Releases: fleetdm/fleet
fleet-v4.11.0
Changes
-
Improve vulnerability processing to reduce the number of false positives for RPM packages on Linux hosts.
-
Fleet Premium: Add a
teams
key to thepacks
yaml document to allow adding teams as targets when using CI/CD to manage query packs. -
Fleet premium: Add the ability to retrieve configuration for a specific team with the
fleetctl get team --name <team-name-here>
command. -
Remove the expiration for API tokens for API-only users. API-only users can be created using the
fleetctl user create --api-only
command. -
Improve performance of the osquery query used to collect software inventory for Linux hosts.
-
Update the activity feed on the Home page to include add, edit, and delete policy activities.
Activity information is also available in theGET /activities
API route. -
Update Kinesis logging plugin to append newline character to raw message bytes to properly format NDJSON for downstream consumers.
-
Clarify why the "Performance impact" for some queries is displayed as "Undetermined" in the Fleet
UI. -
Add instructions for using plain osquery to add hosts to Fleet in the Fleet View these instructions by heading to Hosts > Add hosts > Advanced.
-
Fix a bug in which uninstalling Munki from one or more hosts would result in inaccurate Munki
versions displayed on the Home > macOS page. -
Fix a bug in which a user, with access limited to one or more teams, was able to run a live query
against hosts in any team. This bug is not exposed in the Fleet UI and is limited to users of the
POST run
API route. -
Fix a bug in the Fleet UI in which the "Select targets" search bar would not return the expected hosts.
-
Fix a bug in which global agent options were not updated correctly when editing these options in
the Fleet UI. -
Fix a bug in which the Fleet UI would incorrectly tag some URLs as invalid.
-
Fix a bug in which the Fleet UI would attempt to connect to an SMTP server when SMTP was disabled.
-
Fix a bug on the Software page in which the "Hosts" column was not filtered by team.
-
Fix a bug in which global maintainers were unable to add and edit policies that belonged to a
specific team. -
Fix a bug in which the operating system version for some Linux distributions would not be
displayed properly. -
Fix a bug in which configuring an identity provider name to a value shorter than 4 characters was
not allowed. -
Fix a bug in which the avatar would not appear in the top navigation.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
07a3828310dc08a73c932941072fd8aef215dd88eb062f11e92dba32f1f635a4 fleet_v4.11.0_linux.tar.gz
1048814ec8546a39e8afc184da42a084497fc0f0f3bb744dc6bdd974c76bca71 fleetctl_v4.11.0_windows.zip
38e9b9ef81087b4d6c48c1595bd3dac320cea804fc75befaeff598608f23ada5 fleetctl_v4.11.0_linux.tar.gz
7c011f53b6c242dec24efdfdeee9d54d7c7880c78601299075a05934d2136b46 fleetctl_v4.11.0_macos.tar.gz
b43dd53e8e655c666772af641a1d6bead5378ea56da2b404a7d76ec98b591104 fleetctl_v4.11.0_macos.zip
dfffd4384c105a6b7b000f32e23998832871ae9b52a0b69a504aa02f60e52311 fleetctl_v4.11.0_windows.tar.gz
e5e742d65bcb8da77e1b6d190b2acbf88a4ff210c73c4c39faa5af00a6b2e07a fleetctl_v4.11.0_linux.zip
fleet-v4.10.0
Changes
-
Upgrade Go to 1.17.7 with security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772), and cmd/go (CVE-2022-23773). These are not likely to be high impact in Fleet deployments, but we are upgrading in an abundance of caution.
-
Add aggregate software and vulnerability information on the new Software page.
-
Add ability to see how many hosts have a specific vulnerable software installed on the Software page. This information is also available in the
GET /api/v1/fleet/software
API route. -
Add ability to send a webhook request if a new vulnerability (CVE) is found on at least one host. Documentation on what data is included the webhook request and when the webhook request is sent can be found here on fleedm.com/docs.
-
Add aggregate Mobile Device Management and Munki data on the Home page.
-
Add email and URL validation across the entire Fleet UI.
-
Add ability to filter software by "Vulnerable" on the Host details page.
-
Update standard policy templates to use new naming convention. For example, "Is FileVault enabled on macOS devices?" is now "Full disk encryption enabled (macOS)."
-
Add db-innodb-status and db-process-list to
fleetctl debug
command. -
Fleet Premium: Add the ability to generate a Fleet installer and manage enroll secrets on the Team details page.
-
A ability for users with the observer role to view which platforms (macOS, Windows, Linux) a query is compatible with.
-
Improve the experience for editing queries and policies in the Fleet UI.
-
Improve vulnerability processing for NPM packages.
-
Support triggering a webhook for newly detected vulnerabilities with a list of affected hosts.
-
Add filter software by CVE.
-
Add the ability to disable scheduled query performance statistics.
-
Add ability to filter the host summary information by platform (macOS, Windows, Linux) on the Home page.
-
Fix a bug in Fleet installers for Linux in which a computer restart would stop the host from reporting to Fleet.
-
Make sure ApplyTeamSpec only works with premium deployments.
-
Disable MDM, Munki, and Chrome profile queries on unsupported platforms to reduce log noise.
-
Properly handle paths in CVE URL prefix.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
4271c4443c98a5a8d991e177733b9f23415ff18bb1a3e8af0db54743795ee9ec fleetctl_v4.10.0_windows.zip
6c04039feab80d5dc1a449e23167d182236889d9712cae04370e7e2e99dfa179 fleetctl_v4.10.0_linux.tar.gz
74df98b823a9096db1c3b9b748a24ce2bbed7413a5d89a5c1751aba6d29e12eb fleetctl_v4.10.0_windows.tar.gz
2d2ae88e855a127b2d9e97582a37930657c09604717fc98d239a56f43df02b36 fleetctl_v4.10.0_macos.tar.gz
f39d88bf24ca2d04c1c130a44a43a618f195fe4803a66d7686c7572cf519097e fleetctl_v4.10.0_macos.zip
9fc801df0171d6170158303d225e2d76c99449102f0134f7b7c6365330fc345e fleet_v4.10.0_linux.tar.gz
ca265f141cea5fe91410c9a5efd38cf12e6d68d8cc986aec2dd981e6b5afedc3 fleetctl_v4.10.0_linux.zip
fleet-v4.9.1
Changes
This is a security release.
-
Security: Fix a vulnerability in Fleet's SSO implementation that could allow a malicious or compromised SAML Service Provider (SP) to log into Fleet as an existing Fleet user. See GHSA-ch68-7cf4-35vr for details.
-
Allow MSI packages generated by
fleetctl package
to reinstall on Windows without uninstall. -
Fix a bug in which a team's scheduled queries didn't render correctly on the Schedule page.
-
Fix a bug in which a new policy would always get added to "All teams" rather than the selected team.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available on fleetdm.com/docs.
Binary Checksum
SHA256
9f2ca99d482d249d0fc7d17f71a11592155c7f0cb43fff019da30ed1b875bf42 fleetctl_v4.9.1_macos.tar.gz
2f7e1b857eaee1c66bc1ccf2bfc3a0195c44a5c2f3831ad4fc938c5312d541e5 fleetctl_v4.9.1_macos.zip
3f22f610d7e46c66b9eeb4ff4b6eb87ce5452b3ec1473f6ecabb0086a07db415 fleet_v4.9.1_linux.tar.gz
9153bbd792ebb1fc154cd742c19cd2248137bab49968bcaf5c0ac6ee577718fb fleetctl_v4.9.1_windows.zip
a255c0ab198ceaf4344b80e7d7fc2fd307b98d223fc1ffcadf2df9d0729e981b fleetctl_v4.9.1_linux.zip
bf29eb09d0583bb629893bb7a6177cbef4fbc967996c7db77471a4585085c2a3 fleetctl_v4.9.1_windows.tar.gz
c930085bae6d8ad852924d4ec5d2b0dec33abd7c621452a0c365a61f75088fb9 fleetctl_v4.9.1_linux.tar.gz
fleet-v4.9.0
Changes
-
Add ability to apply a
policy
yaml document so that GitOps workflows can be used to create and
modify policies. -
Add ability to run a live query that returns 1,000+ results in the Fleet UI by adding
client-side pagination to the results table. -
Improve the accuracy of query platform compatibility detection by adding recognition for queries
with theWITH
expression. -
Add ability to open a page in the Fleet UI in a new tab by "right-clicking" an item in the navigation.
-
Improve the live query API route (
GET /api/v1/queries/run
) so that it successfully return results for Fleet
instances using a load balancer by reducing the wait period to 25 seconds. -
Improve performance of the Fleet UI by updating loading states and reducing the number of requests
made to the Fleet API. -
Improve performance of the MySQL database by updating the queries used to populate host vitals and
caching the results. -
Add
read_timeout
Redis configuration
option to customize the
maximum amount of time Fleet should wait to receive a response from a Redis server. -
Add
write_timeout
Redis configuration
option to customize the
maximum amount of time Fleet should wait to send a command to a Redis server. -
Fix a bug in which browser extensions (Google Chrome, Firefox, and Safari) were not included in
software inventory. -
Improve the security of the Organization settings page by preventing the browser from requesting
to save SMTP credentials. -
Fix a bug in which an existing pack's targets were not cleaned up after deleting hosts, labels, and teams.
-
Fix a bug in which non-existent queries and policies would not return a 404 not found response.
Performance
- Our testing demonstrated an increase in max devices served in our load test infrastructure to 70,000 from 60,000 in v4.8.0.
Load Test Infrastructure
-
Fleet server
- AWS Fargate
- 2 tasks with 1024 CPU units and 2048 MiB of RAM.
-
MySQL
- Amazon RDS
- db.r5.2xlarge
-
Redis
- Amazon ElastiCache
- cache.m5.large with 2 replicas (no cluster mode)
What was changed to accomplish these improvements?
-
Optimized the updating and fetching of host data to only send and receive the bare minimum data
needed. -
Reduced the number of times host information is updated by caching more data.
-
Updated cleanup jobs and deletion logic.
Future improvements
- At maximum DB utilization, we found that some hosts fail to respond to live queries. Future releases of Fleet will improve upon this.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet can be found at https://fleetdm.com/docs.
Binary Checksum
SHA256
3b6ab86cbe11c42a474c08c62b1a6ea7131f37a654e6f74da63cef824f1c7381 fleetctl_v4.9.0_linux.zip
5b020272939906e342146097c33c9378d2af4ffe95ddde03ee59e9ae602f3eec fleetctl_v4.9.0_windows.tar.gz
7f9281f6035715f88e881d6c73ed66615fc692581e7f528bcf930c7480668d7e fleetctl_v4.9.0_macos.tar.gz
a851495359ce42edab4ebce90bb64d2462749e0448cd49a217772145a3c8f893 fleetctl_v4.9.0_macos.zip
74e3d67f84edc29bbee3934aeedaf8f46707f6bd7eebe2c8791e8461b07eaf4c fleet_v4.9.0_linux.tar.gz
b385fa63f4a49fb269710b43f2cb5bf2004a746d11b727a70ef8e78bf49c754e fleetctl_v4.9.0_linux.tar.gz
ea7cd9fe4155ed5e75a03e488c5ce74d939b5cdd6531fc24b60445f04d90d268 fleetctl_v4.9.0_windows.zip
orbit-v0.0.6
Changes
-
Add logging when running as a Windows Service (because Windows discards stdout/stderr).
-
Improve flaky startups by adding wait for osquery extension socket.
fleet-v4.8.0
Changes
-
Add ability to configure Fleet to send a webhook request with all hosts that failed a policy. Documentation on what data is included the webhook request and when the webhook request is sent can be found here on fleedm.com/docs.
-
Add ability to find a user's device in Fleet by filtering hosts by email associated with a Google Chrome profile. Requires the macadmins osquery extension which comes bundled in Fleet's osquery installers.
-
Add ability to see a host's Google Chrome profile information using the
GET api/v1/fleet/hosts/{id}/device_mapping
API route. -
Add ability to see a host's mobile device management (MDM) enrollment status, MDM server URL, and Munki version on a host's Host details page. Requires the macadmins osquery extension which comes bundled in Fleet's osquery installers.
-
Add ability to see a host's MDM and Munki information with the
GET api/v1/fleet/hosts/{id}/macadmins
API route. -
Improve the handling of certificates in the
fleetctl package
command by adding a check for a valid PEM file. -
Update Prometheus Go client library which results in the following breaking changes to the
GET /metrics
API route:http_request_duration_microseconds
is nowhttp_request_duration_seconds_bucket
,http_request_duration_microseconds_sum
is nowhttp_request_duration_seconds_sum
,http_request_duration_microseconds_count
is nowhttp_request_duration_seconds_count
,http_request_size_bytes
is nowhttp_request_size_bytes_bucket
, andhttp_response_size_bytes
is nowhttp_response_size_bytes_bucket
. -
Improve performance when searching and sorting hosts in the Fleet UI.
-
Improve performance when running a live query feature by reducing the load on Redis.
-
Improve performance when viewing software installed across all hosts in the Fleet UI.
-
Fix a bug in which the Fleet UI presented the option to download an undefined certificate in the "Generate installer" instructions.
-
Fix a bug in which database migrations failed when using MariaDB due to a migration introduced in Fleet 4.7.0.
-
Fix a bug that prevented hosts from checking in to Fleet when Redis was down.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
a14f9ced0f606f6760e8c5297a62fccf0b1ffa7bed4c8ababc8e04a264531019 fleetctl_v4.8.0_macos.tar.gz
b4416c5c0f302ec46493ea4328b2413fca89366a24017984a567f9b5ed107ead fleetctl_v4.8.0_macos.zip
35d7586bf8bdc14419ddf2a0fb6367ed068dca487e61586a877095056dc54223 fleetctl_v4.8.0_linux.zip
4ae66acf77299a6c20c3305657c26e7ce385f3617ea5820cac32c3918d2651e7 fleet_v4.8.0_linux.tar.gz
4f4944676f0addfdfd95d500585f39ebbd99570d432932a6a50488f2d048570d fleetctl_v4.8.0_linux.tar.gz
7cf2cd759713b56b2c3d05e26e0f7d05e48aa9dc1a1be985810679e87b9770d8 fleetctl_v4.8.0_windows.tar.gz
d5dd7e0feff3d62e991c0eef0b3675d04b53acd0583dbb178b7aefe53d0b2a10 fleetctl_v4.8.0_windows.zip
orbit-v0.0.5
Changes
- Fix handling of enroll secrets to address 0.0.4 enrollment issue.
orbit-v0.0.4
Changes
-
Use
certs.pem
if available in root directory to improve TLS compatibility. -
Use UUID as the default host identifier for osquery.
-
Add github.com/macadmins/osquery-extension tables.
-
Add support for osquery flagfile (loaded automatically if it exists in the Orbit root).
-
Fix permissions for building MSI when packaging as root user. Fixes #1424.
fleet-v4.7.0
Changes
-
Add ability to create, modify, or delete policies in Fleet without modifying saved queries. Fleet
4.7.0 introduces breaking changes to the/policies
API routes to separate policies from saved
queries in Fleet. These changes will not affect any policies previously created or modified in the
Fleet UI. -
Turn on vulnerability processing for all Fleet instances with software inventory enabled. Vulnerability processing in Fleet
provides the ability to see all hosts with specific vulnerable software installed. -
Improve the performance of the "Software" table on the Home page.
-
Improve performance of the MySQL database by changing the way a host's users information is saved.
-
Add ability to select from a library of standard policy templates on the Policies page. These
pre-made policies ask specific "yes" or "no" questions about your hosts. For example, one of
these policy templates asks "Is Gatekeeper enabled on macOS devices?" -
Add ability to ask whether or not your hosts have a specific operating system installed by
selecting an operating system policy on the Host details page. For example, a host that is
running macOS 12.0.1 will present a policy that asks "Is macOS 12.0.1 installed on macOS devices?" -
Add ability to specify which platform(s) (macOS, Windows, and/or Linux) a policy is checked on.
-
Add ability to generate a report that includes which hosts are answering "Yes" or "No" to a
specific policy by running a policy's query as a live query. -
Add ability to see the total number of installed software software items across all your hosts.
-
Add ability to see an example scheduled query result that is sent to your configured log
destination. Select "Schedule a query" > "Preview data" on the Schedule page to see the
example scheduled query result. -
Improve the host's users information by removing users without login shells and adding users
that are not associated with a system group. -
Add ability to see a Fleet instance's missing migrations with the
fleetctl debug migrations
command. Thefleet serve
andfleet prepare db
commands will now fail if any unknown migrations
are detected. -
Add ability to see syntax errors as your write a query in the Fleet UI.
-
Add ability to record a policy's resolution steps that can be referenced when a host answers "No"
to this policy. -
Add server request errors to the Fleet server logs to allow for troubleshooting issues with the
Fleet server in non-debug mode. -
Increase default login session length to 24 hours.
-
Fix a bug in which software inventory and disk space information was not retrieved for Debian hosts.
-
Fix a bug in which searching for targets on the Edit pack page negatively impacted performance of
the MySQL database. -
Fix a bug in which some Fleet migrations were incompatible with MySQL 8.
-
Fix a bug that prevented the creation of osquery installers for Windows (.msi) when a non-default
update channel is specified. -
Fix a bug in which the "Software" table on the home page did not correctly filtering when a
specific team was selected on the Home page. -
Fix a bug in which users with "No access" in Fleet were presented with a perpetual
loading state in the Fleet UI.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
4cd15a76ac934a429d714c881c9f86824b800dc12f216bcfebfc81e02f3ecfb7 fleet_v4.7.0_linux.tar.gz
655704454143e0d151922763f45d7408b5185a46c04597833ad3be500f8b4007 fleetctl_v4.7.0_windows.tar.gz
33030fda6bb7b078fa54d628e379fc4bc71dd2373d743d89d5365fb40536d087 fleetctl_v4.7.0_macos.tar.gz
6a1a8a47965fe10b719f0aa1ef55f7eb7b22b0107c268b6adc0189cf16105730 fleetctl_v4.7.0_macos.zip
e30efe82132739d50c6bff3f2aff8b1a5db4f69c76f7495429be2b5bab48e76c fleetctl_v4.7.0_windows.zip
ecc31978f64d9945739f45a48aed7dd1e4cd642046405f6d04ff851c7905e9e7 fleetctl_v4.7.0_linux.zip
ef17e435d8d435e1c259a6d8e570b5ee4b2e773a1ea3c2a114ed194b5444c1ca fleetctl_v4.7.0_linux.tar.gz
Docker images
docker pull fleetdm/fleetctl:v4.7.0
docker pull fleetdm/fleetctl:v4.7.0
docker pull fleetdm/fleetctl:v4
docker pull fleetdm/fleet:v4.7.0
docker pull fleetdm/fleet:v4.7.0
docker pull fleetdm/fleet:v4
fleet-v4.6.2
Changes
-
Improve performance of the Home page by removing total hosts count from the "Software" table.
-
Improve performance of the Queries page by adding pagination to the list of queries.
-
Fix a bug in which the "Shell" column of the "Users" table on the Host details page would sometimes fail to update.
-
Fix a bug in which a host's status could quickly alternate between "Online" and "Offline" by increasing the grace period for host status.
-
Fix a bug in which some hosts would have a missing
host_seen_times
entry. -
Add an
after
parameter to theGET /hosts
API route to allow for cursor pagination. -
Add a
disable_failing_policies
parameter to theGET /hosts
API route to allow the API request to respond faster if failing policies count information is not needed.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/fleet-v4.6.2/docs/README.md
Binary Checksum
SHA256
3e3f0b02c737227adcacf467e7e587816b51cb4c0025cde1a0e55537972fc22d fleetctl_v4.6.2_windows.tar.gz
9f9c0b30ebc64c51d66578951526d394c29fa5838362242f75afa1e08a2e524e fleetctl_v4.6.2_windows.zip
ade1c6de0414ceced04c73416eca296dd33576026a4950fe2a7dfe49874aa06c fleet_v4.6.2_linux.tar.gz
b37d90e14917552e066a0349ad722533a859b68d65699886b0061d7500f260d4 fleetctl_v4.6.2_linux.zip
b53f7e1389fcf60b925b51a82c56333926580a8a78a1fee521d12790e8ffad93 fleetctl_v4.6.2_linux.tar.gz
10b7cb096d08d947ad133b68b4f4fa11df9ad35c5c49229ae36822e94d29e523 fleetctl_v4.6.2_macos.zip
430b0e6978f0ffa1fdae6967d6db6bb2a134e56d5b5922ceafcd3319a777b3ff fleetctl_v4.6.2_macos.tar.gz
Docker images
docker pull fleetdm/fleetctl:v4.6.2
docker pull fleetdm/fleetctl:v4.6.2
docker pull fleetdm/fleetctl:v4
docker pull fleetdm/fleet:v4.6.2
docker pull fleetdm/fleet:v4.6.2
docker pull fleetdm/fleet:v4