v4.0.1

Changes

• Fix an issue in which migrations failed on MariaDB MySQL.

• Allow http to be used when configuring fleetctl for localhost.

• Fix a bug in which Team information was missing for hosts looked up by Label.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/4.0.1/docs/README.md

Binary Checksum

SHA256

1ec91724b224bd2d73b8909d3783f773acf135e6aa4f0f83c83dece3b4dd857b  fleetctl_v4.0.1_windows.zip
25c9c6e28f25962bd95e890594592d9642f209593c6649bd9de1ca2fb4619713  fleetctl_v4.0.1_macos.zip
63318adf2b6ae4fc3c9a88320da995cffffc48f7e9e0c3ac30fb7a0aa4b49064  fleetctl_v4.0.1_windows.tar.gz
7b854e37fb548a8130eacd45e7e3ba7b1b9fd4f226bb34d9de72cf56078d78cb  fleet_v4.0.1_macos.tar.gz
9e1688e8c14c70c4897454129a60f33b8dcd49177536754e2bdfbfc2b5b91429  fleetctl_v4.0.1_linux.tar.gz
9fc647796dafc64a6c04e47564c20b3931c4833ffaf2d98c8fbf276ab2ba7a62  fleet_v4.0.1_linux.tar.gz
b7a0faf0a8719954dc444151c777c61d6c099a7642e9e14e5208f4f5f7335d8f  fleetctl_v4.0.1_macos.tar.gz
decfc28652a4fd1612760abb9d0666ffadd4cc5af3662e412499bc20d0eaeb64  fleetctl_v4.0.1_linux.zip
ed0bc2d69cc5a398a9b26f67cbd70941ed87e1bc11ba744b2e0e7532f563278b  fleet_v4.0.1_windows.zip

Docker images

• docker pull fleetdm/fleetctl:v4.0.1
• docker pull fleetdm/fleetctl:v4.0.1
• docker pull fleetdm/fleetctl:v4
• docker pull fleetdm/fleet:v4.0.1
• docker pull fleetdm/fleet:v4.0.1
• docker pull fleetdm/fleet:v4

v4.0.0

Changes

The primary additions in Fleet 4.0.0 are the new Role-based access control (RBAC) and Teams features.

RBAC adds the ability to define a user's access to features in Fleet. This way, more individuals in an organization can utilize Fleet with appropriate levels of access.

• Check out the permissions documentation for a breakdown of the new user roles.

Teams adds the ability to separate hosts into exclusive groups. This way, users can easily act on consistent groups of hosts.

• Read more about the Teams feature in the documentation here.

New features breakdown

• Add ability to define a user's access to features in Fleet by introducing the Admin, Maintainer, and Observer roles. Available in Fleet Core.

• Add ability to separate hosts into exclusive groups with the Teams feature. The Teams feature is available for Fleet Basic customers. Check out the list below for the new functionality included with Teams:

• Teams: Add ability to enroll hosts to one team using team specific enroll secrets.

• Teams: Add ability to manually transfer hosts to a different team in the Fleet UI.

• Teams: Add ability to apply unique agent options to each team. Note that "osquery options" have been renamed to "agent options."

• Teams: Add ability to grant users access to one or more teams. This allows you to define a user's access to specific groups of hosts in Fleet.

• Add ability to create an API-only user. API-only users cannot access the Fleet UI. These users can access all Fleet API endpoints and fleetctl features. Available in Fleet Core.

• Add Redis cluster support. Available in Fleet Core.

• Fix a bug that prevented the columns chosen for the "Hosts" table from persisting after logging out of Fleet.

Breaking changes

Fleet 4.0.0 is a major release and introduces several breaking changes and database migrations. The following sections call out changes to consider when upgrading to Fleet 4.0.0:

• The structure of Fleet's .tar.gz and .zip release archives have changed slightly. Deployments that use the binary artifacts may need to update scripts or tooling. The fleetdm/fleet Docker container maintains the same API.

• The username artifact has been removed in favor of the more recognizable name (Full name). As a result, users can no longer log in with the username artifact and must instead use the email artifact. In addition, SAML SSO users may need to update their username mapping to match user emails (a common SAML property for this mapping is NameID). Note that upon upgrading to Fleet 4.0.0, existing users will have the name field populated with username.

• Use strictly fleet in Fleet's configuration, API routes, and environment variables. Users must update all usage of kolide in these items (deprecated since Fleet 3.8.0).

• Change your SAML SSO URI to use fleet instead of kolide. This is due to the changes to Fleet's API routes outlined in the section above.

• Change configuration option server_tlsprofile to server_tls_compatibility. This option previously had an inconsistent key name.

• Replace the use of the api/v1/fleet/spec/osquery/options with api/v1/fleet/config. In Fleet 4.0.0, "osquery options" are now called "agent options." The new agent options are moved to the Fleet application config spec file and the api/v1/fleet/config API endpoint. In addition, the options yaml document has been removed. Agent options can now be configured using the agent_options key in the config yaml document.

• Enroll secrets no longer have "names" and are now either global or for a specific team. Hosts no longer store the “name” of the enroll secret that was used. Users that want to be able to segment hosts (for configuration, queries, etc.) based on the enrollment secret should use the Teams feature in Fleet Premium.

• JWT encoding is no longer used for session keys. Sessions now default to expiring in 4 hours of inactivity. auth_jwt_key and auth_jwt_key_file are no longer accepted as configuration.

• As of Fleet 4.0.0, Fleet Device Management Inc. periodically collects anonymous information about your instance. Sending usage statistics is turned off by default for users upgrading from a previous version of Fleet. Read more about the exact information collected here.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/v4.0.0/docs/README.md

Binary Checksum

SHA256

06ac4b3842630147308cde2db5cf7cb6148f8eebd42aeaf1adbb3dc923307b47  fleet_v4.0.0_macos.tar.gz
1d0d1554c263bfec7910ce517d0e2d569d044beead86047100de0cb19a5d6991  fleetctl_v4.0.0_macos.tar.gz
27bede60f2dfa5130c37e697dc6f1ba95031a10dabd90690ec3bebc3481fde11  fleetctl_v4.0.0_linux.tar.gz
297f98211dc4aad297dec1c5fbe0e19e32c1dcb8502f6b7bdbd9052d2346e5cf  fleetctl_v4.0.0_windows.tar.gz
4234921c3b2543c03c18656a07899d7f68223ebf4a2262d38e76354a458a2da1  fleet_v4.0.0_windows.zip
7ce013a33e17d800756f001962a74720c7e47fb057f1f32cd37171b7e2dada74  fleetctl_v4.0.0_macos.zip
9131394e823bc63893a190f91181024e69f82a6af82ac423ff221e9f93b3dbf7  fleet_v4.0.0_linux.tar.gz
de1ec4c8652da0542f2abb990b41afacca7f44f59d17e8253e6f10ffe40ec423  fleetctl_v4.0.0_linux.zip
f44ec77ca0db1546824b8064eedeccf88a94ed9215a6761e8aef55f701952df3  fleetctl_v4.0.0_windows.zip

Docker images

• docker pull fleetdm/fleetctl:v4.0.0
• docker pull fleetdm/fleetctl:v4.0.0
• docker pull fleetdm/fleetctl:v4
• docker pull fleetdm/fleet:v4.0.0
• docker pull fleetdm/fleet:v4.0.0
• docker pull fleetdm/fleet:v4

v4.0.0-rc3

Docker images

• docker pull fleetdm/fleetctl:v4.0.0-rc3
• docker pull fleetdm/fleetctl:v4.0.0-rc3
• docker pull fleetdm/fleetctl:v4
• docker pull fleetdm/fleet:v4.0.0-rc3
• docker pull fleetdm/fleet:v4.0.0-rc3
• docker pull fleetdm/fleet:v4

v4.0.0-rc2

Changes

The primary additions in Fleet 4.0.0 are the new Role-based access control (RBAC) and Teams features.

RBAC adds the ability to define a user's access to features in Fleet. This way, more individuals in an organization can utilize Fleet with appropriate levels of access.

• Check out the permissions documentation for a breakdown of the new user roles.

Teams adds the ability to separate hosts into exclusive groups. This way, users can easily act on consistent groups of hosts.

• Read more about the Teams feature in the documentation here.

New features breakdown

• Add ability to define a user's access to features in Fleet by introducing the Admin, Maintainer, and Observer roles. Available in Fleet Core.

• Add ability to separate hosts into exclusive groups with the Teams feature. The Teams feature is available for Fleet Basic customers. Check out the list below for the new functionality included with Teams:

• Teams: Add ability to enroll hosts to one team using team specific enroll secrets.

• Teams: Add ability to manually transfer hosts to a different team in the Fleet UI.

• Teams: Add ability to apply unique agent options to each team. Note that "osquery options" have been renamed to "agent options."

• Teams: Add ability to grant users access to one or more teams. This allows you to define a user's access to specific groups of hosts in Fleet.

• Add ability to create an API-only user. API-only users cannot access the Fleet UI. These users can access all Fleet API endpoints and fleetctl features. Available in Fleet Core.

• Add Redis cluster support. Available in Fleet Core.

• Fix a bug that prevented the columns chosen for the "Hosts" table from persisting after logging out of Fleet.

Upgrade plan

Fleet 4.0.0 is a major release and introduces several breaking changes and database migrations.

• Use strictly fleet in Fleet's configuration, API routes, and environment variables. Users must update all usage of kolide in these items (deprecated since Fleet 3.8.0).

• Change configuration option server_tlsprofile to server_tls_compatability. This option previously had an inconsistent key name.

• Replace the use of the api/v1/fleet/spec/osquery/options with api/v1/fleet/config. In Fleet 4.0.0, "osquery options" are now called "agent options." The new agent options are moved to the Fleet application config spec file and the api/v1/fleet/config API endpoint.

• Enroll secrets no longer have "names" and are now either global or for a specific team. Hosts no longer store the “name” of the enroll secret that was used. Users that want to be able to segment hosts (for configuration, queries, etc.) based on the enrollment secret should use the Teams feature in Fleet Basic.

• auth_jwt_key and auth_jwt_key_file are no longer accepted as configuration.

• JWT encoding is no longer used for session keys. Sessions now default to expiring in 4 hours of inactivity.

Known issues

There are currently no known issues in this release. However, we recommend only upgrading to Fleet 4.0.0-rc2 for testing purposes. Please file a GitHub issue for any issues discovered when testing Fleet 4.0.0!

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/v4.0.0-rc2/docs/README.md

Binary Checksum

SHA256

33f8ae90fa0f508200f632516374226cfc6485112ca1982390b52fb9f611fbbb  fleet.zip
dbacbc93048e00676ea9986ed9a1f5697f965e3bec5d988b64c3f4ae53ff54b4  fleetctl.exe.zip
9d6be11444a0e2d9170b690aba969afdfef3782fd4defaa030812c10af492e6f  fleetctl-macos.tar.gz
7107330a59dd413769a4bb476495e98b55068b2f46f99813450a1ad9991a34d1  fleetctl-windows.tar.gz
7a3b9d6eebf48fd9862785dd6c42391a37bb955ca108c39dde802dce096d67e1  fleetctl-linux.tar.gz

v4.0.0-rc1

Changes

The primary additions in Fleet 4.0.0 are the new Role-based access control (RBAC) and Teams features.

RBAC adds the ability to define a user's access to information and features in Fleet. This way, more individuals in an organization can utilize Fleet with appropriate levels of access. Check out the permissions documentation for a breakdown of the new user roles and their respective capabilities.

Teams adds the ability to separate hosts into exclusive groups. This way, users can easily observe and apply operations to consistent groups of hosts. Read more about the Teams feature in the documentation here.

There are several known issues that will be fixed for the stable release of Fleet 4.0.0. Therefore, we recommend only upgrading to Fleet 4.0.0 RC1 for testing purposes. Please file a GitHub issue for any issues discovered when testing Fleet 4.0.0!

New features breakdown

• Add ability to define a user's access to information and features in Fleet by introducing the Admin, Maintainer, and Observer roles.

• Add ability to separate hosts into exclusive groups with the Teams feature. The Teams feature is available for Fleet Basic customers. Check out the list below for the new functionality included with Teams:

• Add ability to enroll hosts to one team using team specific enroll secrets.

• Add ability to manually transfer hosts to a different team in the Fleet UI.

• Add ability to apply unique agent options to each team. Note that "osquery options" have been renamed to "agent options."

• Add ability to grant users access to one or more teams. This allows you to define a user's access to specific groups of hosts in Fleet.

Upgrade plan

Fleet 4.0.0 is a major release and introduces several breaking changes and database migrations.

• Use strictly fleet in Fleet's configuration, API routes, and environment variables. This means that you must update all usage of kolide in these items. The backwards compatibility introduced in Fleet 3.8.0 is no longer valid in Fleet 4.0.0.

• Change configuration option server_tlsprofile to server_tls_compatability. This options previously had an inconsistent key name.

• Replace the use of the api/v1/fleet/spec/osquery/options with api/v1/fleet/config. In Fleet 4.0.0, "osquery options" are now called "agent options." The new agent options are moved to the Fleet application config spec file and the api/v1/fleet/config API endpoint.

• Enroll secrets no longer have "names" and are now either global or for a specific team. Hosts no longer store the “name” of the enroll secret that was used. Users that want to be able to segment hosts (for configuration, queries, etc.) based on the enrollment secret should use the Teams feature in Fleet Basic.

• auth_jwt_key and auth_jwt_key_file are no longer accepted as configuration.

• JWT encoding is no longer used for session keys. Sessions now default to expiring in 4 hours of inactivity.

Known issues

• Query packs cannot be targeted to teams.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/v4.0.0-rc1/docs/README.md

Binary Checksum

SHA256

9e6e4db4fdb9e43e43235a0b2ad505bf03883394efd80af192e546cfcf3b3d1e  fleet.zip
bdc8aa4d62fc10777cdc34a9104a9e5ff69235179f4945393aa9580769770c19  fleetctl.exe.zip
350cc1b11b2b747714f80469b9c7cde6a3d6abae9db64530ee2194e82ad83208  fleetctl-macos.tar.gz
543c5365716f08545ead4a0b07563eb3788d38ff7a54afc7c86b5f4f36694e0e  fleetctl-windows.tar.gz
409baadf4b263625124695835df12d4743c1b673e24353c77b51da6b9e2209a4  fleetctl-linux.tar.gz

3.13.0

Changes

• Improve performance of the additional_queries feature by moving additional query results into a separate table in the MySQL database. Please note that the /api/v1/fleet/hosts API endpoint now return only the requested additional columns. Checkout the Fleet REST API documentation to see the changes to the hosts API endpoint here.

• Fix a bug in which running a live query in the Fleet UI would return no results and the query would seem "hung" on a small number of devices.

• Improve viewing live query errors in the Fleet UI by including the “Errors” table in the full screen view.

• Improve fleetctl preview experience by adding the fleetctl preview reset and fleetctl preview stop commands to reset and stop simulated hosts running in Docker.

• Add several improvements to the Fleet UI including additional contrast on checkboxes and dropdown pills.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.13.0/docs/README.md

Binary Checksum

SHA256

bf45ce36d8885ceb2d061d0ee268ebe0b095722f8e211c523676907d2b9920cb  fleet.zip
4dbe9e44b04846a5cda3621e81a52f8ae85edea65eebc962937d430416c9756a  fleetctl.exe.zip
a23a0ae87961638614eb7b08fbed4b9aa5db3cb926481f78e9d3227f7e1fc717  fleetctl-macos.tar.gz
1db2aa985a3ec0f65ccd88b2ab6e8fdc9607f27adb87b22d268e604841601763  fleetctl-windows.tar.gz
1714f8bd93accf2d632fbd222fa7c9ebc02b4f487c7accc231f895503191ada5  fleetctl-linux.tar.gz

3.12.0

Changes

• Add scheduled queries to the Host details page. Surface the "Name", "Description", "Frequency", and "Last run" information for each query in a pack that apply to a specific host.

• Improve the freshness of host vitals by adding the ability to "refetch" the data on the Host details page.

• Add ability to copy log fields into Google Cloud Pub/Sub attributes. This allows users to use these values for subscription filters.

• Add ability to duplicate live query results in Redis. When the redis_duplicate_results configuration option is set to true, all live query results will be copied to an additional Redis Pub/Sub channel named LQDuplicate.

• Add ability to controls the server-side HTTP keepalive property. Turning off keepalives has helped reduce outstanding TCP connections in some deployments.

• Fix an issue on the Packs page in which Fleet would incorrectly handle the configured server_url_prefix.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.12.0/docs/README.md

Binary Checksum

SHA256

d444840cb2560a689512482e1602f27eefafa041fdaad9a2e56c792aa2d636c1  fleet.zip
d45b95b7cde221792dd2493ba56be70aa9269eda016147a904ba7f9ebe898677  fleetctl.exe.zip
bc3b2487d0f9e55d1bfd2726d61f3b8ed6c16fe8b3fe1d05cca7f693d8631e18  fleetctl-macos.tar.gz
5dc5d900b0ac4cc45ee66177894595686098aeac00f292545482dc7077b49381  fleetctl-windows.tar.gz
e2bb6f97c6758bba0e4f314d7da7067c5f54617d406bcd5ee82bc78c4961a4d9  fleetctl-linux.tar.gz

3.11.0

Changes

• Improve Fleet performance by batch updating host seen time instead of updating synchronously. This improvement reduces MySQL CPU usage by ~33% with 4,000 simulated hosts and MySQL running in Docker.

• Add support for software inventory, introducing a list of installed software items on each host's respective Host details page. This feature is flagged off by default (for now). Check out the feature flag documentation for instructions on how to turn this feature on.

• Add Windows support for fleetctl agent autoupdates. The fleetctl updates command provides the ability to self-manage an agent update server. Available for Fleet Basic customers.

• Make running common queries more convenient by adding the ability to select a saved query directly from a host's respective Host details page.

• Fix an issue on the Query page in which Fleet would override the CMD + L browser hotkey.

• Fix an issue in which a host would display an unreasonable time in the "Last fetched" column.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.11.0/docs/README.md

Binary Checksum

SHA256

b0dc06c137cce0386b8fabde34da3ad63321991edbaca252e986bfae8fc53d9a  fleet.zip
05b212fe4bee3e4a4b2374ec930d21c22d68708b95c89988e094f4852f43c0d6  fleetctl.exe.zip
be79e12ba2cd2a7b7bb4e0485662cb0b87fd0ed5a32e6dc779b0e2672d993433  fleetctl-macos.tar.gz
ff5da49fa62c3e4d6131da3e0ae02af22f51122fda1446e020dcf0b3198ee520  fleetctl-windows.tar.gz
6d56cb93de747eb91916b85d857bbeebaea6fe7c2b50d04a7104267358a18102  fleetctl-linux.tar.gz

3.10.1

Changes

• Fix a frontend bug that prevented the "Pack" page and "Edit pack" page from rendering in the Fleet UI. This issue occurred when the platform key, in the requested pack's configuration, was set to any value other than darwin, linux, windows, or all.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.10.1/docs/README.md

Binary Checksum

SHA256

674106ae4971be40c83d14244ef7e420317c895936fddc1990e8395d50e9a1d3  fleet.zip
8dda58549dc887237bc5c0a7ca6fdf9834cc56d8a140c925c442df83b4c0b16a  fleetctl.exe.zip
6cf1672332e7ae60a406a70c35a9806e2007a511c03b2f82cbfc77c1feb1cdfe  fleetctl-macos.tar.gz
179e8c99831441cf5f27031f9457c9d0d36e1b55bfebc0e0347b4e89721cd7ce  fleetctl-windows.tar.gz
4300ea09aeb122fef837e1957b92d3491e6637bf5fbddebfa8e7c558f044a427  fleetctl-linux.tar.gz

Note

3.10.1 unintentionally included image assets that are unused in the Fleet application, resulting in larger-than-normal binaries.

3.10.0

Changes

• Add fleetctl agent auto-updates beta which introduces the ability to self-manage an agent update server. Available for Fleet Premium customers.

• Add option for Identity Provider-Initiated (IdP-initiated) Single Sign-On (SSO).

• Improve logging. All errors are logged regardless of log level, some non-errors are logged regardless of log level (agent enrollments, runs of live queries etc.), and all other non-errors are logged on debug level.

• Improve login resilience by adding rate-limiting to login and password reset attempts and preventing user enumeration.

• Add Fleet version and Go version in the My Account page of the Fleet UI.

• Improvements to fleetctl preview that ensure the latest version of Fleet is fired up on every run. In addition, the Fleet UI is now accessible without having to click through browser security warning messages.

• Prefer storing IPv4 addresses for host details.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.10.0/docs/README.md

Binary Checksum

SHA256

a71e6c6b30adde4464efb6484290575dad5a29ba09cf069581c7ec33778360eb  fleet.zip
3acf9b7fbccf119842df5d2671cd3d9d1bac977a75f41f4ab5a60161deb7303b  fleetctl.exe.zip
df676cb2a916b39c3ab009fcddae87117a319a5fce12c58b7112e5647cf9026d  fleetctl-macos.tar.gz
153024a1e00dd9b99a24ad9f2f93dd1794900ba7a9f23125fe5a2f369ec7c69f  fleetctl-windows.tar.gz
e26d4ddae2107c10b3870ef38666fad071cbc58735c944a553a136b93564af1d  fleetctl-linux.tar.gz