mirror of
https://github.com/fleetdm/fleet
synced 2026-05-16 05:28:38 +00:00
12f2ee6ad1
#31592 There's still some QA to be done for edge cases and re-connects, but this is ready for review. <img width="341" height="103" alt="Screenshot 2025-08-07 at 11 19 33 AM" src="https://github.com/user-attachments/assets/01e48ca2-8ab1-412c-be01-8e806a5a8b1c" /> Changes: - To improve UX I'm now using `HEAD /api/fleet/device/ping` API every 10 seconds for connectivity/offline check (instead of the expensive DesktopSummary one every 5 minutes). This is to address feedback from a customer: > "If the internet is not connected and we reconnect with an ethernet connection for example, it would be good to try to see if we can refresh it text from the offline indicator given that's not the case anymore. - It might take up to 1m for Fleet Desktop to show the offline indicator (we check every 10s with ping and now we are adding 6 more requests in 1 minute to make sure just one bad request doesn't unnecessarily display the offline indicator). - Requests without proper public IP were being incorrectly rate limited (all under the same bucket). So we will now not make these requests and instead log a WARNING. This is a-ok as the recommended approach to deploy Fleet is with a TLS terminator that will add the public IP of the request before sending it to Fleet. --- - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [X] Added/updated automated tests - [ ] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [ ] QA'd all new/changed functionality manually ## fleetd/orbit/Fleet Desktop - [ ] Verified compatibility with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)) - [ ] Verified that fleetd runs on macOS, Linux and Windows - [ ] Verified auto-update works from the released version of component to the new version (see [tools/tuf/test](../tools/tuf/test/README.md)) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved accuracy in identifying client public IP addresses, reducing incorrect rate limiting for Fleet Desktop users. * Offline indicator is now less sensitive to brief network interruptions, reducing false offline signals and allowing faster recovery when connectivity is restored. * Updated offline message for clearer status communication. * **New Features** * Enhanced error messages and logging for rate limiting events, providing clearer feedback when limits are reached. * **Tests** * Expanded test coverage for rate limiting, including scenarios with missing public IPs and improved assertions for error handling. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|---|---|---|
| .. | ||
| .keep | ||
| 21754-fleetctl-api-body-support | ||
| 21973-better-unmarshal-type-errors | ||
| 25587-pkg-name-extraction | ||
| 26404-stale-false-positive | ||
| 26618-software-vuln-detected-dates | ||
| 27061-dedupe-cve | ||
| 27447-auto-install-queries-for-custom-msi-2 | ||
| 27580-vuln-counts | ||
| 27758-msi-unnstall | ||
| 27919-fma-versions | ||
| 27983-update-software | ||
| 28342-linux-escrow-error-report | ||
| 28818-tpm-backed-http-signatures | ||
| 28996-parse-cert-dn-with-slashes | ||
| 29250-force-filevault-on-login-for-manual-enrollments | ||
| 29286-sort-package-ids | ||
| 29315-manual-label-scoping | ||
| 29451-fix-doubled-banners | ||
| 29769-windows-profiles-with-cdata-escape-fails-to-verify | ||
| 29824-declarations-status-not-respected-with-remove-operations | ||
| 29824-delete-installs-that-has-not-reached-hosts | ||
| 29833-do-not-log-error-for-missing-eula | ||
| 29848-tooltip-missing-webhook-url | ||
| 29849-filter-linux-installers | ||
| 29994-use-comshim | ||
| 30109-fix-sql-like-clause | ||
| 30157-enable_software_inventory-default-true | ||
| 30197-automatic-install-policies | ||
| 30240-show-appropriate-status-actions | ||
| 30248-custom-cvss-scores | ||
| 30311-fix-race-cond-test | ||
| 30357-all-teams-dd-bug | ||
| 30359-mdm-eula-url-extra-slash | ||
| 30390-cert-country | ||
| 30409-list-mdm-commands-sql | ||
| 30435-hash-for-policy-in-software-path | ||
| 30455-errorstore-panic | ||
| 30461-fleetd-generate-tpm-key | ||
| 30481-gitops-manual-label-no-hosts | ||
| 30565-cron-errors | ||
| 30636-apple-account-driven-user-enrollment | ||
| 30746-remove-unintended-broken-sort | ||
| 30749-primo-mode-expansion | ||
| 30797-argparse | ||
| 30853-fail-unknown-declaration-type-ddm-errors | ||
| 30853-gitops-secrets-validation | ||
| 30857-pending-script-unlock-cancellation-not-respected | ||
| 30860-software-modal-updates | ||
| 30918-calendar-webhook-authz | ||
| 31077-msi-uninstall | ||
| 31106-macos-cis-updates | ||
| 31123-dcv-viewer-fix | ||
| 31143-hosts-gets-configured-before-profiles-are-sent | ||
| 31180-add-ability-to-determine-pin-compliance | ||
| 31193-turn-on-ability-to-set-tpm-pin | ||
| 31286-package-upgrade-fix | ||
| 31372-host-identity-cert-renewal | ||
| 31385-dep-sync-url-incorrect | ||
| 31444-strict-sql-mode | ||
| 31459-null-last-install | ||
| 31591-mdm-batch-timeouts | ||
| 31592-improve-offline-indicator | ||
| 31690-windows-discovery-errors | ||
| add-fmas | ||
| fleetd-extensions-support-arm64 | ||
| issue-25367-os-updates-page-permissions | ||
| issue-29410-turn-on-mdm-styles | ||
| issue-30782-updates-to-UI-for-personally-enrolled-devices | ||
| issue-31057-service-discovery-endpoint | ||
| update-go-1.24.5 | ||