From 90ca9b4c4e49fb9dfe9abec90285439b07898092 Mon Sep 17 00:00:00 2001 From: Luke Heath Date: Wed, 6 Sep 2023 12:12:01 -0500 Subject: [PATCH] Update Orbit changelog (#13744) Updating changelog to include previous changes that were not documented. --------- Co-authored-by: Roberto Dip --- orbit/CHANGELOG.md | 142 ++++++++++++++++++ orbit/changes/10044-orbit-hang | 1 - orbit/changes/10300-symlink-not-present-quirk | 1 - orbit/changes/10520-mac-cis-1.1-fix-query | 1 - ...013-versioninfo-and-icon-on-orbit-binaries | 1 - orbit/changes/11218-nudge-config-permissinos | 1 - orbit/changes/11244-cis-audit-table | 1 - orbit/changes/11534-orbit-fd | 1 - orbit/changes/11692-profile-config-read | 1 - .../11777-deprecate-kickstart-softwareupdated | 2 - orbit/changes/11859-swiftDialog-layout | 1 - orbit/changes/11980-updates-panic | 1 - orbit/changes/12068-migration-sanity-check | 1 - .../changes/12955-windows-desktop-icon-colors | 1 - .../13102-check-assigned-enrollment-profile | 3 - orbit/changes/13175-windows-url | 1 - orbit/changes/13310-scripts-config | 2 - orbit/changes/13450-migration-hold | 1 - orbit/changes/13505-migrate-frequency | 1 - .../changes/6441-duplicated-fleet-desktop-bis | 2 - orbit/changes/6581-remote-flags-management | 13 -- orbit/changes/7517-token-rotation | 1 - orbit/changes/7970-orbit-mtls-support | 1 - orbit/changes/8373-fix-desktop-free-spam | 1 - orbit/changes/8485-dump-pprof | 2 - orbit/changes/8901-augeas-lenses | 2 - ...bit-enroll-set-osquery-db-to-retrieve-uuid | 1 - orbit/changes/9239-cis-2.3.2.2 | 1 - orbit/changes/9253-add-fleetd-table-pmset | 1 - orbit/changes/9260-add-authdb-table | 1 - orbit/changes/9260-add-dscl-table-cis-5.6 | 1 - ...add-firmware_eficheck_integity_check-table | 1 - .../changes/9260-add-sudo_info-table-cis-5.X | 1 - .../changes/9310-new-mdm-bridge-osquery-table | 1 - orbit/changes/9459-read-config | 1 - orbit/changes/9459-use-system-config | 1 - orbit/changes/add-retries-bootstrap-mdm-push | 1 - .../bug-3563-uninstall-does-not-remove-files | 1 - ...g-6479-store-proxy-cert-at-secure-location | 2 - ...bug-6935-cannot-run-orbit-shell-on-windows | 1 - .../bug-7874-call-scm-on-service-start | 3 - .../bug-8009-fleet-desktop-duplicated-icon | 1 - .../bug-8974-smbios-uuid-value-retrieval | 1 - .../changes/bug-9053-update-symlink-on-change | 2 - ...secret-orbit-node-file-is-world-accessible | 1 - ...fails-to-install-on-legacy-windows-servers | 1 - orbit/changes/bug-orbit-restart-empty-flags | 1 - orbit/changes/concurrent-requests | 1 - orbit/changes/icloud-private-relay | 1 - .../issue-9278-orbit-renew-enrollment-profile | 1 - .../issue-9347-kickstart-softwareupdated | 1 - .../issue-9550-default-carver-block-size | 1 - orbit/changes/orbit-extensions-autoupdate | 1 - orbit/changes/orbit-extensions-csrutil_info | 1 - orbit/changes/orbit-extensions-nvram-info | 1 - orbit/changes/orbit-extensions-pwd-policy | 1 - .../orbit-extensions-user-login-settings | 1 - orbit/changes/remove-desktop-errors-tooltip | 1 - orbit/changes/retry-enroll-on-unauth-error | 1 - orbit/changes/windows-theme-detection | 1 - 60 files changed, 142 insertions(+), 82 deletions(-) delete mode 100644 orbit/changes/10044-orbit-hang delete mode 100644 orbit/changes/10300-symlink-not-present-quirk delete mode 100644 orbit/changes/10520-mac-cis-1.1-fix-query delete mode 100644 orbit/changes/11012-11013-versioninfo-and-icon-on-orbit-binaries delete mode 100644 orbit/changes/11218-nudge-config-permissinos delete mode 100644 orbit/changes/11244-cis-audit-table delete mode 100644 orbit/changes/11534-orbit-fd delete mode 100644 orbit/changes/11692-profile-config-read delete mode 100644 orbit/changes/11777-deprecate-kickstart-softwareupdated delete mode 100644 orbit/changes/11859-swiftDialog-layout delete mode 100644 orbit/changes/11980-updates-panic delete mode 100644 orbit/changes/12068-migration-sanity-check delete mode 100644 orbit/changes/12955-windows-desktop-icon-colors delete mode 100644 orbit/changes/13102-check-assigned-enrollment-profile delete mode 100644 orbit/changes/13175-windows-url delete mode 100644 orbit/changes/13310-scripts-config delete mode 100644 orbit/changes/13450-migration-hold delete mode 100644 orbit/changes/13505-migrate-frequency delete mode 100644 orbit/changes/6441-duplicated-fleet-desktop-bis delete mode 100644 orbit/changes/6581-remote-flags-management delete mode 100644 orbit/changes/7517-token-rotation delete mode 100644 orbit/changes/7970-orbit-mtls-support delete mode 100644 orbit/changes/8373-fix-desktop-free-spam delete mode 100644 orbit/changes/8485-dump-pprof delete mode 100644 orbit/changes/8901-augeas-lenses delete mode 100644 orbit/changes/9132-orbit-enroll-set-osquery-db-to-retrieve-uuid delete mode 100644 orbit/changes/9239-cis-2.3.2.2 delete mode 100644 orbit/changes/9253-add-fleetd-table-pmset delete mode 100644 orbit/changes/9260-add-authdb-table delete mode 100644 orbit/changes/9260-add-dscl-table-cis-5.6 delete mode 100644 orbit/changes/9260-add-firmware_eficheck_integity_check-table delete mode 100644 orbit/changes/9260-add-sudo_info-table-cis-5.X delete mode 100644 orbit/changes/9310-new-mdm-bridge-osquery-table delete mode 100644 orbit/changes/9459-read-config delete mode 100644 orbit/changes/9459-use-system-config delete mode 100644 orbit/changes/add-retries-bootstrap-mdm-push delete mode 100644 orbit/changes/bug-3563-uninstall-does-not-remove-files delete mode 100644 orbit/changes/bug-6479-store-proxy-cert-at-secure-location delete mode 100644 orbit/changes/bug-6935-cannot-run-orbit-shell-on-windows delete mode 100644 orbit/changes/bug-7874-call-scm-on-service-start delete mode 100644 orbit/changes/bug-8009-fleet-desktop-duplicated-icon delete mode 100644 orbit/changes/bug-8974-smbios-uuid-value-retrieval delete mode 100644 orbit/changes/bug-9053-update-symlink-on-change delete mode 100644 orbit/changes/bug-9157-secret-orbit-node-file-is-world-accessible delete mode 100644 orbit/changes/bug-9576-orbit-fails-to-install-on-legacy-windows-servers delete mode 100644 orbit/changes/bug-orbit-restart-empty-flags delete mode 100644 orbit/changes/concurrent-requests delete mode 100644 orbit/changes/icloud-private-relay delete mode 100644 orbit/changes/issue-9278-orbit-renew-enrollment-profile delete mode 100644 orbit/changes/issue-9347-kickstart-softwareupdated delete mode 100644 orbit/changes/issue-9550-default-carver-block-size delete mode 100644 orbit/changes/orbit-extensions-autoupdate delete mode 100644 orbit/changes/orbit-extensions-csrutil_info delete mode 100644 orbit/changes/orbit-extensions-nvram-info delete mode 100644 orbit/changes/orbit-extensions-pwd-policy delete mode 100644 orbit/changes/orbit-extensions-user-login-settings delete mode 100644 orbit/changes/remove-desktop-errors-tooltip delete mode 100644 orbit/changes/retry-enroll-on-unauth-error delete mode 100644 orbit/changes/windows-theme-detection diff --git a/orbit/CHANGELOG.md b/orbit/CHANGELOG.md index 9723a93c82..08446210d6 100644 --- a/orbit/CHANGELOG.md +++ b/orbit/CHANGELOG.md @@ -1,3 +1,145 @@ +## Orbit 1.16.0 (Sep 6 17, 2023) + +* Updated the default TUF update roots with the newest metadata in the server. (#13381) + +* Updated bundled-in CA certificates. (#13446) + +* Removed a listener for the OS. Kill signal since golang can't capture it. (#12861) + +* Allow clients to report errors back to the server during the MDM migration flow. (#13189) + +* Use OrbitNodeKey for windows mdm enrollment authentication instead of HostUUID (#12847) + +* Implemented script execution on the fleetd agent (disabled by default). (#9583) + +* Improved the MDM migration dialogs: + * Adjusted the copy and images. (#13158) + * Made sure that all dialogs take over the screen. (#13512) + * Ensure migration dialog doesn't open automatically if it was opened manually. (#13505) + +* Fixed theme detection and icon coloring issues for Fleet Desktop on Windows. (#13457) + +## Orbit 1.2.0 - Orbit 1.15.0 (Oct 4, 2022 - Aug 17, 2023) + +* Fixed an issue preventing Nudge from reading the configuration file delivered by Fleet on some installations. This only affects you if Nudge was enabled and configured on a host using Orbit v1.8.0. + +* Added `pmset` table extension to Fleet for CIS check 2.9.1. + +* Fixed a bug in Fleet Desktop causing it to spam servers without licenses for policies. + +* Added support to enhance the DEP migration flow in macOS for MDM. + +* Added `firmware_eficheck_integrity_check` table for macOS CIS 5.9. + +* Fixed an issue where Orbit service on Windows was not creating the `secret-orbit-node-key.txt` with a restricted ACL. + +* Added periodical restart of the `softwareupdated` service to work around a macOS bug. + +* Set `--database_path` in the shell `osqueryd` invocation to retrieve UUID and other fields. + +* Updated MDM migration flow to include checking the output of `profiles show -type enrollment`. + +* Ensured MDM migration modal is not shown if the host is already enrolled into Fleet. + +* Embedded Augeas lenses into Orbit on Unix platforms. + +* Added a new table to support the CIS audit process. + +* Added `sudo_info` table to Orbit for CIS checks 5.4 and 5.5 on macOS. + +* Fixed an issue affecting macOS devices with MDM enabled that prevented Orbit from restarting if Nudge was still open. + +* Added support to query Windows MDM enrollment status and enforce MDM commands through the `mdm_bridge` virtual table. + +* Dumped pprof data into a `profiles` directory in the Orbit root directory on Unix systems when receiving a SIGUSR1. + +* Added `launchctl bootstrap` retries in Orbit `pkg` installer to fix MDM deployments. + +* Allowed `fleetd` to get an enroll secret and Fleet URL configuration from a macOS configuration profile. + +* Added version information and icons to Orbit and Fleet Desktop binaries. + +* Implemented a table to hold `user_login_settings` options extension via Orbit. + +* Removed automatic functionality to call `launchctl kickstart -k softwareupdated`. + +* Fixed a panic in `fleetd` that might occur when concurrent requests are made to the server. + +* Fixed an issue where Orbit lost communication with Fleet server when the certificate used for insecure mode was deleted. + +* Added `dscl` table to Orbit for CIS check 5.6 on macOS. + +* Fixed an issue that prevented Orbit shell from running when the `osqueryd` instance attempted to register the same named pipe name. + +* Ensured Orbit now installs properly on Windows Server 2012 and 2016 with legacy Orbit or Osquery previously installed. + +* Fixed an Orbit bug causing repeated restarts when Fleet agent options were configured with `command_line_flags: {}`. + +* Fixed an update bug where the Orbit symlink was not present. + +* Adjusted the dialog shown during MDM migration to close when the "contact IT" button is pressed. + +* Added support for mTLS to `fleetd`. + +* Added `authdb` table for macOS CIS check 5.7. + +* Fixed a crash that occurred when updates were disabled under certain conditions. + +* Implemented a table to hold `csrutil_info` extension via Orbit. + +* Fixed a bug that set a wrong Fleet URL in Windows installers. + +* Added `sntp_request` table implementation to query NTP servers. + +* Stopped rendering errors as tooltips in Fleet Desktop. Errors are now found in the logs. + +* Retrieved UUID by reading the SMBIOS interface when WMI call fails on Windows. + +* Implemented autoupdate and deploy extensions via Orbit. + +* Implemented a table to hold `nvram_info` and `pwd_policy` options extension via Orbit. + +* Improved the logic to read enroll secrets from macOS configuration profiles. + +* Implemented `icloud_private_relay` table to get iCloud Private Relay status. + +* Ensured Orbit kills any pre-existing Fleet Desktop processes at startup. + +* Added support for `fleetd` to renew the MDM enrollment profile on pending devices. + +* Fixed an issue in Windows where the Fleet service was getting killed if the start took longer than 30 seconds. + +* Updated `fleetctl` to generate installer flags that are compatible with MySQL 8 & S3. + +* Ensured Fleet Desktop app on Windows removes the tray icon when it exits. + +* Added functionality to rotate device tokens every one hour. + +* Waited until the device is fully unenrolled from the previous MDM to close the migration dialog. + +* Ensured Orbit restarts and switches channels when needed, even if the new channel is already installed. + +* Added a new flag, `--use-system-configuration`, for Orbit to read configuration values from the system. + +* Added `software_update` table implementation to check whether Apple software needs updating. + +* Updated Windows MSI installer to use custom actions to remove Orbit files. + +* Allowed configuring osquery startup flags from Fleet, with important notes for existing deployments: + +This feature requires Orbit to communicate with Fleet. Orbit uses osquery's enroll secret to authenticate and enroll to Fleet. + +On environments where an enroll secret has been revoked, Orbit hosts that were deployed with such secret will fail to enroll to Fleet. + +This is not a regression, all existing features should work as expected, but we recommend to fix this issue given that we will be adding more features to Orbit that will use the new communication channel. + +1. To determine which hosts need to be fixed, run the following query: `SELECT * FROM orbit_info WHERE enrolled = false`. +Hosts not running Orbit will fail to execute such query because the table doesn't exist, those can be ignored. +2. Generate Orbit packages with the new enroll secret. +3. Deploy Orbit packages to the hosts returned in (1). + +* Ensured Orbit re-enrolls when encountering a 401/unauthenticated error when communicating with Fleet server endpoints. + ## Orbit 1.1.0 (Aug 19, 2022) * Rename `unified_log` table to `macadmins_unified_log` to avoid collision with osquery core. This allows Orbit to support osquery 5.5.0. diff --git a/orbit/changes/10044-orbit-hang b/orbit/changes/10044-orbit-hang deleted file mode 100644 index 0e48eaef9c..0000000000 --- a/orbit/changes/10044-orbit-hang +++ /dev/null @@ -1 +0,0 @@ -* Fixed an issue affecting macOS devices with MDM enabled that prevented Orbit for restarting if Nudge was still open. diff --git a/orbit/changes/10300-symlink-not-present-quirk b/orbit/changes/10300-symlink-not-present-quirk deleted file mode 100644 index 4ccdedc8e7..0000000000 --- a/orbit/changes/10300-symlink-not-present-quirk +++ /dev/null @@ -1 +0,0 @@ -* An update bug where orbit symlink was not present is now fixed diff --git a/orbit/changes/10520-mac-cis-1.1-fix-query b/orbit/changes/10520-mac-cis-1.1-fix-query deleted file mode 100644 index ba8364b33c..0000000000 --- a/orbit/changes/10520-mac-cis-1.1-fix-query +++ /dev/null @@ -1 +0,0 @@ -* Add table implementation `software_update` to check whether Apple software needs updating. diff --git a/orbit/changes/11012-11013-versioninfo-and-icon-on-orbit-binaries b/orbit/changes/11012-11013-versioninfo-and-icon-on-orbit-binaries deleted file mode 100644 index f16338083e..0000000000 --- a/orbit/changes/11012-11013-versioninfo-and-icon-on-orbit-binaries +++ /dev/null @@ -1 +0,0 @@ -* Added version information and icon on orbit and fleet-desktop binaries diff --git a/orbit/changes/11218-nudge-config-permissinos b/orbit/changes/11218-nudge-config-permissinos deleted file mode 100644 index f22364b548..0000000000 --- a/orbit/changes/11218-nudge-config-permissinos +++ /dev/null @@ -1 +0,0 @@ -* Fixed an issue preventing Nudge to read the configuration file delivered by Fleet on some installations. This only affects you if Nudge was enabled and configured on a host using Orbit v1.8.0 diff --git a/orbit/changes/11244-cis-audit-table b/orbit/changes/11244-cis-audit-table deleted file mode 100644 index c65bc5bd05..0000000000 --- a/orbit/changes/11244-cis-audit-table +++ /dev/null @@ -1 +0,0 @@ -* New table was added to support CIS audit process diff --git a/orbit/changes/11534-orbit-fd b/orbit/changes/11534-orbit-fd deleted file mode 100644 index e897c9704d..0000000000 --- a/orbit/changes/11534-orbit-fd +++ /dev/null @@ -1 +0,0 @@ -* MDM: added support to enhance the DEP migration flow in macOS. diff --git a/orbit/changes/11692-profile-config-read b/orbit/changes/11692-profile-config-read deleted file mode 100644 index 28fa771571..0000000000 --- a/orbit/changes/11692-profile-config-read +++ /dev/null @@ -1 +0,0 @@ -* Improve the logic to read enroll secrets from macOS configuration profiles to be compatible with different MDM providers. diff --git a/orbit/changes/11777-deprecate-kickstart-softwareupdated b/orbit/changes/11777-deprecate-kickstart-softwareupdated deleted file mode 100644 index 4d2dd27329..0000000000 --- a/orbit/changes/11777-deprecate-kickstart-softwareupdated +++ /dev/null @@ -1,2 +0,0 @@ -* Removed automatic functionality to call `launchctl kickstart -k softwareupdated` periodically, which was causing issues on some macOS devices. - The `--disable-kickstart-softwareupdated` flag is kept for backwards compatibility but it doesn't have any effect. diff --git a/orbit/changes/11859-swiftDialog-layout b/orbit/changes/11859-swiftDialog-layout deleted file mode 100644 index 80e5efd4e0..0000000000 --- a/orbit/changes/11859-swiftDialog-layout +++ /dev/null @@ -1 +0,0 @@ -* Adjusted the dialog shown during MDM migration to close when the button to contact IT is pressed. diff --git a/orbit/changes/11980-updates-panic b/orbit/changes/11980-updates-panic deleted file mode 100644 index 11992611e4..0000000000 --- a/orbit/changes/11980-updates-panic +++ /dev/null @@ -1 +0,0 @@ -* Fixed a crash that happened when updates where disabled and certain conditions (Nudge configuration set or host elegible for MDM migration) were met. diff --git a/orbit/changes/12068-migration-sanity-check b/orbit/changes/12068-migration-sanity-check deleted file mode 100644 index 07cfc6ba38..0000000000 --- a/orbit/changes/12068-migration-sanity-check +++ /dev/null @@ -1 +0,0 @@ -* Ensure MDM migration modal is not shown, and enrollment commands are not run if the host is already enrolled into Fleet diff --git a/orbit/changes/12955-windows-desktop-icon-colors b/orbit/changes/12955-windows-desktop-icon-colors deleted file mode 100644 index 9bc7739e04..0000000000 --- a/orbit/changes/12955-windows-desktop-icon-colors +++ /dev/null @@ -1 +0,0 @@ -* Replace the black and white Fleet desktop icons with a single colorful icon on Windows. diff --git a/orbit/changes/13102-check-assigned-enrollment-profile b/orbit/changes/13102-check-assigned-enrollment-profile deleted file mode 100644 index 0f76ddf362..0000000000 --- a/orbit/changes/13102-check-assigned-enrollment-profile +++ /dev/null @@ -1,3 +0,0 @@ -- Updated MDM migration flow to include checking the output of `profiles show -type enrollment` - as a pre-condition for `profiles renew -type enrollment` to mitigate issues where caching or other - unexpected delays in Apple DEP profile assignment could cause the wrong profile to be renewed. diff --git a/orbit/changes/13175-windows-url b/orbit/changes/13175-windows-url deleted file mode 100644 index d3e53aa1ec..0000000000 --- a/orbit/changes/13175-windows-url +++ /dev/null @@ -1 +0,0 @@ -* Fixed a bug that set a wrong Fleet URL in Windows installers. diff --git a/orbit/changes/13310-scripts-config b/orbit/changes/13310-scripts-config deleted file mode 100644 index 502179c4ff..0000000000 --- a/orbit/changes/13310-scripts-config +++ /dev/null @@ -1,2 +0,0 @@ -* Add a `--enable-scripts` flag to `fleetctl package` to build a package capable of script execution -* Allow script execution to be enabled by providing a configuration profile with `PayloadType` equal to `com.fleetdm.fleetd.config` and a key `ScriptsEnabled` set to `true`. diff --git a/orbit/changes/13450-migration-hold b/orbit/changes/13450-migration-hold deleted file mode 100644 index c616e8d90d..0000000000 --- a/orbit/changes/13450-migration-hold +++ /dev/null @@ -1 +0,0 @@ -* Wait until the device is fully unenrolled from the previous MDM to close the migration dialog. diff --git a/orbit/changes/13505-migrate-frequency b/orbit/changes/13505-migrate-frequency deleted file mode 100644 index bd0a90a30a..0000000000 --- a/orbit/changes/13505-migrate-frequency +++ /dev/null @@ -1 +0,0 @@ -* Ensure migration dialog is not opened automatically if it was opened manually in the last 15 minutes diff --git a/orbit/changes/6441-duplicated-fleet-desktop-bis b/orbit/changes/6441-duplicated-fleet-desktop-bis deleted file mode 100644 index 2be5b2b2c6..0000000000 --- a/orbit/changes/6441-duplicated-fleet-desktop-bis +++ /dev/null @@ -1,2 +0,0 @@ -* Orbit now kills any pre-existing fleet desktop processes at startup. -* Orbit now handles SIGTERM on unix. diff --git a/orbit/changes/6581-remote-flags-management b/orbit/changes/6581-remote-flags-management deleted file mode 100644 index 9c86d7825a..0000000000 --- a/orbit/changes/6581-remote-flags-management +++ /dev/null @@ -1,13 +0,0 @@ -* Orbit allows configuring osquery startup flags from Fleet, see [#7377](https://github.com/fleetdm/fleet/issues/7377). - -Important note for existing deployments that use Orbit: -This feature requires Orbit to communicate with Fleet. Orbit uses osquery's enroll secret to authenticate and enroll to Fleet. -On environments where an enroll secret has been revoked, Orbit hosts that were deployed with such secret will fail to enroll to Fleet. -This is not a regression, all existing features should work as expected, but we recommend to fix this issue given that we will be adding -more features to Orbit that will use the new communication channel. - -1. To determine which hosts need to be fixed, run the following query: `SELECT * FROM orbit_info WHERE enrolled = false`. -Hosts not running Orbit will fail to execute such query because the table doesn't exist, those can be ignored. -2. Generate Orbit packages with the new enroll secret. -3. Deploy Orbit packages to the hosts returned in (1). - diff --git a/orbit/changes/7517-token-rotation b/orbit/changes/7517-token-rotation deleted file mode 100644 index fdd0bc3b93..0000000000 --- a/orbit/changes/7517-token-rotation +++ /dev/null @@ -1 +0,0 @@ -- Added functionality to rotate device tokens every one hour diff --git a/orbit/changes/7970-orbit-mtls-support b/orbit/changes/7970-orbit-mtls-support deleted file mode 100644 index 8873e68832..0000000000 --- a/orbit/changes/7970-orbit-mtls-support +++ /dev/null @@ -1 +0,0 @@ -* Add support for mTLS to fleetd. diff --git a/orbit/changes/8373-fix-desktop-free-spam b/orbit/changes/8373-fix-desktop-free-spam deleted file mode 100644 index 0810c6b79a..0000000000 --- a/orbit/changes/8373-fix-desktop-free-spam +++ /dev/null @@ -1 +0,0 @@ -- Fixed a bug in Fleet Desktop causing it to spam servers without licenses for policies. diff --git a/orbit/changes/8485-dump-pprof b/orbit/changes/8485-dump-pprof deleted file mode 100644 index 8f6a2a5165..0000000000 --- a/orbit/changes/8485-dump-pprof +++ /dev/null @@ -1,2 +0,0 @@ -- On Unix systems, dump pprof data into a `profiles` directory in the orbit root dir - when receiving a SIGUSR1. This is to assist debugging for memory leaks diff --git a/orbit/changes/8901-augeas-lenses b/orbit/changes/8901-augeas-lenses deleted file mode 100644 index ba59ea47cb..0000000000 --- a/orbit/changes/8901-augeas-lenses +++ /dev/null @@ -1,2 +0,0 @@ -- Embed augeas lenses into orbit on Unix platforms so that the `augeas` - table works without further configuration diff --git a/orbit/changes/9132-orbit-enroll-set-osquery-db-to-retrieve-uuid b/orbit/changes/9132-orbit-enroll-set-osquery-db-to-retrieve-uuid deleted file mode 100644 index 637793d64d..0000000000 --- a/orbit/changes/9132-orbit-enroll-set-osquery-db-to-retrieve-uuid +++ /dev/null @@ -1 +0,0 @@ -* Set `--database_path` in the shell osqueryd invocation to retrieve UUID and other fields. diff --git a/orbit/changes/9239-cis-2.3.2.2 b/orbit/changes/9239-cis-2.3.2.2 deleted file mode 100644 index 01c341d215..0000000000 --- a/orbit/changes/9239-cis-2.3.2.2 +++ /dev/null @@ -1 +0,0 @@ -* Add table implementation `sntp_request` to query NTP servers. \ No newline at end of file diff --git a/orbit/changes/9253-add-fleetd-table-pmset b/orbit/changes/9253-add-fleetd-table-pmset deleted file mode 100644 index 6b676cf32d..0000000000 --- a/orbit/changes/9253-add-fleetd-table-pmset +++ /dev/null @@ -1 +0,0 @@ -* Add `pmset` table extension to fleed for CIS check 2.9.1. diff --git a/orbit/changes/9260-add-authdb-table b/orbit/changes/9260-add-authdb-table deleted file mode 100644 index 7505196331..0000000000 --- a/orbit/changes/9260-add-authdb-table +++ /dev/null @@ -1 +0,0 @@ -* Add `authdb` table for macOS CIS check 5.7. diff --git a/orbit/changes/9260-add-dscl-table-cis-5.6 b/orbit/changes/9260-add-dscl-table-cis-5.6 deleted file mode 100644 index 6289c7cfcd..0000000000 --- a/orbit/changes/9260-add-dscl-table-cis-5.6 +++ /dev/null @@ -1 +0,0 @@ -* Add `dscl` table to Orbit for CIS check 5.6 on macOS. diff --git a/orbit/changes/9260-add-firmware_eficheck_integity_check-table b/orbit/changes/9260-add-firmware_eficheck_integity_check-table deleted file mode 100644 index 7fc8f09a42..0000000000 --- a/orbit/changes/9260-add-firmware_eficheck_integity_check-table +++ /dev/null @@ -1 +0,0 @@ -* Add `firmware_eficheck_integrity_check` table for macOS CIS 5.9. diff --git a/orbit/changes/9260-add-sudo_info-table-cis-5.X b/orbit/changes/9260-add-sudo_info-table-cis-5.X deleted file mode 100644 index a9954832a7..0000000000 --- a/orbit/changes/9260-add-sudo_info-table-cis-5.X +++ /dev/null @@ -1 +0,0 @@ -* Add `sudo_info` table to Orbit for CIS checks 5.4 and 5.5 on macOS. diff --git a/orbit/changes/9310-new-mdm-bridge-osquery-table b/orbit/changes/9310-new-mdm-bridge-osquery-table deleted file mode 100644 index be233700f7..0000000000 --- a/orbit/changes/9310-new-mdm-bridge-osquery-table +++ /dev/null @@ -1 +0,0 @@ -* Adding support to query Windows MDM enrollment status and to enforce MDM commands through the mdm_bridge virtual table diff --git a/orbit/changes/9459-read-config b/orbit/changes/9459-read-config deleted file mode 100644 index 7c7ea3b786..0000000000 --- a/orbit/changes/9459-read-config +++ /dev/null @@ -1 +0,0 @@ -* Allow `fleetd` to get an enroll secret and Fleet URL configuration from a configuration profile on macOS. diff --git a/orbit/changes/9459-use-system-config b/orbit/changes/9459-use-system-config deleted file mode 100644 index 7520abe159..0000000000 --- a/orbit/changes/9459-use-system-config +++ /dev/null @@ -1 +0,0 @@ -* Added a new flag, `--use-system-configuration` to make orbit read configuration values from the system. Currently this is only supported in macOS via configuration profiles. diff --git a/orbit/changes/add-retries-bootstrap-mdm-push b/orbit/changes/add-retries-bootstrap-mdm-push deleted file mode 100644 index 1052c16734..0000000000 --- a/orbit/changes/add-retries-bootstrap-mdm-push +++ /dev/null @@ -1 +0,0 @@ -- Added `launchctl bootstrap` retries in Orbit `pkg` installer to fix MDM deployments of Orbit (when pushed with `InstallEnterpriseApplication`). diff --git a/orbit/changes/bug-3563-uninstall-does-not-remove-files b/orbit/changes/bug-3563-uninstall-does-not-remove-files deleted file mode 100644 index e44a16f20e..0000000000 --- a/orbit/changes/bug-3563-uninstall-does-not-remove-files +++ /dev/null @@ -1 +0,0 @@ -* Windows MSI installer now uses custom actions to remove Orbit files diff --git a/orbit/changes/bug-6479-store-proxy-cert-at-secure-location b/orbit/changes/bug-6479-store-proxy-cert-at-secure-location deleted file mode 100644 index e4e52abb4c..0000000000 --- a/orbit/changes/bug-6479-store-proxy-cert-at-secure-location +++ /dev/null @@ -1,2 +0,0 @@ -* Orbit lost communication with Fleet server -when the certificate used for insecure mode gets deleted. diff --git a/orbit/changes/bug-6935-cannot-run-orbit-shell-on-windows b/orbit/changes/bug-6935-cannot-run-orbit-shell-on-windows deleted file mode 100644 index 5c5c9d091c..0000000000 --- a/orbit/changes/bug-6935-cannot-run-orbit-shell-on-windows +++ /dev/null @@ -1 +0,0 @@ -* Fixed an issue that prevented orbit shell to run when the osqueryd instance ran through orbit shell attempted to register the same named pipe name used by the osqueryd instance launched by orbit service diff --git a/orbit/changes/bug-7874-call-scm-on-service-start b/orbit/changes/bug-7874-call-scm-on-service-start deleted file mode 100644 index 113f394d37..0000000000 --- a/orbit/changes/bug-7874-call-scm-on-service-start +++ /dev/null @@ -1,3 +0,0 @@ -* When running on Windows, Fleet service was getting killed by the OS when -service start takes longer than 30 secs due to missing calls to the -Service Control Manager (SCM) APIs. diff --git a/orbit/changes/bug-8009-fleet-desktop-duplicated-icon b/orbit/changes/bug-8009-fleet-desktop-duplicated-icon deleted file mode 100644 index 117556a063..0000000000 --- a/orbit/changes/bug-8009-fleet-desktop-duplicated-icon +++ /dev/null @@ -1 +0,0 @@ -* Fleet-desktop app on windows now removes the tray icon when it exits diff --git a/orbit/changes/bug-8974-smbios-uuid-value-retrieval b/orbit/changes/bug-8974-smbios-uuid-value-retrieval deleted file mode 100644 index 2f650dc8be..0000000000 --- a/orbit/changes/bug-8974-smbios-uuid-value-retrieval +++ /dev/null @@ -1 +0,0 @@ -* When WMI call fails on Windows, UUID can now be retrieved by reading the SMBIOS interface. diff --git a/orbit/changes/bug-9053-update-symlink-on-change b/orbit/changes/bug-9053-update-symlink-on-change deleted file mode 100644 index 4af36519d4..0000000000 --- a/orbit/changes/bug-9053-update-symlink-on-change +++ /dev/null @@ -1,2 +0,0 @@ -* Orbit now restarts and switches channels when needed, -even if the new channel is already installed \ No newline at end of file diff --git a/orbit/changes/bug-9157-secret-orbit-node-file-is-world-accessible b/orbit/changes/bug-9157-secret-orbit-node-file-is-world-accessible deleted file mode 100644 index 0cdeda7640..0000000000 --- a/orbit/changes/bug-9157-secret-orbit-node-file-is-world-accessible +++ /dev/null @@ -1 +0,0 @@ -* Orbit service on windows is not creating the secret-orbit-node-key.txt with a restricted ACL to allow only privileged users to access its content diff --git a/orbit/changes/bug-9576-orbit-fails-to-install-on-legacy-windows-servers b/orbit/changes/bug-9576-orbit-fails-to-install-on-legacy-windows-servers deleted file mode 100644 index f9e38d6962..0000000000 --- a/orbit/changes/bug-9576-orbit-fails-to-install-on-legacy-windows-servers +++ /dev/null @@ -1 +0,0 @@ -* Orbit now installs propery on Windows Server 2012 and 2016 environments with legacy Orbit or Osquery previously installed diff --git a/orbit/changes/bug-orbit-restart-empty-flags b/orbit/changes/bug-orbit-restart-empty-flags deleted file mode 100644 index 775727bf2d..0000000000 --- a/orbit/changes/bug-orbit-restart-empty-flags +++ /dev/null @@ -1 +0,0 @@ -- Fixed Orbit bug that caused it to restart repeatedly when Fleet agent options are configured with `command_line_flags: {}`. diff --git a/orbit/changes/concurrent-requests b/orbit/changes/concurrent-requests deleted file mode 100644 index 94d9303f24..0000000000 --- a/orbit/changes/concurrent-requests +++ /dev/null @@ -1 +0,0 @@ -* Fix a panic in `fleetd` that might occurr when concurrent requests are made to the server. diff --git a/orbit/changes/icloud-private-relay b/orbit/changes/icloud-private-relay deleted file mode 100644 index 03a9da4914..0000000000 --- a/orbit/changes/icloud-private-relay +++ /dev/null @@ -1 +0,0 @@ -- Implement `icloud_private_relay` table to get iCloud Private Relay status. diff --git a/orbit/changes/issue-9278-orbit-renew-enrollment-profile b/orbit/changes/issue-9278-orbit-renew-enrollment-profile deleted file mode 100644 index 931c9778cf..0000000000 --- a/orbit/changes/issue-9278-orbit-renew-enrollment-profile +++ /dev/null @@ -1 +0,0 @@ -* Added support to `fleetd` to run the necessary command to renew the MDM enrollment profile on the devices that are pending automatic enrollment into Fleet MDM. diff --git a/orbit/changes/issue-9347-kickstart-softwareupdated b/orbit/changes/issue-9347-kickstart-softwareupdated deleted file mode 100644 index 4f73c349d2..0000000000 --- a/orbit/changes/issue-9347-kickstart-softwareupdated +++ /dev/null @@ -1 +0,0 @@ -* Added periodical restart of the `softwareupdated` service to work around a macOS bug where it sometimes hangs and prevents software updates. diff --git a/orbit/changes/issue-9550-default-carver-block-size b/orbit/changes/issue-9550-default-carver-block-size deleted file mode 100644 index 71de9e5bb7..0000000000 --- a/orbit/changes/issue-9550-default-carver-block-size +++ /dev/null @@ -1 +0,0 @@ -- update fleetctl to generate installer flags that use a larger default file carving block size compatible with MySQL 8 & S3 diff --git a/orbit/changes/orbit-extensions-autoupdate b/orbit/changes/orbit-extensions-autoupdate deleted file mode 100644 index 57b3721088..0000000000 --- a/orbit/changes/orbit-extensions-autoupdate +++ /dev/null @@ -1 +0,0 @@ -- Implement autoupdate and deploy extensions via Orbit diff --git a/orbit/changes/orbit-extensions-csrutil_info b/orbit/changes/orbit-extensions-csrutil_info deleted file mode 100644 index 45ae2df7f2..0000000000 --- a/orbit/changes/orbit-extensions-csrutil_info +++ /dev/null @@ -1 +0,0 @@ -- Implement table to hold csrutil_info extension via Orbit diff --git a/orbit/changes/orbit-extensions-nvram-info b/orbit/changes/orbit-extensions-nvram-info deleted file mode 100644 index d187c9048b..0000000000 --- a/orbit/changes/orbit-extensions-nvram-info +++ /dev/null @@ -1 +0,0 @@ -- Implement table to hold nvram_info extension via Orbit diff --git a/orbit/changes/orbit-extensions-pwd-policy b/orbit/changes/orbit-extensions-pwd-policy deleted file mode 100644 index 13c428f6a4..0000000000 --- a/orbit/changes/orbit-extensions-pwd-policy +++ /dev/null @@ -1 +0,0 @@ -- Implement table to hold pwd_policy options extension via Orbit diff --git a/orbit/changes/orbit-extensions-user-login-settings b/orbit/changes/orbit-extensions-user-login-settings deleted file mode 100644 index 6ba629cb7b..0000000000 --- a/orbit/changes/orbit-extensions-user-login-settings +++ /dev/null @@ -1 +0,0 @@ -- Implement table to hold user_login_settings options extension via Orbit diff --git a/orbit/changes/remove-desktop-errors-tooltip b/orbit/changes/remove-desktop-errors-tooltip deleted file mode 100644 index 307ca4190f..0000000000 --- a/orbit/changes/remove-desktop-errors-tooltip +++ /dev/null @@ -1 +0,0 @@ -* Stop rendering errors as tooltips in Fleet Desktop. Errors can now be found in the Fleet Desktop logs. diff --git a/orbit/changes/retry-enroll-on-unauth-error b/orbit/changes/retry-enroll-on-unauth-error deleted file mode 100644 index 992f59509b..0000000000 --- a/orbit/changes/retry-enroll-on-unauth-error +++ /dev/null @@ -1 +0,0 @@ -* Orbit now re-enroll when encountering a 401/unauthenticated error when communicating with orbit endpoints on Fleet server diff --git a/orbit/changes/windows-theme-detection b/orbit/changes/windows-theme-detection deleted file mode 100644 index 98ec1d0213..0000000000 --- a/orbit/changes/windows-theme-detection +++ /dev/null @@ -1 +0,0 @@ -* Fix theme detection and icon coloring issues for Fleet Desktop on Windows.