API design: #33758 (OS vulnerabilities bug)#33533
Merged
noahtalerman merged 6 commits intomainfrom Nov 14, 2025
Merged
Conversation
fleet-release
previously approved these changes
Sep 26, 2025
rachaelshaw
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
rachaelshaw
commented
Sep 26, 2025
| "version": "10.0.22621.1234", | ||
| "platform": "windows", | ||
| "generated_cpes": [], | ||
| "vulnerabilities_count": 1, |
Member
Author
There was a problem hiding this comment.
Dev note
Add count.
The UI uses this number for the vuln counts in the table, and for calculating the "+ ___ more" text in the tooltip
rachaelshaw
commented
Sep 26, 2025
fleet-release
previously approved these changes
Sep 30, 2025
rachaelshaw
had a problem deploying
to
Docker Hub
GitHub Actions
Error
rachaelshaw
commented
Sep 30, 2025
fleet-release
previously approved these changes
Sep 30, 2025
rachaelshaw
had a problem deploying
to
Docker Hub
GitHub Actions
Error
rachaelshaw
commented
Sep 30, 2025
| | platform | string | query | Filters the hosts to the specified platform | | ||
| | os_name | string | query | The name of the operating system to filter hosts by. `os_version` must also be specified with `os_name` | | ||
| | os_version | string | query | The version of the operating system to filter hosts by. `os_name` must also be specified with `os_version` | | ||
| | max_vulnerabilities | integer | query | Limits the number of `vulnerabilities` returned per OS version. (If omitted, returns all vulnerabilities.) | |
Member
Author
There was a problem hiding this comment.
Dev note
New optional parameter. The UI sets this to 3.
If 0, vulnerabilities list is an empty array.
If <0, returns an error: "max_vulnerabilities must be >= 0"
rachaelshaw
commented
Sep 30, 2025
fleet-release
approved these changes
Sep 30, 2025
rachaelshaw
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
rachaelshaw
changed the title
fleet-release
approved these changes
Sep 30, 2025
rachaelshaw
changed the title
fleet-release
approved these changes
Oct 2, 2025
fleet-release
approved these changes
Oct 2, 2025
8 tasks
getvictor
added a commit
that referenced
this pull request
Nov 3, 2025
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #34500 and Resolves #33758 Video demo: https://www.youtube.com/watch?v=4HZlKG0G1B0 - Added a new aggregation table `operating_system_version_vulnerabilities` for faster queries. The table is currently used only for Linux vulnerabilities, but could be used for other OS vulnerabilities. - Added `max_vulnerabilities` parameter per [API doc](#33533) - Also added `max_vulnerabilities` parameter to `os_versions/{id}` endpoint, but not making it public since that endpoint is still slow and needs other API changes. bug #34974 - Removed `"kernels": []` from `os_versions` endpoint result # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually ## Database migrations - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added ability to limit the number of vulnerabilities displayed for operating system versions via an optional parameter. * Introduced vulnerability count tracking for operating system versions, now visible in API responses and UI displays. * Enhanced operating system vulnerability visualization with improved count-based rendering. * **Tests** * Added comprehensive test coverage for vulnerability limiting behavior across multiple operating system versions and architectures. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
getvictor
added a commit
that referenced
this pull request
Nov 3, 2025
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #34500 and Resolves #33758 Video demo: https://www.youtube.com/watch?v=4HZlKG0G1B0 - Added a new aggregation table `operating_system_version_vulnerabilities` for faster queries. The table is currently used only for Linux vulnerabilities, but could be used for other OS vulnerabilities. - Added `max_vulnerabilities` parameter per [API doc](#33533) - Also added `max_vulnerabilities` parameter to `os_versions/{id}` endpoint, but not making it public since that endpoint is still slow and needs other API changes. bug #34974 - Removed `"kernels": []` from `os_versions` endpoint result # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually ## Database migrations - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added ability to limit the number of vulnerabilities displayed for operating system versions via an optional parameter. * Introduced vulnerability count tracking for operating system versions, now visible in API responses and UI displays. * Enhanced operating system vulnerability visualization with improved count-based rendering. * **Tests** * Added comprehensive test coverage for vulnerability limiting behavior across multiple operating system versions and architectures. <!-- end of auto-generated comment: release notes by coderabbit.ai --> (cherry picked from commit ba5f02f)
fleet-release
approved these changes
Nov 12, 2025
fleet-release
previously approved these changes
Nov 12, 2025
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
fleet-release
approved these changes
Nov 14, 2025
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
noahtalerman
approved these changes
Nov 14, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes for the following bug: