From dd86d61b79b9106c3483b1c637d1ee66e85341f8 Mon Sep 17 00:00:00 2001 From: Luke Heath Date: Fri, 11 Oct 2024 10:52:20 -0500 Subject: [PATCH] Prepare Fleet v4.57.3 --- CHANGELOG.md | 6 ++ changes/22829-nudge-500-fix | 1 - charts/fleet/Chart.yaml | 2 +- charts/fleet/values.yaml | 2 +- .../dogfood/terraform/aws/variables.tf | 2 +- .../dogfood/terraform/gcp/variables.tf | 2 +- new_changelog | 102 ++++++++++++++++++ terraform/addons/vuln-processing/variables.tf | 4 +- terraform/byo-vpc/byo-db/byo-ecs/variables.tf | 4 +- terraform/byo-vpc/byo-db/variables.tf | 4 +- terraform/byo-vpc/example/main.tf | 2 +- terraform/byo-vpc/variables.tf | 4 +- terraform/example/main.tf | 4 +- terraform/variables.tf | 4 +- tools/fleetctl-npm/package.json | 4 +- 15 files changed, 127 insertions(+), 20 deletions(-) delete mode 100644 changes/22829-nudge-500-fix create mode 100644 new_changelog diff --git a/CHANGELOG.md b/CHANGELOG.md index f51c1b85c610..57d307de1a3a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## Fleet 4.57.3 (Oct 11, 2024) + +### Bug fixes + +* Fixed Orbit configuration endpoint returning 500 for Macs running Rapid Security Response macOS releases that are enrolled in OS major version enforcement, + ## Fleet 4.57.2 (Oct 02, 2024) ### Bug fixes diff --git a/changes/22829-nudge-500-fix b/changes/22829-nudge-500-fix deleted file mode 100644 index 439923c534fd..000000000000 --- a/changes/22829-nudge-500-fix +++ /dev/null @@ -1 +0,0 @@ -* Fixes Orbit configuration endpoint 500s for Macs running Rapid Security Response macOS releases that are enrolled in OS major version enforcement diff --git a/charts/fleet/Chart.yaml b/charts/fleet/Chart.yaml index 8e6b21efb87c..35e3c9c5d5c8 100644 --- a/charts/fleet/Chart.yaml +++ b/charts/fleet/Chart.yaml @@ -8,7 +8,7 @@ version: v6.2.0 home: https://github.com/fleetdm/fleet sources: - https://github.com/fleetdm/fleet.git -appVersion: v4.57.2 +appVersion: v4.57.3 dependencies: - name: mysql condition: mysql.enabled diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml index bae0fdf7eea4..dfa0df541aa7 100644 --- a/charts/fleet/values.yaml +++ b/charts/fleet/values.yaml @@ -3,7 +3,7 @@ hostName: fleet.localhost replicas: 3 # The number of Fleet instances to deploy imageRepository: fleetdm/fleet -imageTag: v4.57.2 # Version of Fleet to deploy +imageTag: v4.57.3 # Version of Fleet to deploy podAnnotations: {} # Additional annotations to add to the Fleet pod serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account resources: diff --git a/infrastructure/dogfood/terraform/aws/variables.tf b/infrastructure/dogfood/terraform/aws/variables.tf index abffd267e536..f2d16185c9cd 100644 --- a/infrastructure/dogfood/terraform/aws/variables.tf +++ b/infrastructure/dogfood/terraform/aws/variables.tf @@ -56,7 +56,7 @@ variable "database_name" { variable "fleet_image" { description = "the name of the container image to run" - default = "fleetdm/fleet:v4.57.2" + default = "fleetdm/fleet:v4.57.3" } variable "software_inventory" { diff --git a/infrastructure/dogfood/terraform/gcp/variables.tf b/infrastructure/dogfood/terraform/gcp/variables.tf index 60ecb3c8836f..068a01b0a2a7 100644 --- a/infrastructure/dogfood/terraform/gcp/variables.tf +++ b/infrastructure/dogfood/terraform/gcp/variables.tf @@ -68,7 +68,7 @@ variable "redis_mem" { } variable "image" { - default = "fleetdm/fleet:v4.57.2" + default = "fleetdm/fleet:v4.57.3" } variable "software_installers_bucket_name" { diff --git a/new_changelog b/new_changelog new file mode 100644 index 000000000000..7dea895887d9 --- /dev/null +++ b/new_changelog @@ -0,0 +1,102 @@ + +- Fix "no rows" error when adding a software installer that matches an existing title's name and source but not its bundle ID + +* GitOps script and software installer relative paths are now always relative to the file they're in. This change breaks existing YAML files that had to account for previous inconsistent behavior (e.g. script paths declared in no-team.yml being relative to default.yaml one directory up). + +* Fixed an issue with the migration adding support for multiple VPP tokens that would happen if a token is removed prior to upgrading Fleet. + +Added SCEP proxy for Windows NDES (Network Device Enrollment Service) AD CS server, which allows devices to request certificates. + +- Fix UI flow for observers to easily query hosts from the host details page + +- UI: Remove redundant built in label filter pills + +- Adds the `POST /software/fleet_maintained` endpoint for adding Fleet-maintained apps. + +- Add endpoint to retrieve details on fleet maintained app + +* Added support for uploading RPM packages. + +* Show the 'Unsupported screen size' UI on the My device page + +* Ensure request timeouts for software installer edits are just as high as for initial software installer uploads + +- Fix bug with label display names always sentence casing + +* Update success messages for lock, unlock, and wipe commands in the UI. + +- Fixes a bug where a profile wouldn't be removed from a host if it was deleted or if the host was + moved to another team before the profile was installed on the host. + +* Documented that Microsoft enrollments have less fields filled in the `mdm_enrolled` activity due to how this MDM enrollment flow is implemented. + +* Restrict width of policy description wrappers for better UI + +* Fix MSRC feed pulls (for NVD release builds) in environments where GitHub access is authenticated + +* Record which policy automation triggered a script run in the activity feed + +- UI cleanup: Host details about section condenses information into fewer columns at smaller widths + +- Fixes a bug where removing a VPP or ABM token from a GitOps YAML file would leave the team + assignments unchanged. + +- Fleet UI: Fix host software filter bug that resets dropdown filter on table changes (pagination, order by column, etc) + +- Add API endpoint to list team available Fleet-maintained apps + +- Update UI for software uploads to include upload progress bar. + +* Show software install activities from policy automations as authored by "Fleet", store policy ID and name on each activity + +- add UI for adding fleet maintained apps + +- added builtin label for Fedora Linux. Warning: migrations will fail if a pre-existing 'Fedora Linux' label exists. To resolve, delete the existing 'Fedora Linux' label. + +- Hide CVSS severity column from Fleet Free software details > vulnerabilities sections + +- Updates the guide for MDM migration to include the new UX in fleetd. + +- Increased performance for Host details and Fleet Desktop, particularly in environments using high volumes of live queries + +* Fixes Orbit configuration endpoint 500s for Macs running Rapid Security Response macOS releases that are enrolled in OS major version enforcement + +- updated activity cleanup job to remove all expired live queries to improve API performance in environment using large volumes of live queries. To note, the cleanup cron may take longer on the first run after upgrade. + +- change add software modal to be seperate pages in Fleet UI + +- Fix UI bug: Edit team name closes modal + +* Update UI to remove leading/trailing whitespace when creating or editing team or query names. + +- UI Improvements to selecting live query targets (e.g. styling, closing behavior) + +- Improved performance of SQL queries used to determine MDM profile status for Apple hosts. + +- UI fix: Switching vulnerability search types does not cause page re-render + +* Return 409 instead of 500 when trying to delete an installer associated with a policy automation. + +* Fixed software uninstaller script for `pkg`s to only remove '.app' directories installed by the package. + +- Fleet UI: Fix policy automation truncation when selecting software to auto-install + +* Added the definition of the Fleet maintained apps and its ingestion. + +- battery health definitions now defined as cycle counts greater than 1000 or max capacity falling under 80% of designed capacity for macOS and Windows + +- Fixed UI design bug where software package file name was not displayed as expected. + +- Windows host details now include battery status +- UI includes information on how battery health is defined + +* Fixed a bug where policy failures of a host were not being cleared in the host details page after configuring the host to not run any policies. + +* Fix a small UI bug where a button overlapped some copy. + +* Add ability to trigger script run on policy failure + +- Fleet UI: Surface duplicate label name error to user + +- show proper software icon for chrome packages + diff --git a/terraform/addons/vuln-processing/variables.tf b/terraform/addons/vuln-processing/variables.tf index 47699e329bd7..daaa9e96dad6 100644 --- a/terraform/addons/vuln-processing/variables.tf +++ b/terraform/addons/vuln-processing/variables.tf @@ -24,7 +24,7 @@ variable "fleet_config" { vuln_processing_cpu = optional(number, 2048) vuln_data_stream_mem = optional(number, 1024) vuln_data_stream_cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.57.2") + image = optional(string, "fleetdm/fleet:v4.57.3") family = optional(string, "fleet-vuln-processing") sidecars = optional(list(any), []) extra_environment_variables = optional(map(string), {}) @@ -82,7 +82,7 @@ variable "fleet_config" { vuln_processing_cpu = 2048 vuln_data_stream_mem = 1024 vuln_data_stream_cpu = 512 - image = "fleetdm/fleet:v4.57.2" + image = "fleetdm/fleet:v4.57.3" family = "fleet-vuln-processing" sidecars = [] extra_environment_variables = {} diff --git a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf index 95b18363e06f..2c9d0edaf46d 100644 --- a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf +++ b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf @@ -16,7 +16,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.57.2") + image = optional(string, "fleetdm/fleet:v4.57.3") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -119,7 +119,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.57.2" + image = "fleetdm/fleet:v4.57.3" family = "fleet" sidecars = [] depends_on = [] diff --git a/terraform/byo-vpc/byo-db/variables.tf b/terraform/byo-vpc/byo-db/variables.tf index afd4feb3155e..0fb01d16dfd9 100644 --- a/terraform/byo-vpc/byo-db/variables.tf +++ b/terraform/byo-vpc/byo-db/variables.tf @@ -77,7 +77,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.57.2") + image = optional(string, "fleetdm/fleet:v4.57.3") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -205,7 +205,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.57.2" + image = "fleetdm/fleet:v4.57.3" family = "fleet" sidecars = [] depends_on = [] diff --git a/terraform/byo-vpc/example/main.tf b/terraform/byo-vpc/example/main.tf index b42330665848..2ba565635328 100644 --- a/terraform/byo-vpc/example/main.tf +++ b/terraform/byo-vpc/example/main.tf @@ -17,7 +17,7 @@ provider "aws" { } locals { - fleet_image = "fleetdm/fleet:v4.57.2" + fleet_image = "fleetdm/fleet:v4.57.3" domain_name = "example.com" } diff --git a/terraform/byo-vpc/variables.tf b/terraform/byo-vpc/variables.tf index 4687190e854c..875145352ba1 100644 --- a/terraform/byo-vpc/variables.tf +++ b/terraform/byo-vpc/variables.tf @@ -170,7 +170,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.57.2") + image = optional(string, "fleetdm/fleet:v4.57.3") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -298,7 +298,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.57.2" + image = "fleetdm/fleet:v4.57.3" family = "fleet" sidecars = [] depends_on = [] diff --git a/terraform/example/main.tf b/terraform/example/main.tf index 4358f56d7082..3981afc1bc93 100644 --- a/terraform/example/main.tf +++ b/terraform/example/main.tf @@ -63,8 +63,8 @@ module "fleet" { fleet_config = { # To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror - # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.57.2" - image = "fleetdm/fleet:v4.57.2" # override default to deploy the image you desire + # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.57.3" + image = "fleetdm/fleet:v4.57.3" # override default to deploy the image you desire # See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling # memory and cpu. autoscaling = { diff --git a/terraform/variables.tf b/terraform/variables.tf index 5a78fe962ce5..9b81f39ef187 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -218,7 +218,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.57.2") + image = optional(string, "fleetdm/fleet:v4.57.3") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -346,7 +346,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.57.2" + image = "fleetdm/fleet:v4.57.3" family = "fleet" sidecars = [] depends_on = [] diff --git a/tools/fleetctl-npm/package.json b/tools/fleetctl-npm/package.json index 12d46373829f..42b59441c5d5 100644 --- a/tools/fleetctl-npm/package.json +++ b/tools/fleetctl-npm/package.json @@ -1,6 +1,6 @@ { "name": "fleetctl", - "version": "v4.57.2", + "version": "v4.57.3", "description": "Installer for the fleetctl CLI tool", "bin": { "fleetctl": "./run.js" @@ -24,4 +24,4 @@ "osquery", "security" ] -} +} \ No newline at end of file