Releases: fleetdm/fleet
fleet-v4.56.0
Fleet 4.56.0 (Sep 7, 2024)
Endpoint operations
- Added index to
query_results
DB table to speed up finding last query timestamp for a given query and host. - Added a link in the UI to the error message when a CSR can't be downloaded due to missing private key.
- Added a disabled overlay to the Other Workflows modal on the policy page.
- Improved performance of live queries to accommodate for higher volumes when utilizing zero-trust workflows.
- Improved
fleetctl
gitops error message when trying to change team name to a team that already exists.
Device management
- Added server support for multiple VPP tokens.
- Added new endpoints and updated existing endpoints for managing multiple Apple Business Manager tokens.
- Added support for S3 to store MDM bootstrap packages (uses the same bucket configuration as for software installers).
- Added support to UI for self service VPP software.
- Added backend and gitops support for self service VPP.
- Added ability for MDM migrations if the host is manually enrolled to a 3rd party MDM.
- Added an offline screen to the macOS MDM migration flow.
- Added new ABM page to Fleet UI.
- Added new VPP page to the fleet UI
- Added support to track the Apple Business Manager "terms expired" API error per token, as well as a global flag that gets set as soon as one token has its terms expired.
- Updated the instructions on "My device" for MDM migrations on pre-Sonoma macOS hosts.
- Updated to allow multiple teams to be assigned to the same VPP Token.
- Updated process so that deleting installed software or VPP app now makes it available for re-installation.
- Updated to enforce minimum OS version settings during Apple Automated Device Enrollment (ADE).
- Updated ABM ingestion so that deleted iOS/iPadOS host will continue to report to Fleet as long as host is in Apple Business Manager (ABM).
- Updated so that refetching an offline iOS/iPadOS host will not add new MDM commands to the queue if previous refetch has not completed yet.
- Updated UI so that downloading a software installer package now shows the browser's built-in progress bar.
- Updated relevant documentation to include references to multiple ABM and VPP tokens.
- Consolidated Automatic Enrollment and VPP settings under the MDM settings integration page.
- Cleared apps associated with a VPP token if it's moved off of a team.
Vulnerability management
- Added ALAS bulletins as vulnerability source for Amazon Linux (instead of OVAL for Amazon Linux 2, and adds support for Amazon Linux 1, 2022, and 2023).
- Added matching rules for July and August Microsoft 365 security updates (https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates).
- Added the following filters to
/software/titles
and/software/versions
API endpoints:exploit: bool
,min_cvss_score: float
,max_cvss_score: float
. - Updated software titles/versions tables to allow for filtering by vulnerabilities including severity and known exploit.
- Updated to use empty CVE description when the NVD CVE feed doesn't include description entries (instead of panicking).
- Updated matching software that is not installed by Fleet so that it shows up as 'Available for install' on host details page.
- Updated base images of
fleetdm/fleetctl
,fleetdm/bomutils
andfleetdm/wix
to fix critical vulnerabilities found by Trivy. - Updated vulnerability scanning to use
macos
SW target for CPEs of homebrew packages. - Updated vulnerability scanning to not ignore software with non-ASCII en dash and em dash characters.
- Updated
GET /api/v1/fleet/vulnerabilities/{cve}
endpoint to add validation of CVE format, and a 204 response. The 204 response indicates that the vulnerability is known to Fleet but not present on any hosts. - Updated the UI to add new empty states for searching vulnerabilities: invalid CVE format searched, a known CVE serached but not present on hosts, not a known CVE searched, exploited vulnerability empty state, operating systems empty state, new icons.
Bug fixes and improvements
- Added support for MySQL 8.4.2 LTS.
- Updated Go to go1.22.6.
- Updated Fleet server to now accept arguments via stdin. This is useful for passing secrets that you don't want to expose as env vars, in the command line, or in the config file.
- Updated text for "Turn on MDM" banners in UI.
- Updated ABM host tooltip copy on the manage host page to clarify when host vitals will be available to view.
- Updated copy on auotmatic enrollment modal on my device page.
- Updated host details activities tooltip and empty state copy to reflect recently added capabilities.
- Updated Fleet Free so users see a Premium feature message when clicking to add software.
- Updated usage reporting to report statistics on new AI features, maintenance window, and
fleetd
. - Fixed bug where configuration profile was still showing the old label name after the name was updated.
- Fixed a bug when a cached prepared statement gets deleted in the MySQL server itself without Fleet knowing.
- Fixed a bug where the wrong API path was used to download a software installer.
- Fixed the failing_host_count so it is never 0. This count is normally updated once an hour during cleanups_then_aggregation cron job.
- Fixed CVE-2024-4030 in Vulncheck feed incorrectly targeting non-Windows hosts.
- Fixed a bug where the "Self-service" filter for the list of software and the list of host's software did not take App Store apps into account.
- Fixed a bug where the "My device" page in Fleet Desktop did not show the self-service software tab when App Store apps were available as self-install.
- Fixed a bug where a software installer (a package or a VPP app) that has been installed on a host still shows up as "Available for install" and can still be requested to be installed after the host is transferred to a different team without that installer (or after the installer is deleted).
- Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.
- Fixed UI popup messages bleeding off viewport in some cases.
- Fixed an issue with the scheduling of cron jobs at startup if the job has never run, which caused it to be delayed.
- Fixed UI to display the label names in case-insensitive alphabetical order.
Fleet's agent
The following version of Fleet's agent (fleetd
) support the latest changes to Fleet:
- orbit-v1.32.0
fleet-desktop-v1.32.0
(included with Orbit)- fleetd-chrome-v1.3.1
While newer versions of
fleetd
still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
71643aa0cf144ed97cec20b85fe34b221659ec84200c126dacb5f0e60d8f8966 fleet_v4.56.0_linux.tar.gz
25bbbc05dc731d9aa2a3644f288dfa92286e66ebb611569f7a8c6b36dc7831e1 fleetctl_v4.56.0_linux.tar.gz
00cca9c8f05278aa6d8bdcec68fddebeefbd7a4f3555d77abef93e194f9fef9c fleetctl_v4.56.0_linux.zip
c22e235acf96354bce2b164c468c7648755803a6df30e180be957a0bc133d26b fleetctl_v4.56.0_macos.tar.gz
a106ba43047ff3b31f4dc1db54a9695430f3932b00668d4f5439eac66daf0ec2 fleetctl_v4.56.0_macos.zip
bc350b275520f5b09e6b80fc523846316e3c2d5f88fe0f603076799050651631 fleetctl_v4.56.0_windows.tar.gz
de776ea3c0a896c85d229e39fca13ce51c48b8c5ba10eb46eaed055afbf61a0a fleetctl_v4.56.0_windows.zip
fleet-v4.55.2
Bug fixes
- Removed validation of APNS certificate from server startup. This was no longer necessary because we now allow for APNS certificates to be renewed in the UI.
- Fixed logic to properly catch and log APNs errors.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
9e1dc63d1a5d106852205a7a4df992d219e56416bc7aa91866e3c5e7ac08a3bd fleet_v4.55.2_linux.tar.gz
4f0c77ad9633856b2655aa8597f9d584180699b4cd01bca1a237504cc1707787 fleetctl_v4.55.2_linux.tar.gz
78416839860ee2a8177c5e0177428ba5e99d59b09ca4629740959dffbf0ad410 fleetctl_v4.55.2_linux.zip
8a1a954e94082da50ebc7f123499da5998064562b3203a80aeb20fdeb47d2b41 fleetctl_v4.55.2_macos.tar.gz
a4c9d1aa097c6fee9a6d84511e56ee1bb36421e67f8757b8bf275626b1b7d3ba fleetctl_v4.55.2_macos.zip
930ee32691c3e5f433b58b6468102f185a04af6b9af191e15cc53473b69b7a6c fleetctl_v4.55.2_windows.tar.gz
7a2154e82a287f32e103f323ecca73ffbcae3c7ec640c29f09607f86ababfeb4 fleetctl_v4.55.2_windows.zip
fleet-v4.54.2
Bug fixes
- Removed validation of APNS certificate from server startup. This was no longer necessary because we now allow for APNS certificates to be renewed in the UI.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
963a503afebd2daf0352fd8c3d89718db0e093635602e7251ad644e69f0e7239 fleet_v4.54.2_linux.tar.gz
5c32e47c6be27df4a657a76ae7ee24412855d0b847c73516746ea37e02e7e45a fleetctl_v4.54.2_linux.tar.gz
1e7faae0e28dce21528325c1fccb8370f507b5d196672cbbf97b83dabb33ad17 fleetctl_v4.54.2_linux.zip
492c6ee000ec272c4715c645e0f71c48440497e111d043f162142efcfe2c6891 fleetctl_v4.54.2_macos.tar.gz
3548f2763d54e11078c352ff0412f3a3413f306d7d744dd0e11c3eaf56b72401 fleetctl_v4.54.2_macos.zip
24f69cc9cbe9e124e5c51c8dec6305651f09a66bbd64d5005fc001b90ce299bf fleetctl_v4.54.2_windows.tar.gz
a5163e187083ac9a29ab5b49f5d22b11e0a2e2b2c8baee940834ed5bbff517b7 fleetctl_v4.54.2_windows.zip
fleet-v4.55.1
Bug fixes
- Added a disabled overlay to the Other Workflows modal on the policy page.
- Updated text for "Turn on MDM" banners in UI.
- Fixed a bug when a cached prepared statement got deleted in the MySQL server itself without Fleet knowing.
- Continued with an empty CVE description when the NVD CVE feed didn't include description entries (instead of panicking).
- Scheduled maintenance events are now scheduled over calendar events marked "Free" (not busy) in Google Calendar.
- Fixed a bug where the wrong API path was used to download a software installer.
- Improved fleetctl gitops error message when trying to change team name to a team that already exists.
- Updated ABM (Apple Business Manager) host tooltip copy on the manage host page to clarify when host vitals will be available to view.
- Added index to query_results DB table to speed up finding the last query timestamp for a given query and host.
- Displayed the label names in case-insensitive alphabetical order in the fleet UI.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
795635a27e282752eab821f860f0b6dcd25705076779a1044b1c41d83cc106df fleet_v4.55.1_linux.tar.gz
523fec46f239b69700645ecc0bb51e74afc87bb3e0f8cb141560e5a014d55b10 fleetctl_v4.55.1_linux.tar.gz
e14d3e0c110ad9575aed7a66c39acc5790c1ff0e1892f715fad1714fc5d71401 fleetctl_v4.55.1_linux.zip
4e976c19f1c000e4c1f0777bb61f9c889ebca0b0d9618edb965a2d0c5309a26e fleetctl_v4.55.1_macos.tar.gz
4568d927c739e0edadb56565b87288595e63c327f06f1e87c1dde10e7bd004d9 fleetctl_v4.55.1_macos.zip
3e61eb6a7e3847b06ffc2c7969d631bcfe8af176c1fe578e52dacaed000b38ff fleetctl_v4.55.1_windows.tar.gz
c62cc32c58d844362bb41626700531baa3702ce22b400465beae34bfb4854e08 fleetctl_v4.55.1_windows.zip
fleet-v4.55.0
Fleet 4.55.0 (Aug 9, 2024)
NOTE: Beginning with v4.55.0, Fleet no longer supports MySQL 5.7 because it has reached end of life. The minimum version supported is MySQL 8.0.36.
NOTE: Changes to software field in GitOps:
software
field is optional for TEAMs in 4.54.1 and lowersoftware
field should NOT be added to NO-TEAM before 4.55.0software
field is mandatory for NO-TEAM and TEAMs in 4.55.0 and up
Endpoint operations
- Added support for generating
fleetd
packages for Linux ARM64. - Added new
fleetctl package
--arch flag. - Updated
fleetctl package
command to remove the--version
flag. The version of the package can be controlled by--orbit-channel
flag. - Updated maintenance window descriptions to update regularly to match the failing policy description/resolution.
- Updated maintenance windows using Google Calendar so that calendar events are now recreated within 30 seconds if deleted or moved to the past.
- Fleet server watches for potential changes for up to 1 week after original event time. If event is moved forward more than 1 week, then after 1 week Fleet server will check for event changes once every 30 minutes.
- NOTE: These near real-time updates may add additional load to the Google Calendar API, so it is recommended to use API usage alerts or other monitoring methods.
Device management
- Integrated Escrow Buddy to add enforcement of FileVault during the MacOS Setup Assistant process for hosts that are
enrolled into teams (or no team) with disk encryption turned on. Thank you homebysix and team! - Updated
fleetd
to use Escrow Buddy to rotate FileVault keys. Removed or modified internal API endpoints documented in the API for contributors. - Added OS updates support to iOS/iPadOS devices.
- Added iOS and iPadOS device details refetch triggered with the existing
POST /api/latest/fleet/hosts/:id/refetch
endpoint. - Added iOS and iPadOS user-installed apps to Fleet.
- Added iOS and iPadOS apps to be installed using Apple's VPP (Volume Purchase Program) to Fleet.
- Added support for VPP to GitOps.
- Added the
POST /mdm/apple/vpp_token
,DELETE /mdm/apple/vpp_token
andGET /vpp
endpoints and related functionality. - Added new
GET /software/app_store_apps
andPOST /software/app_store_apps
endpoints and associated functionality. - Added the associated VPP apps to the
GET /software/titles
andGET /software/titles/:id
endpoints. - Added the associated VPP apps to the
GET /hosts/:id/software
andGET /device/:token/software
endpoints. - Added support to delete a VPP app from a team in
DELETE /software/titles/:software_title_id/available_for_install
. - Added
exclude_software
query parameter to "Get host by identifier" API. - Added ability to add/remove/disable apps with VPP in the Fleet UI.
- Added a warning banner to the UI if the uploaded VPP token is about to expire/has expired.
- Added UI updates for VPP feature on host software and my device pages.
- Added global activity support for VPP-related activities.
- Added UI features for managing VPP apps for iPadOS and iOS hosts.
- Updated profile activities to include iOS and iPadOS.
- Updated Fleet UI to show OS version compliance on host details page.
- Added support for "No teams" on all software pages including adding software installers.
- Added DB migration to support VPP software features.
- Added DB migration to migrate older team configurations to the new version that includes both installers and App Store apps.
- Linux lock/unlock scripts now make use of pam_nologin to keep AD users locked out.
- Installed software list now includes Linux .deb packages that are 'on hold'.
- Added a special-case to properly name the Notion .exe Windows installer the same as how it will be reported by osquery post-install.
- Increased threshold to renew Apple SCEP certificates for MDM enrollments to 180 days.
Vulnerability management
- Fixed CVEs identified as 'Rejected' in NVD not matching against software.
- Fixed false negative vulnerabilities with IntelliJ IDEA CE and PyCharm CE installed via Homebrew.
Bug fixes and improvements
- Dropped support for MySQL 5.7 and raised minimum required to MySQL 8.0.36.
- Updated software pre-install to use new GitOps format for query.
- Updated UI tooltips for pending OS settings.
- Added a migration to migrate older team configurations to the new version that includes both installers and App Store apps.
- Fixed a styling issue in the controls > OS settings > disk encryption table.
- Fixed a bug in
fleetctl preview
that was causing it to fail if Docker was installed without support for the deprecateddocker-compose
CLI. - Fixed an issue where the app-wide warning banners were not showing on the initial page load.
- Fixed a bug where the hosts page would sometimes allow excess pagination.
- Fixed a bug where software install results could not be retrieved for deleted hosts in the activity feed.
- Fixed path that was incorrect for the download software installer package endpoint
GET /software/titles/:software_title_id/package
. - Fixed a bug that set
last_enrolled_at
during orbit re-enrollment, which caused osquery enroll failures whenFLEET_OSQUERY_ENROLL_COOLDOWN
is set. - Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.
- Fixed a styling issue in the Controls > OS Settings > disk encryption table.
- Fixed a bug where Fleet google calendar events generated by Fleet <= 4.53.0 were not correctly processed by 4.54.0.
- Fixed a bug in
fleetctl preview
that was causing it to fail if Docker was installed without support for the deprecateddocker-compose
CLI. - Fixed a bug where software install results could not be retrieved for deleted hosts in the activity feed.
- Fixed a bug where a software installer (a package or a VPP app) that has been installed on a host still shows up as "Available for install" and can still be requested to be installed after the host is transferred to a different team without that installer (or after the installer is deleted).
- Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.
Fleet's agent
The following version of Fleet's agent (fleetd
) support the latest changes to Fleet:
- orbit-v1.30.0
fleet-desktop-v1.30.0
(included with Orbit)- fleetd-chrome-v1.3.1
While newer versions of
fleetd
still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
752e667c725e98eafad0a9ec4acebe432dd8d3adf4bd38a523ddf44bd5cdb4c4 fleet_v4.55.0_linux.tar.gz
1d07e349dd563fbda06d1cae7841c7e03dbb7204f6130bcc3d41650f099d29d0 fleetctl_v4.55.0_linux.tar.gz
324af95989785c7c76e8bc17e7acfafd1416e8c2a635e60fd7fe76cd26323a90 fleetctl_v4.55.0_linux.zip
9b70adaf92dcf3646096118bb73aaa1e15ebf79f9b17f46954b59fbcecb14ad6 fleetctl_v4.55.0_macos.tar.gz
fd40e5e4e37fff8aaa208f505b73d38faea7fabee305807e71c41db40ba708e1 fleetctl_v4.55.0_macos.zip
f4f85c7406c3dd6f1664f335203cb5cf5a0d769282e1119fc605fded00a2e643 fleetctl_v4.55.0_windows.tar.gz
cf2de2ab3811e40514623a04d0219446f331d735a619d1ee7ff8db6a69b5e5da fleetctl_v4.55.0_windows.zip
fleet-v4.54.1
Bug fixes
- Fixed a startup bug by performing an early restart of orbit if an agent options setting has changed.
- Implemented a small refactor of orbit subsystems.
- Removed the
--version
flag from thefleetctl package
command. The version of the package can now be controlled by the--orbit-channel
flag. - Fixed a bug that set
last_enrolled_at
during orbit re-enrollment, which caused osquery enroll failures whenFLEET_OSQUERY_ENROLL_COOLDOWN
is set . - In
fleetctl package
command, removed the--version
flag. The version of the package can be controlled by--orbit-channel
flag. - Fixed a bug where Fleet google calendar events generated by Fleet <= 4.53.0 were not correctly processed by 4.54.1.
- Re-enabled cached logins after windows Unlock.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
4511497ad6ecfef8d3a9fcf7585eb454edf22ea0dae6f77be2c81e7a6539dcd7 fleet_v4.54.1_linux.tar.gz
151e41e5d547de46a4557bef41a35790951a7926646c7d35d1ed1ef7f9961964 fleetctl_v4.54.1_linux.tar.gz
fd075f9c84e91c2f7c0937e730df44f3e9fe9b74c41bdf62645a9798cd1a45c5 fleetctl_v4.54.1_linux.zip
f3c40d7fc7a91a57e7689ada1c1b6b7167f4a740bb2124ea1c3a75d0bde8030b fleetctl_v4.54.1_macos.tar.gz
43e4ddd1285dfb190c49ab4c6d488369b5ae72234a5d87afd93bc6fc2d675076 fleetctl_v4.54.1_macos.zip
86f533145306e79ccdbe21d0b46326ae9fab9507f3a1740d0ffc8a088ce18d02 fleetctl_v4.54.1_windows.tar.gz
a7446e282755e5340b33572986e83bffa2a984d04d6f465d0a30da9538f9cea4 fleetctl_v4.54.1_windows.zip
fleet-v4.54.0
Fleet 4.54.0 (Jul 17, 2024)
Endpoint Operations
- Updated
fleetctl gitops
to be used to rename teams.- NOTE:
fleetctl gitops
needs to have previously run with this Fleet/fleetctl version or later. - The team name is changed if the YAML config is applied from the same filename as before.
- NOTE:
- Updated
fleetctl query --hosts
to work with hostnames, host UUIDs, and/or hardware serial numbers. - Added a host's upcoming scheduled maintenance window, if any, on the host details page of the UI and in host responses from the API.
- Added support to
fleetctl debug connection
to test TLS connection with the embedded certs.pem in
the fleetctl executable. - Added host's display name to calendar event descriptions.
- Added .yml and .yaml file type validation and error message to
fleetctl apply
. - Added a tooltip to truncated text and not to untruncated values.
Device Management (MDM)
- Added iOS/iPadOS builtin manual labels.
- NOTE: Before migrating to this version, make sure to delete any labels with name "iOS" or "iPadOS".
- Added aggregation of iOS/iPadOS OS versions.
- Added change to custom profiles for iOS/iPadOS to go from 'pending' straight to 'verified' (skip 'verifying').
- Added support for renewing SCEP certificates with custom enrollment profiles.
- Added automatic install of
fleetd
when a host turns on MDM now uses the latest releasedfleetd
version. - Added support for
END_USER_EMAIL
andFLEET_DESKTOP
parameters to Windows MSI install package. - Added API changes to support the
labels_include_all
andlabels_exclude_any
fields (and accept the deprecatedlabels
field as an alias forlabels_include_all
). - Added
fleetctl gitops
andfleetctl apply
support forlabels_include_all
andlabels_exclude_any
to configure a custom setting. - Added UI for uploading custom profiles with a target of hosts that include all/exclude any selected labels.
- Added the database migrations to create the new
exclude
column for labels associated with MDM profiles (and declarations). - Updated host script timeouts to be configurable via agent options using
script_execution_timeout
. fleetctl
now uses a polling mechanism when runningrun-script
to accommodate longer script timeout values.- Updated the profile reconciliation logic to handle the new "exclude any" labels.
- Updated so that the
fleetd
cleanup script for macOS that will return completed when run from Fleet. - Updated so that the
fleetd
uninstall script will return completed when run from Fleet. - Updated script run permissions -- only admins and maintainers can run arbitrary or saved scripts (not observer or observer+).
- Updated
fleetctl get mdm_commands
to return 20 rows and support--host
--type
filters to improve response time. - Updated the instructions for manual MDM enrollment on the "My device" page to be clearer and align with Apple updates.
- Updated UI to allow device users to reinstall self-service software.
- Updated API to not return a 500 status code if a host sends a command response with an invalid command uuid.
- Increased the timeout of the upload software installer endpoint to 4 minutes.
- Disabled credential caching and reboot on Windows lock.
Vulnerability Management
- Added "Vulnerable" filter to the host details software table.
- Fixed Microsoft Office June 2024 false negative vulnerabilities and added custom vulnerability matching.
- Fixed issue where some Windows applications were getting matched against Windows OS vulnerabilities.
Bug fixes and improvements
- Updated Go version to go1.22.4.
- Updated to render only one banner on the my device page based on priority order.
- Updated software updated timestamp tooltip.
- Removed DB error message from the UI when showing a error response.
- Updated fleetctl get queries/labels/hosts descriptions.
- Reinstated ability to sort policies by passing count.
- Improved the accuracy of the heuristic used to deterimine if a host is connected to Fleet via MDM by using osquery data for hosts that didn't send a Checkout message.
- Improved the matching of
pkg
installer files to existing software. - Improved extraction of application name from
pkg
installers. - Clarified various help and error texts around host identifiers.
- Hid CTA on inherited queries/policies from team level users.
- Hid query delete checkboxes from team observers.
- Hid "Self-service" in Fleet Desktop and My device page if there is no self-service software available.
- Hid the host detail page's "Run script" action from Global and Team Observer/+s.
- Aligned the "View all hosts" links in the Software titles and versions tables.
- Fixed counts for hosts with with low disk space in summary page.
- Fixed allowing Observer and Observer+ roles to download software installers.
- Fixed crash in
fleetd
installer on Windows if there are registry keys with special characters on the system. - Fixed
fleetctl debug connection
to support server TLS certificates with intermediates. - Fixed macOS declarations being stuck in "to be removed" state indefinitely.
- Fixed link to
fleetd
uninstall instructions in "Delete device" modal. - Fixed exporting CSVs with fields that contain commas to render properly.
- Fixed issue where the Fleet UI could not be used to renew the ABM token after the ABM user who created the token was deleted.
- Fixed styling issues with the target inputs loading spinner on the run live query/policy page.
- Fixed an issue where special characters in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall breaks the "installer_utils.ps1 -uninstallOrbit" step in the Windows MSI installer.
- Fixed a bug causing "No Team" OS versions to display the wrong number.
- Fixed various UI capitalizations.
- Fixed UI issue where "Script is already running" tooltip incorrectly displayed when the script is not running.
- Fixed the script details modal's error message on script timeout to reflect the newly dynamic script timeout limit, if hit.
- Fixed a discrepancy in the spacing between DataSet labels and values on Firefox relative to other browsers.
- Fixed bug that set
Added to Fleet
toNever
after macOS hosts re-enrolled to Fleet via MDM.
Fleet's agent
The following version of Fleet's agent (fleetd
) support the latest changes to Fleet:
- orbit-v1.27.0
fleet-desktop-v1.27.0
(included with Orbit)- fleetd-chrome-v1.3.1
While newer versions of
fleetd
still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
ef3cc05f5d86042c926a3243c081957445717960268743953793980df144b145 fleet_v4.54.0_linux.tar.gz
f4be7647922d6d458692d149c3aec12c3ecd84ed97761dd5478b1e10cbb94d7e fleetctl_v4.54.0_linux.tar.gz
2266628a8f1495e4ec904646ee77797367b359aaa3b3a1dd49449031bb5c7878 fleetctl_v4.54.0_linux.zip
4eb752de605ffcacb6aaf1e613bef1596b6a4583811d1b2fc6b0948df4febddd fleetctl_v4.54.0_macos.tar.gz
d12ea4fbcf04a2b0d848ed5b610b78055558e95b7cfd6461ee2e81ba4a7216b5 fleetctl_v4.54.0_macos.zip
6d331a0cf4808cc0a5141960acfe009d99e5b6e33b477216c9e888d55a04885e fleetctl_v4.54.0_windows.tar.gz
a0b1523b50b26c6ceb479513d2278d448d9e826cebbaf2af7decd3e01b5d7a59 fleetctl_v4.54.0_windows.zip
fleet-v4.53.1
Bug fixes
- Updated fleetctl get queries/labels/hosts descriptions.
- Fixed exporting CSVs with fields that contain commas to render properly.
- Fixed link to fleetd uninstall instructions in "Delete device" modal.
- Rendered only one banner on the my device page based on priority order.
- Hidden query delete checkboxes from team observers.
- Fixed issue where the Fleet UI could not be used to renew the ABM token after the ABM user who created the token was deleted.
- Fixed an issue where special characters in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall broke the "installer_utils.ps1 -uninstallOrbit" step in the Windows MSI installer.
- Fixed counts for hosts with low disk space in summary page.
- Fleet UI fixes: Hide CTA on inherited queries/policies from team level users.
- Updated software updated timestamp tooltip.
- Fixed issue where some Windows applications were getting matched against Windows OS vulnerabilities.
- Fixed crash in
fleetd
installer on Windows if there are registry keys with special characters on the system. - Fixed UI capitalizations.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
4773c4275d0b56d5b80953003dc9956a6a7aa8c4a016480986fb409aef9b161c fleet_v4.53.1_linux.tar.gz
c22224a6e32bc2f071373a53c528513f993239f3a3bc52bfb0ed3d854fba86b5 fleetctl_v4.53.1_linux.tar.gz
a0503d04e1f71f6856503024b70552eeeb6954e4aac61040a008f3917b38a684 fleetctl_v4.53.1_linux.zip
9887df54ec10a12b986c325675b360e2c43924618104c7914928520ede514fa0 fleetctl_v4.53.1_macos.tar.gz
a220124d70563eb4e79926b0b7ff4bfab36fc29d58b21152455ae1c63bbd5a28 fleetctl_v4.53.1_macos.zip
9e4a589aa9658c35abbcca54036c9cc0070d05f0708b8df2d8e9030bbb9f541a fleetctl_v4.53.1_windows.tar.gz
c18e861f5e44c1b731f14ddebcbbe4f6d4bd9ad24e71b49feb7d1ddde7cc1741 fleetctl_v4.53.1_windows.zip
fleet-v4.53.0
Fleet 4.53.0 (Jun 25, 2024)
Endpoint Operations
- Enabled
fleetctl gitops
to create teams with no enroll secrets, or clear enroll secrets for an existing team. - Added support for upgrades to
fleetd
RPMs packages. - Changed
activities.created_at
timestamp precision to microseconds. - Added character validation to /api/fleet/orbit/device_token endpoint.
- Cleaned up count rendering fixing clientside flashing counts.
- Improved performance by removing unnecessary database query that listed host software during
initial page load of the "My device" page. - Made the rendering of empty text cell values consistent. Also render the '0' value as a number instead of the default value.
- Added a server setting to configure the query report max size.
- Fixed a bug where scrollbars were always present on modal backgrounds.
- Fixed bug in
fleetctl preview
caused by creating enroll secrets.
Device Management (MDM)
- Extended the timeout for the endpoint to upload a software installer.
- Improved the logic used by Fleet to detect if a host is currently MDM-managed.
- Added S3 config variables with a
carves_
andsoftware_installers
prefix. - Fixed bug where MDM migration failed when attempting to renew enrollment profiles on macOS Sonoma devices.
- Fixed issue where Windows-specific error message was displayed when failing to parse macOS configuration profiles.
- Fixed a bug where MDM migration failed when attempting to renew enrollment profiles on macOS Sonoma devices.
- Fixed a server panic when sending a request to
/mdm/apple/mdm
without certificate headers. - Fixed issue where profiles larger than 65KB were being truncated when stored on MySQL 8.
- Fixed a bug that prevented unused script contents to be periodically cleaned up from the database.
- Fixed UI bug where error detail was overflowing the table in "OS settings" modal in "My device"
page UI. - Fixed a bug where the software installer exists in the database but the installer does not exist
in the storage. - Added a "soft-delete" approach when deleting a host so that its script execution details are still
available for the activities feed. - Fixed UI bug where Zoom icon was displayed for ZoomInfo.
- Fixed issue with backwards compatibility with the deprecated
FLEET_S3_*
environment variables. - Fixed a code linter issue where a slice was created non-empty and appended-to, instead of empty with the required capacity.
Vulnerability Management
- Added vulnerabilities matching for applications that include an OS scope.
- Added vulnerability detection in NVD for custom ubuntu kernels.
- Removed duplicate
os_versions
results in /api/latest/fleet/vulnerabilities/:cve endpoint. - Removed vscode false positive vulnerabilities.
- Clarified Fleet uses CVSS base score version 3.x.
Fleet's agent
The following version of Fleet's agent (fleetd
) support the latest changes to Fleet:
- orbit-v1.27.0
fleet-desktop-v1.27.0
(included with Orbit)- fleetd-chrome-v1.3.1
While newer versions of
fleetd
still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
881f6c9e3c1e70dd076b850c146352b733957e1ef90a76c46595631f2cd5ff7c fleet_v4.53.0_linux.tar.gz
710c8601b26a63482c9d8044bfb12d8dec9297aaa593942cb68185276dd304b6 fleetctl_v4.53.0_linux.tar.gz
3ba1b87c659e4c9ca752c50c7e9414ed46f982ce88d668e7d918a95af13315c9 fleetctl_v4.53.0_linux.zip
0fdf8c16ffc44fe0006ac5e07721c17a7995c0bcdb4309d3d66697a8f153b402 fleetctl_v4.53.0_macos.tar.gz
c4d9880b59c833dd69c78533381854a62dd100fc738c15780f512ec879018864 fleetctl_v4.53.0_macos.zip
df1ecdc0031475f4481f32911d5222f265ca016bc23a2ce5febe24339f473c02 fleetctl_v4.53.0_windows.tar.gz
6ebf021ec1ecf18a97b59fcf9c045aa245120b84a84a5319dbbc5ff4c34f42ee fleetctl_v4.53.0_windows.zip
fleet-v4.52.0
Bug fixes
- Fixed an issue where profiles larger than 65KB were being truncated when stored on MySQL 8.
- Fixed activity without public IP to be human readable.
- Made the rendering of empty text cell values consistent. Also rendered the '0' value as a number instead of the default value
---
. - Fixed bug in
fleetctl preview
caused by creating enroll secrets. - Disabled AI features on non-new installations upgrading from < 4.50.X to >= 4.51.X.
- Fixed various icon misalignments on the dashboard page.
- Used a "soft-delete" approach when deleting a host so that its script execution details are still available for the activities feed.
- Fixed UI bug where error detail was overflowing the table in "OS settings" modal in "My device" page UI.
- Fixed bug where MDM migration failed when attempting to renew enrollment profiles on macOS Sonoma devices.
- Fixed queries with dot notation in the column name to show results.
/api/latest/fleet/hosts/:id/lock
returnsunlock_pin
for Apple hosts when query parameterview_pin=true
is set. UI no longer uses unlock pending state for Apple hosts.- Improved the logic used by Fleet to detect if a host is currently MDM-managed.
- Fixed issue where the MDM ingestion flow would fail if an invalid enrollment reference was passed.
- Removed vscode false positive vulnerabilities.
- Fixed a code linter issue where a slice was created non-empty and appended-to, instead of empty with the required capacity.
- Fixed UI bug where Zoom icon was displayed for ZoomInfo.
- Error with 404 when the user attempts to delete team policies for a non-existent team.
- Fixed the Linux unlock script to support passwordless users.
- Fixed an issue with the Windows-specific
windows-remove-fleetd.ps1
script provided in the Fleet repository where running the script did removefleetd
but made it impossible to reinstall the agent. - Fixed host details page and device details page not showing the latest software. Added
exclude_software
query parameter to the/api/latest/fleet/hosts/:id
endpoint to exclude software from the response. - Fixed the
/mdm/apple/mdm
endpoint so that it returns status code 408 (request timeout) instead of 500 (internal server error) when encountering a timeout reading the request body. - Extended the timeout for the endpoint to upload a software installer (
POST /fleet/software/package
), and improved handling of the maximum size. - Fixed issue where Windows-specific error message was displayed when failing to parse macOS configuration profiles.
- Fixed a panic (API returning code 500) when the software installer exists in the database but the installer does not exist in the storage.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
f004ede766d83d38ded3358bef66fd56b564fcea19cde01f79dee4a426916448 fleet_v4.52.0_linux.tar.gz
65f081caa613ba53342c9c3dd7188f22552b83c9e8ac73f740321f99f6a9fe5b fleetctl_v4.52.0_linux.tar.gz
763e2f8597ef969c08a17932f0d4e10424b478314ceddbf72ba13a5d41aa8df0 fleetctl_v4.52.0_linux.zip
92f34dca0bd5715dbfffcdceeb89ffab9cd8115c2faf07cbd1e34071795cdb44 fleetctl_v4.52.0_macos.tar.gz
52e9a87377d0237b7c1a1c8247898ec1a41bfa2a52af411694ff62b70b64917b fleetctl_v4.52.0_macos.zip
b4aa7c480ce02aeb723529ed5e8c2874738ca4d2aeb9e718cdc96c5e5cbded3b fleetctl_v4.52.0_windows.tar.gz
1d289b4fb2f8766a1a1e7f8bab7472322f721c1c2f7ecf676f0c9dadfc7f66b3 fleetctl_v4.52.0_windows.zip