mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
Prepare v4.34.0 (#12706)
This commit is contained in:
Luke Heath
GitHub
parent
04b2d0a6a4
commit
a001fbf3ec
52 changed files with 100 additions and 59 deletions
94
CHANGELOG.md
94
CHANGELOG.md
|
|
@ -1,3 +1,97 @@
|
|||
## Fleet 4.34.0 (Jul 11, 2023)
|
||||
|
||||
* Added execution of programmatic Windows MDM enrollment on eligible devices when Windows MDM is enabled.
|
||||
|
||||
* Microsoft MDM Enrollment Protocol: Added support for the RequestSecurityToken messages.
|
||||
|
||||
* Microsoft MDM Enrollment Protocol: Added support for the DiscoveryRequest messages.
|
||||
|
||||
* Microsoft MDM Enrollment Protocol: Added support for the GetPolicies messages.
|
||||
|
||||
* Added `enabled_windows_mdm` and `disabled_windows_mdm` activities when a user turns on/off Windows MDM.
|
||||
|
||||
* Added support to enable and configure Windows MDM and to notify devices that are able to programmatically enroll.
|
||||
|
||||
* Added ability to turn Windows MDM on and off from the Fleet UI.
|
||||
|
||||
* Added enable and disable Windows MDM activity UI.
|
||||
|
||||
* Updated MDM detail query ingestion to switch MDM profiles from "verifying" or "verified" status to "failed" status when osquery reports that this profile is not installed on the host.
|
||||
|
||||
* Added notification and execution of programmatic Windows MDM unenrollment on eligible devices when Windows MDM is disabled.
|
||||
|
||||
* Added the `FLEET_DEV_MDM_ENABLED` environment variable to enable the Windows MDM feature during its development and beta period.
|
||||
|
||||
* Added the `mdm_enabled` feature flag information to the response payload of the `PATCH /config` endpoint.
|
||||
|
||||
* When creating a PolicySpec, return the proper HTTP status code if the team is not found.
|
||||
|
||||
* Added CPEMatchingRule type, used for correcting false positives caused by incorrect entries in the NVD dataset.
|
||||
|
||||
* Optimized macOS CIS query "Ensure Appropriate Permissions Are Enabled for System Wide Applications" (5.1.5).
|
||||
|
||||
* Updated macOS CIS policies 5.1.6 and 5.1.7 to use a new fleetd table `find_cmd` instead of relying on the osquery `file` table to improve performance.
|
||||
|
||||
* Implemented the privacy_preferences table for the Fleetd Chrome extension.
|
||||
|
||||
* Warnings in fleetctl now go to stderr instead of stdout.
|
||||
|
||||
* Updated UI for transferred hosts activity items.
|
||||
|
||||
* Added Organization support URL input on the setting page organization info form.
|
||||
|
||||
* Added improved ABM 400 error message to the UI.
|
||||
|
||||
* Hide any osquery tables or columns from Fleet UI that has hidden set to true to match Fleet website.
|
||||
|
||||
* Ignore casing in SAML response for display name. For example the display name attribute can be provided now as `displayname` or `displayName`.
|
||||
|
||||
* Provide feedback to users when `fleetctl login` is using EMAIL and PASSWORD environment variables.
|
||||
|
||||
* Added a new activity `transferred_hosts` created when hosts are transferred to a new team (or no team).
|
||||
|
||||
* Added milliseconds to the timestamp of auto-generated team name when creating a new team in `GET /mdm/apple/profiles/match`.
|
||||
|
||||
* Improved dashboard loading states.
|
||||
|
||||
* Improved UI for selecting targets.
|
||||
|
||||
* Made sure that all configuration profiles and commands are sent to devices if MDM is turned on, even if the device never turned off MDM.
|
||||
|
||||
* Fixed bug when reading filevault key in osquery and created new Fleet osquery extension table to read the file directly rather than via filelines table.
|
||||
|
||||
* Fixed UI bug on host details and device user pages that caused the software search to not work properly when searching by CVE.
|
||||
|
||||
* Fixed not validating the schema used in the Metadata URL.
|
||||
|
||||
* Fixed improper HTTP status code if SMTP is invalid.
|
||||
|
||||
* Fixed false positives for iCloud on macOS.
|
||||
|
||||
* Fixed styling of copy message when copying fields.
|
||||
|
||||
* Fixed a bug where an empty file uploaded to `POST /api/latest/fleet/mdm/apple/setup/eula` resulted in a 500; now returns a 400 Bad Request.
|
||||
|
||||
* Fixed vulnerability dropdown that was hiding if no vulnerabilities.
|
||||
|
||||
* Fixed scroll behavior with disk encryption status.
|
||||
|
||||
* Fixed empty software image in sandbox mode.
|
||||
|
||||
* Fixed improper HTTP status code when `fleet/forgot_password` endpoint is rate limited.
|
||||
|
||||
* Fixed MaxBurst limit parameter for `fleet/forgot_password` endpoint.
|
||||
|
||||
* Fixed a bug where reading from the replica would not read recent writes when matching a set of MDM profiles to a team (the `GET /mdm/apple/profiles/match` endpoint).
|
||||
|
||||
* Fixed an issue that displayed Nudge to macOS hosts if MDM was configured but MDM features weren't turned on for the host.
|
||||
|
||||
* Fixed tooltip word wrapping on the error cell in the macOS settings table.
|
||||
|
||||
* Fixed extraneous loading spinner rendering on the software page.
|
||||
|
||||
* Fixed styling bug on setup caused by new font being much wider.
|
||||
|
||||
## Fleet 4.33.1 (Jun 20, 2023)
|
||||
|
||||
* Fixed ChromeOS add host instructions to use variable Fleet URL.
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
* Optimize macOS CIS query "Ensure Appropriate Permissions Are Enabled for System Wide Applications" (5.1.5).
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Implement the privacy_preferences table for the Fleetd Chrome extension
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix a bug where an extraneous loading spinner was rendered on the Software page.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Hide any osquery tables or columns from Fleet UI that has hidden set to true to match Fleet website
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- Added CPEMatchingRule type, used for correcting false positives caused by incorrect entries in the
|
||||
NVD dataset.
|
||||
- Fixed false positives for iCloud on macOS.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fix styling bug on setup caused by new font being much wider
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix styling of copy message when copying fields
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed an issue that displayed Nudge to macOS hosts if MDM was configured but MDM features weren't turned on for the host
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- If the `fleet/forgot_password` endpoint is rate limited it should return the proper HTTP status
|
||||
code.
|
||||
- Fixed MaxBurst limit parameter for `fleet/forgot_password` endpoint.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Warnings in fleetctl should go to stderr instead of stdout.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix vuln dropdown that was hiding if no vulnerabilities
|
||||
|
|
@ -1 +0,0 @@
|
|||
Cleaner UI for selecting targets
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix funky scroll behavior with disk encryption status
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix empty software image in sandbox mode
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Clean up dashboard loading states
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed a bug where an empty file uploaded to `POST /api/latest/fleet/mdm/apple/setup/eula` resulted in a 500, now returns a 400 Bad Request.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fleet panicked when Windows MDM identity providers were not set and MDM programmatic enrollment was performed.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Don't use the MSRC scanner on non-windows OS.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- When creating a PolicySpec, return the proper HTTP status code if the Team is not found.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Return the proper HTTP status code if SMTP is invalid.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- When setting up SSO, validate the scheme used in the Metadata URL
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the `mdm_enabled` feature flag information to the response payload of the `PATCH /config` endpoint.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fixed bug when reading filevault key in osquery and created new Fleet osquery
|
||||
extension table to read the file directly rather than via filelines table.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add improved ABM 400 error message to the UI
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add ability to turn windows mdm on and off from the fleet UI
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added a new activity `transferred_hosts` created when hosts are transferred to a new team (or no team).
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the `FLEET_DEV_MDM_ENABLED` environment variable to enable the Windows MDM feature during its development and beta period.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added support to enable and configure Windows MDM and to notify devices that are able to programmatically enroll.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added execution of programmatic Windows MDM enrollment on eligible devices when Windows MDM is enabled.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Microsoft MDM Enrollment Protocol: Added support for the DiscoveryRequest messages
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Microsoft MDM Enrollment Protocol: Added support for the GetPolicies messages
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Microsoft MDM Enrollment Protocol: Added support for the RequestSecurityToken messages
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added `enabled_windows_mdm` and `disabled_windows_mdm` activities when a user turns on/off Windows MDM.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add enable and disable windows mdm activity UI
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Updated UI for transferred hosts activity items.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Updated MDM detail query ingestion to switch MDM profiles from "verifying" or "verified"
|
||||
status to "failed" status when osquery reports that this profile is not installed on the host.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added notification and execution of programmatic Windows MDM unenrollment on eligible devices when Windows MDM is disabled.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Fixed a bug where reading from the replica would not read recent writes when matching a set of MDM profiles to a team (the `GET /mdm/apple/profiles/match` endpoint).
|
||||
* Added milliseconds to the timestamp of auto-generated team name when creating a new team in `GET /mdm/apple/profiles/match`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- fix tooltip word wrapping on the error cell in the macOS settings table
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add Organization support URL input on the setting page Organization info form.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fixed UI bug on host details and device user pages that caused the software search to not work
|
||||
properly when searching by CVE.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Make sure that all configuration profiles and commands are sent to devices if MDM is turned on, even if the device never turned off MDM.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Provide feedback to users when `fleetctl login` is using EMAIL and PASSWORD environment variables.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Ignore casing in SAML response for display name. For example the display name attribute can be provided now as `displayname` or `displayName`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* For performance reasons, update macOS CIS policies 5.1.6 and 5.1.7 to use a new fleetd table `find_cmd` instead of relying on the osquery `file` table.
|
||||
|
|
@ -8,4 +8,4 @@ version: v5.0.1
|
|||
home: https://github.com/fleetdm/fleet
|
||||
sources:
|
||||
- https://github.com/fleetdm/fleet.git
|
||||
appVersion: v4.33.1
|
||||
appVersion: v4.34.0
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# All settings related to how Fleet is deployed in Kubernetes
|
||||
hostName: fleet.localhost
|
||||
replicas: 3 # The number of Fleet instances to deploy
|
||||
imageTag: v4.33.1 # Version of Fleet to deploy
|
||||
imageTag: v4.34.0 # Version of Fleet to deploy
|
||||
podAnnotations: {} # Additional annotations to add to the Fleet pod
|
||||
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ variable "database_name" {
|
|||
|
||||
variable "fleet_image" {
|
||||
description = "the name of the container image to run"
|
||||
default = "fleetdm/fleet:v4.33.1"
|
||||
default = "fleetdm/fleet:v4.34.0"
|
||||
}
|
||||
|
||||
variable "software_inventory" {
|
||||
|
|
|
|||
|
|
@ -68,5 +68,5 @@ variable "redis_mem" {
|
|||
}
|
||||
|
||||
variable "image" {
|
||||
default = "fleet:v4.33.1"
|
||||
default = "fleet:v4.34.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -206,7 +206,7 @@ resource "random_uuid" "jitprovisioner" {
|
|||
|
||||
# Use the local to make the trigger work.
|
||||
locals {
|
||||
fleet_tag = "v4.33.1"
|
||||
fleet_tag = "v4.34.0"
|
||||
}
|
||||
|
||||
resource "null_resource" "standard-query-library" {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "fleetctl",
|
||||
"version": "v4.33.1",
|
||||
"version": "v4.34.0",
|
||||
"description": "Installer for the fleetctl CLI tool",
|
||||
"bin": {
|
||||
"fleetctl": "./run.js"
|
||||
|
|
|
|||
Loading…
Reference in a new issue