mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
Prepare v4.40.0 (#14940)
This commit is contained in:
Luke Heath
GitHub
parent
7c11706a80
commit
8dbe690026
55 changed files with 72 additions and 109 deletions
60
CHANGELOG.md
60
CHANGELOG.md
|
|
@ -1,3 +1,63 @@
|
|||
## Fleet 4.40.0 (Nov 3, 2023)
|
||||
|
||||
### Changes
|
||||
|
||||
* **Endpoint operations**:
|
||||
- New tables added to the fleetd extension: app_icons, falconctl_options, falcon_kernel_check, cryptoinfo, cryptsetup_status, filevault_status, firefox_preferences, firmwarepasswd, ioreg, and windows_updates.
|
||||
|
||||
* **Device management (MDM)**:
|
||||
- Introduced support for MS-MDM management protocol.
|
||||
- Added a host detail query for Windows hosts to ingest MDM device id and updated the Windows MDM device enrollment flow.
|
||||
- Implemented `--context` and `--debug` flags for `fleetctl mdm run-command`.
|
||||
- Support added for `fleetctl mdm run-command` on Windows hosts.
|
||||
- macOS hosts with MDM features via SSO can now run `sudo profiles renew --type enrollment`.
|
||||
- Introduced `GET mdm/commandresults` endpoint to retrieve MDM command results for Windows and macOS.
|
||||
- `fleetctl get mdm-command-results` now uses the new above endpoint.
|
||||
- Added `POST /fleet/mdm/commands/run` platform-agnostic endpoint for MDM commands.
|
||||
- Introduced API for recent Windows MDM commands via `fleetctl` and the API.
|
||||
|
||||
* **Vulnerability management**:
|
||||
- Added vulnerability data support for JetBrains apps with similar names (e.g., IntelliJ IDEA.app vs. IntelliJ IDEA Ultimate.app).
|
||||
- Apple Rapid Security Response version added to macOS host details (requires osquery v5.9.1 on macOS devices).
|
||||
- For ChromeOS hosts, software now includes chrome extensions.
|
||||
- Updated vulnerability processing to omit software without versions.
|
||||
- Resolved false positives in vulnerabilities for Chrome and Firefox extensions.
|
||||
|
||||
* **UI improvements**:
|
||||
- Fleet tables in UI reset rows upon filter/search/page changes.
|
||||
- Improved handling when deleting a large number of hosts; operations now continue in the background after 30 seconds.
|
||||
- Added the ability for Observers and Observer+ to view policy resolutions.
|
||||
- Improved app settings clarity for premium users regarding usage statistics.
|
||||
- UI buttons for live queries or policies are now disabled with a tooltip if live queries are globally turned off.
|
||||
- Observers and observer+ can now run existing policies in the UI.
|
||||
|
||||
### Bug fixes and improvements
|
||||
|
||||
* **REST API**:
|
||||
- Overhauled REST API input validation for several endpoints (hosts, carves, users).
|
||||
- Validation error status codes switched from 500 to 400 for clarity.
|
||||
- Numerous new validations added for policy details, os_name/version, etc.
|
||||
- Addressed issues in /fleet/sso and /mdm/apple/enqueue endpoints.
|
||||
- Updated response codes for several other endpoints for clearer error handling.
|
||||
|
||||
* **Logging and debugging**:
|
||||
- Updated Apple Business Manager terms logging behavior.
|
||||
- Refined the copy of the ABM terms banner for better clarity.
|
||||
- Addressed a false positive CVE detection on the `certifi` python package.
|
||||
- Fixed a logging issue with Fleet's Cloudflare WARP software version ingestion for Windows.
|
||||
|
||||
* **UI fixes**:
|
||||
- Addressed UI bugs for the "Turn off MDM" action display and issues with the host details page's banners.
|
||||
- Fixed narrow viewport EULA display issue on the Windows TOS page.
|
||||
- Rectified team dropdown value issues and ensured consistent help text across query and policy creation forms.
|
||||
- Fixed issues when applying config changes without MDM features enabled.
|
||||
|
||||
* **Others**:
|
||||
- Removed the capability for Premium customers to disable usage statistics. Further information provided in the Fleet documentation.
|
||||
- Retired creating OS policies from host OSes in the UI.
|
||||
- Addressed issues in Live Queries with the POST /fleet/queries/run endpoint.
|
||||
- Introduced database migrations for Windows MDM command tables.
|
||||
|
||||
## Fleet 4.39.0 (Oct 19, 2023)
|
||||
|
||||
### Changes
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
* Removed the ability for Premium customers to disable usage statistics. The type of data collected has not changed; please see https://fleetdm.com/docs/using-fleet/usage-statistics for information on the exact contents of the usage statistics data.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- App Settings informs premium users they are sending usage statistics and cannot disable feature
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
Fixed 500 return code from several endpoints.
|
||||
|
||||
/api/v1/fleet/perform_required_password_reset
|
||||
- Now returns 403 when Authorization token is missing
|
||||
|
||||
/api/v1/fleet/hosts_summary
|
||||
- Now returns 400 when low_disk_space parameter is invalid
|
||||
|
||||
/api/v1/fleet/sessions/*
|
||||
- Now returns 404 when session cannot be found
|
||||
|
||||
|
|
@ -1 +0,0 @@
|
|||
/fleet/sso endpoint now returns 400 status code (as opposed to 500) when SSO Metadata URL returns invalid data or when SSO Metadata provided by user is invalid.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
Added Apple Rapid Security Response version to macOS host details.
|
||||
- This feature (new `extra` column on `os_version` for macOS devices) was added to osquery in v5.9.1. So macOS devices will need >= v5.9.1 version installed to use this feature.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixed issue where applying config changes would cause validation errors when MDM features were not enabled.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Updated vulnerability processing to ignore software that has been ingested without a version.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added support for `--context` and `--debug` flags to `fleetctl mdm run-command`
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
Adding vulnerability data support for JetBrains applications (like IDEA, PyCharm, etc.) that have similar names.
|
||||
- For example: IntelliJ IDEA.app and IntelliJ IDEA Ultimate.app
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the ability to list recent Windows MDM commands via `fleetctl` and the API.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- Added `GET mdm/commandresults` endpoint to retrieve the results of MDM commands
|
||||
run on Windows or macOS devices.
|
||||
- Updated `fleetctl get mdm-command-results` to use the new endpoint.
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
Cleaned up REST API input validation for hosts, carves, users endpoints.
|
||||
|
||||
For the following endpoints:
|
||||
/api/v1/fleet/hosts
|
||||
/api/v1/fleet/hosts/count
|
||||
/api/v1/fleet/hosts/report
|
||||
- converted validation errors from 500 to 400 HTTP status code
|
||||
- added validation that policy_id must be present when policy_response is specified
|
||||
- added validation that policy_response must be `passing` or `failing`
|
||||
- added validation that `os_name` must be specified with `os_version`
|
||||
|
||||
For the following endpoint:
|
||||
/api/v1/fleet/users
|
||||
- converted team_id validation error from 500 to 400 HTTP status code
|
||||
|
||||
For the following endpoint:
|
||||
/api/v1/fleet/carves
|
||||
- added rest-api.md documentation for `page`, `per_page`, `order_key`, `order_direction`, and `expired`
|
||||
- converted `expired` validation error from 500 to 400 HTTP status code
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed a bug preventing Windows and Linux users to upload .mobileconfig files in the UI.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
Web UI no longer gives an error when deleting a large number of hosts.
|
||||
|
||||
After 30 seconds, the 'Delete host' modal closes and the delete operation continues in the background.
|
||||
The following text has been added to the modal when deleting 500 or more hosts: "When deleting a large volume of hosts, it may take some time for this change to be reflected in the UI."
|
||||
|
|
@ -1 +0,0 @@
|
|||
- For ChromeOS hosts, surface chrome extensions as software
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Allow macOS hosts that turned on MDM features via SSO to run `sudo profiles renew --type enrollment` to renew their MDM enrollment.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- If live queries are disabled globally, all UI buttons to run a live query or policy are disabled with a tooltip explanation
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
|
||||
* Updates the POST /fleet/queries/run endpoint to return a 403 Forbidden response when Live Queries have been disabled by an administrator.
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
- added tables to the fleetd extension:
|
||||
- app_icons
|
||||
- falconctl_options
|
||||
- falcon_kernel_check
|
||||
- cryptoinfo
|
||||
- cryptsetup_status
|
||||
- filevault_status
|
||||
- firefox_preferences
|
||||
- firmwarepasswd
|
||||
- ioreg
|
||||
- windows_updates
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Creating a query and creating a policy has consistent help text for form fields
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed how Fleet ingest Windows' Cloudflare WARP software version.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
* Change the response status code of /mdm/apple/enqueue to `400` if the host is:
|
||||
- A macOS host that hasn't turned on Fleet MDM features.
|
||||
- A Windows or Linux host.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed false positive CVE-2023-37920 detected on `certifi` python package.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
For the following endpoints:
|
||||
/api/v1/fleet/software
|
||||
/api/v1/fleet/software/count
|
||||
- added validation on `page`, `per_page`, `order_key`, `order_direction` -- invalid values will now return 400 HTTP status code
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Bug fix: Allow Observer+ ability to run all existing policies in the UI
|
||||
|
|
@ -1 +0,0 @@
|
|||
- All Fleet tables in the UI will reset rows selected if user changes filters, search query, or paginates
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix bug where save as new for an inherited query will correctly save on the currently selected team
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Retired creating OS policy in the UI from a host's operating system
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Add inherited table information to URL params and use URL params for source of truth to fix any bugs between multi-table view
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Added host detail query for Windows hosts to ingest MDM device id
|
||||
- Updated Windows MDM device enrollment flow to associate MDM device id with host uuid
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fixed UI bug where the "Turn off MDM" action on the host details page was displayed for hosts on
|
||||
platforms where that action is not yet supported by Fleet.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Observers and observer+ can view policy resolutions in UI
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fix false positive vulnerabilities found in Chrome and Firefox extensions.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Adding support for MS-MDM management protocol
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fix banners on the host details page. If the ABM expired banner is displayed we suppress all
|
||||
other banners on that page.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Modified logging of when the Apple Business Manager terms have changed so that it does not require debug logging.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- update the copy of the ABM terms banner to reflect that Apple may take a while to report the
|
||||
correct status back to Fleet.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Updated the `fleetctl mdm run-command` sub-command to use the new platform-agnostic endpoint and support for running MDM commands on Windows hosts.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the `POST /fleet/mdm/commands/run` platform-agnostic endpoint to run an MDM command.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixes EULA on the windows TOS page. The EULA now shows correctly on narrow viewports
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added database migrations to create tables for the Windows MDM commands.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- fix issue where team dropdown value was changing when selecting a host that was on a team.
|
||||
|
|
@ -8,4 +8,4 @@ version: v5.0.1
|
|||
home: https://github.com/fleetdm/fleet
|
||||
sources:
|
||||
- https://github.com/fleetdm/fleet.git
|
||||
appVersion: v4.39.0
|
||||
appVersion: v4.40.0
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# All settings related to how Fleet is deployed in Kubernetes
|
||||
hostName: fleet.localhost
|
||||
replicas: 3 # The number of Fleet instances to deploy
|
||||
imageTag: v4.39.0 # Version of Fleet to deploy
|
||||
imageTag: v4.40.0 # Version of Fleet to deploy
|
||||
podAnnotations: {} # Additional annotations to add to the Fleet pod
|
||||
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ variable "database_name" {
|
|||
|
||||
variable "fleet_image" {
|
||||
description = "the name of the container image to run"
|
||||
default = "fleetdm/fleet:v4.39.0"
|
||||
default = "fleetdm/fleet:v4.40.0"
|
||||
}
|
||||
|
||||
variable "software_inventory" {
|
||||
|
|
|
|||
|
|
@ -68,5 +68,5 @@ variable "redis_mem" {
|
|||
}
|
||||
|
||||
variable "image" {
|
||||
default = "fleet:v4.39.0"
|
||||
default = "fleet:v4.40.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -206,7 +206,7 @@ resource "random_uuid" "jitprovisioner" {
|
|||
|
||||
# Use the local to make the trigger work.
|
||||
locals {
|
||||
fleet_tag = "v4.39.0"
|
||||
fleet_tag = "v4.40.0"
|
||||
}
|
||||
|
||||
resource "null_resource" "standard-query-library" {
|
||||
|
|
|
|||
|
|
@ -165,7 +165,7 @@ resource "helm_release" "main" {
|
|||
|
||||
set {
|
||||
name = "imageTag"
|
||||
value = "v4.39.0"
|
||||
value = "v4.40.0"
|
||||
}
|
||||
|
||||
set {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.39.0")
|
||||
image = optional(string, "fleetdm/fleet:v4.40.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.39.0")
|
||||
image = optional(string, "fleetdm/fleet:v4.40.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ provider "aws" {
|
|||
}
|
||||
|
||||
locals {
|
||||
fleet_image = "fleetdm/fleet:v4.39.0"
|
||||
fleet_image = "fleetdm/fleet:v4.40.0"
|
||||
}
|
||||
|
||||
resource "random_pet" "main" {}
|
||||
|
|
|
|||
|
|
@ -165,7 +165,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.39.0")
|
||||
image = optional(string, "fleetdm/fleet:v4.40.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.39.0")
|
||||
image = optional(string, "fleetdm/fleet:v4.40.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "fleetctl",
|
||||
"version": "v4.39.0",
|
||||
"version": "v4.40.0",
|
||||
"description": "Installer for the fleetctl CLI tool",
|
||||
"bin": {
|
||||
"fleetctl": "./run.js"
|
||||
|
|
|
|||
Loading…
Reference in a new issue