- @noahtalerman: We decided to stop calling the settings experimental
and just warn in the docs what happens if you turn it on. That way we’re
not calling them “experimental” which feels unsafe. They're not
experimental; they're just deliberately allowing custom profiles.
## Summary
- Clarifies in the MySQL docs intro that read replica configuration is
fully independent — no values are inherited from the primary config
- Adds explicit callout that `mysql_read_replica_region` must be set
separately when using IAM authentication
- Adds note to `mysql_tls_config` explaining that this setting is
typically not needed for RDS IAM auth since Fleet uses bundled RDS CA
certificates (including GovCloud regions)
These changes address real-world customer confusion where a GovCloud
deployment failed because `FLEET_MYSQL_READ_REPLICA_REGION` was not set
independently of `FLEET_MYSQL_REGION`.
Note: related to #39832
## Testing
Documentation-only change — no code impact.
Add script-only package documentation to the packages section.
Script-only packages (.sh and .ps1 files) are a supported package type
but had no example or guidance in the YAML configuration docs. This adds
a "Script-only" example after the existing URL and Hash examples,
documenting:
- Script-only packages must be configured inline in the team YAML file
- self_service, categories, labels, and icon are specified inline
- Script packages do not support install_script, uninstall_script,
post_install_script, pre_install_query, or automatic install
- Separate package YAML files are not currently supported for
script-only packages
This PR will remain in draft as a preview of upcoming documentation
changes for 4.83.0
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: melpike <79950145+melpike@users.noreply.github.com>
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Jonathan Katz <44128041+jkatz01@users.noreply.github.com>
Co-authored-by: kilo-code-bot[bot] <240665456+kilo-code-bot[bot]@users.noreply.github.com>
Co-authored-by: Carlo <1778532+cdcme@users.noreply.github.com>
## Summary
- Reverts the changes introduced by issue
[#38834](https://github.com/fleetdm/fleet/issues/38834), which changed
the Apple (macOS, iOS, iPadOS) OS update enforcement deadline from 12:00
PM (Noon) to 7:00 PM local time.
- Reverts code from [PR
#38810](https://github.com/fleetdm/fleet/pull/38810) (backend, frontend,
tests) and [PR #39185](https://github.com/fleetdm/fleet/pull/39185)
(documentation).
- Restores the original noon (12:00) deadline in the MDM declaration
payload, frontend tooltip, integration tests, REST API docs, and YAML
configuration docs.
## Changes
| File | Change |
|------|--------|
| `ee/server/service/mdm.go` | `TargetLocalDateTime` reverted from
`T19:00:00` to `T12:00:00` |
| `frontend/.../AppleOSTargetForm.tsx` | Deadline tooltip reverted from
"19:00 (7PM)" to "12:00 (Noon)" |
| `server/service/integration_enterprise_test.go` | Test assertion
reverted from `T19:00:00` to `T12:00:00` |
| `docs/Configuration/yaml-files.md` | 3 references reverted from "7PM"
to "noon" |
| `docs/REST API/rest-api.md` | 6 references reverted from "7PM" to
"noon" |
Built for
[ntalerman](https://fleetdm.slack.com/archives/D0AEA6U4SM9/p1773780763835429)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
## Summary
- Embeds Fleet's ["The Basics of Fleet
GitOps"](https://www.youtube.com/watch?v=wgqI_lHnGJc) YouTube video on
the [GitOps YAML files documentation
page](https://fleetdm.com/docs/configuration/yaml-files).
- The video is placed in the introduction section, right after the
opening paragraph and before the first callout, so users see it early
when landing on the page.
- Uses the existing `<div purpose="embedded-content"><iframe>` embed
pattern consistent with other Fleet docs pages (e.g.,
`articles/queries.md`, `articles/fleetctl.md`,
`articles/vulnerability-processing.md`).
### Changes
- `docs/Configuration/yaml-files.md`: Added YouTube video embed for "The
Basics of Fleet GitOps" (`wgqI_lHnGJc`).
Built for
[mikermcneil](https://fleetdm.slack.com/archives/D0AFASLRHNU/p1773338930980929)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
This PR will remain in draft as a preview of upcoming documentation
changes for 4.82.0
---------
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
Co-authored-by: melpike <79950145+melpike@users.noreply.github.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Nico <32375741+nulmete@users.noreply.github.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Added information about silent migration enrollment profile for Apple
MDM devices.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Relates #39796
Resolves#40813
* Added configurable body size limits for the `/api/osquery/log`,
`/api/osquery/distributed/write` and `/api/osquery/config` endpoints.
* Fixed false positive `PayloadTooLargeError` errors.
---------
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Add documentation for enabling bootstrap packages during MDM migration.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#39634
This PR will remain in draft as a preview of upcoming documentation
changes for 4.81.0
---------
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: kitzy <kitzy@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
Co-authored-by: melpike <79950145+melpike@users.noreply.github.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
## Changes
Fixes incorrect YAML example in
`docs/Configuration/agent-configuration.md` where `command_line_flags`
was shown nested under `config:` instead of at the top level.
**File changed:** `docs/Configuration/agent-configuration.md`
## What was wrong
The example in the `## config` section showed `command_line_flags`
indented under `config:`:
```yaml
config:
options:
distributed_interval: 3
...
command_line_flags: # ❌ WRONG - nested under config
verbose: true
...
decorators:
...
```
This is incorrect and causes the following error when applied via
`fleetctl apply` for team YAML files:
```
Error: applying teams: POST /api/latest/fleet/spec/teams received status 400 Bad Request:
"command_line_flags" should be part of the top level object
```
## Correct placement
Per the original implementation in
[#7377](https://github.com/fleetdm/fleet/issues/7377),
`command_line_flags` must be a **top-level key** under `agent_options`,
at the same level as `config:`:
```yaml
config:
options:
distributed_interval: 3
...
decorators:
...
yara:
...
command_line_flags: # ✅ CORRECT - top level, sibling of config
verbose: true
...
```
This is consistent with:
- The [Configuration files
docs](https://fleetdm.com/docs/configuration/configuration-files) which
correctly show `command_line_flags: {}` at the top level
- Issue #7377 which states: *"The overrides setting does not accommodate
command_line_flags, which is why it is only allowed at the top-level
(and not inside config or every override)"*
- The overrides section of the same page which notes: *"the
command_line_flags key is not supported in the overrides"*
## Related issues
- Closes: https://github.com/fleetdm/confidential/issues/14206
- Closes: https://github.com/fleetdm/confidential/issues/14207
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
This PR will remain in draft as a preview of upcoming documentation
changes for 4.80.0
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Nico <32375741+nulmete@users.noreply.github.com>
Co-authored-by: Luke Heath <luke@fleetdm.com>
Rephrase instructions for creating API-only users for clarity.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35696
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
This PR will remain in draft as a preview of upcoming documentation
changes for 4.79.0
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: melpike <79950145+melpike@users.noreply.github.com>
Co-authored-by: Steven Palmesano <3100993+spalmesano0@users.noreply.github.com>
Co-authored-by: Carlo <1778532+cdcme@users.noreply.github.com>
- Document which keys are supported on which platforms.
- Separate feature request to come up with a cross-platform name for
`macos_setup` is here: https://github.com/fleetdm/fleet/issues/33059
**Related issue:** Resolves
[34890](https://github.com/fleetdm/fleet/issues/34890)
# Checklist for submitter
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
## New Fleet configuration settings
Looking at other log destinations, I couldn't find anything relevant in
GitOps. Please let me know if I missed something, however.
## fleetd/orbit/Fleet Desktop
I've tested this on both Linux and MacOS.
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: nulmete <nicoulmete1@gmail.com>
