Skip to content

Releases: fleetdm/fleet

fleet-v4.48.3

17 Apr 00:21
9d3e8cb
Compare
Choose a tag to compare

Bug fixes

  • Updated calendar webhook to retry if it receives response 429 "Too Many Requests". Webhook request will retry for 30 minutes with a 1 minute max delay between retries.
  • Updated label endpoints and UI to prevent creating, updating, or deleting built-in labels.
  • Fixed edge cases of team ID being lost in various flows.
  • Fixed queries to correctly parse params for GET ...policies/count, GET ...teams/:id/policies/count, and GET ...vulnerabilities.
  • Fixed 'GET ...labelsto return400when the non-supportedqueryurl param was included in the request. Previous behavior was to silently ignore that param and return200`.
  • Casted windows exit codes to signed integers to match windows interpreter.
  • Fixed a bug where some scripts got stuck in "upcoming" activity permanently.
  • Fixed a bug where the translate API returned "forbidden" instead of "bad request" for an empty JSON body.
  • Fixed an uncaught bug where "forbidden" would be returned for invalid payload type, which should also be a bad request.
  • Fixed an issue where applying Windows MDM profiles using fleetctl apply would cause Fleet to overwrite the reserved profile used to manage Windows OS updates.
  • Fixed a bug where we were not ignoreing leading and trailing whitespace when filtering Fleet entities by name.
  • Fixed a bug where query retrieving bitlocker info from windows server wouldn't return.
  • Fixed MDM migration starting when the device didn't have the right ADE JSON profile already assigned.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

917759e1b76b72229b5dc928b07af4a4d1f99b41111da42580aeb28ef2aefd3e  fleet_v4.48.3_linux.tar.gz
7d739b6a0667be4e84dff7ad01ae6db2369aac0bb8685d1eafb74a239cf3dde4  fleetctl_v4.48.3_linux.tar.gz
54ef26ef5847752d4acc732de7e294cb02766d89fc5eb30ead4de42cea331d79  fleetctl_v4.48.3_linux.zip
8a9035a8ebb7500049aacb7291c559d29a2db2024cfdac39fbdd6ff277dc2764  fleetctl_v4.48.3_macos.tar.gz
ddfb0598ad97db5738e82403d0e932d2df9591e7e2998f425b56360b75d56c71  fleetctl_v4.48.3_macos.zip
ff91f0d3a6ffcf273c455b50cd84d306e03e1ec0b650175bee3dde1480d1d113  fleetctl_v4.48.3_windows.tar.gz
4bf552065bb179e2da10c1e65463ccc68f451faae21468ebc91ec83308ebbe36  fleetctl_v4.48.3_windows.zip

fleet-v4.48.2

10 Apr 02:04
a24f2e3
Compare
Choose a tag to compare

Bug fixes

  • Fixed an issue with the 20240327115617_CreateTableNanoDDMRequests database migration where it could fail if the database did not default to the utf8mb4_unicode_ci collation.
  • Fixed an issue with automatic release of the device after setup when a DDM profile is pending.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

a12f1b3315057920742569bb98f5031bfd200c52c6a808b327e5048a4f4991a4  fleet_v4.48.2_linux.tar.gz
ac1f545786b7014c5a247d8854f114611814ed5f63232a9098f549732fa8814d  fleetctl_v4.48.2_linux.tar.gz
c7bdf687d8aff0ab4ddb28fa9c633f416ae82b201f3c51898136c9a26631a7f1  fleetctl_v4.48.2_linux.zip
f7a9240b781a22fc573a4780da8dadaa761853d1247f21b9306083962e0197d0  fleetctl_v4.48.2_macos.tar.gz
069a56ca99f366c294536ade1d99de76e68aac6450bdb5f8b59258295bb1ff22  fleetctl_v4.48.2_macos.zip
b069bee7a2a19e296886fb26862e7432e0b2a0fbde72db072f369a0c0e990955  fleetctl_v4.48.2_windows.tar.gz
9f6fbc95920e22acace881c5702a9fda81104d98ff5f37ed2c343898d371c8b3  fleetctl_v4.48.2_windows.zip

fleet-v4.48.1

08 Apr 21:02
8fc0765
Compare
Choose a tag to compare

Bug fixes

  • Made block_id mismatch errors more informative as 400s instead of 500s
  • Fixed a bug where values were not being rendered in host-specific query reports
  • Fixed potential server panic when events are created with calendar integration, but then global calendar integration is disabled

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

5a65d7c3fda43337fd1422f92403901a460c12a37f89da6cb70833802a2f1c9b  fleet_v4.48.1_linux.tar.gz
92dfe587c369ed8afad29bcb4ae5ed9a313cb563b2e52ff0b0494f15dcd5fd33  fleetctl_v4.48.1_linux.tar.gz
2ff4610933ac3310b66beca9b0f12bb88aa346c5ab8f1cfd4fd03219efbeacc9  fleetctl_v4.48.1_linux.zip
18aced79e1431c887174daad2c6076afbd67034fd5ef72042260feffce27a274  fleetctl_v4.48.1_macos.tar.gz
8a51f608a0c289334d341590a8b59fce757f07fd112aaa5459fc9c51891b5e60  fleetctl_v4.48.1_macos.zip
770ca5efa95e4c0a44f8f1653c41d79c9fe55d0e9a228eb2d374bdd8a11a63f7  fleetctl_v4.48.1_windows.tar.gz
0c4413aa7e74903ba6c00cd78d60bb9a153d5775949a90d2c794ec00cef7fbd8  fleetctl_v4.48.1_windows.zip

fleet-v4.48.0

04 Apr 15:30
80b1f1f
Compare
Choose a tag to compare

Changes

Endpoint operations

  • Added integration with Google Calendar.
    • Fleet admins can enable Google Calendar integration by using a Google service account with domain-wide delegation.
    • Calendar integration is enabled at the team level for specific team policies.
    • If the policy is failing, a calendar event will be put on the host user's calendar for the 3rd Tuesday of the month.
    • During the event, Fleet will fire a webhook. IT admins should use this webhook to trigger a script or MDM command that will remediate the issue.
    • Confirm that the webhook rate limit can support the number of hosts being remediated. Webhook 429 response exponential backoff coming soon.
  • Reduced the number of 'Deadlock found' errors seen by the server when multiple hosts share the same UUID.
  • Removed outdated tooltips from UI.
  • Added hover states to clickable elements.
  • Added cross-platform check for duplicate MDM profiles names in batch set MDM profiles API.

Device management (MDM)

  • Added Windows MDM support to the osquery-perf host-simulation command.
  • Added a missing database index to the MDM Windows enrollments table that will improve performance at scale.
  • Migrate MDM-related endpoints to new paths, deprecating (but still supporting indefinitely) the old endpoints.
  • Adds API functionality for creating DDM declarations, both individually and as a batch.
  • Added DDM activities to the fleet UI.
  • Added the enable_release_device_manually configuration setting for a team and no team. Note that the macOS automatic enrollment profile cannot set the await_device_configured option anymore, this setting is controlled by Fleet via the new enable_release_device_manually option.
  • Automatically release a macOS DEP-enrolled device after enrollment commands and profiles have been delivered, unless enable_release_device_manually is set to true.

Vulnerability management

  • Added Visual Studio extensions to Fleet's software inventory.

Bug fixes

  • Fixed a bug where valid MDM enrollments would show up as unmanaged (EnrollmentState 3).
  • Fixed flash message from closing when a modal closes.
  • Fixed a bug where OS version information would not get detected on Windows Server 2019.
  • Fixed issue where getting host details failed when attempting to read the host's bitlocker status from the datastore.
  • Fixed false negative vulnerabilities on macOS Homebrew python packages.
  • Fixed styling of live query disabled warning.
  • Fixed issue where Windows MDM profile processing was skipping <Add> commands.
  • Fixed UI's ability to bulk delete hosts when "All teams" is selected.
  • Fixed error state rendering on the global Host status expiry settings page, fix error state alignment for tooltip-wrapper field labels across organization settings.
  • Fixed GET fleet/os_versions and GET fleet/os_versions/[id] so team users no longer have access to os versions on hosts from other teams.
  • fleetctl gitops now batch processes queries and policies.
  • Fixed UI bug to render the query platform correctly for queries imported from the standard query library.
  • Fixed issue where microsoft edge was not reporting vulnerabilities.
  • Fixed a bug where all Windows MDM enrollments were detected as automatic.
  • Fixed a bug where null or excluded smtp_settings caused a UI 500.
  • Fixed query reports so they reset when there is a change to the selected platform or selected minimum osquery version.
  • Fixed live query sort of sql result sort for both string and numerical columns.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.2.0
  2. fleet-desktop-v1.2.0 (included with Orbit)
  3. fleetd-chrome-v1.2.0

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Binary Checksum

SHA256

0a80748ee061b0dc3fef0ecf95abcdcf6554fb09e2f3675fa8f48c43d5582dfa  fleet_v4.48.0_linux.tar.gz
de04a4f93837236a62fcd753c4ae7f64ebdbd8880ee2faffd0b950dcc2bc744b  fleetctl_v4.48.0_linux.tar.gz
1a9fb59e84b29362e747cf4191c4100ccfa6c52fd766eedb831a4169923976eb  fleetctl_v4.48.0_linux.zip
947895eee1492a0f6da5c69fe68361b97359f52f99ac72f7947a456618f0ec7f  fleetctl_v4.48.0_macos.tar.gz
d3881b865311e774107ee50db4ee9a27cce669ccdd40e92c1990c4f1ec73e523  fleetctl_v4.48.0_macos.zip
c678c9a61d0faf3f0e030010615c3cca395d815f8c073ea171b20d4bdf221192  fleetctl_v4.48.0_windows.tar.gz
f44a9e93bc06742004f0b5c74b00cf0689b4890b903803c338ef80b9fd69c173  fleetctl_v4.48.0_windows.zip

fleet-v4.47.3

27 Mar 02:08
9354b7d
Compare
Choose a tag to compare

Bug fixes

  • Fixed a bug where valid Windows MDM enrollments would show up as unmanaged (EnrollmentState 3).

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

ef9ccb9743205b6cd63e965ded0ad5b6836d9c4f4d8b3bec5264bdfbf1c71651  fleet_v4.47.3_linux.tar.gz
bfcf0d230e85b0d06d5fc6f19042169d856d2e6dd9a38214721a4cf97ae63af2  fleetctl_v4.47.3_linux.tar.gz
2677ada64618dc9d5ac8f15ee9b377009c34376e72c3f460ada6db202821fbef  fleetctl_v4.47.3_linux.zip
de7cab0e59a003edd943523dfefa1d038ee1edd914548625fa97324ce680516b  fleetctl_v4.47.3_macos.tar.gz
ce4fc109fa3b38b58035b1274318e8db4eac26aee424d0ae4fc8d4113146db52  fleetctl_v4.47.3_macos.zip
8c1b2481e4dfe27c73d6446784fae2b9d2c7d27c11e0a19b081e877a38d08c94  fleetctl_v4.47.3_windows.tar.gz
e3a9686198e872ef6984215ebcd18a3c2f57c8ca009dc3c23b485a88a92fff01  fleetctl_v4.47.3_windows.zip

fleet-v4.47.2

25 Mar 20:29
fd71574
Compare
Choose a tag to compare

Bug fixes

  • Fixed false negative vulnerabilities on macOS Homebrew Python packages.
  • Fixed policies to check "disable guest user".
  • Resolved the issue where Microsoft Edge was not reporting vulnerabilities.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

a930c85fbceaf955c9ae865893b20a7164b0f8020b0a61ecee56d1a1490cc285  fleet_v4.47.2_linux.tar.gz
03b2d5858587fcf2c5d6f7cdc4a4401318ee63066f936e295f9e94e8c66f0a86  fleetctl_v4.47.2_linux.tar.gz
00b377900f7213590db683ce75b4d3ae6053633a5938148afeefd607d0e88319  fleetctl_v4.47.2_linux.zip
a908c8a15c730ce061360bcbb351135484b0f6e0a1fd19847888818bdab73d86  fleetctl_v4.47.2_macos.tar.gz
9fc6416952495e1c0a13f2b1af1bf774e6dc5a90fcf0a50c942bba56709cb921  fleetctl_v4.47.2_macos.zip
9d0c7f0c88518e5d682763f7697796846ba0c4156371bfc8df612f38b33b77e3  fleetctl_v4.47.2_windows.tar.gz
3fb343762a0cdfe57ac0e85f3b5cb93dc5579c9d820d4a268ca81e809bea089c  fleetctl_v4.47.2_windows.zip

fleet-v4.47.1

19 Mar 15:08
8393c17
Compare
Choose a tag to compare

Bug fixes

  • Removed outdated tooltips from UI.
  • Fixed an issue with Windows MDM profile processing where <Add> commands were being skipped.
  • Team users no longer have access to OS versions on hosts from other teams for GET fleet/os_versions and GET fleet/os_versions/[id].
  • Reduced the number of 'Deadlock found' errors seen by the server when multiple hosts share the same UUID.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

1078cdf24990c103ac9a35c7081bfdf4ea6d0d62d6c9b1a5624a6ab9c6fcb07b  fleet_v4.47.1_linux.tar.gz
edb82e0716aa844b2d6d8ebfe4d4e08f41a0618fdd62b64623c8f590a39bc207  fleetctl_v4.47.1_linux.tar.gz
1f615397bacd86a29514e0cc9981af1e76ba261c6634367508a7fd88bc088724  fleetctl_v4.47.1_linux.zip
f263d762ee5788d2773d167ed15e6fc41e874f8682b6df9c8f8215c07c836275  fleetctl_v4.47.1_macos.tar.gz
ac6ea42ae4f70b4b8bc0f1c0f6e453447d97c0f13eb5e2e1621765b304e43cdb  fleetctl_v4.47.1_macos.zip
1b60f0c6902fde29c56d8ef1df0be1b1ba81320c08aeeae8aa34b2f3698c5cae  fleetctl_v4.47.1_windows.tar.gz
4524035a526a4871f7165635991d84d188b944dcd74971d3db44335d1e7565fd  fleetctl_v4.47.1_windows.zip

fleet-v4.47.0

12 Mar 23:06
88d4191
Compare
Choose a tag to compare

Changes

Endpoint operations

  • Implemented UI for team-specific host status webhooks.
  • Added Unicode and emoji support for policy and team names.
  • Allowed gitops user to access specific endpoints.
  • Enabled setting host status webhook at the team level via REST API and fleetctl.
  • GET /hosts API endpoint now populates policies with populate_policies=true query parameter.
  • Supported custom options set via CLI in the UI for host status webhook settings.
  • Surfaced VS code extensions in the software inventory.
  • Added a "No team" team option when running live queries from the UI.
  • Fixed tranferring hosts between teams across multiple pages.
  • Fixed policy deletion not updating policy count.
  • Fixed RuntimeError in fleetd-chrome and buggy filters for exporting hosts.

Device management (MDM)

  • Added wipe command to fleetctl and the POST /api/v1/fleet/hosts/:id/wipe Fleet Premium API endpoint.
  • Updated fleetctl run-script to include new flags and POST /scripts/run/sync API to receive new parameters.
  • Enabled usage of <Add> nodes in Windows MDM profiles.
  • Added backend functionality for the new way of storing script contents and updated the script character limit.
  • Updated the database schema to support the increase in script size.
  • Prevented running cleanup tasks and re-enqueuing commands for hosts on SCEP renewals.
  • Improved osquery queries for MDM detection.
  • Prevented redundant ADE profile assignment.
  • Updated fleetctl gitops, default MDM configs were set to default values when not defined.
  • Displayed disk encryption status in macOS as "verifying."
  • Allowed GitOps user to access MDM hosts and profiles endpoints.
  • Added UI for wiping a host with Fleet MDM.
  • Rolled up MDM solutions by name on the dashboard MDM card.
  • Added functionality to surface MDM devices where DEP assignment failed.
  • Fixed MDM profile installation error visibility.
  • Fixed Windows MDM profile command "Type" column display.
  • Fixed an issue with macOS ADE enrollments getting a "method not allowed" error.
  • Fixed Munki issues truncated tooltip bug.
  • Fixed a bug causing Windows hosts to appear when filtering by bootstrap package status.

Vulnerability management

  • Reduced vulnerability processing time by optimizing the vulnerability dictionary grouping.
  • Fixed an issue with mdm.enable_disk_encryption JSON null values causing issues.
  • Fixed vulnerability processing for non-ASCII software names.

Bug fixes and improvements

  • Upgraded Golang version to 1.21.7.
  • Updated page descriptions and fixed alignment of critical policy checkboxes.
  • Adjusted font size for tooltips in the settings page to follow design guidelines.
  • Fixed a bug where the "Done" button on the add hosts modal could be covered.
  • Fixed UI styling and alignment issues across various pages and modals.
  • Fixed the position of live query/policy host search icon and UI loading states.
  • Fixed issues with how errors were captured in Sentry for improved precision and coverage.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.22.0
  2. fleet-desktop-v1.22.0 (included with Orbit)
  3. fleetd-chrome-v1.2.0

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Binary Checksum

SHA256

74d130cad8acef03e4faa3b5befcb1351db038fa47421d6a5d3010f583ab0e47  fleet_v4.47.0_linux.tar.gz
91aceb4ee71ac847521007ac796e718ad5bb6577c28b5c992e810e2f4e402046  fleetctl_v4.47.0_linux.tar.gz
9b08ea44ec7fa2954c60c82ad8c4d54cdf84f3ea336639445b2b8b1d978551e0  fleetctl_v4.47.0_linux.zip
3a137179e0095bf147e50fea7bec3ffb989f0b53d0bbe5bdab21dba5c173b414  fleetctl_v4.47.0_macos.tar.gz
d44e3a415d99266b1759d1e452d3cf115ae01acb822bdff471f19f90c2cf7426  fleetctl_v4.47.0_macos.zip
a4e6692b22ae9d6e230116f6f530c9775ab4d38743c460dc099f948e92cf075d  fleetctl_v4.47.0_windows.tar.gz
2699a142ddf7b9f8c30c65c37f4511f6dfb7a8114eab3d4ef026f04a3944fac1  fleetctl_v4.47.0_windows.zip

fleet-v4.46.2

04 Mar 21:57
Compare
Choose a tag to compare

Bug fixes

  • Fixed a bug where the pencil icons next to the edit query name and description fields were inconsistently spaced.
  • Fixed an issue with mdm.enable_disk_encryption where a null JSON value caused issues with MDM profiles in the PATCH /api/v1/fleet/config endpoint.
  • Displayed disk encryption status in macOS as "verifying" while Fleet verified if the escrowed key could be decrypted.
  • Fixed UI styling of loading state for automatic enrollment settings page.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

9456bf9d11fd8cee55619fc0a2ffe3443f9bfea51589af5c3b1282dfa50eb2a7  fleet_v4.46.2_linux.tar.gz
9506632b80989310f2d2cca6a35e036d21213776cfff6623c28f1c5d3b8588c7  fleetctl_v4.46.2_linux.tar.gz
0d34f8d272ad4e604c2798ad670d2a2b06d397cc38fa3d84382a16d014c43925  fleetctl_v4.46.2_linux.zip
221696c07ae07e3e5892f0538003c1ff036a5a1a89e6a2260fe435695214e3b0  fleetctl_v4.46.2_macos.tar.gz
d1a23b9adddc0a6dc7806cb8fb9db94adc7263f2712f379dafe654ed38fc6bec  fleetctl_v4.46.2_macos.zip
6e12d0f2f68b89133032436717f20a60bc8b9b0e116f2985e658dfb0f1e46066  fleetctl_v4.46.2_windows.tar.gz
8c38c4c17d8d8382d9fe1f98db556bca3cfeb3fef0359d9d7c01ab73477b4a48  fleetctl_v4.46.2_windows.zip

fleet-v4.46.1

29 Feb 22:23
Compare
Choose a tag to compare

Bug fixes

  • Fixed a bug in running queries via API.
    • Query campaign not clearing from Redis after timeout
  • Added logging when a Redis connection is blocked for a long time waiting for live query results.
  • Added support for the redis.conn_wait_timeout configuration setting for Redis standalone (it was previously only supported on Redis cluster).
  • Added Redis cleanup of inactive queries in a cron job, so temporary Redis failures to stop a live query doesn't leave such queries around for a long time.
  • Fixed orphaned live queries in Redis when client terminates connection
    • POST /api/latest/fleet/queries/{id}/run
    • GET /api/latest/fleet/queries/run
    • POST /api/latest/fleet/hosts/identifier/{identifier}/query
    • POST /api/latest/fleet/hosts/{id}/query
  • Added --server_frequent_cleanups_enabled (FLEET_SERVER_FREQUENT_CLEANUPS_ENABLED) flag to enable cron job to clean up stale data running every 15 minutes. Currently disabled by default.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

9c3262961652f77177675bb812a2e5037223505b780999dc4a57c656afe9e1e6  fleet_v4.46.1_linux.tar.gz
0f7e030eec92ad940dbdafa3806a0140d7589219d7de05301e8cf622e63683df  fleetctl_v4.46.1_linux.tar.gz
811febc6169517fbd42233cdc003fcaf660f1ee969fcea98261647274ae27f2a  fleetctl_v4.46.1_linux.zip
bf2893ace82d8952c00dfaefc48cfb09e2d58fc2cf3553aadfdc250f4b03ccbd  fleetctl_v4.46.1_macos.tar.gz
1bcbac2e969778df504fbe04dd5bfb1e337c141869efdca9c3974e8c97296e18  fleetctl_v4.46.1_macos.zip
a1d79ad7af2af9ffbcad20b0b5555f6a64d46eb19deada41d93e8becbd4866e3  fleetctl_v4.46.1_windows.tar.gz
4d95694b73357e0e304b68cdbb00bd65da3ffcaa7e2148141dbc4e29357b5a52  fleetctl_v4.46.1_windows.zip