Moved team_id in Batch update configuration profiles endpoint example
from request body to the request url.
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
This PR will remain in draft as a preview of upcoming documentation
changes for 4.81.0
---------
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: kitzy <kitzy@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
Co-authored-by: melpike <79950145+melpike@users.noreply.github.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
- Add install ChatGPT script.
- Update turn on MDM script with some changes from the script above.
I tested the turn on MDM script after making these updates.
Added steps for enabling SSO for a test user in Entra.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Reading docs as part of oncall responsibilities and was reminded of
[this
discussion](https://fleetdm.slack.com/archives/C019WG4GH0A/p1771252998086309)
in Slack by Martin which referenced a recent JS module change that broke
`make generate` until developers ran `rm -rf node_modules`, so I added a
callout in the FAQ for it since I think this has happened a few times in
the past year
- Instead, changes to activity will be specified as a PR to
`audit-logs.md` in the reference doc release branch just like API and
YAML (GitOps) changes
Updated web clip template to match what we do in dogfood, except it's
using Fleet logo as an icon.
I also created a base64 icon as a single line to improve readability.
I removed the "full screen" option, so self-service now opens in the
default browser. This way, if a customer uses Jira or a similar tool as
the organization support URL, they don't need to re-authenticate.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#39227
---------
Co-authored-by: Luke Heath <luke@fleetdm.com>
@ddribeiro After talking with Noah about troubleshooting and logs, I
thought it would be good if we created a user-facing guide for
troubleshooting. Our CSEs frequently send the same troubleshooting
information to customers when they report issues. We can empower
customers with one resource that they can work through, reducing the
significant amount of time in back-and-forth steps sent over Slack.
Also, we've talked about pulling the "Finding fleetd logs" section out
of the [Enroll hosts](https://fleetdm.com/guides/enroll-hosts) guide.
Perhaps when this is complete, we can link to this document from that
guide.
This certainly doesn't contain everything! Please bring the CSEs in to
flesh this out since they're in the day-to-day and have much more
knowledge regarding this than I do.
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Closes#38916
Related: #34993, #33985, fleetdm/confidential#13228
## Changes
**Article update** (`articles/windows-mdm-setup.md`)
- Adds "Migrating from another MDM solution" subsection under **Manual
enrollment** with overview of common migration issues and links to
remediation scripts
**New scripts** (`docs/solutions/windows/scripts/`)
- `reset-mdm-enrollment-flag.ps1` — Resets MmpcEnrollmentFlag blocking
MDM status after migration
- `remove-stale-mdm-enrollment-records.ps1` — Clears orphaned enrollment
GUIDs, AAD discovery cache, and MS DM Server cache
- `fix-workplace-join-configuration.ps1` — Re-enables
Automatic-Device-Join task and configures Workplace Join policies
- `remove-unreachable-wsus-configuration.ps1` — Removes unreachable WSUS
server config that breaks Windows Update
## Context
Customers migrating Windows hosts from Intune to Fleet have been hitting
recurring enrollment issues, MDM status stuck on "Off," enrollment
errors (`0x80190190`, `0x8018000a`), and Windows Update breakage from
leftover RMM agents. These scripts consolidate the workarounds from
multiple customer engagements into self-serve remediation that can be
deployed via **Controls > Scripts**.
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34620
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Bug Fixes
* Fixed an issue where macOS app names could become empty after removing
the ".app" extension. The app name extraction logic now correctly
handles edge cases, ensuring app names are properly ingested without
empty values.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#38322
This PR utilizes the ping/status ticker that sees if the device is
Unmanaged (aka. not enrolled from a Fleet server perspective), if the
Migrate to Fleet flow before had set the `mdm_migration.txt` file, but
somehow not successfully unenrolled the device, we now keep sending it
if you trigger the modal again.
We wait 90seconds after start, so at most the user can go through the
flow every 90s, but the server has a hard limit on at most one webhook
every 3m, but still it means the user can wait a bit and retry and still
see the webhook gets sent now.
_PS: Updated the old migration test to go from 1,5m to ~2s execution
time with parallel and configurable waitForUnenrollment time (to allow
test to set lower values)
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
## fleetd/orbit/Fleet Desktop
- [x] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [x] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [x] Verified that fleetd runs on macOS, Linux and Windows
- [x] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
---------
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
## Changes
Fixes incorrect YAML example in
`docs/Configuration/agent-configuration.md` where `command_line_flags`
was shown nested under `config:` instead of at the top level.
**File changed:** `docs/Configuration/agent-configuration.md`
## What was wrong
The example in the `## config` section showed `command_line_flags`
indented under `config:`:
```yaml
config:
options:
distributed_interval: 3
...
command_line_flags: # ❌ WRONG - nested under config
verbose: true
...
decorators:
...
```
This is incorrect and causes the following error when applied via
`fleetctl apply` for team YAML files:
```
Error: applying teams: POST /api/latest/fleet/spec/teams received status 400 Bad Request:
"command_line_flags" should be part of the top level object
```
## Correct placement
Per the original implementation in
[#7377](https://github.com/fleetdm/fleet/issues/7377),
`command_line_flags` must be a **top-level key** under `agent_options`,
at the same level as `config:`:
```yaml
config:
options:
distributed_interval: 3
...
decorators:
...
yara:
...
command_line_flags: # ✅ CORRECT - top level, sibling of config
verbose: true
...
```
This is consistent with:
- The [Configuration files
docs](https://fleetdm.com/docs/configuration/configuration-files) which
correctly show `command_line_flags: {}` at the top level
- Issue #7377 which states: *"The overrides setting does not accommodate
command_line_flags, which is why it is only allowed at the top-level
(and not inside config or every override)"*
- The overrides section of the same page which notes: *"the
command_line_flags key is not supported in the overrides"*
## Related issues
- Closes: https://github.com/fleetdm/confidential/issues/14206
- Closes: https://github.com/fleetdm/confidential/issues/14207
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Discussed at
https://macadmins.slack.com/archives/C0214NELAE7/p1769719765777279
- The endpoints for marking a device as unmanaged and sending an
unmanage command were deprecated and no longer work. The endpoint for
looking up a device by serial number was also deprecated, so I've
proactively updated it.
- The whole story is now refactored and simplified.
- Also fixed a link in the `tines` README.
Resolves#35366
The false negative was caused by a mismatch in product name translation
for `acrobat_reader_dc`. The resolution required platform-specific logic
to accurately identify the "Document Cloud" (DC) variants.
This pull request updates the Okta Verify on Windows SCEP configuration
documentation and profile to simplify deployment with Fleet and reduce
manual steps. The changes make the process more reliable by
standardizing variable usage, improving instructions, and automating
certificate enrollment.
**Key improvements and changes:**
**Documentation and workflow simplification:**
- The guide in
`articles/enable-okta-verify-on-windows-using-a-scep-configuration-profile.md`
was rewritten for clarity and to reflect the new automated approach.
Manual editing of XML and scripts is no longer needed; Fleet-managed
variables and secrets now handle all required values. Steps for
gathering prerequisites, deploying, verifying, and renewing certificates
are streamlined, and troubleshooting guidance is expanded.
- The subject name in the certificate is now set to use the hardware
serial (`$FLEET_VAR_HOST_HARDWARE_SERIAL`) instead of the host UUID,
improving uniqueness and traceability.
([docs/solutions/windows/configuration-profiles/install Okta attestation
certificate -
[Bundle].xmlL77-R89](diffhunk://#diff-d8fc2c8add5725599bdc41a7b417dc3978cfc34eb6fcb8950db513f2b5799aa5L77-R89))
**Secret management and security:**
- The configuration profile now references Fleet secrets
(`$FLEET_SECRET_OKTA_SCEP_URL`, `$FLEET_SECRET_OKTA_SCEP_CHALLENGE`,
`$FLEET_SECRET_OKTA_CA_THUMBPRINT`) directly, removing the need for
manual substitution and reducing risk of misconfiguration.
([docs/solutions/windows/configuration-profiles/install Okta attestation
certificate -
[Bundle].xmlL98-R141](diffhunk://#diff-d8fc2c8add5725599bdc41a7b417dc3978cfc34eb6fcb8950db513f2b5799aa5L98-R141))
**Automated certificate enrollment:**
- An `<Exec>` command is added to the XML profile to automatically
trigger SCEP enrollment upon deployment, further reducing manual
intervention. ([docs/solutions/windows/configuration-profiles/install
Okta attestation certificate -
[Bundle].xmlL98-R141](diffhunk://#diff-d8fc2c8add5725599bdc41a7b417dc3978cfc34eb6fcb8950db513f2b5799aa5L98-R141))
These changes make the Okta Verify SCEP configuration for Windows much
easier to deploy and maintain, with improved automation and clearer
instructions.
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
This PR will remain in draft as a preview of upcoming documentation
changes for 4.80.0
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Nico <32375741+nulmete@users.noreply.github.com>
Co-authored-by: Luke Heath <luke@fleetdm.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#38223
Retrospective action item from a prior sprint. Do we want to link this
somewhere like the bug template or is it enough to share it with our
customer-facing employees?
---------
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
A customer just commented that it would be more relevant if this note
block for the Entity ID was above the screenshot, since it goes with the
preceding paragraph.
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
- During Product office hours on 2025-12-23, we learned that no one on
the call knew what the current request body format was for API endpoints
that take `multipart/form-data`
- We think the updated format is more friendly for humans who are using
curl/Postman
- We later learned that this the current format is the raw request
(formatted by a browser or curl command)
- Also update "form" to "body" in the "Parameters" table. We learned
that the form data is actually part the body. Postman's UI shows this.
Rephrase instructions for creating API-only users for clarity.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35696
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#37264
Adds a fleet maintained app example with the new `slug` field in the
response for `/software/batch/:request_uuid` from #38497
See the PR above for an explanation on why this was added.
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
This PR will remain in draft as a preview of upcoming documentation
changes for 4.79.0
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: melpike <79950145+melpike@users.noreply.github.com>
Co-authored-by: Steven Palmesano <3100993+spalmesano0@users.noreply.github.com>
Co-authored-by: Carlo <1778532+cdcme@users.noreply.github.com>
- Document which keys are supported on which platforms.
- Separate feature request to come up with a cross-platform name for
`macos_setup` is here: https://github.com/fleetdm/fleet/issues/33059
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** For #33391
## Testing
- [X] Added/updated automated tests
there's a number of tests for this, if they still pass we're in good
shape
- [X] QA'd all new/changed functionality manually
I tested the front-end successfully, and saw an auto-update go through
on an ipad. Also verified that the activity metadata is correct.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35458
# Details
This PR adds new metadata to the `ActivityEditedAppStoreApp` activity
relating to the app's auto-update schedule. The data will be included
with every `ActivityEditedAppStoreApp` activity regardless of whether
the values changed. I have an open question about this on the [activity
docs
PR](https://github.com/fleetdm/fleet/pull/36534/changes#r2648884183).
One functional change to note here is that the act of recording the
activity has been moved up a level into the endpoint code, because the
activity now contains metadata from two different service methods (one
that updates the VPP app, and one that creates the auto-update
schedule).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
**Related issue:** Resolves#37854
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
Adds instructions on how to set up a NATS server locally to use as a log
destination.
Follow-up of https://github.com/fleetdm/fleet/pull/36527.
**Related issue:** Resolves
[34890](https://github.com/fleetdm/fleet/issues/34890)
# Checklist for submitter
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
## New Fleet configuration settings
Looking at other log destinations, I couldn't find anything relevant in
GitOps. Please let me know if I missed something, however.
## fleetd/orbit/Fleet Desktop
I've tested this on both Linux and MacOS.
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: nulmete <nicoulmete1@gmail.com>
Sorry for having so many PRs on this one!
Thank you again for correcting my original formatting. I was looking
over this more and wanted to improve how it appears on the site for
better readability.
Resolves#37686.
Rolling back the detail query change in
527c2230e9.
The test in the original commit was not related to the change so I kept
it as it was added to make sure order of processing of query results.
I tested the ingested device ID matches the one in Entra and that Yes/No
compliant functionality works as expected.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] QA'd all new/changed functionality manually
**Related issue:** #35554
Ability to add multiple `platform` values is added to "List setup
experience software" (`GET api/v1/fleet/setup_experience/software`) in
PR #37468. This change is similar to how `platform` can be set in the
"List software" endpoint (`GET /api/v1/fleet/software/titles`).
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
This pull request adds support for two new software categories,
"Security" and "Utilities", across the application. The changes ensure
these categories are available in the database, frontend type
definitions, UI elements, documentation, and are fully tested in both
migration and integration test suites.
**Database and Migration Updates:**
* Added "Security" and "Utilities" entries to the `software_categories`
table and updated initial data in `schema.sql`.
* Introduced a new migration
(`20251210000000_AddSecurityAndUtilitiesCategories.go`) to insert/remove
these categories, with an accompanying test to verify migration
behavior.
[[1]](diffhunk://#diff-57da59e73fff8f2ffccd167299027899614281c591b79715b7000bed0e9d8516R1-R31)
[[2]](diffhunk://#diff-5e6db34b45e83ec5cf2b9cb41e4bfd4ee934f456dd9c0ae4313a448d39319c72R1-R28)
**Frontend and Documentation Updates:**
* Updated the `SoftwareCategory` type and category lists to include
"Security" and "Utilities", ensuring they appear in the UI and are
selectable.
[[1]](diffhunk://#diff-4297079e443d574eb530c70ef48de3cab80e56f783c7b395d58c31c29be6bb0eL77-R79)
[[2]](diffhunk://#diff-405dcd4f0bd6881e4b20a75212467d13c143ddc486b5c9d29ed9035033c32361R25-R26)
* Added documentation for the new categories in `yaml-files.md`.
**Testing Enhancements:**
* Added and updated tests to verify the new categories are displayed and
handled correctly in both frontend and backend integration tests.
[[1]](diffhunk://#diff-d151ee297fdaf54f8ea7027bc46de12247c43406b464265f24ade5a49cb19e49R210-R211)
[[2]](diffhunk://#diff-bbd0c5a6bc2f9a24e633031d4c6a3f5b0be7cbfe78ef1b56cdf9a7a2c32e21e2R19358-R19365)
[[3]](diffhunk://#diff-2bd8ca2ddaad7aac0c438a2afd76a26872378249f757c9c81a31005d0e57cf1fR18447-R18460)
This version shows the notification every five minutes, has a custom
title, runs in the user context, and has a more detailed message since
we no longer have the 255 character limit.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
**Related issue:** Resolves#36701
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added activity tracking for Android certificate template edits and
deletions via GitOps.
* **Chores**
* Updated certificate template batch operations to track which teams
were affected by changes.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#37088
# Details
This just adds the new activities for use in the API handler and the
front-end. I neglected to include this in the spec so I'm putting up a
quick PR to keep from adding to the back-end ticket scope.
# Checklist for submitter
No checklist items apply here; it just needs to implement what's laid
out in https://github.com/fleetdm/fleet/pull/35777/files.
---------
Co-authored-by: Juan Fernandez <juan@fleetdm.com>
Resolves#36909.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
- Add comprehensive Docker Compose deployment guide article
- Add docker-compose.yml with Fleet, MySQL, and Redis services
- Add env.example template with configuration options
- Include TLS setup options for both reverse proxy and direct TLS
- Add troubleshooting and production considerations
Resolves#33774
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#32999
And fixing newly flagged lint issues.
This PR will remain in draft as a preview of upcoming documentation
changes for 4.77.0
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Janis Watts <184028114+jmwatts@users.noreply.github.com>
Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Carlo <1778532+cdcme@users.noreply.github.com>
These are two (Latin) words, they should not be hyphenated. Found
because I was trying to use command + f to search for "ad hoc," since
that's the proper spelling.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35654Resolves#36194
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
Fixes the outdated MDM link, and adds the missing top-level links.
_The notation for integrations `#integrations-1`, is to take the second
occurence of integrations, as we have another integrations title in the
update webhook configuration._
I can see this doesn't affect the website (or shouldn't) since it uses
it's own way to generate the TOC, but will help for manually browsing
the markdown.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35309 docs changes
For more context see
https://fleetdm.slack.com/archives/C019WG4GH0A/p1763137466439419
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Adds the Ubuntu Advantage policy to the policy library that checks to see
if the file exists, and that it is attached, and expiry date has not
passed.
This can be used in combination with a script automation running `pro
attach <tokenID>`, with a tokenID configured in Fleet Variables. E.g:
`pro attach $FLEET_SECRET_UBUNTUPRO` for remediation.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
API changes for #35309
Also updates bug notes to call out fixed version.
Related PR #35651
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
> This PR to be left in draft until bug is brought into a sprint, at
which point we'll close and re-open to the correct release branch.
Changes for the following bug:
+ https://github.com/fleetdm/fleet/issues/33758
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Proposing that we update this language to match what actually happens if
you add a VPP app using an adamID (all platforms with that adamID are
added, along with any settings like self service categories, setup
experience, labels, etc.)
Added information about supported database setups and resource
provisioning for multiple Fleet instances.
Related to:
- #35400
We got a community member trying to install Fleet in a way we don't
test, but it's not explicitly documented that we don't support that way.
Corrected REST API Documentation table of contents so that the `Update
human-device mapping` heading linked to the right location in the
document and the heading in the table of contents matches the actual
heading.
Fixing broken links in the article to point to absolute paths.
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Redis 5 has been EOL for a few years, and didn't get updates for the
latest high-severity CVEs. We're already using 6 in most places
(fleetctl preview, recommended reference architectures, managed cloud
environments) so it's safe to set 6 as the new minimum.
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#33907
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
## Database migrations
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
~- [ ] Confirmed that updating the timestamps is acceptable, and will
not cause unwanted side effects.~ N/A
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Windows software inventory now includes upgrade code data for better
software identification and tracking.
* **Chores**
* Database schema updated to support upgrade code storage for software
titles and inventory records.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fixes#32072.
Biggest changes are in the foreign vitals IdP (SCIM) guide:
* Moved Android from "coming soon" to live (true as of 4.75)
* Moved Okta-specific troubleshooting under the Okta section
* Moved "Other IdPs" into its own top level section instead of partway
through the Google section (looks like the result of a bad merge)
* Added a link to the labels guide where relevant
* Various minor clarity/grammar fixes based on running through the
process end-to-end with Okta
Additionally:
* Clarity fixes on labels docs
* Noted in contributing docs the existence of the Okta Integrator Free
plan for E2E testing SSO/SCIM flows
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#33778
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
