Releases: fleetdm/fleet
v4.0.1
Changes
-
Fix an issue in which migrations failed on MariaDB MySQL.
-
Allow
http
to be used when configuringfleetctl
forlocalhost
. -
Fix a bug in which Team information was missing for hosts looked up by Label.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/4.0.1/docs/README.md
Binary Checksum
SHA256
1ec91724b224bd2d73b8909d3783f773acf135e6aa4f0f83c83dece3b4dd857b fleetctl_v4.0.1_windows.zip
25c9c6e28f25962bd95e890594592d9642f209593c6649bd9de1ca2fb4619713 fleetctl_v4.0.1_macos.zip
63318adf2b6ae4fc3c9a88320da995cffffc48f7e9e0c3ac30fb7a0aa4b49064 fleetctl_v4.0.1_windows.tar.gz
7b854e37fb548a8130eacd45e7e3ba7b1b9fd4f226bb34d9de72cf56078d78cb fleet_v4.0.1_macos.tar.gz
9e1688e8c14c70c4897454129a60f33b8dcd49177536754e2bdfbfc2b5b91429 fleetctl_v4.0.1_linux.tar.gz
9fc647796dafc64a6c04e47564c20b3931c4833ffaf2d98c8fbf276ab2ba7a62 fleet_v4.0.1_linux.tar.gz
b7a0faf0a8719954dc444151c777c61d6c099a7642e9e14e5208f4f5f7335d8f fleetctl_v4.0.1_macos.tar.gz
decfc28652a4fd1612760abb9d0666ffadd4cc5af3662e412499bc20d0eaeb64 fleetctl_v4.0.1_linux.zip
ed0bc2d69cc5a398a9b26f67cbd70941ed87e1bc11ba744b2e0e7532f563278b fleet_v4.0.1_windows.zip
Docker images
docker pull fleetdm/fleetctl:v4.0.1
docker pull fleetdm/fleetctl:v4.0.1
docker pull fleetdm/fleetctl:v4
docker pull fleetdm/fleet:v4.0.1
docker pull fleetdm/fleet:v4.0.1
docker pull fleetdm/fleet:v4
v4.0.0
Changes
The primary additions in Fleet 4.0.0 are the new Role-based access control (RBAC) and Teams features.
RBAC adds the ability to define a user's access to features in Fleet. This way, more individuals in an organization can utilize Fleet with appropriate levels of access.
- Check out the permissions documentation for a breakdown of the new user roles.
Teams adds the ability to separate hosts into exclusive groups. This way, users can easily act on consistent groups of hosts.
- Read more about the Teams feature in the documentation here.
New features breakdown
-
Add ability to define a user's access to features in Fleet by introducing the Admin, Maintainer, and Observer roles. Available in Fleet Core.
-
Add ability to separate hosts into exclusive groups with the Teams feature. The Teams feature is available for Fleet Basic customers. Check out the list below for the new functionality included with Teams:
-
Teams: Add ability to enroll hosts to one team using team specific enroll secrets.
-
Teams: Add ability to manually transfer hosts to a different team in the Fleet UI.
-
Teams: Add ability to apply unique agent options to each team. Note that "osquery options" have been renamed to "agent options."
-
Teams: Add ability to grant users access to one or more teams. This allows you to define a user's access to specific groups of hosts in Fleet.
-
Add ability to create an API-only user. API-only users cannot access the Fleet UI. These users can access all Fleet API endpoints and
fleetctl
features. Available in Fleet Core. -
Add Redis cluster support. Available in Fleet Core.
-
Fix a bug that prevented the columns chosen for the "Hosts" table from persisting after logging out of Fleet.
Breaking changes
Fleet 4.0.0 is a major release and introduces several breaking changes and database migrations. The following sections call out changes to consider when upgrading to Fleet 4.0.0:
-
The structure of Fleet's
.tar.gz
and.zip
release archives have changed slightly. Deployments that use the binary artifacts may need to update scripts or tooling. Thefleetdm/fleet
Docker container maintains the same API. -
The
username
artifact has been removed in favor of the more recognizablename
(Full name). As a result, users can no longer log in with theusername
artifact and must instead use theemail
artifact. In addition, SAML SSO users may need to update their username mapping to match user emails (a common SAML property for this mapping isNameID
). Note that upon upgrading to Fleet 4.0.0, existing users will have thename
field populated withusername
. -
Use strictly
fleet
in Fleet's configuration, API routes, and environment variables. Users must update all usage ofkolide
in these items (deprecated since Fleet 3.8.0). -
Change your SAML SSO URI to use fleet instead of kolide. This is due to the changes to Fleet's API routes outlined in the section above.
-
Change configuration option
server_tlsprofile
toserver_tls_compatibility
. This option previously had an inconsistent key name. -
Replace the use of the
api/v1/fleet/spec/osquery/options
withapi/v1/fleet/config
. In Fleet 4.0.0, "osquery options" are now called "agent options." The new agent options are moved to the Fleet application config spec file and theapi/v1/fleet/config
API endpoint. In addition, theoptions
yaml document has been removed. Agent options can now be configured using theagent_options
key in theconfig
yaml document. -
Enroll secrets no longer have "names" and are now either global or for a specific team. Hosts no longer store the “name” of the enroll secret that was used. Users that want to be able to segment hosts (for configuration, queries, etc.) based on the enrollment secret should use the Teams feature in Fleet Premium.
-
JWT encoding is no longer used for session keys. Sessions now default to expiring in 4 hours of inactivity.
auth_jwt_key
andauth_jwt_key_file
are no longer accepted as configuration. -
As of Fleet 4.0.0, Fleet Device Management Inc. periodically collects anonymous information about your instance. Sending usage statistics is turned off by default for users upgrading from a previous version of Fleet. Read more about the exact information collected here.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/v4.0.0/docs/README.md
Binary Checksum
SHA256
06ac4b3842630147308cde2db5cf7cb6148f8eebd42aeaf1adbb3dc923307b47 fleet_v4.0.0_macos.tar.gz
1d0d1554c263bfec7910ce517d0e2d569d044beead86047100de0cb19a5d6991 fleetctl_v4.0.0_macos.tar.gz
27bede60f2dfa5130c37e697dc6f1ba95031a10dabd90690ec3bebc3481fde11 fleetctl_v4.0.0_linux.tar.gz
297f98211dc4aad297dec1c5fbe0e19e32c1dcb8502f6b7bdbd9052d2346e5cf fleetctl_v4.0.0_windows.tar.gz
4234921c3b2543c03c18656a07899d7f68223ebf4a2262d38e76354a458a2da1 fleet_v4.0.0_windows.zip
7ce013a33e17d800756f001962a74720c7e47fb057f1f32cd37171b7e2dada74 fleetctl_v4.0.0_macos.zip
9131394e823bc63893a190f91181024e69f82a6af82ac423ff221e9f93b3dbf7 fleet_v4.0.0_linux.tar.gz
de1ec4c8652da0542f2abb990b41afacca7f44f59d17e8253e6f10ffe40ec423 fleetctl_v4.0.0_linux.zip
f44ec77ca0db1546824b8064eedeccf88a94ed9215a6761e8aef55f701952df3 fleetctl_v4.0.0_windows.zip
Docker images
docker pull fleetdm/fleetctl:v4.0.0
docker pull fleetdm/fleetctl:v4.0.0
docker pull fleetdm/fleetctl:v4
docker pull fleetdm/fleet:v4.0.0
docker pull fleetdm/fleet:v4.0.0
docker pull fleetdm/fleet:v4
v4.0.0-rc3
Docker images
docker pull fleetdm/fleetctl:v4.0.0-rc3
docker pull fleetdm/fleetctl:v4.0.0-rc3
docker pull fleetdm/fleetctl:v4
docker pull fleetdm/fleet:v4.0.0-rc3
docker pull fleetdm/fleet:v4.0.0-rc3
docker pull fleetdm/fleet:v4
v4.0.0-rc2
Changes
The primary additions in Fleet 4.0.0 are the new Role-based access control (RBAC) and Teams features.
RBAC adds the ability to define a user's access to features in Fleet. This way, more individuals in an organization can utilize Fleet with appropriate levels of access.
- Check out the permissions documentation for a breakdown of the new user roles.
Teams adds the ability to separate hosts into exclusive groups. This way, users can easily act on consistent groups of hosts.
- Read more about the Teams feature in the documentation here.
New features breakdown
-
Add ability to define a user's access to features in Fleet by introducing the Admin, Maintainer, and Observer roles. Available in Fleet Core.
-
Add ability to separate hosts into exclusive groups with the Teams feature. The Teams feature is available for Fleet Basic customers. Check out the list below for the new functionality included with Teams:
-
Teams: Add ability to enroll hosts to one team using team specific enroll secrets.
-
Teams: Add ability to manually transfer hosts to a different team in the Fleet UI.
-
Teams: Add ability to apply unique agent options to each team. Note that "osquery options" have been renamed to "agent options."
-
Teams: Add ability to grant users access to one or more teams. This allows you to define a user's access to specific groups of hosts in Fleet.
-
Add ability to create an API-only user. API-only users cannot access the Fleet UI. These users can access all Fleet API endpoints and
fleetctl
features. Available in Fleet Core. -
Add Redis cluster support. Available in Fleet Core.
-
Fix a bug that prevented the columns chosen for the "Hosts" table from persisting after logging out of Fleet.
Upgrade plan
Fleet 4.0.0 is a major release and introduces several breaking changes and database migrations.
-
Use strictly
fleet
in Fleet's configuration, API routes, and environment variables. Users must update all usage ofkolide
in these items (deprecated since Fleet 3.8.0). -
Change configuration option
server_tlsprofile
toserver_tls_compatability
. This option previously had an inconsistent key name. -
Replace the use of the
api/v1/fleet/spec/osquery/options
withapi/v1/fleet/config
. In Fleet 4.0.0, "osquery options" are now called "agent options." The new agent options are moved to the Fleet application config spec file and theapi/v1/fleet/config
API endpoint. -
Enroll secrets no longer have "names" and are now either global or for a specific team. Hosts no longer store the “name” of the enroll secret that was used. Users that want to be able to segment hosts (for configuration, queries, etc.) based on the enrollment secret should use the Teams feature in Fleet Basic.
-
auth_jwt_key
andauth_jwt_key_file
are no longer accepted as configuration. -
JWT encoding is no longer used for session keys. Sessions now default to expiring in 4 hours of inactivity.
Known issues
There are currently no known issues in this release. However, we recommend only upgrading to Fleet 4.0.0-rc2 for testing purposes. Please file a GitHub issue for any issues discovered when testing Fleet 4.0.0!
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/v4.0.0-rc2/docs/README.md
Binary Checksum
SHA256
33f8ae90fa0f508200f632516374226cfc6485112ca1982390b52fb9f611fbbb fleet.zip
dbacbc93048e00676ea9986ed9a1f5697f965e3bec5d988b64c3f4ae53ff54b4 fleetctl.exe.zip
9d6be11444a0e2d9170b690aba969afdfef3782fd4defaa030812c10af492e6f fleetctl-macos.tar.gz
7107330a59dd413769a4bb476495e98b55068b2f46f99813450a1ad9991a34d1 fleetctl-windows.tar.gz
7a3b9d6eebf48fd9862785dd6c42391a37bb955ca108c39dde802dce096d67e1 fleetctl-linux.tar.gz
v4.0.0-rc1
Changes
The primary additions in Fleet 4.0.0 are the new Role-based access control (RBAC) and Teams features.
RBAC adds the ability to define a user's access to information and features in Fleet. This way, more individuals in an organization can utilize Fleet with appropriate levels of access. Check out the permissions documentation for a breakdown of the new user roles and their respective capabilities.
Teams adds the ability to separate hosts into exclusive groups. This way, users can easily observe and apply operations to consistent groups of hosts. Read more about the Teams feature in the documentation here.
There are several known issues that will be fixed for the stable release of Fleet 4.0.0. Therefore, we recommend only upgrading to Fleet 4.0.0 RC1 for testing purposes. Please file a GitHub issue for any issues discovered when testing Fleet 4.0.0!
New features breakdown
-
Add ability to define a user's access to information and features in Fleet by introducing the Admin, Maintainer, and Observer roles.
-
Add ability to separate hosts into exclusive groups with the Teams feature. The Teams feature is available for Fleet Basic customers. Check out the list below for the new functionality included with Teams:
-
Add ability to enroll hosts to one team using team specific enroll secrets.
-
Add ability to manually transfer hosts to a different team in the Fleet UI.
-
Add ability to apply unique agent options to each team. Note that "osquery options" have been renamed to "agent options."
-
Add ability to grant users access to one or more teams. This allows you to define a user's access to specific groups of hosts in Fleet.
Upgrade plan
Fleet 4.0.0 is a major release and introduces several breaking changes and database migrations.
-
Use strictly
fleet
in Fleet's configuration, API routes, and environment variables. This means that you must update all usage ofkolide
in these items. The backwards compatibility introduced in Fleet 3.8.0 is no longer valid in Fleet 4.0.0. -
Change configuration option
server_tlsprofile
toserver_tls_compatability
. This options previously had an inconsistent key name. -
Replace the use of the
api/v1/fleet/spec/osquery/options
withapi/v1/fleet/config
. In Fleet 4.0.0, "osquery options" are now called "agent options." The new agent options are moved to the Fleet application config spec file and theapi/v1/fleet/config
API endpoint. -
Enroll secrets no longer have "names" and are now either global or for a specific team. Hosts no longer store the “name” of the enroll secret that was used. Users that want to be able to segment hosts (for configuration, queries, etc.) based on the enrollment secret should use the Teams feature in Fleet Basic.
-
auth_jwt_key
andauth_jwt_key_file
are no longer accepted as configuration. -
JWT encoding is no longer used for session keys. Sessions now default to expiring in 4 hours of inactivity.
Known issues
- Query packs cannot be targeted to teams.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/v4.0.0-rc1/docs/README.md
Binary Checksum
SHA256
9e6e4db4fdb9e43e43235a0b2ad505bf03883394efd80af192e546cfcf3b3d1e fleet.zip
bdc8aa4d62fc10777cdc34a9104a9e5ff69235179f4945393aa9580769770c19 fleetctl.exe.zip
350cc1b11b2b747714f80469b9c7cde6a3d6abae9db64530ee2194e82ad83208 fleetctl-macos.tar.gz
543c5365716f08545ead4a0b07563eb3788d38ff7a54afc7c86b5f4f36694e0e fleetctl-windows.tar.gz
409baadf4b263625124695835df12d4743c1b673e24353c77b51da6b9e2209a4 fleetctl-linux.tar.gz
3.13.0
Changes
-
Improve performance of the
additional_queries
feature by moving additional query results into a separate table in the MySQL database. Please note that the/api/v1/fleet/hosts
API endpoint now return only the requested additional columns. Checkout the Fleet REST API documentation to see the changes to the hosts API endpoint here. -
Fix a bug in which running a live query in the Fleet UI would return no results and the query would seem "hung" on a small number of devices.
-
Improve viewing live query errors in the Fleet UI by including the “Errors” table in the full screen view.
-
Improve
fleetctl preview
experience by adding thefleetctl preview reset
andfleetctl preview stop
commands to reset and stop simulated hosts running in Docker. -
Add several improvements to the Fleet UI including additional contrast on checkboxes and dropdown pills.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.13.0/docs/README.md
Binary Checksum
SHA256
bf45ce36d8885ceb2d061d0ee268ebe0b095722f8e211c523676907d2b9920cb fleet.zip
4dbe9e44b04846a5cda3621e81a52f8ae85edea65eebc962937d430416c9756a fleetctl.exe.zip
a23a0ae87961638614eb7b08fbed4b9aa5db3cb926481f78e9d3227f7e1fc717 fleetctl-macos.tar.gz
1db2aa985a3ec0f65ccd88b2ab6e8fdc9607f27adb87b22d268e604841601763 fleetctl-windows.tar.gz
1714f8bd93accf2d632fbd222fa7c9ebc02b4f487c7accc231f895503191ada5 fleetctl-linux.tar.gz
3.12.0
Changes
-
Add scheduled queries to the Host details page. Surface the "Name", "Description", "Frequency", and "Last run" information for each query in a pack that apply to a specific host.
-
Improve the freshness of host vitals by adding the ability to "refetch" the data on the Host details page.
-
Add ability to copy log fields into Google Cloud Pub/Sub attributes. This allows users to use these values for subscription filters.
-
Add ability to duplicate live query results in Redis. When the
redis_duplicate_results
configuration option is set totrue
, all live query results will be copied to an additional Redis Pub/Sub channel named LQDuplicate. -
Add ability to controls the server-side HTTP keepalive property. Turning off keepalives has helped reduce outstanding TCP connections in some deployments.
-
Fix an issue on the Packs page in which Fleet would incorrectly handle the configured
server_url_prefix
.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.12.0/docs/README.md
Binary Checksum
SHA256
d444840cb2560a689512482e1602f27eefafa041fdaad9a2e56c792aa2d636c1 fleet.zip
d45b95b7cde221792dd2493ba56be70aa9269eda016147a904ba7f9ebe898677 fleetctl.exe.zip
bc3b2487d0f9e55d1bfd2726d61f3b8ed6c16fe8b3fe1d05cca7f693d8631e18 fleetctl-macos.tar.gz
5dc5d900b0ac4cc45ee66177894595686098aeac00f292545482dc7077b49381 fleetctl-windows.tar.gz
e2bb6f97c6758bba0e4f314d7da7067c5f54617d406bcd5ee82bc78c4961a4d9 fleetctl-linux.tar.gz
3.11.0
Changes
-
Improve Fleet performance by batch updating host seen time instead of updating synchronously. This improvement reduces MySQL CPU usage by ~33% with 4,000 simulated hosts and MySQL running in Docker.
-
Add support for software inventory, introducing a list of installed software items on each host's respective Host details page. This feature is flagged off by default (for now). Check out the feature flag documentation for instructions on how to turn this feature on.
-
Add Windows support for
fleetctl
agent autoupdates. Thefleetctl updates
command provides the ability to self-manage an agent update server. Available for Fleet Basic customers. -
Make running common queries more convenient by adding the ability to select a saved query directly from a host's respective Host details page.
-
Fix an issue on the Query page in which Fleet would override the CMD + L browser hotkey.
-
Fix an issue in which a host would display an unreasonable time in the "Last fetched" column.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.11.0/docs/README.md
Binary Checksum
SHA256
b0dc06c137cce0386b8fabde34da3ad63321991edbaca252e986bfae8fc53d9a fleet.zip
05b212fe4bee3e4a4b2374ec930d21c22d68708b95c89988e094f4852f43c0d6 fleetctl.exe.zip
be79e12ba2cd2a7b7bb4e0485662cb0b87fd0ed5a32e6dc779b0e2672d993433 fleetctl-macos.tar.gz
ff5da49fa62c3e4d6131da3e0ae02af22f51122fda1446e020dcf0b3198ee520 fleetctl-windows.tar.gz
6d56cb93de747eb91916b85d857bbeebaea6fe7c2b50d04a7104267358a18102 fleetctl-linux.tar.gz
3.10.1
Changes
- Fix a frontend bug that prevented the "Pack" page and "Edit pack" page from rendering in the Fleet UI. This issue occurred when the
platform
key, in the requested pack's configuration, was set to any value other thandarwin
,linux
,windows
, orall
.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.10.1/docs/README.md
Binary Checksum
SHA256
674106ae4971be40c83d14244ef7e420317c895936fddc1990e8395d50e9a1d3 fleet.zip
8dda58549dc887237bc5c0a7ca6fdf9834cc56d8a140c925c442df83b4c0b16a fleetctl.exe.zip
6cf1672332e7ae60a406a70c35a9806e2007a511c03b2f82cbfc77c1feb1cdfe fleetctl-macos.tar.gz
179e8c99831441cf5f27031f9457c9d0d36e1b55bfebc0e0347b4e89721cd7ce fleetctl-windows.tar.gz
4300ea09aeb122fef837e1957b92d3491e6637bf5fbddebfa8e7c558f044a427 fleetctl-linux.tar.gz
Note
3.10.1 unintentionally included image assets that are unused in the Fleet application, resulting in larger-than-normal binaries.
3.10.0
Changes
-
Add
fleetctl
agent auto-updates beta which introduces the ability to self-manage an agent update server. Available for Fleet Premium customers. -
Add option for Identity Provider-Initiated (IdP-initiated) Single Sign-On (SSO).
-
Improve logging. All errors are logged regardless of log level, some non-errors are logged regardless of log level (agent enrollments, runs of live queries etc.), and all other non-errors are logged on debug level.
-
Improve login resilience by adding rate-limiting to login and password reset attempts and preventing user enumeration.
-
Add Fleet version and Go version in the My Account page of the Fleet UI.
-
Improvements to
fleetctl preview
that ensure the latest version of Fleet is fired up on every run. In addition, the Fleet UI is now accessible without having to click through browser security warning messages. -
Prefer storing IPv4 addresses for host details.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.10.0/docs/README.md
Binary Checksum
SHA256
a71e6c6b30adde4464efb6484290575dad5a29ba09cf069581c7ec33778360eb fleet.zip
3acf9b7fbccf119842df5d2671cd3d9d1bac977a75f41f4ab5a60161deb7303b fleetctl.exe.zip
df676cb2a916b39c3ab009fcddae87117a319a5fce12c58b7112e5647cf9026d fleetctl-macos.tar.gz
153024a1e00dd9b99a24ad9f2f93dd1794900ba7a9f23125fe5a2f369ec7c69f fleetctl-windows.tar.gz
e26d4ddae2107c10b3870ef38666fad071cbc58735c944a553a136b93564af1d fleetctl-linux.tar.gz