mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
Adding changes for Fleet v4.49.0 (#18496)
This commit is contained in:
Luke Heath
GitHub
parent
56a26f5ef8
commit
2a1c19e26c
83 changed files with 65 additions and 97 deletions
51
CHANGELOG.md
51
CHANGELOG.md
|
|
@ -1,3 +1,54 @@
|
|||
## Fleet 4.49.0 (Apr 24, 2024)
|
||||
|
||||
### Endpoint operations
|
||||
|
||||
- Added integration with Google Calendar for policy compliance events.
|
||||
- Added new API endpoints to add/remove manual labels to/from a host.
|
||||
- Updated the `POST /api/v1/fleet/labels` and `PATCH /api/v1/fleet/labels/{id}` endpoints to support creation and update of manual labels.
|
||||
- Implemented changes in `fleetctl gitops` for batch processing queries and policies.
|
||||
- Enabled setting host status webhook at the team level via REST API and fleetctl apply/gitops.
|
||||
|
||||
### Device management (MDM)
|
||||
|
||||
- Added API functionality for creating DDM declarations, both individually and as a batch.
|
||||
- Added creation or update of macOS DDM profile to enforce OS Updates settings whenever the settings are changed.
|
||||
- Updated `fleetctl run-script` to include new `--team` and `--script-name` flags.
|
||||
- Displayed disk encryption status in macOS as "verifying" while verifying the escrowed key.
|
||||
- Added the `enable_release_device_manually` configuration setting for teams and no team, which controls the automatic release of a macOS DEP-enrolled device.
|
||||
- Updated the `POST /api/v1/fleet/hosts/:id/wipe` Fleet Premium API endpoint to support remote wiping a host.
|
||||
- Added the `enable_release_device_manually` configuration, which affects macOS automatic enrollment profile settings.
|
||||
|
||||
### Vulnerability management
|
||||
|
||||
- Ignored Valve Corporation's Steam client's vulnerabilities on Windows and macOS due to retrieval challenges of the true version.
|
||||
- Updated the GET fleet/os_versions and GET fleet/os_versions/[id] to restrict team users from accessing os versions on hosts from other teams.
|
||||
|
||||
### Bug fixes and improvements
|
||||
|
||||
- Upgraded Golang version to 1.21.7.
|
||||
- Added a minimum supported node version in the `package.json`.
|
||||
- Made block_id mismatch errors more informative as 400s instead of 500s.
|
||||
- Added Windows MDM support to the `osquery-perf` host-simulation command.
|
||||
- Updated calendar events automations to not show error validation on enabling the feature.
|
||||
- Migrated MDM-related endpoints to new paths while maintaining support for old endpoints indefinitely.
|
||||
- Added a missing database index to the MDM Windows enrollments table to improve performance at scale.
|
||||
- Added cross-platform check for duplicate MDM profiles names in batch set MDM profiles API.
|
||||
- Fixed a bug where Microsoft Edge was not reporting vulnerabilities.
|
||||
- Fixed an issue with the `20240327115617_CreateTableNanoDDMRequests` database migration.
|
||||
- Fixed the error message to indicate if a conflict on uploading an Apple profile was caused by the profile's name or its identifier.
|
||||
- Fixed license checks to allow migration and restoring DEP devices during trial.
|
||||
- Fixed a 500 error in MySQL 8 and when DB user has insufficient privileges for `fleetctl debug db-locks` and `fleetctl debug db-innodb-status`.
|
||||
- Fixed a bug where values not derived from "actual" fleetd-chrome tables were not being displayed correctly.
|
||||
- Fixed a bug where values were not being rendered in host-specific query reports.
|
||||
- Fixed an issue with automatic release of the device after setup when a DDM profile is pending.
|
||||
- Fixed UI issues: alignment bugs, padding around empty states, tooltip rendering, and incorrect rendering of the global Host status expiry settings page.
|
||||
- Fixed a bug where `null` or excluded `smtp_settings` caused a UI 500 error.
|
||||
- Fixed an issue where a bad request response from a 3rd party MDM solution would result in a 500 error in Fleet during MDM migration.
|
||||
- Fixed a bug where updating policy name could result in multiple policies with the same name in a team.
|
||||
- Fixed potential server panic when events are created with calendar integration, but then global calendar integration is disabled.
|
||||
- Fixed fleetctl gitops dry-run validation issues when enabling calendar integration for the first time.
|
||||
- Fixed a bug where all Windows MDM enrollments were detected as automatic.
|
||||
|
||||
## Fleet 4.48.3 (Apr 16, 2024)
|
||||
|
||||
### Bug fixes
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
- UI revamp: Run query on an online host
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Add filters by platform to select a new policy modal
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix a bug where all Windows MDM enrollments were detected as automatic
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Added Windows MDM support to the `osquery-perf` host-simulation command.
|
||||
* Added a missing database index to the MDM Windows enrollments table that will improve performance at scale.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- The Host Health API now includes failing policy counts
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Migrate MDM-related endpoints to new paths, deprecating (but still supporting indefinitely) the old endpoints.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI fix: users can see a tooltip on a disabled checkbox
|
||||
|
|
@ -1 +0,0 @@
|
|||
* When a live policy run finishes, display the percentages of passing and failing hosts to the user.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Reduced the number of 'Deadlock found' errors seen by the server when multiple hosts share the same UUID
|
||||
|
|
@ -1 +0,0 @@
|
|||
Reduced the number of 'Deadlock found' errors seen by the server when multiple hosts share the same UUID
|
||||
|
|
@ -1 +0,0 @@
|
|||
vulnerabilities.current_instance_checks=no is now an alias for vulnerabilities.disable_schedule=true
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added endpoints to add/remove manual labels to/from a host. `POST /api/v1/fleet/hosts/:id/labels` and `DELETE /api/v1/fleet/hosts/:id/labels`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixed issue where microsoft edge was not reporting vulnerabilities
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Made block_id mismatch errors more informative as 400s instead of 500s.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Visual Studio extensions added to Fleet's software inventory.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Query report is reset when there is a change to the selected platform or selected minimum osquery version
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fixing false negative vulnerabilities on macOS Homebrew python packages.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix a bug where `null` or excluded `smtp_settings` caused a UI 500.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fleet UI: Add hover states to clickable elements
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
Added integration with Google Calendar.
|
||||
- Fleet admins can enable Google Calendar integration by using a Google service account with domain-wide delegation.
|
||||
- Calendar integration is enabled at the team level for specific team policies.
|
||||
- If the policy is failing, a calendar event will be put on the host user's calendar for the 3rd Tuesday of the month.
|
||||
- During the event, Fleet will fire a webhook. IT admins should use this webhook to trigger a script or MDM command that will remediate the issue.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- `fleetctl gitops` now batch processes queries and policies
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fix a small alignment bug
|
||||
|
|
@ -1 +0,0 @@
|
|||
* UI fix of sql result sort for both string and numerical columns on live query results, live policy results, and query report
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- Adds a migration that removes the `script_contents` columns that aren't needed anymore due to the
|
||||
introduction of the `script_contents` table
|
||||
- Adds a cleanup cron job that will remove unused script contents periodically
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add env from secret/cm capability to helm charts
|
||||
|
|
@ -1 +0,0 @@
|
|||
For GET fleet/os_versions and GET fleet/os_versions/[id], team users no longer have access to os versions on hosts from other teams.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI: Surface fleet desktop and orbit version to the host details page
|
||||
|
|
@ -1 +0,0 @@
|
|||
In GET fleet/hosts/:id response, added orbit_version, fleet_desktop_version, and scripts_enabled fields.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Added the `enable_release_device_manually` configuration setting for a team and no team. **Note** that the macOS automatic enrollment profile cannot set the `await_device_configured` option anymore, this setting is controlled by Fleet via the new `enable_release_device_manually` option.
|
||||
* Automatically release a macOS DEP-enrolled device after enrollment commands and profiles have been delivered, unless `enable_release_device_manually` is set to `true`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Adds API functionality for creating DDM declarations, both individually and as a batch.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* macOS 14 and higher no longer display nudge notifications
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added creation or update of macOS DDM profile to enforce OS Updates settings whenever the settings are changed.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fix error state rendering on the global Host status expiry settings page, fix error state
|
||||
alignment for tooltip-wrapper field labels across organization settings.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Removed outdated tooltips from UI.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Added cross-platform check for duplicate MDM profiles names in batch set MDM profiles API.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixed a bug where OS version information would not get detected on Windows Server 2019
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixes an issue with Windows MDM profile processing where `<Add>` commands were being skipped.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix UI's ability to bulk delete hosts when "All teams" is selected
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fix flash message from closing when a modal closes
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixes UI bug to render the query platform correctly for queries imported from the standard query library
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix a bug where valid MDM enrollments would show up as unmanaged (EnrollmentState 3)
|
||||
|
|
@ -1 +0,0 @@
|
|||
In fleetctl debug db-locks (GET debug/db/locks) and fleetctl debug db-innodb-status (GET debug/db/innodb-status), fixed 500 error in MySQL 8 and when DB user has insufficient privileges.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI and website show hidden columns in schema with a note that they won't be returned by running select \* from table
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Added API to support resending MDM profiles.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Updated the `POST /api/v1/fleet/labels` and `PATCH /api/v1/fleet/labels/{id}` endpoints to support creation and update of manual labels.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI fix: styling of live query disabled warning
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fix a bug where values not derived from "actual" fleetd-chrome tables were not being displayed
|
||||
correctly (e.g., `SELECT 1` gets its value from the query itself, not a table)
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Styling bug fixes of host details page activities (Remove trailing dash line from last activity, Re-instate padding below last activity)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fixing potential server panic when events are created with calendar integration, but then global calendar integration is disabled.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed the error message so that it indicates if a conflict error on uploading an Apple profile was caused by the profile's name or its identifier.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix a bug where values were not being rendered in host-specific query reports.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI fix: padding around empty states of host details page
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
Ignoring Valve Corporation's Steam client's vulnerabilities on Windows and macOS
|
||||
- On Windows and macOS, the true version of the Steam client (like 2021-04-10) cannot be retrieved by standard methods used on other software. We would need to create custom logic to retrieve the version of the Steam client.
|
||||
- Steam client automatically updates itself, so security risk is somewhat mitigated.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed an issue with the `20240327115617_CreateTableNanoDDMRequests` database migration where it could fail if the database did not default to the `utf8mb4_unicode_ci` collation.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed an issue with automatic release of the device after setup when a DDM profile is pending.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Update calendar events automations to not show error validation on enabling the feature
|
||||
|
|
@ -1 +0,0 @@
|
|||
* UI Fix to Show schema button location
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fixed fleetctl gitops dry-run validation issues when enabling calendar integration for the first time.
|
||||
|
|
@ -1 +0,0 @@
|
|||
For calendar integration, calendar event no longer created when policy has an invalid SQL query.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add ddm activities to the fleet UI
|
||||
|
|
@ -1 +0,0 @@
|
|||
- update UI to support macos DDM profiles.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- change UI on OS Updates page to show new nudge for macos DDM
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fixed issue where getting host details failed when attempting to read the host's bitlocker status
|
||||
from the datastore.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add UI for resending a profile for a host on the host details page in the OS Settings modal
|
||||
|
|
@ -1 +0,0 @@
|
|||
- implement manual labels in fleet UI
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- update styling of os settings modal table to have all cells have the same width and have content
|
||||
truncated when needed.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- fix issue with downloading manual enrollment profile on the my device page
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed license checks to allow migration and restoring DEP devices during trial
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add a minimum supported node version in the package.json
|
||||
|
|
@ -8,7 +8,7 @@ version: v6.0.2
|
|||
home: https://github.com/fleetdm/fleet
|
||||
sources:
|
||||
- https://github.com/fleetdm/fleet.git
|
||||
appVersion: v4.48.3
|
||||
appVersion: v4.49.0
|
||||
dependencies:
|
||||
- name: mysql
|
||||
condition: mysql.enabled
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# All settings related to how Fleet is deployed in Kubernetes
|
||||
hostName: fleet.localhost
|
||||
replicas: 3 # The number of Fleet instances to deploy
|
||||
imageTag: v4.48.3 # Version of Fleet to deploy
|
||||
imageTag: v4.49.0 # Version of Fleet to deploy
|
||||
podAnnotations: {} # Additional annotations to add to the Fleet pod
|
||||
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ variable "database_name" {
|
|||
|
||||
variable "fleet_image" {
|
||||
description = "the name of the container image to run"
|
||||
default = "fleetdm/fleet:v4.48.3"
|
||||
default = "fleetdm/fleet:v4.49.0"
|
||||
}
|
||||
|
||||
variable "software_inventory" {
|
||||
|
|
|
|||
|
|
@ -68,5 +68,5 @@ variable "redis_mem" {
|
|||
}
|
||||
|
||||
variable "image" {
|
||||
default = "fleet:v4.48.3"
|
||||
default = "fleet:v4.49.0"
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -13,7 +13,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.48.3")
|
||||
image = optional(string, "fleetdm/fleet:v4.49.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.48.3")
|
||||
image = optional(string, "fleetdm/fleet:v4.49.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ provider "aws" {
|
|||
}
|
||||
|
||||
locals {
|
||||
fleet_image = "fleetdm/fleet:v4.48.3"
|
||||
fleet_image = "fleetdm/fleet:v4.49.0"
|
||||
domain_name = "example.com"
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -167,7 +167,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.48.3")
|
||||
image = optional(string, "fleetdm/fleet:v4.49.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -59,8 +59,8 @@ module "fleet" {
|
|||
|
||||
fleet_config = {
|
||||
# To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror
|
||||
# for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.48.3"
|
||||
image = "fleetdm/fleet:v4.48.3" # override default to deploy the image you desire
|
||||
# for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.49.0"
|
||||
image = "fleetdm/fleet:v4.49.0" # override default to deploy the image you desire
|
||||
# See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling
|
||||
# memory and cpu.
|
||||
autoscaling = {
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.48.3")
|
||||
image = optional(string, "fleetdm/fleet:v4.49.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "fleetctl",
|
||||
"version": "v4.48.3",
|
||||
"version": "v4.49.0",
|
||||
"description": "Installer for the fleetctl CLI tool",
|
||||
"bin": {
|
||||
"fleetctl": "./run.js"
|
||||
|
|
|
|||
Loading…
Reference in a new issue