From 60fc1a4e2c04d6ac6bcbf0132ac02954e4f4df5e Mon Sep 17 00:00:00 2001
From: Harrison Ravazzolo <38767391+harrisonravazzolo@users.noreply.github.com>
Date: Wed, 18 Dec 2024 19:25:20 -0800
Subject: [PATCH 1/6] Update
deputy-achieves-compliance-and-clarity-with-fleet.md (#24898)
---
...y-achieves-compliance-and-clarity-with-fleet.md | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/articles/deputy-achieves-compliance-and-clarity-with-fleet.md b/articles/deputy-achieves-compliance-and-clarity-with-fleet.md
index 61af179728..40808419a3 100644
--- a/articles/deputy-achieves-compliance-and-clarity-with-fleet.md
+++ b/articles/deputy-achieves-compliance-and-clarity-with-fleet.md
@@ -1,12 +1,5 @@
# How Deputy achieved compliance and clarity with Fleet—keeping shift work in sync
-
-
-“We were using Fleet to get some accurate reporting on browsers that people are using - it's useful to have that clear picture when we go and talk to SLT and can back those decisions up with some actual stats”
-
-**- John Howell, Director of IT**
-
-
## Challenge
[Deputy](https://www.deputy.com/), a global leader in workforce management software, needed a reliable way to capture device telemetry, troubleshoot issues, and ensure accurate reporting on OS and software updates to maintain SLA compliance. The increasing number of software applications and browser extensions introduced additional complexity, leading to compliance challenges and gaps across cross-functional teams.
@@ -16,13 +9,6 @@ Deputy immediately leveraged Fleet’s robust [API](https://fleetdm.com/docs/res
Previously reliant on [Kolide](https://www.kolide.com/), Deputy reduced costs by transitioning to Fleet while benefiting from hands-on support and direct access to Fleet’s engineers. They spun up a [dedicated Fleet instance](https://fleetdm.com/docs/deploy/deploy-fleet) on their managed infrastructure, tailoring configurations and deployments to meet the unique needs of their organization.
-
-
-“We want to use Fleet to specifically build a catalog of what's currently in use across our hosts. I've said to the team, get that reporting out of Fleet. Let's see what people are using. if we found something that we weren't happy with through that reporting, it'd be quite useful to pick that up."
-
-**- John Howell, Director of IT**
-
-
## Results
From 8091db7371d4d81687f710cf4dafa4bc22f67602 Mon Sep 17 00:00:00 2001
From: Mike McNeil
Date: Thu, 19 Dec 2024 09:10:47 -0600
Subject: [PATCH 2/6] =?UTF-8?q?Update=20pricing.ejs:=20=E2=80=9CFor=20team?=
=?UTF-8?q?s=20who=20can=20move=20quickly=E2=80=9D=20(#24893)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Being big isn’t enough.
---
website/views/pages/pricing.ejs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/website/views/pages/pricing.ejs b/website/views/pages/pricing.ejs
index 3fc2be51ef..9594998a9b 100644
--- a/website/views/pages/pricing.ejs
+++ b/website/views/pages/pricing.ejs
@@ -54,7 +54,7 @@
Custom
-
For teams with extremely large deployments.
+
For teams who can move quickly with extremely large deployments.
From 0065c928858f9e7005e052275c230687003d99fe Mon Sep 17 00:00:00 2001
From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Date: Thu, 19 Dec 2024 10:10:55 -0500
Subject: [PATCH 3/6] Update product-design.rituals.yml (#24902)
- Record KPI first before we move stories around
---
handbook/product-design/product-design.rituals.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/handbook/product-design/product-design.rituals.yml b/handbook/product-design/product-design.rituals.yml
index 5bf2ce1efb..f3ea2b9602 100644
--- a/handbook/product-design/product-design.rituals.yml
+++ b/handbook/product-design/product-design.rituals.yml
@@ -2,7 +2,7 @@
task: "🦢📊 Design sprint review" # 2024-03-06 TODO: Link to responsibility or corresponding "how to" info e.g. https://fleetdm.com/handbook/company/product-groups#making-changes
startedOn: "2024-03-07"
frequency: "Triweekly"
- description: "1. For all stories that are not estimated, add their respective customer requests to the feature fest board. For stories that we're no longer working on, remove them from the drafting board, remove their respective customer requests from the 💝 Customer requests board, and notify stakeholders. 2. Record the number of dropped stories for KPIs (all user stories that did not meet the 3 week drafting timeline). 3. Retro: What went well? What could go better? What to remember for next time?"
+ description: "1. Record the number of dropped stories for KPIs (all user stories that did not meet the 3 week drafting timeline). 2. For all stories that are not estimated, add their respective customer requests to the feature fest board. For stories that we're no longer working on, remove them from the drafting board, remove their respective customer requests from the 💝 Customer requests board, and notify stakeholders. 3. Retro: What went well? What could go better? What to remember for next time?"
moreInfoUrl:
dri: "noahtalerman"
-
From ace2fa3f9fb80ce44baf45dde79f96e650a737f5 Mon Sep 17 00:00:00 2001
From: Luke Heath
Date: Thu, 19 Dec 2024 10:09:22 -0600
Subject: [PATCH 4/6] Adding changes for Fleet v4.61.0 (#24407) (#24904)
---
CHANGELOG.md | 69 +++++++++++++++++++
changes/18539-font-bug | 1 -
changes/19696-missing-instrumentation | 1 -
...prove-nano-enrollments-last-seen-at-update | 1 -
changes/21795-resend-config-profile-api | 1 -
changes/21908-replace-mozilla-pkcs7 | 1 -
.../21986-fix-to-abm-token-table-responsive | 1 -
changes/22068-email-2fa | 1 -
changes/22078-do-not-reply | 1 -
changes/22078-x | 1 -
.../22527-policy-automation-ui-improvements | 1 -
changes/22819-delete-modal | 1 -
changes/22896-ui-windows-automatic-migration | 1 -
...2897-add-windows-migration-enabled-setting | 1 -
.../23020-automation-software-install-zip-dmg | 1 -
changes/23027-settings-empty-states | 1 -
changes/23095-host-sw-scroll | 1 -
changes/23158-turn-off-windows-mdm-err | 1 -
changes/23234-bug-fix | 2 -
changes/23305-team-admin-tma | 1 -
changes/23404-pagination | 1 -
changes/23458-additional-stats | 1 -
changes/23462-show-windows-mdm-wstep-options | 1 -
changes/23488-host-duplicate-queries | 1 -
changes/23621-unlock-text | 1 -
changes/23679-optimize-software-versions | 1 -
changes/23686-update-zoom | 2 -
changes/23733-apple-app-store-icons | 1 -
changes/23749-fix-learn-more-link | 1 -
...eethttp-client-for-apns-push-notifications | 1 -
changes/23760-pkcs8-apns-key | 1 -
changes/23787-script-name | 2 -
changes/23816-profile-stuck-pending | 1 -
changes/23832-select-nano_enrollment_queue | 1 -
changes/23834-improve-label-flag-validation | 1 -
changes/23880-fleet-ctl-label-docs | 1 -
changes/23893-fix-docker-fleetctl | 1 -
changes/23905-update-nanomdm | 1 -
changes/23942-wrong-link | 1 -
...3967-doc-firefox_preferences-linux-windows | 1 -
changes/24009-gh-translation | 1 -
.../24024-bypass-setup-experience-if-empty | 2 -
changes/24093-clear-policy-automation | 1 -
changes/24109-drop-duplicate-indexes | 1 -
...24186-fix-missing-spinner-for-delete-modal | 2 -
changes/24248-host-details-encryption-banner | 2 -
changes/24288-mdm-gitops-role | 1 -
.../24321-exclude-custom-source-without-email | 2 -
changes/24337-fix-activity | 1 -
changes/24363-fancy-log-destination | 1 -
changes/24487-host-software-actions | 2 -
changes/24509-fma-no-team | 1 -
.../24636-UI-redirect-for-invalid-url-param | 1 -
changes/24771-mdm-deadlock-fixes | 1 -
changes/email-font-inter | 1 -
...ui-creat-policies-fleet-apps-title-details | 1 -
changes/jve-fix-typo | 1 -
changes/update-go1.23.4 | 1 -
charts/fleet/Chart.yaml | 2 +-
charts/fleet/values.yaml | 2 +-
.../dogfood/terraform/aws/variables.tf | 2 +-
.../dogfood/terraform/gcp/variables.tf | 2 +-
infrastructure/guardduty/.terraform.lock.hcl | 4 +-
infrastructure/guardduty/main.tf | 2 +-
.../infrastructure/cloudtrail/main.tf | 2 +-
.../elastic-agent/.terraform.lock.hcl | 4 +-
.../infrastructure/elastic-agent/main.tf | 2 +-
.../guardduty-alerts/.terraform.lock.hcl | 4 +-
.../infrastructure/guardduty-alerts/main.tf | 2 +-
.../infrastructure/spend_alerts/main.tf | 2 +-
terraform/addons/ses/README.md | 2 +-
terraform/addons/vuln-processing/variables.tf | 4 +-
terraform/byo-vpc/byo-db/README.md | 2 +-
terraform/byo-vpc/byo-db/byo-ecs/variables.tf | 4 +-
terraform/byo-vpc/byo-db/variables.tf | 4 +-
terraform/byo-vpc/example/main.tf | 2 +-
terraform/byo-vpc/variables.tf | 4 +-
terraform/example/main.tf | 4 +-
terraform/variables.tf | 4 +-
tools/fleetctl-npm/package.json | 2 +-
tools/release/publish_release.sh | 2 +-
81 files changed, 101 insertions(+), 97 deletions(-)
delete mode 100644 changes/18539-font-bug
delete mode 100644 changes/19696-missing-instrumentation
delete mode 100644 changes/21340-improve-nano-enrollments-last-seen-at-update
delete mode 100644 changes/21795-resend-config-profile-api
delete mode 100644 changes/21908-replace-mozilla-pkcs7
delete mode 100644 changes/21986-fix-to-abm-token-table-responsive
delete mode 100644 changes/22068-email-2fa
delete mode 100644 changes/22078-do-not-reply
delete mode 100644 changes/22078-x
delete mode 100644 changes/22527-policy-automation-ui-improvements
delete mode 100644 changes/22819-delete-modal
delete mode 100644 changes/22896-ui-windows-automatic-migration
delete mode 100644 changes/22897-add-windows-migration-enabled-setting
delete mode 100644 changes/23020-automation-software-install-zip-dmg
delete mode 100644 changes/23027-settings-empty-states
delete mode 100644 changes/23095-host-sw-scroll
delete mode 100644 changes/23158-turn-off-windows-mdm-err
delete mode 100644 changes/23234-bug-fix
delete mode 100644 changes/23305-team-admin-tma
delete mode 100644 changes/23404-pagination
delete mode 100644 changes/23458-additional-stats
delete mode 100644 changes/23462-show-windows-mdm-wstep-options
delete mode 100644 changes/23488-host-duplicate-queries
delete mode 100644 changes/23621-unlock-text
delete mode 100644 changes/23679-optimize-software-versions
delete mode 100644 changes/23686-update-zoom
delete mode 100644 changes/23733-apple-app-store-icons
delete mode 100644 changes/23749-fix-learn-more-link
delete mode 100644 changes/23758-use-fleethttp-client-for-apns-push-notifications
delete mode 100644 changes/23760-pkcs8-apns-key
delete mode 100644 changes/23787-script-name
delete mode 100644 changes/23816-profile-stuck-pending
delete mode 100644 changes/23832-select-nano_enrollment_queue
delete mode 100644 changes/23834-improve-label-flag-validation
delete mode 100644 changes/23880-fleet-ctl-label-docs
delete mode 100644 changes/23893-fix-docker-fleetctl
delete mode 100644 changes/23905-update-nanomdm
delete mode 100644 changes/23942-wrong-link
delete mode 100644 changes/23967-doc-firefox_preferences-linux-windows
delete mode 100644 changes/24009-gh-translation
delete mode 100644 changes/24024-bypass-setup-experience-if-empty
delete mode 100644 changes/24093-clear-policy-automation
delete mode 100644 changes/24109-drop-duplicate-indexes
delete mode 100644 changes/24186-fix-missing-spinner-for-delete-modal
delete mode 100644 changes/24248-host-details-encryption-banner
delete mode 100644 changes/24288-mdm-gitops-role
delete mode 100644 changes/24321-exclude-custom-source-without-email
delete mode 100644 changes/24337-fix-activity
delete mode 100644 changes/24363-fancy-log-destination
delete mode 100644 changes/24487-host-software-actions
delete mode 100644 changes/24509-fma-no-team
delete mode 100644 changes/24636-UI-redirect-for-invalid-url-param
delete mode 100644 changes/24771-mdm-deadlock-fixes
delete mode 100644 changes/email-font-inter
delete mode 100644 changes/feat-ui-creat-policies-fleet-apps-title-details
delete mode 100644 changes/jve-fix-typo
delete mode 100644 changes/update-go1.23.4
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f1e63c033e..0fc2d7d3f1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,72 @@
+## Fleet 4.61.0 (Dec 17, 2024)
+
+## Endpoint operations
+- Added support to require email verification (MFA) on each login when setting up a Fleet user outside SSO.
+- Extended Linux encryption key escrow support to Ubuntu 20.04.6.
+- Added missing APM instrumentation for Fleet API routes.
+- Improved label validation when running live queries. Previously, when passing label(s) that do not exist, the labels were ignored. Now, an error is returned indicating which labels were not found. This change affects both the API and `fleetctl query` command.
+
+## Device management (MDM)
+- Added functionality for creating an automatic install policy for Fleet-maintained apps.
+- Replaced Zoom Fleet-maintained app with Zoom for IT, which does not open any windows during installation.
+- Added support for the new `windows_migration_enabled` setting (can be set via `fleetctl`, the `PATCH /api/latest/fleet/config` API endpoint and the UI). Requires a premium license.
+- Updated to only show the "follow instructions on My device" banner for Linux hosts whose disks are encrypted but for which Fleet hasn't escrowed a valid key.
+- Added App Store app UI: Added different empty state when VPP token is not added at all vs. when it's not assigned to a team to prevent confusion.
+- Allowed APNS key to be in unencrypted PKCS8 format, which may happen when migrating from another MDM.
+- Allowed calling `/api/v1/fleet/software/fleet_maintained_apps` with no team ID to retrieve the full global list of maintained apps.
+- Added UI changes for windows MDM page and allow for automatic migration for windows hosts.
+- Bypassed the setup experience UI if there is no setup experience item to process (no software to install, no script to execute), so that releasing the device is done without going through that window.
+
+## Vulnerability management
+- Added `without_vulnerability_details` to software versions endpoint (/api/latest/fleet/software/versions) so CVE details can be truncated when on Fleet Premium.
+- Fixed an issue where the github cli software name was not matching against the cpe vulnerability name.
+
+## Bug fixes and improvements
+- Updated Go version to 1.23.4.
+- Update help text for policy automation Install software and run script modals.
+- Updated to display Windows MDM WSTEP flags in `fleet --help`.
+- Added language in email templates indicating that users should not reply to the automated emails.
+- Added better information on what deleting a host does.
+- Added a clearer error message when users attempt to turn MDM off on a Windows host.
+- Improved side nav empty state UI under `/settings`.
+- Added missing loading spinner for delete modals (delete configuration profile, delete script, delete setup script and delete software).
+- Improved performance of updating the `nano_enrollments.last_seen_at` timestamp of Apple MDM devices by an order of magnitude under load.
+- Improved MDM `SELECT FROM nano_enrollment_queue` MySQL query performance, including calling it on DB reader much of the time.
+- Updated Inter font to latest version for woff2 files.
+- Added better documentation around how the --label flag works in the fleetctl query command.
+- Switched Twitter logo to X logo in Fleet-initiated automated emails.
+- Removed duplicate indexes from the database schema..
+- Added cleanup job to delete stuck pending Apple profiles, and requeue them.
+- Exclude any custom sourced "users" from the host details "used by" display if Fleet doesn't have an email for them.
+- Replaced the internal use of the deprecated `go.mozilla.org/pkcs7` package with the maintained fork `github.com/smallstep/pkcs7`.
+- Switched email template font to Inter to match previous changes in the rest of the UI.
+- Updated resend config profile API from `hosts/[hostid}/configuration_profiles/resend/{uuid}` to `hosts/{hostid}/configuration_profiles/{uuid}/resend`.
+- Update nanomdm dependency with latest bug fixes and improvements.
+- Updated documentation to include `firefox_preferences` table for Linux and Windows platforms.
+- Restored the user's previous scroll, if any, when they change the filter on the host software table.
+- Updated a link in the Fleet-maintained apps UI to point to the correct place.
+- Removed image borders that are included in Apple's app store icons.
+- Redirect when user provides an invalid URL param for fleet-maintained software id.
+- Added additional statistics item for number of saved queries.
+- Fixed a bug where the name of the setup experience script was not showing up in the activity for that script execution.
+- Present a nicely formatted and more informative UI for log destination in two places.
+- Fixed bug in `fleetdm/fleetctl` docker image where the `build` directory does not exist when generating deb/rpm packages.
+- Fixed missing read permission for team maintainers and admins on Fleet maintained apps.
+- Fixed a bug that would add "Fleet" to activities where it shouldn't be.
+- Fixed ability to clear policy automation that empties webhook URL.
+- Fixes a bug with pagination in the profiles and scripts lists.
+- Fixed duplicate queries in query stats list in host details.
+- Fixed zip and dmg automations showing null platform for installer
+- Fixed a typo in the loading modal when adding a Fleet-maintained app.
+- Fixed UI bug where "Actions" dropdown on host software page included "Install" and "Uninstall" options for software that is not able to be installed via Fleet.
+- Fixed a bug where the HTTP client used for MDM APNs push notifications did not support using a configured proxy.
+- Fixed potential deadlocks when deploying Apple configuration profiles.
+- Fixed releasing a DEP-enrolled macOS device if mTLS is configured for `fleetd`.
+- Fixed learn more about JIT provisioning link.
+- Fixed an issue with the copy for the activity generated by viewing a locked macOS host's PIN.
+- Fixed breaking with gitops user role running `fleetctl gitops` command when MDM is enabled.
+- Fixed responsive styles for the ADM table.
+
## Fleet 4.60.1 (Dec 03, 2024)
### Bug fixes
diff --git a/changes/18539-font-bug b/changes/18539-font-bug
deleted file mode 100644
index 6827466068..0000000000
--- a/changes/18539-font-bug
+++ /dev/null
@@ -1 +0,0 @@
-* Update Inter font to latest version for woff2 files
\ No newline at end of file
diff --git a/changes/19696-missing-instrumentation b/changes/19696-missing-instrumentation
deleted file mode 100644
index 43d10469fd..0000000000
--- a/changes/19696-missing-instrumentation
+++ /dev/null
@@ -1 +0,0 @@
-Added missing APM instrumentation for Fleet API routes.
diff --git a/changes/21340-improve-nano-enrollments-last-seen-at-update b/changes/21340-improve-nano-enrollments-last-seen-at-update
deleted file mode 100644
index 55a978a05b..0000000000
--- a/changes/21340-improve-nano-enrollments-last-seen-at-update
+++ /dev/null
@@ -1 +0,0 @@
-* Improve performance of updating the `nano_enrollments.last_seen_at` timestamp of Apple MDM devices by an order of magnitude under load.
diff --git a/changes/21795-resend-config-profile-api b/changes/21795-resend-config-profile-api
deleted file mode 100644
index 0612554c37..0000000000
--- a/changes/21795-resend-config-profile-api
+++ /dev/null
@@ -1 +0,0 @@
-* Update resend config profile API from hosts/[hostid}/configuration_profiles/resend/{uuid} to hosts/{hostid}/configuration_profiles/{uuid}/resend
\ No newline at end of file
diff --git a/changes/21908-replace-mozilla-pkcs7 b/changes/21908-replace-mozilla-pkcs7
deleted file mode 100644
index 65fc8d79bf..0000000000
--- a/changes/21908-replace-mozilla-pkcs7
+++ /dev/null
@@ -1 +0,0 @@
-* Replaced the internal use of the deprecated `go.mozilla.org/pkcs7` package with the maintained fork `github.com/smallstep/pkcs7`.
diff --git a/changes/21986-fix-to-abm-token-table-responsive b/changes/21986-fix-to-abm-token-table-responsive
deleted file mode 100644
index c2d626e410..0000000000
--- a/changes/21986-fix-to-abm-token-table-responsive
+++ /dev/null
@@ -1 +0,0 @@
-- fix responsive styles for the adm table
diff --git a/changes/22068-email-2fa b/changes/22068-email-2fa
deleted file mode 100644
index 444051b9c8..0000000000
--- a/changes/22068-email-2fa
+++ /dev/null
@@ -1 +0,0 @@
-* Allow requiring email verification (MFA) on each login when setting up a Fleet user outside SSO
\ No newline at end of file
diff --git a/changes/22078-do-not-reply b/changes/22078-do-not-reply
deleted file mode 100644
index aa9f8253af..0000000000
--- a/changes/22078-do-not-reply
+++ /dev/null
@@ -1 +0,0 @@
-* Add language in email templates indicating that users should not reply to the automated emails
\ No newline at end of file
diff --git a/changes/22078-x b/changes/22078-x
deleted file mode 100644
index d6fb5d4049..0000000000
--- a/changes/22078-x
+++ /dev/null
@@ -1 +0,0 @@
-* Switch Twitter logo to X logo in Fleet-initiated automated emails
\ No newline at end of file
diff --git a/changes/22527-policy-automation-ui-improvements b/changes/22527-policy-automation-ui-improvements
deleted file mode 100644
index 6d56f7efa6..0000000000
--- a/changes/22527-policy-automation-ui-improvements
+++ /dev/null
@@ -1 +0,0 @@
-- Update help text for policy automation Install software and Run script modals
diff --git a/changes/22819-delete-modal b/changes/22819-delete-modal
deleted file mode 100644
index a1dc4e5b61..0000000000
--- a/changes/22819-delete-modal
+++ /dev/null
@@ -1 +0,0 @@
-- Fleet UI: Better information on what deleting a host does
diff --git a/changes/22896-ui-windows-automatic-migration b/changes/22896-ui-windows-automatic-migration
deleted file mode 100644
index ae0234123b..0000000000
--- a/changes/22896-ui-windows-automatic-migration
+++ /dev/null
@@ -1 +0,0 @@
-- add UI changes for windows mdm page and allow for automatic migration for windows hosts.
diff --git a/changes/22897-add-windows-migration-enabled-setting b/changes/22897-add-windows-migration-enabled-setting
deleted file mode 100644
index 15866a98c7..0000000000
--- a/changes/22897-add-windows-migration-enabled-setting
+++ /dev/null
@@ -1 +0,0 @@
-* Added support for the new `windows_migration_enabled` setting (can be set via `fleetctl`, the `PATCH /api/latest/fleet/config` API endpoint and the UI). Requires a premium license.
diff --git a/changes/23020-automation-software-install-zip-dmg b/changes/23020-automation-software-install-zip-dmg
deleted file mode 100644
index 3b0af00e97..0000000000
--- a/changes/23020-automation-software-install-zip-dmg
+++ /dev/null
@@ -1 +0,0 @@
-- Fix zip and dmg automations showing null platform for installer
diff --git a/changes/23027-settings-empty-states b/changes/23027-settings-empty-states
deleted file mode 100644
index ecc6736d05..0000000000
--- a/changes/23027-settings-empty-states
+++ /dev/null
@@ -1 +0,0 @@
-* Improve side nav empty state UI under `/settings`
\ No newline at end of file
diff --git a/changes/23095-host-sw-scroll b/changes/23095-host-sw-scroll
deleted file mode 100644
index 6788c9f511..0000000000
--- a/changes/23095-host-sw-scroll
+++ /dev/null
@@ -1 +0,0 @@
-- Restore the user's previous scroll, if any, when they change the filter on the host software table.
diff --git a/changes/23158-turn-off-windows-mdm-err b/changes/23158-turn-off-windows-mdm-err
deleted file mode 100644
index 4bc7d28c8e..0000000000
--- a/changes/23158-turn-off-windows-mdm-err
+++ /dev/null
@@ -1 +0,0 @@
-- Adds a clearer error message when users attempt to turn MDM off on a Windows host.
\ No newline at end of file
diff --git a/changes/23234-bug-fix b/changes/23234-bug-fix
deleted file mode 100644
index c38071cd81..0000000000
--- a/changes/23234-bug-fix
+++ /dev/null
@@ -1,2 +0,0 @@
-- Add App Store app UI: Added different empty state when VPP token is not added at all vs. when it's
- not assigned to a team to prevent confusion.
diff --git a/changes/23305-team-admin-tma b/changes/23305-team-admin-tma
deleted file mode 100644
index 17b4bdeddb..0000000000
--- a/changes/23305-team-admin-tma
+++ /dev/null
@@ -1 +0,0 @@
-* Fixed missing read permission for team maintainers and admins on Fleet maintained apps
diff --git a/changes/23404-pagination b/changes/23404-pagination
deleted file mode 100644
index 912714fb9d..0000000000
--- a/changes/23404-pagination
+++ /dev/null
@@ -1 +0,0 @@
-- Fixes a bug with pagination in the profiles and scripts lists.
\ No newline at end of file
diff --git a/changes/23458-additional-stats b/changes/23458-additional-stats
deleted file mode 100644
index 73587d4def..0000000000
--- a/changes/23458-additional-stats
+++ /dev/null
@@ -1 +0,0 @@
-- Added additional statistics item for number of saved queries
diff --git a/changes/23462-show-windows-mdm-wstep-options b/changes/23462-show-windows-mdm-wstep-options
deleted file mode 100644
index 8df6b93139..0000000000
--- a/changes/23462-show-windows-mdm-wstep-options
+++ /dev/null
@@ -1 +0,0 @@
-- Display Windows MDM WSTEP flags in `fleet --help`.
diff --git a/changes/23488-host-duplicate-queries b/changes/23488-host-duplicate-queries
deleted file mode 100644
index 7aad235231..0000000000
--- a/changes/23488-host-duplicate-queries
+++ /dev/null
@@ -1 +0,0 @@
-* Fix duplicate queries in query stats list in host details
diff --git a/changes/23621-unlock-text b/changes/23621-unlock-text
deleted file mode 100644
index 6715062fdf..0000000000
--- a/changes/23621-unlock-text
+++ /dev/null
@@ -1 +0,0 @@
-- Fixes an issue with the copy for the activity generated by viewing a locked macOS host's PIN.
\ No newline at end of file
diff --git a/changes/23679-optimize-software-versions b/changes/23679-optimize-software-versions
deleted file mode 100644
index 52eb3d7bd5..0000000000
--- a/changes/23679-optimize-software-versions
+++ /dev/null
@@ -1 +0,0 @@
-* Added `without_vulnerability_details` to software versions endpoint (/api/latest/fleet/software/versions) so CVE details can be truncated when on Fleet Premium
\ No newline at end of file
diff --git a/changes/23686-update-zoom b/changes/23686-update-zoom
deleted file mode 100644
index 5a4dace779..0000000000
--- a/changes/23686-update-zoom
+++ /dev/null
@@ -1,2 +0,0 @@
-- Replaces Zoom Fleet-maintained app with Zoom for IT, which does not open any windows during
- installation.
\ No newline at end of file
diff --git a/changes/23733-apple-app-store-icons b/changes/23733-apple-app-store-icons
deleted file mode 100644
index f9b062ff82..0000000000
--- a/changes/23733-apple-app-store-icons
+++ /dev/null
@@ -1 +0,0 @@
-- Fleet UI: Remove image borders that are included in Apple's app store icons
diff --git a/changes/23749-fix-learn-more-link b/changes/23749-fix-learn-more-link
deleted file mode 100644
index d10d50f701..0000000000
--- a/changes/23749-fix-learn-more-link
+++ /dev/null
@@ -1 +0,0 @@
-- Fleet UI: Fix learn more about JIT provisioning link
diff --git a/changes/23758-use-fleethttp-client-for-apns-push-notifications b/changes/23758-use-fleethttp-client-for-apns-push-notifications
deleted file mode 100644
index 08a6eebba6..0000000000
--- a/changes/23758-use-fleethttp-client-for-apns-push-notifications
+++ /dev/null
@@ -1 +0,0 @@
-* Fixed a bug where the HTTP client used for MDM APNs push notifications did not support using a configured proxy.
diff --git a/changes/23760-pkcs8-apns-key b/changes/23760-pkcs8-apns-key
deleted file mode 100644
index b1e16cbf4c..0000000000
--- a/changes/23760-pkcs8-apns-key
+++ /dev/null
@@ -1 +0,0 @@
-Allow APNS key to be in unencrypted PKCS8 format, which may happen when migrating from another MDM.
diff --git a/changes/23787-script-name b/changes/23787-script-name
deleted file mode 100644
index af50855bad..0000000000
--- a/changes/23787-script-name
+++ /dev/null
@@ -1,2 +0,0 @@
-- Fixes a bug where the name of the setup experience script was not showing up in the activity for
- that script execution.
\ No newline at end of file
diff --git a/changes/23816-profile-stuck-pending b/changes/23816-profile-stuck-pending
deleted file mode 100644
index 92171e24af..0000000000
--- a/changes/23816-profile-stuck-pending
+++ /dev/null
@@ -1 +0,0 @@
-Added cleanup job to delete stuck pending Apple profiles, and requeue them.
diff --git a/changes/23832-select-nano_enrollment_queue b/changes/23832-select-nano_enrollment_queue
deleted file mode 100644
index 5ae116326e..0000000000
--- a/changes/23832-select-nano_enrollment_queue
+++ /dev/null
@@ -1 +0,0 @@
-Improved MDM `SELECT FROM nano_enrollment_queue` MySQL query performance, including calling it on DB reader much of the time.
diff --git a/changes/23834-improve-label-flag-validation b/changes/23834-improve-label-flag-validation
deleted file mode 100644
index 5d8d8e4b0a..0000000000
--- a/changes/23834-improve-label-flag-validation
+++ /dev/null
@@ -1 +0,0 @@
-* Improved label validation when running live queries. Previously, when passing label(s) that do not exist, the labels were ignored. Now, an error is returned indicating which labels were not found. This change affects both the API and `fleetctl query` command.
\ No newline at end of file
diff --git a/changes/23880-fleet-ctl-label-docs b/changes/23880-fleet-ctl-label-docs
deleted file mode 100644
index 870b424a05..0000000000
--- a/changes/23880-fleet-ctl-label-docs
+++ /dev/null
@@ -1 +0,0 @@
-* Added better documentation around how the --label flag works in the fleetctl query command.
\ No newline at end of file
diff --git a/changes/23893-fix-docker-fleetctl b/changes/23893-fix-docker-fleetctl
deleted file mode 100644
index 3d68bd2540..0000000000
--- a/changes/23893-fix-docker-fleetctl
+++ /dev/null
@@ -1 +0,0 @@
-* Fixed bug in `fleetdm/fleetctl` docker image where the `build` directory does not exist when generating deb/rpm packages.
diff --git a/changes/23905-update-nanomdm b/changes/23905-update-nanomdm
deleted file mode 100644
index 5399590bdc..0000000000
--- a/changes/23905-update-nanomdm
+++ /dev/null
@@ -1 +0,0 @@
-Update nanomdm dependency with latest bug fixes and improvements.
diff --git a/changes/23942-wrong-link b/changes/23942-wrong-link
deleted file mode 100644
index f7ac167582..0000000000
--- a/changes/23942-wrong-link
+++ /dev/null
@@ -1 +0,0 @@
-- Updates a link in the Fleet-maintained apps UI to point to the correct place.
\ No newline at end of file
diff --git a/changes/23967-doc-firefox_preferences-linux-windows b/changes/23967-doc-firefox_preferences-linux-windows
deleted file mode 100644
index 3faa0f6980..0000000000
--- a/changes/23967-doc-firefox_preferences-linux-windows
+++ /dev/null
@@ -1 +0,0 @@
-* doc: document firefox_preferences table for Linux and Windows platforms
diff --git a/changes/24009-gh-translation b/changes/24009-gh-translation
deleted file mode 100644
index 103bd7b6eb..0000000000
--- a/changes/24009-gh-translation
+++ /dev/null
@@ -1 +0,0 @@
-* Fixed an issue where the github cli software name was not matching against the cpe vulnerability name
\ No newline at end of file
diff --git a/changes/24024-bypass-setup-experience-if-empty b/changes/24024-bypass-setup-experience-if-empty
deleted file mode 100644
index 319df88c1c..0000000000
--- a/changes/24024-bypass-setup-experience-if-empty
+++ /dev/null
@@ -1,2 +0,0 @@
-* Bypass the setup experience UI if there is no setup experience item to process (no software to install, no script to execute), so that releasing the device is done without going through that window.
-* Fixed releasing a DEP-enrolled macOS device if mTLS is configured for `fleetd`.
diff --git a/changes/24093-clear-policy-automation b/changes/24093-clear-policy-automation
deleted file mode 100644
index 4d77791615..0000000000
--- a/changes/24093-clear-policy-automation
+++ /dev/null
@@ -1 +0,0 @@
-- Fleet UI: Fix ability to clear policy automation that empties webhook URL
diff --git a/changes/24109-drop-duplicate-indexes b/changes/24109-drop-duplicate-indexes
deleted file mode 100644
index df813981a4..0000000000
--- a/changes/24109-drop-duplicate-indexes
+++ /dev/null
@@ -1 +0,0 @@
-Removed duplicate indexes from the database schema.
diff --git a/changes/24186-fix-missing-spinner-for-delete-modal b/changes/24186-fix-missing-spinner-for-delete-modal
deleted file mode 100644
index eddc780a5a..0000000000
--- a/changes/24186-fix-missing-spinner-for-delete-modal
+++ /dev/null
@@ -1,2 +0,0 @@
-- Added missing loading spinner for delete modals (delete configuration profile, delete script,
-delete setup script and delete software).
\ No newline at end of file
diff --git a/changes/24248-host-details-encryption-banner b/changes/24248-host-details-encryption-banner
deleted file mode 100644
index 7de5934177..0000000000
--- a/changes/24248-host-details-encryption-banner
+++ /dev/null
@@ -1,2 +0,0 @@
-* Only show the "follow instructions on My device" banner for Linux hosts whose disks are encrypted
-but for which Fleet hasn't escrowed a valid key.
diff --git a/changes/24288-mdm-gitops-role b/changes/24288-mdm-gitops-role
deleted file mode 100644
index 2d04811311..0000000000
--- a/changes/24288-mdm-gitops-role
+++ /dev/null
@@ -1 +0,0 @@
-Fixed breaking with gitops user role running `fleetctl gitops` command when MDM is enabled.
diff --git a/changes/24321-exclude-custom-source-without-email b/changes/24321-exclude-custom-source-without-email
deleted file mode 100644
index f0c33e9c38..0000000000
--- a/changes/24321-exclude-custom-source-without-email
+++ /dev/null
@@ -1,2 +0,0 @@
-- Exclude any custom sourced "users" from the host details "used by" display if Fleet doesn't have
- an email for them.
diff --git a/changes/24337-fix-activity b/changes/24337-fix-activity
deleted file mode 100644
index c29ac7c72e..0000000000
--- a/changes/24337-fix-activity
+++ /dev/null
@@ -1 +0,0 @@
-- Fixes a bug that would add "Fleet" to activities where it shouldn't be
\ No newline at end of file
diff --git a/changes/24363-fancy-log-destination b/changes/24363-fancy-log-destination
deleted file mode 100644
index 9f6a784482..0000000000
--- a/changes/24363-fancy-log-destination
+++ /dev/null
@@ -1 +0,0 @@
-* Present a nicely formatted and more informative UI for log destination in two places.
diff --git a/changes/24487-host-software-actions b/changes/24487-host-software-actions
deleted file mode 100644
index f98664612a..0000000000
--- a/changes/24487-host-software-actions
+++ /dev/null
@@ -1,2 +0,0 @@
-- Fixed UI bug where "Actions" dropdown on host software page included "Install" and "Uninstall"
- options for software that is not able to be installed via Fleet.
diff --git a/changes/24509-fma-no-team b/changes/24509-fma-no-team
deleted file mode 100644
index 64fa83bc92..0000000000
--- a/changes/24509-fma-no-team
+++ /dev/null
@@ -1 +0,0 @@
-* Allowed calling `/api/v1/fleet/software/fleet_maintained_apps` with no team ID to retrieve the full global list of maintained apps
diff --git a/changes/24636-UI-redirect-for-invalid-url-param b/changes/24636-UI-redirect-for-invalid-url-param
deleted file mode 100644
index 6bd50ab9ab..0000000000
--- a/changes/24636-UI-redirect-for-invalid-url-param
+++ /dev/null
@@ -1 +0,0 @@
-* Redirect when user provides an invalid URL param for fleet-maintained software id
diff --git a/changes/24771-mdm-deadlock-fixes b/changes/24771-mdm-deadlock-fixes
deleted file mode 100644
index 7085766833..0000000000
--- a/changes/24771-mdm-deadlock-fixes
+++ /dev/null
@@ -1 +0,0 @@
-Fixed potential deadlocks when deploying Apple configuration profiles.
diff --git a/changes/email-font-inter b/changes/email-font-inter
deleted file mode 100644
index b7700d58c2..0000000000
--- a/changes/email-font-inter
+++ /dev/null
@@ -1 +0,0 @@
-* Switched email template font to Inter to match previous changes in the rest of the UI
\ No newline at end of file
diff --git a/changes/feat-ui-creat-policies-fleet-apps-title-details b/changes/feat-ui-creat-policies-fleet-apps-title-details
deleted file mode 100644
index e69ff76e18..0000000000
--- a/changes/feat-ui-creat-policies-fleet-apps-title-details
+++ /dev/null
@@ -1 +0,0 @@
-- Adds functionality for creating an automatic install policy for Fleet-maintained apps
\ No newline at end of file
diff --git a/changes/jve-fix-typo b/changes/jve-fix-typo
deleted file mode 100644
index 79379dadc5..0000000000
--- a/changes/jve-fix-typo
+++ /dev/null
@@ -1 +0,0 @@
-- Fixes a typo in the loading modal when adding a Fleet-maintained app.
\ No newline at end of file
diff --git a/changes/update-go1.23.4 b/changes/update-go1.23.4
deleted file mode 100644
index 15f4d16b94..0000000000
--- a/changes/update-go1.23.4
+++ /dev/null
@@ -1 +0,0 @@
-* Updated Go version to 1.23.4
diff --git a/charts/fleet/Chart.yaml b/charts/fleet/Chart.yaml
index c8e2ee9e5d..b258d1c234 100644
--- a/charts/fleet/Chart.yaml
+++ b/charts/fleet/Chart.yaml
@@ -8,7 +8,7 @@ version: v6.3.0
home: https://github.com/fleetdm/fleet
sources:
- https://github.com/fleetdm/fleet.git
-appVersion: v4.60.1
+appVersion: v4.61.0
dependencies:
- name: mysql
condition: mysql.enabled
diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml
index 936939ac57..4d7aa08855 100644
--- a/charts/fleet/values.yaml
+++ b/charts/fleet/values.yaml
@@ -3,7 +3,7 @@
hostName: fleet.localhost
replicas: 3 # The number of Fleet instances to deploy
imageRepository: fleetdm/fleet
-imageTag: v4.60.1 # Version of Fleet to deploy
+imageTag: v4.61.0 # Version of Fleet to deploy
podAnnotations: {} # Additional annotations to add to the Fleet pod
serviceAnnotations: {} # Additional annotations to add to the Fleet service
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
diff --git a/infrastructure/dogfood/terraform/aws/variables.tf b/infrastructure/dogfood/terraform/aws/variables.tf
index 896e7474e7..922b0aca5b 100644
--- a/infrastructure/dogfood/terraform/aws/variables.tf
+++ b/infrastructure/dogfood/terraform/aws/variables.tf
@@ -56,7 +56,7 @@ variable "database_name" {
variable "fleet_image" {
description = "the name of the container image to run"
- default = "fleetdm/fleet:v4.60.1"
+ default = "fleetdm/fleet:v4.61.0"
}
variable "software_inventory" {
diff --git a/infrastructure/dogfood/terraform/gcp/variables.tf b/infrastructure/dogfood/terraform/gcp/variables.tf
index eb0391b392..ad04cc1351 100644
--- a/infrastructure/dogfood/terraform/gcp/variables.tf
+++ b/infrastructure/dogfood/terraform/gcp/variables.tf
@@ -68,7 +68,7 @@ variable "redis_mem" {
}
variable "image" {
- default = "fleetdm/fleet:v4.60.1"
+ default = "fleetdm/fleet:v4.61.0"
}
variable "software_installers_bucket_name" {
diff --git a/infrastructure/guardduty/.terraform.lock.hcl b/infrastructure/guardduty/.terraform.lock.hcl
index 1f3b9a6b84..7f09debdb2 100644
--- a/infrastructure/guardduty/.terraform.lock.hcl
+++ b/infrastructure/guardduty/.terraform.lock.hcl
@@ -2,8 +2,8 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
- version = "4.60.1"
- constraints = ">= 3.0.0, >= 4.8.0, >= 4.9.0, ~> 4.60.1"
+ version = "4.61.0"
+ constraints = ">= 3.0.0, >= 4.8.0, >= 4.9.0, ~> 4.61.0"
hashes = [
"h1:fuIdjl9f2JEH0TLoq5kc9NIPbJAAV7YBbZ8fvNp5XSg=",
"zh:0341a460210463a0bebd5c12ce13dc49bd8cae2399b215418c5efa607fed84e4",
diff --git a/infrastructure/guardduty/main.tf b/infrastructure/guardduty/main.tf
index a68123626f..da8fefa70b 100644
--- a/infrastructure/guardduty/main.tf
+++ b/infrastructure/guardduty/main.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.60.1"
+ version = "~> 4.61.0"
}
}
backend "s3" {
diff --git a/infrastructure/infrastructure/cloudtrail/main.tf b/infrastructure/infrastructure/cloudtrail/main.tf
index a8232723e7..f5060a0730 100644
--- a/infrastructure/infrastructure/cloudtrail/main.tf
+++ b/infrastructure/infrastructure/cloudtrail/main.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.60.1"
+ version = "~> 4.61.0"
}
}
backend "s3" {
diff --git a/infrastructure/infrastructure/elastic-agent/.terraform.lock.hcl b/infrastructure/infrastructure/elastic-agent/.terraform.lock.hcl
index 3bf60fe7cc..88f2847595 100644
--- a/infrastructure/infrastructure/elastic-agent/.terraform.lock.hcl
+++ b/infrastructure/infrastructure/elastic-agent/.terraform.lock.hcl
@@ -2,8 +2,8 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
- version = "4.60.1"
- constraints = ">= 3.63.0, ~> 4.60.1"
+ version = "4.61.0"
+ constraints = ">= 3.63.0, ~> 4.61.0"
hashes = [
"h1:fuIdjl9f2JEH0TLoq5kc9NIPbJAAV7YBbZ8fvNp5XSg=",
"zh:0341a460210463a0bebd5c12ce13dc49bd8cae2399b215418c5efa607fed84e4",
diff --git a/infrastructure/infrastructure/elastic-agent/main.tf b/infrastructure/infrastructure/elastic-agent/main.tf
index 383fd562cf..fdaa05002c 100644
--- a/infrastructure/infrastructure/elastic-agent/main.tf
+++ b/infrastructure/infrastructure/elastic-agent/main.tf
@@ -20,7 +20,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.60.1"
+ version = "~> 4.61.0"
}
}
backend "s3" {
diff --git a/infrastructure/infrastructure/guardduty-alerts/.terraform.lock.hcl b/infrastructure/infrastructure/guardduty-alerts/.terraform.lock.hcl
index 1f3b9a6b84..7f09debdb2 100644
--- a/infrastructure/infrastructure/guardduty-alerts/.terraform.lock.hcl
+++ b/infrastructure/infrastructure/guardduty-alerts/.terraform.lock.hcl
@@ -2,8 +2,8 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
- version = "4.60.1"
- constraints = ">= 3.0.0, >= 4.8.0, >= 4.9.0, ~> 4.60.1"
+ version = "4.61.0"
+ constraints = ">= 3.0.0, >= 4.8.0, >= 4.9.0, ~> 4.61.0"
hashes = [
"h1:fuIdjl9f2JEH0TLoq5kc9NIPbJAAV7YBbZ8fvNp5XSg=",
"zh:0341a460210463a0bebd5c12ce13dc49bd8cae2399b215418c5efa607fed84e4",
diff --git a/infrastructure/infrastructure/guardduty-alerts/main.tf b/infrastructure/infrastructure/guardduty-alerts/main.tf
index d39ad9e181..57e1adadc2 100644
--- a/infrastructure/infrastructure/guardduty-alerts/main.tf
+++ b/infrastructure/infrastructure/guardduty-alerts/main.tf
@@ -15,7 +15,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.60.1"
+ version = "~> 4.61.0"
}
}
backend "s3" {
diff --git a/infrastructure/infrastructure/spend_alerts/main.tf b/infrastructure/infrastructure/spend_alerts/main.tf
index 2038221634..ed97ff3476 100644
--- a/infrastructure/infrastructure/spend_alerts/main.tf
+++ b/infrastructure/infrastructure/spend_alerts/main.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.60.1"
+ version = "~> 4.61.0"
}
}
backend "s3" {
diff --git a/terraform/addons/ses/README.md b/terraform/addons/ses/README.md
index b5db474f49..b18947647d 100644
--- a/terraform/addons/ses/README.md
+++ b/terraform/addons/ses/README.md
@@ -9,7 +9,7 @@ No requirements.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.66.0 |
+| [aws](#provider\_aws) | 4.61.0 |
## Modules
diff --git a/terraform/addons/vuln-processing/variables.tf b/terraform/addons/vuln-processing/variables.tf
index b1c9aec6bd..d9fd4e46fa 100644
--- a/terraform/addons/vuln-processing/variables.tf
+++ b/terraform/addons/vuln-processing/variables.tf
@@ -24,7 +24,7 @@ variable "fleet_config" {
vuln_processing_cpu = optional(number, 2048)
vuln_data_stream_mem = optional(number, 1024)
vuln_data_stream_cpu = optional(number, 512)
- image = optional(string, "fleetdm/fleet:v4.60.1")
+ image = optional(string, "fleetdm/fleet:v4.61.0")
family = optional(string, "fleet-vuln-processing")
sidecars = optional(list(any), [])
extra_environment_variables = optional(map(string), {})
@@ -82,7 +82,7 @@ variable "fleet_config" {
vuln_processing_cpu = 2048
vuln_data_stream_mem = 1024
vuln_data_stream_cpu = 512
- image = "fleetdm/fleet:v4.60.1"
+ image = "fleetdm/fleet:v4.61.0"
family = "fleet-vuln-processing"
sidecars = []
extra_environment_variables = {}
diff --git a/terraform/byo-vpc/byo-db/README.md b/terraform/byo-vpc/byo-db/README.md
index ae4f596bbb..14ea8baf47 100644
--- a/terraform/byo-vpc/byo-db/README.md
+++ b/terraform/byo-vpc/byo-db/README.md
@@ -6,7 +6,7 @@ No requirements.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.60.1 |
+| [aws](#provider\_aws) | 4.61.0 |
## Modules
diff --git a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf
index ddebead667..73477bd34a 100644
--- a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf
+++ b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf
@@ -16,7 +16,7 @@ variable "fleet_config" {
mem = optional(number, 4096)
cpu = optional(number, 512)
pid_mode = optional(string, null)
- image = optional(string, "fleetdm/fleet:v4.60.1")
+ image = optional(string, "fleetdm/fleet:v4.61.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
@@ -119,7 +119,7 @@ variable "fleet_config" {
mem = 512
cpu = 256
pid_mode = null
- image = "fleetdm/fleet:v4.60.1"
+ image = "fleetdm/fleet:v4.61.0"
family = "fleet"
sidecars = []
depends_on = []
diff --git a/terraform/byo-vpc/byo-db/variables.tf b/terraform/byo-vpc/byo-db/variables.tf
index 13187e7069..38fffa6e7b 100644
--- a/terraform/byo-vpc/byo-db/variables.tf
+++ b/terraform/byo-vpc/byo-db/variables.tf
@@ -77,7 +77,7 @@ variable "fleet_config" {
mem = optional(number, 4096)
cpu = optional(number, 512)
pid_mode = optional(string, null)
- image = optional(string, "fleetdm/fleet:v4.60.1")
+ image = optional(string, "fleetdm/fleet:v4.61.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
@@ -205,7 +205,7 @@ variable "fleet_config" {
mem = 512
cpu = 256
pid_mode = null
- image = "fleetdm/fleet:v4.60.1"
+ image = "fleetdm/fleet:v4.61.0"
family = "fleet"
sidecars = []
depends_on = []
diff --git a/terraform/byo-vpc/example/main.tf b/terraform/byo-vpc/example/main.tf
index 4acb7e7be8..4e147d5ada 100644
--- a/terraform/byo-vpc/example/main.tf
+++ b/terraform/byo-vpc/example/main.tf
@@ -17,7 +17,7 @@ provider "aws" {
}
locals {
- fleet_image = "fleetdm/fleet:v4.60.1"
+ fleet_image = "fleetdm/fleet:v4.61.0"
domain_name = "example.com"
}
diff --git a/terraform/byo-vpc/variables.tf b/terraform/byo-vpc/variables.tf
index e31a0265be..415ec25710 100644
--- a/terraform/byo-vpc/variables.tf
+++ b/terraform/byo-vpc/variables.tf
@@ -170,7 +170,7 @@ variable "fleet_config" {
mem = optional(number, 4096)
cpu = optional(number, 512)
pid_mode = optional(string, null)
- image = optional(string, "fleetdm/fleet:v4.60.1")
+ image = optional(string, "fleetdm/fleet:v4.61.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
@@ -298,7 +298,7 @@ variable "fleet_config" {
mem = 512
cpu = 256
pid_mode = null
- image = "fleetdm/fleet:v4.60.1"
+ image = "fleetdm/fleet:v4.61.0"
family = "fleet"
sidecars = []
depends_on = []
diff --git a/terraform/example/main.tf b/terraform/example/main.tf
index 245d2744db..e5355fd09f 100644
--- a/terraform/example/main.tf
+++ b/terraform/example/main.tf
@@ -63,8 +63,8 @@ module "fleet" {
fleet_config = {
# To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror
- # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.60.1"
- image = "fleetdm/fleet:v4.60.1" # override default to deploy the image you desire
+ # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.61.0"
+ image = "fleetdm/fleet:v4.61.0" # override default to deploy the image you desire
# See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling
# memory and cpu.
autoscaling = {
diff --git a/terraform/variables.tf b/terraform/variables.tf
index fcf0f4b4f4..f3722ca3de 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -218,7 +218,7 @@ variable "fleet_config" {
mem = optional(number, 4096)
cpu = optional(number, 512)
pid_mode = optional(string, null)
- image = optional(string, "fleetdm/fleet:v4.60.1")
+ image = optional(string, "fleetdm/fleet:v4.61.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
@@ -346,7 +346,7 @@ variable "fleet_config" {
mem = 512
cpu = 256
pid_mode = null
- image = "fleetdm/fleet:v4.60.1"
+ image = "fleetdm/fleet:v4.61.0"
family = "fleet"
sidecars = []
depends_on = []
diff --git a/tools/fleetctl-npm/package.json b/tools/fleetctl-npm/package.json
index b2656c5e62..9a9422bad4 100644
--- a/tools/fleetctl-npm/package.json
+++ b/tools/fleetctl-npm/package.json
@@ -1,6 +1,6 @@
{
"name": "fleetctl",
- "version": "v4.60.1",
+ "version": "v4.61.0",
"description": "Installer for the fleetctl CLI tool",
"bin": {
"fleetctl": "./run.js"
diff --git a/tools/release/publish_release.sh b/tools/release/publish_release.sh
index 3757432b47..9e4f164366 100755
--- a/tools/release/publish_release.sh
+++ b/tools/release/publish_release.sh
@@ -337,7 +337,7 @@ general_announce_info() {
fi
# TODO Publish Linkedin post about release article here and save url
- linkedin_post_url=""
+ linkedin_post_url="https://www.linkedin.com/feed/update/urn:li:activity:7274913563989721088"
fi
echo "========================================================================="
echo "Update osquery Slack Fleet channel topic to say the correct version $next_ver"
From d79e26d488a52fad538f3b884067de5718dc79c8 Mon Sep 17 00:00:00 2001
From: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
Date: Thu, 19 Dec 2024 10:30:17 -0600
Subject: [PATCH 5/6] Added multi-platform software to Workstations (canary)
team (#24864)
---
it-and-security/lib/all/queries/collect-usb-devices.yml | 2 +-
.../lib/all/queries/collect-vs-code-extensions.yml | 2 +-
.../queries/{all-debian-hosts.yml => all-deb-hosts.yml} | 2 +-
it-and-security/lib/linux/queries/all-rpm-hosts.yml | 6 ++++++
it-and-security/lib/linux/software/slack-deb.yml | 4 ++++
it-and-security/lib/linux/software/slack-rpm.yml | 4 ++++
.../lib/linux/software/{zoom.yml => zoom-deb.yml} | 2 +-
it-and-security/lib/linux/software/zoom-rpm.yml | 4 ++++
.../lib/macos/queries/check-if-apple-silicon.yml | 2 +-
.../lib/macos/queries/collect-failed-login-attempts.yml | 2 +-
.../macos/queries/collect-software-permissions-system.yml | 2 +-
.../macos/queries/collect-software-permissions-user.yml | 2 +-
it-and-security/lib/macos/software/google-chrome.yml | 2 +-
it-and-security/lib/macos/software/zoom.yml | 2 +-
it-and-security/lib/windows/policies/device-health.yml | 2 +-
it-and-security/lib/windows/queries/all-arm-hosts.yml | 7 +++++++
it-and-security/lib/windows/queries/all-x86-hosts.yml | 7 +++++++
.../lib/windows/queries/collect-windows-defender.yml | 3 ++-
it-and-security/lib/windows/software/google-chrome.yml | 2 ++
it-and-security/lib/windows/software/slack.yml | 5 +++++
it-and-security/lib/windows/software/zoom-arm.yml | 5 +++++
it-and-security/lib/windows/software/zoom.yml | 5 +++++
it-and-security/teams/compliance-exclusions.yml | 5 ++++-
it-and-security/teams/workstations-canary.yml | 5 ++++-
24 files changed, 70 insertions(+), 14 deletions(-)
rename it-and-security/lib/linux/queries/{all-debian-hosts.yml => all-deb-hosts.yml} (85%)
create mode 100644 it-and-security/lib/linux/queries/all-rpm-hosts.yml
create mode 100644 it-and-security/lib/linux/software/slack-deb.yml
create mode 100644 it-and-security/lib/linux/software/slack-rpm.yml
rename it-and-security/lib/linux/software/{zoom.yml => zoom-deb.yml} (70%)
create mode 100644 it-and-security/lib/linux/software/zoom-rpm.yml
create mode 100644 it-and-security/lib/windows/queries/all-arm-hosts.yml
create mode 100644 it-and-security/lib/windows/queries/all-x86-hosts.yml
create mode 100644 it-and-security/lib/windows/software/google-chrome.yml
create mode 100644 it-and-security/lib/windows/software/slack.yml
create mode 100644 it-and-security/lib/windows/software/zoom-arm.yml
create mode 100644 it-and-security/lib/windows/software/zoom.yml
diff --git a/it-and-security/lib/all/queries/collect-usb-devices.yml b/it-and-security/lib/all/queries/collect-usb-devices.yml
index 4ca858ce49..cad8c1d3b9 100644
--- a/it-and-security/lib/all/queries/collect-usb-devices.yml
+++ b/it-and-security/lib/all/queries/collect-usb-devices.yml
@@ -7,4 +7,4 @@
min_osquery_version: ""
observer_can_run: true
platform: darwin,linux
- query: SELECT model, vendor FROM usb_devices;
\ No newline at end of file
+ query: SELECT model, vendor FROM usb_devices;
diff --git a/it-and-security/lib/all/queries/collect-vs-code-extensions.yml b/it-and-security/lib/all/queries/collect-vs-code-extensions.yml
index 97dfa04547..36aae91599 100644
--- a/it-and-security/lib/all/queries/collect-vs-code-extensions.yml
+++ b/it-and-security/lib/all/queries/collect-vs-code-extensions.yml
@@ -9,4 +9,4 @@
observer_can_run: false
platform: darwin,linux,windows
query: SELECT extension.name, extension.publisher, extension.version FROM users
- JOIN vscode_extensions extension USING (uid);
\ No newline at end of file
+ JOIN vscode_extensions extension USING (uid);
diff --git a/it-and-security/lib/linux/queries/all-debian-hosts.yml b/it-and-security/lib/linux/queries/all-deb-hosts.yml
similarity index 85%
rename from it-and-security/lib/linux/queries/all-debian-hosts.yml
rename to it-and-security/lib/linux/queries/all-deb-hosts.yml
index 3e3198cfbf..c744d81c2e 100644
--- a/it-and-security/lib/linux/queries/all-debian-hosts.yml
+++ b/it-and-security/lib/linux/queries/all-deb-hosts.yml
@@ -3,4 +3,4 @@ kind: query
spec:
name: All debian hosts
query: SELECT * FROM os_version WHERE platform_like = 'debian';
- platform: "darwin"
\ No newline at end of file
+ platform: "darwin"
diff --git a/it-and-security/lib/linux/queries/all-rpm-hosts.yml b/it-and-security/lib/linux/queries/all-rpm-hosts.yml
new file mode 100644
index 0000000000..1b8ee81866
--- /dev/null
+++ b/it-and-security/lib/linux/queries/all-rpm-hosts.yml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: query
+spec:
+ name: All rpm hosts
+ query: SELECT * FROM os_version WHERE platform_like = 'rhel';
+ platform: "darwin"
diff --git a/it-and-security/lib/linux/software/slack-deb.yml b/it-and-security/lib/linux/software/slack-deb.yml
new file mode 100644
index 0000000000..740ab17925
--- /dev/null
+++ b/it-and-security/lib/linux/software/slack-deb.yml
@@ -0,0 +1,4 @@
+url: https://downloads.slack-edge.com/desktop-releases/linux/x64/4.41.105/slack-desktop-4.41.105-amd64.deb
+self-service: true
+pre_install_query:
+ path: ../queries/all-deb-hosts.yml
diff --git a/it-and-security/lib/linux/software/slack-rpm.yml b/it-and-security/lib/linux/software/slack-rpm.yml
new file mode 100644
index 0000000000..0e6067d282
--- /dev/null
+++ b/it-and-security/lib/linux/software/slack-rpm.yml
@@ -0,0 +1,4 @@
+url: https://downloads.slack-edge.com/desktop-releases/linux/x64/4.41.105/slack-4.41.105-0.1.el8.x86_64.rpm
+self-service: true
+pre_install_query:
+ path: ../queries/all-rpm-hosts.yml
diff --git a/it-and-security/lib/linux/software/zoom.yml b/it-and-security/lib/linux/software/zoom-deb.yml
similarity index 70%
rename from it-and-security/lib/linux/software/zoom.yml
rename to it-and-security/lib/linux/software/zoom-deb.yml
index fcb90c57d4..d79ee558c3 100644
--- a/it-and-security/lib/linux/software/zoom.yml
+++ b/it-and-security/lib/linux/software/zoom-deb.yml
@@ -1,4 +1,4 @@
url: https://zoom.us/client/6.2.11.5069/zoom_amd64.deb
self-service: true
pre_install_query:
- path: ../queries/all-debian-hosts.yml
\ No newline at end of file
+ path: ../queries/all-deb-hosts.yml
diff --git a/it-and-security/lib/linux/software/zoom-rpm.yml b/it-and-security/lib/linux/software/zoom-rpm.yml
new file mode 100644
index 0000000000..1f331cab29
--- /dev/null
+++ b/it-and-security/lib/linux/software/zoom-rpm.yml
@@ -0,0 +1,4 @@
+url: https://zoom.us/client/6.3.0.5527/zoom_x86_64.rpm
+self-service: true
+pre_install_query:
+ path: ../queries/all-rpm-hosts.yml
diff --git a/it-and-security/lib/macos/queries/check-if-apple-silicon.yml b/it-and-security/lib/macos/queries/check-if-apple-silicon.yml
index 558fa08ca8..841d30f565 100644
--- a/it-and-security/lib/macos/queries/check-if-apple-silicon.yml
+++ b/it-and-security/lib/macos/queries/check-if-apple-silicon.yml
@@ -3,4 +3,4 @@ kind: query
spec:
name: Check if Mac has Apple silicon
query: SELECT 1 FROM system_info WHERE cpu_type = "arm64e";
- platform: "darwin"
\ No newline at end of file
+ platform: "darwin"
diff --git a/it-and-security/lib/macos/queries/collect-failed-login-attempts.yml b/it-and-security/lib/macos/queries/collect-failed-login-attempts.yml
index f3b461b5ec..2adfb7982b 100644
--- a/it-and-security/lib/macos/queries/collect-failed-login-attempts.yml
+++ b/it-and-security/lib/macos/queries/collect-failed-login-attempts.yml
@@ -11,4 +11,4 @@
platform: "darwin"
query: SELECT users.username, account_policy_data.failed_login_count, account_policy_data.failed_login_timestamp
FROM users INNER JOIN account_policy_data using (uid) WHERE account_policy_data.failed_login_count
- > 0;
\ No newline at end of file
+ > 0;
diff --git a/it-and-security/lib/macos/queries/collect-software-permissions-system.yml b/it-and-security/lib/macos/queries/collect-software-permissions-system.yml
index 0f576ffcf7..ac3b848bd1 100644
--- a/it-and-security/lib/macos/queries/collect-software-permissions-system.yml
+++ b/it-and-security/lib/macos/queries/collect-software-permissions-system.yml
@@ -2,4 +2,4 @@
description: "Research for #16899"
query: SELECT * from tcc_system;
interval: 3600 # 1 hour
- platform: darwin
\ No newline at end of file
+ platform: darwin
diff --git a/it-and-security/lib/macos/queries/collect-software-permissions-user.yml b/it-and-security/lib/macos/queries/collect-software-permissions-user.yml
index b8b0e7c75b..93e112a5a6 100644
--- a/it-and-security/lib/macos/queries/collect-software-permissions-user.yml
+++ b/it-and-security/lib/macos/queries/collect-software-permissions-user.yml
@@ -2,4 +2,4 @@
description: "Research for #16899"
query: SELECT * from tcc_user;
interval: 3600 # 1 hour
- platform: darwin
\ No newline at end of file
+ platform: darwin
diff --git a/it-and-security/lib/macos/software/google-chrome.yml b/it-and-security/lib/macos/software/google-chrome.yml
index fb3d1f7be9..54a5ef1fb5 100644
--- a/it-and-security/lib/macos/software/google-chrome.yml
+++ b/it-and-security/lib/macos/software/google-chrome.yml
@@ -1,2 +1,2 @@
url: https://dl.google.com/chrome/mac/stable/accept_tos%3Dhttps%253A%252F%252Fwww.google.com%252Fintl%252Fen_ph%252Fchrome%252Fterms%252F%26_and_accept_tos%3Dhttps%253A%252F%252Fpolicies.google.com%252Fterms/googlechrome.pkg
-self_service: true
\ No newline at end of file
+self_service: true
diff --git a/it-and-security/lib/macos/software/zoom.yml b/it-and-security/lib/macos/software/zoom.yml
index 16f557ca45..551944fa4a 100644
--- a/it-and-security/lib/macos/software/zoom.yml
+++ b/it-and-security/lib/macos/software/zoom.yml
@@ -1,2 +1,2 @@
url: https://zoom.us/client/6.2.10.43047/ZoomInstallerIT.pkg
-self_service: true
\ No newline at end of file
+self_service: true
diff --git a/it-and-security/lib/windows/policies/device-health.yml b/it-and-security/lib/windows/policies/device-health.yml
index 40e276caae..2d38928dd5 100644
--- a/it-and-security/lib/windows/policies/device-health.yml
+++ b/it-and-security/lib/windows/policies/device-health.yml
@@ -28,4 +28,4 @@
description: Checks the status of antivirus and signature updates from the Windows Security Center.
resolution: "Ensure Windows Defender or your third-party antivirus is running, up to date, and visible in the Windows Security Center."
platform: windows
-
+
\ No newline at end of file
diff --git a/it-and-security/lib/windows/queries/all-arm-hosts.yml b/it-and-security/lib/windows/queries/all-arm-hosts.yml
new file mode 100644
index 0000000000..a9968eb342
--- /dev/null
+++ b/it-and-security/lib/windows/queries/all-arm-hosts.yml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: query
+spec:
+ name: All ARM hosts
+ query: SELECT * FROM os_version WHERE arch LIKE 'ARM%';
+ platform: "windows"
+
\ No newline at end of file
diff --git a/it-and-security/lib/windows/queries/all-x86-hosts.yml b/it-and-security/lib/windows/queries/all-x86-hosts.yml
new file mode 100644
index 0000000000..ba0b8bbf0c
--- /dev/null
+++ b/it-and-security/lib/windows/queries/all-x86-hosts.yml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: query
+spec:
+ name: All ARM hosts
+ query: SELECT * FROM os_version WHERE arch NOT LIKE 'ARM%';
+ platform: "windows"
+
\ No newline at end of file
diff --git a/it-and-security/lib/windows/queries/collect-windows-defender.yml b/it-and-security/lib/windows/queries/collect-windows-defender.yml
index 739dfcd999..cfa2aa85f1 100644
--- a/it-and-security/lib/windows/queries/collect-windows-defender.yml
+++ b/it-and-security/lib/windows/queries/collect-windows-defender.yml
@@ -7,4 +7,5 @@
min_osquery_version: ""
observer_can_run: true
platform: "windows"
- query: SELECT processes.pid, processes.name, users.username, processes.path, processes.cmdline FROM processes LEFT JOIN users ON processes.uid = users.uid WHERE processes.path != '' AND name LIKE 'MpCmdRun.exe';
\ No newline at end of file
+ query: SELECT processes.pid, processes.name, users.username, processes.path, processes.cmdline FROM processes LEFT JOIN users ON processes.uid = users.uid WHERE processes.path != '' AND name LIKE 'MpCmdRun.exe';
+
\ No newline at end of file
diff --git a/it-and-security/lib/windows/software/google-chrome.yml b/it-and-security/lib/windows/software/google-chrome.yml
new file mode 100644
index 0000000000..82be72dc25
--- /dev/null
+++ b/it-and-security/lib/windows/software/google-chrome.yml
@@ -0,0 +1,2 @@
+url: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B53CCDE8D-FD40-46DE-67E7-61E96CFEFCAA%7D%26lang%3Den%26browser%3D4%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dtrue%26ap%3Dx64-stable-statsdef_0%26brand%3DGCEA/dl/chrome/install/googlechromestandaloneenterprise64.msi
+self-service: true
diff --git a/it-and-security/lib/windows/software/slack.yml b/it-and-security/lib/windows/software/slack.yml
new file mode 100644
index 0000000000..ee4ce40d53
--- /dev/null
+++ b/it-and-security/lib/windows/software/slack.yml
@@ -0,0 +1,5 @@
+url: https://downloads.slack-edge.com/desktop-releases/windows/x64/4.41.105/SlackSetup.exe
+self_service: true
+pre_install_query:
+ path: ../queries/all-x86-hosts.yml
+
\ No newline at end of file
diff --git a/it-and-security/lib/windows/software/zoom-arm.yml b/it-and-security/lib/windows/software/zoom-arm.yml
new file mode 100644
index 0000000000..3a8db75bdf
--- /dev/null
+++ b/it-and-security/lib/windows/software/zoom-arm.yml
@@ -0,0 +1,5 @@
+url: https://zoom.us/client/6.3.0.52884/ZoomInstallerFull.exe?archType=winarm64
+self-service: true
+pre_install_query:
+ path: ../queries/all-arm-hosts.yml
+
\ No newline at end of file
diff --git a/it-and-security/lib/windows/software/zoom.yml b/it-and-security/lib/windows/software/zoom.yml
new file mode 100644
index 0000000000..0c51190a79
--- /dev/null
+++ b/it-and-security/lib/windows/software/zoom.yml
@@ -0,0 +1,5 @@
+url: https://zoom.us/client/6.3.0.52884/ZoomInstallerFull.exe?archType=x64
+self-service: true
+pre_install_query:
+ path: ../queries/all-x86-hosts.yml
+
\ No newline at end of file
diff --git a/it-and-security/teams/compliance-exclusions.yml b/it-and-security/teams/compliance-exclusions.yml
index be1bfa25fb..46c3d1de4c 100644
--- a/it-and-security/teams/compliance-exclusions.yml
+++ b/it-and-security/teams/compliance-exclusions.yml
@@ -32,4 +32,7 @@ policies:
queries:
software:
packages:
- - path: ../lib/linux/software/zoom.yml # Zoom for Ubuntu
\ No newline at end of file
+ - path: ../lib/linux/software/zoom-deb.yml # Zoom for Ubuntu
+ - path: ../lib/linux/software/zoom-rpm.yml # Zoom for RHEL
+ - path: ../lib/linux/software/slack-deb.yml # Zoom for Ubuntu
+ - path: ../lib/linux/software/slack-rpm.yml # Zoom for RHEL
diff --git a/it-and-security/teams/workstations-canary.yml b/it-and-security/teams/workstations-canary.yml
index 902b98f484..f52965dbf3 100644
--- a/it-and-security/teams/workstations-canary.yml
+++ b/it-and-security/teams/workstations-canary.yml
@@ -151,7 +151,10 @@ queries:
software:
packages:
- path: ../lib/macos/software/mozilla-firefox.yml # Mozilla Firefox for MacOS (universal)
- - path: ../lib/linux/software/zoom.yml # Zoom for Ubuntu
+ - path: ../lib/linux/software/zoom-deb.yml # Zoom for Ubuntu
+ - path: ../lib/linux/software/zoom-rpm.yml # Zoom for RedHat
+ - path: ../lib/linux/software/slack-deb.yml # Slack for Ubuntu
+ - path: ../lib/linux/software/slack-rpm.yml # Slack for RedHat
app_store_apps:
- app_store_id: '803453959' # Slack Desktop
- app_store_id: '1333542190' # 1Password 7 Desktop
From 9b6b21f3b70b7d42ce3aba1e4d5eb2357991059a Mon Sep 17 00:00:00 2001
From: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
Date: Thu, 19 Dec 2024 10:31:31 -0600
Subject: [PATCH 6/6] Added settings for Windows MDM migration (#24865)
---
it-and-security/default.yml | 9 +++++++++
it-and-security/teams/no-team.yml | 23 +----------------------
2 files changed, 10 insertions(+), 22 deletions(-)
diff --git a/it-and-security/default.yml b/it-and-security/default.yml
index e627ec4f7b..4b538c2d8d 100644
--- a/it-and-security/default.yml
+++ b/it-and-security/default.yml
@@ -79,3 +79,12 @@ org_settings:
policies:
queries:
- path: ./lib/all/queries/collect-fleetd-update-channels.yml
+controls:
+ enable_disk_encryption: true
+ macos_migration:
+ enable: true
+ mode: voluntary
+ webhook_url: $DOGFOOD_MACOS_MIGRATION_WEBHOOK_URL
+ windows_enabled_and_configured: true
+ windows_migration:
+ enable: true
diff --git a/it-and-security/teams/no-team.yml b/it-and-security/teams/no-team.yml
index ef6baf9e40..51ae2f8a06 100644
--- a/it-and-security/teams/no-team.yml
+++ b/it-and-security/teams/no-team.yml
@@ -1,25 +1,4 @@
name: No team
policies:
-controls:
- enable_disk_encryption: true
- macos_migration:
- enable: true
- mode: voluntary
- webhook_url: $DOGFOOD_MACOS_MIGRATION_WEBHOOK_URL
- macos_settings:
- custom_settings: null
- macos_setup:
- bootstrap_package: ""
- enable_end_user_authentication: false
- macos_setup_assistant: null
- macos_updates:
- deadline: "2023-06-13"
- minimum_version: 13.4.1
- windows_enabled_and_configured: true
- windows_settings:
- custom_settings: []
- windows_updates:
- deadline_days: 3
- grace_period_days: 2
- scripts: []
+queries:
software: