- Guide update for the "Enforce disk encryption when macOS hosts
automatically enroll" (#16866) and "Rotate FileVault (disk encryption)
key w/o prompt" (#13157) stories.
While I haven't seen this exact story point mapping to expected
completion time, it intuitively makes sense from an Agile/iterative dev
perspective, and accounts for e.g. longer tasks being disproportionately
more uncertain than shorter tasks.
Let me know if I got the rationale correct here, as spelling that
rationale out feels like a useful thing to have in the handbook,
particularly for engineers coming from environments where story points
might've been converted more linearly to expected level of effort.
---------
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#21268
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
#21163
Fixed bug where configuration profile was still showing the old label
name after the name was updated.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Updated incorrect/outdated descriptions and links. Closes
https://github.com/fleetdm/fleet/issues/17022.
- Okta
- Updated description: Enable single sign-on (SSO) by configuring Fleet
as an Okta SAML application.
- Active Directory
- Updated description: Integrate with a legacy on-prem identity server.
- Removed the docs links since there is currently no official Fleet
integration for this.
- Azure
- Updated description: Deploy your own self-managed Fleet server on
Azure.
- Updated the link to point to community support since we don’t have
documentation.
- Ansible
- Updated description: Deploy Fleet with Ansible.
- Chef
- Updated description: Chef is an automation tool that can be used with
Fleet.
- Removed the docs link since we don’t have an integration like the
Puppet module for Chef. The existing link pointed to an irrelevant Chef
reference.
- Google Cloud Platform
- Updated description: Deploy your own self-managed Fleet server on
Google Cloud Platform (GCP).
- Updated the link to point to community support since we don’t have
documentation.
- AWS
- Updated the link Link to point to the deploy docs:
[/docs/deploy/deploy-fleet#aws](/docs/deploy/deploy-fleet#aws)
- Munki
- Updated description: Deploy software with Fleet and Munki.
- Puppet
- Updated description: Deploy configuration profiles and issue MDM
commands with Fleet and Puppet.
relates to #21058
Makes a change to `GET /software/titles/:id` response so that we return
the data needed to display the VPP app icon for the **All Teams**
context.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Roberto Dip <rroperzh@gmail.com>
Additional statistics as described in
https://github.com/fleetdm/fleet/pull/20091 :
`aiFeaturesDisabled`:
Whether server_settings.ai_features_disabled is set to true in the
config.
`maintenanceWindowsEnabled`:
Whether at least one team has
integrations.google_calendar.enable_calendar_events set to true
`maintenanceWindowsConfigured`:
Maintenance windows are considered "configured" if:
configuration has value set for integrations.google_calendar[0].domain
configuration has value set for
integrations.google_calendar[0].api_key_json
`numHostsFleetDesktopEnabled`:
The number of hosts with Fleet desktop installed.
#20463 and #21173
- During vulnerability scanning, use 'macos' SW target for CPEs of
homebrew packages
- During vulnerability scanning, don't ignore software with non-ASCII en
dash and em dash characters
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#21239
This PR fixes the generated vuln JSON files, which would get the current
customers up and running.
QA Done:
- New vuln JSON files generated at:
https://github.com/getvictor/vulnerabilities/releases
- Ran local server with new vuln JSON files by setting `export
TEST_VULN_GITHUB_OWNER=getvictor`
- Diff of JSON files from https://github.com/fleetdm/vulnerabilities and
https://github.com/getvictor/vulnerabilities
Steps for diff:
```
mkdir new
cd new
gh release download cve-202408111650 -D . -R getvictor/vulnerabilities
gunzip *.gz
cd ../
mkdir old
cd old
gh release download cve-202408111637 -D . -R fleetdm/vulnerabilities
gunzip *.gz
cd ..
diff old new
```
Diff results also remove a few Rejected CVEs from JSON files. The 2024
results also have a few minor diffs that don't seem significant.
## Issue
Cerra #20416
## Description
- Update incorrect text copies to match current functionality (confirmed
via [slack
thread](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1722439175927049?thread_ts=1722439142.748039&cid=C01EZVBHFHU))
I reviewed the announcement (nowhere is it called a guide thankfully)
that was published April 30, it looks like only one line is incorrect.
This is to correct this line.
There is a related ticket #20860 for Mike to update the images
Editor: @RachelElysia
Technical Reviewer: @getvictor
for #20781, I found this hard to reproduce, but apparently can happen in
AWS Aurora when the server is upgraded under the hood.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
BizOps Q3 OKR: https://github.com/fleetdm/confidential/issues/7410
@JoStableford added you as reviewer so you should also receive updates
whilst I'm on PTO.
---------
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
Co-authored-by: Joanne Stableford <59930035+JoStableford@users.noreply.github.com>
#19857
For `GET /api/v1/fleet/vulnerabilities` endpoint, added
`known_vulnerability` field to the response. This field is present when
query is a valid CVE format and returns no results. It indicates whether
the vulnerability is in Fleet's DB.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Feedback Row 14: Brief introduction for new users regarding querying
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
relates to #21065
This updates the tooltip on ABM hosts on the manage host page to clarify
that the host vitals will be available on enrollment, not on unboxing.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
