mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
Luke Heath
GitHub
parent
2b3acaed6a
commit
1032841800
77 changed files with 103 additions and 100 deletions
81
CHANGELOG.md
81
CHANGELOG.md
|
|
@ -1,3 +1,84 @@
|
|||
## Fleet 4.54.0 (Jul 17, 2024)
|
||||
|
||||
### Endpoint Operations
|
||||
|
||||
- Updated `fleetctl gitops` to be used to rename teams.
|
||||
- **NOTE:** `fleetctl gitops` needs to have previously run with this Fleet/fleetctl version or later.
|
||||
- The team name is changed if the YAML config is applied from the same filename as before.
|
||||
- Updated `fleetctl query --hosts` to work with hostnames, host UUIDs, and/or hardware serial numbers.
|
||||
- Added a host's upcoming scheduled maintenance window, if any, on the host details page of the UI and in host responses from the API.
|
||||
- Added support to `fleetctl debug connection` to test TLS connection with the embedded certs.pem in
|
||||
the fleetctl executable.
|
||||
- Added host's display name to calendar event descriptions.
|
||||
- Added .yml and .yaml file type validation and error message to `fleetctl apply`.
|
||||
- Added a tooltip to truncated text and not to untruncated values.
|
||||
|
||||
### Device Management (MDM)
|
||||
|
||||
- Added iOS/iPadOS builtin manual labels.
|
||||
- **NOTE:** Before migrating to this version, make sure to delete any labels with name "iOS" or "iPadOS".
|
||||
- Added aggregation of iOS/iPadOS OS versions.
|
||||
- Added change to custom profiles for iOS/iPadOS to go from 'pending' straight to 'verified' (skip 'verifying').
|
||||
- Added support for renewing SCEP certificates with custom enrollment profiles.
|
||||
- Added automatic install of `fleetd` when a host turns on MDM now uses the latest released `fleetd` version.
|
||||
- Added support for `END_USER_EMAIL` and `FLEET_DESKTOP` parameters to Windows MSI install package.
|
||||
- Added API changes to support the `labels_include_all` and `labels_exclude_any` fields (and accept the deprecated `labels` field as an alias for `labels_include_all`).
|
||||
- Added `fleetctl gitops` and `fleetctl apply` support for `labels_include_all` and `labels_exclude_any` to configure a custom setting.
|
||||
- Added UI for uploading custom profiles with a target of hosts that include all/exclude any selected labels.
|
||||
- Added the database migrations to create the new `exclude` column for labels associated with MDM profiles (and declarations).
|
||||
- Updated host script timeouts to be configurable via agent options using `script_execution_timeout`.
|
||||
- `fleetctl` now uses a polling mechanism when running `run-script` to accommodate longer script timeout values.
|
||||
- Updated the profile reconciliation logic to handle the new "exclude any" labels.
|
||||
- Updated so that the `fleetd` cleanup script for macOS that will return completed when run from Fleet.
|
||||
- Updated so that the `fleetd` uninstall script will return completed when run from Fleet.
|
||||
- Updated script run permissions -- only admins and maintainers can run arbitrary or saved scripts (not observer or observer+).
|
||||
- Updated `fleetctl get mdm_commands` to return 20 rows and support `--host` `--type` filters to improve response time.
|
||||
- Updated the instructions for manual MDM enrollment on the "My device" page to be clearer and align with Apple updates.
|
||||
- Updated UI to allow device users to reinstall self-service software.
|
||||
- Updated API to not return a 500 status code if a host sends a command response with an invalid command uuid.
|
||||
- Increased the timeout of the upload software installer endpoint to 4 minutes.
|
||||
- Disabled credential caching and reboot on Windows lock.
|
||||
|
||||
### Vulnerability Management
|
||||
|
||||
- Added "Vulnerable" filter to the host details software table.
|
||||
- Fixed Microsoft Office June 2024 false negative vulnerabilities and added custom vulnerability matching.
|
||||
- Fixed issue where some Windows applications were getting matched against Windows OS vulnerabilities.
|
||||
|
||||
### Bug fixes and improvements
|
||||
|
||||
- Updated Go version to go1.22.4.
|
||||
- Updated to render only one banner on the my device page based on priority order.
|
||||
- Updated software updated timestamp tooltip.
|
||||
- Removed DB error message from the UI when showing a error response.
|
||||
- Updated fleetctl get queries/labels/hosts descriptions.
|
||||
- Reinstated ability to sort policies by passing count.
|
||||
- Improved the accuracy of the heuristic used to deterimine if a host is connected to Fleet via MDM by using osquery data for hosts that didn't send a Checkout message.
|
||||
- Improved the matching of `pkg` installer files to existing software.
|
||||
- Improved extraction of application name from `pkg` installers.
|
||||
- Clarified various help and error texts around host identifiers.
|
||||
- Hid CTA on inherited queries/policies from team level users.
|
||||
- Hid query delete checkboxes from team observers.
|
||||
- Hid "Self-service" in Fleet Desktop and My device page if there is no self-service software available.
|
||||
- Hid the host detail page's "Run script" action from Global and Team Observer/+s.
|
||||
- Aligned the "View all hosts" links in the Software titles and versions tables.
|
||||
- Fixed counts for hosts with with low disk space in summary page.
|
||||
- Fixed allowing Observer and Observer+ roles to download software installers.
|
||||
- Fixed crash in `fleetd` installer on Windows if there are registry keys with special characters on the system.
|
||||
- Fixed `fleetctl debug connection` to support server TLS certificates with intermediates.
|
||||
- Fixed macOS declarations being stuck in "to be removed" state indefinitely.
|
||||
- Fixed link to `fleetd` uninstall instructions in "Delete device" modal.
|
||||
- Fixed exporting CSVs with fields that contain commas to render properly.
|
||||
- Fixed issue where the Fleet UI could not be used to renew the ABM token after the ABM user who created the token was deleted.
|
||||
- Fixed styling issues with the target inputs loading spinner on the run live query/policy page.
|
||||
- Fixed an issue where special characters in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall breaks the "installer_utils.ps1 -uninstallOrbit" step in the Windows MSI installer.
|
||||
- Fixed a bug causing "No Team" OS versions to display the wrong number.
|
||||
- Fixed various UI capitalizations.
|
||||
- Fixed UI issue where "Script is already running" tooltip incorrectly displayed when the script is not running.
|
||||
- Fixed the script details modal's error message on script timeout to reflect the newly dynamic script timeout limit, if hit.
|
||||
- Fixed a discrepancy in the spacing between DataSet labels and values on Firefox relative to other browsers.
|
||||
- Fixed bug that set `Added to Fleet` to `Never` after macOS hosts re-enrolled to Fleet via MDM.
|
||||
|
||||
## Fleet 4.53.1 (Jul 01, 2024)
|
||||
|
||||
### Bug fixes
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
* Update UI's delete secret link
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- `fleetctl gitops` can now be used to rename teams -- simply change the team name in the YAML file
|
||||
- The team name is changed if the YAML config is applied from the same filename as before
|
||||
- `fleetctl gitops` needs to have previously run with this Fleet/fleetctl version or later
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Show a host's upcoming scheduled maintenance window, if any, on the host details page of the UI
|
||||
and in host responses from the API.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fleet UI fixes: Hide CTA on inherited queries/policies from team level users
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
* Added the database migrations to create the new `exclude` column for labels associated with MDM profiles (and declarations).
|
||||
* Added the API changes to support the `labels_include_all` and `labels_exclude_any` fields (and accept the deprecated `labels` field as an alias for `labels_include_all`).
|
||||
* Added `fleetctl gitops` and `fleetctl apply` support for `labels_include_all` and `labels_exclude_any` to configure a custom setting.
|
||||
* Updated the profile reconciliation logic to handle the new "exclude any" labels.
|
||||
* Fix bug where macOS declarations were stuck in "to be removed" state indefinitely.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Maintenance window now scheduled weekly on Tuesdays (previously monthly on the third Tuesday of the month)
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Hide the host detail page's "Run script" action from Global and Team Observer/+s.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Updated script run permissions -- only admins and maintainers can run arbitrary or saved scripts (not observer or observer+)
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Update `fleetctl query --hosts` to work with hostnames, host UUIDs, and/or hardware serial numbers.
|
||||
- Clarify various help and error texts around host identifiers.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- `fleetctl get mdm_commands` now returns 20 rows and supports `--host` `--type` filters to improve response time
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Improve extraction of application name from `pkg` installers
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Improved the matching of `pkg` installer files to existing software
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Automatic install of `fleetd` when a host turns on MDM now uses the latest released `fleetd` version.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Added support for END_USER_EMAIL and FLEET_DESKTOP parameters to Windows MSI install package
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Add host's display name to calendar event descriptions
|
||||
|
|
@ -1 +0,0 @@
|
|||
- In maintenance windows using Google Calendar, calendar event is now recreated within 30 seconds if deleted or moved to the past.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Update empty state styles in 4 places, clean up
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Updated fleetctl get queries/labels/hosts descriptions.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fix UI capitalizations
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fleetd cleanup script for macOS will return completed if run from fleet
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Provided fleetd uninstall script will return when run through fleet
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Hide "Self-service" in Fleet Desktop and My device page if there is no self-service software available
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix exporting CSVs with fields that contain commas to render properly
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fix 3 UI bugs on the Software page
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Update software updated timestamp tooltip
|
||||
|
|
@ -1 +0,0 @@
|
|||
When osquery returns a serial number of -1 (default value), we keep the existing serial number in the database.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added support for renewing SCEP certificates with custom enrollment profiles.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Hide query delete checkboxes from team observers
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Updated Go version to go1.22.4
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
host script timeouts are now configurable via agent options using `script_execution_timeout`.
|
||||
`fleetctl` now uses a polling mechanism when running `run-script` to accommodate longer script
|
||||
timeout values.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Update the script details modal's error message on script timeout to reflect the newly dynamic
|
||||
script timeout limit, if hit.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed counts for hosts with with low disk space in summary page.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fix link to fleetd uninstall instructions in "Delete device" modal
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed crash in `fleetd` installer on Windows if there are registry keys with special characters on the system.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- Added iOS/iPadOS builtin manual labels. IMPORTANT: Before migrating to this version, make sure to delete any labels with name "iOS" or "iPadOS".
|
||||
- Added aggregation of iOS/iPadOS OS versions.
|
||||
- Added change to custom profiles for iOS/iPadOS to go from 'pending' straight to 'verified' (skip 'verifying').
|
||||
|
|
@ -1 +0,0 @@
|
|||
- fixed issue where some Windows applications were getting matched against Windows OS vulnerabilities
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Updates the instructions for manual MDM enrollment on the "My device" page to be clearer and align
|
||||
with Apple updates.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Adds back the "Vulnerable" filter for the host details software table
|
||||
|
|
@ -1 +0,0 @@
|
|||
* UI: Reinstate ability to sort policies by passing count
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Improved the accuracy of the heuristic used to deterimine if a host is connected to Fleet via MDM by using osquery data for hosts that didn't send a Checkout message.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed bug that set `Added to Fleet` to `Never` after macOS hosts re-enrolled to Fleet via MDM.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Add .yml and .yaml file type validation and error message to fleetctl apply
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Align the "View all hosts" links in the Software titles and versions tables.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Disable credential caching and reboot on Windows lock
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Updated UI to allow device users to reinstall self-service software.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix styling issues with the target inputs loading spinner on the run live query/policy page.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed a bug causing "No Team" os versions to display the wrong number
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI: Adds a tooltip to truncated text and not to untruncated values
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixed UI issue where "Script is already running" tooltip incorrectly displayed when the script is not running.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Increased the timeout of the upload software installer endpoint to 4 minutes.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Fixed a discrepancy in the spacing between DataSet labels and values on Firefox relative to other
|
||||
browsers.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Avoid returning a 500 status code if a host sends a command response with an invalid command uuid.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fixed issue where the Fleet UI could not be used to renew the ABM token after the ABM user who created
|
||||
the token was deleted.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Fixed `fleetctl debug connection` to support server TLS certificates with intermediates.
|
||||
* Added support to `fleetctl debug connection` to test TLS connection with the embedded certs.pem in the fleetctl executable (default root CA used to generate fleetd packages). This can help find issues during package generation instead of during package installation.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Bug fix: do not allow Observer and Observer+ roles to download software installers.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- addresses Microsoft Office June 2024 false negative vulnerabilities and adds custom vulnerability matching
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- add UI for uploading custom profiles with a target of hosts that include all/exclude
|
||||
any selected labels
|
||||
|
|
@ -1 +0,0 @@
|
|||
- remove DB error message from the UI when showing a error response.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- render only one banner on the my device page based on priority order.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixes an issue where special characters in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall breaks the "installer_utils.ps1 -uninstallOrbit" step in the Windows MSI installer
|
||||
|
|
@ -8,7 +8,7 @@ version: v6.2.0
|
|||
home: https://github.com/fleetdm/fleet
|
||||
sources:
|
||||
- https://github.com/fleetdm/fleet.git
|
||||
appVersion: v4.53.1
|
||||
appVersion: v4.54.0
|
||||
dependencies:
|
||||
- name: mysql
|
||||
condition: mysql.enabled
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
hostName: fleet.localhost
|
||||
replicas: 3 # The number of Fleet instances to deploy
|
||||
imageRepository: fleetdm/fleet
|
||||
imageTag: v4.53.1 # Version of Fleet to deploy
|
||||
imageTag: v4.54.0 # Version of Fleet to deploy
|
||||
podAnnotations: {} # Additional annotations to add to the Fleet pod
|
||||
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ variable "database_name" {
|
|||
|
||||
variable "fleet_image" {
|
||||
description = "the name of the container image to run"
|
||||
default = "fleetdm/fleet:v4.53.1"
|
||||
default = "fleetdm/fleet:v4.54.0"
|
||||
}
|
||||
|
||||
variable "software_inventory" {
|
||||
|
|
|
|||
|
|
@ -68,5 +68,5 @@ variable "redis_mem" {
|
|||
}
|
||||
|
||||
variable "image" {
|
||||
default = "fleet:v4.53.1"
|
||||
default = "fleet:v4.54.0"
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -24,7 +24,7 @@ variable "fleet_config" {
|
|||
vuln_processing_cpu = optional(number, 2048)
|
||||
vuln_data_stream_mem = optional(number, 1024)
|
||||
vuln_data_stream_cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.53.1")
|
||||
image = optional(string, "fleetdm/fleet:v4.54.0")
|
||||
family = optional(string, "fleet-vuln-processing")
|
||||
sidecars = optional(list(any), [])
|
||||
extra_environment_variables = optional(map(string), {})
|
||||
|
|
@ -82,7 +82,7 @@ variable "fleet_config" {
|
|||
vuln_processing_cpu = 2048
|
||||
vuln_data_stream_mem = 1024
|
||||
vuln_data_stream_cpu = 512
|
||||
image = "fleetdm/fleet:v4.53.1"
|
||||
image = "fleetdm/fleet:v4.54.0"
|
||||
family = "fleet-vuln-processing"
|
||||
sidecars = []
|
||||
extra_environment_variables = {}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -16,7 +16,7 @@ variable "fleet_config" {
|
|||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
pid_mode = optional(string, null)
|
||||
image = optional(string, "fleetdm/fleet:v4.53.1")
|
||||
image = optional(string, "fleetdm/fleet:v4.54.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
@ -120,7 +120,7 @@ variable "fleet_config" {
|
|||
mem = 512
|
||||
cpu = 256
|
||||
pid_mode = null
|
||||
image = "fleetdm/fleet:v4.53.1"
|
||||
image = "fleetdm/fleet:v4.54.0"
|
||||
family = "fleet"
|
||||
sidecars = []
|
||||
depends_on = []
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ variable "fleet_config" {
|
|||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
pid_mode = optional(string, null)
|
||||
image = optional(string, "fleetdm/fleet:v4.53.1")
|
||||
image = optional(string, "fleetdm/fleet:v4.54.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
@ -206,7 +206,7 @@ variable "fleet_config" {
|
|||
mem = 512
|
||||
cpu = 256
|
||||
pid_mode = null
|
||||
image = "fleetdm/fleet:v4.53.1"
|
||||
image = "fleetdm/fleet:v4.54.0"
|
||||
family = "fleet"
|
||||
sidecars = []
|
||||
depends_on = []
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ provider "aws" {
|
|||
}
|
||||
|
||||
locals {
|
||||
fleet_image = "fleetdm/fleet:v4.53.1"
|
||||
fleet_image = "fleetdm/fleet:v4.54.0"
|
||||
domain_name = "example.com"
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -170,7 +170,7 @@ variable "fleet_config" {
|
|||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
pid_mode = optional(string, null)
|
||||
image = optional(string, "fleetdm/fleet:v4.53.1")
|
||||
image = optional(string, "fleetdm/fleet:v4.54.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
@ -299,7 +299,7 @@ variable "fleet_config" {
|
|||
mem = 512
|
||||
cpu = 256
|
||||
pid_mode = null
|
||||
image = "fleetdm/fleet:v4.53.1"
|
||||
image = "fleetdm/fleet:v4.54.0"
|
||||
family = "fleet"
|
||||
sidecars = []
|
||||
depends_on = []
|
||||
|
|
|
|||
|
|
@ -63,8 +63,8 @@ module "fleet" {
|
|||
|
||||
fleet_config = {
|
||||
# To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror
|
||||
# for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.53.1"
|
||||
image = "fleetdm/fleet:v4.53.1" # override default to deploy the image you desire
|
||||
# for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.54.0"
|
||||
image = "fleetdm/fleet:v4.54.0" # override default to deploy the image you desire
|
||||
# See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling
|
||||
# memory and cpu.
|
||||
autoscaling = {
|
||||
|
|
|
|||
|
|
@ -218,7 +218,7 @@ variable "fleet_config" {
|
|||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
pid_mode = optional(string, null)
|
||||
image = optional(string, "fleetdm/fleet:v4.53.1")
|
||||
image = optional(string, "fleetdm/fleet:v4.54.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
@ -347,7 +347,7 @@ variable "fleet_config" {
|
|||
mem = 512
|
||||
cpu = 256
|
||||
pid_mode = null
|
||||
image = "fleetdm/fleet:v4.53.1"
|
||||
image = "fleetdm/fleet:v4.54.0"
|
||||
family = "fleet"
|
||||
sidecars = []
|
||||
depends_on = []
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "fleetctl",
|
||||
"version": "v4.53.1",
|
||||
"version": "v4.54.0",
|
||||
"description": "Installer for the fleetctl CLI tool",
|
||||
"bin": {
|
||||
"fleetctl": "./run.js"
|
||||
|
|
|
|||
Loading…
Reference in a new issue