diff --git a/.github/workflows/dogfood-deploy.yml b/.github/workflows/dogfood-deploy.yml
index a7988e63ca..0bffe13913 100644
--- a/.github/workflows/dogfood-deploy.yml
+++ b/.github/workflows/dogfood-deploy.yml
@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
     inputs:
       DOCKER_IMAGE:
-        description: 'The full name of the docker image to be deployed. (e.g. fleetdm/fleet:v4.28.1)'
+        description: 'The full name of the docker image to be deployed. (e.g. fleetdm/fleet:v4.29.0)'
         required: true
 
 # This allows a subsequently queued workflow run to interrupt previous runs
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1bf7269f05..d5fd49df99 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,105 @@
+## Fleet 4.29.0 (Mar 22, 2023)
+
+* Added implementation of Fleetd for Chrome.
+
+* Added the `mdm.macos_settings.enable_disk_encryption` option to the `fleetctl apply` configuration
+  files of "config" and "team" kind as a Fleet Premium feature.
+
+* Added `mdm.macos_settings.disk_encryption` and `mdm.macos_settings.action_required` status fields in the response for a single host (`GET /hosts/{id}` and `GET /device/{token}` endpoints).
+
+* Added MDM solution name to `host.mdm`in API responses.
+
+* Added support for fleetd to enroll a device using its serial number (in addition to its system
+  UUID) to help avoid host-matching issues when a host is first created in Fleet via the MDM
+  automatic enrollment (Apple Business Manager).
+
+* Added ability to filter data under the Hosts tab by the aggregate status of hosts' MDM-managed macos
+settings.
+
+* Added activity feed items for enabling and disabling disk encryption with MDM.
+
+* Added FileVault banners on the Host Details and My Device pages.
+
+* Added activities for when macOS disk encryption setting is enabled or disabled.
+
+* Added UI for fleet mdm managed disk encryption toggling and the disk encryption aggregate data.
+
+* Added support to update a team's disk encryption via the Modify Team (`PATCH /api/latest/fleet/teams/{id}`) endpoint.
+
+* Added a new API endpoint to gate access to an enrollment profile behind Okta authentication.
+
+* Added new configuration values to integrate Okta in the DEP MDM flow.
+
+* Added `GET /mdm/apple/profiles/summary` endpoint.
+
+* Updated API endpoints that use `team_id` query parameter so that `team_id=0`
+  filters results to include only hosts that are not assigned to any team.
+
+* Adjusted the `aggregated_stats` table to compute and store statistics for "no team" in addition to
+  per-team and for all teams.
+
+* Added MDM profiles status filter to hosts endpoints.
+
+* Added indicators of aggregate host count for each possible status of MDM-enforced mac settings
+  (hidden until 4.30.0).
+
+* As part of JIT provisioning, read user roles from SAML custom attributes.
+
+* Added Win 10 policies for CIS Benchmark 18.x.
+
+* Added Win 10 policies for CIS Benchmark 2.3.17.x.
+
+* Added Win 10 policies for CIS Benchmark 2.3.10.x.
+
+* Documented CIS Windows10 Benchmarks 9.2.x to cis policy queries.
+
+* Document CIS Windows10 Benchmarks 9.3.x to cis policy queries.
+
+* Added button to show query on policy results page.
+
+* Run periodic cleanup of pending `cron_stats` outside the `schedule` package to prevent Fleet outages from breaking cron jobs.
+
+* Added an invitation for users to upgrade to Premium when viewing the Premium-only "macOS updates"
+  feature.
+
+* Added an icon on the policy table to indicate if a policy is marked critical.
+
+* Added `"instanceID"` (aka `owner` of `locks`) to `schedule` logging (to help troubleshooting when
+  running multiple Fleet instances).
+
+* Introduce UUIDs to Fleet errors and logs.
+
+* Added EndeavourOS, Manjaro, openSUSE Leap and Tumbleweed to HostLinuxOSs.
+
+* Global observer can view settings for all teams.
+
+* Team observers can view the team's settings.
+
+* Updated translation rules so that Docker Desktop can be mapped to the correct CPE.
+
+* Pinned Docker image hashes in Dockerfiles for increased security.
+
+* Remove the `ATTACH` check on SQL osquery queries (osquery bug fixed a while ago in 4.6.0).
+
+* Don't return internal error information on Fleet API requests (internal errors are logged to stderr).
+
+* Fixed an issue when applying the configuration YAML returned by `fleetctl get config` with
+  `fleetctl apply` when MDM is not enabled.
+
+* Fixed a bug where `fleetctl trigger` doesn't release the schedule lock when the triggered run
+  spans the regularly scheduled interval.
+
+* Fixed a bug that prevented starting the Fleet server with MDM features if Apple Business Manager
+  (ABM) was not configured.
+
+* Fixed incorrect MDM-related settings documentation and payload response examples.
+
+* Fixed bug to keep team when clicking on policy tab twice.
+
+* Fixed software table links that were cutting off tooltip.
+
+* Fixed authorization action used on host/search endpoint.
+
 ## Fleet 4.28.1 (March 14, 2023) 
 
 * Fixed a bug that prevented starting the Fleet server with MDM features if Apple Business Manager (ABM) was not configured.
diff --git a/changes/10137-show-query-policy-results b/changes/10137-show-query-policy-results
deleted file mode 100644
index 9c8a8be4c5..0000000000
--- a/changes/10137-show-query-policy-results
+++ /dev/null
@@ -1 +0,0 @@
-- Add button to show query on policy results page
diff --git a/changes/10138-cis-win10-9-3-x b/changes/10138-cis-win10-9-3-x
deleted file mode 100644
index dab01ffd1c..0000000000
--- a/changes/10138-cis-win10-9-3-x
+++ /dev/null
@@ -1 +0,0 @@
-- Document CIS Windows10 Benchmarks 9.3.x to cis policy queries
diff --git a/changes/10147-cis-win-10-18.x.x b/changes/10147-cis-win-10-18.x.x
deleted file mode 100644
index d2d8860d99..0000000000
--- a/changes/10147-cis-win-10-18.x.x
+++ /dev/null
@@ -1 +0,0 @@
-- Add Win 10 policies for CIS Benchmark 18.x
diff --git a/changes/10228-okta-config-values b/changes/10228-okta-config-values
deleted file mode 100644
index 6b43e11359..0000000000
--- a/changes/10228-okta-config-values
+++ /dev/null
@@ -1 +0,0 @@
-* Added new configuration values to integrate Okta in the DEP MDM flow.
diff --git a/changes/10271-dep-okta b/changes/10271-dep-okta
deleted file mode 100644
index a67d9ca735..0000000000
--- a/changes/10271-dep-okta
+++ /dev/null
@@ -1 +0,0 @@
-* Added a new API endpoint to gate access to an enrollment profile behind Okta authentication.
diff --git a/changes/10324-upsell-state b/changes/10324-upsell-state
deleted file mode 100644
index 58b4e6195f..0000000000
--- a/changes/10324-upsell-state
+++ /dev/null
@@ -1,2 +0,0 @@
-- Add an invitation for users to upgrade to Premium when viewing the Premium-only "macOS updates"
-  feature.
diff --git a/changes/10378-remove-attach-check b/changes/10378-remove-attach-check
deleted file mode 100644
index df83531c89..0000000000
--- a/changes/10378-remove-attach-check
+++ /dev/null
@@ -1 +0,0 @@
-* Remove the `ATTACH` check on SQL osquery queries (osquery bug fixed a while ago in 4.6.0)
diff --git a/changes/10441-collations b/changes/10441-collations
deleted file mode 100644
index c26ed7743c..0000000000
--- a/changes/10441-collations
+++ /dev/null
@@ -1 +0,0 @@
-* Added a migration to ensure all tables in the database use the same collation (`utf8mb4_unicode_ci`)
diff --git a/changes/10456-add-more-distros-to-hostlinuxoss b/changes/10456-add-more-distros-to-hostlinuxoss
deleted file mode 100644
index 35bb28ae96..0000000000
--- a/changes/10456-add-more-distros-to-hostlinuxoss
+++ /dev/null
@@ -1 +0,0 @@
-* Added EndeavourOS, Manjaro, openSUSE Leap and Tumbleweed to HostLinuxOSs.
\ No newline at end of file
diff --git a/changes/10631-updated-action-on-host-search b/changes/10631-updated-action-on-host-search
deleted file mode 100644
index 391a8a8d26..0000000000
--- a/changes/10631-updated-action-on-host-search
+++ /dev/null
@@ -1 +0,0 @@
-Bug: Updated authorization action used on host/search endpoint
\ No newline at end of file
diff --git a/changes/8129-fleet-errors-uuid-and-internal b/changes/8129-fleet-errors-uuid-and-internal
deleted file mode 100644
index 8befdba53a..0000000000
--- a/changes/8129-fleet-errors-uuid-and-internal
+++ /dev/null
@@ -1,2 +0,0 @@
-* Introduce UUIDs to Fleet errors and logs.
-* Don't return internal error information on Fleet API requests (internal errors are logged to stderr).
diff --git a/changes/8186-fix-bug-with-docker-false-positive b/changes/8186-fix-bug-with-docker-false-positive
deleted file mode 100644
index 4dce607e8a..0000000000
--- a/changes/8186-fix-bug-with-docker-false-positive
+++ /dev/null
@@ -1 +0,0 @@
-Updated translation rules so that Docker Desktop can be mapped to the correct CPE.
\ No newline at end of file
diff --git a/changes/8411-jit-provisioning-roles b/changes/8411-jit-provisioning-roles
deleted file mode 100644
index b456903ab4..0000000000
--- a/changes/8411-jit-provisioning-roles
+++ /dev/null
@@ -1 +0,0 @@
-* As part of JIT provisioning, read user roles from SAML custom attributes.
diff --git a/changes/9106-critical-icon-policy-table b/changes/9106-critical-icon-policy-table
deleted file mode 100644
index 1d72c5cba4..0000000000
--- a/changes/9106-critical-icon-policy-table
+++ /dev/null
@@ -1 +0,0 @@
-- Add an icon on the policy table to indicate if a policy is marked critical
diff --git a/changes/9132-orbit-enroll-set-osquery-db-to-retrieve-uuid b/changes/9132-orbit-enroll-set-osquery-db-to-retrieve-uuid
deleted file mode 100644
index 7686802425..0000000000
--- a/changes/9132-orbit-enroll-set-osquery-db-to-retrieve-uuid
+++ /dev/null
@@ -1 +0,0 @@
-* Orbit enroll API to include `hostname` and `platform` (to ease troubleshooting and prevent empty/ghost host entries).
diff --git a/changes/9406-disk-encryption-activity-items b/changes/9406-disk-encryption-activity-items
deleted file mode 100644
index 525f5f3b1a..0000000000
--- a/changes/9406-disk-encryption-activity-items
+++ /dev/null
@@ -1 +0,0 @@
-* Add activity feed items for enabling and disabling disk encryption with MDM
diff --git a/changes/9414-disk-encryption-banners b/changes/9414-disk-encryption-banners
deleted file mode 100644
index d23f288dc4..0000000000
--- a/changes/9414-disk-encryption-banners
+++ /dev/null
@@ -1,3 +0,0 @@
-- Add information banners on the Host Details and My Device pages that appear when the user must
-  either reset their encryption (FileVault on macOS) key, or logout/restart, to enable disk
-  encryption.
diff --git a/changes/9415-aggregate-mac-settings-indicators b/changes/9415-aggregate-mac-settings-indicators
deleted file mode 100644
index 9d924f19e8..0000000000
--- a/changes/9415-aggregate-mac-settings-indicators
+++ /dev/null
@@ -1,2 +0,0 @@
-* Add indicators of aggregate host count for each possible status of MDM-enforced mac settings ("Latest", "Pending," "Failing") to
-the Controls > macOS settings > Custom settings page.
diff --git a/changes/9486-pending-jobs-not-clearing-after-outage b/changes/9486-pending-jobs-not-clearing-after-outage
deleted file mode 100644
index 97aa5ebbb1..0000000000
--- a/changes/9486-pending-jobs-not-clearing-after-outage
+++ /dev/null
@@ -1 +0,0 @@
-* Run periodic cleanup of pending `cron_stats` outside the `schedule` package to prevent Fleet outages from breaking cron jobs.
diff --git a/changes/9515-log-instance-id b/changes/9515-log-instance-id
deleted file mode 100644
index a5f7e71809..0000000000
--- a/changes/9515-log-instance-id
+++ /dev/null
@@ -1 +0,0 @@
-* Add `"instanceID"` (aka `owner` of `locks`) to `schedule` logging (to help troubleshooting when running multiple Fleet instances).
diff --git a/changes/9567-macos_settings-hosts-filter b/changes/9567-macos_settings-hosts-filter
deleted file mode 100644
index b8d7622c37..0000000000
--- a/changes/9567-macos_settings-hosts-filter
+++ /dev/null
@@ -1,3 +0,0 @@
-* Add ability to filter data under the Hosts tab by the aggregate status of hosts' MDM-managed macos
-settings. This filter is used when clicking Controls > macOS settings > "# hosts" under Latest,
-Pending, or Failing.
diff --git a/changes/9753-fix-bug-software-link-tooltip b/changes/9753-fix-bug-software-link-tooltip
deleted file mode 100644
index 5eceb1a3d8..0000000000
--- a/changes/9753-fix-bug-software-link-tooltip
+++ /dev/null
@@ -1 +0,0 @@
-* Fix software table links that were cutting off tooltip
\ No newline at end of file
diff --git a/changes/9921-cis-win-10-2.3.10.x b/changes/9921-cis-win-10-2.3.10.x
deleted file mode 100644
index b61ea70b9a..0000000000
--- a/changes/9921-cis-win-10-2.3.10.x
+++ /dev/null
@@ -1 +0,0 @@
-- Add Win 10 policies for CIS Benchmark 2.3.10.x
diff --git a/changes/9924-cis-win-10-2.3.17.x b/changes/9924-cis-win-10-2.3.17.x
deleted file mode 100644
index 0bda4ffd22..0000000000
--- a/changes/9924-cis-win-10-2.3.17.x
+++ /dev/null
@@ -1 +0,0 @@
-- Add Win 10 policies for CIS Benchmark 2.3.17.x
diff --git a/changes/9984-global-and-team-observers-can-view-team b/changes/9984-global-and-team-observers-can-view-team
deleted file mode 100644
index 7d28881aae..0000000000
--- a/changes/9984-global-and-team-observers-can-view-team
+++ /dev/null
@@ -1,2 +0,0 @@
-* Global observer can view settings for all teams.
-* Team observers can view the team's settings.
diff --git a/changes/bugfix-mdm-settings-documentation b/changes/bugfix-mdm-settings-documentation
deleted file mode 100644
index a4ced1d6c6..0000000000
--- a/changes/bugfix-mdm-settings-documentation
+++ /dev/null
@@ -1 +0,0 @@
-* Fixed incorrect MDM-related settings documentation and payload response examples.
diff --git a/changes/bugfix-trigger-release-lock b/changes/bugfix-trigger-release-lock
deleted file mode 100644
index 3260663486..0000000000
--- a/changes/bugfix-trigger-release-lock
+++ /dev/null
@@ -1 +0,0 @@
-- Fixed a bug where `fleetctl trigger` doesn't release the schedule lock when the triggered run spans the regularly scheduled interval. This can prevent a second Fleet instance from using `fleetctl trigger` until the lock expires. This issue occurs infrequently under normal use. When it does occur, it resolves on its own in time; however, it may last up one full interval.
diff --git a/changes/fleetd-chrome b/changes/fleetd-chrome
deleted file mode 100644
index c576f38035..0000000000
--- a/changes/fleetd-chrome
+++ /dev/null
@@ -1 +0,0 @@
-* Add implementation of Fleetd for Chrome. (This probably deserves a full separate blog article that is linked from the release notes)
diff --git a/changes/issue-10136-cis-win-10-9-2-x b/changes/issue-10136-cis-win-10-9-2-x
deleted file mode 100644
index 7b2e440241..0000000000
--- a/changes/issue-10136-cis-win-10-9-2-x
+++ /dev/null
@@ -1 +0,0 @@
-- Document CIS Windows10 Benchmarks 9.2.x to cis policy queries
diff --git a/changes/issue-10409-no-team-filter b/changes/issue-10409-no-team-filter
deleted file mode 100644
index 5dcf691f54..0000000000
--- a/changes/issue-10409-no-team-filter
+++ /dev/null
@@ -1,2 +0,0 @@
-- Updated API endpoints that use `team_id` query parameter so that `team_id=0`
-  filters results to include only hosts that are not assigned to any team.
diff --git a/changes/issue-10409-support-no-teams-in-aggregated-stats b/changes/issue-10409-support-no-teams-in-aggregated-stats
deleted file mode 100644
index d8922e577b..0000000000
--- a/changes/issue-10409-support-no-teams-in-aggregated-stats
+++ /dev/null
@@ -1 +0,0 @@
-* Adjusted the `aggregated_stats` table to compute and store statistics for "no team" in addition to per-team and for all teams.
diff --git a/changes/issue-9124-orbit-enroll-match-by-serial b/changes/issue-9124-orbit-enroll-match-by-serial
deleted file mode 100644
index 63710b8385..0000000000
--- a/changes/issue-9124-orbit-enroll-match-by-serial
+++ /dev/null
@@ -1 +0,0 @@
-* Added support for fleetd to enroll a device using its serial number (in addition to its system UUID) to help avoid host-matching issues when a host is first created in Fleet via the MDM automatic enrollment (Apple Business Manager).
diff --git a/changes/issue-9400-add-disk-encryption-fleetctl-apply b/changes/issue-9400-add-disk-encryption-fleetctl-apply
deleted file mode 100644
index 9d95bdc731..0000000000
--- a/changes/issue-9400-add-disk-encryption-fleetctl-apply
+++ /dev/null
@@ -1 +0,0 @@
-* Added the `mdm.macos_settings.enable_disk_encryption` option to the `fleetctl apply` configuration files of "config" and "team" kind as a Fleet Premium feature.
diff --git a/changes/issue-9402-9409-implement-UI-for-disk-encryption-on-mdm b/changes/issue-9402-9409-implement-UI-for-disk-encryption-on-mdm
deleted file mode 100644
index 3ff0fcc029..0000000000
--- a/changes/issue-9402-9409-implement-UI-for-disk-encryption-on-mdm
+++ /dev/null
@@ -1 +0,0 @@
-- add UI for fleet mdm managed disk encryption toggling and the disk encryption aggregate data.
diff --git a/changes/issue-9433-support-modify-team-disk-encryption b/changes/issue-9433-support-modify-team-disk-encryption
deleted file mode 100644
index 28fc24ca06..0000000000
--- a/changes/issue-9433-support-modify-team-disk-encryption
+++ /dev/null
@@ -1 +0,0 @@
-* Added support to update a team's disk encryption via the Modify Team (`PATCH /api/latest/fleet/teams/{id}`) endpoint.
diff --git a/changes/issue-9435-disk-encryption-activities b/changes/issue-9435-disk-encryption-activities
deleted file mode 100644
index e9c287c355..0000000000
--- a/changes/issue-9435-disk-encryption-activities
+++ /dev/null
@@ -1,2 +0,0 @@
-* Added activities for when macOS disk encryption setting is enabled or disabled.
-* Fixed an issue when applying the configuration YAML returned by `fleetctl get config` with `fleetctl apply` when MDM is not enabled.
diff --git a/changes/issue-9437-add-host-disk-encryption-status b/changes/issue-9437-add-host-disk-encryption-status
deleted file mode 100644
index 7714d90218..0000000000
--- a/changes/issue-9437-add-host-disk-encryption-status
+++ /dev/null
@@ -1 +0,0 @@
-* Added `mdm.macos_settings.disk_encryption` and `mdm.macos_settings.action_required` status fields in the response for a single host (`GET /hosts/{id}` and `GET /device/{token}` endpoints).
diff --git a/changes/issue-9591-mdm-profiles-summary b/changes/issue-9591-mdm-profiles-summary
deleted file mode 100644
index b3cbfd364b..0000000000
--- a/changes/issue-9591-mdm-profiles-summary
+++ /dev/null
@@ -1 +0,0 @@
-- Added `GET /mdm/apple/profiles/summary` endpoint.
diff --git a/changes/issue-9596-mdm-profile-filter b/changes/issue-9596-mdm-profile-filter
deleted file mode 100644
index 4decebd448..0000000000
--- a/changes/issue-9596-mdm-profile-filter
+++ /dev/null
@@ -1 +0,0 @@
-* Added mdm profiles status filter to hosts endpoints.
\ No newline at end of file
diff --git a/changes/pin-dockerfiles b/changes/pin-dockerfiles
deleted file mode 100644
index 378e559511..0000000000
--- a/changes/pin-dockerfiles
+++ /dev/null
@@ -1 +0,0 @@
-- Pin Docker image hashes in Dockerfiles for increased security.
diff --git a/charts/fleet/Chart.yaml b/charts/fleet/Chart.yaml
index dbd4869537..127dd20fba 100644
--- a/charts/fleet/Chart.yaml
+++ b/charts/fleet/Chart.yaml
@@ -8,4 +8,4 @@ version: v5.0.0
 home: https://github.com/fleetdm/fleet
 sources:
   - https://github.com/fleetdm/fleet.git
-appVersion: v4.28.1
+appVersion: v4.29.0
diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml
index 9ebf34a1f0..a0f7becd74 100644
--- a/charts/fleet/values.yaml
+++ b/charts/fleet/values.yaml
@@ -2,7 +2,7 @@
 # All settings related to how Fleet is deployed in Kubernetes
 hostName: fleet.localhost
 replicas: 3 # The number of Fleet instances to deploy
-imageTag: v4.28.1 # Version of Fleet to deploy
+imageTag: v4.29.0 # Version of Fleet to deploy
 podAnnotations: {} # Additional annotations to add to the Fleet pod
 serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
 resources:
diff --git a/infrastructure/dogfood/terraform/aws/variables.tf b/infrastructure/dogfood/terraform/aws/variables.tf
index eb8e4c99bb..f0f27e37f7 100644
--- a/infrastructure/dogfood/terraform/aws/variables.tf
+++ b/infrastructure/dogfood/terraform/aws/variables.tf
@@ -56,7 +56,7 @@ variable "database_name" {
 
 variable "fleet_image" {
   description = "the name of the container image to run"
-  default     = "fleetdm/fleet:v4.28.1"
+  default     = "fleetdm/fleet:v4.29.0"
 }
 
 variable "software_inventory" {
diff --git a/infrastructure/dogfood/terraform/gcp/variables.tf b/infrastructure/dogfood/terraform/gcp/variables.tf
index d6418db385..4d774fe024 100644
--- a/infrastructure/dogfood/terraform/gcp/variables.tf
+++ b/infrastructure/dogfood/terraform/gcp/variables.tf
@@ -68,5 +68,5 @@ variable "redis_mem" {
 }
 
 variable "image" {
-  default = "fleet:v4.28.1"
+  default = "fleet:v4.29.0"
 }
diff --git a/tools/fleetctl-npm/package.json b/tools/fleetctl-npm/package.json
index 24f79eda33..9279a7ad8b 100644
--- a/tools/fleetctl-npm/package.json
+++ b/tools/fleetctl-npm/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fleetctl",
-  "version": "v4.28.1",
+  "version": "v4.29.0",
   "description": "Installer for the fleetctl CLI tool",
   "bin": {
     "fleetctl": "./run.js"