From 6807cfe89748ef3950b324692198782f6644e3b5 Mon Sep 17 00:00:00 2001 From: Luke Heath Date: Mon, 25 Sep 2023 16:43:52 -0500 Subject: [PATCH] Prepare v4.38.0 (#14123) --- CHANGELOG.md | 62 +++++++++++++++++++ changes/11099-mdm-profiles-retries | 2 - .../11346-add-used-by-data-filtered-by-labels | 1 - changes/11666-add-nvd-resolved-version | 1 - changes/11922-microsoft-teams-fp | 2 - changes/11925-flock-vuln-false-positive | 1 - changes/11926-python-vuln-false-positive | 1 - ...3-improve-chrome-live-query-error-handling | 1 - .../12948-fix-software-bundle-clickability | 3 - .../13095-fix-empty-query-policy-placeholders | 1 - changes/13287-filter-extensions-by-labels | 1 - changes/13287-fix-bugs-in-fleetd-extensions | 2 - changes/13338-use-local-wix | 2 - changes/13368-disable-1password-over-autofill | 1 - changes/13702 | 2 - changes/13715-bump-go-version | 1 - .../13875-fix-windows-automatic-enrollment | 1 - ...fix-performance-regression-in-hosts-report | 4 -- changes/14038-fix-save-multiple-new-policies | 1 - changes/14087-status-indicator-alignment | 1 - changes/14346-fix-cve-time-ago | 1 - changes/9835-cve-descriptions | 1 - ...7-fix-script-content-and-output-formatting | 1 - changes/issue-9827-migrations-saved-scripts | 1 - charts/fleet/Chart.yaml | 2 +- charts/fleet/values.yaml | 2 +- .../dogfood/terraform/aws/variables.tf | 2 +- .../dogfood/terraform/gcp/variables.tf | 2 +- .../sandbox/JITProvisioner/jitprovisioner.tf | 2 +- .../lambda/deploy_terraform/main.tf | 2 +- terraform/byo-vpc/byo-db/byo-ecs/variables.tf | 2 +- terraform/byo-vpc/byo-db/variables.tf | 2 +- terraform/byo-vpc/example/main.tf | 2 +- terraform/byo-vpc/variables.tf | 2 +- terraform/example/main.tf | 2 +- terraform/variables.tf | 2 +- tools/fleetctl-npm/package.json | 2 +- 37 files changed, 75 insertions(+), 46 deletions(-) delete mode 100644 changes/11099-mdm-profiles-retries delete mode 100644 changes/11346-add-used-by-data-filtered-by-labels delete mode 100644 changes/11666-add-nvd-resolved-version delete mode 100644 changes/11922-microsoft-teams-fp delete mode 100644 changes/11925-flock-vuln-false-positive delete mode 100644 changes/11926-python-vuln-false-positive delete mode 100644 changes/12383-improve-chrome-live-query-error-handling delete mode 100644 changes/12948-fix-software-bundle-clickability delete mode 100644 changes/13095-fix-empty-query-policy-placeholders delete mode 100644 changes/13287-filter-extensions-by-labels delete mode 100644 changes/13287-fix-bugs-in-fleetd-extensions delete mode 100644 changes/13338-use-local-wix delete mode 100644 changes/13368-disable-1password-over-autofill delete mode 100644 changes/13702 delete mode 100644 changes/13715-bump-go-version delete mode 100644 changes/13875-fix-windows-automatic-enrollment delete mode 100644 changes/13926-fix-performance-regression-in-hosts-report delete mode 100644 changes/14038-fix-save-multiple-new-policies delete mode 100644 changes/14087-status-indicator-alignment delete mode 100644 changes/14346-fix-cve-time-ago delete mode 100644 changes/9835-cve-descriptions delete mode 100644 changes/issue-13847-fix-script-content-and-output-formatting delete mode 100644 changes/issue-9827-migrations-saved-scripts diff --git a/CHANGELOG.md b/CHANGELOG.md index 345375f5c3a3..56c28a4c9857 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,65 @@ +## Fleet 4.38.0 (Sep 25, 2023) + +### Changes + +* Updated MDM profile verification so that an install profile command will be retried once if the command resulted in an error or if osquery cannot confirm that the expected profile is installed. + +* Ensured post-enrollment commands are sent to devices assigned to Fleet in ABM. + +* Ensured hosts assigned to Fleet in ABM come back to pending to the right team after they're deleted. + +* Added `labels` to the fleetd extensions feature to allow deploying extensions to hosts that belong to certain labels. + +* Changed fleetd Windows extensions file extension from `.ext` to `.ext.exe` to allow their execution on Windows devices (executables on Windows must end with `.exe`). + +* Surfaced chrome live query errors to Fleet UI (including errors for specific columns while maintaining successful data in results). + +* Fixed delivery of fleetd extensions to devices to only send extensions for the host's platform. + +* (Premium only) Added `resolved_in_version` to `/fleet/software` APIs pulled from NVD feed. + +* Added database migrations to create the new `scripts` table to store saved scripts. + +* Allowed specifying `disable_failing_policies` on the `/api/v1/fleet/hosts/report` API endpoint for increased performance. This is useful if the user is not interested in counting failed policies (`issues` column). + +* Added the option to use locally-installed WiX v3 binaries when generating the Fleetd installer for Windows on a Windows machine. + +* Added CVE descriptions to the `/fleet/software` API. + +* Restored the ability to click on and select/copy text from software bundle tooltips while maintaining the abilities to click the software's name to get more details and to click anywhere else in the row to view all hosts with that software installed. + +* Stopped 1password from overly autofilling forms. + +* Upgraded Go version to 1.21.1. + +### Bug Fixes + +* Fixed vulnerability mismatch between the flock browser and the discoteq/flock binary. + +* Fixed v4.37.0 performance regressions in the following API endpoints: + * `/api/v1/fleet/hosts/report` + * `/api/v1/fleet/hosts` when using `per_page=0` or a large number for `per_page` (in the thousands). + +* Fixed script content and output formatting on the scripts detail modal. + +* Fixed wrong version numbers for Microsoft Teams in macOS (from invalid format of the form `1.00.XYYYYY` to correct format `1.X.00.YYYYY`). + +* Fixed false positive CVE-2020-10146 found on Microsoft Teams. + +* Fixed CVE-2013-0340 reporting as a valid vulnerability due to NVD recommendations. + +* Fixed save button for a new policy after newly creating another policy. + +* Fixed empty query/policy placeholders. + +* Fixed used by data when filtering hosts by labels. + +* Fixed small copy and alignment issue with status indicators in the Queries page Automations column. + +* Fixed strict checks on Windows MDM Automatic Enrollment. + +* Fixed software vulnerabilities time ago column for old CVEs. + ## Fleet 4.37.0 (Sep 8, 2023) ### Changes diff --git a/changes/11099-mdm-profiles-retries b/changes/11099-mdm-profiles-retries deleted file mode 100644 index e4e6c65bb886..000000000000 --- a/changes/11099-mdm-profiles-retries +++ /dev/null @@ -1,2 +0,0 @@ - - Updated MDM profile verification so that an install profile command will be retried once if the command - resulted in an error or if osquery cannot confirm that the expected profile is installed. \ No newline at end of file diff --git a/changes/11346-add-used-by-data-filtered-by-labels b/changes/11346-add-used-by-data-filtered-by-labels deleted file mode 100644 index ce5d12863f8a..000000000000 --- a/changes/11346-add-used-by-data-filtered-by-labels +++ /dev/null @@ -1 +0,0 @@ -- Bug fix: surface used by data when filtering hosts by labels diff --git a/changes/11666-add-nvd-resolved-version b/changes/11666-add-nvd-resolved-version deleted file mode 100644 index dbebcfc9d9fc..000000000000 --- a/changes/11666-add-nvd-resolved-version +++ /dev/null @@ -1 +0,0 @@ -- (premium only) adds `resolved_in_version` to `/fleet/software` APIs pulled from NVD feed \ No newline at end of file diff --git a/changes/11922-microsoft-teams-fp b/changes/11922-microsoft-teams-fp deleted file mode 100644 index dc80870bf599..000000000000 --- a/changes/11922-microsoft-teams-fp +++ /dev/null @@ -1,2 +0,0 @@ -* Fixed wrong version numbers for Microsoft Teams in macOS (from invalid format of the form `1.00.XYYYYY` to correct format `1.X.00.YYYYY`). -* Fixed false positive CVE-2020-10146 found on Microsoft Teams. diff --git a/changes/11925-flock-vuln-false-positive b/changes/11925-flock-vuln-false-positive deleted file mode 100644 index 371afebc92f2..000000000000 --- a/changes/11925-flock-vuln-false-positive +++ /dev/null @@ -1 +0,0 @@ -* fixed vulnerability mismatch between the flock browser and the discoteq/flock binary \ No newline at end of file diff --git a/changes/11926-python-vuln-false-positive b/changes/11926-python-vuln-false-positive deleted file mode 100644 index 8ba8a8d0ce4a..000000000000 --- a/changes/11926-python-vuln-false-positive +++ /dev/null @@ -1 +0,0 @@ -- CVE-2013-0340 no longer reports as a valid vulnerability due to NVD recommendations \ No newline at end of file diff --git a/changes/12383-improve-chrome-live-query-error-handling b/changes/12383-improve-chrome-live-query-error-handling deleted file mode 100644 index eff5b3d5d8ca..000000000000 --- a/changes/12383-improve-chrome-live-query-error-handling +++ /dev/null @@ -1 +0,0 @@ -- UI improvement: Surface chrome live query errors to Fleet UI (including errors for specific columns while maintaining successful data in results) diff --git a/changes/12948-fix-software-bundle-clickability b/changes/12948-fix-software-bundle-clickability deleted file mode 100644 index 1fbf8f8acd80..000000000000 --- a/changes/12948-fix-software-bundle-clickability +++ /dev/null @@ -1,3 +0,0 @@ -- Restored the ability to click on and select/copy text from software bundle tooltips while - maintaining the abilities to click the software's name to get more details and to click anywhere - else in the row to view all hosts with that software installed. diff --git a/changes/13095-fix-empty-query-policy-placeholders b/changes/13095-fix-empty-query-policy-placeholders deleted file mode 100644 index 3203cf21dd47..000000000000 --- a/changes/13095-fix-empty-query-policy-placeholders +++ /dev/null @@ -1 +0,0 @@ -- Fleet UI - Fix empty query/policy placeholders diff --git a/changes/13287-filter-extensions-by-labels b/changes/13287-filter-extensions-by-labels deleted file mode 100644 index 4ee9737ed7bb..000000000000 --- a/changes/13287-filter-extensions-by-labels +++ /dev/null @@ -1 +0,0 @@ -* Add `labels` to the fleetd extensions feature to allow deploying extensions to hosts that belong to certain labels. diff --git a/changes/13287-fix-bugs-in-fleetd-extensions b/changes/13287-fix-bugs-in-fleetd-extensions deleted file mode 100644 index bc91c9a4a2b4..000000000000 --- a/changes/13287-fix-bugs-in-fleetd-extensions +++ /dev/null @@ -1,2 +0,0 @@ -* Change fleetd Windows extensions file extension from `.ext` to `.ext.exe` to allow their execution on Windows devices (executables on Windows must end with `.exe`). -* Fixed delivery of fleetd extensions to devices to only send extensions for the host's platform. diff --git a/changes/13338-use-local-wix b/changes/13338-use-local-wix deleted file mode 100644 index 18dd2829334e..000000000000 --- a/changes/13338-use-local-wix +++ /dev/null @@ -1,2 +0,0 @@ -* Add the option to use locally-installed WiX v3 binaries when generating the Fleetd installer for -Windows on a Windows machine. diff --git a/changes/13368-disable-1password-over-autofill b/changes/13368-disable-1password-over-autofill deleted file mode 100644 index dbed1572c6ae..000000000000 --- a/changes/13368-disable-1password-over-autofill +++ /dev/null @@ -1 +0,0 @@ -- UI improvement: Remove 1password from overly autofilling forms diff --git a/changes/13702 b/changes/13702 deleted file mode 100644 index 0bd01b78e87c..000000000000 --- a/changes/13702 +++ /dev/null @@ -1,2 +0,0 @@ -* Ensure post-enrollment commands are sent to devices assigned to Fleet in ABM. -* Ensure hosts assigned to Fleet in ABM come back to pending to the right team after they're deleted. diff --git a/changes/13715-bump-go-version b/changes/13715-bump-go-version deleted file mode 100644 index ca39bbca12eb..000000000000 --- a/changes/13715-bump-go-version +++ /dev/null @@ -1 +0,0 @@ -* Upgraded Go version to 1.21.1 diff --git a/changes/13875-fix-windows-automatic-enrollment b/changes/13875-fix-windows-automatic-enrollment deleted file mode 100644 index 1dce7f8869fa..000000000000 --- a/changes/13875-fix-windows-automatic-enrollment +++ /dev/null @@ -1 +0,0 @@ -* Fix for strict checks on Windows MDM Automatic Enrollment diff --git a/changes/13926-fix-performance-regression-in-hosts-report b/changes/13926-fix-performance-regression-in-hosts-report deleted file mode 100644 index 9b9e7eedd5fe..000000000000 --- a/changes/13926-fix-performance-regression-in-hosts-report +++ /dev/null @@ -1,4 +0,0 @@ -* Fix v4.37.0 performance regressions in the following API endpoints: - * `/api/v1/fleet/hosts/report` - * `/api/v1/fleet/hosts` when using `per_page=0` or a large number for `per_page` (in the thousands) -* Allow specifying `disable_failing_policies` on the `/api/v1/fleet/hosts/report` API endpoint for increased performance. This is useful if the user is not interested on counting failed policies (`issues` column). diff --git a/changes/14038-fix-save-multiple-new-policies b/changes/14038-fix-save-multiple-new-policies deleted file mode 100644 index ecc8ef3cde07..000000000000 --- a/changes/14038-fix-save-multiple-new-policies +++ /dev/null @@ -1 +0,0 @@ -* Fix save button for a new policy after newly creating another policy \ No newline at end of file diff --git a/changes/14087-status-indicator-alignment b/changes/14087-status-indicator-alignment deleted file mode 100644 index b78b390d2df4..000000000000 --- a/changes/14087-status-indicator-alignment +++ /dev/null @@ -1 +0,0 @@ -- Fix small copy and alignment issue with status indicators in the Queries page Automations column diff --git a/changes/14346-fix-cve-time-ago b/changes/14346-fix-cve-time-ago deleted file mode 100644 index e1333f1ea066..000000000000 --- a/changes/14346-fix-cve-time-ago +++ /dev/null @@ -1 +0,0 @@ -- Fleet UI: Fix software vulnerabilities time ago column for old CVEs diff --git a/changes/9835-cve-descriptions b/changes/9835-cve-descriptions deleted file mode 100644 index abadc2409442..000000000000 --- a/changes/9835-cve-descriptions +++ /dev/null @@ -1 +0,0 @@ -- CVE descriptions added to the /fleet/software API \ No newline at end of file diff --git a/changes/issue-13847-fix-script-content-and-output-formatting b/changes/issue-13847-fix-script-content-and-output-formatting deleted file mode 100644 index 0a9bf6bc1576..000000000000 --- a/changes/issue-13847-fix-script-content-and-output-formatting +++ /dev/null @@ -1 +0,0 @@ -- fix script content and output formatting on the scripts detail modal. diff --git a/changes/issue-9827-migrations-saved-scripts b/changes/issue-9827-migrations-saved-scripts deleted file mode 100644 index 30c6861c332c..000000000000 --- a/changes/issue-9827-migrations-saved-scripts +++ /dev/null @@ -1 +0,0 @@ -* Added database migrations to create the new `scripts` table to store saved scripts. diff --git a/charts/fleet/Chart.yaml b/charts/fleet/Chart.yaml index c12ca90516f8..e9d974fbcbeb 100644 --- a/charts/fleet/Chart.yaml +++ b/charts/fleet/Chart.yaml @@ -8,4 +8,4 @@ version: v5.0.1 home: https://github.com/fleetdm/fleet sources: - https://github.com/fleetdm/fleet.git -appVersion: v4.37.0 +appVersion: v4.38.0 diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml index 7cd4783ce7dd..c0c689fbaa73 100644 --- a/charts/fleet/values.yaml +++ b/charts/fleet/values.yaml @@ -2,7 +2,7 @@ # All settings related to how Fleet is deployed in Kubernetes hostName: fleet.localhost replicas: 3 # The number of Fleet instances to deploy -imageTag: v4.37.0 # Version of Fleet to deploy +imageTag: v4.38.0 # Version of Fleet to deploy podAnnotations: {} # Additional annotations to add to the Fleet pod serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account resources: diff --git a/infrastructure/dogfood/terraform/aws/variables.tf b/infrastructure/dogfood/terraform/aws/variables.tf index 8e92eb52a27b..615976ac2eef 100644 --- a/infrastructure/dogfood/terraform/aws/variables.tf +++ b/infrastructure/dogfood/terraform/aws/variables.tf @@ -56,7 +56,7 @@ variable "database_name" { variable "fleet_image" { description = "the name of the container image to run" - default = "fleetdm/fleet:v4.37.0" + default = "fleetdm/fleet:v4.38.0" } variable "software_inventory" { diff --git a/infrastructure/dogfood/terraform/gcp/variables.tf b/infrastructure/dogfood/terraform/gcp/variables.tf index 56c01006b39c..9306fe090440 100644 --- a/infrastructure/dogfood/terraform/gcp/variables.tf +++ b/infrastructure/dogfood/terraform/gcp/variables.tf @@ -68,5 +68,5 @@ variable "redis_mem" { } variable "image" { - default = "fleet:v4.37.0" + default = "fleet:v4.38.0" } diff --git a/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf b/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf index c2749f8a3382..71842e3cd54b 100644 --- a/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf +++ b/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf @@ -206,7 +206,7 @@ resource "random_uuid" "jitprovisioner" { # Use the local to make the trigger work. locals { - fleet_tag = "v4.37.0" + fleet_tag = "v4.38.0" } resource "null_resource" "standard-query-library" { diff --git a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf index 0ef7efca443c..d56cbdbb944e 100644 --- a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf +++ b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf @@ -165,7 +165,7 @@ resource "helm_release" "main" { set { name = "imageTag" - value = "v4.37.0" + value = "v4.38.0" } set { diff --git a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf index ccb45bfbdee5..c4c08bc48598 100644 --- a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf +++ b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf @@ -13,7 +13,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.37.0") + image = optional(string, "fleetdm/fleet:v4.38.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/byo-vpc/byo-db/variables.tf b/terraform/byo-vpc/byo-db/variables.tf index 2e4329830fdd..bc27ae7d85da 100644 --- a/terraform/byo-vpc/byo-db/variables.tf +++ b/terraform/byo-vpc/byo-db/variables.tf @@ -74,7 +74,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.37.0") + image = optional(string, "fleetdm/fleet:v4.38.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/byo-vpc/example/main.tf b/terraform/byo-vpc/example/main.tf index f77c659385ba..03077d2911a2 100644 --- a/terraform/byo-vpc/example/main.tf +++ b/terraform/byo-vpc/example/main.tf @@ -17,7 +17,7 @@ provider "aws" { } locals { - fleet_image = "fleetdm/fleet:v4.37.0" + fleet_image = "fleetdm/fleet:v4.38.0" } resource "random_pet" "main" {} diff --git a/terraform/byo-vpc/variables.tf b/terraform/byo-vpc/variables.tf index 3f2c12870455..3ba456b293a5 100644 --- a/terraform/byo-vpc/variables.tf +++ b/terraform/byo-vpc/variables.tf @@ -163,7 +163,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.37.0") + image = optional(string, "fleetdm/fleet:v4.38.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/example/main.tf b/terraform/example/main.tf index 24029fa7d979..b9f0bd1ba6fc 100644 --- a/terraform/example/main.tf +++ b/terraform/example/main.tf @@ -73,7 +73,7 @@ module "vulnprocessing" { ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.cluster.cluster_arn vpc_id = module.main.vpc.vpc_id fleet_config = { - image = "fleetdm/fleet:v4.37.0" + image = "fleetdm/fleet:v4.38.0" database = { password_secret_arn = module.main.byo-vpc.secrets.secret_arns["${var.rds_config.name}-database-password"] user = module.main.byo-vpc.rds.db_instance_username diff --git a/terraform/variables.tf b/terraform/variables.tf index af4ef6103b0c..e102c4b339cc 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -215,7 +215,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.37.0") + image = optional(string, "fleetdm/fleet:v4.38.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/tools/fleetctl-npm/package.json b/tools/fleetctl-npm/package.json index d40111753bca..da38159b8fbe 100644 --- a/tools/fleetctl-npm/package.json +++ b/tools/fleetctl-npm/package.json @@ -1,6 +1,6 @@ { "name": "fleetctl", - "version": "v4.37.0", + "version": "v4.38.0", "description": "Installer for the fleetctl CLI tool", "bin": { "fleetctl": "./run.js"