Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/tools/mdm/migration/mdmproxy
History
Sharon Katz 6032c137e5
Bump Alpine base image to 3.23.4 to resolve openssl/musl/zlib CVEs (#43671) (#44097) 
Resolves #43671.

Bumps the Alpine base image from 3.23.3 to 3.23.4 in the Dockerfiles
that produce published images, picking up patched openssl, musl, and
zlib packages. Follows the same pattern as #38977.

### CVEs resolved
- HIGH: CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31790,
CVE-2026-2673, CVE-2026-40200
- MEDIUM: CVE-2026-27171, CVE-2026-6042, CVE-2026-22184

### Test plan
- CI image build passes.
- Trivy/ECR scan on the resulting fleetdm/fleet image confirms the nine
listed CVEs are gone.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Updated Docker base images to Alpine 3.23.4 across infrastructure and
deployment components for improved stability and security.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-23 23:15:53 -03:00
..
Dockerfile Bump Alpine base image to 3.23.4 to resolve openssl/musl/zlib CVEs (#43671) (#44097) 2026-04-23 23:15:53 -03:00
entrypoint.sh MDM proxy for seamless migrations (#19779) 2024-06-25 09:31:48 -07:00
mdmproxy.go Add gosimple linter (#23250) 2024-10-29 14:17:51 -05:00
mdmproxy_test.go MDM proxy for seamless migrations (#19779) 2024-06-25 09:31:48 -07:00
README.md Add --check flag to mdmproxy (#21094) 2024-08-07 10:18:39 -07:00

README.md

Proxy for MDM requests used in seamless migrations, as described in https://github.com/fleetdm/fleet/issues/19387.

Usage

Usage of ./mdmproxy:
  -auth-token string
        Auth token for remote flag updates (remote updates disabled if not provided)
  -existing-hostname string
        Hostname for existing MDM server (eg. 'mdm.example.com') (required)
  -existing-url string
        Existing MDM server URL (full path) (required)
  -fleet-url string
        Fleet MDM server URL (full path) (required)
  -migrate-percentage int
        Percentage of clients to migrate from existing MDM to Fleet
  -migrate-udids string
        Space/newline-delimited list of UDIDs to migrate always
  -server-address string
        Address for server to listen on (default ":8080")

Example invocation

mdmproxy --migrate-udids '' --auth-token foo --existing-url https://3.14.233.249 --existing-hostname micromdm.example.com --fleet-url https://example.cloud.fleetdm.com --migrate-percentage 0

Check migration status

To check the migration status for a given UDID, provide the --migrate-udids and --migrate-percentage flags with the --check flag:

$ go run . --migrate-percentage=50 --check E5C6DBBA-D5CC-4DB6-9560-995F17FB7A59
E5C6DBBA-D5CC-4DB6-9560-995F17FB7A59 IS NOT migrated
$ go run . --migrate-percentage=50 --check 575424CB-09D7-4CAD-8A7A-D3511FE8A7E2
575424CB-09D7-4CAD-8A7A-D3511FE8A7E2 IS migrated

When the --check flag is used, the program prints the migration status and exits. The server is not started.