mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
Adding changes for Fleet v4.66.0 (#27407)
This commit is contained in:
Luke Heath
GitHub
parent
418501f0ca
commit
9b73f629b2
53 changed files with 71 additions and 64 deletions
68
CHANGELOG.md
68
CHANGELOG.md
|
|
@ -1,6 +1,68 @@
|
|||
## Fleet 4.66.0 (Apr 4, 2025)
|
||||
|
||||
### Security Engineers
|
||||
- Added integration with DigiCert Trust Lifecycle Manager. Fleet admins can now deploy DigiCert certificates to their macOS devices via configuration profiles.
|
||||
- Updated activity log UI for new certificate authority features.
|
||||
- Updated host details > software table to filter by vulnerability severity and known exploit.
|
||||
- Return more granular data for live query and policy runs so it can be displayed to users.
|
||||
- Allowed adding labels when saving or editing queries in the UI.
|
||||
- Added support for queries with LabelsIncludeAny in backend.
|
||||
- Added `author_id` to labels DB table to track who created a label.
|
||||
- Removed duplicate download/delete attempts for MSRC bulletins when hosts are enrolled spanning multiple builds of the same version of Windows.
|
||||
- Split up expired query deletion to avoid deadlocks in zero-trust flows.
|
||||
- Moved software version transformations for vulnerability matching out of software ingestion to ensure software inventory versions match what osquery reports.
|
||||
- Modified host software query to apply the vulnerability filter on VPP apps and latest software installs & uninstalls.
|
||||
- Fixed false positive on macOS 15.3 by making sure we match the version format reported by Vulncheck.
|
||||
- Fixed false positive for CVE-2024-6286 on non-Windows hosts.
|
||||
|
||||
### IT Admins
|
||||
- Added support for Fleet-maintained apps for Windows.
|
||||
- Added integration with a custom SCEP server. Fleet admins can now deploy certificates from their own SCEP server to their macOS devices via configuration profiles. The SCEP server will only see traffic from the Fleet server.
|
||||
- Return more granular data for live query and policy runs so it can be displayed to users.
|
||||
- Added support for queries with LabelsIncludeAny in backend.
|
||||
- Allowed adding labels when saving or editing queries in the UI.
|
||||
- Updated macOS setup experience to show an error if an App Store app installation fails due to lack of licenses.
|
||||
- Added `platform` key to `software_package` and `app_store_app` keys throughout API.
|
||||
- Improved error messages when Fleet admin tries to upload a FileVault (macOS) or a BitLocker (Windows) configuration profile.
|
||||
- Ignored compatible Linux hosts in disk encryption statistics and filters if disk encryption is disabled.
|
||||
- Allowed for any number of comments at the top of XML files for Windows MDM profile CSPs.
|
||||
- Disabled unsupported automatic install option during add flow of .exe custom packages.
|
||||
- Updated Fleet to treat software installer download errors as a failure for that installation attempt, which prevents the software installation from remaining in "pending".
|
||||
- Added Apple Root Certificate for HTTP requests to https://gdmf.apple.com/v2/pmv. This solves the issue of minimum macOS version not being enforced at enrollment.
|
||||
- Removed unreliable default (un)install scripts for .exe software packages; install and uninstall scripts are now required when adding .exe packages.
|
||||
- Added software URL validation in GitOps to catch URL parse errors earlier.
|
||||
|
||||
### Other improvements
|
||||
- Updated the empty states when choosing a label scope for new software, queries, and profiles.
|
||||
- Clarified meanings of various types and fields involved in live query/policy infrastructure, document, and refactor for improved code clarity.
|
||||
- Added configuration to Fleet server to enable H2C (forcing http2) to get around a limitation in GCP Cloud Run for upload file sizes.
|
||||
- Added validation to both org logo URL fields, and accept data URIs as valid.
|
||||
- Removed redundant json array parsing in osquery pack report handler.
|
||||
- Added `took` field (request duration) on server logs for requests that fail (non-2XX).
|
||||
- Unified all pagination logic and styling.
|
||||
- Updated the new policy flow and associated UI elements.
|
||||
- Updated UI to cleanly truncate two overflowing values and display full values in a tooltip.
|
||||
- Removed extra space above Next and Previous buttons in host activity feeds.
|
||||
- Allowed team GitOps to run without global config.
|
||||
- Added support for displaying scheduled query labels in `fleetctl`.
|
||||
- Updated `fleetctl` to print an informative error message when it is authenticated with a user who is required to reset their password.
|
||||
- Stopped `fleetctl` npm publishing script from tagging patch releases for old versions as `latest`.
|
||||
|
||||
### Bug fixes
|
||||
- Fixed software installer download and Fleet Maintained App errors by extending the timeout for the download and FMA add endpoints.
|
||||
- Fixed issue where bootstrap package was incorrectly installed during renewal of Apple MDM enrollment profiles.
|
||||
- Fixed a bug to ignore Windows hosts that are not enrolled in Fleet MDM for disk encryption statistics and filters.
|
||||
- Fixed policy automation with scripts to surface errors to user instead of rendering false success message.
|
||||
- Fixed whitespace not being displayed correctly in policy automation calendar preview.
|
||||
- Fixed bug where Windows profiles were not being resent after `fleetctl` GitOps update.
|
||||
- Fixed row selection firing twice in host selection screen.
|
||||
- Fixed Dashboard > Software table truncating host count.
|
||||
- Fixed an error when requesting `/fleet/software/titles` endpoint unpaginated with > 33k software titles by batching the policies by software title id query
|
||||
- Fixed an issue where removing label conditions on configuration profiles (e.g. `labels_include_any`, `labels_include_all` or `labels_exclude_any`) did not clear the labels associated with the profile when applied via `fleetctl gitops`.
|
||||
|
||||
## Fleet 4.65.0 (Mar 14, 2025)
|
||||
|
||||
## Security
|
||||
### Security Engineers
|
||||
- Added UI for viewing certificate details on the host details and my device pages.
|
||||
- Added new features to include certificates in host vitals for macOS, iOS, and iPadOS.
|
||||
- Added the list host certificates (and list device's certificates) endpoints.
|
||||
|
|
@ -17,7 +79,7 @@
|
|||
- Fixed an issue with increased resource usage during vulnerabilities processing by adding database indexes.
|
||||
- Fixed false-positives on released PowerShell versions for CVE-2025-21171 and all PowerShell versions on CVE-2023-48795.
|
||||
|
||||
## IT
|
||||
### IT Admins
|
||||
- Implemented GitOps mode that locks settings in the UI that are managed by GitOps.
|
||||
- Allowed VPP apps to be automatically installed via a Fleet-created policy.
|
||||
- Added ability for users to automatically install App Store Apps without writing a policy in the Fleet UI.
|
||||
|
|
@ -60,7 +122,7 @@ SET vat.created_at = COALESCE(added_at, vat.created_at), vat.updated_at = COALES
|
|||
- Fixed a bug where new `fleetd` could not install software from old fleet server.
|
||||
- Fixed issue where `fleetctl gitops` was NOT deleting macOS setup experience bootstrap package and enrollment profile. GitOps should clear all settings that are not explicitly set in YAML config files.
|
||||
|
||||
## Bug fixes and improvements
|
||||
### Bug fixes and improvements
|
||||
- Set collation and character set explicitly on database tables that were missing explicit values.
|
||||
- Updated the copy printed on successful runs of `fleetctl package`.
|
||||
- Enabled redis cluster follow redierctions by default.
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
- Added support for queries with LabelsIncludeAny in backend
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fleet UI: Host details > software table can filter by vulnerability severity and known exploit
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added support for Fleet-maintained apps for Windows
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Update the empty states when choosing a label scope for new software, queries, and profiles
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed a bug to ignore Windows hosts that are not enrolled in Fleet MDM for disk encryption statistics and filters.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Ignored compatible Linux hosts in disk encryption statistics and filters if disk encryption is disabled.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Removed redundant json array parsing in osquery pack report handler
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Updated Fleet to treat software installer download errors as a failure for that
|
||||
installation attempt, which prevents the software installation from remaining in "pending".
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Moved software version transformations for vulnerability matching out of software ingestion to
|
||||
ensure software inventory versions match what osquery reports.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Improved error messages when Fleet admin tries to upload a FileVault(macOS) or a BitLocker(Windows) configuration profile.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- Return more granular data for live query and policy runs so it can be displayed to users.
|
||||
- Clarify meanings of various types and fields involved in live query/policy infrastructure,
|
||||
document, and refactor for improved code clarity.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fixed bug where Windows profiles were not being resent after fleetctl gitops update.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Removed duplicate download/delete attempts for MSRC bulletins when hosts are enrolled spanning multiple builds of the same version of Windows
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fleet API: Added platform key to software_package and app_store_app keys throughout API
|
||||
|
|
@ -1 +0,0 @@
|
|||
Added integration with a custom SCEP server. Fleet admins can now deploy certificates from their own SCEP server to their macOS devices via configuration profiles. The SCEP server will only see traffic from the Fleet server.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Added integration with DigiCert Trust Lifecycle Manager. Fleet admins can now deploy DigiCert certificates to their macOS devices via configuration profiles.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Print an informative error message when `fleetctl` is authenticated with a user who is required to
|
||||
reset their password.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Update the new policy flow and some associated UI elements.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Allow team gitops to run without global config
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Add validation to both org logo URL fields, and accept data URIs as valid
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Cleanly truncate 2 overflowing values and display full values in a tooltip.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Updated macOS setup experience to show an error if an App Store app installation fails due to lack
|
||||
of licenses.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Allow for any number of comments at the top of XML files for Windows MDM profile CSPs
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Stop fleetctl npm publishing script from tagging patch releases for old versions as "latest"
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixed a false positive on macOS 15.3 by making sure we match the version format reported by Vulncheck.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixed row selection firing twice in host selection screen
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Removed extra space above Next and Previous buttons in host activity feeds
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Allow adding labels when saving or editing queries in the UI
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixed whitespace not being displayed correctly in policy automation calendar preview
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fleet UI: Fixed policy automation with scripts to surface errors to user instead of rendering false success message
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed an error when requesting /fleet/software/titles endpoint unpaginated with > 33k software titles by batching the policies by software title id query
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fleet UI: Fixed Dashboard > Software table from ever truncating host count
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Modified host software query to properly apply the vulnerability filter on vpp apps and latest software installs & uninstalls
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Added support for displaying scheduled query labels in fleetctl
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fleet UI: Unified all pagination logic and styling
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Split up expired query deletion to avoid deadlocks in zero-trust flows
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Added "author_id" to labels db table to track who created a label
|
||||
|
|
@ -1 +0,0 @@
|
|||
Added Apple Root Certificate for HTTP requests to https://gdmf.apple.com/v2/pmv. This solves the issue of minimum macOS version not being enforced at enrollment.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Updated activity log UI for new certificate authority features.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed false positive for CVE-2024-6286 on non-Windows hosts.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fleet UI: Disable unsupported automatic install option during add flow of .exe custom packages
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added `took` field (request duration) on server logs for requests that fail (non-2XX).
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Removed unreliable default (un)install scripts for .exe software packages; install and uninstall scripts are now required when adding .exe packages.
|
||||
* Added software URL validation in GitOps to catch URL parse errors earlier.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fixed issue where bootstrap package was incorrectly installed during renewal of Apple MDM
|
||||
enrollment profiles.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed an issue where removing label conditions on configuration profiles (e.g. `labels_include_any`, `labels_include_all` or `labels_exclude_any`) did not clear the labels associated with the profile when applied via `fleetctl gitops`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixed software installer download and Fleet Maintained App add errors by extending the timeout for the download and FMA add endpoints.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add configuration to fleet server to enable h2c (forcing http2) to get around a limitation in GCP Cloud Run for upload file sizes
|
||||
|
|
@ -4,11 +4,11 @@ name: fleet
|
|||
keywords:
|
||||
- fleet
|
||||
- osquery
|
||||
version: v6.5.0
|
||||
version: v6.5.1
|
||||
home: https://github.com/fleetdm/fleet
|
||||
sources:
|
||||
- https://github.com/fleetdm/fleet.git
|
||||
appVersion: v4.65.0
|
||||
appVersion: v4.66.0
|
||||
dependencies:
|
||||
- name: mysql
|
||||
condition: mysql.enabled
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
hostName: fleet.localhost
|
||||
replicas: 3 # The number of Fleet instances to deploy
|
||||
imageRepository: fleetdm/fleet
|
||||
imageTag: v4.65.0 # Version of Fleet to deploy
|
||||
imageTag: v4.66.0 # Version of Fleet to deploy
|
||||
podAnnotations: {} # Additional annotations to add to the Fleet pod
|
||||
serviceAnnotations: {} # Additional annotations to add to the Fleet service
|
||||
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ variable "database_name" {
|
|||
|
||||
variable "fleet_image" {
|
||||
description = "the name of the container image to run"
|
||||
default = "fleetdm/fleet:v4.65.0"
|
||||
default = "fleetdm/fleet:v4.66.0"
|
||||
|
||||
variable "software_inventory" {
|
||||
description = "enable/disable software inventory (default is enabled)"
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ variable "redis_mem" {
|
|||
}
|
||||
|
||||
variable "image" {
|
||||
default = "fleetdm/fleet:v4.65.0"
|
||||
default = "fleetdm/fleet:v4.66.0"
|
||||
}
|
||||
|
||||
variable "software_installers_bucket_name" {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "fleetctl",
|
||||
"version": "v4.65.0",
|
||||
"version": "v4.66.0",
|
||||
"description": "Installer for the fleetctl CLI tool",
|
||||
"bin": {
|
||||
"fleetctl": "./run.js"
|
||||
|
|
|
|||
Loading…
Reference in a new issue