Skip to content

fleet-v4.40.0
Compare
Choose a tag to compare
@github-actions github-actions released this 07 Nov 00:21
· 2353 commits to main since this release
fleet-v4.40.0
8dbe690
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changes

  • Endpoint operations:

    • New tables added to the fleetd extension: app_icons, falconctl_options, falcon_kernel_check, cryptoinfo, cryptsetup_status, filevault_status, firefox_preferences, firmwarepasswd, ioreg, and windows_updates.
    • CIS support for Windows 10 is updated to the lates CIS document CIS_Microsoft_Windows_10_Enterprise_Benchmark_v2.0.0.

  • Device management (MDM):

    • Introduced support for MS-MDM management protocol.
    • Added a host detail query for Windows hosts to ingest MDM device id and updated the Windows MDM device enrollment flow.
    • Implemented --context and --debug flags for fleetctl mdm run-command.
    • Support added for fleetctl mdm run-command on Windows hosts.
    • macOS hosts with MDM features via SSO can now run sudo profiles renew --type enrollment.
    • Introduced GET mdm/commandresults endpoint to retrieve MDM command results for Windows and macOS.
    • fleetctl get mdm-command-results now uses the new above endpoint.
    • Added POST /fleet/mdm/commands/run platform-agnostic endpoint for MDM commands.
    • Introduced API for recent Windows MDM commands via fleetctl and the API.

  • Vulnerability management:

    • Added vulnerability data support for JetBrains apps with similar names (e.g., IntelliJ IDEA.app vs. IntelliJ IDEA Ultimate.app).
    • Apple Rapid Security Response version added to macOS host details (requires osquery v5.9.1 on macOS devices).
    • For ChromeOS hosts, software now includes chrome extensions.
    • Updated vulnerability processing to omit software without versions.
    • Resolved false positives in vulnerabilities for Chrome and Firefox extensions.

  • UI improvements:

    • Fleet tables in UI reset rows upon filter/search/page changes.
    • Improved handling when deleting a large number of hosts; operations now continue in the background after 30 seconds.
    • Added the ability for Observers and Observer+ to view policy resolutions.
    • Improved app settings clarity for premium users regarding usage statistics.
    • UI buttons for live queries or policies are now disabled with a tooltip if live queries are globally turned off.
    • Observers and observer+ can now run existing policies in the UI.

Bug fixes and improvements

  • REST API:

    • Overhauled REST API input validation for several endpoints (hosts, carves, users).
    • Validation error status codes switched from 500 to 400 for clarity.
    • Numerous new validations added for policy details, os_name/version, etc.
    • Addressed issues in /fleet/sso and /mdm/apple/enqueue endpoints.
    • Updated response codes for several other endpoints for clearer error handling.

  • Logging and debugging:

    • Updated Apple Business Manager terms logging behavior.
    • Refined the copy of the ABM terms banner for better clarity.
    • Addressed a false positive CVE detection on the certifi python package.
    • Fixed a logging issue with Fleet's Cloudflare WARP software version ingestion for Windows.

  • UI fixes:

    • Addressed UI bugs for the "Turn off MDM" action display and issues with the host details page's banners.
    • Fixed narrow viewport EULA display issue on the Windows TOS page.
    • Rectified team dropdown value issues and ensured consistent help text across query and policy creation forms.
    • Fixed issues when applying config changes without MDM features enabled.

  • Others:

    • Removed the capability for Premium customers to disable usage statistics. Further information provided in the Fleet documentation.
    • Retired creating OS policies from host OSes in the UI.
    • Addressed issues in Live Queries with the POST /fleet/queries/run endpoint.
    • Introduced database migrations for Windows MDM command tables.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

2188bd5d301fae70ecaf39f43ed3fa41216924d3e6dcd9e753c0664283addbf5  fleetctl_v4.40.0_macos.zip
2d2a0c97e0c360bdc77e38097a06861512191c07d1adbdf98dd7690dec503b33  fleet_v4.40.0_linux.tar.gz
55754107b9be9f8d3b5d5fc7daf2dcb2196cefb071408857d9ea215080e56dbc  fleetctl_v4.40.0_linux.zip
6537ad561dd1e82b1ea5345677576ecf2593d7604977514df519feee2226d2ee  fleetctl_v4.40.0_linux.tar.gz
ae34af952e470c1dd84f2149d7e20cf8bbe7269e2e466beef2ded584c9701a7b  fleetctl_v4.40.0_windows.zip
d725be4371f0c6efa5d9e6f7749f599afda97fc6222b2a9ec3da6b055526e7b4  fleetctl_v4.40.0_macos.tar.gz
f32d4ef6eefd252d0a83f0b79d0e1d15022670ab9c1ea2abf1cfb7e93761164f  fleetctl_v4.40.0_windows.tar.gz
Assets 10