This PR adds support for CIS Controls for macOS 14 - Sonoma.
The CIS Control changes from macOS 13 to 14 was minimal:
- Removed 5.9
- Added 2.18.1
- tested by running the test profile (ee/cis/macos-14/test/profiles/on-device-dictiation-enabled.mobileconfig)
---------
Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
> 📜 Related issue: #15538
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
> 📜 Related issue: #15635
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Tests were added in the scep repo:
https://github.com/fleetdm/scep/pull/1
This new `:incoming` label is used by engineers to filter down to _new_
bugs on their sprint board during each standup. They will remove the
label, indicating they have triaged the issue.
QA removes `:reproduce`, EM removes `:incoming`.
- Move "Scalability testing" to Engineering section. Engineering team
will have a better idea if the story needs load testing
---------
Co-authored-by: Luke Heath <luke@fleetdm.com>
We will begin conducting postmortems for critical bugs in addition to
outages.
1. How was the bug introduced?
2. What is the gap in our testing process that we didn't find the bug
before it was released?
3. How are we going to change our testing (both manual and automated) so
that we will catch a similar bug in the future?
Why? We want to start evaluating the three questions above for every
critical bug so that we can learn and improve our processes.
#15560
Probably best to review commit by commit.
First commit adds the mockimpl files, second commit amends README.md and
third commit fixes golangci-lint issues.
- [X] Manual QA for all new/changed functionality
Tested by adding a dummy method to service.go and running `make
generate-mock`.
---------
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
#15563
- [X] Manual QA for all new/changed functionality
Tested by running the following:
If the changes haven't been merged to `main`:
```sh
fleetctl preview --preview-config 15563-move-external-dep-osquery-in-a-box-to-monorepo
fleetctl preview stop
fleetctl preview reset
```
If the changes were already merged to `main`:
```sh
fleetctl preview
fleetctl preview stop
fleetctl preview reset
```
Implementing a safety measure to prevent issues like #15910 in
production.
Setting the macOS version explicitly avoids unexpected changes in the
builder runtime, ensuring the Fleet Desktop executable remains
compatible.
As of this commit, 'macos-latest' refers to 'macos-12'. We're aligning
the worker to this version, although building on macOS 13.x (presently
in GitHub workers' beta) should also be viable.
Added warning/info messages when downgrading/upgrading fleetd or
osquery. No other functional changes.
#15890
Tested with fleetd and osquery on windows, linux, and macOS.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#15236
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
Closes: https://github.com/fleetdm/fleet/issues/15995
Changes:
- Updated nested list styles on pages built from Markdown to prevent
nested unordered lists from incrementing the counter of ordered lists.
Closes: https://github.com/fleetdm/confidential/issues/4665
Changes:
- Added a new documentation page that provides instructions for
downgrading from Fleet premium. The content for this section was pulled
from a [commented-out FAQ
question](1d2f5ae42a/docs/Get%20started/FAQ.md (L363-L394)).
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
