Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91

Prepare v4.30.0 (#11105)

Browse source
This commit is contained in:
Luke Heath 2023-04-10 15:48:34 -05:00 committed by GitHub
parent fe166c93e3
commit 7c6c209d79
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
40 changed files with 78 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/dogfood-deploy.yml vendored
View file

@ -4,7 +4,7 @@ on:
workflow_dispatch:
inputs:
DOCKER_IMAGE:
description: 'The full name of the docker image to be deployed. (e.g. fleetdm/fleet:v4.29.1)'
description: 'The full name of the docker image to be deployed. (e.g. fleetdm/fleet:v4.30.0)'
required: true
# This allows a subsequently queued workflow run to interrupt previous runs

72
CHANGELOG.md
View file

@ -1,3 +1,75 @@
## Fleet 4.30.0 (Apr 10, 2023)
* Removed both `FLEET_MDM_APPLE_ENABLE` and `FLEET_DEV_MDM_ENABLED` feature flags.
* Automatically send a configuration profile for the `fleetd` agent to teams that use DEP enrollment.
* DEP JSON profiles are now automatically created with default values when the server is run.
* Added the `--mdm` and `--mdm-pending` flags to the `fleetctl get hosts` command to list hosts enrolled in Fleet MDM and pending enrollment in Fleet MDM, respectively.
* Added support for the "enrolled" value for the `mdm_enrollment_status` filter and the new `mdm_name` filter for the "List hosts", "Count hosts" and "List hosts in label" endpoints.
* Added the `fleetctl mdm run-command` command, to run any of the [Apple-supported MDM commands](https://developer.apple.com/documentation/devicemanagement/commands_and_queries) on a host.
* Added the `fleetctl get mdm-command-results` sub-command to get the results for a previously-executed MDM command.
* Added API support to filter the host by the disk encryption status on "GET /hosts", "GET /hosts/count", and "GET /labels/:id/hosts" endpoints.
* Added API endpoint for disk encryption aggregate status data.
* Automatically install `fleetd` for DEP enrolled hosts.
* Updated hosts' profiles status sync to set to "pending" immediately after an action that affects their list of profiles.
* Updated FileVault configuration profile to disallow device user from disabling full-disk encryption.
* Updated MDM settings so that they are consistent, and updated documentation for clarity, completeness and correctness.
* Added `observer_plus` user role to Fleet. Observers+ are observers that can run any live query.
* Added a premium-only "Published" column to the vulnerabilities table to display when a vulnerability was first published.
* Improved version detection for macOS apps. This fixes some false positives in macOS vulnerability detection.
* If a new CPE translation rule is pushed, the data in the database should reflect that.
* If a false positive is patched, the data in the database should reflect that.
* Include the published date from NVD in the vulnerability object in the API and the vulnerability webhooks (premium feature only).
* User management table informs which users only have API access.
* Added configuration option `websockets_allow_unsafe_origin` to optionally disable the websocket origin check.
* Added new config `prometheus.basic_auth.disable` to allow running the Prometheus endpoint without HTTP Basic Auth.
* Added missing tables to be cleared on host deletion (those that reference the host by UUID instead of ID).
* Introduced new email backend capable of sending email directly using SES APIs.
* Upgraded Go version to 1.19.8 (includes minor security fixes for HTTP DoS issues).
* Uninstalling applications from hosts will remove the corresponding entry in `software` if no more hosts have the application installed.
* Removed the unused "Issuer URI" field from the single sign-on configuration page of the UI.
* Fixed an issue where some icons would appear clipped at certain zoom levels.
* Fixed a bug where some empty table cells were slightly different colors.
* Fixed e-mail sending on user invites and user e-mail change when SMTP server has credentials.
* Fixed logo misalignment.
* Fixed a bug where for certain org logos, the user could still click on it even outside the navbar.
* Fixed styling bugs on the SelectQueryModal.
* Fixed an issue where custom org logos might be displayed off-center.
* Fixed a UI bug where in certain states, there would be extra space at the right edge of the Manage Hosts table.
## Fleet 4.29.1 (Mar 31, 2023)
* Fixed a migration that was causing `fleet prepare db` to fail due to changes in the collation of the tables. IMPORTANT: please make sure to have a database backup before running migrations.

1
changes/10038-consistent-empty-cell-coloring
View file

@ -1 +0,0 @@
- Fixed a bug where some empty table cells were slightly different colors

1
changes/10257-remove-issuer-uri
View file

@ -1 +0,0 @@
- Removed the unused "Issuer URI" field from the single sign-on configuration page of the UI

1
changes/10328-clipped-icons
View file

@ -1 +0,0 @@
- Fix an issue where some icons would appear clipped at certain zoom levels

1
changes/10651-misaligned-icon
View file

@ -1 +0,0 @@
- Correctly aligned an icon

1
changes/10746-remove-mdm-feature-flags
View file

@ -1 +0,0 @@
- Remove both `FLEET_MDM_APPLE_ENABLE` and `FLEET_DEV_MDM_ENABLED` feature flags.

1
changes/10790-uneven-org-logo
View file

@ -1 +0,0 @@
- Fixed an issue where custom org logos might be displayed off-center

1
changes/10879-api-only-user-badge
View file

@ -1 +0,0 @@
- User management table informs which users only have API accesss

1
changes/10981-org-logo-clickable-outside-nav
View file

@ -1 +0,0 @@
- Fixed a bug where for certain org logos, the user could still click on it even outside the navbar

3
changes/11034-select-query-modal-style-bugs
View file

@ -1,3 +0,0 @@
- Fix styling bugs on the SelectQueryModal:
- y-misaligned "OR"
- x- and y-misaligned query list

1
changes/1968-remove-software-entries-if-uninstalled-by-all
View file

@ -1 +0,0 @@
* Uninstalling applications from hosts will remove the corresponding entry in `software` if no more hosts have the application installed.

1
changes/8593-observer_plus
View file

@ -1 +0,0 @@
* Add `observer_plus` user role to Fleet. Observers+ are observers that can run any live query.

1
changes/8957-allow-prometheus-without-http-basic-auth
View file

@ -1 +0,0 @@
* New config `prometheus.basic_auth.disable` to allow running the Prometheus endpoint without HTTP Basic Auth.

1
changes/9459-fleetd-config
View file

@ -1 +0,0 @@
* MDM: automatically send a configuration profile for the `fleetd` agent to teams that use DEP enrollment.

1
changes/9459-install-fleetd
View file

@ -1 +0,0 @@
* MDM: automatically install `fleetd` for DEP enrolled hosts.

1
changes/9569-mdm-dep-profile
View file

@ -1 +0,0 @@
* MDM: DEP JSON profiles are now automatically created with default values when the server is run.

1
changes/9609-fix-smtp-email-send
View file

@ -1 +0,0 @@
* Fix e-mail sending on user invites and user e-mail change when SMTP server has credentials.

2
changes/9834-add-published-date-to-vulns
View file

@ -1,2 +0,0 @@
- Include the published date from NVD in the vulnerability object in the API and the vulnerability
webhooks (premium feature only).

2
changes/9834-vulnerability-publishe-date-column
View file

@ -1,2 +0,0 @@
* Added a premium-only "Published" column to the vulnerabilities table to display when a
vulnerability was first published.

1
changes/9988-extra-space-at-end-of-table
View file

@ -1 +0,0 @@
- Fixed a UI bug where in certain states, there would be extra space at the right edge of the Manage Hosts table.

2
changes/clean_out_old_nvd_results
View file

@ -1,2 +0,0 @@
- If a new CPE translation rule is pushed, the data in the database should reflect that.
- If a false positive is patched, the data in the database should reflect that.

1
changes/go-version
View file

@ -1 +0,0 @@
- Upgrade Go version to 1.19.8 (includes minor security fixes for HTTP DoS issues).

1
changes/issue-10122-trigger-update-host-profiles-status
View file

@ -1 +0,0 @@
* Added updating the hosts' profiles to "pending" immediately after an action that affects their list of profiles, such as moving to another team, a profile being added, etc.

1
changes/issue-10408-document-mdm-settings
View file

@ -1 +0,0 @@
* Updated MDM settings so that they are consistent, and updated documentation for clarity, completeness and correctness.

1
changes/issue-10673-delete-additional-host-table-refs
View file

@ -1 +0,0 @@
* Added missing tables to be cleared on host deletion (those that reference the host by UUID instead of ID).

1
changes/issue-10778-webscokets-unsafe-origin
View file

@ -1 +0,0 @@
* add configuration option `websockets_allow_unsafe_origin` to optionally disable the websocket origin check

1
changes/issue-10788-dont-allow-fde-disable
View file

@ -1 +0,0 @@
- Updated FileVault configuration profile to disallow device user from disabling full-disk encryption.

1
changes/issue-10873-email-via-native-ses
View file

@ -1 +0,0 @@
* introduce new email backend capable of sending email directly using SES APIs

1
changes/issue-9434-implement-api-for-disk-encryption-aggregate
View file

@ -1 +0,0 @@
- implement API endpoint for disk encryption aggregate status data.

2
changes/issue-9436-add-disk-encryption-status-host-filtering
View file

@ -1,2 +0,0 @@
- adds API support to filter the host by the disk encryption status on "GET /hosts", "GET
/hosts/count", and "GET /labels/:id/hosts" endpoints

2
changes/issue-9643-add-fleetctl-get-hosts-mdm
View file

@ -1,2 +0,0 @@
* Added the `--mdm` and `--mdm-pending` flags to the `fleetctl get hosts` command to list hosts enrolled in Fleet MDM and pending enrollment in Fleet MDM, respectively.
* Added support for the "enrolled" value for the `mdm_enrollment_status` filter and the new `mdm_name` filter for the "List hosts", "Count hosts" and "List hosts in label" endpoints.

1
changes/issue-9643-fleetctl-get-mdm-command-results
View file

@ -1 +0,0 @@
* Added the `fleetctl get mdm-command-results` sub-command to get the results for a previously-executed MDM command.

1
changes/issue-9643-fleetctl-mdm-run-command
View file

@ -1 +0,0 @@
* Added the `fleetctl mdm run-command` command, to run any of the [Apple-supported MDM commands](https://developer.apple.com/documentation/devicemanagement/commands_and_queries) on a host.

1
changes/macos-app-version
View file

@ -1 +0,0 @@
* Improve version detection for macOS apps. This fixes some false positives in macOS vulnerability detection.

2
charts/fleet/Chart.yaml
View file

@ -8,4 +8,4 @@ version: v5.0.1
home: https://github.com/fleetdm/fleet
sources:
- https://github.com/fleetdm/fleet.git
appVersion: v4.29.1
appVersion: v4.30.0

2
charts/fleet/values.yaml
View file

@ -2,7 +2,7 @@
# All settings related to how Fleet is deployed in Kubernetes
hostName: fleet.localhost
replicas: 3 # The number of Fleet instances to deploy
imageTag: v4.29.1 # Version of Fleet to deploy
imageTag: v4.30.0 # Version of Fleet to deploy
podAnnotations: {} # Additional annotations to add to the Fleet pod
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
resources:

2
infrastructure/dogfood/terraform/aws/variables.tf
View file

@ -56,7 +56,7 @@ variable "database_name" {
variable "fleet_image" {
description = "the name of the container image to run"
default = "fleetdm/fleet:v4.29.1"
default = "fleetdm/fleet:v4.30.0"
}
variable "software_inventory" {

2
infrastructure/dogfood/terraform/gcp/variables.tf
View file

@ -68,5 +68,5 @@ variable "redis_mem" {
}
variable "image" {
default = "fleet:v4.29.1"
default = "fleet:v4.30.0"
}

2
tools/fleetctl-npm/package.json
View file

@ -1,6 +1,6 @@
{
"name": "fleetctl",
"version": "v4.29.1",
"version": "v4.30.0",
"description": "Installer for the fleetctl CLI tool",
"bin": {
"fleetctl": "./run.js"