Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 00:49:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 143
21093 commits 3335 branches 577 tags 2.4 GiB
Commit graph

5 commits

Author SHA1 Message Date
Konstantin Sykulev
d1876a3c70
Fixed false positive for msrc companion apps (#38824) 
**Related issue:** Resolves #35281

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Fixed false positives when detecting security vulnerabilities in
Microsoft 365 companion apps by improving targeting accuracy.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
 2026-01-28 13:02:31 -06:00
Konstantin Sykulev
5385978700
Fixed false positive git CVEs (#38657) 
This was due to the fact that homebrew splits the git and gitk packages
into two. However, the nvd feed attributes cves exclusively to a "git"
package.

**Related issue:** Resolves #35191

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
 2026-01-26 12:35:08 -06:00
Ian Littman
89ca35c66b
Switch vulns cron false positive clear to clear vulns based on when the vulns run started, rather than based on periodicity (#31364) 
Fixes #26404.

This means that for long vulns runs vulns will stick around longer, so
we don't wind up nuking vulns that were added earlier in the run, and in
cases where the vulns run takes less than 2h we'll see vulns clear
cleanly more quickly.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] Added/updated automated tests

- [ ] QA'd all new/changed functionality manually

---------

Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
 2025-07-29 10:14:14 -05:00
Lucas Manuel Rodriguez
415cccc121
Add matching rules for Microsoft 365 for July and August 365 (#21410) 
#20409

I used `Current Channel`'s build version from
[here](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates)
for `ResolvedInVersion`. Please @mostlikelee let me know if that's a-ok
(mimicked from June's change).

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
 2024-08-20 11:35:44 -03:00
Tim Lee
2ea369c093
Custom Vulnerability Matching (#20118) 2024-07-09 11:50:22 -06:00