mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
Prepare Fleet v4.74.0 (#33579)
This commit is contained in:
Luke Heath
GitHub
parent
1089fd6564
commit
53b3479d94
54 changed files with 68 additions and 63 deletions
62
CHANGELOG.md
62
CHANGELOG.md
|
|
@ -1,3 +1,65 @@
|
|||
## Fleet 4.73.0 (Oct 1, 2025)
|
||||
|
||||
### Security Engineers
|
||||
- Added support for Hydrant as a Certificate Authority and added an experimental API that can be used to have Fleet request a certificate from a Hydrant.
|
||||
- Added a check to disallow FLEET_SECRET variables in Apple configuration profile `<PayloadDisplayName>` fields for security.
|
||||
- Added `/batch/{batch_execution_id:[a-zA-Z0-9-]+}/host-results` API endpoint to list hosts targeted in batch.
|
||||
- Added `POST /api/v1/fleet/configuration_profiles/batch` API endpoint to batch modify MDM configuration profiles.
|
||||
- Added a new page in the UI for batch script run details.
|
||||
- Added support for AWS RDS (MySQL) IAM authentication.
|
||||
- Added support for AWS ElastiCache (Redis) IAM authentication.
|
||||
|
||||
### IT Admins
|
||||
- Added setup experience software items for Linux devices.
|
||||
- Added API endpoints for Linux setup experience.
|
||||
- Device API endpoints for fleetd: `POST /api/fleet/orbit/setup_experience/init` and `POST /api/v1/fleet/device/{token}/setup_experience/status`.
|
||||
- `PUT /api/v1/fleet/setup_experience/software` and `GET /api/v1/fleet/setup_experience/software` now have a `platform` argument (`linux` or `macos`, defaults to `macos`).
|
||||
- Added IdP `fullname` attribute as a valid Fleet variable for Apple configuration profiles.
|
||||
- Added the username of the managed user account user-scoped profiles are delivered to for macOS hosts.
|
||||
- Enabled configuring webhook and ticket policy (Jira/Zendesk) automations for "No team".
|
||||
- Added support for writing multiple packages in a single GitOps YAML file included under `software.packages`.
|
||||
- Moved `self_service`, `labels_include_any`, `labels_exclude_any`, `categories`, and `setup_experience` declarations to team level for software in GitOps; `setup_experience` can now be set on a software package, Fleet Maintained App, or App Store app.
|
||||
- Changed `GET /host/:id` to return an empty array for `software` field when `exclude_software=true`.
|
||||
- Updated `generate-gitops` command to output filenames with emojis and other special characters where applicable.
|
||||
- Added a Fleet-maintained app for macOS: Omnissa Horizon Client.
|
||||
- Added opening instructions to self-service macOS apps and Windows programs.
|
||||
|
||||
### Other improvements and bug fixes
|
||||
- Added index to `distributed_query_campaign_targets` table to speed up DB performance for live queries.
|
||||
> **WARNING:** For deployments with millions of rows in `distributed_query_campaign_targets`, the database migration to add the index may take significant time. We recommend testing migration duration in a staging environment first. The initial cleanup of old campaign targets will occur progressively over multiple hours to avoid database overload.
|
||||
- Added clean up of live query campaign targets 24 hours after campaign completion. This keeps the DB size in check for performance of large and frequent live query campaigns.
|
||||
- Improved OpenTelemetry integration to add tracing to async tasks (host seen, labels, policies, query stats) and improve HTTP span naming, enabled gzip compression, reduced batch size to prevent gRPC errors.
|
||||
- Updated output from `packages_only=true` so that it only returns software with available installers.
|
||||
- Added tarballs summary card back into UI.
|
||||
- Improved the sorting of batch scripts in the Batch Progress UI. Batches in the "started" state now sort by started date, and batches in the "finished" state now sort by the finished date.
|
||||
- Removed inaccurate host count timestamp on the software version details page.
|
||||
- Downgraded "distributed query is denylisted" error to a warning on the Fleet server since this message indicates a likely issue on the host and not the server. We will surface this issue in the UI in the future.
|
||||
- Improved performance for YARA rules: when modifying config (`PATCH /api/latest/fleet/config`) with a large number of yara rules and when large numbers of hosts fetch rules via /api/osquery/yara/{name} endpoint.
|
||||
- Improved performance when updating multiple policies in the UI. The policies are now updated in series to reduce server/DB load.
|
||||
- Added user icon to OS settings custom profiles on host details page if they are user scoped.
|
||||
- Added clearer error messages when a new password doesn't meet the password criteria.
|
||||
- Removed extra spacing from under disk encryption table.
|
||||
- Updated `fleetctl get mdm-command-results` to show output in a vertical format instead of a table.
|
||||
- Refactored ApplyQueries DS method so that queries are upserted in batches, this was done to avoid deadlocks during large gitops runs.
|
||||
- Refactored the way failing policies are computed on host details endpoint to avoid discrepancies due to read replica delays and async computation.
|
||||
- Refactored PATH fleet/config endpoint to use the primary DB node for both persisting changes and fetching modified App Config.
|
||||
- Fixed missing ticket integration options in Policies -> Other workflows modal for teams.
|
||||
- Fixed deduplicating bug in UI to only count unique vulns when counting software title vulnerabilities across versions in various software title vulnerabilities count, and host software title vulnerabilities count.
|
||||
- Fixed cases where the default auto-install policy for .deb packages would treat installed-then-uninstalled software as still installed.
|
||||
- Fixed the message rendered from user_failed_login global activities on the Activity feed if the email is not specified.
|
||||
- Fixed fleetctl printing binary data to terminal in debug mode.
|
||||
- Fixed a bug where incorrect CVEs were received from MSRC feed.
|
||||
- Fixed Fleet-installed host count not updating after software is installed over an older version.
|
||||
- Fixed UI issue in the Dashboard page. The software card is now rendered while content is been fetched to avoid the layout to jump around.
|
||||
- Fixed error when updating a script to exactly match the contents of another script.
|
||||
- Fixed an issue where string concatenations in a LIKE expression caused a syntax error in the query editor.
|
||||
- Fixed `fleetctl gitops` issue uploading an Apple configuration profile with a FLEET_SECRET in a `<data>` field.
|
||||
- Fixed Linux lock script on Ubuntu with GDM to now switch UI to text mode to work around GUI issues.
|
||||
- Fixed Google Cloud Storage (GCS) support broken since Fleet 4.71.0 by implementing a workaround for AWS Go SDK v2 signature compatibility issues with GCS endpoints.
|
||||
- Fixed banner link colors in UI.
|
||||
- Fixed an alignment issue on the My device page.
|
||||
- Fix deadlocks when updating automations for 10+ policies at one time.
|
||||
|
||||
## Fleet 4.73.3 (Sep 26, 2025)
|
||||
|
||||
### Bug fixes
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
- Added support for AWS RDS (MySQL) IAM authentication
|
||||
- Added support for AWS ElastiCache (Redis) IAM authentication
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fleet UI: Fixed bug deduplicating to only count unique vulns when counting software title vulnerabilities across versions in various software title vulnerabilities count, and host software title vulnerabilities count
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Refactored ApplyQueries DS method so that queries are upserted in batches, this was done to avoid deadlocks during large gitops runs.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added support for Hydrant as a Certificate Authority and added an experimental API that can be used to have Fleet request a certificate from a CA(only supporting Hydrant at this time)
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Refactored the way failing policies are computed on Host end-point to avoid discrepancies due to read replica delays and async computation.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed cases where the default auto-install policy for .deb packages would treat installed-then-uninstalled software as still installed
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Improved performance for YARA rules: when modifying config (PATCH /api/latest/fleet/config) with a large number of yara rules and when large numbers of hosts fetch rules via /api/osquery/yara/{name} endpoint.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Moved `self_service`, `labels_include_any`, `labels_exclude_any`, `categories`, and `setup_experience` declarations to team level for software in GitOps; `setup_experience` can now be set on a software package, Fleet Maintained App, or App Store app.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fleet UI: Added opening instructions to self-service macOS apps and Windows programs
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed fleet installed host count not updating after software is installed over an older version.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Added support for writing multiple packages in a single GitOps YAML file included under `software.packages`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixed an issue where string concatenations in a LIKE expression caused a syntax error in the query editor.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added IdP fullname attribute as a valid fleet variable for Apple configuration profiles
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the username of the managed user account user-scoped profiles are delivered to for macOS hosts
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fix deadlocks when updating automations for 10+ policies at one time
|
||||
|
|
@ -1 +0,0 @@
|
|||
When updating multiple policies in the UI, the policies are now updated in series to reduce server/DB load.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Updated `generate-gitops` command to output filenames with emojis and other special characters where applicable
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Implement a new page for batch script run details
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Allow configuring webhook and ticket policy (Jira/Zendesk) automations for "No team"
|
||||
* If using the FLEET_PARTNERSHIPS_ENABLE_PRIMO feature, please set FLEET_PARTNERSHIPS_ENABLE_PRIMO=1 environment variable before running database migrations (e.g., `fleet prepare db`). This one-time migration copies the failing policy webhook/ticket configurations from "All teams" to "No team". If migrations run without this environment variable, the migration is marked applied and won't copy settings later.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Linux lock script on Ubuntu with GDM now switches UI to text mode to work around GUI issues.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed the message rendered from user_failed_login global activities on the Activity feed if the email is not specified.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Fixed UI issue in the Dashboard page. The software card is now rendered while content is been fetched to avoid the layout
|
||||
to jump around.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
* Added clean up of live query campaign targets 24 hours after campaign completion. This keeps the DB size in check for performance of large and frequent live query campaigns.
|
||||
* Added index to distributed_query_campaign_targets table to speed up DB performance for live queries.
|
||||
> **Warning:** For deployments with millions of rows in `distributed_query_campaign_targets`, the database migration to add the index may take significant time. We recommend testing migration duration in a staging environment first. The initial cleanup of old campaign targets will occur progressively over multiple hours to avoid database overload.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed a bug where incorrect CVEs were received from MSRC feed.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fixed `fleetctl gitops` issue uploading an Apple configuration profile with a FLEET_SECRET in a `<data>` field.
|
||||
- Added a check to disallow FLEET_SECRET variables in Apple configuration profile `<PayloadDisplayName>` fields for security.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Added "list hosts targeted in batch script" API
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed error when updating a script to exactly match the contents of another script.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Output from packages_only=true returns software with available installers.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fleet UI: Removes inaccurate host count time stamp on the software version details page
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fleet UI: Re-added tarballs summary card
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixed fleetctl printing binary data to terminal in debug mode
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Remove extra spacing from under disk encryption table
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Added clearer error messages when a new password doesn't meet the password criteria.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fleet UI: Fixed banner link colors
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Implement setup experience software for Linux
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- Added API endpoints for Linux setup experience.
|
||||
- Device API endpoints for fleetd: `POST /api/fleet/orbit/setup_experience/init` and `POST /api/v1/fleet/device/{token}/setup_experience/status`
|
||||
- `PUT /api/v1/fleet/setup_experience/software` and `GET /api/v1/fleet/setup_experience/software` now have a `platform` argument (`linux` or `macos`, defaults to `macos`).
|
||||
|
|
@ -1 +0,0 @@
|
|||
Downgraded "distributed query is denylisted" error to a warning on the Fleet server since this message indicates a likely issue on the host and not the server. We will surface this issue in the UI in the future.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Minor OpenTelemetry improvements: added tracing to async tasks (host seen, labels, policies, query stats). Improved HTTP span naming, enabled gzip compression, reduced batch size to prevent gRPC errors.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed missing ticket integration options in Policies -> Other workflows modal for teams.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the Fleet-maintained app for macOS: Omnissa Horizon Client.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Improved the sorting of batch scripts in the Batch Progress UI. Batches in the "started" state now sort by started date, and batches in the "finished" state now sort by the finished date.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed Google Cloud Storage (GCS) support broken since Fleet 4.71.0 by implementing a workaround for AWS Go SDK v2 signature compatibility issues with GCS endpoints.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix an alignment issue on the My device page
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Changed `GET /host/:id` to return an empty array for `software` field when exclude_software=true
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add public endpoint to batch modify mdm config profiles
|
||||
|
|
@ -1 +0,0 @@
|
|||
- integrates the new cert authoities API on the frontend.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- add user icon to os settings custom profiles on host details page if they are user scoped
|
||||
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Updated `fleetctl get mdm-command-results` to show output in a vertical format instead of a table.
|
||||
|
|
@ -4,11 +4,11 @@ name: fleet
|
|||
keywords:
|
||||
- fleet
|
||||
- osquery
|
||||
version: v6.6.17
|
||||
version: v6.6.18
|
||||
home: https://github.com/fleetdm/fleet
|
||||
sources:
|
||||
- https://github.com/fleetdm/fleet.git
|
||||
appVersion: v4.73.3
|
||||
appVersion: v4.74.0
|
||||
dependencies:
|
||||
- name: mysql
|
||||
condition: mysql.enabled
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
hostName: fleet.localhost
|
||||
replicas: 3 # The number of Fleet instances to deploy
|
||||
imageRepository: fleetdm/fleet
|
||||
imageTag: v4.73.3 # Version of Fleet to deploy
|
||||
imageTag: v4.74.0 # Version of Fleet to deploy
|
||||
# imagePullSecrets is optional.
|
||||
# imagePullSecrets:
|
||||
# - name: docker
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ variable "database_name" {
|
|||
|
||||
variable "fleet_image" {
|
||||
description = "the name of the container image to run"
|
||||
default = "fleetdm/fleet:v4.73.3"
|
||||
default = "fleetdm/fleet:v4.74.0"
|
||||
}
|
||||
|
||||
variable "software_inventory" {
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ variable "redis_mem" {
|
|||
}
|
||||
|
||||
variable "image" {
|
||||
default = "fleetdm/fleet:v4.73.3"
|
||||
default = "fleetdm/fleet:v4.74.0"
|
||||
|
||||
variable "software_installers_bucket_name" {
|
||||
default = "fleet-software-installers"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "fleetctl",
|
||||
"version": "v4.73.3",
|
||||
"version": "v4.74.0",
|
||||
"description": "Installer for the fleetctl CLI tool",
|
||||
"bin": {
|
||||
"fleetctl": "./run.js"
|
||||
|
|
|
|||
Loading…
Reference in a new issue