Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 121
fleet/changes
History
Victor Lyuboslavsky 4129b52fc6
Prevent deadlocks by adding FOR UPDATE locks (#32173) 
Fixes #31173 

Reproduced and fixed in loadtest environment. Uncovered another source
of deadlocks, filed as a separate:
https://github.com/fleetdm/fleet/issues/32201
- Also, still seeing some deadlocks (a lot fewer) in DB, and they are
hidden from the API results by retries. They may still be happening
because locks happen row by row and not all at once. A potential fix
would be to lock the whole policy_membership table.

Additional frontend fix, which is needed to prevent potential timeouts:
https://github.com/fleetdm/fleet/pull/32212

Backend + frontend fix should be a sufficient fix for this issue
(ignoring the issue with the long software transaction).

Also, this PR contains some refactoring to split out the 1-host use
case.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.

## Testing

- [x] QA'd all new/changed functionality manually


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* Bug Fixes
* Resolved rare deadlocks during concurrent policy updates and bulk
automations.
* Correctly clears stale MDM data and actions on host re-enrollment and
platform changes.
* Performance Improvements
* Optimized policy issue recalculation with per-host updates to reduce
contention.
* Improved concurrency handling for bulk policy updates to avoid lock
contention.
* Reliability
* More robust host enrollment: updates seen time, display name, and
label membership consistently.
* Ensures accurate policy-issue counts after membership changes and
re-enrollment.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-22 12:36:03 -05:00
..
.keep Issue 1009 calculate diff software (#1305) 2021-07-08 13:57:43 -03:00
4498-return-empty-software 4498 empty software (#31940) 2025-08-19 10:38:53 -04:00
21754-fleetctl-api-body-support [fleetctl] api command: support request body, including file uploads (#30806) 2025-07-29 08:15:23 -05:00
25025-dedup-vuln-count Fleet UI: Fix vulns from being counted multiple times in vuln count (#32044) 2025-08-18 17:09:44 -04:00
25636-fma-gitops Add support for install/uninstall script overrides, pre-install query, post-install script in FMA GitOps (#31803) 2025-08-13 07:48:36 -05:00
26382-slsa-attestation-updates SLSA attestation updates (#31833) 2025-08-14 14:52:16 -04:00
26404-stale-false-positive Switch vulns cron false positive clear to clear vulns based on when the vulns run started, rather than based on periodicity (#31364) 2025-07-29 10:14:14 -05:00
27902-linux-last-opened Add support for last opened time for DEB and RPM packages (#31638) 2025-08-12 15:46:04 -07:00
29250-force-filevault-on-login-for-manual-enrollments Enforce FileVault at login when manually enrolled (#31170) 2025-08-01 15:15:11 +02:00
29554-gitops-mode-invalid-url Validate gitops url in frontend and backend (#31243) 2025-08-08 17:08:07 -07:00
29596-labels-platform-change Clear label membership when label platform changes. (#31726) 2025-08-11 21:35:22 +02:00
29769-windows-profiles-with-cdata-escape-fails-to-verify fix windows configuration profile failing to verify if using CDATA escape (#31564) 2025-08-04 17:04:59 +02:00
29795-deleted-policies-still-showing Refactor failing policies total on Host endpoint (#31906) 2025-08-19 13:39:32 -04:00
29833-do-not-log-error-for-missing-eula Do not log error if missing EULA (#31598) 2025-08-05 16:39:49 +02:00
29894-fix-deb-auto-install-query Don't pass the default deb auto-install policy if install status is e.g. uninstalled (#32005) 2025-08-18 17:37:06 -05:00
30154-add-custom-vars-ui UI for managing custom variables (#31875) 2025-08-15 08:24:55 -05:00
30197-automatic-install-policies Automatic install policies in ListHostSoftware (#31469) 2025-08-01 10:22:14 -05:00
30248-custom-cvss-scores Fleet UI: Add custom CVSS scores input fields (#31456) 2025-08-05 16:29:55 -04:00
30357-all-teams-dd-bug Fleet UI: VPP Token All teams option bug fix (#31587) 2025-08-07 09:00:51 -04:00
30384-new-global-activity-when-key-escrowed Added new global activity when disk encryption key is escrowed (#31634) 2025-08-08 12:14:48 -04:00
30390-cert-country Fixed issue ingesting certs with long country codes. (#31443) 2025-07-31 23:06:36 +02:00
30455-errorstore-panic Fixed potential panic in error handler when Redis is down. (#31643) 2025-08-06 17:14:31 +02:00
30526-update-run-script-modal UI for scheduling batch scripts (#31885) 2025-08-14 10:10:45 -05:00
30565-cron-errors Skip software installers for which we can't, or don't need to, parse package IDs/create uninstall scripts (#31347) 2025-07-28 13:58:19 -05:00
30660-enforce-idp-authentication-for-byod-enrollment IdP Authentication before BYOD (#32017) 2025-08-18 18:31:53 +02:00
30746-remove-unintended-broken-sort Fleet UI: Remove unintended broken sort on type column (#31264) 2025-07-28 09:08:34 -04:00
30803-os-icon-bug-fix Fleet UI: Fix OS vs. Software icon bug (#31911) 2025-08-14 13:18:24 -04:00
30853-fail-unknown-declaration-type-ddm-errors Fail DDM profiles if response is UnknownDeclarationType (#31606) 2025-08-06 14:38:25 +02:00
30853-gitops-secrets-validation Removed fleet secret validation during gitops dry runs (#31402) 2025-07-30 13:12:39 -05:00
30857-pending-script-unlock-cancellation-not-respected Fix pending unlock not going away after canceling unlock script (#31644) 2025-08-06 14:38:50 +02:00
30879-host-uuid-for-windows-profiles Added support of $FLEET_VAR_HOST_UUID in Windows MDM configuration profiles (#31695) 2025-08-10 12:24:38 +02:00
30918-calendar-webhook-authz Speculative fix for calendar/webhook authz issue (#31642) 2025-08-07 17:30:56 +02:00
31055-secrets-in-ui-backend Add backend APIs for adding, deleting and listing secret variables (#31936) 2025-08-14 19:33:47 -03:00
31106-macos-cis-updates Updating CIS policies for macOS 15, 14, and 13 (#31553) 2025-08-07 08:24:01 +02:00
31143-hosts-gets-configured-before-profiles-are-sent Wait for expected profiles to be sent before releasing device (#31381) 2025-07-31 17:50:57 +02:00
31173-fix-policy-deadlocks Prevent deadlocks by adding FOR UPDATE locks (#32173) 2025-08-22 12:36:03 -05:00
31180-add-ability-to-determine-pin-compliance Added ability to determine if TPM PIN is set (#31622) 2025-08-07 13:55:44 -04:00
31193-turn-on-ability-to-set-tpm-pin Ability to set TPM PIN protector policy on host. (#31484) 2025-08-01 13:32:19 -04:00
31212-surface-linux-kernel-vulns Fleet UI: Add Linux kernel vulns card/table (#31840) 2025-08-14 09:30:49 -04:00
31224-scripts-page-updates UI for scheduling batch scripts (#31885) 2025-08-14 10:10:45 -05:00
31240-omit-batch-scripts-from-feed Omit batch host script executions from global activities (#31617) 2025-08-11 16:43:20 -04:00
31268-last-opened Show "Never" or "Not supported" on last opened time on software as appropriate (#31603) 2025-08-13 13:14:09 -05:00
31282-add-incompatible-filter-for-hosts Add "incompatible with script" filter for hosts (#31868) 2025-08-14 11:55:19 -05:00
31286-package-upgrade-fix Move 31286 changes file. (#31327) 2025-07-30 07:24:43 +02:00
31291-linux-lock-script On lock, drop GDM Ubuntu into text mode to work around blank/unresponsive screen. (#32100) 2025-08-21 13:55:00 -05:00
31343-blank-email-on-failed-login-activity Use proper prefix for user_failed_login activity (#32092) 2025-08-20 17:39:57 -04:00
31372-host-identity-cert-renewal Host identity cert renewal (#31372) 2025-07-30 16:46:36 +02:00
31444-strict-sql-mode Updated SQL modes in tests to match production. (#31445) 2025-08-03 08:18:13 +02:00
31474-remove-incorrect-cves #31474 MSRC has incorrectly named CVEs. This PR removes them from the generated file. (#31851) 2025-08-21 12:41:53 -04:00
31477-secrets-in-macos-profiles Fix GitOps dry run issue with validating profiles with secrets (#32104) 2025-08-22 09:37:12 -05:00
31521-batch-script-cron-schedule Batch script cron schedule (#31808) 2025-08-14 14:44:47 -04:00
31532-cancel-batch-activity Cancel batch execution API (#31757) 2025-08-11 15:17:57 -04:00
31567-allow-canceling-from-modal UI for scheduling batch scripts (#31885) 2025-08-14 10:10:45 -05:00
31571-fix-panic-all-teams-software Fix server panic with all teams software titles (#31746) 2025-08-08 17:49:32 -03:00
31592-improve-offline-indicator Fixes to the offline indicator (#31685) 2025-08-07 16:24:13 -03:00
31623-add-new-batch-script-endpoints Add "batch script execution status" and "list batch script executions" endpoints (#31689) 2025-08-08 13:24:48 -05:00
31690-windows-discovery-errors Added additional logging information for Windows MDM discovery endpoint. (#31691) 2025-08-07 17:05:15 +02:00
31721-missing-tar-summary-card Fleet UI: Re-add missing tarballs summary card (#32056) 2025-08-18 17:14:20 -04:00
31736-fleetctl-debug-binary-output Don't flood the terminal with binary output when downloading pkg (#32081) 2025-08-20 12:16:53 -04:00
31932-last-opened-at When iterating through softwares LastOpenedAt timestamp is copied as to not modify original records (#31946) 2025-08-15 09:44:01 -05:00
issue-25367-os-updates-page-permissions dont show os updates page for users who are not global admin or the team admin (#31410) 2025-07-31 12:04:06 +01:00
issue-27467-add-cells-to-cert-table add columns to host details and my device certificates table (#31701) 2025-08-13 14:01:38 +01:00
issue-29410-turn-on-mdm-styles change button styles for turn on mdm info banner (#31374) 2025-08-01 15:36:03 +01:00
update-go-1.24.6 Update Go to 1.24.6 (#31784) 2025-08-12 08:10:05 -03:00