Jordan Montgomery 227e94de5b 🤖 Chore: remove deprecated appendListOptionsWithCursorToSQL (#44385) ... <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #44723 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters. - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [ ] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Strengthened validation of sorting/order parameters across many list and cursor-based endpoints — unsupported sort keys now return explicit errors and prevent unsafe queries. * Labels listing: label-list pagination query name changed; ordering by host_count is rejected when host counts are disabled (validated at request parsing). * **Tests** * Added/expanded tests covering allowed order keys, rejection of unknown keys, and pagination behavior for multiple listing APIs. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>		2026-05-05 10:26:47 -04:00
..
.keep	Issue 1009 calculate diff software (#1305)	2021-07-08 13:57:43 -03:00
33557-inconsistent-team-name-conflicts	Enforce consistent fleet name uniqueness across UI and GitOps (#33557)	2026-04-23 16:44:09 -04:00
34464-gitops-dry-run-manual-agent-install-script-conflict	Fix gitops dry-run to catch manual_agent_install + macos_script conflict (#44432)	2026-05-04 15:32:21 -04:00
34924-expired-license-cli-banner	Fixed bug with about to expire CLI banner (#34924)	2026-05-04 07:17:08 -04:00
35171-macos-15-cis-2.0.0	Update macOS 15 to CIS Benchmark 2.0.0 (#43909)	2026-04-23 16:17:34 -04:00
35172-macos-14-cis-3.0	macOS 14 CIS benchmark v3.0.0 update (#43797)	2026-04-23 12:56:38 -04:00
35173-cis-macos-26-v1	Add macOS 26 Tahoe CIS benchmark v1.0.0 (#44090)	2026-04-29 17:15:25 -04:00
35483-empty-states	Fleet UI: New empty states (#43896)	2026-04-27 17:54:34 -05:00
36976-activities-for-labels	Add activities for user actions on labels (#44522)	2026-05-01 10:19:45 -03:00
37142-local-admin-password-rotation	43885: MLAPR migration + UUID capture (#44244)	2026-04-29 11:14:50 -04:00
38348-allow-saving-invalid-sql	Allow saving policies with invalid SQL (#38348) (#43952)	2026-04-22 14:22:33 -04:00
38647-remove-duplicate-disk-encryption-activity	remove unused disk encryption type (#42974)	2026-04-08 17:05:25 -05:00
38785-windows-setup-experience-cancel	Revert "Partial revert of #38785 work-in-progress (#44061)" (#44285)	2026-04-28 13:35:50 -05:00
39016-upload-custom-org-logo	Add ability to upload custom org logos (#44390)	2026-05-05 14:42:52 +02:00
39570-clear-passcode	Implement clear passcode backend (#43072)	2026-04-07 15:23:59 -05:00
40322-fix-ddm-pending-issues	Fix various DDM stuck remove/pending issues (#43382)	2026-04-22 13:05:09 -06:00
40322-make-ddm-name-check-case-insensitive	make DDM name check case insensitive (#43347)	2026-04-21 08:31:30 -06:00
40459-wipe-host-cancels-upcoming-activities	Wipe host cancels all upcoming activities (#44323)	2026-05-01 14:01:46 -06:00
40623-failed-enrollment-renewal	produce failed enrollment renewal activity (#44511)	2026-05-01 11:38:08 -06:00
40702-simplif-os-modal	simplify OS modal (#43252)	2026-04-09 16:30:15 -05:00
40856-eula-upload-updated-to-default-max-request-body-size-and-error	Updated eula pdf upload size check to default max request body size (#43517)	2026-04-23 16:01:09 +01:00
40905-update-default-automatic-enrollment-profile	updated default profile, added endpoint for seeing what default is applied (#44236)	2026-04-28 07:38:15 -06:00
40952-fallback-team-script-execution-timeout-to-global	Bugfix: fallback the script execution timeout from agent options to global if not set for team (#43911)	2026-04-22 12:00:58 -04:00
41147-update-input-action-buttons	Update input action buttons app wide (#43906)	2026-04-21 17:54:05 -06:00
41167-skip-bootstrap-clear-on-cert-renewal	don't clear bootstrap token when doing MDM cert renewals (#43098)	2026-04-13 14:37:05 -06:00
41381-eua-ms-installer	Added EUA to the Fleet MSI installer (#43295)	2026-04-13 12:17:23 -05:00
41565-policy-report-new-scopes-frontend	Add include_all label scope UI to policies and reports (#41565)	2026-05-04 07:16:09 -04:00
41568-enroll-page-enroll-button-update-to-full-width-for-larger-res-mobiles	Enroll page media screen max width updated (#43666)	2026-04-23 13:57:41 +01:00
41592-eua-broken-with-custom-apple-mdm-url‎	redirect to correct URL, and allow both URLs for MDM SSO SAML validation if set (#44156)	2026-04-29 08:43:58 -06:00
41676-update-APNS-cert-invalid-domain-error-message	41676 updated apple crs invalid domain error message (#43396)	2026-04-23 16:44:23 +01:00
41753-policy-details-page	Fleet UI: Policy details page followup (#43324)	2026-04-10 09:43:42 -04:00
42103-accept-89-on-profile-removal	accept 89 error on RemoveProfile as valid (#43172)	2026-04-07 15:23:37 -05:00
42240-add-gitops-stats	Adding gitOpsModeEnabled and gitOpsModeExceptions to anonymous statistics payload (#44161)	2026-04-27 08:28:49 -03:00
42290-wipe-activity	Windows wipe failed acivitiy (#43795)	2026-04-22 17:53:59 -05:00
42405-android-onc-after-cert	Android Wi-Fi profile withheld until cert installed on device (#42877)	2026-04-07 16:26:09 -05:00
42427-cleanup-stale-mdm-profiles	Fixed stale MDM profiles after MDM toggle (#43719)	2026-04-20 09:23:55 -05:00
42440-renew-ab-tokens-gitopsmode-dropdown-fix	updated AB tokens renew and delete options to enabled in gitops mode (#43510)	2026-04-27 17:45:34 +01:00
42477-gitops-dry-run-label-platform	Validate label platform during gitops --dry-run (#42477) (#44594)	2026-05-04 07:18:07 -04:00
42494-android-pubsub-panic-deleted-host	Fixed Android pubsub panic when host was deleted (#43788)	2026-04-21 16:01:51 -05:00
42545-skip-noop-host-writes	Don't update host values that didn't change (reduce writer load) (#43992)	2026-04-24 10:46:47 -05:00
42545-windows-profile-delete-batching	Reworked Windows profile delete batching (#44047)	2026-04-24 11:42:59 -05:00
42545-windows-profile-reconciliation-batching	Improved the performance of Windows MDM profile reconciliation (#44075)	2026-04-28 15:37:43 -05:00
42568-host-policy-empty-state	Fleet UI: Improve host policy empty modal (#43805)	2026-04-21 09:09:37 -04:00
42607-gitops-dry-run-empty-software	Short-circuit for empty software config in Gitops dry run (#44405)	2026-04-29 14:54:49 -04:00
42675-conditional-download-cache	Add cache option for software packages to skip re-downloading unchanged content (#42216)	2026-04-14 13:01:33 -05:00
42741-fix-goval-dictionary-fd-leak	Fix FD leak in goval_dictionary Analyze (#42741) (#43983)	2026-04-29 12:31:04 -04:00
42751-r2-fma	🤖 Add fallback for FMA manifest URL pulls (#43312)	2026-04-09 17:36:18 -05:00
42879-api-only-user-management-ui	[Frontend] Create API-only users that only have access to customer-defined Fleet API endpoints (#43281)	2026-04-20 09:18:02 -04:00
42881-api-endpoints-initial-models	API endpoints initial models (#42881)	2026-04-07 10:40:39 -04:00
42882-42880-42884-allow-creation-of-api-only-users	Allow the creation of API-only users (#43440)	2026-04-16 11:11:39 -04:00
42883-api-endpoint-for-listing-rest-api-endpoints	Implement GET /api/v1/fleet/rest_api (#42883)	2026-04-10 11:12:38 -04:00
42885-api-only-endpoints-middleware	Added middleware for api-only users auth (#43772)	2026-04-21 07:11:33 -04:00
42972-add-fleetctl-msi-to-release	Build fleetctl MSI packages (#43403)	2026-04-29 17:09:19 -05:00
42979-fix-for-multi-team-user	Fix UserMenu.tsx for multi-team user (#43059)	2026-04-07 08:13:18 -03:00
43070-fix-exceptions-padding	Update class on exceptions field to fix padding (#43927)	2026-04-22 11:53:31 -05:00
43114-pagination-bug	Fleet UI: Fix page oscillation (#43151)	2026-04-07 14:31:07 -04:00
43135-fix-stale-label-hosts	Fix: Label shows outdated manually selected host after navigating back to the Edit page (#44216)	2026-04-27 21:09:28 +02:00
43142-script-package-icon-gitops	Allow icon in team level yaml for script-only packages (#43783)	2026-04-20 16:56:23 -04:00
43162-software-table-bookmarkable-page	Fleet UI: Fix software table bookmarkability for pages (#43166)	2026-04-07 15:59:48 -04:00
43222-support-fleet-variables-in-ddm	DDMV: Support Fleet variables in DDM (#43222)	2026-04-20 09:14:52 -04:00
43228-dont-send-account-configuration-for-non-mac	don't send AccountConfiguration for non macs (#44085)	2026-04-24 09:40:52 -06:00
43311-script-only-pkg-gitops	Do not replace EVs in script-only packages (#43606)	2026-04-17 14:02:05 -05:00
43341-gitops-mode-wonkiness	Fleet UI: Fix gitops mode wonkiness (#43428)	2026-04-14 09:31:34 -04:00
43342-improved-button-link-styling	Fleet UI: Improve internal links/buttons (#43470)	2026-04-14 09:30:26 -04:00
43389-patch-policy-gitops-bugs	Fix patch policy bugs (#43420)	2026-04-10 21:42:14 -04:00
43484-msi-docker-on-arm64	Use Docker as default WiX runtime on macOS arm64 (#43715)	2026-04-21 10:53:46 -05:00
43591-fix-stale-host-activities	Fix: Navigating to a a new host displays activity feed for a previously opened host details page (#44218)	2026-04-27 19:06:06 +02:00
43659-script-only-hash-ref-preserves-install-script	Fix script-only packages not setting install script file (#44299)	2026-04-28 13:37:03 -04:00
43688-fix-text-alignment-issues	Fleet UI: Fix dataset text alignment (#44659)	2026-05-05 08:50:18 -04:00
43738-duplicate-installers	🤖 Fix GitOps leaving duplicate software installer rows (#43903)	2026-04-22 13:48:56 -04:00
43767-delete-label-error-msg	Fleet UI: Improved error message when deleting a label that is for targeting a software installation (#44320)	2026-04-28 15:53:28 -04:00
43769-added-charts-to-dashboard	Add dashboard charts frontend (#43878)	2026-04-23 19:36:11 -05:00
43910-implement-chart-module	Dashboard charts backend (#43910)	2026-04-23 12:43:23 -05:00
43928-host-by-nodekey-cache	Redis-backed cache for host-by-key lookups (#43936)	2026-05-01 12:06:16 -05:00
43955-gitops-escape-json-in-vars	Bugfix: escape characters not supported in JSON when resolving variables (#43955)	2026-04-23 10:34:12 -06:00
43959-duplicate-installers	Check for duplicate linux software installers (#44234)	2026-04-27 17:14:47 -04:00
43978-fma-sync-bundle-identifier-index	Added an index on software.bundle_identifier (#43979)	2026-04-22 14:30:43 -05:00
44071-team-transfer-race-with-update-host	Fixed a race where a host could silently revert to its previous team (#44074)	2026-04-24 14:34:37 -05:00
44084-fix-install-loop-on-deleted-installer	Bound orbit retries on missing installer details to 5 mins (#44284)	2026-04-28 12:58:10 -04:00
44124-add-vulnerabilities-chart	Add Vulnerabilities exposure dataset (#44124)	2026-04-29 09:30:31 -05:00
44127-remove-unused-windows_updates	Remove unused windows_updates MySQL table and ingestion (#44128)	2026-04-24 15:21:34 -03:00
44170-list-mdm-commands-perf	Fixed GET /api/v1/fleet/commands timeout in large Fleet deployments (#44297)	2026-04-30 15:44:19 -05:00
44189-host-profile-perf	Windows MDM improved host profile status performance (#44225)	2026-04-27 20:09:27 -05:00
44190-mdm-queue-cleanup	Periodic background job to cleanup Windows MDM command queue (#44458)	2026-05-04 11:32:45 -05:00
44194-team-bitlocker-windows-only	Enable disk encryption when only Windows MDM is configured. (#44462)	2026-05-01 09:19:34 -05:00
44198-ios-refetch-defensive-decoding	🤖 #44198: Add guards on iOS/iPadOS refetch paths (#44205)	2026-04-27 12:02:34 -04:00
44242-fleetctl-vuln-data-stream-osv	fleetctl vulnerability-data-stream to download OSV data (#44260)	2026-04-30 10:46:51 -06:00
44252-unable-to-edit-existing-user-to-use-2fa-422-error	Fixed patch logic on EditUperPage component (#44302)	2026-04-28 13:24:24 -04:00
44298-fix-goquery-dependency-side-effects	Fix issue with fleet's docker image in k8s environments (#44373)	2026-04-29 11:19:13 -03:00
44422-list-mdm-commands-host-identifier-after	Fixed GET /api/v1/fleet/commands timeout in large Fleet deployments (#44297)	2026-04-30 15:44:19 -05:00
44533-request-pem-certificate	Allow returning x509 PEM cert instead of PEM-encoded PKCS7 envelope from request_certificate endpoint (#44541)	2026-05-04 09:51:50 -04:00
415640-policy-reports-new-custom-option	Add include_all label scope to policies and reports (#44305)	2026-04-30 11:28:30 -04:00
cleanup-list-opts	🤖 Chore: remove deprecated appendListOptionsWithCursorToSQL (#44385)	2026-05-05 10:26:47 -04:00
docs-read-replica-config-clarity	Docs: Clarify MySQL read replica config is independent from primary (#43013)	2026-04-08 17:43:14 -05:00
fix-android-host-software-filter	fix(android): remove tautological NCR filter in hostVPPInstalls (#42873)	2026-04-30 15:30:19 +01:00
fix-hosts-in-label-filtering	Fix filtering in /api/v1/fleet/labels/:id/hosts endpoint (#44293)	2026-04-29 10:43:39 -03:00
fix-mdm-commands-filtering	Improve filtering on commands endpoints (#44426)	2026-04-29 16:08:49 -04:00
input-field-to-ts	🤖 Switch InputField + InputFieldWithIcon JSX components to TS, add more test coverage, fix Storybook build (#43307)	2026-04-09 08:41:48 -05:00
issue-40809-bitlocker-loop	Bitlocker: do not decrypt already encrypted drive. (#43130)	2026-04-09 18:33:03 -04:00
ts6	Update to TypeScript 6.0 (#43141)	2026-04-09 08:28:59 -05:00
turn-off-prom-in-dev-mode	Don't turn Prometheus on in --dev mode (#43129)	2026-04-07 12:01:26 -05:00
update-go-1.26.2	Update go to 1.26.2 and update tooling to update it (#43771)	2026-04-20 13:40:57 -03:00