Commit graph

22558 commits

Author SHA1 Message Date
George Karr
3140b44486
Adding changes for Fleet v4.83.2 (#43494) 2026-04-14 06:33:04 -05:00
Juan Fernandez
402f26e38d
Cherry pick: Fixed 500 and 402 on My Device page. (#41748) (#43497)
Cherrypicks https://github.com/fleetdm/fleet/pull/41748

Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
2026-04-13 15:19:05 -05:00
George Karr
127a07997e
Adding changes for Fleet v4.83.1 (#43356) 2026-04-09 14:48:16 -05:00
George Karr
b94edaf457
"fixing cherry-pick miss" (#43362) 2026-04-09 14:47:55 -05:00
Carlo
5177c6e94c Make dynamic default policy type for ApplyPolicySpecs (#43197)
Fixes #43025
2026-04-09 14:13:12 -05:00
RachelElysia
b245792f95 Fleet UI: Fix software table bookmarkability for pages (#43166) 2026-04-09 14:11:21 -05:00
RachelElysia
d78eac6bac Fleet UI: Fix page oscillation (#43151) 2026-04-09 14:11:21 -05:00
Gabriel Hernandez
e607f8199b add expiration to auth token via sso login (#42094)
**Related issue:** Resolves #42296

This fixes an issue where users who login via sso were not having an
expiration date set on their host token cookie. This would cause them to
have to relogin after every browser session

- [x] QA'd all new/changed functionality manually
2026-04-09 14:11:21 -05:00
Luke Heath
5346e8bf89
Adding changes for Fleet v4.83.0 (#41764) 2026-04-01 10:44:08 -05:00
Carlo
651ed56a70
CP Android web-clip validation delay fix (#42713)
Cherry-picks #42704
2026-03-31 09:52:10 -05:00
Lucas Manuel Rodriguez
d98a3bf525
🍒 Return bad request instead of 413 when installer size is too bi (#42682)
Cherry pick for #42676
2026-03-30 16:20:49 -03:00
Carlo
667b470971
CP: Prevent duplicate Android web-clip apps with the same name (#42684)
Cherry-picks #42664
2026-03-30 15:13:36 -04:00
Jordan Montgomery
d840f4393f
Insert hmwp and windows command entries at once -> v4.83.0 (#42580)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #42544 

Cherrypick of https://github.com/fleetdm/fleet/pull/42566 which is not
merged yet but wanted to figure out where the merge conflicts/issues
might be

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
2026-03-27 20:51:27 -04:00
kilo-code-bot[bot]
ecf788e033
Cherry-pick #41914 onto rc-minor-fleet-v4.83.0 (#42594)
Cherry-pick of https://github.com/fleetdm/fleet/pull/41914 onto the
rc-minor-fleet-v4.83.0 release branch.

Built for [Rachael
Shaw](https://fleetdm.slack.com/archives/D0AFC5BRFHD/p1774644435149389)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2026-03-27 16:17:20 -05:00
kilo-code-bot[bot]
81564ee987
Cherry-pick #41517 onto rc-minor-fleet-v4.83.0 (#42595)
## Cherry-pick of #41517

This cherry-picks the squash merge commit from
https://github.com/fleetdm/fleet/pull/41517 onto the
`rc-minor-fleet-v4.83.0` release branch.

**Original PR:** Update "Add hosts" modal copy (#41517)

---

Built for [Rachael
Shaw](https://fleetdm.slack.com/archives/D0AFC5BRFHD/p1774644488958259)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)

Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: Jacob Shandling <jacob@shandling.dev>
2026-03-27 16:16:38 -05:00
Lucas Manuel Rodriguez
f99f7f5ee1
🍒 Bump github.com/nats-io/nats-server/v2 from 2.12.3 to 2.12.6 (#42338) (#42583)
🍒 https://github.com/fleetdm/fleet/pull/42338

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-27 17:18:17 -03:00
Ian Littman
1343a4d6b1
Cherry-Pick: Fixed script package size validation to use saved script limit (#42560)
Merged into `main` in #42481. Thanks @TsekNet for your contribution!

Co-authored-by: Dan Tsekhanskiy <28414793+TsekNet@users.noreply.github.com>
2026-03-27 11:15:56 -05:00
Lucas Manuel Rodriguez
dc249954e4
Fixed fetch /config loop in calendar integration (#42526) (#42558)
🍒 #42526
2026-03-27 13:15:34 -03:00
RachelElysia
0db2717309
For R.C. - Fleet UI: Fix icon color and other styling nits (#42457) (#42478) 2026-03-26 14:56:33 -04:00
jacobshandling
c1dbdb7380
~Update shoenig dependency~ cherry-pick dependency updates into 4.83.0 rc (#42345)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:**
I noticed the below build failure when building the rc on apple silicon.
It doesn't happen on `main` - opened this PR in case it's useful

EDIT: this PR now serves as a cherry-pick to the 4.83 rc for [this
commit](ba3746f9fa)
- see
https://github.com/fleetdm/fleet/pull/42345#pullrequestreview-4005238789

---------

Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2026-03-26 10:12:17 -07:00
RachelElysia
f9e60a4210
For R.C. - Fleet UI: Add max height to dropdowns that can be infinitely long (#42317) (#42409)
## Issue
Followup for #39325 

## Description
- Previously merged into `main` with #42317 
- This is for the 4.83.0 RC branch

```
 1051  git checkout fleetdm/rc-minor-fleet-v4.83.0
 1052  git checkout -b 39325-max-dd-height-rc
 1053  git log main
 1054  git cherry-pick 3c300e92b8
 1055  git push -u fleetdm 39325-max-dd-height-rc
```
2026-03-25 17:58:57 -05:00
Ian Littman
39cc0657cc
Cherry-Pick: Fleet UI: Fix extra top border (#42430)
Merged into `main` in #42422. Credit: @RachelElysia

Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
2026-03-25 17:50:59 -05:00
RachelElysia
2246a5e23f
For R.C. - Fix missing margin on GitOps info banner in Add Custom Packages page (#41819) (#42413)
## Issue
Closes #41820 

## Description
- This is for the 4.83.0 RC
- This was merged into main with #41819

```
 1068  git checkout fleetdm/rc-minor-fleet-v4.83.0
 1069  git checkout -b marko-kilo-margin-rc
 1070  git cherry-pick 9715ee9
 1071  git branch
 1072  git status
 1073  git push -u fleetdm marko-kilo-margin-rc
```

Co-authored-by: kilo-code-bot[bot] <240665456+kilo-code-bot[bot]@users.noreply.github.com>
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
2026-03-25 17:50:40 -05:00
Jonathan Katz
bf93837223
Cherry pick: Fix patch policy Windows query (#42374)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #41857
Fixed in main now by: #42322
The Windows query for patch policy uses the wrong field name
`bundle_short_version` instead of `version`

# Checklist for submitter

## Testing

- [x] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [x] QA'd all new/changed functionality manually
- Ran this query on a host in dogfood to check that it works
2026-03-25 16:28:52 -04:00
Nico
c243d1c949
Bugfix: User management table has row key collision when user and invite share the same ID (#42396) (#42406)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #42311

- Fixes ID collision on Users table (causing users to not be rendered
when an existing user's ID matches an invited user's ID).
- Fixes total users count.
- Fixes `isResettingCurrentUser` check.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes

files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] QA'd all new/changed functionality manually

#### Before

- ID collision caused the admin user to not be rendered on the table
(see the user with Invite pending which has id=1 as the admin does).
- Notice that we have a total of 3 users counting the response from
`users` and `invites` endpoints.

<img width="2557" height="477" alt="Screenshot 2026-03-25 at 2 46 31 PM"
src="https://github.com/user-attachments/assets/833b07f5-a0ce-4f15-94bf-79040bd03dba"
/>
<img width="2555" height="722" alt="Screenshot 2026-03-25 at 2 46 26 PM"
src="https://github.com/user-attachments/assets/5707ab37-b060-40b4-913f-864b2254076d"
/>

#### After

- All users showing.
- Updated count to reflect the sum of users + invited users above the
table.

<img width="1358" height="432" alt="Screenshot 2026-03-25 at 2 53 24 PM"
src="https://github.com/user-attachments/assets/2a995e78-0ae8-4846-a8b1-b35edd61cb02"
/>
2026-03-25 16:47:30 -03:00
Scott Gress
4a1dabefe4
Cherry pick to 4.83.0: Update fleetctl new readme (#42236) (#42387)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #41345

Updates the README.md generated from `fleetctl new` to include
instructions on how to deploy to GitHub / Gitlab.

---------


(cherry picked from commit 249cb76be8)

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2026-03-25 11:29:23 -05:00
Nico
08ab54df73
Enroll secrets modals: Update copy for "All fleets" and "Unassigned" (#42346) (#42367)
For the following quick win:
- https://github.com/fleetdm/fleet/issues/40590

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2026-03-25 09:40:53 -03:00
Lucas Manuel Rodriguez
47ffdedfbd
Use http.MaxBytesReader on the raw body and on the gzip decode output (#42363)
Cherry pick for #42265.

---------

Co-authored-by: Juan Fernandez <juan-fdz-hawa@users.noreply.github.com>
2026-03-25 09:28:18 -03:00
Carlo
1e0abc4c76
CP Fix FMA apps (#42323)
Cherry-picks #42260 to 4.83.0
2026-03-24 14:35:14 -04:00
Gabriel Hernandez
470cf0bb6e
fix flashing error message when turning off apple mdm (#42075) (#42298)
**Related issue:** Resolves #38546

Cherrypick PR

This fixes a quick error message flash on the mdm settings page when
apple mdm is turned off. We have a finally fixed an issue of stale data
on the integration page getting passed down to the mdm card when turning
apple mdm off. We now invalidate the cache of the config when apple mdm
is turned off, that way we make a request to get the most recent config
which will have the up to date data for `mdm.enabled_and_configured`.

# Checklist for submitter

- [x] QA'd all new/changed functionality manually
2026-03-24 16:12:06 +00:00
Scott Gress
4352b3426a
Cherry pick fleetctl new into 4.83.0 (#42301)
Cherry pick of https://github.com/fleetdm/fleet/pull/41909 and
https://github.com/fleetdm/fleet/pull/42239 into 4.83.0

The latter cherry-pick just tweaks some of the template files (e.g.
adding `organization_name` under `apple_business_manager` in the default
.yml file), no new files added.

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2026-03-24 09:26:21 -05:00
Scott Gress
4f20e70527
Cherry pick to 4.83: Pin Localstack version (#42305)
Cherry pick of #42253 to 4.83 so that other cherry picks don't fail CI.

Pins the Localstack image to the last-known-good version (4.5) before
they 🔪 'd the community edition and started requiring an auth token. I
also added a "wait for localstack" as an initial debugging step, and
left it in to catch similar future issues. It's probably redundant since
there likely _is_ no future for Fleet and Localstack beyond this, but it
take milliseconds and would catch any other weird Localstack failures
so, why not.

(cherry picked from commit 8ea6f338de)
2026-03-24 09:25:11 -05:00
Jordan Montgomery
6814004362
Backport to 4.83.0: Use swap table pattern and batch delete to improv… (#42300)
…e DB access patterns for vuln cron (#41729)

<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #41664

Switching `kernel_host_counts` to the established swap pattern. Reduce
load on the DB writer by moving the large read to the DB reader.

Do `CleanupSoftwareTitles` in batches. With a single large
select/delete, it took > 16 minutes. In batches, it took ~1.5 minutes in
loadtest with 100K hosts.

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.

- [x] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [x] Alerted the release DRI if additional load testing is needed

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

* **Performance Improvements**
* Added indexing and a batched swap/insert flow to speed up
vulnerability-related queries and lower maintenance contention.
* Batched cleanup of orphaned records to reduce long-running delete
operations.

* **Reliability**
* Migration removes a legacy constraint to simplify data maintenance and
avoid migration failures.
* Scheduled vulnerability refresh now runs more atomically to reduce
disruption.

* **Tests**
* Updated assertion logic to improve test clarity for host-count
verification.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
2026-03-24 09:50:34 -04:00
George Karr
26c1a97441
Revert "Change OS update deadline to 7PM local time" (#41965) (#42109)
Reverts fleetdm/fleet#38810
2026-03-19 16:39:01 -05:00
Victor Lyuboslavsky
b4d5e97735
Re-timestamp migrations due to 4.82.1 migrations (#42081)
Partial cherry pick of #42058
2026-03-19 15:29:44 -05:00
Tim Lee
204e6a638c
Cherry pick: Recovery lock tooltip copy update (#41978) (#42085)
Reference: https://github.com/fleetdm/fleet/pull/41978
2026-03-19 11:49:14 -06:00
Tim Lee
622d3c76d4
View recovery password: fix permissions (#41951) (#42086)
ref: https://github.com/fleetdm/fleet/pull/41951
2026-03-19 11:48:59 -06:00
Jonathan Katz
c98e3f8419
Cherry pick: Add automation_type filter to count policies endpoint (#42007) (#42059)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
Resolves #41987 
Introduced to main in #42007
2026-03-19 11:32:39 -04:00
RachelElysia
3032d7003a
For R.C. - Fleet UI: Unreleased bug fixes for policy automations filtering (#41991) (#42048)
Closes #41948
2026-03-19 08:52:21 -04:00
Tim Lee
f0367a210d
Recovery password feature cherry picks (#41945) 2026-03-18 08:43:20 -06:00
Jonathan Katz
f3b56a7a32
Cherry pick: Fix patch policy query (#41915) (#41944)
Merged to main in: #41915
Resolves: #41857
2026-03-18 10:39:45 -04:00
Sarah Gillespie
c54dcea0bd
Cherry-pick: Validate Apple OS version only for modified platform settings (#41759) (#41850)
Cherry-pick related to #39713
2026-03-17 20:15:58 -05:00
Lucas Manuel Rodriguez
c9cc9dd44e
Add patch policies to software filtered policies (#41839) (#41886)
Cherry pick for https://github.com/fleetdm/fleet/pull/41839
2026-03-17 19:53:51 -03:00
Carlo
152b4394c6
Cherry-pick GitOps icons fix (#41880)
Cherry-pick #41785

Co-authored-by: Ian Littman <iansltx@gmail.com>
2026-03-17 17:10:39 -05:00
Magnus Jensen
eb1bfaaa93
CP: reset MDM enrollment if SCEP renewal but awaiting configuration (#41881) (#41897)
Cherry picks: #41881
2026-03-17 16:06:31 -05:00
Scott Gress
58c4ef8573
Cherry-pick #41805: Fix addFleetMaintainedAppEndpoint to accept fleet_id param (#41834)
Cherry-pick of #41805 into `rc-minor-fleet-v4.83.0`.

Co-authored-by: Ian Littman <iansltx@gmail.com>
2026-03-17 14:01:38 -05:00
Andrey Kizimenko
241d63895d
Revise Release QA checklist (#41609)
Changes:
1. Adding Fleet free checks for each product group
2. Adding UI/UX checks for each product group
3. Expanding the IdP coverage and moving it to orchestration (postmortem
action item: https://github.com/fleetdm/fleet/issues/39684)
4. Moving Certificates to S&C
5. Adjusting assignee list
2026-03-16 10:27:07 -06:00
Sarah Gillespie
3b859303d2
Improve UI for FileVault "action required" notifications banner (#41594) 2026-03-16 11:21:25 -05:00
Noah Talerman
250c132069
Update product-groups.md (#41758) 2026-03-16 12:01:45 -04:00
Mike McNeil
f413189e9e
Website: Update testimonials.ejs: Tweak for consistency. (#41709) 2026-03-16 10:52:38 -05:00