**Related issue:** Resolves#33351
Resolves an unreleased bug with Gitops validation of CA names.
Previously only gitops path was validating that a CA didn't have the
same name as another CA(I.e. Hydrant didn't have same name as digicert)
whereas correct validation per PM is only within a given type of CA,
i.e. can't have 2 hydrant with same name. Will also need cherrypick to
4.74.
No changes file sinec this is an unreleased bug in the overall Hydrant
CA story.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
- [x] Alerted the release DRI if additional load testing is needed
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#32220
# Details
This PR fixes an issue where hosts whose running scripts were canceled
by Orbit (e.g. due to timing out) were reported as being still "pending"
on the batch script details view. This was due to our only counting runs
as errored if the error code was > 0, and ignoring negative error codes
(which is what Orbit uses for this case).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [X] Added/updated automated tests
Changed a couple of places where we were using `1` for an error code to
`-1`
- [X] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [X] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [X] Confirmed that the fix is not expected to adversely impact load
test results
- [X] Alerted the release DRI if additional load testing is needed
## For #33299
- Couple card logic to URL param
- Validate param, push to default macos if invalid or missing
- Validate that other setup experience cards don't have a platform
param, push to no param if present
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Followup fix for #30888
See
https://github.com/fleetdm/fleet/issues/30888#issuecomment-3321700108
Needs to be cherry-picked into 4.74
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
fixes: #31390
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
## For #33285
- Push to details page with `status` param included to avoid that page's
effect that muddies browser history. Since tab nav on that page is
controlled by URL query params, this effect is important - there _must_
always be a status param.
- Update the details page table query change handler to replace instead
of push to the URL
https://github.com/user-attachments/assets/b15b4eda-df24-4d01-a7f4-a60a63282e63
- [x] QA'd all new/changed functionality manually
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
for #32014
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
- [X] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [X] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- GitOps manual labels can now reference hosts by Fleet host ID in
addition to hostname, hardware serial, or UUID.
- GitOps YAML/JSON accepts integers for host IDs; numeric IDs are
handled seamlessly alongside strings.
- Validation
- Stronger input validation for label hosts: only strings or integers
are allowed.
- Clear error returned for invalid types (e.g., floats) in hosts lists.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Builds on #27080 / #32133. Shows disk space if we can calculate it, otherwise, shows 'Not supported'. Excludes unsupported hosts from low disk space filter.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#33250
Waived most new failures. Planning to come back and fix some of them in
subsequent PRs.
This PR adds Adobe Creative Cloud as a new maintained app for macOS. The
app is available through homebrew and is used for creative software
management and installation, including access to Adobe’s suite of tools
like Photoshop, Illustrator, and Premiere Pro.
Co-authored-by: Kenny Botelho <kbotelho@nvidia.com>
This PR adds P4V as a new maintained app for macOS. The app is available
through homebrew and is used for accessing and managing Perforce version
control repositories via a graphical interface.
---------
Co-authored-by: Kenny Botelho <kbotelho@nvidia.com>
Co-authored-by: Jonathan Katz <44128041+jkatz01@users.noreply.github.com>
resolves#31821, resolves#32120
this updates the UI to support unenrolling android and ios and ipad
devices. This includes:
**updating the host details page to include and unenroll action in the
host actions dropdown**
**Updating the unenroll modal to have dynamic content depending on the
device we are unenrolling**
**updating the global activities to have different messages for mdm
enroll and mdm unenroll actions**
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
Closes https://github.com/fleetdm/confidential/issues/12068
I shortened and sharpened up the Series B article by cutting about a
third of the length while keeping the narrative intact. I also updated
the meta description to be clearer and more concise.
resolves#32686
this adds the ability for users to resend profiles in the OS Settings
modal on the my device page.
This also changes which profiles can resend. Now only macos hosts
.mobileconfig profiles can be resent
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
Closes: https://github.com/fleetdm/fleet/issues/20792
Changes:
- Added support for the quarterly frequency for issues automatically
created for rituals
- Added support for templated auto-issue issue descriptions. Rituals
with an `issueDescription` value nested in the `autoIssue` object will
now use that value as the issue description when an issue for the ritual
is created.
Resolves#33219
Note: this only fixes orbit. The issue remains on osquery:
[#33019](https://github.com/fleetdm/fleet/issues/33019)
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
## fleetd/orbit/Fleet Desktop
- [x] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [x] Verified that fleetd runs on macOS, Linux and Windows
- [x] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Bug Fixes
- Improved error messages when servers return HTML instead of JSON.
- Truncates oversized responses in logs to prevent overwhelming output
while preserving context.
- More robust parsing of non-JSON error responses.
- Documentation
- Added changelog entry noting enhanced debug logging for large HTML
responses.
- Tests
- Added tests covering HTML, plain text, empty, long, and invalid JSON
error bodies to validate error message handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Changes:
- Updated the sidebar links on /mdm-commands, /scripts, and /os-settings
- Updated the width of the sidebar on the os-settings page to be
consistent with /mdm-commands and /scripts
Resolves#33147
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
## Database migrations
- [x] Checked table schema to confirm autoupdate
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Bug Fixes
- Resolved MySQL performance regressions from 4.73.0/4.73.1 affecting OS
versions and software titles views, improving load times and reducing
timeouts.
- Refactor
- Optimized OS vulnerabilities fetching by batching multiple OS versions
in a single request.
- Added a supporting database index to speed kernel-related
vulnerability queries.
- Tests
- Added comprehensive tests for multi-OS vulnerability retrieval, CVSS
enrichment, team-scoped data, and service endpoint behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
