Skip to content

Releases: fleetdm/fleet

fleet-v4.37.0

08 Sep 19:19
@github-actions github-actions
fleet-v4.37.0
a745c3a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.37.0

Changes

  • Added /scripts/run and scripts/run/sync API endpoints to send a script to be executed on a host and optionally wait for its results.

  • Added POST /api/fleet/orbit/scripts/request and POST /api/fleet/orbit/scripts/result Orbit-specific API endpoints to get a pending script to execute and send the results back, and added an Orbit notification to let the host know it has scripts pending execution.

  • Improved performance at scale when applying hundreds of policies to thousands of hosts via fleetctl apply.

    • IMPORTANT: In previous versions of Fleet, there was a performance issue (thundering herd) when applying hundreds of policies on a large number of hosts. To avoid this, make sure to deploy this version of Fleet, and make sure Fleet is running for at least 1h (or the configured FLEET_OSQUERY_POLICY_UPDATE_INTERVAL) before applying the policies.

  • Added pagination to the policies API to increase response time.

  • Added policy count endpoints to support pagination on the frontend.

  • Added an endpoint to report fleetd errors.

  • Added logic to report errors during MDM migration.

  • Added support in fleetd to execute scripts and send back results (disabled by default).

  • Added an activity log when script execution was successfully requested.

  • Automatically set the DEP profile to be the same as "no team" (if set) for teams created using the /match endpoint (used by Puppet).

  • Added JumpCloud to the list of well-known MDM solutions.

  • Added fleetctl run-script command.

  • Made all table links right-clickable.

  • Improved the layout of the MDM SSO pages.

  • Stored user email when a user turned on MDM features with SSO enabled.

  • Updated the copy and image displayed on the MDM migration modal.

  • Upgraded Go to v1.19.12.

  • Updated the macadmins/osquery-extension to v0.0.15.

  • Updated nanomdm dependency.

Bug Fixes

  • Fixed a bug where live query UI and export data tables showed all returned columns.

  • Fixed a bug where Jira and/or Zendesk integrations were being removed when an unrelated setting was changed.

  • Fixed software ingestion to not re-insert software when incoming fields from hosts were longer than what Fleet supports. This bug caused some CVEs to be reported every time the vulnerability cron ran.

    • IMPORTANT: After deploying this fix, the vulnerability cron will report the CVEs one last time, and subsequent cron runs will not report the CVE (as expected).

  • Fixed duplicate policy names in ee/cis/win-10/cis-policy-queries.yml.

  • Fixed typos in policy queries in the Windows CIS policies YAML (ee/cis/win-10/cis-policy-queries.yml).

  • Fixed a bug where query stats (aka Performance impact) were not being populated in Fleet.

  • Added validation to fleetctl apply for duplicate policy names in the YAML file and attempting to change the team of an existing policy.

  • Optimized host queries when using policy statuses.

  • Changed the authentication method during Windows MDM enrollment to use LoadHostByOrbitNodeKey instead of HostByIdentifier.

  • Fixed alignment on long label names on host details label filter dropdown.

  • Added UI for script run activity and script details modal.

  • Fixed queries navigation bar bug where if in query detail, you could not navigate back to the manage queries table.

  • Made policy resolutions that include URLs clickable in the UI.

  • Fixed Fleet UI custom query frequency display.

  • Fixed live query filter icon and various other live query icons.

  • Fixed Fleet UI tabs highlight while tabbing but not on multiple clicks.

  • Fixed double scrollbar bug on dashboard page.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

5b73d46dc7a653b4c7fc51d4babf1d4df3daad8b0c39e3605e091a5a67f2e89e  fleet_v4.37.0_linux.tar.gz
8411493175922a445f20a79b079ee28b266e9c5a6d15a5e4f8334a6418a703ec  fleetctl_v4.37.0_macos.tar.gz
b1f72ef5bd8b3d0b35103177d21de7cb33e5fd0318b64728efe92eb232c9fb8c  fleetctl_v4.37.0_linux.tar.gz
b5f35b14803dc06fefac1a361e7e5449b7a16c7731e1b4fb84a655ab4f15e278  fleetctl_v4.37.0_macos.zip
c1a3085026a078745355e8b7f24f56aa5c34dda03f79642d72c37b07a917c5e4  fleetctl_v4.37.0_windows.tar.gz
c4efd94d6ed278e4ec1202c5239d866293aa4b36a51a60f9960508faace97981  fleetctl_v4.37.0_windows.zip
d006052aa2af43375f1221f199f42e43e0e8bcd8958c0c86b780683a1a9c120e  fleetctl_v4.37.0_linux.zip
Assets 10
Loading

fleet-v4.36.0

17 Aug 23:06
@github-actions github-actions
fleet-v4.36.0
1260db9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.36.0

Changes

  • Added the fleetctl upgrade-packs command to migrate 2017 packs to the new combined schedule and query concept.

  • Updated fleetctl convert to convert packs to the new combined schedule and query format.

  • Updated the POST /mdm/apple/profiles/match endpoint to set the bootstrap package and enable end user authentication settings for each new team created via the endpoint to the corresponding values specified in the app config as of the time the applicable team is created.

  • Added enroll secret for a new team created with fleetctl apply if none is provided.

  • Improved SQL autocomplete with dynamic column, table names, and shown metadata.

  • Cleaned up styling around table search bars.

  • Updated MDM profile verification to fix issue where profiles were marked as failed when a host
    is transferred to a newly created team that has an identical profile as an older team.

  • Added windows MDM automatic enrollment setup pages to Fleet UI.

  • (Beta) Allowed configuring Windows MDM certificates using their contents.

  • Updated the icons on the dashboard to new grey designs.

  • Ensured DEP profiles are assigned even for devices that already exist and have an op type = "modified".

  • Disabled save button for invalid query or policy SQL & missing name.

  • Users with no global or team role cannot access the UI.

  • Text cells truncate with ellipses if longer than column width.

Bug Fixes:

  • Fixed styling issue of the active settings tab.

  • Fixed response status code to 403 when a user cannot change their password either because they were not requested to by the admin or they have Single-Sign-On (SSO) enabled.

  • Fixed issues with end user migration flow.

  • Fixed login form cut off when viewport is too short.

  • Fixed bug where os_version endpoint returned 404 for no teams on controls page.

  • Fixed delays applying profiles when the Puppet module is used in distributed scenarios.

  • Fixed a style issue in the filter host by status dropdown.

  • Fixed an issue when a user with gitops role was used to validate a configuration with fleetctl apply --dry-run.

  • Fixed jumping text on the host page label filter dropdown at low viewport widths.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4383798d4a91c0ed4fb057c370e86b21d5fba30acac3b220ca810c92350bf79b  fleetctl_v4.36.0_linux.tar.gz
4a84d774d070b494032a44781a7a48821ead27ef5c697c81112b3969a81f8273  fleet_v4.36.0_linux.tar.gz
674c8c64cda2f818c8ea09a0c6cb30a110561f21e61ab9da5f9e63ac4bbd8c4e  fleetctl_v4.36.0_macos.zip
a72e95bc5bf7f2c95172734ad5c420ceaaf9bffbb648a69edfada0dab054f0a8  fleetctl_v4.36.0_linux.zip
abe6ae5192e20e5926adb6a1c16cd0e23a77e52701ceb53e2b431358bbdae6ee  fleetctl_v4.36.0_macos.tar.gz
ef8a81b617b55dda21e80f0f9e276d765a3c56e0c37378c897337612206dfbb6  fleetctl_v4.36.0_windows.tar.gz
f142ca28c7c6ac61ede6453c56cbe8cf01d2302c078d194bfe7b68f8008fb229  fleetctl_v4.36.0_windows.zip
Assets 10
Loading

fleet-v4.35.2

10 Aug 18:32
@github-actions github-actions
fleet-v4.35.2
39feb96
Compare
Choose a tag to compare
fleet-v4.35.2

Changes

  • Fixed a bug in fleetctl that set the wrong Fleet URL in Windows installers.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

15dbea6acb8a23e8686b6240c4b0fe3260aa91b26a2494719d136ebdb4364dbf  fleet_v4.35.2_linux.tar.gz
224d7a47617a3906431c7d56e99a353321055d766a9f040a85346c5a354642f0  fleetctl_v4.35.2_linux.tar.gz
5679ba7b13dd8e2e8d276630d78c2e56ef34b1d1c5425fa80dc7de23e8e5e126  fleetctl_v4.35.2_windows.zip
6c5f649ad5575bc12c0068bca96e70223268494d3668c8196100946c4543fd59  fleetctl_v4.35.2_macos.zip
82f2f2b9e8fd88328fec470400f28b55dc76d1b2174860f56c36e153dd9bd225  fleetctl_v4.35.2_windows.tar.gz
a7539c3bd66832fc48624bffebd4764cf09c089cf69c310f864c5f66478aeee7  fleetctl_v4.35.2_macos.tar.gz
cbc6e6b7c8eb59c745c7f466cb71b06c99ff334d068a872fda2513644ea11eac  fleetctl_v4.35.2_linux.zip
Assets 10
Loading

fleet-v4.35.1

04 Aug 22:34
@github-actions github-actions
fleet-v4.35.1
8796316
Compare
Choose a tag to compare
fleet-v4.35.1

Changes

  • Fixed a migration to account for columns with NULL values as a result of either creating schedules via the API without providing all values or by a race condition with database replicas.

  • Fixed a bug that occurred when a user tried to create a custom query from the "query" action on a host's details page.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

18279aba31682213d7bcfbba07ef9d53b8c68951595398655035977f58432ad1  fleet_v4.35.1_linux.tar.gz
2e12aadc8cbdc83431da4581590887a786fb99280825376b131c5e632b6af4c1  fleetctl_v4.35.1_windows.zip
5122f8c829b959c6f16070ee88b7085bc3a738f80320f63187162dee04aa49da  fleetctl_v4.35.1_linux.zip
64393100ec0a7a772334e0b49bb6d853434bea329563ecc27b9d507c3e1cc0a2  fleetctl_v4.35.1_macos.zip
91ea672f80a90dbb9c5e070378d9dc3731f4c752c6fc5c8a8cfad108cc2af069  fleetctl_v4.35.1_linux.tar.gz
92251375d9fbfd7f4c9581ee5330d7ad35a2a5cb46afa5932100705cdef9db97  fleetctl_v4.35.1_macos.tar.gz
cad9a8eaca600a640301fb0b3ad486e604806f117050975c1fb0f367f4490b74  fleetctl_v4.35.1_windows.tar.gz
Assets 10
Loading

fleet-v4.35.0

01 Aug 16:55
@github-actions github-actions
fleet-v4.35.0
648b25b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.35.0

Changes

  • Combined the query and schedule features to provide a single interface for creating, scheduling, and tweaking queries at the global and team level.

  • Merged all functionality of the schedule page into the queries page.

  • Updated the save query modal to include scheduling-related fields.

  • Updated queries table schema to allow storing scheduling information and configuration in the queries table.

  • Users now able to manage scheduled queries using automations modal.

  • The osquery/config endpoint now includes scheduled queries for the host's team stored in the queries table.

  • Query editor now includes frequency and other advanced options.

  • Updated macOS MDM setup UI in Fleet UI.

  • Changed how team assignment works for the Puppet module, for more details see the README.

  • Allow the Puppet module to read different Fleet URL/token combinations for different environments.

  • Updated server logging for webhook requests to mask URL query values if the query param name includes "secret", "token", "key", "password".

  • Added support for Azure JWT tokens.

  • Set DeferForceAtUserLoginMaxBypassAttempts to 1 in the default FileVault profile installed by Fleet.

  • Added dark and light mode logo uploads and show the appropriate logo to the macOS MDM migration flow.

  • Added MSI installer deployement support through MS-MDM.

  • Added support for Windows MDM STS Auth Endpoint.

  • Added support for installing Fleetd after enrolling through Azure account.

  • Added support for MDM TOS endpoint.

  • Updated the "Platforms" column to the more explicit "Compatible with".

  • Improved delivery of Apple MDM profiles by not re-sending InstallProfile commands if a host switches teams but the profile contents are the same.

  • Improved error handling and messaging of SSO login during AEP(DEP) enrollments.

  • Improved the reporting of the Puppet module to only report as changed profiles that actually changed during a run.

  • Updated ingestion of host detail queries for MDM so hosts that report empty results are counted as "Off".

  • Upgraded Go version to v1.19.11.

  • If a policy was defined with an invalid query, the desktop endpoint now counts that policy as a failed policy.

  • Fixed issue where Orbit repeatedly tries to launch Nudge in the event of a launch error.

  • Fixed Observer + should be able to run any query by clicking create new query.

  • Fixed the styling of the initial setup flow.

  • Fixed URL used to check Gravatar network availability.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

21d5632e04f7ebf95e892be298abff9b6da692926a86a94b4b0170558d794164  fleetctl_v4.35.0_linux.tar.gz
4da40b3667932473a3918d83a073cd9c654432624ece8376820db3977ac10780  fleet_v4.35.0_linux.tar.gz
5a4f205ab275e680a9a6b6491d10b38646db6d7f6e36c88faae93f749e85d185  fleetctl_v4.35.0_windows.tar.gz
bbb043ea1bf976cfc0b25bb400f59589d3cc2ca107e5fee7b1b575905960f790  fleetctl_v4.35.0_linux.zip
c726ad0f5027f55323a8f0640daaf8f747e1f68dd3175842d282b28618c458e3  fleetctl_v4.35.0_macos.zip
e65b2c08f7fd7c970b5ea1c223ba39267509c4e6efeee4cd7c9d37a3ad999852  fleetctl_v4.35.0_windows.zip
fa11cdbf925b810dbfbd59640555a22bba88c2f0c67bd5beb4dbd6972517d77c  fleetctl_v4.35.0_macos.tar.gz
Assets 10
Loading

fleet-v4.34.1

17 Jul 20:45
@github-actions github-actions
fleet-v4.34.1
6ed9bb3
Compare
Choose a tag to compare
fleet-v4.34.1

Changes

  • Fixed Observer+ not being able to run some queries.

  • If a policy was defined with an invalid query, the desktop endpoint should count that policy as a failed policy.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4f8b240efa2fe5cb404372b529d726d5bfc358a6cb789e68ef0383195354e4cd  fleetctl_v4.34.1_linux.zip
8d95e1f5e1298dd7ea785a68f1bb318eff83acd8720b15b68312b092938c48db  fleetctl_v4.34.1_windows.zip
9958d777dacb2ec8b6e9a98bda3aa5024875da60ce7b5183839bfa69c832f550  fleetctl_v4.34.1_macos.tar.gz
a905a0fadecba778dc4fd1b309c8cb3613c81faf086edb6e09f1e245d567ea5f  fleetctl_v4.34.1_linux.tar.gz
c4bfc9f6b206783daba5d689c8ebc43d19e0888896c2c284952a5ba4561dcbc6  fleetctl_v4.34.1_macos.zip
e109127daa6697ee0883e01a5fde1618feee059a74f47cc4a3c69035e75dc5b4  fleetctl_v4.34.1_windows.tar.gz
eadd6f647b54106773e3cf5e98fd1dd73c4f1cc1088ea233b5d3b761ffc01af6  fleet_v4.34.1_linux.tar.gz
Assets 10
Loading

fleet-v4.34.0

12 Jul 19:14
@github-actions github-actions
fleet-v4.34.0
0bad4d5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.34.0

Changes

  • Added execution of programmatic Windows MDM enrollment on eligible devices when Windows MDM is enabled.

  • Microsoft MDM Enrollment Protocol: Added support for the RequestSecurityToken messages.

  • Microsoft MDM Enrollment Protocol: Added support for the DiscoveryRequest messages.

  • Microsoft MDM Enrollment Protocol: Added support for the GetPolicies messages.

  • Added enabled_windows_mdm and disabled_windows_mdm activities when a user turns on/off Windows MDM.

  • Added support to enable and configure Windows MDM and to notify devices that are able to programmatically enroll.

  • Added ability to turn Windows MDM on and off from the Fleet UI.

  • Added enable and disable Windows MDM activity UI.

  • Updated MDM detail query ingestion to switch MDM profiles from "verifying" or "verified" status to "failed" status when osquery reports that this profile is not installed on the host.

  • Added notification and execution of programmatic Windows MDM unenrollment on eligible devices when Windows MDM is disabled.

  • Added the FLEET_DEV_MDM_ENABLED environment variable to enable the Windows MDM feature during its development and beta period.

  • Added the mdm_enabled feature flag information to the response payload of the PATCH /config endpoint.

  • When creating a PolicySpec, return the proper HTTP status code if the team is not found.

  • Added CPEMatchingRule type, used for correcting false positives caused by incorrect entries in the NVD dataset.

  • Optimized macOS CIS query "Ensure Appropriate Permissions Are Enabled for System Wide Applications" (5.1.5).

  • Updated macOS CIS policies 5.1.6 and 5.1.7 to use a new fleetd table find_cmd instead of relying on the osquery file table to improve performance.

  • Implemented the privacy_preferences table for the Fleetd Chrome extension.

  • Warnings in fleetctl now go to stderr instead of stdout.

  • Updated UI for transferred hosts activity items.

  • Added Organization support URL input on the setting page organization info form.

  • Added improved ABM 400 error message to the UI.

  • Hide any osquery tables or columns from Fleet UI that has hidden set to true to match Fleet website.

  • Ignore casing in SAML response for display name. For example the display name attribute can be provided now as displayname or displayName.

  • Provide feedback to users when fleetctl login is using EMAIL and PASSWORD environment variables.

  • Added a new activity transferred_hosts created when hosts are transferred to a new team (or no team).

  • Added milliseconds to the timestamp of auto-generated team name when creating a new team in GET /mdm/apple/profiles/match.

  • Improved dashboard loading states.

  • Improved UI for selecting targets.

  • Made sure that all configuration profiles and commands are sent to devices if MDM is turned on, even if the device never turned off MDM.

  • Fixed bug when reading filevault key in osquery and created new Fleet osquery extension table to read the file directly rather than via filelines table.

  • Fixed UI bug on host details and device user pages that caused the software search to not work properly when searching by CVE.

  • Fixed not validating the schema used in the Metadata URL.

  • Fixed improper HTTP status code if SMTP is invalid.

  • Fixed false positives for iCloud on macOS.

  • Fixed styling of copy message when copying fields.

  • Fixed a bug where an empty file uploaded to POST /api/latest/fleet/mdm/apple/setup/eula resulted in a 500; now returns a 400 Bad Request.

  • Fixed vulnerability dropdown that was hiding if no vulnerabilities.

  • Fixed scroll behavior with disk encryption status.

  • Fixed empty software image in sandbox mode.

  • Fixed improper HTTP status code when fleet/forgot_password endpoint is rate limited.

  • Fixed MaxBurst limit parameter for fleet/forgot_password endpoint.

  • Fixed a bug where reading from the replica would not read recent writes when matching a set of MDM profiles to a team (the GET /mdm/apple/profiles/match endpoint).

  • Fixed an issue that displayed Nudge to macOS hosts if MDM was configured but MDM features weren't turned on for the host.

  • Fixed tooltip word wrapping on the error cell in the macOS settings table.

  • Fixed extraneous loading spinner rendering on the software page.

  • Fixed styling bug on setup caused by new font being much wider.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

56d71ec5b70c96309a459e6035c013b0d503e460c718f5b11c4062d3ce302ffd  fleetctl_v4.34.0_macos.tar.gz
72575600dc2febca97bc43bd79f996e779774b0c627bb347d1597be84c39e60c  fleetctl_v4.34.0_windows.tar.gz
8e19cf82fad83f78092f3d07e8da599f3a3793a1598d980f14f1c1ba1c69e9f1  fleetctl_v4.34.0_linux.zip
930c56dadcb274dd72093c08b7773c393ca659e3a42a704513b7791c1c3e7233  fleet_v4.34.0_linux.tar.gz
9ffd8464092fc5219f13f8f06cd0cd23a5c297f71b9efbcba42e0ff266d5d93a  fleetctl_v4.34.0_macos.zip
b29560f0a7d69c83358690a770e22ee5a10d165f253e737c8073fb043bca05fe  fleetctl_v4.34.0_linux.tar.gz
e78294392c69d06801722d2402b36dde5cd8c34c13d28d14ac25e5797a672f12  fleetctl_v4.34.0_windows.zip
Assets 10
Loading

fleet-v4.33.1

20 Jun 22:20
@github-actions github-actions
fleet-v4.33.1
b371b9c
Compare
Choose a tag to compare
fleet-v4.33.1

Changes

  • Fixed ChromeOS add host instructions to use variable Fleet URL.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

1d474ea7378b86a70744018790c6d8c4ff879feb5ba208a7a25473ccfb8e6cbb  fleetctl_v4.33.1_linux.zip
6b701f5b813ba99d206ec3e84509b9ba1cc0466a59b31065fbd81ca77c3c371c  fleetctl_v4.33.1_macos.tar.gz
74f64371e4aea1f3aec5091df2286545bd08b65af6cc54f9fc672796ab22a036  fleetctl_v4.33.1_macos.zip
7b90e720e17043d534551064f9c9e70d22abc2e3c0b2b12e40a83f094ee1711e  fleetctl_v4.33.1_windows.zip
c8f688a7a3edf06d6ac0f3cf1a119c5bda5c3643290830680b5fb842473fa872  fleetctl_v4.33.1_windows.tar.gz
cf2396ab47185b5870bcf07e2775fc1b8c6f2c2f3d22cdee3aab64c9f4cd47ca  fleet_v4.33.1_linux.tar.gz
e329e02f07c845519eedd8925129a25cf60d04b1d0fb663b1a879b756fe17c75  fleetctl_v4.33.1_linux.tar.gz
Assets 10
Loading

fleet-v4.33.0

13 Jun 17:20
@github-actions github-actions
fleet-v4.33.0
b5994e7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.33.0

Changes

  • Upgraded Go version to 1.19.10.

  • Added support for ChromeOS devices.

  • Added instructions to inform users how to add ChromeOS hosts.

  • Added ChromeOS details to the dashboard, manage hosts, and host details pages.

  • Added ability for users to create policies that target ChromeOS.

  • Added built-in label for ChromeOS.

  • Added query to fill in device_mapping from ChromeOS hosts.

  • Improved the performance of live query results rendering to address usability issues when querying tens of thousands of hosts.

  • Reduced size of live query websocket message by removing unused host data.

  • Added the POST /fleet/mdm/apple/profiles/preassign endpoint to store profiles to be assigned to a host for subsequent matching with an existing (or new) team.

  • Added the POST /fleet/mdm/apple/profiles/match endpoint to match pre-assigned profiles to an existing team or create one if needed, and assign the host to that team.

  • Updated GET /mdm/apple/profiles endpoint to return empty array instead of null if no profiles are found.

  • Improved ingestion of MDM devices from ABM:

    • If a device's operation_type is modified, but the device doesn't exist in Fleet yet, a DEP profile will be assigned to the device and a new record will be created in Fleet.
    • If a device's operation_type is deleted, the device won't be prompted to migrate to Fleet if the feature has been configured.

  • Added "Verified" profile status for profiles verified with osquery.

  • Added "Action required" status for disk encryption profile in UI for host details and device user pages.

  • Added UI for the end user authentication page for MDM macos setup.

  • Added new host detail query to verify MDM profiles and updated API to include verified status.

  • Added documentation in the guide for fleetctl get mdm-commands.

  • Moved post-DEP (automatic) MDM enrollment to a worker job for increased resiliency with retries.

  • Added better UI error for manual enroll MDM modal.

  • Updated GET /api/_version_/fleet/config to now omits fields smtp_settings and sso_settings if not set.

  • Added a response payload to the POST /api/latest/fleet/spec/teams contributor API endpoint so that it returns an object with a team_ids_by_name key which maps team names with their corresponding id.

  • Ensure we send post-enrollment commands to MDM devices that are re-enrolling after being wiped.

  • Added error message to UI when Redis disconnects during a live query session.

  • Optimized query used for listing activities on the dashboard.

  • Added ability for users to delete multiple pages of hosts.

  • Added ability to deselect label filter on host table.

  • Added support for value null on FLEET_JIT_USER_ROLE_GLOBAL and FLEET_JIT_USER_ROLE_TEAM_* SAML attributes. Fleet will accept and ignore such null attributes.

  • Deprecate enable_jit_role_sync setting and only change role for existing users if role attributes are set in the SAMLResponse.

  • Improved styling in sandbox mode.

  • Patched a potential security issue.

  • Improved icon clarity.

  • Fixed issues with the MDM migration flow.

  • Fixed a bug with applying team specs via fleetctl apply and updating a team via the PATCH /api/latest/fleet/mdm/teams/{id} endpoint so that the MDM updates settings (minimum_version and deadline) are not cleared if not provided in the payload.

  • Fixed table formatting for the output of fleetctl get mdm-command-results.

  • Fixed the /api/latest/fleet/mdm/apple_bm endpoint so that it returns 400 instead of 500 when it fails to authenticate with Apple's Business Manager API, as this indicates a Fleet configuration issue with the Apple BM certificate or token.

  • Fixed a bug that would show MDM URLs for the same server as different servers if they contain query parameters.

  • Fixed an issue preventing a user with the gitops role from applying some MDM settings via fleetctl apply (the macos_setup_assistant and bootstrap_package settings).

  • Fixed GET /api/v1/fleet/spec/labels/{name} endpoint so that it now includes the label id.

  • Fixed Observer/Observer+ role being able to see team secrets.

  • Fixed UI bug where inherited_page=0 was incorrectly added to some URLs.

  • Fixed misaligned icons in UI.

  • Fixed tab misalignment caused by new font.

  • Fixed dashed line styling on multiline activities.

  • Fixed a bug in the users table where users that are observer+ for all of more than one team were listed as "Various roles".

  • Fixed 500 error being returned if SSO session is not found.

  • Fixed issue with chrome_extensions virtual table not returning a path value on fleetd-chrome, which was breaking software ingestion.

  • Fixed bug with page navigation inside 'My Device' page.

  • Fixed a styling bug in the add hosts modal in sandbox mode.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

38fba86d16b314d12c22793917092fedd500037b87fbbd305031470d88dc99b4  fleet_v4.33.0_linux.tar.gz
85f665b67cbfb6dd7db86e4d7ba35f10043b49a10804d4cd9e6075ea32db8fa8  fleetctl_v4.33.0_linux.zip
a2eacd04dc430cffb1e3d30c5bfbd3d9374dcd7a2e4cc1294e177a75d6595ddf  fleetctl_v4.33.0_windows.zip
b8d55372d8ffb29f91a742de2cb858a71ef76e05e2b71587fe824b5af154b8dc  fleetctl_v4.33.0_windows.tar.gz
d3ee828910273d33ae01a3a198e11d5248834d9fa99b4d05360deb32464fc99f  fleetctl_v4.33.0_linux.tar.gz
35660a2ce4589432ac1e6a52ad004f01d1258e3afaac30fefdc02072f6d2db7d  fleetctl_v4.33.0_macos.tar.gz
95b7c1145660f3aa7b36079094afd441ecdbb12849ff24c542d8ca8bcab4f8e4  fleetctl_v4.33.0_macos.zip
Assets 10
Loading

fleet-v4.32.0

24 May 22:57
@github-actions github-actions
fleet-v4.32.0
9055564
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.32.0

Changes

  • Added support to add a EULA as part of the AEP/DEP unboxing flow.

  • DEP enrollments configured with SSO now pre-populate the username/fullname fields during account
    creation.

  • Integrated the macOS setup assistant feature with Apple DEP so that the setup assistants are assigned to the enrolled devices.

  • Re-assign and update the macOS setup assistants (and the default one) whenever required, such as
    when it is modified, when a host is transferred, a team is deleted, etc.

  • Added device-authenticated endpoint to signal the Fleet server to send a webhook request with the
    device UUID and serial number to the webhook URL configured for MDM migration.

  • Added UI for new automatic enrollment under the integration settings.

  • Added UI for end-user migration setup.

  • Changed macOS settings UI to always show the profile status aggregate data.

  • Revised validation errors returned for fleetctl mdm run-command.

  • Added mdm.macos_migration to app config.

  • Added PATCH /mdm/apple/setup endpoint.

  • Added enable_end_user_authentication to mdm.macos_setup in global app config and team config
    objects.

  • Now tries to infer the bootstrap package name from the URL on upload if a content-disposition header is not provided.

  • Added wildcards to host search so when searching for different accented characters you get more results.

  • Can now reorder (and bookmark) policy tables by failing count.

  • On the login and password reset pages, added email validation and fixed some minor styling bugs.

  • Ensure sentence casing on labels on host details page.

  • Fix 3 Windows CIS benchmark policies that had false positive results initally merged March 24.

  • Fix of Fleet Server returning a duplicate OS version for Windows.

  • Improved loading UI for disk encryption controls page.

  • The 'GET /api/v1/fleet/hosts/{id}' and 'GET /api/v1/fleet/hosts/identifier/{identifier}' now
    include the software installed path on their payload.

  • Third party vulnerability integrations now include the installed path of the vulnerable software
    on each host.

  • Greyed out unusable select all queries checkbox.

  • Added page header for macOS updates UI.

  • Back to queries button returns to previous table state.

  • Bookmarkable URLs are now source of truth for Manage Queries page table state.

  • Added mechanism to refetch MDM enrollment status of a host pending unenrollment (due to a migration to Fleet) at a high interval.

  • Made sure every modal in the UI conforms to a consistent system of widths.

  • Team admins and team maintainers cannot save/update a global policy so hide the save button when viewing or running a global policy.

  • Policy description has text area instead of one-line area.

  • Users can now see the filepath of software on a host.

  • Added version info metadata file to Windows installer.

  • Fixed a bug where policy automations couldn't be updated without a webhook URL.

  • Fixed tooltip misalignment on software page.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

014cc7b4e8646fb23a4f97db3e17a55c4b4eb764b096bdf4762a400bab705b12  fleet_v4.32.0_linux.tar.gz
3164b41ae33d792996505d5071259f4abc56de371238bb7f24efcc7fec594ee9  fleetctl_v4.32.0_macos.zip
8b7d95a0e84d7e6638bb15a3fb8b9a7fd29f5a6d9b1b76a6267132eef807b3ca  fleetctl_v4.32.0_linux.zip
95b59b4a119863daa72c5e4db2ed0e1c52c987232c5d8a571aa6c0bd9b1c09f8  fleetctl_v4.32.0_macos.tar.gz
98828cde489d75198217e920f7919d8060153058bebc9948bdfe84501e02afe7  fleetctl_v4.32.0_linux.tar.gz
c6d4e32c6b901d5b1a5cd645d80f4c199a95a4a764b6cc4f1a0820b760f9be39  fleetctl_v4.32.0_windows.tar.gz
ff51da0b537f5525fec741339510d89884bde08a8275eb4afb7b0dd84c7a3db8  fleetctl_v4.32.0_windows.zip
Assets 10
Loading