Releases: fleetdm/fleet
Releases · fleetdm/fleet
fleet-v4.49.2
Bug fixes
- Restored missing tooltips when hovering over the disabled "Calendar events" manage automations dropdown option.
- Fixed an issue on Windows hosts enrolled in MDM via Azure AD where the command to install Fleetd on the device was sent repeatedly, even though
fleetdhad been properly installed. - Improved handling of different scenarios and edge cases when hosts turned on/off MDM.
- Fixed issue with uploading of some signed Apple mobileconfig profiles.
- Added an informative flash message when the user tries to save a query with invalid platform(s).
- Fixed bug where Linux host wipe would repeat if the host got re-enrolled.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Fleet's agent
The following version of Fleet's agent (fleetd) support the latest changes to Fleet:
- orbit-v1.24.0
fleet-desktop-v1.24.0(included with Orbit)- fleetd-chrome-v1.2.0
While newer versions of
fleetdstill function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Binary Checksum
SHA256
47076023e33117b13ed9e9ef7be415067600c180b460a1c73823560de005eb0d fleet_v4.49.2_linux.tar.gz
e626c24d81970be447e683730e22ff4fccfbc720b6b9dff41bbd2f2419766380 fleetctl_v4.49.2_linux.tar.gz
cfa2c04ccd3a209c5a01db6de5b393dc2f1f038add46d45e957490c990a47c62 fleetctl_v4.49.2_linux.zip
1d7c4f0e2045835904ee9c994212605d67aef12c7899d8d203039100dc038db7 fleetctl_v4.49.2_macos.tar.gz
9dffd0600ac3634e75d99c867d2ca3791cd3a302513c42b4465c6300977d824c fleetctl_v4.49.2_macos.zip
c38560c8536e3c4b0d7a072e373009b03aaf63e58114deef576808c82eb62596 fleetctl_v4.49.2_windows.tar.gz
635c9083e14310cee41e7f5caaa91249130280aca25911346a82e5edbbbeebf9 fleetctl_v4.49.2_windows.zip
fleet-v4.49.1
Bug fixes
- Fixed a bug that prevented the Fleet server from starting if Windows MDM was configured but Apple MDM wasn't.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Fleet's agent
The following version of Fleet's agent (fleetd) support the latest changes to Fleet:
- orbit-v1.24.0
fleet-desktop-v1.24.0(included with Orbit)- fleetd-chrome-v1.2.0
While newer versions of
fleetdstill function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Binary Checksum
SHA256
149ca8b9b2f375a73adf0ae4739f7ab0c83477202c5875ef7f3e2716a087d2ee fleet_v4.49.1_linux.tar.gz
4625292d15399581f185b11ab34ba654c5b10f25bfe917132f7e1dcd19dddc94 fleetctl_v4.49.1_linux.tar.gz
5dc1924bef12ac4d6b3a428b16f92545e54a4f2a53ccf416f327cab35eed20b5 fleetctl_v4.49.1_linux.zip
1f88f58c10b8f936cf8058e5effdef6a88ece05393f3c3df2a1247c3d6e651c0 fleetctl_v4.49.1_macos.tar.gz
8f798e081ea1cb1e106552ab9a7241994d3c05dd18970f3e1ad8329d3738bd7e fleetctl_v4.49.1_macos.zip
94253480a0f1e3be221902d60f94463420057f8d84f9136abd6b7448332a1fe6 fleetctl_v4.49.1_windows.tar.gz
e7aed3b9cea264001849c7bb2bbd56a8772816c065663c6e954890a72be441b7 fleetctl_v4.49.1_windows.zip
fleet-v4.49.0
Changes
Endpoint operations
- Added integration with Google Calendar for policy compliance events.
- Added new API endpoints to add/remove manual labels to/from a host.
- Updated the
POST /api/v1/fleet/labelsandPATCH /api/v1/fleet/labels/{id}endpoints to support creation and update of manual labels. - Implemented changes in
fleetctl gitopsfor batch processing queries and policies. - Enabled setting host status webhook at the team level via REST API and fleetctl apply/gitops.
Device management (MDM)
- Added API functionality for creating DDM declarations, both individually and as a batch.
- Added creation or update of macOS DDM profile to enforce OS Updates settings whenever the settings are changed.
- Updated
fleetctl run-scriptto include new--teamand--script-nameflags. - Displayed disk encryption status in macOS as "verifying" while verifying the escrowed key.
- Added the
enable_release_device_manuallyconfiguration setting for teams and no team, which controls the automatic release of a macOS DEP-enrolled device.
Vulnerability management
- Ignored Valve Corporation's Steam client's vulnerabilities on Windows and macOS due to retrieval challenges of the true version.
- Updated the GET fleet/os_versions and GET fleet/os_versions/[id] to restrict team users from accessing os versions on hosts from other teams.
Bug fixes and improvements
- Upgraded Golang version to 1.21.7.
- Added a minimum supported node version in the
package.json. - Made block_id mismatch errors more informative as 400s instead of 500s.
- Added Windows MDM support to the
osquery-perfhost-simulation command. - Updated calendar events automations to not show error validation on enabling the feature.
- Migrated MDM-related endpoints to new paths while maintaining support for old endpoints indefinitely.
- Added a missing database index to the MDM Windows enrollments table to improve performance at scale.
- Added cross-platform check for duplicate MDM profiles names in batch set MDM profiles API.
- Fixed a bug where Microsoft Edge was not reporting vulnerabilities.
- Fixed an issue with the
20240327115617_CreateTableNanoDDMRequestsdatabase migration. - Fixed the error message to indicate if a conflict on uploading an Apple profile was caused by the profile's name or its identifier.
- Fixed license checks to allow migration and restoring DEP devices during trial.
- Fixed a 500 error in MySQL 8 and when DB user has insufficient privileges for
fleetctl debug db-locksandfleetctl debug db-innodb-status. - Fixed a bug where values not derived from "actual" fleetd-chrome tables were not being displayed correctly.
- Fixed a bug where values were not being rendered in host-specific query reports.
- Fixed an issue with automatic release of the device after setup when a DDM profile is pending.
- Fixed UI issues: alignment bugs, padding around empty states, tooltip rendering, and incorrect rendering of the global Host status expiry settings page.
- Fixed a bug where
nullor excludedsmtp_settingscaused a UI 500 error. - Fixed an issue where a bad request response from a 3rd party MDM solution would result in a 500 error in Fleet during MDM migration.
- Fixed a bug where updating policy name could result in multiple policies with the same name in a team.
- Fixed potential server panic when events are created with calendar integration, but then global calendar integration is disabled.
- Fixed fleetctl gitops dry-run validation issues when enabling calendar integration for the first time.
- Fixed a bug where all Windows MDM enrollments were detected as automatic.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Fleet's agent
The following version of Fleet's agent (fleetd) support the latest changes to Fleet:
- orbit-v1.24.0
fleet-desktop-v1.24.0(included with Orbit)- fleetd-chrome-v1.2.0
While newer versions of
fleetdstill function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Binary Checksum
SHA256
017439a15b04aafd322811f9812262e02f5f0bdf2aa252d46a06d7d118dd24f4 fleet_v4.49.0_linux.tar.gz
92f9a5bbfd116c4e20227af72b651b95a4190b346cb391762d0d50f5245d3355 fleetctl_v4.49.0_linux.tar.gz
54d84eaf8b6d8d6d0b865c39b39a8253c079d571e066d02b50c5d0dd50d1be74 fleetctl_v4.49.0_linux.zip
5b0b491a401d5031b75aaa1bfe8ab32d55befb03d7cb627de72409fce0b5a103 fleetctl_v4.49.0_macos.tar.gz
2fc0ed12ef82482e5f7afc1fc61e25f43139421f3a999d366ac1a403b33ece3c fleetctl_v4.49.0_macos.zip
fb998e66174bc1cee14dff001bec28d4a43ad753885a95f25015d71db8ff39fb fleetctl_v4.49.0_windows.tar.gz
b7678c523152e65ff7b537cafde3fd5ef076ea35e59c3c9148b44a7e6aee796d fleetctl_v4.49.0_windows.zip
fleet-v4.48.3
Bug fixes
- Updated calendar webhook to retry if it receives response 429 "Too Many Requests". Webhook request will retry for 30 minutes with a 1 minute max delay between retries.
- Updated label endpoints and UI to prevent creating, updating, or deleting built-in labels.
- Fixed edge cases of team ID being lost in various flows.
- Fixed queries to correctly parse params for
GET...policies/count,GET...teams/:id/policies/count, andGET...vulnerabilities. - Fixed 'GET
...labelsto return400when the non-supportedqueryurl param was included in the request. Previous behavior was to silently ignore that param and return200`. - Casted windows exit codes to signed integers to match windows interpreter.
- Fixed a bug where some scripts got stuck in "upcoming" activity permanently.
- Fixed a bug where the translate API returned "forbidden" instead of "bad request" for an empty JSON body.
- Fixed an uncaught bug where "forbidden" would be returned for invalid payload type, which should also be a bad request.
- Fixed an issue where applying Windows MDM profiles using
fleetctl applywould cause Fleet to overwrite the reserved profile used to manage Windows OS updates. - Fixed a bug where we were not ignoreing leading and trailing whitespace when filtering Fleet entities by name.
- Fixed a bug where query retrieving bitlocker info from windows server wouldn't return.
- Fixed MDM migration starting when the device didn't have the right ADE JSON profile already assigned.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
917759e1b76b72229b5dc928b07af4a4d1f99b41111da42580aeb28ef2aefd3e fleet_v4.48.3_linux.tar.gz
7d739b6a0667be4e84dff7ad01ae6db2369aac0bb8685d1eafb74a239cf3dde4 fleetctl_v4.48.3_linux.tar.gz
54ef26ef5847752d4acc732de7e294cb02766d89fc5eb30ead4de42cea331d79 fleetctl_v4.48.3_linux.zip
8a9035a8ebb7500049aacb7291c559d29a2db2024cfdac39fbdd6ff277dc2764 fleetctl_v4.48.3_macos.tar.gz
ddfb0598ad97db5738e82403d0e932d2df9591e7e2998f425b56360b75d56c71 fleetctl_v4.48.3_macos.zip
ff91f0d3a6ffcf273c455b50cd84d306e03e1ec0b650175bee3dde1480d1d113 fleetctl_v4.48.3_windows.tar.gz
4bf552065bb179e2da10c1e65463ccc68f451faae21468ebc91ec83308ebbe36 fleetctl_v4.48.3_windows.zip
fleet-v4.48.2
Bug fixes
- Fixed an issue with the
20240327115617_CreateTableNanoDDMRequestsdatabase migration where it could fail if the database did not default to theutf8mb4_unicode_cicollation. - Fixed an issue with automatic release of the device after setup when a DDM profile is pending.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
a12f1b3315057920742569bb98f5031bfd200c52c6a808b327e5048a4f4991a4 fleet_v4.48.2_linux.tar.gz
ac1f545786b7014c5a247d8854f114611814ed5f63232a9098f549732fa8814d fleetctl_v4.48.2_linux.tar.gz
c7bdf687d8aff0ab4ddb28fa9c633f416ae82b201f3c51898136c9a26631a7f1 fleetctl_v4.48.2_linux.zip
f7a9240b781a22fc573a4780da8dadaa761853d1247f21b9306083962e0197d0 fleetctl_v4.48.2_macos.tar.gz
069a56ca99f366c294536ade1d99de76e68aac6450bdb5f8b59258295bb1ff22 fleetctl_v4.48.2_macos.zip
b069bee7a2a19e296886fb26862e7432e0b2a0fbde72db072f369a0c0e990955 fleetctl_v4.48.2_windows.tar.gz
9f6fbc95920e22acace881c5702a9fda81104d98ff5f37ed2c343898d371c8b3 fleetctl_v4.48.2_windows.zip
fleet-v4.48.1
Bug fixes
- Made block_id mismatch errors more informative as 400s instead of 500s
- Fixed a bug where values were not being rendered in host-specific query reports
- Fixed potential server panic when events are created with calendar integration, but then global calendar integration is disabled
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
5a65d7c3fda43337fd1422f92403901a460c12a37f89da6cb70833802a2f1c9b fleet_v4.48.1_linux.tar.gz
92dfe587c369ed8afad29bcb4ae5ed9a313cb563b2e52ff0b0494f15dcd5fd33 fleetctl_v4.48.1_linux.tar.gz
2ff4610933ac3310b66beca9b0f12bb88aa346c5ab8f1cfd4fd03219efbeacc9 fleetctl_v4.48.1_linux.zip
18aced79e1431c887174daad2c6076afbd67034fd5ef72042260feffce27a274 fleetctl_v4.48.1_macos.tar.gz
8a51f608a0c289334d341590a8b59fce757f07fd112aaa5459fc9c51891b5e60 fleetctl_v4.48.1_macos.zip
770ca5efa95e4c0a44f8f1653c41d79c9fe55d0e9a228eb2d374bdd8a11a63f7 fleetctl_v4.48.1_windows.tar.gz
0c4413aa7e74903ba6c00cd78d60bb9a153d5775949a90d2c794ec00cef7fbd8 fleetctl_v4.48.1_windows.zip
fleet-v4.48.0
Changes
Endpoint operations
- Added integration with Google Calendar.
- Fleet admins can enable Google Calendar integration by using a Google service account with domain-wide delegation.
- Calendar integration is enabled at the team level for specific team policies.
- If the policy is failing, a calendar event will be put on the host user's calendar for the 3rd Tuesday of the month.
- During the event, Fleet will fire a webhook. IT admins should use this webhook to trigger a script or MDM command that will remediate the issue.
- Confirm that the webhook rate limit can support the number of hosts being remediated. Webhook 429 response exponential backoff coming soon.
- Reduced the number of 'Deadlock found' errors seen by the server when multiple hosts share the same UUID.
- Removed outdated tooltips from UI.
- Added hover states to clickable elements.
- Added cross-platform check for duplicate MDM profiles names in batch set MDM profiles API.
Device management (MDM)
- Added Windows MDM support to the
osquery-perfhost-simulation command. - Added a missing database index to the MDM Windows enrollments table that will improve performance at scale.
- Migrate MDM-related endpoints to new paths, deprecating (but still supporting indefinitely) the old endpoints.
- Adds API functionality for creating DDM declarations, both individually and as a batch.
- Added DDM activities to the fleet UI.
- Added the
enable_release_device_manuallyconfiguration setting for a team and no team. Note that the macOS automatic enrollment profile cannot set theawait_device_configuredoption anymore, this setting is controlled by Fleet via the newenable_release_device_manuallyoption. - Automatically release a macOS DEP-enrolled device after enrollment commands and profiles have been delivered, unless
enable_release_device_manuallyis set totrue.
Vulnerability management
- Added Visual Studio extensions to Fleet's software inventory.
Bug fixes
- Fixed a bug where valid MDM enrollments would show up as unmanaged (EnrollmentState 3).
- Fixed flash message from closing when a modal closes.
- Fixed a bug where OS version information would not get detected on Windows Server 2019.
- Fixed issue where getting host details failed when attempting to read the host's bitlocker status from the datastore.
- Fixed false negative vulnerabilities on macOS Homebrew python packages.
- Fixed styling of live query disabled warning.
- Fixed issue where Windows MDM profile processing was skipping
<Add>commands. - Fixed UI's ability to bulk delete hosts when "All teams" is selected.
- Fixed error state rendering on the global Host status expiry settings page, fix error state alignment for tooltip-wrapper field labels across organization settings.
- Fixed
GET fleet/os_versionsandGET fleet/os_versions/[id]so team users no longer have access to os versions on hosts from other teams. fleetctl gitopsnow batch processes queries and policies.- Fixed UI bug to render the query platform correctly for queries imported from the standard query library.
- Fixed issue where microsoft edge was not reporting vulnerabilities.
- Fixed a bug where all Windows MDM enrollments were detected as automatic.
- Fixed a bug where
nullor excludedsmtp_settingscaused a UI 500. - Fixed query reports so they reset when there is a change to the selected platform or selected minimum osquery version.
- Fixed live query sort of sql result sort for both string and numerical columns.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Fleet's agent
The following version of Fleet's agent (fleetd) support the latest changes to Fleet:
- orbit-v1.2.0
fleet-desktop-v1.2.0(included with Orbit)- fleetd-chrome-v1.2.0
While newer versions of
fleetdstill function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Binary Checksum
SHA256
0a80748ee061b0dc3fef0ecf95abcdcf6554fb09e2f3675fa8f48c43d5582dfa fleet_v4.48.0_linux.tar.gz
de04a4f93837236a62fcd753c4ae7f64ebdbd8880ee2faffd0b950dcc2bc744b fleetctl_v4.48.0_linux.tar.gz
1a9fb59e84b29362e747cf4191c4100ccfa6c52fd766eedb831a4169923976eb fleetctl_v4.48.0_linux.zip
947895eee1492a0f6da5c69fe68361b97359f52f99ac72f7947a456618f0ec7f fleetctl_v4.48.0_macos.tar.gz
d3881b865311e774107ee50db4ee9a27cce669ccdd40e92c1990c4f1ec73e523 fleetctl_v4.48.0_macos.zip
c678c9a61d0faf3f0e030010615c3cca395d815f8c073ea171b20d4bdf221192 fleetctl_v4.48.0_windows.tar.gz
f44a9e93bc06742004f0b5c74b00cf0689b4890b903803c338ef80b9fd69c173 fleetctl_v4.48.0_windows.zip
fleet-v4.47.3
Bug fixes
- Fixed a bug where valid Windows MDM enrollments would show up as unmanaged (EnrollmentState 3).
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
ef9ccb9743205b6cd63e965ded0ad5b6836d9c4f4d8b3bec5264bdfbf1c71651 fleet_v4.47.3_linux.tar.gz
bfcf0d230e85b0d06d5fc6f19042169d856d2e6dd9a38214721a4cf97ae63af2 fleetctl_v4.47.3_linux.tar.gz
2677ada64618dc9d5ac8f15ee9b377009c34376e72c3f460ada6db202821fbef fleetctl_v4.47.3_linux.zip
de7cab0e59a003edd943523dfefa1d038ee1edd914548625fa97324ce680516b fleetctl_v4.47.3_macos.tar.gz
ce4fc109fa3b38b58035b1274318e8db4eac26aee424d0ae4fc8d4113146db52 fleetctl_v4.47.3_macos.zip
8c1b2481e4dfe27c73d6446784fae2b9d2c7d27c11e0a19b081e877a38d08c94 fleetctl_v4.47.3_windows.tar.gz
e3a9686198e872ef6984215ebcd18a3c2f57c8ca009dc3c23b485a88a92fff01 fleetctl_v4.47.3_windows.zip
fleet-v4.47.2
Bug fixes
- Fixed false negative vulnerabilities on macOS Homebrew Python packages.
- Fixed policies to check "disable guest user".
- Resolved the issue where Microsoft Edge was not reporting vulnerabilities.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
a930c85fbceaf955c9ae865893b20a7164b0f8020b0a61ecee56d1a1490cc285 fleet_v4.47.2_linux.tar.gz
03b2d5858587fcf2c5d6f7cdc4a4401318ee63066f936e295f9e94e8c66f0a86 fleetctl_v4.47.2_linux.tar.gz
00b377900f7213590db683ce75b4d3ae6053633a5938148afeefd607d0e88319 fleetctl_v4.47.2_linux.zip
a908c8a15c730ce061360bcbb351135484b0f6e0a1fd19847888818bdab73d86 fleetctl_v4.47.2_macos.tar.gz
9fc6416952495e1c0a13f2b1af1bf774e6dc5a90fcf0a50c942bba56709cb921 fleetctl_v4.47.2_macos.zip
9d0c7f0c88518e5d682763f7697796846ba0c4156371bfc8df612f38b33b77e3 fleetctl_v4.47.2_windows.tar.gz
3fb343762a0cdfe57ac0e85f3b5cb93dc5579c9d820d4a268ca81e809bea089c fleetctl_v4.47.2_windows.zip
fleet-v4.47.1
Bug fixes
- Removed outdated tooltips from UI.
- Fixed an issue with Windows MDM profile processing where
<Add>commands were being skipped. - Team users no longer have access to OS versions on hosts from other teams for GET fleet/os_versions and GET fleet/os_versions/[id].
- Reduced the number of 'Deadlock found' errors seen by the server when multiple hosts share the same UUID.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
1078cdf24990c103ac9a35c7081bfdf4ea6d0d62d6c9b1a5624a6ab9c6fcb07b fleet_v4.47.1_linux.tar.gz
edb82e0716aa844b2d6d8ebfe4d4e08f41a0618fdd62b64623c8f590a39bc207 fleetctl_v4.47.1_linux.tar.gz
1f615397bacd86a29514e0cc9981af1e76ba261c6634367508a7fd88bc088724 fleetctl_v4.47.1_linux.zip
f263d762ee5788d2773d167ed15e6fc41e874f8682b6df9c8f8215c07c836275 fleetctl_v4.47.1_macos.tar.gz
ac6ea42ae4f70b4b8bc0f1c0f6e453447d97c0f13eb5e2e1621765b304e43cdb fleetctl_v4.47.1_macos.zip
1b60f0c6902fde29c56d8ef1df0be1b1ba81320c08aeeae8aa34b2f3698c5cae fleetctl_v4.47.1_windows.tar.gz
4524035a526a4871f7165635991d84d188b944dcd74971d3db44335d1e7565fd fleetctl_v4.47.1_windows.zip