From 653aeceb062ce2cb023169303b6a0f0bb3546e92 Mon Sep 17 00:00:00 2001 From: Luke Heath Date: Thu, 26 Oct 2023 15:07:58 -0500 Subject: [PATCH] Prepare v4.39.0 (#14647) --- CHANGELOG.md | 65 +++++++++++++++++++ changes/10102-host-script-details-api | 1 - changes/11923-python-false-positive-macos | 1 - changes/12927-disk-encryption-settings | 1 - changes/12932-bitlocker-api-updates | 4 -- changes/12933-bitlocker-host-details-api | 1 - changes/13489-implement-api-changes | 0 changes/13654-script-activity-logging | 1 - changes/13703-fix-dep-assignment | 1 - .../14601-add-disk-encryption-detail-host-mdm | 2 - changes/14633-bump-go | 1 - changes/7766-release-notes | 8 --- changes/bug-11314-disable-multicursor-editor | 1 - changes/bug-13894-failing-policies-styling | 1 - changes/bug-14106-setup-resizing-body-color | 1 - changes/bugfix-too-many-placeholders | 1 - changes/db-load-puppet | 1 - changes/issue-13809-fix-host-filtering | 1 - ...7-fix-script-content-and-output-formatting | 1 - ...3847-fix-script-content-and-output-heights | 1 - ...953-changes-to-controls-page-for-bitlocker | 1 - changes/issue-13954-orbit-disk-encryption-key | 1 - ...e-14007-support-get-windows-encryption-key | 1 - ...383-return-host-ossettings-for-winonly-mdm | 1 - .../issue-14406-implement-script-host-details | 1 - changes/issue-9829-scripts-api | 2 - changes/issue-9831-implement-scripts-page | 1 - charts/fleet/Chart.yaml | 2 +- charts/fleet/values.yaml | 2 +- .../dogfood/terraform/aws/variables.tf | 2 +- .../dogfood/terraform/gcp/variables.tf | 2 +- .../sandbox/JITProvisioner/jitprovisioner.tf | 2 +- .../lambda/deploy_terraform/main.tf | 2 +- terraform/byo-vpc/byo-db/byo-ecs/variables.tf | 2 +- terraform/byo-vpc/byo-db/variables.tf | 2 +- terraform/byo-vpc/example/main.tf | 2 +- terraform/byo-vpc/variables.tf | 2 +- terraform/variables.tf | 2 +- tools/fleetctl-npm/package.json | 2 +- 39 files changed, 77 insertions(+), 49 deletions(-) delete mode 100644 changes/10102-host-script-details-api delete mode 100644 changes/11923-python-false-positive-macos delete mode 100644 changes/12927-disk-encryption-settings delete mode 100644 changes/12932-bitlocker-api-updates delete mode 100644 changes/12933-bitlocker-host-details-api delete mode 100644 changes/13489-implement-api-changes delete mode 100644 changes/13654-script-activity-logging delete mode 100644 changes/13703-fix-dep-assignment delete mode 100644 changes/14601-add-disk-encryption-detail-host-mdm delete mode 100644 changes/14633-bump-go delete mode 100644 changes/7766-release-notes delete mode 100644 changes/bug-11314-disable-multicursor-editor delete mode 100644 changes/bug-13894-failing-policies-styling delete mode 100644 changes/bug-14106-setup-resizing-body-color delete mode 100644 changes/bugfix-too-many-placeholders delete mode 100644 changes/db-load-puppet delete mode 100644 changes/issue-13809-fix-host-filtering delete mode 100644 changes/issue-13847-fix-script-content-and-output-formatting delete mode 100644 changes/issue-13847-fix-script-content-and-output-heights delete mode 100644 changes/issue-13953-changes-to-controls-page-for-bitlocker delete mode 100644 changes/issue-13954-orbit-disk-encryption-key delete mode 100644 changes/issue-14007-support-get-windows-encryption-key delete mode 100644 changes/issue-14383-return-host-ossettings-for-winonly-mdm delete mode 100644 changes/issue-14406-implement-script-host-details delete mode 100644 changes/issue-9829-scripts-api delete mode 100644 changes/issue-9831-implement-scripts-page diff --git a/CHANGELOG.md b/CHANGELOG.md index c18bd7fe755c..c7597f93f9c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,68 @@ +## Fleet 4.39.0 (Oct 19, 2023) + +### Changes + +* Added ability to store results of scheduled queries: + - Will store up to 1000 results for each scheduled query. + - If the number of results for a scheduled query is below 1000, then the results will continuously get updated every time the hosts send results to Fleet. + - Introduced `server_settings.query_reports_disabled` field in global configuration to disable this feature. + - New API endpoint: `GET /api/_version_/fleet/queries/{id}/report`. + - New field `discard_data` added to API queries endpoints for toggling report storage for a query. For yaml configurations, use `discard_data: true` to disable result storage. + - Enhanced osquery result log validation. + - **NOTE:** This feature enables storing more query data in Fleet. This may impact database performance, depending on the number of queries, their frequency, and the number of hosts in your Fleet instance. For large deployments, we recommend monitoring your database load while gradually adding new query reports to ensure your database is sized appropriately. + +* Added scripts tab and table for host details page. + +* Added support to return the decrypted disk encryption key of a Windows host. + +* Added `GET /hosts/{id}/scripts` endpoint to retrieve status details of saved scripts for a host. + +* Added `mdm.os_settings` to `GET /api/v1/hosts/{id}` response. + +* Added `POST /api/fleet/orbit/disk_encryption_key` endpoint for Windows hosts to report bitlocker encryption key. + +* Added activity logging for script operations (add, delete, edit). + +* Added UI for scripts on the controls page. + +* Added API endpoints for script management and updated existing ones to accommodate saved script ID. + +* Added `GET /mdm/disk_encryption/summary` endpoint for disk encryption summaries for macOS and Windows. + +* Added `os_settings` and `os_settings_disk_encryption` filters to various `GET` endpoints for host filtering based on OS settings. + +* Enhanced `GET hosts/:id` API response to include more detailed disk encryption data for device client errors. + +* Updated controls > disk encryption and host details page to include Windows bitlocker information. + +* Improved styling for host details/device user failing policies display. + +* Disabled multicursor editing for SQL editors. + +* Deprecated `mdm.macos_settings.enable_disk_encryption` in favor of `mdm.enable_disk_encryption`. + +* Updated Go version to 1.21.3. + +### Bug fixes + +* Fixed script content and output formatting issues on the scripts detail modal. + +* Fixed a high database load issue in the Puppet match endpoint. + +* Fixed setup flows background not covering the entire viewport when resized to some sizes. + +* Fixed a bug affecting OS settings information retrieval regarding disk encryption status for Windows hosts. + +* Fixed SQL parameters used in the `/api/latest/fleet/labels/{labelID}/hosts` endpoint for certain query parameters, addressing issue 13809. + +* Fixed Python's CVE-2021-42919 false positive on macOS which should only affect Linux. + +* Fixed a bug causing DEP profiles to sometimes not get assigned correctly to hosts. + +* Fixed an issue in the bulk-set of MDM Apple profiles leading to excessive placeholders in SQL. + +* Fixed max-height display issue for script content and output in the script details modal. + ## Fleet 4.38.1 (Oct 5, 2023) ### Bug Fixes diff --git a/changes/10102-host-script-details-api b/changes/10102-host-script-details-api deleted file mode 100644 index 817ffbd35da4..000000000000 --- a/changes/10102-host-script-details-api +++ /dev/null @@ -1 +0,0 @@ -- Added `GET /hosts/{id}/scripts` endpoint to retrieve status details of saved scripts applicable to a host. diff --git a/changes/11923-python-false-positive-macos b/changes/11923-python-false-positive-macos deleted file mode 100644 index 30c7fbc3db06..000000000000 --- a/changes/11923-python-false-positive-macos +++ /dev/null @@ -1 +0,0 @@ -* Fix python's false positive CVE-2021-42919 found on macOS that should only affect linux hosts. diff --git a/changes/12927-disk-encryption-settings b/changes/12927-disk-encryption-settings deleted file mode 100644 index a9464b7d5bac..000000000000 --- a/changes/12927-disk-encryption-settings +++ /dev/null @@ -1 +0,0 @@ -* Deprecate `mdm.macos_settings.enable_disk_encryption` in favor of `mdm.enable_disk_encryption` diff --git a/changes/12932-bitlocker-api-updates b/changes/12932-bitlocker-api-updates deleted file mode 100644 index 0ce9b45e8a1b..000000000000 --- a/changes/12932-bitlocker-api-updates +++ /dev/null @@ -1,4 +0,0 @@ -- Added `GET /mdm/disk_encryption/summary` endpoint to get the disk encryption summary for macOS and - Windows devices. -- Added `os_settings` and `os_settings_disk_encryption` filters to `GET /hosts`, `GET /hosts/count`, - `GET /api/v1/fleet/labels/{id}/hosts` endpoints to filter hosts by OS settings. diff --git a/changes/12933-bitlocker-host-details-api b/changes/12933-bitlocker-host-details-api deleted file mode 100644 index ccb11df8b74e..000000000000 --- a/changes/12933-bitlocker-host-details-api +++ /dev/null @@ -1 +0,0 @@ -- Added `mdm.os_settings` to `GET /api/v1/hosts/{id}` response. diff --git a/changes/13489-implement-api-changes b/changes/13489-implement-api-changes deleted file mode 100644 index e69de29bb2d1..000000000000 diff --git a/changes/13654-script-activity-logging b/changes/13654-script-activity-logging deleted file mode 100644 index 5bbc9edcbcff..000000000000 --- a/changes/13654-script-activity-logging +++ /dev/null @@ -1 +0,0 @@ -- Added activity logging for add, delete, and edit scripts. diff --git a/changes/13703-fix-dep-assignment b/changes/13703-fix-dep-assignment deleted file mode 100644 index 9026dd7b666a..000000000000 --- a/changes/13703-fix-dep-assignment +++ /dev/null @@ -1 +0,0 @@ -* Fixed a bug that could cause DEP profiles to not be properly assigned to hosts. diff --git a/changes/14601-add-disk-encryption-detail-host-mdm b/changes/14601-add-disk-encryption-detail-host-mdm deleted file mode 100644 index e213139b62c3..000000000000 --- a/changes/14601-add-disk-encryption-detail-host-mdm +++ /dev/null @@ -1,2 +0,0 @@ -- Updated `GET hosts/:id` API response to include additional detail for disk encryption in case of - device client errors. diff --git a/changes/14633-bump-go b/changes/14633-bump-go deleted file mode 100644 index 32708f246909..000000000000 --- a/changes/14633-bump-go +++ /dev/null @@ -1 +0,0 @@ -* Updated Go version to 1.21.3 diff --git a/changes/7766-release-notes b/changes/7766-release-notes deleted file mode 100644 index b48951657efa..000000000000 --- a/changes/7766-release-notes +++ /dev/null @@ -1,8 +0,0 @@ -* Fleet now stores results of scheduled queries: - - Fleet will store up to 1000 results for each scheduled query. - NOTE: If the number of results for a scheduled query is below 1000, then the results will continuously get updated every time the hosts send results to Fleet. - - A new `server_settings.query_reports_disabled` field was added to the global configuration to disable this feature. - - A new API endpoint was added to get the stored results of a query: `GET /api/_version_/fleet/queries/{id}/report`. - - A new field `discard_data` has been added to API queries endpoints to allow disabling reports for a query (default `false`). If using yaml files to apply queries, you will need to explicitly add `discard_data: true` to disable storing results in Fleet for scheduled queries. - - Queries with `discard_data` set to `false` will be scheduled to run on hosts, even if `automations_enabled` is set to `false`, and their results will be processed and stored in Fleet. Because of this change, Fleet now does more validation on osquery result logs that are ingested and will error on unknown message formats. - diff --git a/changes/bug-11314-disable-multicursor-editor b/changes/bug-11314-disable-multicursor-editor deleted file mode 100644 index b5fbb8c121bc..000000000000 --- a/changes/bug-11314-disable-multicursor-editor +++ /dev/null @@ -1 +0,0 @@ -- Fleet UI: Disable multicursor editing for SQL editors diff --git a/changes/bug-13894-failing-policies-styling b/changes/bug-13894-failing-policies-styling deleted file mode 100644 index 5bd83a7b0961..000000000000 --- a/changes/bug-13894-failing-policies-styling +++ /dev/null @@ -1 +0,0 @@ -* Fix styling for host details/device user failing policies call out \ No newline at end of file diff --git a/changes/bug-14106-setup-resizing-body-color b/changes/bug-14106-setup-resizing-body-color deleted file mode 100644 index 106c24e1ad09..000000000000 --- a/changes/bug-14106-setup-resizing-body-color +++ /dev/null @@ -1 +0,0 @@ -- Setup flows background covers the entire viewport when resized diff --git a/changes/bugfix-too-many-placeholders b/changes/bugfix-too-many-placeholders deleted file mode 100644 index 2fb0f8c35003..000000000000 --- a/changes/bugfix-too-many-placeholders +++ /dev/null @@ -1 +0,0 @@ -* Fixed a bug in the bulk-set of MDM Apple profiles where too many placeholders could end up being used in SQL statements. diff --git a/changes/db-load-puppet b/changes/db-load-puppet deleted file mode 100644 index 30da9e766734..000000000000 --- a/changes/db-load-puppet +++ /dev/null @@ -1 +0,0 @@ -* Fixed an issue causing high database loads in Puppet match endpoint diff --git a/changes/issue-13809-fix-host-filtering b/changes/issue-13809-fix-host-filtering deleted file mode 100644 index 5ebbeac23f77..000000000000 --- a/changes/issue-13809-fix-host-filtering +++ /dev/null @@ -1 +0,0 @@ -* Use the correct set of parameters for SQL statement when the `after` and `order_key` query params are passed to the `/api/latest/fleet/labels/{labelID}/hosts` endpoint. Fixes issue 13809. \ No newline at end of file diff --git a/changes/issue-13847-fix-script-content-and-output-formatting b/changes/issue-13847-fix-script-content-and-output-formatting deleted file mode 100644 index 0a9bf6bc1576..000000000000 --- a/changes/issue-13847-fix-script-content-and-output-formatting +++ /dev/null @@ -1 +0,0 @@ -- fix script content and output formatting on the scripts detail modal. diff --git a/changes/issue-13847-fix-script-content-and-output-heights b/changes/issue-13847-fix-script-content-and-output-heights deleted file mode 100644 index 07dcf2e0fb06..000000000000 --- a/changes/issue-13847-fix-script-content-and-output-heights +++ /dev/null @@ -1 +0,0 @@ -- fix the displayed max-height display for script content and output in the script details modal. diff --git a/changes/issue-13953-changes-to-controls-page-for-bitlocker b/changes/issue-13953-changes-to-controls-page-for-bitlocker deleted file mode 100644 index 728d93122e02..000000000000 --- a/changes/issue-13953-changes-to-controls-page-for-bitlocker +++ /dev/null @@ -1 +0,0 @@ -- change Controls/Disk Encryption and host details page to include windows bitlocker information. diff --git a/changes/issue-13954-orbit-disk-encryption-key b/changes/issue-13954-orbit-disk-encryption-key deleted file mode 100644 index 82767942ec0b..000000000000 --- a/changes/issue-13954-orbit-disk-encryption-key +++ /dev/null @@ -1 +0,0 @@ -* Added the `POST /api/fleet/orbit/disk_encryption_key` endpoint for Windows hosts to report the bitlocker encryption key. diff --git a/changes/issue-14007-support-get-windows-encryption-key b/changes/issue-14007-support-get-windows-encryption-key deleted file mode 100644 index 0705f8e974f6..000000000000 --- a/changes/issue-14007-support-get-windows-encryption-key +++ /dev/null @@ -1 +0,0 @@ -* Added support to return the decrypted disk encryption key of a Windows host. diff --git a/changes/issue-14383-return-host-ossettings-for-winonly-mdm b/changes/issue-14383-return-host-ossettings-for-winonly-mdm deleted file mode 100644 index 21a1f8b8fd05..000000000000 --- a/changes/issue-14383-return-host-ossettings-for-winonly-mdm +++ /dev/null @@ -1 +0,0 @@ -* Fixed a bug where the OS settings information with disk encryption status of Windows hosts was not returned when only the Windows MDM was enabled (and not the macOS one). diff --git a/changes/issue-14406-implement-script-host-details b/changes/issue-14406-implement-script-host-details deleted file mode 100644 index b900b6875284..000000000000 --- a/changes/issue-14406-implement-script-host-details +++ /dev/null @@ -1 +0,0 @@ -- implement scripts tab and table for host details page diff --git a/changes/issue-9829-scripts-api b/changes/issue-9829-scripts-api deleted file mode 100644 index 402ad3287f0a..000000000000 --- a/changes/issue-9829-scripts-api +++ /dev/null @@ -1,2 +0,0 @@ -* Added API endpoints for script management. -* Updated the `POST /scripts/run` and `POST /scripts/run/sync` endpoints to accept an optional saved script ID instead of the script contents. diff --git a/changes/issue-9831-implement-scripts-page b/changes/issue-9831-implement-scripts-page deleted file mode 100644 index c21d40b48357..000000000000 --- a/changes/issue-9831-implement-scripts-page +++ /dev/null @@ -1 +0,0 @@ -- implement UI for scripts on the controls page diff --git a/charts/fleet/Chart.yaml b/charts/fleet/Chart.yaml index 655c606998bb..5d842aa955b8 100644 --- a/charts/fleet/Chart.yaml +++ b/charts/fleet/Chart.yaml @@ -8,4 +8,4 @@ version: v5.0.1 home: https://github.com/fleetdm/fleet sources: - https://github.com/fleetdm/fleet.git -appVersion: v4.38.1 +appVersion: v4.39.0 diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml index 4c01fb7ab5e7..bab6cc528b8d 100644 --- a/charts/fleet/values.yaml +++ b/charts/fleet/values.yaml @@ -2,7 +2,7 @@ # All settings related to how Fleet is deployed in Kubernetes hostName: fleet.localhost replicas: 3 # The number of Fleet instances to deploy -imageTag: v4.38.1 # Version of Fleet to deploy +imageTag: v4.39.0 # Version of Fleet to deploy podAnnotations: {} # Additional annotations to add to the Fleet pod serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account resources: diff --git a/infrastructure/dogfood/terraform/aws/variables.tf b/infrastructure/dogfood/terraform/aws/variables.tf index 09388cd5605c..bf33e988d82d 100644 --- a/infrastructure/dogfood/terraform/aws/variables.tf +++ b/infrastructure/dogfood/terraform/aws/variables.tf @@ -56,7 +56,7 @@ variable "database_name" { variable "fleet_image" { description = "the name of the container image to run" - default = "fleetdm/fleet:v4.38.1" + default = "fleetdm/fleet:v4.39.0" } variable "software_inventory" { diff --git a/infrastructure/dogfood/terraform/gcp/variables.tf b/infrastructure/dogfood/terraform/gcp/variables.tf index 752306212768..4132addfdd51 100644 --- a/infrastructure/dogfood/terraform/gcp/variables.tf +++ b/infrastructure/dogfood/terraform/gcp/variables.tf @@ -68,5 +68,5 @@ variable "redis_mem" { } variable "image" { - default = "fleet:v4.38.1" + default = "fleet:v4.39.0" } diff --git a/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf b/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf index 024b5bead25c..95cf0a1e40cd 100644 --- a/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf +++ b/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf @@ -206,7 +206,7 @@ resource "random_uuid" "jitprovisioner" { # Use the local to make the trigger work. locals { - fleet_tag = "v4.38.1" + fleet_tag = "v4.39.0" } resource "null_resource" "standard-query-library" { diff --git a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf index 458d6677ccef..d6421ad5256f 100644 --- a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf +++ b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf @@ -165,7 +165,7 @@ resource "helm_release" "main" { set { name = "imageTag" - value = "v4.38.1" + value = "v4.39.0" } set { diff --git a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf index e8a73e36fb84..424ad652a926 100644 --- a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf +++ b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf @@ -13,7 +13,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.38.1") + image = optional(string, "fleetdm/fleet:v4.39.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/byo-vpc/byo-db/variables.tf b/terraform/byo-vpc/byo-db/variables.tf index e4700c923877..7922a1e54466 100644 --- a/terraform/byo-vpc/byo-db/variables.tf +++ b/terraform/byo-vpc/byo-db/variables.tf @@ -74,7 +74,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.38.1") + image = optional(string, "fleetdm/fleet:v4.39.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/byo-vpc/example/main.tf b/terraform/byo-vpc/example/main.tf index 49c62767a82e..9e6a314defad 100644 --- a/terraform/byo-vpc/example/main.tf +++ b/terraform/byo-vpc/example/main.tf @@ -17,7 +17,7 @@ provider "aws" { } locals { - fleet_image = "fleetdm/fleet:v4.38.1" + fleet_image = "fleetdm/fleet:v4.39.0" } resource "random_pet" "main" {} diff --git a/terraform/byo-vpc/variables.tf b/terraform/byo-vpc/variables.tf index eef43bfdfc48..cd1caae2ab6d 100644 --- a/terraform/byo-vpc/variables.tf +++ b/terraform/byo-vpc/variables.tf @@ -163,7 +163,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.38.1") + image = optional(string, "fleetdm/fleet:v4.39.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/variables.tf b/terraform/variables.tf index 8373dd056964..11365d3cc393 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -215,7 +215,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.38.1") + image = optional(string, "fleetdm/fleet:v4.39.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/tools/fleetctl-npm/package.json b/tools/fleetctl-npm/package.json index 1d364cadb2d6..2afc934f093a 100644 --- a/tools/fleetctl-npm/package.json +++ b/tools/fleetctl-npm/package.json @@ -1,6 +1,6 @@ { "name": "fleetctl", - "version": "v4.38.1", + "version": "v4.39.0", "description": "Installer for the fleetctl CLI tool", "bin": { "fleetctl": "./run.js"