fleet-v4.43.1

Bug fixes

• Fixed bug where script results would sometimes show the wrong error message when a user attempts
  to run a script on a host that has scripts disabled.
• Fixed an issue with SCEP endpoints sending back 500 status codes. Should return 400 now if bad
  data is sent to SCEP API.
• Fixed text and icon alignment UI bug.
• Fixed message for script execution timeout.
• Fixed failed scripts showing the wrong error.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

c99fc876d59643f0ec953f18ea032e79c8aacbf9c40b776e4a0b4463455d664a  fleet_v4.43.1_linux.tar.gz
28d376d342cfc3fb69b9b080cd3496e1e4319bb120a6fcef87981b4f5e2bcb07  fleetctl_v4.43.1_linux.tar.gz
4ba47443a1930700b0c479e6b43a05213e198ee6662c249a094cf1499827a88b  fleetctl_v4.43.1_linux.zip
c479ac0319a70a1b959fc944a2fb54e7bad14b0790c577f7c3833b953ed0ccfb  fleetctl_v4.43.1_macos.tar.gz
0dd44ceef78ecf73da7128e8eddc53112d8f03f03fbae1afa41d2ac901c065b4  fleetctl_v4.43.1_macos.zip
cbd28eea3d1c057d898c3a69dc5034db4cfec105ba4072eed79609bf0b61b8b3  fleetctl_v4.43.1_windows.tar.gz
66236a0a5d98a2258df96b8a9938467062a502303307e536d452e52994e89a7d  fleetctl_v4.43.1_windows.zip

fleet-v4.43.0

Changes

• Endpoint operations:

  • Added new POST /api/v1/fleet/queries/:id/run endpoint for synchronous live queries.
  • Added PUT /api/fleet/orbit/device_mapping and PUT /api/v1/fleet/hosts/{id}/device_mapping endpoints for setting or replacing custom email addresses.
  • Added experimental --end-user-email flag to fleetctl package for .msi installer bundling.
  • Added host_count_updated_at to policy API responses.
  • Added ability to query by host display name via list hosts endpoint.
  • Added gigs_total_disk_space to host endpoint responses.
  • Added ability to remotely configure fleetd update channels in agent options (Fleet Premium only, requires fleetd >= 1.20.0).
  • Improved error message for osquery log write failures.
  • Protect live query performance by limiting results per live query.
  • Improved error handling and validation for /api/fleet/orbit/device_token and other endpoints.

• Device management (MDM):

  • Added check for custom end user email fields in enrollment profiles.
  • Modified hosts and labels endpoints to include only user-defined Windows MDM profiles.
  • Improved profile verification logic for 'pending' profiles.
  • Updated enrollment process so that fleetd auto-installs on Apple hosts enabling MDM features manually.
  • Extended script execution timeout to 5 minutes.
  • Extended Script disabling functionality to various script endpoints and fleetctl.

Bug fixes and improvements

• Fix profiles incorrectly being marked as "Failed".
  • NOTE: If you are using MDM features and have already upgraded to v4.42.0, you will need to take manual steps to resolve this issue. Please follow these instructions to reset your profiles.
• Added tooltip to policies page stating when policy counts were last updated.
• Added bold styling to profile name in custom profile activity logs.
• Implemented style tweaks to the nudge preview on OS updates page.
• Updated sort query results and reports case sensitivity and default to sorting.
• Added disk size indication when disk is full.
• Replaced 500 error with 409 for token conflicts with another host.
• Fixed script output text formatting.
• Fixed styling issues in policy automations modal and nudge preview on OS updates page.
• Fixed loading spinner not appearing when running a script on a host.
• Fixed duplicate view all hosts link in disk encryption table.
• Fixed tooltip text alignment UI bug.
• Fixed missing 'Last restarted' values when filtering hosts by label.
• Fixed broken link on callout box on host details page.
• Fixed bugs in searching hosts by email addresses and filtering by labels.
• Fixed a bug where the host details > software > munki issues section was sometimes displayed erroneously.
• Fixed a bug where OS compatibility was not correctly calculated for certain queries.
• Fixed issue where software title aggregation was not running during vulnerability scans.
• Fixed an error message bug for password length on new user creation.
• Fixed a bug causing misreporting of vulnerability scanning status in analytics.
• Fixed issue with query results reporting after discard data is enabled.
• Fixed a bug preventing label selection while the label search field was active.
• Fixed bug where fleetctl did not allow placement of --context and --debug flags following certain commands.
• Fixed a validation bug allowing overrides.platform to be set to null.
• Fixed fleetctl issue with creating a new query when running a query by name.
• Fixed a bug that caused vulnerability scanning status to be misreported in analytics.
• Fixed CVE tooltip bullets on the software page.
• Fixed a bug that didn't allow enabling team disk encryption if macOS MDM was not configured.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

edb90db5125604b243b75f5867aaa9f86703e7c788841173d6884a1aa30be2e3  fleet_v4.43.0_linux.tar.gz
3fbf7cb075336d21ba179f45a69e8eee63d3075bc34d29ab98a69c4ea7e27c76  fleetctl_v4.43.0_linux.tar.gz
87459a61c38f2613d52e6d7b3b102b9ad7e9dfc5a41069c6f3bcea82822d22fb  fleetctl_v4.43.0_linux.zip
3aed0156befca22f192922c94542111eeaba7a0bc51936c43b1cae0cba1497ff  fleetctl_v4.43.0_macos.tar.gz
47bff2b572168328683428a4ac97a57e6c1a0bd533d37e8406d8bf64cb79b75f  fleetctl_v4.43.0_macos.zip
d949541f0f008883f135144f49cb73e273d43e150f70c3dc8c4c721f2740c16e  fleetctl_v4.43.0_windows.tar.gz
479dcd633e5cc7e9db28a04ebd2043e01c94e677c0d71a7228fb51f991d4ad40  fleetctl_v4.43.0_windows.zip

fleet-v4.42.0

NOTE: There is a critical bug in Fleet v4.42.0. This might affect your Fleet if you’re using MDM features. If you’re using MDM features, please wait until v4.43.0 to upgrade Fleet. If you’ve already upgraded to v4.42.0 and run into this bug, follow the instructions for resolving the issue here.

Changes

• Endpoint operations:

  • Added fleet/device/{token}/ping endpoint for agent token checks.
  • Added GET /hosts/{id}/health endpoint for host health data.
  • Added --host-identifier option to fleetd for enrolling with a random identifier.
  • Added capability to look up hosts based on IdP email.
  • Updated manage hosts UI to filter hosts by software_version_id and software_title_id.
  • Added ability to filter hosts by software_version_id and software_title_id in various endpoints.
  • NOTE: Database migrations may take up to five minutes to complete based on number of software items.
  • Live queries now collect and display updated stats.
  • Live query stats are cleared when query SQL is modified.
  • Added UI features to incorporate new live query stats.
  • Improved host query reports and host detail query tab UI.
  • Added firehose delivery addon update for improved data handling.

• Vulnerability management:

  • Added GET /software/versions and GET /software/versions/{id} endpoints for software version management.
  • Deprecated GET /software and GET /software/{id} endpoints.
  • Added new software pages in Fleet UI, including software titles and versions.
  • Resolved scan error during OVAL vulnerability processing.

• Device management (MDM):

  • Removed the FLEET_DEV_MDM_ENABLED feature flag for Windows MDM.
  • Enabled fleetctl to configure Windows MDM profiles for teams and "no team".
  • Added database tables to support the Windows profiles feature.
  • Added support to configure Windows OS updates requirements.
  • Introduced new MDM profile endpoints: POST /mdm/profiles, DELETE /mdm/profiles/{id}, GET /mdm/profiles/{id}, GET /mdm/profiles, GET /mdm/profiles/summary.
  • Added validation to disallow custom MDM profiles with certain names.
  • Added deployment of Windows OS updates settings to targeted hosts.
  • Changed the Apple profiles ID to a prefixed UUID format.
  • Enabled targeting hosts by serial number in fleetctl run-script and fleetctl mdm run-command.
  • Added UI for uploading, deleting, downloading, and viewing Windows custom MDM profiles.

Bug fixes and improvements

• Updated Go version to 1.21.5.
• Query reports now only show results for hosts with user permissions.
• Global observers can now see all queries regardless of the observerCanRun value.
• Added whitespace rendering in policy descriptions and resolutions.
• Added truncation to dropdown options in query tables documentation.
• POST /api/v1/fleet/scripts/run/sync timeout now returns error code 408 instead of 504.
• Fixed possible deadlocks in software data ingestion and host_batteries upsert.
• Fixed button text wrapping in UI for Settings > Integrations > MDM.
• Fixed a bug where opening a modal on the Users page reset the table to the first page.
• Fixed a bug preventing label selection while the label search field was active.
• Fixed issues with UI loading indicators and placeholder texts.
• Fixed a fleetctl issue where running a query by name created a new query instead of using the existing one.
• Fixed installed_from_dep in mdm_enrolled activity for DEP device re-enrollment.
• Fixed a bug in line breaks affecting UI functionality.
• Fixed Syncml cmd data support for raw data.
• Added "copied!" message to the copy button on inputs.
• Fixed an edge case where caching could lead to lost organization settings in multiple instance scenarios.
• Fixed GET /hosts/{id}/health endpoint reporting.
• Fixed validation bugs allowing overrides.platform field to be set to null.
• Fixed an issue with policy counts showing 0 post-upgrade.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

f04c192313dccac982409ddca05ba13e636af0685d74aa0ee602784ecf438abb  fleet_v4.42.0_linux.tar.gz
f33bb2d63b10c447deb07c1c07362f8f2b6a506dad151c81f91693c4cde6ee49  fleetctl_v4.42.0_linux.tar.gz
5dbdeb015906ad92481c727807c460f04cf0e8d382b18cad4fdee446852c03a3  fleetctl_v4.42.0_linux.zip
591da2e02708c026535b821c28af316a005c4eae62800aa89c7228b7cde5546c  fleetctl_v4.42.0_macos.tar.gz
e58fe9e620f849a39e87d352c327cece59c1f3b5603e7854e67b0da02bdc8ab9  fleetctl_v4.42.0_macos.zip
e4c60c42bc5f7f51e706f06fa93f17ffbab129d76275d4c42b3b029cc876c7cd  fleetctl_v4.42.0_windows.tar.gz
e4362c74998031139fe51a022262174b58e50ebd996905154206140dd0f3511b  fleetctl_v4.42.0_windows.zip

fleet-v4.41.1

Bug fix

• Fixed logging of results for scheduled queries configured outside of Fleet when server_settings.query_reports_disabled is set to true.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

0e22bad11fb7dc2709d95b4585271967ceec89a1e1d25f011c15eefa30b22af0  fleet_v4.41.1_linux.tar.gz
0a7616f6e5cacaa40d6eaf8be557caa5480c0b02c6186f0baffac1e8b8494517  fleetctl_v4.41.1_linux.tar.gz
64895941f38bd495a6901863d1a595604a6adcb95e695429d87f1c9ca58b49ef  fleetctl_v4.41.1_linux.zip
8224ab34185e45440d7cbec7400b191cb762aac6be21538572016ac19948d917  fleetctl_v4.41.1_macos.tar.gz
97ff2b5b9903a9bf9a8c35c8d03a6b9390a1e8d19db4d26367cc1864fddb19a4  fleetctl_v4.41.1_macos.zip
b73d15865095ca377932e7a7f6390b3ac2967f961516c140a587d1ba00e8763b  fleetctl_v4.41.1_windows.tar.gz
1bd0338b3dec1cb9231c9efacf938af33651ca768e789fdc95c306bd1f931a9d  fleetctl_v4.41.1_windows.zip

fleet-v4.41.0

IMPORTANT:

• There’s a critical bug in Fleet 4.41.0.
• This bug only affects you if you use query packs, set a custom pack_delimiter in agent options, or manage queries outside of Fleet (ex. via Chef).
• If this sounds like your Fleet, please wait to upgrade to 4.41.0.
• We’re working on cutting a patch (4.41.1) ASAP.

(2023-12-06)

Changes

• Endpoint operations:

  • Enhanced fleetctl and API to support PowerShell (.ps1) scripts.
  • Updated several API endpoints to support os_settings filter, including Windows profiles status.
  • Enabled after parameter for improved pagination in various endpoints.
  • Improved the fleet/queries/run endpoint with better error handling.
  • Increased frequency of metrics reporting from Fleet servers to daily.
  • Added caching for policy results in MySQL for faster operations.

• Device management (MDM):

  • Added database tables for Windows profiles support.
  • Added validation for WSTEP certificate and key pair before enabling Windows MDM.
  • Introduced support for Windows PowerShell scripts in the UI.

• Vulnerability management:

  • Fleet now uses NVD API 2.0 for CVE information download.
  • Added support for JetBrains application vulnerability data.
  • Tightened software matching to reduce false positives.
  • Stopped reporting Atom editor packages in software inventory.

• UI improvements:

  • Updated activity feed for better communication around JIT-provisioned user logins.
  • Query report now displays the host's display name instead of the hostname.
  • Improved UI components like the manage page's label filter and edit columns modal.
  • Enabled all sort headers in the UI to be fully clickable.
  • Removed the creation of OS policies from a host's operating system in the UI.
  • Ensured correct settings visibility in the Settings > Advanced section.

Bug fixes

• Fixed long result cell truncation in live query results and query reports.
• Fixed a Redis cluster mode detection issue for RedisLabs hosted instances.
• Fixed a false positive vulnerability report for Citrix Workspace.
• Fixed an edge case sorting bug related to the last_restarted value for hosts.
• Fixed an issue with creating .deb installers with different enrollment keys.
• Fixed SMTP configuration validation issues for TLS-only servers.
• Fixed caching of team MDM configurations to improve performance at scale.
• Fixed delete pending issue during orbit.exe installation.
• Fixed a bug causing the disk encryption key banner to not display correctly.
• Fixed various error code inconsistencies across endpoints.
• Fixed filtering hosts with invalid team_id now returns a 400 error.
• Fixed false positives in software matching for similar names.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

bc5dd476ea4108d2d26ea4eab99504f02492633c6f8fa9db01f8511099c9f57e  fleet_v4.41.0_linux.tar.gz
03da62accda22d3434d6be235e9b910e04b21aee84085097369707451dc4d219  fleetctl_v4.41.0_linux.tar.gz
ec10a2193a9075b668126b3700189c7fef232978ce8f3504128203afc865a619  fleetctl_v4.41.0_linux.zip
83d78374afdc8d49da20bbbd6fec966b082725aa4060c845f13c0efc7d607182  fleetctl_v4.41.0_macos.tar.gz
1390320c14410c298f4298bd171b257ca8fde0061a62388d5cab1f04c501e062  fleetctl_v4.41.0_macos.zip
7e5eb0b48c15670d75b34acbf8f9f9a470fad76a7c20d77b79e715a56a890f74  fleetctl_v4.41.0_windows.tar.gz
255f6260d5f7f76e7d279a649879d9a27d45a78b916ffbdb1303bc707ab3a745  fleetctl_v4.41.0_windows.zip

fleet-v4.40.0

Changes

• Endpoint operations:

  • New tables added to the fleetd extension: app_icons, falconctl_options, falcon_kernel_check, cryptoinfo, cryptsetup_status, filevault_status, firefox_preferences, firmwarepasswd, ioreg, and windows_updates.
  • CIS support for Windows 10 is updated to the lates CIS document CIS_Microsoft_Windows_10_Enterprise_Benchmark_v2.0.0.

• Device management (MDM):

  • Introduced support for MS-MDM management protocol.
  • Added a host detail query for Windows hosts to ingest MDM device id and updated the Windows MDM device enrollment flow.
  • Implemented --context and --debug flags for fleetctl mdm run-command.
  • Support added for fleetctl mdm run-command on Windows hosts.
  • macOS hosts with MDM features via SSO can now run sudo profiles renew --type enrollment.
  • Introduced GET mdm/commandresults endpoint to retrieve MDM command results for Windows and macOS.
  • fleetctl get mdm-command-results now uses the new above endpoint.
  • Added POST /fleet/mdm/commands/run platform-agnostic endpoint for MDM commands.
  • Introduced API for recent Windows MDM commands via fleetctl and the API.

• Vulnerability management:

  • Added vulnerability data support for JetBrains apps with similar names (e.g., IntelliJ IDEA.app vs. IntelliJ IDEA Ultimate.app).
  • Apple Rapid Security Response version added to macOS host details (requires osquery v5.9.1 on macOS devices).
  • For ChromeOS hosts, software now includes chrome extensions.
  • Updated vulnerability processing to omit software without versions.
  • Resolved false positives in vulnerabilities for Chrome and Firefox extensions.

• UI improvements:

  • Fleet tables in UI reset rows upon filter/search/page changes.
  • Improved handling when deleting a large number of hosts; operations now continue in the background after 30 seconds.
  • Added the ability for Observers and Observer+ to view policy resolutions.
  • Improved app settings clarity for premium users regarding usage statistics.
  • UI buttons for live queries or policies are now disabled with a tooltip if live queries are globally turned off.
  • Observers and observer+ can now run existing policies in the UI.

Bug fixes and improvements

• REST API:

  • Overhauled REST API input validation for several endpoints (hosts, carves, users).
  • Validation error status codes switched from 500 to 400 for clarity.
  • Numerous new validations added for policy details, os_name/version, etc.
  • Addressed issues in /fleet/sso and /mdm/apple/enqueue endpoints.
  • Updated response codes for several other endpoints for clearer error handling.

• Logging and debugging:

  • Updated Apple Business Manager terms logging behavior.
  • Refined the copy of the ABM terms banner for better clarity.
  • Addressed a false positive CVE detection on the certifi python package.
  • Fixed a logging issue with Fleet's Cloudflare WARP software version ingestion for Windows.

• UI fixes:

  • Addressed UI bugs for the "Turn off MDM" action display and issues with the host details page's banners.
  • Fixed narrow viewport EULA display issue on the Windows TOS page.
  • Rectified team dropdown value issues and ensured consistent help text across query and policy creation forms.
  • Fixed issues when applying config changes without MDM features enabled.

• Others:

  • Removed the capability for Premium customers to disable usage statistics. Further information provided in the Fleet documentation.
  • Retired creating OS policies from host OSes in the UI.
  • Addressed issues in Live Queries with the POST /fleet/queries/run endpoint.
  • Introduced database migrations for Windows MDM command tables.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

2188bd5d301fae70ecaf39f43ed3fa41216924d3e6dcd9e753c0664283addbf5  fleetctl_v4.40.0_macos.zip
2d2a0c97e0c360bdc77e38097a06861512191c07d1adbdf98dd7690dec503b33  fleet_v4.40.0_linux.tar.gz
55754107b9be9f8d3b5d5fc7daf2dcb2196cefb071408857d9ea215080e56dbc  fleetctl_v4.40.0_linux.zip
6537ad561dd1e82b1ea5345677576ecf2593d7604977514df519feee2226d2ee  fleetctl_v4.40.0_linux.tar.gz
ae34af952e470c1dd84f2149d7e20cf8bbe7269e2e466beef2ded584c9701a7b  fleetctl_v4.40.0_windows.zip
d725be4371f0c6efa5d9e6f7749f599afda97fc6222b2a9ec3da6b055526e7b4  fleetctl_v4.40.0_macos.tar.gz
f32d4ef6eefd252d0a83f0b79d0e1d15022670ab9c1ea2abf1cfb7e93761164f  fleetctl_v4.40.0_windows.tar.gz

fleet-v4.39.0

Changes

• Added ability to store results of scheduled queries:

  • Will store up to 1000 results for each scheduled query.
  • If the number of results for a scheduled query is below 1000, then the results will continuously get updated every time the hosts send results to Fleet.
  • Introduced server_settings.query_reports_disabled field in global configuration to disable this feature.
  • New API endpoint: GET /api/_version_/fleet/queries/{id}/report.
  • New field discard_data added to API queries endpoints for toggling report storage for a query. For yaml configurations, use discard_data: true to disable result storage.
  • Enhanced osquery result log validation.
  • NOTE: This feature enables storing more query data in Fleet. This may impact database performance, depending on the number of queries, their frequency, and the number of hosts in your Fleet instance. For large deployments, we recommend monitoring your database load while gradually adding new query reports to ensure your database is sized appropriately.

• Added scripts tab and table for host details page.

• Added support to return the decrypted disk encryption key of a Windows host.

• Added GET /hosts/{id}/scripts endpoint to retrieve status details of saved scripts for a host.

• Added mdm.os_settings to GET /api/v1/hosts/{id} response.

• Added POST /api/fleet/orbit/disk_encryption_key endpoint for Windows hosts to report bitlocker encryption key.

• Added activity logging for script operations (add, delete, edit).

• Added UI for scripts on the controls page.

• Added API endpoints for script management and updated existing ones to accommodate saved script ID.

• Added GET /mdm/disk_encryption/summary endpoint for disk encryption summaries for macOS and Windows.

• Added os_settings and os_settings_disk_encryption filters to various GET endpoints for host filtering based on OS settings.

• Enhanced GET hosts/:id API response to include more detailed disk encryption data for device client errors.

• Updated controls > disk encryption and host details page to include Windows bitlocker information.

• Improved styling for host details/device user failing policies display.

• Disabled multicursor editing for SQL editors.

• Deprecated mdm.macos_settings.enable_disk_encryption in favor of mdm.enable_disk_encryption.

• Updated Go version to 1.21.3.

Bug fixes

• Fixed script content and output formatting issues on the scripts detail modal.

• Fixed a high database load issue in the Puppet match endpoint.

• Fixed setup flows background not covering the entire viewport when resized to some sizes.

• Fixed a bug affecting OS settings information retrieval regarding disk encryption status for Windows hosts.

• Fixed SQL parameters used in the /api/latest/fleet/labels/{labelID}/hosts endpoint for certain query parameters, addressing issue 13809.

• Fixed Python's CVE-2021-42919 false positive on macOS which should only affect Linux.

• Fixed a bug causing DEP profiles to sometimes not get assigned correctly to hosts.

• Fixed an issue in the bulk-set of MDM Apple profiles leading to excessive placeholders in SQL.

• Fixed max-height display issue for script content and output in the script details modal.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

034e5829448a4d06442f983ee14ff82ed4d620933c473e51fc1bdc852d59571d  fleetctl_v4.39.0_windows.zip
0f100db2daf7542ee03653f573148e058fcb2833997ec8a0293e50c772f6f87b  fleetctl_v4.39.0_macos.tar.gz
42b2ce1a17eb90a5b57c9ddebcfe967393324ea8396e33bc02b2c20dd07143ac  fleet_v4.39.0_linux.tar.gz
549e997efba2742543910193f1bbff03d42354c951f889a639f8e1e0df7ec54c  fleetctl_v4.39.0_linux.zip
9ce3bcb6a0969ae8c255276297f38fa8c93cfa3debf8d3271217345d4a07c976  fleetctl_v4.39.0_windows.tar.gz
ba0e9853f13a40732449f67391258545ba34c17994df6723f9281205f825f576  fleetctl_v4.39.0_linux.tar.gz
bbaeab22b759aed727f047f2c2b2ea1078986d5b71ae6d648036cb2a972b9e80  fleetctl_v4.39.0_macos.zip

fleet-v4.38.1

Bug Fixes

• Fixed a bug that would cause live queries to stall if a detail query override was set for a team.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

130adae8b0d549103dff08ff5cb8d1f564ab6aee19bc44f3c7845de336b3d768  fleet_v4.38.1_linux.tar.gz
1980696c5380c0ba5e21f0647e515d04a59a8af1e9d000c2e4bc235b7665bc7f  fleetctl_v4.38.1_macos.zip
51ce32f990575bb92517ee56b06f8baf3795575ccc813a0914630a5bdf5b7be9  fleetctl_v4.38.1_linux.zip
9722f98dae7b1504208eed6f918b652c07b365aeb15317b7b7751f7d23cde0ba  fleetctl_v4.38.1_windows.tar.gz
a4d7af50a2f206a7c6de3ff62613c1e46075fb7f90d81132e10aeca47fde6d5f  fleetctl_v4.38.1_linux.tar.gz
dc5c32b8117b0a12340012463c00644785a8e9c599adf7ed9ae8f4c7e28cf7c1  fleetctl_v4.38.1_macos.tar.gz
e751948df71e7f258abd684a31e144b4f2bd6beacc4cc7cac71327380d02b45b  fleetctl_v4.38.1_windows.zip

fleet-v4.38.0

Changes

• Updated MDM profile verification so that an install profile command will be retried once if the command resulted in an error or if osquery cannot confirm that the expected profile is installed.

• Ensured post-enrollment commands are sent to devices assigned to Fleet in ABM.

• Ensured hosts assigned to Fleet in ABM come back to pending to the right team after they're deleted.

• Added labels to the fleetd extensions feature to allow deploying extensions to hosts that belong to certain labels.

• Changed fleetd Windows extensions file extension from .ext to .ext.exe to allow their execution on Windows devices (executables on Windows must end with .exe).

• Surfaced chrome live query errors to Fleet UI (including errors for specific columns while maintaining successful data in results).

• Fixed delivery of fleetd extensions to devices to only send extensions for the host's platform.

• (Premium only) Added resolved_in_version to /fleet/software APIs pulled from NVD feed.

• Added database migrations to create the new scripts table to store saved scripts.

• Allowed specifying disable_failing_policies on the /api/v1/fleet/hosts/report API endpoint for increased performance. This is useful if the user is not interested in counting failed policies (issues column).

• Added the option to use locally-installed WiX v3 binaries when generating the Fleetd installer for Windows on a Windows machine.

• Added CVE descriptions to the /fleet/software API.

• Restored the ability to click on and select/copy text from software bundle tooltips while maintaining the abilities to click the software's name to get more details and to click anywhere else in the row to view all hosts with that software installed.

• Stopped 1password from overly autofilling forms.

• Upgraded Go version to 1.21.1.

Bug Fixes

• Fixed vulnerability mismatch between the flock browser and the discoteq/flock binary.

• Fixed v4.37.0 performance regressions in the following API endpoints:

  • /api/v1/fleet/hosts/report
  • /api/v1/fleet/hosts when using per_page=0 or a large number for per_page (in the thousands).

• Fixed script content and output formatting on the scripts detail modal.

• Fixed wrong version numbers for Microsoft Teams in macOS (from invalid format of the form 1.00.XYYYYY to correct format 1.X.00.YYYYY).

• Fixed false positive CVE-2020-10146 found on Microsoft Teams.

• Fixed CVE-2013-0340 reporting as a valid vulnerability due to NVD recommendations.

• Fixed save button for a new policy after newly creating another policy.

• Fixed empty query/policy placeholders.

• Fixed used by data when filtering hosts by labels.

• Fixed small copy and alignment issue with status indicators in the Queries page Automations column.

• Fixed strict checks on Windows MDM Automatic Enrollment.

• Fixed software vulnerabilities time ago column for old CVEs.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

1726447569f5bf476916375e989c9e3f17c5ae6ebc684ee33471981dee4260c5  fleetctl_v4.38.0_linux.tar.gz
173cad4a08496654a2a00944759796665dc72b565a767a2c3c8a183a89eb45ee  fleet_v4.38.0_linux.tar.gz
39ba4a75bc7d87c757b1b5672507f89e6f13e515d593d1c0d219f6ae36dd1dee  fleetctl_v4.38.0_linux.zip
84c0ac95bd399c96c2ccd2d2deb161757f83ed49caae819cc243493eda800e9a  fleetctl_v4.38.0_windows.zip
d1d6b3d14b4cb003f207d3f59682443a2d8d552d8427c6dcff5fdf9aa46d05c4  fleetctl_v4.38.0_windows.tar.gz
d845e5d9f63b9b56e73d791477349e65236acb833e6009ed99771af19cdce49a  fleetctl_v4.38.0_macos.zip
f6e735da4bf6c41dab3c30d9c6709d73fc90308dfa28603f8c382c795b7d57b3  fleetctl_v4.38.0_macos.tar.gz

fleet-v4.37.0

Changes

• Added /scripts/run and scripts/run/sync API endpoints to send a script to be executed on a host and optionally wait for its results.

• Added POST /api/fleet/orbit/scripts/request and POST /api/fleet/orbit/scripts/result Orbit-specific API endpoints to get a pending script to execute and send the results back, and added an Orbit notification to let the host know it has scripts pending execution.

• Improved performance at scale when applying hundreds of policies to thousands of hosts via fleetctl apply.

  • IMPORTANT: In previous versions of Fleet, there was a performance issue (thundering herd) when applying hundreds of policies on a large number of hosts. To avoid this, make sure to deploy this version of Fleet, and make sure Fleet is running for at least 1h (or the configured FLEET_OSQUERY_POLICY_UPDATE_INTERVAL) before applying the policies.

• Added pagination to the policies API to increase response time.

• Added policy count endpoints to support pagination on the frontend.

• Added an endpoint to report fleetd errors.

• Added logic to report errors during MDM migration.

• Added support in fleetd to execute scripts and send back results (disabled by default).

• Added an activity log when script execution was successfully requested.

• Automatically set the DEP profile to be the same as "no team" (if set) for teams created using the /match endpoint (used by Puppet).

• Added JumpCloud to the list of well-known MDM solutions.

• Added fleetctl run-script command.

• Made all table links right-clickable.

• Improved the layout of the MDM SSO pages.

• Stored user email when a user turned on MDM features with SSO enabled.

• Updated the copy and image displayed on the MDM migration modal.

• Upgraded Go to v1.19.12.

• Updated the macadmins/osquery-extension to v0.0.15.

• Updated nanomdm dependency.

Bug Fixes

• Fixed a bug where live query UI and export data tables showed all returned columns.

• Fixed a bug where Jira and/or Zendesk integrations were being removed when an unrelated setting was changed.

• Fixed software ingestion to not re-insert software when incoming fields from hosts were longer than what Fleet supports. This bug caused some CVEs to be reported every time the vulnerability cron ran.

  • IMPORTANT: After deploying this fix, the vulnerability cron will report the CVEs one last time, and subsequent cron runs will not report the CVE (as expected).

• Fixed duplicate policy names in ee/cis/win-10/cis-policy-queries.yml.

• Fixed typos in policy queries in the Windows CIS policies YAML (ee/cis/win-10/cis-policy-queries.yml).

• Fixed a bug where query stats (aka Performance impact) were not being populated in Fleet.

• Added validation to fleetctl apply for duplicate policy names in the YAML file and attempting to change the team of an existing policy.

• Optimized host queries when using policy statuses.

• Changed the authentication method during Windows MDM enrollment to use LoadHostByOrbitNodeKey instead of HostByIdentifier.

• Fixed alignment on long label names on host details label filter dropdown.

• Added UI for script run activity and script details modal.

• Fixed queries navigation bar bug where if in query detail, you could not navigate back to the manage queries table.

• Made policy resolutions that include URLs clickable in the UI.

• Fixed Fleet UI custom query frequency display.

• Fixed live query filter icon and various other live query icons.

• Fixed Fleet UI tabs highlight while tabbing but not on multiple clicks.

• Fixed double scrollbar bug on dashboard page.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

5b73d46dc7a653b4c7fc51d4babf1d4df3daad8b0c39e3605e091a5a67f2e89e  fleet_v4.37.0_linux.tar.gz
8411493175922a445f20a79b079ee28b266e9c5a6d15a5e4f8334a6418a703ec  fleetctl_v4.37.0_macos.tar.gz
b1f72ef5bd8b3d0b35103177d21de7cb33e5fd0318b64728efe92eb232c9fb8c  fleetctl_v4.37.0_linux.tar.gz
b5f35b14803dc06fefac1a361e7e5449b7a16c7731e1b4fb84a655ab4f15e278  fleetctl_v4.37.0_macos.zip
c1a3085026a078745355e8b7f24f56aa5c34dda03f79642d72c37b07a917c5e4  fleetctl_v4.37.0_windows.tar.gz
c4efd94d6ed278e4ec1202c5239d866293aa4b36a51a60f9960508faace97981  fleetctl_v4.37.0_windows.zip
d006052aa2af43375f1221f199f42e43e0e8bcd8958c0c86b780683a1a9c120e  fleetctl_v4.37.0_linux.zip