mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
Prepare v4.41.0 (#15350)
This commit is contained in:
Luke Heath
GitHub
parent
5a9461872e
commit
f6cb052e7a
51 changed files with 60 additions and 86 deletions
46
CHANGELOG.md
46
CHANGELOG.md
|
|
@ -1,3 +1,49 @@
|
|||
## Fleet 4.41.0 (Nov 28, 2023)
|
||||
|
||||
### Changes
|
||||
|
||||
* **Endpoint operations**:
|
||||
- Enhanced `fleetctl` and API to support PowerShell (.ps1) scripts.
|
||||
- Updated several API endpoints to support `os_settings` filter, including Windows profiles status.
|
||||
- Enabled `after` parameter for improved pagination in various endpoints.
|
||||
- Improved the `fleet/queries/run` endpoint with better error handling.
|
||||
- Increased frequency of metrics reporting from Fleet servers to daily.
|
||||
- Added caching for policy results in MySQL for faster operations.
|
||||
|
||||
* **Device management (MDM)**:
|
||||
- Added database tables for Windows profiles support.
|
||||
- Added validation for WSTEP certificate and key pair before enabling Windows MDM.
|
||||
|
||||
* **Vulnerability management**:
|
||||
- Fleet now uses NVD API 2.0 for CVE information download.
|
||||
- Added support for JetBrains application vulnerability data.
|
||||
- Tightened software matching to reduce false positives.
|
||||
- Stopped reporting Atom editor packages in software inventory.
|
||||
- Introduced support for Windows PowerShell scripts in the UI.
|
||||
|
||||
* **UI improvements**:
|
||||
- Updated activity feed for better communication around JIT-provisioned user logins.
|
||||
- Query report now displays the host's display name instead of the hostname.
|
||||
- Improved UI components like the manage page's label filter and edit columns modal.
|
||||
- Enabled all sort headers in the UI to be fully clickable.
|
||||
- Removed the creation of OS policies from a host's operating system in the UI.
|
||||
- Ensured correct settings visibility in the Settings > Advanced section.
|
||||
|
||||
### Bug fixes
|
||||
|
||||
- Fixed long result cell truncation in live query results and query reports.
|
||||
- Fixed a Redis cluster mode detection issue for RedisLabs hosted instances.
|
||||
- Fixed a false positive vulnerability report for Citrix Workspace.
|
||||
- Fixed an edge case sorting bug related to the `last_restarted` value for hosts.
|
||||
- Fixed an issue with creating .deb installers with different enrollment keys.
|
||||
- Fixed SMTP configuration validation issues for TLS-only servers.
|
||||
- Fixed caching of team MDM configurations to improve performance at scale.
|
||||
- Fixed delete pending issue during orbit.exe installation.
|
||||
- Fixed a bug causing the disk encryption key banner to not display correctly.
|
||||
- Fixed various error code inconsistencies across endpoints.
|
||||
- Fixed filtering hosts with invalid team_id now returns a 400 error.
|
||||
- Fixed false positives in software matching for similar names.
|
||||
|
||||
## Fleet 4.40.0 (Nov 3, 2023)
|
||||
|
||||
### Changes
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
Fixes to /fleet/queries/run endpoint:
|
||||
- now returns 403 for an unauthorized user
|
||||
- now returns 400 when query_ids or host_ids are not specified
|
||||
|
|
@ -1 +0,0 @@
|
|||
When Munki is deleted and reinstalled on the host, Fleet will show Munki info again.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fixes bug where a deleted user's email would no longer show in the Activity feed for actions
|
||||
they'd taken.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fixed an edge case sorting bug by consolidating the logic for generating the `last_restarted`
|
||||
value for hosts into the backend.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Bug fix: creating 2 .deb installers one after the other with different enrollment keys no longer
|
||||
results in the last installer failing at install time.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- policy results are now cached in mysql for faster sort operations on policy counts. counts are
|
||||
updated by the cleanups_then_aggregation cron job 1X per hour by default.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fix a bug in which the manage page's label filter selection menu did not close when open and
|
||||
clicked. Added some additional UX improvements around this component.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fixes a false positive vulnerabilty report for Citrix Workspace on Windows and MacOS.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Only show the Settings > Advanced > "Host expiry window" input field when the "Host expiry"
|
||||
setting is enabled
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Update activity feed to elegantly communicate when a JIT-provisioned user logs in for the first
|
||||
time, thereby creating their account.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Allow fleetctl to configure windows mdm profiles for teams and "no team".
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- Added new endpoint `GET /mdm/profiles/summary` to get summarizes the current state of MDM
|
||||
configuration profiles on each host in the specified team (or, if no team is specified, each host
|
||||
that is not assigned to any team).
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Updated API endpoints that support `os_setttings` filter to include Windows profiles status.
|
||||
- Updated `GET /api/v1/hosts/:id` to include Windows MDM profiles.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Internally truncate very long result cells in live query results and query reports tables.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Enable the entirety of all sort headers to be clickable, except for in filter text inputs
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
Enabled support and validation of 'after' parameter for the following endpoints:
|
||||
- GET /api/v1/fleet/carves
|
||||
|
||||
Setting 'after' parameter no longer returns SQL syntax error for the following endpoints:
|
||||
- GET /api/v1/fleet/carves
|
||||
- GET /api/v1/fleet/invites
|
||||
- GET /api/v1/fleet/labels
|
||||
- GET /api/v1/fleet/packs
|
||||
- GET /api/v1/fleet/global/policies
|
||||
- GET /api/v1/fleet/teams/{id}/policies
|
||||
- GET /api/v1/fleet/queries
|
||||
- GET /api/v1/fleet/packs/{id}/scheduled
|
||||
- GET /api/v1/fleet/teams
|
||||
- GET /api/v1/fleet/users
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fixed: SMTP configuration was failing validation when attempting to send a test email to an SMTP server
|
||||
that only supports TLS
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Support Windows powershell scripts (.ps1) in the UI
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
- Updated `POST /scripts` to allow `.ps1` scripts for Windows
|
||||
- Updated `fleetctl` output to reflect support for `.ps1` scripts
|
||||
- Updated `GET /hosts/{id}/scripts` to return `.sh` scripts for MacOS hosts and `.ps1` scripts for
|
||||
Windows hosts.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Query report now shows the host display name instead of hostname.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Increase the metrics report from Fleet servers from once every 3 days to once a day.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fleet now uses the 2.0 API to download CVE information from NVD.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- - Updated the list of minimum osquery versions to include the latest releases up to 5.10.2
|
||||
|
|
@ -1 +0,0 @@
|
|||
For endpoint fleet/hosts, filtering hosts with invalid team_id now returns 400 error.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Fixed a bug causing the disk encryption key banner to not appear if the host
|
||||
had disk encryption turned on manually without FV escrow.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Stop reporting Atom editor packages in software inventory. The Atom editor is retired and the relevant tables are being removed from osquery.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
Previous fix for #13889 caused false positives on software with similar names. Tightening the matching to reduce false positive rate.
|
||||
- Google Chrome Helper.app no longer matches Google Chrome.app
|
||||
- Acrobat Uninstaller.app no longer matches Acrobat.app
|
||||
- UmbrellaMenu.app no longer matches Cisco Umbrella
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed detection of disabled Redis cluster mode for Redis hosted on RedisLabs.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- change the edit columns modal on the hosts page to show the table headers names in two columns.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added database tables to support the Windows profiles feature.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
* Added endpoint `DELETE /mdm/profiles/{id}` to delete an existing MDM profile (Windows and macOS).
|
||||
* Added endpoint `GET /mdm/profiles/{id}` to get or download an existing MDM profile (Windows and macOS).
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the `POST /mdm/profiles` endpoint to upload a Windows or macOS custom profile.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added a validation that the WSTEP certificate and key pair is configured before allowing the user to enable Windows MDM.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed caching of a team's MDM configuration so that it implements a custom cloning, avoiding performance issues at scale.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixes delete pending issue on orbit.exe during installation
|
||||
|
|
@ -1 +0,0 @@
|
|||
- * Pluralize the activity log rendered when multiple queries were deleted
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added endpoint `GET /mdm/profiles` to get a paginated list of MDM custom profiles.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Allow to save a list of Windows custom settings via yaml configs and the API.
|
||||
|
|
@ -8,7 +8,7 @@ version: v6.0.1
|
|||
home: https://github.com/fleetdm/fleet
|
||||
sources:
|
||||
- https://github.com/fleetdm/fleet.git
|
||||
appVersion: v4.40.0
|
||||
appVersion: v4.41.0
|
||||
dependencies:
|
||||
- name: mysql
|
||||
condition: mysql.enabled
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# All settings related to how Fleet is deployed in Kubernetes
|
||||
hostName: fleet.localhost
|
||||
replicas: 3 # The number of Fleet instances to deploy
|
||||
imageTag: v4.40.0 # Version of Fleet to deploy
|
||||
imageTag: v4.41.0 # Version of Fleet to deploy
|
||||
podAnnotations: {} # Additional annotations to add to the Fleet pod
|
||||
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ variable "database_name" {
|
|||
|
||||
variable "fleet_image" {
|
||||
description = "the name of the container image to run"
|
||||
default = "fleetdm/fleet:v4.40.0"
|
||||
default = "fleetdm/fleet:v4.41.0"
|
||||
}
|
||||
|
||||
variable "software_inventory" {
|
||||
|
|
|
|||
|
|
@ -68,5 +68,5 @@ variable "redis_mem" {
|
|||
}
|
||||
|
||||
variable "image" {
|
||||
default = "fleet:v4.40.0"
|
||||
default = "fleet:v4.41.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -156,8 +156,8 @@ module "jitprovisioner-lambda-warmer" {
|
|||
version = "3.0.1"
|
||||
function_name = aws_lambda_function.jitprovisioner.function_name
|
||||
function_arn = aws_lambda_function.jitprovisioner.arn
|
||||
# This just needs to have a request to parse.
|
||||
input = <<EOINPUT
|
||||
# This just needs to have a request to parse.
|
||||
input = <<EOINPUT
|
||||
{
|
||||
"requestContext": {
|
||||
"elb": {
|
||||
|
|
@ -206,7 +206,7 @@ resource "random_uuid" "jitprovisioner" {
|
|||
|
||||
# Use the local to make the trigger work.
|
||||
locals {
|
||||
fleet_tag = "v4.40.0"
|
||||
fleet_tag = "v4.41.0"
|
||||
}
|
||||
|
||||
resource "null_resource" "standard-query-library" {
|
||||
|
|
|
|||
|
|
@ -165,7 +165,7 @@ resource "helm_release" "main" {
|
|||
|
||||
set {
|
||||
name = "imageTag"
|
||||
value = "v4.40.0"
|
||||
value = "v4.41.0"
|
||||
}
|
||||
|
||||
set {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.40.0")
|
||||
image = optional(string, "fleetdm/fleet:v4.41.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.40.0")
|
||||
image = optional(string, "fleetdm/fleet:v4.41.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ provider "aws" {
|
|||
}
|
||||
|
||||
locals {
|
||||
fleet_image = "fleetdm/fleet:v4.40.0"
|
||||
fleet_image = "fleetdm/fleet:v4.41.0"
|
||||
domain_name = "example.com"
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -165,7 +165,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.40.0")
|
||||
image = optional(string, "fleetdm/fleet:v4.41.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.40.0")
|
||||
image = optional(string, "fleetdm/fleet:v4.41.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "fleetctl",
|
||||
"version": "v4.40.0",
|
||||
"version": "v4.41.0",
|
||||
"description": "Installer for the fleetctl CLI tool",
|
||||
"bin": {
|
||||
"fleetctl": "./run.js"
|
||||
|
|
|
|||
Loading…
Reference in a new issue