Prepare for 4.23.0 (#8663)

2026-04-21 13:37:30 +00:00 · 2022-11-14 16:42:21 -06:00 · 2022-11-14 16:42:21 -06:00 · af0c75e08b
commit af0c75e08b
parent f9d544be9a
47 changed files with 92 additions and 54 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,90 @@
+## Fleet 4.23.0 (Nov 14, 2022)
+
+* Added preview screenshots for Jira and Zendesk vulnerability tickets for Premium users.
+
+* Improve host detail query to populate primary ip and mac address on host.
+
+* Add option to show public IP address in Hosts table.
+
+* Improve ingress resource by replacing the template with a most recent version, that enables:
+  - Not having any annotation hardcoded, all annotations are optional.
+  - Custom path, as of now it was hardcoded to `/*`, but depending on the ingress controller, it can require an extra annotation to work with regular expressions.
+  - Specify ingressClassName, as it was hardcoded to `gce`, and this is a setting that might be different on each cluster.
+
+* Added ingestion of host orbit version from `orbit_info` osquery extension table.
+
+* Added number of hosts enrolled by orbit version to usage statistics payload.
+
+* Added number of hosts enrolled by osquery version to usage statistics payload.
+
+* Added arch and linuxmint to list of linux distros so that their data is displayed and host count includes them.
+
+* When submitting invalid agent options, inform user how to override agent options using fleetctl force flag.
+
+* Exclude Windows Servers from mdm lists and aggregated data.
+
+* Activity feed includes editing team config file using fleetctl.
+
+* Update Go to 1.19.3.
+
+* Host details page includes information about the host's disk encryption.
+
+* Information surfaced to device user includes all summary/about information surfaced in host details page.
+
+* Support low_disk_space filter for endpoint /labels/{id}/hosts.
+
+* Select targets pages implements cleaner icons.
+
+* Added validation of unknown keys for the Apply Teams Spec request payload (`POST /spec/teams` endpoint).
+
+* Orbit MSI installer now includes the necessary manifest file to use windows_event_log as a logger_plugin.
+
+* UI allows for filtering low disk space hosts by platform.
+
+* Add passed policies column on the inherited policies table for teams.
+
+* Use the MSRC security bulletins to scan for Windows vulnerabilities. Detected vulnerabilities are inserted in a new table, 'operating_system_vulnerabilities'.
+
+* Added vulnerability scores to Jira and Zendesk integrations for Fleet Premium users.
+
+* Improve database usage to prevent some deadlocks.
+
+* Added ingestion of disk encryption status for hosts, and added that flag in the response of the `GET /hosts/{id}` API endpoint.
+
+* Trying to add a host with 0 enroll secrets directs user to manage enroll secrets.
+
+* Detect Windows MDM solutions and add mdm endpoints.
+
+* Styling updates on login and forgot password pages.
+
+* Add UI polish and style fixes for query pages.
+
+* Update styling of tooltips and modals.
+
+* Update colors, issues icon.
+
+* Cleanup dashboard styling.
+
+* Add tooling for writing integration tests on the frontend.
+
+* Fixed host details page so munki card only shows for mac hosts.
+
+* Fixed a bug where duplicate vulnerability webhook requests, jira, and zendesk tickets were being
+  made when scanning for vulnerabilities. This affected ubuntu and redhat hosts that support OVAL
+  vulnerability detection.
+
+* Fixed bug where password reset token expiration was not enforced.
+
+* Fixed a bug in `fleetctl apply` for teams, where a missing `agent_options` key in the YAML spec
+  file would clear the existing agent options for the team (now it leaves it unchanged). If the key
+  is present but empty, then it clears the agent options.
+
+* Fixed bug with our CPE matching process. UTM.app was matching to the wrong CPE.
+
+* Fixed an issue where fleet would send invalid usage stats if no hosts were enrolled.
+
+* Fixed an Orbit MSI installer bug that caused Orbit files not to be removed during uninstallation.
+
 ## Fleet 4.22.1 (Oct 27, 2022)

 * Fixed the error response of the `/device/:token/desktop` endpoint causing problems on free Fleet Desktop instances on versions `1.3.x`.
--- a/changes/7860-mdm-windows
+++ b/changes/7860-mdm-windows
@ -1 +0,0 @@
-* Detect Windows MDM solutions and add mdm endpoints.
--- a/changes/8401-support-low-disk-space-filter-for-labels
+++ b/changes/8401-support-low-disk-space-filter-for-labels
@ -1 +0,0 @@
-* Support low_disk_space filter for endpoint /labels/{id}/hosts.
--- a/changes/bug-3563-msi-does-not-remove-installed-files
+++ b/changes/bug-3563-msi-does-not-remove-installed-files
@ -1 +0,0 @@
-* Fixed an Orbit MSI installer bug that caused Orbit files not to be removed during uninstallation.
--- a/changes/bug-5839-exclude-windows-mdm
+++ b/changes/bug-5839-exclude-windows-mdm
@ -1 +0,0 @@
-* Exclude Windows Servers from mdm lists and aggregated data.
--- a/changes/bug-6717-dup-vuln-webhook
+++ b/changes/bug-6717-dup-vuln-webhook
@ -1,2 +0,0 @@
-* Fixed a bug where duplicate vulnerability webhook requests, jira, and zendesk tickets were being made when scanning for vulnerabilities.
-  This affected ubuntu and redhat hosts that support OVAL vulnerability detection.
--- a/changes/bug-7943-osqueryd-windows-eventlog-manifest-file-not-present
+++ b/changes/bug-7943-osqueryd-windows-eventlog-manifest-file-not-present
@ -1 +0,0 @@
-* Orbit MSI installer now includes the necessary manifest file to use windows_event_log as a logger_plugin.
--- a/changes/bug-8145-utm.app-bad-cpe-matching
+++ b/changes/bug-8145-utm.app-bad-cpe-matching
@ -1 +0,0 @@
-* Fixed bug with our CPE matching process. UTM.app was matching to the wrong CPE.
--- a/changes/bug-8509-invalid-usage-stats
+++ b/changes/bug-8509-invalid-usage-stats
@ -1 +0,0 @@
-# Fixed an issue where fleet would send invalid usage stats if no hosts were enrolled
--- a/changes/bug-8546-low-disk-space-by-platform-filter
+++ b/changes/bug-8546-low-disk-space-by-platform-filter
@ -1 +0,0 @@
-* UI allows for filtering low disk space hosts by platform!
--- a/changes/bug-8660-software-filter-no-version
+++ b/changes/bug-8660-software-filter-no-version
@ -1 +0,0 @@
- Fix software filter when software does not have a version number
--- a/changes/feature-7494-use-msrc-bulletins-to-scan-win-vulns
+++ b/changes/feature-7494-use-msrc-bulletins-to-scan-win-vulns
@ -1,2 +0,0 @@
-* Use the MSRC security bulletins to scan for Windows vulnerabilities. Detected vulnerabilities are
-inserted in a new table, 'operating_system_vulnerabilities'.
--- a/changes/fix-some-tx-not-used
+++ b/changes/fix-some-tx-not-used
@ -1 +0,0 @@
-* Improve database usage to prevent some deadlocks
--- a/changes/improve-ingress-resource
+++ b/changes/improve-ingress-resource
@ -1,5 +0,0 @@
-Improve ingress resource by replacing the template with a most recent version, that enables:
-
- Not having any annotation hardcoded, all annotations are optional.
- Custom path, as of now it was hardcoded to `/*`, but depending on the ingress controller, it can require an extra annotation to work with regular expressions.
- Specify ingressClassName, as it was hardcoded to `gce`, and this is a setting that might be different on each cluster.
--- a/changes/issue-#8387-ui-polish-for-query-pages
+++ b/changes/issue-#8387-ui-polish-for-query-pages
@ -1 +0,0 @@
- add UI polish and style fixes for query pages
--- a/changes/issue-3906-ingest-disk-encryption
+++ b/changes/issue-3906-ingest-disk-encryption
@ -1 +0,0 @@
-* Added ingestion of disk encryption status for hosts, and added that flag in the response of the `GET /hosts/{id}` API endpoint.
--- a/changes/issue-4754-improve-primary-ip
+++ b/changes/issue-4754-improve-primary-ip
@ -1 +0,0 @@
-* Improve host detail query to populate primary ip and mac address on host.
--- a/changes/issue-7440-8226-disk-encryption-etc-host-details
+++ b/changes/issue-7440-8226-disk-encryption-etc-host-details
@ -1,2 +0,0 @@
- Host details page includes information about the host's disk encryption
- Information surfaced to device user includes all summary/about information surfaced in host details page
--- a/changes/issue-7671-add-policies-columns
+++ b/changes/issue-7671-add-policies-columns
@ -1 +0,0 @@
- add passed policies column on the inherited policies table for teams
--- a/changes/issue-7675-add-premium-jira-zendesk-screenshots
+++ b/changes/issue-7675-add-premium-jira-zendesk-screenshots
@ -1 +0,0 @@
-* Added preview screenshots for Jira and Zendesk vulnerability tickets for Premium users.
--- a/changes/issue-7675-add-vuln-scores-to-integrations
+++ b/changes/issue-7675-add-vuln-scores-to-integrations
@ -1 +0,0 @@
-* Added vulnerability scores to Jira and Zendesk integrations for Fleet Premium users.
--- a/changes/issue-7825-edit-team-config-file-fleetctl
+++ b/changes/issue-7825-edit-team-config-file-fleetctl
@ -1 +0,0 @@
-* Activity feed includes editing team config file using fleetctl
--- a/changes/issue-7830-validate-teams-unknown-keys
+++ b/changes/issue-7830-validate-teams-unknown-keys
@ -1 +0,0 @@
-* Added validation of unknown keys for the Apply Teams Spec request payload (`POST /spec/teams` endpoint).
--- a/changes/issue-7864-host-orbit-info
+++ b/changes/issue-7864-host-orbit-info
@ -1,3 +0,0 @@
- Added ingestion of host orbit version from `orbit_info` osquery extension table.
- Added number of hosts enrolled by orbit version to usage statistics payload.
- Added number of hosts enrolled by osquery version to usage statistics payload.
--- a/changes/issue-7905-public-ip-address-shown
+++ b/changes/issue-7905-public-ip-address-shown
@ -1 +0,0 @@
- Add option to show public IP address in Hosts table
--- a/changes/issue-7947-tooling-for-integration-testing-on-FE
+++ b/changes/issue-7947-tooling-for-integration-testing-on-FE
@ -1 +0,0 @@
- add tooling for writing integration tests on the frontend
--- a/changes/issue-8002-inform-user-override-agent-options-validation
+++ b/changes/issue-8002-inform-user-override-agent-options-validation
@ -1 +0,0 @@
- When submitting invalid agent options, inform user how to override agent options using fleetctl force flag
--- a/changes/issue-8033-password-reset-token-expiry
+++ b/changes/issue-8033-password-reset-token-expiry
@ -1 +0,0 @@
- Fixed bug where password reset token expiration was not enforced
--- a/changes/issue-8049-delete-enroll-secret-error
+++ b/changes/issue-8049-delete-enroll-secret-error
@ -1 +0,0 @@
-* Trying to add a host with 0 enroll secrets directs user to manage enroll secrets
--- a/changes/issue-8336-fix-fleetctl-apply-teams
+++ b/changes/issue-8336-fix-fleetctl-apply-teams
@ -1 +0,0 @@
-* Fixed a bug in `fleetctl apply` for teams, where a missing `agent_options` key in the YAML spec file would clear the existing agent options for the team (now it leaves it unchanged). If the key is present but empty, then it clears the agent options.
--- a/changes/issue-8344-add-arch-mint-linux-distros
+++ b/changes/issue-8344-add-arch-mint-linux-distros
@ -1 +0,0 @@
-* Added arch and linuxmint to list of linux distros so that their data is displayed and host count includes them
--- a/changes/issue-8384-styling-login-and-forgot-password
+++ b/changes/issue-8384-styling-login-and-forgot-password
@ -1 +0,0 @@
- styling updates on login and forgot password pages
--- a/changes/issue-8385-dashboard-styling-fixes
+++ b/changes/issue-8385-dashboard-styling-fixes
@ -1 +0,0 @@
-* Cleanup dashboard styling
--- a/changes/issue-8386-8113-styling
+++ b/changes/issue-8386-8113-styling
@ -1 +0,0 @@
-* Update colors, issues icon
--- a/changes/issue-8388-app-settings-styling
+++ b/changes/issue-8388-app-settings-styling
@ -1 +0,0 @@
-* Styling improvements to App Settings page
--- a/changes/issue-8394-styling-tooltips-and-modals
+++ b/changes/issue-8394-styling-tooltips-and-modals
@ -1 +0,0 @@
-* Update styling of tooltips and modals
--- a/changes/issue-8449-clean-icons-selecting-targets-page
+++ b/changes/issue-8449-clean-icons-selecting-targets-page
@ -1 +0,0 @@
-* Select targets pages implements cleaner icons
--- a/changes/issue-8648-muki-only-shows-for-macs
+++ b/changes/issue-8648-muki-only-shows-for-macs
@ -1 +0,0 @@
- fix host details page so munki card only shows for mac hosts
--- a/changes/issue-8699-fix-rejected-valid-agent-options
+++ b/changes/issue-8699-fix-rejected-valid-agent-options
@ -1 +0,0 @@
-* Fixed validation of agent options where valid options were being rejected (such as `exclude_paths`).
--- a/changes/issue-8702-style-changes-code-editor-table-dropdown
+++ b/changes/issue-8702-style-changes-code-editor-table-dropdown
@ -1 +0,0 @@
- change/fix styles for code editor gutter and query side panel table dropdown
--- a/changes/update-go-1.19.3
+++ b/changes/update-go-1.19.3
@ -1 +0,0 @@
-* Update Go to 1.19.3
--- a/charts/fleet/values.yaml
+++ b/charts/fleet/values.yaml
@ -2,7 +2,7 @@
 # All settings related to how Fleet is deployed in Kubernetes
 hostName: fleet.localhost
 replicas: 3 # The number of Fleet instances to deploy
-imageTag: v4.22.1 # Version of Fleet to deploy
+imageTag: v4.23.0 # Version of Fleet to deploy
 podAnnotations: {} # Additional annotations to add to the Fleet pod
 serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
 resources:
--- a/docs/Deploying/Server-Installation.md
+++ b/docs/Deploying/Server-Installation.md
@ -264,7 +264,7 @@ spec:
    spec:
      containers:
      - name: fleet
-        image: fleetdm/fleet:4.22.1
+        image: fleetdm/fleet:4.23.0
        env:
          # if running Fleet behind external ingress controller that terminates TLS
          - name: FLEET_SERVER_TLS
--- a/frontend/pages/queries/QueryPage/screens/test.js
+++ b/frontend/pages/queries/QueryPage/screens/test.js
--- a/infrastructure/dogfood/terraform/aws/variables.tf
+++ b/infrastructure/dogfood/terraform/aws/variables.tf
@ -56,7 +56,7 @@ variable "database_name" {

 variable "fleet_image" {
  description = "the name of the container image to run"
-  default     = "fleetdm/fleet:v4.22.1"
+  default     = "fleetdm/fleet:v4.23.0"
 }

 variable "software_inventory" {
--- a/infrastructure/dogfood/terraform/gcp/variables.tf
+++ b/infrastructure/dogfood/terraform/gcp/variables.tf
@ -68,5 +68,5 @@ variable "redis_mem" {
 }

 variable "image" {
-  default = "fleet:v4.22.1"
+  default = "fleet:v4.23.0"
 }
--- a/tools/fleetctl-npm/package.json
+++ b/tools/fleetctl-npm/package.json
@ -1,6 +1,6 @@
 {
  "name": "fleetctl",
-  "version": "v4.22.1",
+  "version": "v4.23.0",
  "description": "Installer for the fleetctl CLI tool",
  "bin": {
    "fleetctl": "./run.js"
				`@ -1 +0,0 @@`
				`* Detect Windows MDM solutions and add mdm endpoints.`
				`@ -1 +0,0 @@`
				`* Support low_disk_space filter for endpoint /labels/{id}/hosts.`
				`@ -1 +0,0 @@`
				`* Fixed an Orbit MSI installer bug that caused Orbit files not to be removed during uninstallation.`
				`@ -1 +0,0 @@`
				`* Exclude Windows Servers from mdm lists and aggregated data.`
				`@ -1 +0,0 @@`
				`* Orbit MSI installer now includes the necessary manifest file to use windows_event_log as a logger_plugin.`
				`@ -1 +0,0 @@`
				`* Fixed bug with our CPE matching process. UTM.app was matching to the wrong CPE.`
				`@ -1 +0,0 @@`
				`# Fixed an issue where fleet would send invalid usage stats if no hosts were enrolled`
				`@ -1 +0,0 @@`
				`* UI allows for filtering low disk space hosts by platform!`
				`@ -1 +0,0 @@`
				`- Fix software filter when software does not have a version number`
				`@ -1 +0,0 @@`
				`* Improve database usage to prevent some deadlocks`