Update .github/workflows/dogfood-gitops.yml to raise the fleet-gitops
job timeout from 10 to 30 minutes. This prevents premature cancellation
for longer-running steps (e.g., runner hardening and related tasks).
Our workflow is starting to timeout now that we have more apps being
applied via GitOps.
## Summary
- Adds a new commented-out testimonial entry to
`handbook/company/testimonials.yml` sourced from a LinkedIn comment (URN
7279546151945519104) on Mike Meyer's Foursquare-to-Fleet migration post.
- The entry is commented out per handbook instructions since it contains
TODO placeholders that need to be filled in manually from the LinkedIn
comment (requires authentication to access).
- The LinkedIn comment URL:
https://www.linkedin.com/feed/update/urn:li:activity:7267672056970788866/?dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287279546151945519104%2Curn%3Ali%3Aactivity%3A7267672056970788866%29
## TODO before merging
The following fields need to be filled in from the LinkedIn comment
(requires logging in to LinkedIn to view):
1. `quote` - The text of the comment
2. `quoteAuthorName` - The commenter's name
3. `quoteAuthorJobTitle` - The commenter's job title
4. `quoteAuthorProfileImageFilename` - Upload the commenter's profile
image and update the filename
5. `productCategories` - Verify the correct category (currently set to
`[Device management]`)
6. `quoteLinkUrl` - Verify or update to the commenter's LinkedIn profile
URL if preferred
---
Built for [Dan
Gordon](https://fleetdm.slack.com/archives/C0AN44FQC01/p1775665779923419?thread_ts=1775661619.633759&cid=C0AN44FQC01)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: Dan Gordon <daniel@fleetdm.com>
Co-authored-by: Ashish Kuthiala <53918208+akuthiala@users.noreply.github.com>
Bumps
[github.com/aws/aws-sdk-go-v2/service/lambda](https://github.com/aws/aws-sdk-go-v2)
from 1.72.0 to 1.88.5.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b9b0c6553b"><code>b9b0c65</code></a>
Release 2025-10-16</li>
<li><a
href="e2bc8a0ec6"><code>e2bc8a0</code></a>
Regenerated Clients</li>
<li><a
href="8691ee380a"><code>8691ee3</code></a>
Update API model</li>
<li><a
href="51e8a3fe03"><code>51e8a3f</code></a>
bump to go1.23 (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/3211">#3211</a>)</li>
<li><a
href="ad2d36cba7"><code>ad2d36c</code></a>
Release 2025-10-15</li>
<li><a
href="19a35d639f"><code>19a35d6</code></a>
Regenerated Clients</li>
<li><a
href="35cb02fd50"><code>35cb02f</code></a>
Update endpoints model</li>
<li><a
href="f673a1b0a8"><code>f673a1b</code></a>
Update API model</li>
<li><a
href="48421fd812"><code>48421fd</code></a>
Release 2025-10-14</li>
<li><a
href="fedcba778c"><code>fedcba7</code></a>
Regenerated Clients</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.72.0...service/s3/v1.88.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bump Cursor to 3.0.12 and Docker to 4.67.0: update installer URLs and
SHA256 hashes, add 'patched' SQL queries for version checks in Windows
outputs, and normalize default_categories from "Developer Tools" to
"Developer tools" in winget inputs and outputs.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42512
---------
Co-authored-by: Luke Heath <luke@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** For #40015
* Moves repeated empty mocks into a new `setupEmptyGitOpsMocks` method
* Adds new "deprecation" tests:
* In TestGitOpsFullGlobal, TestGitOpsFullTeam and
TestGitOpsFullGlobalAndTeam tests "kitchen sink" with both new and
deprecated keys
* Added keys and checks to verify `setup_experience`,
`apple_business_manager` and `volume_purchasing_program` configs
* Consolidated map of deprecated -> new GitOps keys in one place
Related to #40309
Changes:
- Added ee/fleet-agent-downloader/ - A Sails app that has a single page
locked behind SSO that end-users can use to download a Fleet installer
hosted in an S3 bucket.
Related to: https://github.com/fleetdm/fleet/issues/42738
Changes:
- Uncommented and updated the code that replaces text content in double
parentheses with `<bubble>` elements in build-static-content to not
replace content inside of `<code>` elements
- Created a `<bubble>` component based on the ((bubbles)) in the
Sails.js docs.
Fixed filename which was breaking rendering of the page. Fixed extra
spaces on code blocks. Also added more headers for cleaner reading, and
added a link to the end of the page to get to the raw text for easy
copying that can be dropped right in for AI input.
This PR automatically updates both 1Password macOS version policy and
Safari version policy for dogfood.
The changes were generated automatically by the
[dogfood-automated-policy-updates
workflow](https://github.com/fleetdm/fleet/actions/workflows/dogfood-automated-policy-updates.yml).
Co-authored-by: allenhouchins <32207388+allenhouchins@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42680
This manually modified outputs/apps.json since currently it only adds
new FMAs and cannot update existing ones from ingestion. It looks like
the install/uninstall scripts changed a bit, but I was able to install
and uninstall it successfully on a VM.
<img width="1150" height="48" alt="image"
src="https://github.com/user-attachments/assets/dad9f5f6-1f21-4169-aed5-33fb25cb666b"
/>
Patch policy for up to date version seems to work too.
<img width="863" height="49" alt="image"
src="https://github.com/user-attachments/assets/a706794d-885f-4a5c-abc5-b65c26ba7733"
/>
This pull request enhances the safety of the `linux_wipe.sh` script by
ensuring that destructive file operations do not affect network-mounted
filesystems. The changes introduce checks to detect network filesystems,
prevent accidental deletion of remote data, and improve the reliability
of wipe operations by avoiding crossing filesystem boundaries.
**Network filesystem safety improvements:**
* Added a `NETWORK_FS_TYPES` variable and functions to detect and
unmount network filesystems, preventing the script from deleting data on
NFS, CIFS, SMB, SSHFS, and similar mounts.
(`ee/server/service/embedded_scripts/linux_wipe.sh`)
[[1]](diffhunk://#diff-7ac85220cbd45e63481837a405dacf198822a4fbf885b88f89b9bc870c947fccR3-R4)
[[2]](diffhunk://#diff-7ac85220cbd45e63481837a405dacf198822a4fbf885b88f89b9bc870c947fccR17-R84)
* Introduced an `unmount_network_filesystems` function called before
wiping operations to unmount all detected network filesystems.
(`ee/server/service/embedded_scripts/linux_wipe.sh`)
* Added an `is_network_mount` function to skip wiping any path residing
on a network filesystem.
(`ee/server/service/embedded_scripts/linux_wipe.sh`)
**Safe file deletion enhancements:**
* Implemented a `safe_rm` function that ensures file deletions do not
cross filesystem boundaries, using `rm --one-file-system` or `find
-xdev` as a fallback. All destructive operations now use this wrapper.
(`ee/server/service/embedded_scripts/linux_wipe.sh`)
* Updated `wipe_non_essential_data` and `wipe_system_files` to use
`safe_rm` and to skip paths on network filesystems.
(`ee/server/service/embedded_scripts/linux_wipe.sh`)
These changes significantly reduce the risk of deleting data on remote
or shared filesystems during a wipe operation.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
---------
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
## Changes
- Added `FLEET_OSQUERY_POLICY_UPDATE_INTERVAL` environment variable set
to `30m` in the dogfood Terraform configuration
- This configures osquery policy updates to occur every 30 minutes in
the dogfood environment
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42841
This change is just new columns in a table. No other functional changes.
# Checklist for submitter
## Testing
- [x] Added/updated automated tests
## Database migrations
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added tracking for Windows device enrollment configuration status,
including timestamps indicating when devices entered the
awaiting-configuration state to improve enrollment lifecycle management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Adds a new "Update GTM ops placard" responsibility to the Finance
handbook page describing the quarterly process where Sam Pfluger and
Tina Ong meet live (30 min) to update placard and thermometer guidelines
using numbers from the operating model.
- Adds a corresponding quarterly ritual entry in `finance.rituals.yml`
with `autoIssue` enabled, starting on 2026-07-15, with `sampfluger88` as
DRI.
Built for [Sam
Pfluger](https://fleetdm.slack.com/archives/C08BTMFTUCR/p1775591570135929?thread_ts=1775586762.346599&cid=C08BTMFTUCR)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42369
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information. **Done in backend task for whole story**
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] Timeouts are implemented and retries are limited to avoid infinite
loops
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added "Clear passcode" action for iOS and iPad hosts in the host
actions menu, accessible only to Premium tier users with appropriate
permissions.
* Added confirmation modal for clearing device passcodes.
* Passcode clearing activity now appears in the activity feed with actor
information.
* Action is conditionally disabled during specific device states (Lost
Mode, pending wipe) with contextual tooltips.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42405
Demo video: https://www.youtube.com/watch?v=F3nfFvwdj-c
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Android Wi‑Fi configuration profiles that reference client
certificates are withheld until the certificate is installed or reaches
a terminal state.
* Host OS settings now show the specific pending reason in the detail
column when Android profiles are waiting on certificate installation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43046
# Checklist for submitter
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
## Testing
- [x] Added/updated automated tests
## Database migrations
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
## Summary
- Updates the CEO shadow program section in the handbook so that Account
Executives (AEs) complete their shadow program with the SVP Global Sales
instead of the CEO.
- Adds a note to the onboarding checklist in
`handbook/company/communications.md` clarifying the AE exception.
## Changes
**`handbook/company/leadership.md`**: Added a callout under the CEO
shadow program description noting that AEs complete their shadow program
with the SVP Global Sales instead.
**`handbook/company/communications.md`**: Updated the onboarding
contributor experience training checklist to note that AEs shadow the
SVP Global Sales rather than the CEO.
---
Built for [Isabell
Reedy](https://fleetdm.slack.com/archives/D0AEGJCGJR0/p1775558368006279)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42368
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information. For the overall story
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] Timeouts are implemented and retries are limited to avoid infinite
loops
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42103
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] Timeouts are implemented and retries are limited to avoid infinite
loops
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved profile removal handling: Fleet now successfully removes host
OS setting entries even when the removal command encounters a "profile
not found" error from the device.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
