mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
Adding changes for Fleet v4.50.0 (#19191)
This commit is contained in:
Luke Heath
GitHub
parent
2a70605976
commit
a540e0e38b
75 changed files with 65 additions and 94 deletions
51
CHANGELOG.md
51
CHANGELOG.md
|
|
@ -1,3 +1,54 @@
|
|||
## Fleet 4.50.0 (May 22, 2024)
|
||||
|
||||
### Endpoint Operations
|
||||
|
||||
- Added optional AI-generated policy descriptions and remediations.
|
||||
- Added flag to enable deletion of old activities and associated data in cleanup cron job.
|
||||
- Added support for escaping `$` (with `\`) in gitops yaml files.
|
||||
- Optimized policy_stats updates to not lock the policy_membership table.
|
||||
- Optimized the hourly host_software count query to reduce individual query runtime.
|
||||
- Updated built-in labels to support being applied via `fleetctl apply`.
|
||||
|
||||
### Device Management (MDM)
|
||||
|
||||
- Added endpoints to upload, delete, and download software installers.
|
||||
- Added ability to upload software from the UI.
|
||||
- Added functionality to filter hosts by software installer status.
|
||||
- Added support to the global activity feed for "Added software" and "Deleted software" actions.
|
||||
- Added the `POST /api/fleet/orbit/software_install/result` endpoint for fleetd to send results for a software installation attempt.
|
||||
- Added the `GET /api/v1/fleet/hosts/{id}/software` endpoint to list the installed software for the host.
|
||||
- Added support for uploading and running zsh scripts on macOS and Linux hosts.
|
||||
- Added the `cron` job to periodically remove unused software installers from the store.
|
||||
- Added a new command `fleetctl api` to easily use fleetctl to hit any REST endpoint via the CLI.
|
||||
- Added support to extract package name and version from software installers.
|
||||
- Added the uninstalled but available software installers to the response payload of the "List software titles" endpoint.
|
||||
- Updated MySQL host_operating_system insert statement to reduce table lock time.
|
||||
- Updated software page to support new add software feature.
|
||||
- Updated fleetctl to print team id as part of the `fleetctl get teams` command.
|
||||
- Implemented an S3-based and local filesystem-based storage abstraction for software installers.
|
||||
|
||||
### Vulnerability Management
|
||||
|
||||
- Added OVAL vulnerability scanning support on Ubuntu 22.10, 23.04, 23.10, and 24.04.
|
||||
|
||||
### Bug fixes and improvements
|
||||
|
||||
- Fixed ingestion of private IPv6 address from agent.
|
||||
- Fixed a bug where a singular software version in the Software table generated a tooltip unnecessarily.
|
||||
- Fixed bug where updating user via `/api/v1/fleet/users/:id` endpoint sometimes did not update activity feed.
|
||||
- Fixed bug where hosts query results were not cleared after transferring the host to other teams.
|
||||
- Fixed a bug where the returned `count` field included hosts that the user did not have permission to see.
|
||||
- Fixed issue where resolved_in_version was not returning if the version number differed by a 4th part.
|
||||
- Fixed MySQL sort buffer overflow when fetching activities.
|
||||
- Fixed a bug with users not being collected on Linux devices.
|
||||
- Fixed typo in Powershell scripts for installing Windows software.
|
||||
- Fixed an issue with software severity column display in Fleet UI.
|
||||
- Fixed the icon on Software OS table to show a Linux icon for Linux operating systems.
|
||||
- Fixed missing tooltips in disabled "Calendar events" manage automations dropdown option.
|
||||
- Updated switched accordion text.
|
||||
- Updated sort the host details page queries table case-insensitively.
|
||||
- Added support for ExternalId in STS Assume Role APIs.
|
||||
|
||||
## Fleet 4.49.4 (May 20, 2024)
|
||||
|
||||
### Bug fixes
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
Fixed MySQL sort buffer overflow when fetching activities. This issue happened when activities contained very large details, such as large SQL queries.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
- Added functionality to filter hosts by software installer status.
|
||||
- Added endpoints to upload, delete, and download software installers.
|
||||
- Added endpoints to get host software install results.
|
||||
- Updated activity feeds to include software installer activities.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- UI Change: Team queries page renders team level and inherited queries in a single table set by a new merge_inherited API parameter
|
||||
- UI Change: Team policies page renders team level and inherited policies in a single table set by a new merge_inherited API parameter
|
||||
|
|
@ -1 +0,0 @@
|
|||
Updated MySQL host_operating_system insert statement to reduce table lock time and optimize performance for the common case.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Optimized policy_stats updates to NOT lock the policy_membership table. This should improve performance on deployments with a large number of global policies and team hosts.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Added flag to enable deletion of old activities and associated data in cleanup cron job (`activity_expiry_settings.activity_expiry_enabled` and `activity_expiry_settings.activity_expiry_window`). The cleanup cron job deletes up to 5000 expired activities on each hourly run (thus, up to ~120,000 expired activities are cleaned up a day).
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Add advanced setting to set expiry window for activity log
|
||||
|
|
@ -1 +0,0 @@
|
|||
- improved Windows OS version reporting
|
||||
|
|
@ -1 +0,0 @@
|
|||
- fixed issue where resolved_in_version was not returning if the version number differed by a 4th part
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Add support for uploading and running zsh scripts on macOS and Linux hosts
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI: Improve URL and email validation
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Add an informative flash message when the user tries to save a query with invalid platform(s).
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Adds the `/software/install/results/:install_uuid` endpoint, which can be used to get the results
|
||||
for a software install attempt.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fixed ingestion of private IPv6 address from agent. Host details page can now display private IPv6 address if private IPv4 does not exist.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed bug where hosts query results were not cleared after transferring the host to other teams.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed an issue on Windows hosts enrolled in MDM via Azure AD where the command to install Fleetd on the device was sent repeatedly, even though `fleetd` had been properly installed.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Added `--async` and `--quiet` to `fleetctl run-script` as well as allowing the contents of the script to be inline.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Added a new command `fleetctl api` to be able to easily use fleetctl to hit any REST endpoint via the cli.
|
||||
|
|
@ -1 +0,0 @@
|
|||
When updating a policy's 'platform' field, the aggregated policy stats are now cleared.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed bug where Linux host wipe would repeat if the host got re-enrolled
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
Added `/api/_version_/fleet/autofill/policy` endpoint to get autogenerated policy description and resolution for a given SQL query.
|
||||
- Fleet server will communicate with https://fleetdm.com to get the AI generated policy description and resolution.
|
||||
|
||||
Added `server_settings.ai_features_disabled` setting to disable the above endpoint.
|
||||
|
||||
For Google calendar integration,
|
||||
- changed the event title to: "💻🚫 Scheduled maintenance"
|
||||
- updated event description to include policy description and resolution if only one policy is failing
|
||||
|
|
@ -1 +0,0 @@
|
|||
Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added support to extract package name and version from software installers.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the `GET /api/v1/fleet/hosts/{id}/software` (and corresponding token-authenticated endpoint for the "My device" page) to list the installed (and available for install) software for the host.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added `software` team setting to add software installers in YAML files for `fleetctl apply` and `fleetctl gitops`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Implemented an S3-based and local filesystem-based storage abstraction for software installers.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Adds support to the global activity feed for "Added software" and "Deleted software" actions.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed a bug where the returned `count` field (the count of hosts in a label) as returned by the "Add label", "Update label" and "Get label" endpoints included hosts that the user did not have the permission to see, unlike the "List labels" endpoint which was correct.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* fleetctl prints team id as part of the `fleetctl get teams` command
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed a bug with users not gathered on Linux devices.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Add support for escaping `$` (with `\`) in gitops yaml files.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Update Windows vulnerabilities to link to NVD instead of Microsoft, aligning with all other vulnerabilities.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
Built-in labels can now be applied via `fleetctl apply` as long as no changes are made to them. This allows the following workflow:
|
||||
1. `fleetctl get labels --yaml > labels.yml`
|
||||
2. (Optional) Edit/add non-built in labels in labels.yml
|
||||
3. `fleetctl apply -f labels.yml`
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI: Fix icon on Software OS table to show a Linux icon for Linux operating systems
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixes a bug where an MDM profile that wasn't present on a host wasn't removed from it in Fleet.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed a bug that prevented the Fleet server to start if Windows MDM was configured but Apple MDM wasn't
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Restore missing tooltips when hovering over the disabled "Calendar events" manage automations
|
||||
dropdown option.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- now supporting oval vulnerability scanning on Ubuntu 22.10, 23.04, 23.10, and 24.04
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI: Fix host expiry window setting to be able to save
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
Improvements to `fleetctl gitops` command:
|
||||
- Added the ability to pass multiple files, like `fleetctl gitops -f file1 -f file2`, where the first file must be the global configuration
|
||||
- Added the ability to remove teams that were not specified in team configs using the switch `--delete-other-teams`
|
||||
- When passing a global config and team config during initial configuration, the `org_settings.mdm.apple_bm_default_team` value can be set to match the team that will be created by the provided team config.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Update switched accordion text
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added a `cron` job to periodically remove unused software installers from the store.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the `POST /api/fleet/orbit/software_install/result` endpoint for fleetd to send results for a software installation attempt.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fixed bug where updating user via `/api/v1/fleet/users/:id` endpoint sometimes did not update the activity feed and returned the un-updated user object.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added software installation to the host's upcoming and past activities.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Added the new `sofa_security_release_info` and `sofa_unpatched_cves` tables from `macadmins/osquery-extension` 1.0.1
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the uninstalled but available software installers to the response payload of the "List software titles" endpoint (`GET /software/titles`).
|
||||
|
|
@ -1 +0,0 @@
|
|||
Optimized master DB accesses during host software ingestion.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix a bug where a singular software version in the Software table generated a tooltip unnecessarily.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fleet UI Bug fix: Fleet free doesn't return software severity so that column should be hidden
|
||||
|
|
@ -1 +0,0 @@
|
|||
Removed unsupported detailed queries for fleetd-chrome hosts.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Sort the host details page queries table case-insensitively.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed an issue with SCEP renewals that could prevent commands to renew to be enqueued.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixes a bug that caused the `GET /software/titles` endpoint to ignore the team filter for uploaded software.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Improved handling of different scenarios and edge cases when hosts turn on/off MDM.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add ability to upload software from the UI
|
||||
|
|
@ -1 +0,0 @@
|
|||
- udpates software page to support new add software feature.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- fix issue with uploading of some signed apple mobileconfig profiles
|
||||
|
|
@ -1 +0,0 @@
|
|||
Add support for ExternalId in STS Assume Role APIs
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixes some typos that were in the Powershell scripts for installing Windows software.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Adds a missing field `software_package` to the response from the List Software Titles endpoint.
|
||||
|
|
@ -8,7 +8,7 @@ version: v6.0.2
|
|||
home: https://github.com/fleetdm/fleet
|
||||
sources:
|
||||
- https://github.com/fleetdm/fleet.git
|
||||
appVersion: v4.49.4
|
||||
appVersion: v4.50.0
|
||||
dependencies:
|
||||
- name: mysql
|
||||
condition: mysql.enabled
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# All settings related to how Fleet is deployed in Kubernetes
|
||||
hostName: fleet.localhost
|
||||
replicas: 3 # The number of Fleet instances to deploy
|
||||
imageTag: v4.49.4 # Version of Fleet to deploy
|
||||
imageTag: v4.50.0 # Version of Fleet to deploy
|
||||
podAnnotations: {} # Additional annotations to add to the Fleet pod
|
||||
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ variable "database_name" {
|
|||
|
||||
variable "fleet_image" {
|
||||
description = "the name of the container image to run"
|
||||
default = "fleetdm/fleet:v4.49.4"
|
||||
default = "fleetdm/fleet:v4.50.0"
|
||||
}
|
||||
|
||||
variable "software_inventory" {
|
||||
|
|
|
|||
|
|
@ -68,5 +68,5 @@ variable "redis_mem" {
|
|||
}
|
||||
|
||||
variable "image" {
|
||||
default = "fleet:v4.49.4"
|
||||
default = "fleet:v4.50.0"
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -13,7 +13,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.49.4")
|
||||
image = optional(string, "fleetdm/fleet:v4.50.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.49.4")
|
||||
image = optional(string, "fleetdm/fleet:v4.50.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ provider "aws" {
|
|||
}
|
||||
|
||||
locals {
|
||||
fleet_image = "fleetdm/fleet:v4.49.4"
|
||||
fleet_image = "fleetdm/fleet:v4.50.0"
|
||||
domain_name = "example.com"
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -167,7 +167,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.49.4")
|
||||
image = optional(string, "fleetdm/fleet:v4.50.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -59,8 +59,8 @@ module "fleet" {
|
|||
|
||||
fleet_config = {
|
||||
# To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror
|
||||
# for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.49.4"
|
||||
image = "fleetdm/fleet:v4.49.4" # override default to deploy the image you desire
|
||||
# for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.50.0"
|
||||
image = "fleetdm/fleet:v4.50.0" # override default to deploy the image you desire
|
||||
# See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling
|
||||
# memory and cpu.
|
||||
autoscaling = {
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.49.4")
|
||||
image = optional(string, "fleetdm/fleet:v4.50.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "fleetctl",
|
||||
"version": "v4.49.4",
|
||||
"version": "v4.50.0",
|
||||
"description": "Installer for the fleetctl CLI tool",
|
||||
"bin": {
|
||||
"fleetctl": "./run.js"
|
||||
|
|
|
|||
Loading…
Reference in a new issue