## Demo Pasteboard management for BYOD devices
Made changes to `/it-and-security/teams/personal-mobile-devices.yml` and
`/it-and-security/lib/ios/configuration-profiles` to demo DLP
restrictions.
- Added byod-restrict-pasteboard-managed-apps.mobileconfig profile to
restrict copy/paste between managed and unmanaged apps
- Updated personal-mobile-devices team to include the new profile
- Added Google Docs, Sheets, and Drive to approved app store apps
---------
Co-authored-by: Claude <noreply@anthropic.com>
Changes:
- Updated the configuration builder to support creating Android
policies.
- Added two categories of Android settings to the configuration builder.
For #31055.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [X] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
Fixes#31353. Adds private key validation to Android MDM enterprise signup to prevent failed Android enablement when server private key is not configured.
For #26382
- Attested the signed Windows Orbit binary instead of the unsigned one.
- For both Fleet desktop and Osquery for macOS and Windows artifacts,
attested the binaries inside archives.
for #31282
# Details
This PR adds the ability to filter hosts by the "incompatible with batch
script" status. These hosts were previously included in the "Error"
state for a batch script when viewing the script summary.
The current script summary modal doesn't include a row for incompatible
(this modal will be replaced in the next iteration of the batch script
scheduling feature). To see the filter at work, you can either use the
API directly, or:
1. View the summary modal for a batch script by clicking on its activity
item in the global feed
2. Click on the number in any row (e.g. "Error" or "Pending")
3. Change the dropdown beneath the team selector to "Incompatible"
<img width="472" height="339" alt="image"
src="https://github.com/user-attachments/assets/04c6bc05-fe88-4be3-91ca-8b7162e1c6f3"
/>
Also renamed `cancelled` to `canceled` in a couple places to make the
spelling consistent.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [X] Added/updated automated tests
- [X] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [X] QA'd all new/changed functionality manually
# Details
Realized we left the feature flag in for BitLocker, so this PR removes
it. We also discussed during the last demo that "Advanced" should always
be visible, even when the "Turn on disk encryption" is not checked.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
n/a
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [X] QA'd all new/changed functionality manually
- **linux vulns API changes (#31490)**
- **31214 linux vulns optimization (#31722)**
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
## Database migrations
- [x] Checked table schema to confirm autoupdate
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
Guide for deploying CS Falcon.
Still needs a few links added, in draft for review
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
Documentation changes for 4.72.0
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Related to: #31753
Changes:
- Updated the "Deploy Fleet website" workflow to remove the
`website/assets` folder from the website's build slug when the website
deploys.
Automated update of MIN_OSQUERY_VERSION_OPTIONS with any new osquery
release. (Note: This automatic update is the solution to issue #21431)
Co-authored-by: iansltx <iansltx@users.noreply.github.com>
Changes:
- Updated the vulnerability dashboard's /dashboard page to load the
content for the graphs after the initial page load.
- Added a new action: 'get-dashboard-graph-data'. This action is called
as a `Cloud()` method by the dashboard's page script when the page
loads.
Summary
• Allow custom CISA vulnerability data source URL to work around blocked
requests
• Updates vulnerability sync logic to use configurable CISA endpoint
• Enables organizations to use CISA mirrors when direct access is
blocked
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
Fixes#31268.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
Updated Solutions Specialist responsibilities and experience to better
align with pipeline generation goals and deprioritizing direct selling.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
