to a live query.

• Add ability for users with admin permissions to update any user's password.

• Add content_type_value Kafka REST Proxy configuration option to allow the use of different versions of the Kafka REST Proxy.

• Add database_path GeoIP configuration option to specify a GeoIP database. When configured, geolocation information is presented on the Host details page and in the GET /hosts/{id} API route.

• Add ability to retrieve a host's public IP address. This information is available on the Host details page and GET /hosts/{id} API route.

• Add instructions and materials needed to add hosts to Fleet using plain osquery. These instructions can be found in Hosts > Add hosts > Advanced in the Fleet UI.

• Add Beta support for Fleet Desktop on macOS. Fleet Desktop allows the device user to see information about their device. To add Fleet Desktop to a macOS device, first add the --fleet-desktop flag to the fleectl package command to generate a Fleet-osquery installer that includes Fleet Desktop. Then, open this installer on the device.

• Reduce the noise of osquery status logs by only running a host vital query, which populate the Host details page, when the query includes tables that are compatible with a specific host.

• Fix a bug on the Edit pack page in which the "Select targets" element would display the hover effect for the wrong target.

• Fix a bug on the Software page in which software items from deleted hosts were not removed.

• Fix a bug in which the platform for Amazon Linux 2 hosts would be displayed incorrectly.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

0dd3189eea3d53960ef31f35437fc39df595473aaf176cb140f825453ae194a8  fleetctl_v4.12.0_linux.zip
0f21dd9e06553497bcd3a0b0419c644f5336bf261d6143ac6ce1bc55ca9f31bc  fleetctl_v4.12.0_linux.tar.gz
1eccbf3a9f06f0eb8dae8107a8fc820ede3d0aeb8428bc0f840187115ba57bdf  fleetctl_v4.12.0_windows.tar.gz
48456eef4f5226fb021563577a4bf546f8150a6d98404bb35a1acc0004f36c93  fleetctl_v4.12.0_windows.zip
ba8a497f10169e7e30ece33b9c7603bfd19f121d9f351f82e83ed2e3fd9dd906  fleet_v4.12.0_linux.tar.gz
79f3554f6969f256ae24575bf7b2f4f64e40f1dab527e737f8f16bff666d3852  fleetctl_v4.12.0_macos.tar.gz
3bfff767be17e08ad03dbe13a641a24530ec40d7794982a780fd5e963976ebcc  fleetctl_v4.12.0_macos.zip

orbit-v0.0.7

Changes

• Improve reliability of osquery extension connection at startup.

• Fix orbit not detecting updates at startup when they are published while orbit was not running.

• Set log path when launching osquery.