Releases: fleetdm/fleet
fleet-v4.48.3
Bug fixes
- Updated calendar webhook to retry if it receives response 429 "Too Many Requests". Webhook request will retry for 30 minutes with a 1 minute max delay between retries.
- Updated label endpoints and UI to prevent creating, updating, or deleting built-in labels.
- Fixed edge cases of team ID being lost in various flows.
- Fixed queries to correctly parse params for
GET
...policies/count
,GET
...teams/:id/policies/count
, andGET
...vulnerabilities
. - Fixed 'GET
...
labelsto return
400when the non-supported
queryurl param was included in the request. Previous behavior was to silently ignore that param and return
200`. - Casted windows exit codes to signed integers to match windows interpreter.
- Fixed a bug where some scripts got stuck in "upcoming" activity permanently.
- Fixed a bug where the translate API returned "forbidden" instead of "bad request" for an empty JSON body.
- Fixed an uncaught bug where "forbidden" would be returned for invalid payload type, which should also be a bad request.
- Fixed an issue where applying Windows MDM profiles using
fleetctl apply
would cause Fleet to overwrite the reserved profile used to manage Windows OS updates. - Fixed a bug where we were not ignoreing leading and trailing whitespace when filtering Fleet entities by name.
- Fixed a bug where query retrieving bitlocker info from windows server wouldn't return.
- Fixed MDM migration starting when the device didn't have the right ADE JSON profile already assigned.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
917759e1b76b72229b5dc928b07af4a4d1f99b41111da42580aeb28ef2aefd3e fleet_v4.48.3_linux.tar.gz
7d739b6a0667be4e84dff7ad01ae6db2369aac0bb8685d1eafb74a239cf3dde4 fleetctl_v4.48.3_linux.tar.gz
54ef26ef5847752d4acc732de7e294cb02766d89fc5eb30ead4de42cea331d79 fleetctl_v4.48.3_linux.zip
8a9035a8ebb7500049aacb7291c559d29a2db2024cfdac39fbdd6ff277dc2764 fleetctl_v4.48.3_macos.tar.gz
ddfb0598ad97db5738e82403d0e932d2df9591e7e2998f425b56360b75d56c71 fleetctl_v4.48.3_macos.zip
ff91f0d3a6ffcf273c455b50cd84d306e03e1ec0b650175bee3dde1480d1d113 fleetctl_v4.48.3_windows.tar.gz
4bf552065bb179e2da10c1e65463ccc68f451faae21468ebc91ec83308ebbe36 fleetctl_v4.48.3_windows.zip
fleet-v4.48.2
Bug fixes
- Fixed an issue with the
20240327115617_CreateTableNanoDDMRequests
database migration where it could fail if the database did not default to theutf8mb4_unicode_ci
collation. - Fixed an issue with automatic release of the device after setup when a DDM profile is pending.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
a12f1b3315057920742569bb98f5031bfd200c52c6a808b327e5048a4f4991a4 fleet_v4.48.2_linux.tar.gz
ac1f545786b7014c5a247d8854f114611814ed5f63232a9098f549732fa8814d fleetctl_v4.48.2_linux.tar.gz
c7bdf687d8aff0ab4ddb28fa9c633f416ae82b201f3c51898136c9a26631a7f1 fleetctl_v4.48.2_linux.zip
f7a9240b781a22fc573a4780da8dadaa761853d1247f21b9306083962e0197d0 fleetctl_v4.48.2_macos.tar.gz
069a56ca99f366c294536ade1d99de76e68aac6450bdb5f8b59258295bb1ff22 fleetctl_v4.48.2_macos.zip
b069bee7a2a19e296886fb26862e7432e0b2a0fbde72db072f369a0c0e990955 fleetctl_v4.48.2_windows.tar.gz
9f6fbc95920e22acace881c5702a9fda81104d98ff5f37ed2c343898d371c8b3 fleetctl_v4.48.2_windows.zip
fleet-v4.48.1
Bug fixes
- Made block_id mismatch errors more informative as 400s instead of 500s
- Fixed a bug where values were not being rendered in host-specific query reports
- Fixed potential server panic when events are created with calendar integration, but then global calendar integration is disabled
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
5a65d7c3fda43337fd1422f92403901a460c12a37f89da6cb70833802a2f1c9b fleet_v4.48.1_linux.tar.gz
92dfe587c369ed8afad29bcb4ae5ed9a313cb563b2e52ff0b0494f15dcd5fd33 fleetctl_v4.48.1_linux.tar.gz
2ff4610933ac3310b66beca9b0f12bb88aa346c5ab8f1cfd4fd03219efbeacc9 fleetctl_v4.48.1_linux.zip
18aced79e1431c887174daad2c6076afbd67034fd5ef72042260feffce27a274 fleetctl_v4.48.1_macos.tar.gz
8a51f608a0c289334d341590a8b59fce757f07fd112aaa5459fc9c51891b5e60 fleetctl_v4.48.1_macos.zip
770ca5efa95e4c0a44f8f1653c41d79c9fe55d0e9a228eb2d374bdd8a11a63f7 fleetctl_v4.48.1_windows.tar.gz
0c4413aa7e74903ba6c00cd78d60bb9a153d5775949a90d2c794ec00cef7fbd8 fleetctl_v4.48.1_windows.zip
fleet-v4.48.0
Changes
Endpoint operations
- Added integration with Google Calendar.
- Fleet admins can enable Google Calendar integration by using a Google service account with domain-wide delegation.
- Calendar integration is enabled at the team level for specific team policies.
- If the policy is failing, a calendar event will be put on the host user's calendar for the 3rd Tuesday of the month.
- During the event, Fleet will fire a webhook. IT admins should use this webhook to trigger a script or MDM command that will remediate the issue.
- Confirm that the webhook rate limit can support the number of hosts being remediated. Webhook 429 response exponential backoff coming soon.
- Reduced the number of 'Deadlock found' errors seen by the server when multiple hosts share the same UUID.
- Removed outdated tooltips from UI.
- Added hover states to clickable elements.
- Added cross-platform check for duplicate MDM profiles names in batch set MDM profiles API.
Device management (MDM)
- Added Windows MDM support to the
osquery-perf
host-simulation command. - Added a missing database index to the MDM Windows enrollments table that will improve performance at scale.
- Migrate MDM-related endpoints to new paths, deprecating (but still supporting indefinitely) the old endpoints.
- Adds API functionality for creating DDM declarations, both individually and as a batch.
- Added DDM activities to the fleet UI.
- Added the
enable_release_device_manually
configuration setting for a team and no team. Note that the macOS automatic enrollment profile cannot set theawait_device_configured
option anymore, this setting is controlled by Fleet via the newenable_release_device_manually
option. - Automatically release a macOS DEP-enrolled device after enrollment commands and profiles have been delivered, unless
enable_release_device_manually
is set totrue
.
Vulnerability management
- Added Visual Studio extensions to Fleet's software inventory.
Bug fixes
- Fixed a bug where valid MDM enrollments would show up as unmanaged (EnrollmentState 3).
- Fixed flash message from closing when a modal closes.
- Fixed a bug where OS version information would not get detected on Windows Server 2019.
- Fixed issue where getting host details failed when attempting to read the host's bitlocker status from the datastore.
- Fixed false negative vulnerabilities on macOS Homebrew python packages.
- Fixed styling of live query disabled warning.
- Fixed issue where Windows MDM profile processing was skipping
<Add>
commands. - Fixed UI's ability to bulk delete hosts when "All teams" is selected.
- Fixed error state rendering on the global Host status expiry settings page, fix error state alignment for tooltip-wrapper field labels across organization settings.
- Fixed
GET fleet/os_versions
andGET fleet/os_versions/[id]
so team users no longer have access to os versions on hosts from other teams. fleetctl gitops
now batch processes queries and policies.- Fixed UI bug to render the query platform correctly for queries imported from the standard query library.
- Fixed issue where microsoft edge was not reporting vulnerabilities.
- Fixed a bug where all Windows MDM enrollments were detected as automatic.
- Fixed a bug where
null
or excludedsmtp_settings
caused a UI 500. - Fixed query reports so they reset when there is a change to the selected platform or selected minimum osquery version.
- Fixed live query sort of sql result sort for both string and numerical columns.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Fleet's agent
The following version of Fleet's agent (fleetd
) support the latest changes to Fleet:
- orbit-v1.2.0
fleet-desktop-v1.2.0
(included with Orbit)- fleetd-chrome-v1.2.0
While newer versions of
fleetd
still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Binary Checksum
SHA256
0a80748ee061b0dc3fef0ecf95abcdcf6554fb09e2f3675fa8f48c43d5582dfa fleet_v4.48.0_linux.tar.gz
de04a4f93837236a62fcd753c4ae7f64ebdbd8880ee2faffd0b950dcc2bc744b fleetctl_v4.48.0_linux.tar.gz
1a9fb59e84b29362e747cf4191c4100ccfa6c52fd766eedb831a4169923976eb fleetctl_v4.48.0_linux.zip
947895eee1492a0f6da5c69fe68361b97359f52f99ac72f7947a456618f0ec7f fleetctl_v4.48.0_macos.tar.gz
d3881b865311e774107ee50db4ee9a27cce669ccdd40e92c1990c4f1ec73e523 fleetctl_v4.48.0_macos.zip
c678c9a61d0faf3f0e030010615c3cca395d815f8c073ea171b20d4bdf221192 fleetctl_v4.48.0_windows.tar.gz
f44a9e93bc06742004f0b5c74b00cf0689b4890b903803c338ef80b9fd69c173 fleetctl_v4.48.0_windows.zip
fleet-v4.47.3
Bug fixes
- Fixed a bug where valid Windows MDM enrollments would show up as unmanaged (EnrollmentState 3).
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
ef9ccb9743205b6cd63e965ded0ad5b6836d9c4f4d8b3bec5264bdfbf1c71651 fleet_v4.47.3_linux.tar.gz
bfcf0d230e85b0d06d5fc6f19042169d856d2e6dd9a38214721a4cf97ae63af2 fleetctl_v4.47.3_linux.tar.gz
2677ada64618dc9d5ac8f15ee9b377009c34376e72c3f460ada6db202821fbef fleetctl_v4.47.3_linux.zip
de7cab0e59a003edd943523dfefa1d038ee1edd914548625fa97324ce680516b fleetctl_v4.47.3_macos.tar.gz
ce4fc109fa3b38b58035b1274318e8db4eac26aee424d0ae4fc8d4113146db52 fleetctl_v4.47.3_macos.zip
8c1b2481e4dfe27c73d6446784fae2b9d2c7d27c11e0a19b081e877a38d08c94 fleetctl_v4.47.3_windows.tar.gz
e3a9686198e872ef6984215ebcd18a3c2f57c8ca009dc3c23b485a88a92fff01 fleetctl_v4.47.3_windows.zip
fleet-v4.47.2
Bug fixes
- Fixed false negative vulnerabilities on macOS Homebrew Python packages.
- Fixed policies to check "disable guest user".
- Resolved the issue where Microsoft Edge was not reporting vulnerabilities.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
a930c85fbceaf955c9ae865893b20a7164b0f8020b0a61ecee56d1a1490cc285 fleet_v4.47.2_linux.tar.gz
03b2d5858587fcf2c5d6f7cdc4a4401318ee63066f936e295f9e94e8c66f0a86 fleetctl_v4.47.2_linux.tar.gz
00b377900f7213590db683ce75b4d3ae6053633a5938148afeefd607d0e88319 fleetctl_v4.47.2_linux.zip
a908c8a15c730ce061360bcbb351135484b0f6e0a1fd19847888818bdab73d86 fleetctl_v4.47.2_macos.tar.gz
9fc6416952495e1c0a13f2b1af1bf774e6dc5a90fcf0a50c942bba56709cb921 fleetctl_v4.47.2_macos.zip
9d0c7f0c88518e5d682763f7697796846ba0c4156371bfc8df612f38b33b77e3 fleetctl_v4.47.2_windows.tar.gz
3fb343762a0cdfe57ac0e85f3b5cb93dc5579c9d820d4a268ca81e809bea089c fleetctl_v4.47.2_windows.zip
fleet-v4.47.1
Bug fixes
- Removed outdated tooltips from UI.
- Fixed an issue with Windows MDM profile processing where
<Add>
commands were being skipped. - Team users no longer have access to OS versions on hosts from other teams for GET fleet/os_versions and GET fleet/os_versions/[id].
- Reduced the number of 'Deadlock found' errors seen by the server when multiple hosts share the same UUID.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
1078cdf24990c103ac9a35c7081bfdf4ea6d0d62d6c9b1a5624a6ab9c6fcb07b fleet_v4.47.1_linux.tar.gz
edb82e0716aa844b2d6d8ebfe4d4e08f41a0618fdd62b64623c8f590a39bc207 fleetctl_v4.47.1_linux.tar.gz
1f615397bacd86a29514e0cc9981af1e76ba261c6634367508a7fd88bc088724 fleetctl_v4.47.1_linux.zip
f263d762ee5788d2773d167ed15e6fc41e874f8682b6df9c8f8215c07c836275 fleetctl_v4.47.1_macos.tar.gz
ac6ea42ae4f70b4b8bc0f1c0f6e453447d97c0f13eb5e2e1621765b304e43cdb fleetctl_v4.47.1_macos.zip
1b60f0c6902fde29c56d8ef1df0be1b1ba81320c08aeeae8aa34b2f3698c5cae fleetctl_v4.47.1_windows.tar.gz
4524035a526a4871f7165635991d84d188b944dcd74971d3db44335d1e7565fd fleetctl_v4.47.1_windows.zip
fleet-v4.47.0
Changes
Endpoint operations
- Implemented UI for team-specific host status webhooks.
- Added Unicode and emoji support for policy and team names.
- Allowed gitops user to access specific endpoints.
- Enabled setting host status webhook at the team level via REST API and fleetctl.
- GET /hosts API endpoint now populates policies with
populate_policies=true
query parameter. - Supported custom options set via CLI in the UI for host status webhook settings.
- Surfaced VS code extensions in the software inventory.
- Added a "No team" team option when running live queries from the UI.
- Fixed tranferring hosts between teams across multiple pages.
- Fixed policy deletion not updating policy count.
- Fixed RuntimeError in fleetd-chrome and buggy filters for exporting hosts.
Device management (MDM)
- Added wipe command to fleetctl and the
POST /api/v1/fleet/hosts/:id/wipe
Fleet Premium API endpoint. - Updated
fleetctl run-script
to include new flags andPOST /scripts/run/sync
API to receive new parameters. - Enabled usage of
<Add>
nodes in Windows MDM profiles. - Added backend functionality for the new way of storing script contents and updated the script character limit.
- Updated the database schema to support the increase in script size.
- Prevented running cleanup tasks and re-enqueuing commands for hosts on SCEP renewals.
- Improved osquery queries for MDM detection.
- Prevented redundant ADE profile assignment.
- Updated fleetctl gitops, default MDM configs were set to default values when not defined.
- Displayed disk encryption status in macOS as "verifying."
- Allowed GitOps user to access MDM hosts and profiles endpoints.
- Added UI for wiping a host with Fleet MDM.
- Rolled up MDM solutions by name on the dashboard MDM card.
- Added functionality to surface MDM devices where DEP assignment failed.
- Fixed MDM profile installation error visibility.
- Fixed Windows MDM profile command "Type" column display.
- Fixed an issue with macOS ADE enrollments getting a "method not allowed" error.
- Fixed Munki issues truncated tooltip bug.
- Fixed a bug causing Windows hosts to appear when filtering by bootstrap package status.
Vulnerability management
- Reduced vulnerability processing time by optimizing the vulnerability dictionary grouping.
- Fixed an issue with
mdm.enable_disk_encryption
JSON null values causing issues. - Fixed vulnerability processing for non-ASCII software names.
Bug fixes and improvements
- Upgraded Golang version to 1.21.7.
- Updated page descriptions and fixed alignment of critical policy checkboxes.
- Adjusted font size for tooltips in the settings page to follow design guidelines.
- Fixed a bug where the "Done" button on the add hosts modal could be covered.
- Fixed UI styling and alignment issues across various pages and modals.
- Fixed the position of live query/policy host search icon and UI loading states.
- Fixed issues with how errors were captured in Sentry for improved precision and coverage.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Fleet's agent
The following version of Fleet's agent (fleetd
) support the latest changes to Fleet:
- orbit-v1.22.0
fleet-desktop-v1.22.0
(included with Orbit)- fleetd-chrome-v1.2.0
While newer versions of
fleetd
still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Binary Checksum
SHA256
74d130cad8acef03e4faa3b5befcb1351db038fa47421d6a5d3010f583ab0e47 fleet_v4.47.0_linux.tar.gz
91aceb4ee71ac847521007ac796e718ad5bb6577c28b5c992e810e2f4e402046 fleetctl_v4.47.0_linux.tar.gz
9b08ea44ec7fa2954c60c82ad8c4d54cdf84f3ea336639445b2b8b1d978551e0 fleetctl_v4.47.0_linux.zip
3a137179e0095bf147e50fea7bec3ffb989f0b53d0bbe5bdab21dba5c173b414 fleetctl_v4.47.0_macos.tar.gz
d44e3a415d99266b1759d1e452d3cf115ae01acb822bdff471f19f90c2cf7426 fleetctl_v4.47.0_macos.zip
a4e6692b22ae9d6e230116f6f530c9775ab4d38743c460dc099f948e92cf075d fleetctl_v4.47.0_windows.tar.gz
2699a142ddf7b9f8c30c65c37f4511f6dfb7a8114eab3d4ef026f04a3944fac1 fleetctl_v4.47.0_windows.zip
fleet-v4.46.2
Bug fixes
- Fixed a bug where the pencil icons next to the edit query name and description fields were inconsistently spaced.
- Fixed an issue with
mdm.enable_disk_encryption
where anull
JSON value caused issues with MDM profiles in thePATCH /api/v1/fleet/config
endpoint. - Displayed disk encryption status in macOS as "verifying" while Fleet verified if the escrowed key could be decrypted.
- Fixed UI styling of loading state for automatic enrollment settings page.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
9456bf9d11fd8cee55619fc0a2ffe3443f9bfea51589af5c3b1282dfa50eb2a7 fleet_v4.46.2_linux.tar.gz
9506632b80989310f2d2cca6a35e036d21213776cfff6623c28f1c5d3b8588c7 fleetctl_v4.46.2_linux.tar.gz
0d34f8d272ad4e604c2798ad670d2a2b06d397cc38fa3d84382a16d014c43925 fleetctl_v4.46.2_linux.zip
221696c07ae07e3e5892f0538003c1ff036a5a1a89e6a2260fe435695214e3b0 fleetctl_v4.46.2_macos.tar.gz
d1a23b9adddc0a6dc7806cb8fb9db94adc7263f2712f379dafe654ed38fc6bec fleetctl_v4.46.2_macos.zip
6e12d0f2f68b89133032436717f20a60bc8b9b0e116f2985e658dfb0f1e46066 fleetctl_v4.46.2_windows.tar.gz
8c38c4c17d8d8382d9fe1f98db556bca3cfeb3fef0359d9d7c01ab73477b4a48 fleetctl_v4.46.2_windows.zip
fleet-v4.46.1
Bug fixes
- Fixed a bug in running queries via API.
- Query campaign not clearing from Redis after timeout
- Added logging when a Redis connection is blocked for a long time waiting for live query results.
- Added support for the
redis.conn_wait_timeout
configuration setting for Redis standalone (it was previously only supported on Redis cluster). - Added Redis cleanup of inactive queries in a cron job, so temporary Redis failures to stop a live query doesn't leave such queries around for a long time.
- Fixed orphaned live queries in Redis when client terminates connection
POST /api/latest/fleet/queries/{id}/run
GET /api/latest/fleet/queries/run
POST /api/latest/fleet/hosts/identifier/{identifier}/query
POST /api/latest/fleet/hosts/{id}/query
- Added --server_frequent_cleanups_enabled (FLEET_SERVER_FREQUENT_CLEANUPS_ENABLED) flag to enable cron job to clean up stale data running every 15 minutes. Currently disabled by default.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
9c3262961652f77177675bb812a2e5037223505b780999dc4a57c656afe9e1e6 fleet_v4.46.1_linux.tar.gz
0f7e030eec92ad940dbdafa3806a0140d7589219d7de05301e8cf622e63683df fleetctl_v4.46.1_linux.tar.gz
811febc6169517fbd42233cdc003fcaf660f1ee969fcea98261647274ae27f2a fleetctl_v4.46.1_linux.zip
bf2893ace82d8952c00dfaefc48cfb09e2d58fc2cf3553aadfdc250f4b03ccbd fleetctl_v4.46.1_macos.tar.gz
1bcbac2e969778df504fbe04dd5bfb1e337c141869efdca9c3974e8c97296e18 fleetctl_v4.46.1_macos.zip
a1d79ad7af2af9ffbcad20b0b5555f6a64d46eb19deada41d93e8becbd4866e3 fleetctl_v4.46.1_windows.tar.gz
4d95694b73357e0e304b68cdbb00bd65da3ffcaa7e2148141dbc4e29357b5a52 fleetctl_v4.46.1_windows.zip