mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
Adding changes for Fleet v4.51.0 (#19601)
This commit is contained in:
Luke Heath
GitHub
parent
be753af9d6
commit
fbe9c1b498
58 changed files with 66 additions and 75 deletions
43
CHANGELOG.md
43
CHANGELOG.md
|
|
@ -1,3 +1,46 @@
|
|||
## Fleet 4.51.0 (Jun 10, 2024)
|
||||
|
||||
### Endpoint Operations
|
||||
- Added support for environment variables in configuration profiles for GitOps.
|
||||
- `fleetctl gitops --dry-run` now errors on duplicate (or conflicting) global/team enroll secrets.
|
||||
- Added `activities_webhook` configuration option to allow for a webhook to be called when an activity is recorded. This can be used to send activity data to external services. If the webhook response is a 429 error code, the webhook retries for up to 30 minutes.
|
||||
- Added Tuxedo OS to the Linux distribution platform list.
|
||||
|
||||
### Device Management (MDM)
|
||||
- **NOTE:** Added new required Fleet server config environment variable when MDM is enabled,
|
||||
`FLEET_SERVER_PRIVATE_KEY`. This variable contains the private key used to encrypt the MDM
|
||||
certificates and keys stored in Fleet. Learm more at
|
||||
https://fleetdm.com/learn-more-about/fleet-server-private-key.
|
||||
- Added MDM support for iPhone/iPad.
|
||||
- Added software self-service support.
|
||||
- Added query parameter `self_service` to filter the list of software titles and the list of a host's software so that only those available to install via self-service are returned.
|
||||
- Added the device-authenticated endpoint `POST /device/{token}/software/install/{software_title_id}` to self-install software.
|
||||
- Added new endpoints to configure ABM keypairs and tokens.
|
||||
- Added `GET /fleet/mdm/apple/request_csr` endpoint, which returns the signed APNS CSR needed to activate Apple MDM.
|
||||
- Added the ability to automatically log off and lock out `Administrator` users on Windows hosts.
|
||||
- Added clearer error messages when attempting to set up Apple MDM without a server private key configured.
|
||||
- Added UI for the global and host activities for self-service software installation.
|
||||
- Updated UI to support new workflows for macOS MDM setup and credentials.
|
||||
- Updated UI to support software self-service features.
|
||||
- Updated UI controls page language and hid CTA button for users without access to turn on MDM.
|
||||
|
||||
### Vulnerability Management
|
||||
- Updated the CIS policies for Windows 11 Enterprise from v2.0.0 (03-07-2023) to v3.0.0 (02-22-2024).
|
||||
- Fleet now detects Ubuntu kernel vulnerabilities from the Canonical OVAL feed.
|
||||
- Fleet now detects and reports vulnerabilities on Firefox ESR editions on macOS.
|
||||
|
||||
### Bug fixes and improvements
|
||||
- Fixed a bug that might prevent enqueuing commands to renew SCEP certificates if the host was enrolled more than once.
|
||||
- Prevented the `host_id`s field from being returned from the list labels endpoint.
|
||||
- Improved software ingestion performance by deduplicating incoming software.
|
||||
- Placed all form field label tooltips on top.
|
||||
- Fixed a number of related issues with the filtering and sorting of the queries table.
|
||||
- Added various optimizations to the rendering of the queries table.
|
||||
- Fixed host query page styling bugs.
|
||||
- Fixed a UI bug where "Wipe" action was not being hidden from observers.
|
||||
- Fixed UI bug for builtin label names for selecting targets.
|
||||
- Removed references to Administrator accounts in the comments of the Windows lock script.
|
||||
|
||||
## Fleet 4.50.2 (May 31, 2024)
|
||||
|
||||
### Bug fixes
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
- Updated UI to support new workflows for macOS MDM setup and credentials.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Improved software ingestion performance by deduplicating incoming software.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
Added `activities_webhook` configuration option to allow for a webhook to be called when an activity is recorded. This can be used to send activity data to external services.
|
||||
If the webhook response is a 429 error code, the webhook retries for up to 30 minutes.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Update Go version to go1.22.3
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Support environment variables in configuration profiles for GitOps.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Bulk Host Delete and Transfer now support status and labelID filters together
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Updated UI to support software self-service features.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI: Updated look to license expiration banner
|
||||
|
|
@ -1 +0,0 @@
|
|||
- fleet now detects Ubuntu kernel vulnerabilities from the Canonical OVAL feed
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added MDM support for iPhone/iPad.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- detect and report vulnerabilities on Firefox ESR editions on macOS
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Adds the ability to automatically log off and lock out `Administrator` users on Windows hosts.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Prevent the `host_id`s field from being returned from the list labels endpoint.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI fix: Switching team resets to page 0 for all software and policy tables
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Place all form field label tooltips on top
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added query parameter `self_service` to filter the list of software titles and the list of a host's software so that only those available to install via self-service are returned.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the device-authenticated endpoint `POST /device/{token}/software/install/{software_title_id}` to self-install software.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the `self_service` field to `fleetctl apply` and `fleetctl gitops` YAML configuration files.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
MySQL query optimizations:
|
||||
- During software ingestion, switched to updating last_opened_at as a batch (for 1 host).
|
||||
- Removed DELETE FROM software statement that ran for every host update (when software was deleted). The cleanup of unused software is now only done during the vulnerability job.
|
||||
- `/api/v1/fleet/software/versions/:id` endpoint can return software even if it has been recently deleted from all hosts. During hourly cleanup, this software item will be removed from the database.
|
||||
- Moved aggregated query stats calculations to read replica DB to reduce load on the master.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added the `self_install` and `software_package` fields to the `installed_software` activity.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Updated the CIS policies for Windows 11 Enterprise fro v2.0.0 - 03-07-2023 to v3.0.0 - 02-22-2024
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Fix a number of related issues with the filtering and sorting of the queries table.
|
||||
- Add various optimizations to the rendering of the queries table.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI: Updates to controls page language and hide CTA button for users without access to turn on MDM
|
||||
|
|
@ -1 +0,0 @@
|
|||
- UI: Fix builtin label names for selecting targets
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Adds a `GET /fleet/mdm/apple/request_csr` endpoint, which returns the signed APNS CSR needed to
|
||||
activate Apple MDM.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added webhook for the activity feed.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Added additional statistics items as part of our quality telemetry.
|
||||
|
|
@ -1 +0,0 @@
|
|||
`fleetctl gitops --dry-run` now errors on duplicate (or conflicting) global/team enroll secrets.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Fix host query page styling bugs
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added new endpoints to configure ABM keypairs and tokens
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- Fixed UI bug where "Wipe" action was not being hidden from observers (note: this is only a
|
||||
frontend bug and any observer that attempted to perform this action would be forbidden by the
|
||||
backend).
|
||||
|
|
@ -1 +0,0 @@
|
|||
Live queries now work via UI with large (~1 second) replication lag (for master-replica DB setup).
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Fixed a bug that might prevent enqueing commands to renew SCEP certificates if the host was enrolled more than once.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Adds clearer error messages when attempting to set up Apple MDM without a server private key configured.
|
||||
|
|
@ -1 +0,0 @@
|
|||
* Added Tuxedo OS to the Linux distribution platform list.
|
||||
|
|
@ -1 +0,0 @@
|
|||
- add UI for the global and host activities for self-service software installation
|
||||
|
|
@ -1 +0,0 @@
|
|||
- Removes references to Administrator accounts in the comments of the Windows lock script.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Updates the private key requirements to allow keys longer than 32 bytes
|
||||
- Adds documentation around the new `FLEET_SERVER_PRIVATE_KEY` var
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Adds 2 new endpoints: `POST` and `DELETE /fleet/mdm/apple/apns_certificate`. These endpoints let
|
||||
users manage APNS certificates in Fleet.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
- Adds a new Fleet server config variable, `FLEET_SERVER_PRIVATE_KEY`. This variable contains the
|
||||
private key used to encrypt the MDM certificates and keys stored in Fleet.
|
||||
|
|
@ -8,7 +8,7 @@ version: v6.0.2
|
|||
home: https://github.com/fleetdm/fleet
|
||||
sources:
|
||||
- https://github.com/fleetdm/fleet.git
|
||||
appVersion: v4.50.2
|
||||
appVersion: v4.51.0
|
||||
dependencies:
|
||||
- name: mysql
|
||||
condition: mysql.enabled
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# All settings related to how Fleet is deployed in Kubernetes
|
||||
hostName: fleet.localhost
|
||||
replicas: 3 # The number of Fleet instances to deploy
|
||||
imageTag: v4.50.2 # Version of Fleet to deploy
|
||||
imageTag: v4.51.0 # Version of Fleet to deploy
|
||||
podAnnotations: {} # Additional annotations to add to the Fleet pod
|
||||
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ variable "database_name" {
|
|||
|
||||
variable "fleet_image" {
|
||||
description = "the name of the container image to run"
|
||||
default = "fleetdm/fleet:v4.50.2"
|
||||
default = "fleetdm/fleet:v4.51.0"
|
||||
}
|
||||
|
||||
variable "software_inventory" {
|
||||
|
|
|
|||
|
|
@ -68,5 +68,5 @@ variable "redis_mem" {
|
|||
}
|
||||
|
||||
variable "image" {
|
||||
default = "fleet:v4.50.2"
|
||||
default = "fleet:v4.51.0"
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -24,7 +24,7 @@ variable "fleet_config" {
|
|||
vuln_processing_cpu = optional(number, 2048)
|
||||
vuln_data_stream_mem = optional(number, 1024)
|
||||
vuln_data_stream_cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.31.1")
|
||||
image = optional(string, "fleetdm/fleet:v4.51.0")
|
||||
family = optional(string, "fleet-vuln-processing")
|
||||
sidecars = optional(list(any), [])
|
||||
extra_environment_variables = optional(map(string), {})
|
||||
|
|
@ -82,7 +82,7 @@ variable "fleet_config" {
|
|||
vuln_processing_cpu = 2048
|
||||
vuln_data_stream_mem = 1024
|
||||
vuln_data_stream_cpu = 512
|
||||
image = "fleetdm/fleet:v4.31.1"
|
||||
image = "fleetdm/fleet:v4.51.0"
|
||||
family = "fleet-vuln-processing"
|
||||
sidecars = []
|
||||
extra_environment_variables = {}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -13,7 +13,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.50.2")
|
||||
image = optional(string, "fleetdm/fleet:v4.51.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
@ -97,7 +97,7 @@ variable "fleet_config" {
|
|||
default = {
|
||||
mem = 512
|
||||
cpu = 256
|
||||
image = "fleetdm/fleet:v4.31.1"
|
||||
image = "fleetdm/fleet:v4.51.0"
|
||||
family = "fleet"
|
||||
sidecars = []
|
||||
depends_on = []
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.50.2")
|
||||
image = optional(string, "fleetdm/fleet:v4.51.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
@ -172,7 +172,7 @@ variable "fleet_config" {
|
|||
default = {
|
||||
mem = 512
|
||||
cpu = 256
|
||||
image = "fleetdm/fleet:v4.31.1"
|
||||
image = "fleetdm/fleet:v4.51.0"
|
||||
family = "fleet"
|
||||
sidecars = []
|
||||
depends_on = []
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ provider "aws" {
|
|||
}
|
||||
|
||||
locals {
|
||||
fleet_image = "fleetdm/fleet:v4.50.2"
|
||||
fleet_image = "fleetdm/fleet:v4.51.0"
|
||||
domain_name = "example.com"
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -167,7 +167,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.50.2")
|
||||
image = optional(string, "fleetdm/fleet:v4.51.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
@ -265,7 +265,7 @@ variable "fleet_config" {
|
|||
default = {
|
||||
mem = 512
|
||||
cpu = 256
|
||||
image = "fleetdm/fleet:v4.31.1"
|
||||
image = "fleetdm/fleet:v4.51.0"
|
||||
family = "fleet"
|
||||
sidecars = []
|
||||
depends_on = []
|
||||
|
|
|
|||
|
|
@ -63,8 +63,8 @@ module "fleet" {
|
|||
|
||||
fleet_config = {
|
||||
# To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror
|
||||
# for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.50.2"
|
||||
image = "fleetdm/fleet:v4.50.2" # override default to deploy the image you desire
|
||||
# for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.51.0"
|
||||
image = "fleetdm/fleet:v4.51.0" # override default to deploy the image you desire
|
||||
# See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling
|
||||
# memory and cpu.
|
||||
autoscaling = {
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ variable "fleet_config" {
|
|||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.50.2")
|
||||
image = optional(string, "fleetdm/fleet:v4.51.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
|
@ -313,7 +313,7 @@ variable "fleet_config" {
|
|||
default = {
|
||||
mem = 512
|
||||
cpu = 256
|
||||
image = "fleetdm/fleet:v4.31.1"
|
||||
image = "fleetdm/fleet:v4.51.0"
|
||||
family = "fleet"
|
||||
sidecars = []
|
||||
depends_on = []
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "fleetctl",
|
||||
"version": "v4.50.2",
|
||||
"version": "v4.51.0",
|
||||
"description": "Installer for the fleetctl CLI tool",
|
||||
"bin": {
|
||||
"fleetctl": "./run.js"
|
||||
|
|
|
|||
|
|
@ -743,7 +743,7 @@ if [ "$cherry_pick_resolved" = "false" ]; then
|
|||
prs_for_issue=`gh api repos/fleetdm/fleet/issues/$issue/timeline --paginate | jq -r '.[]' | $GREP_CMD "fleetdm/fleet/" | $GREP_CMD -oP "pulls\/\K(?:\d+)"`
|
||||
echo -n "https://github.com/fleetdm/fleet/issues/$issue"
|
||||
if [[ "$prs_for_issue" == "" ]]; then
|
||||
echo -n "NO PR's found, please verify they are not missing in the issue, if no PR's were required for this ticket please reconsider adding it to this release."
|
||||
echo -n " NO PR's found, please verify they are not missing in the issue, if no PR's were required for this ticket please reconsider adding it to this release."
|
||||
fi
|
||||
for val in $prs_for_issue; do
|
||||
echo -n " $val"
|
||||
|
|
|
|||
Loading…
Reference in a new issue