Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/pkg
History
Jordan Montgomery 15b0cf4277
Do not replace EVs in script-only packages (#43606) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #43311

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] Timeouts are implemented and retries are limited to avoid infinite
loops


## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Made environment-variable expansion conditional by package type:
script-only packages no longer expand host env vars during parsing,
while YAML packages still have env vars expanded (expansion errors are
recorded and parsing continues).

* **Tests**
* Added a test to confirm script packages do not expand standard shell
variables during parsing.

* **Chores**
  * Updated changelog entry describing the script-only package fix.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-17 14:02:05 -05:00
..
automatic_policy Don't pass the default deb auto-install policy if install status is e.g. uninstalled (#32005) 2025-08-18 17:37:06 -05:00
buildpkg Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
certificate Add SCEP endpoint for host identity. (#30589) 2025-07-11 11:44:07 -03:00
download Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
file Fix fleetd in-band upgrade on macOS hosts (#42187) 2026-03-27 09:04:14 -03:00
filepath_windows Allow custom osquery database on fleetd (#16554) 2024-02-05 09:41:06 -03:00
fleetdbase Only allow FLEET_DEV_* env vars when --dev is passed, allow overriding configs one at a time in dev (#38652) 2026-01-27 14:32:56 -06:00
fleethttp Added OTEL instrumentation to Fleet's internal HTTP client. (#40568) 2026-02-26 12:49:52 -06:00
fleethttpsig Updated httpsig-go library to 1.2.0 and removed vendored version. (#32426) 2025-08-28 14:28:30 -05:00
mdm Implement clear passcode backend (#43072) 2026-04-07 15:23:59 -05:00
nettest fix RunWithNetRetry (#8590) 2022-11-07 16:31:10 +01:00
open Fix fleetd crash in Apple M5 hardware by upgrading gopsutil (#41940) 2026-03-18 11:21:02 -03:00
optjson Feat/31914 patch policy (#41518) 2026-03-13 16:47:09 -04:00
patch_policy Fix mis-assigned FMA bundle identifiers, switch to fuzzy matching on queries where Windows apps include version number in the name (incl. special fixes for Firefox ESR) (#42628) 2026-04-10 14:13:59 -05:00
race Fix flaky timing test (#23333) 2024-10-29 14:13:17 -03:00
rawjson Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
retry Flakey test - increase retry tolerance (#41434) 2026-03-11 06:19:35 -06:00
scripts Fix windows installer stuck in pending state forever (#22592) 2024-10-02 16:18:37 -04:00
secure Fix orbit crash loop on incorrect file permissions (#40887) 2026-03-06 17:41:31 -03:00
spec Do not replace EVs in script-only packages (#43606) 2026-04-17 14:02:05 -05:00
str Add ability to enable/disable logs by topic (#40126) 2026-02-20 17:22:50 -06:00
testutils Activity bounded context: /api/latest/fleet/activities (1 of 2) (#38115) 2026-01-19 09:07:14 -05:00
README.md Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) 2022-02-14 15:13:44 -03:00

README.md

pkg directory

This top-level pkg directory contains packages that may be shared between all fleet backend components.