fleetdm · lukeheath · Nov 27, 2024 · Nov 18, 2024 · Nov 26, 2024 · Nov 26, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,43 @@
+## Fleet 4.60.0 (Nov 26, 2024)
+
+### Endpoint operations
+- Users are now prompted to reenter the password in the Fleet UI if SCEP/NDES URL or username has changed.
+- Users can now view scripts in the UI without downloading them.
+- Creating a query now allows users to turn on/off automations transparently regarding the current log destination.
+- Fixed path resolution for installer queries and scripts to always be relative to where the query file or script is referenced. This change may break existing YAML files that had to account for previous inconsistent behavior.
+- Added support for deb packages compressed with zstd.
+- Updated GitOps to return an error if the deprecated `apple_bm_default_team` key is used and there are more than 1 ABM tokens in Fleet.
+- Add UI for allowing users to install custom profiles on hosts that include any of the defined labels.
+- Improved memory usage of the Fleet server when uploading a large software installer file.
+
+### Device management (MDM)
+- Fixed a bug where users could attempt to install an App Store app on a host that was not MDM enrolled.
+- Fixed MDM configuration profiles deployment when based on excluded labels.
+- Dismissed error flash on the my device page when navigating to another URL.
+- Fixed an issue where the create and update label endpoints could return outdated information in a deployment using a MySQL replica.
+- Added indicator of how fresh a software title's host and version counts are on the title's details page.
+- Reboot linux machine on unlock to work around GDM bug on Ubuntu.
+- Cancelled pending script executions when a script is edited or deleted.
+- Fix some cases where Fleet Maintained Apps generated incorrect uninstall scripts.
+
+### Vulnerability management
+- Fixed issue with uploading macOS software packages without a top level Distribution.xml but with a top level PackageInfo.xml.
+- Added better handling of timeout and insufficient permissions errors in NDES SCEP proxy.
+- Allowed skipping computationally heavy population of vulnerability details when populating host software on hosts list endpoint when using Fleet Premium.
+
+### Bug fixes and improvements
+- Set a more elegant minimum height for the Add hosts > ChromeOS > Policy for extension field, avoiding a scrollbar.
+- Fixed a bug where the software batch endpoint status code was updated from 200 (OK) to 202 (Accepted).
+- Added capability for Fleet to serve yara rules to agents over HTTPS authenticated via node key.
+- Fixed a bug in the software batch endpoint status code.
+- Generate an activity when activity automations are enabled, edited, or disabled.
+- Major improvements to keyboard accessibility throughout the Fleet UI.
+- Updated a package used for testing (msw) to improve security.
+- Added support for "include any" label/profile relationships to the profile reconciliation machinery.
+- Added DB support for "include any" label profile deployment.
+- Added support for labels_include_any to GitOps.
+- Added info banner for cloud customers to help with their windows autoenrollment setup.
+
 ## Fleet 4.59.1 (Nov 18, 2024)
 
 ### Bug fixes

diff --git a/changes/14899-yara-rules b/changes/14899-yara-rules
diff --git a/changes/20595-improve-memory-usage-software-installers b/changes/20595-improve-memory-usage-software-installers
diff --git a/changes/21633-windows-auto-enrollment-info-banner b/changes/21633-windows-auto-enrollment-info-banner
diff --git a/changes/21709-activities-automation-activity b/changes/21709-activities-automation-activity
diff --git a/changes/21888-dequeue-pending-scripts b/changes/21888-dequeue-pending-scripts
diff --git a/changes/22162-exclude-labels-fix-default-behavior b/changes/22162-exclude-labels-fix-default-behavior
diff --git a/changes/22187-gitops-software-relative-paths b/changes/22187-gitops-software-relative-paths
diff --git a/changes/22224-query-log-destinations b/changes/22224-query-log-destinations
diff --git a/changes/22269-software-title-updated-at b/changes/22269-software-title-updated-at
diff --git a/changes/22359-gitops-mult-abm b/changes/22359-gitops-mult-abm
diff --git a/changes/22437-linux-lock-black-screen b/changes/22437-linux-lock-black-screen
diff --git a/changes/22446-scripts-modal b/changes/22446-scripts-modal
diff --git a/changes/22575-ui-for-include-any-labels b/changes/22575-ui-for-include-any-labels
diff --git a/changes/22576-labels-include-any-gitops b/changes/22576-labels-include-any-gitops
diff --git a/changes/22578-db-schema b/changes/22578-db-schema
diff --git a/changes/22581-cron-updates b/changes/22581-cron-updates
diff --git a/changes/22606-keyboard-accessiblity b/changes/22606-keyboard-accessiblity
diff --git a/changes/22773-fma-uninstall-fix b/changes/22773-fma-uninstall-fix
diff --git a/changes/22891-zstd-deb-packages b/changes/22891-zstd-deb-packages
diff --git a/changes/22985-disable-forms-keyboard-access b/changes/22985-disable-forms-keyboard-access
diff --git a/changes/23016-add-chrome-host-text-area-height b/changes/23016-add-chrome-host-text-area-height
diff --git a/changes/23078-allow-skipping-vuln-details b/changes/23078-allow-skipping-vuln-details
diff --git a/changes/23128-update-mock-service-worker-package-for-secutiy b/changes/23128-update-mock-service-worker-package-for-secutiy
diff --git a/changes/23213-okta-verify b/changes/23213-okta-verify
diff --git a/changes/23247-vpp-app-install b/changes/23247-vpp-app-install
diff --git a/changes/23492-software-batch-status-code b/changes/23492-software-batch-status-code
diff --git a/changes/23525-ndes-errors b/changes/23525-ndes-errors
diff --git a/changes/23597-fix-create-update-label-returns-outdated-info b/changes/23597-fix-create-update-label-returns-outdated-info
diff --git a/changes/23651-reenter-password b/changes/23651-reenter-password
diff --git a/changes/23669-dismiss-error-flash-on-url-change-dup b/changes/23669-dismiss-error-flash-on-url-change-dup
diff --git a/changes/8750-add-team_identifier-to-software b/changes/8750-add-team_identifier-to-software
@@ -4,11 +4,11 @@ name: fleet
 keywords:
   - fleet
   - osquery
-version: v6.2.2
+version: v6.2.3
 home: https://github.com/fleetdm/fleet
 sources:
   - https://github.com/fleetdm/fleet.git
-appVersion: v4.59.1
+appVersion: v4.60.0
 dependencies:
   - name: mysql
     condition: mysql.enabled

@@ -3,7 +3,7 @@
 hostName: fleet.localhost
 replicas: 3 # The number of Fleet instances to deploy
 imageRepository: fleetdm/fleet
-imageTag: v4.59.1 # Version of Fleet to deploy
+imageTag: v4.60.0 # Version of Fleet to deploy
 podAnnotations: {} # Additional annotations to add to the Fleet pod
 serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
 resources:

@@ -56,7 +56,7 @@ variable "database_name" {
 
 variable "fleet_image" {
   description = "the name of the container image to run"
-  default     = "fleetdm/fleet:v4.59.1"
+  default     = "fleetdm/fleet:v4.60.0"
 }
 
 variable "software_inventory" {

@@ -68,7 +68,7 @@ variable "redis_mem" {
 }
 
 variable "image" {
-  default = "fleetdm/fleet:v4.59.1"
+  default = "fleetdm/fleet:v4.60.0"
 }
 
 variable "software_installers_bucket_name" {

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.59.1"
+      version = "~> 4.60.0"
     }
   }
   backend "s3" {

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.59.1"
+      version = "~> 4.60.0"
     }
   }
   backend "s3" {

@@ -20,7 +20,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.59.1"
+      version = "~> 4.60.0"
     }
   }
   backend "s3" {

@@ -15,7 +15,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.59.1"
+      version = "~> 4.60.0"
     }
   }
   backend "s3" {

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.59.1"
+      version = "~> 4.60.0"
     }
   }
   backend "s3" {

@@ -24,7 +24,7 @@ variable "fleet_config" {
     vuln_processing_cpu                  = optional(number, 2048)
     vuln_data_stream_mem                 = optional(number, 1024)
     vuln_data_stream_cpu                 = optional(number, 512)
-    image                                = optional(string, "fleetdm/fleet:v4.59.1")
+    image                                = optional(string, "fleetdm/fleet:v4.60.0")
     family                               = optional(string, "fleet-vuln-processing")
     sidecars                             = optional(list(any), [])
     extra_environment_variables          = optional(map(string), {})
@@ -82,7 +82,7 @@ variable "fleet_config" {
     vuln_processing_cpu                  = 2048
     vuln_data_stream_mem                 = 1024
     vuln_data_stream_cpu                 = 512
-    image                                = "fleetdm/fleet:v4.59.1"
+    image                                = "fleetdm/fleet:v4.60.0"
     family                               = "fleet-vuln-processing"
     sidecars                             = []
     extra_environment_variables          = {}

@@ -16,7 +16,7 @@ variable "fleet_config" {
     mem                          = optional(number, 4096)
     cpu                          = optional(number, 512)
     pid_mode                     = optional(string, null)
-    image                        = optional(string, "fleetdm/fleet:v4.59.1")
+    image                        = optional(string, "fleetdm/fleet:v4.60.0")
     family                       = optional(string, "fleet")
     sidecars                     = optional(list(any), [])
     depends_on                   = optional(list(any), [])
@@ -119,7 +119,7 @@ variable "fleet_config" {
     mem                          = 512
     cpu                          = 256
     pid_mode                     = null
-    image                        = "fleetdm/fleet:v4.59.1"
+    image                        = "fleetdm/fleet:v4.60.0"
     family                       = "fleet"
     sidecars                     = []
     depends_on                   = []

@@ -77,7 +77,7 @@ variable "fleet_config" {
     mem                          = optional(number, 4096)
     cpu                          = optional(number, 512)
     pid_mode                     = optional(string, null)
-    image                        = optional(string, "fleetdm/fleet:v4.59.1")
+    image                        = optional(string, "fleetdm/fleet:v4.60.0")
     family                       = optional(string, "fleet")
     sidecars                     = optional(list(any), [])
     depends_on                   = optional(list(any), [])
@@ -205,7 +205,7 @@ variable "fleet_config" {
     mem                          = 512
     cpu                          = 256
     pid_mode                     = null
-    image                        = "fleetdm/fleet:v4.59.1"
+    image                        = "fleetdm/fleet:v4.60.0"
     family                       = "fleet"
     sidecars                     = []
     depends_on                   = []

@@ -17,7 +17,7 @@ provider "aws" {
 }
 
 locals {
-  fleet_image = "fleetdm/fleet:v4.59.1"
+  fleet_image = "fleetdm/fleet:v4.60.0"
   domain_name = "example.com"
 }
 

@@ -170,7 +170,7 @@ variable "fleet_config" {
     mem                          = optional(number, 4096)
     cpu                          = optional(number, 512)
     pid_mode                     = optional(string, null)
-    image                        = optional(string, "fleetdm/fleet:v4.59.1")
+    image                        = optional(string, "fleetdm/fleet:v4.60.0")
     family                       = optional(string, "fleet")
     sidecars                     = optional(list(any), [])
     depends_on                   = optional(list(any), [])
@@ -298,7 +298,7 @@ variable "fleet_config" {
     mem                          = 512
     cpu                          = 256
     pid_mode                     = null
-    image                        = "fleetdm/fleet:v4.59.1"
+    image                        = "fleetdm/fleet:v4.60.0"
     family                       = "fleet"
     sidecars                     = []
     depends_on                   = []

@@ -63,8 +63,8 @@ module "fleet" {
 
   fleet_config = {
     # To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror
-    # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.59.1"
-    image = "fleetdm/fleet:v4.59.1" # override default to deploy the image you desire
+    # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.60.0"
+    image = "fleetdm/fleet:v4.60.0" # override default to deploy the image you desire
     # See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling
     # memory and cpu.
     autoscaling = {

@@ -218,7 +218,7 @@ variable "fleet_config" {
     mem                          = optional(number, 4096)
     cpu                          = optional(number, 512)
     pid_mode                     = optional(string, null)
-    image                        = optional(string, "fleetdm/fleet:v4.59.1")
+    image                        = optional(string, "fleetdm/fleet:v4.60.0")
     family                       = optional(string, "fleet")
     sidecars                     = optional(list(any), [])
     depends_on                   = optional(list(any), [])
@@ -346,7 +346,7 @@ variable "fleet_config" {
     mem                          = 512
     cpu                          = 256
     pid_mode                     = null
-    image                        = "fleetdm/fleet:v4.59.1"
+    image                        = "fleetdm/fleet:v4.60.0"
     family                       = "fleet"
     sidecars                     = []
     depends_on                   = []

diff --git a/tools/fleetctl-npm/package.json b/tools/fleetctl-npm/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fleetctl",
-  "version": "v4.59.1",
+  "version": "v4.60.0",
   "description": "Installer for the fleetctl CLI tool",
   "bin": {
     "fleetctl": "./run.js"

diff --git a/tools/release/publish_release.sh b/tools/release/publish_release.sh
@@ -626,7 +626,7 @@ fi
 
 start_ver_tag=fleet-$start_version
 
-# Check if there are updates to fleetctl dependencies (only when doing security updates to base images).
+Check if there are updates to fleetctl dependencies (only when doing security updates to base images).
 if [[ $(git diff $start_ver_tag ./tools/wix-docker ./tools/bomutils-docker) ]]; then
 	echo "⚠️  Changes in fleetctl dependencies detected, please run the following before continuing the release:"
 	echo "1. git tag fleetctl-docker-deps-$next_ver && git push origin fleetctl-docker-deps-$next_ver"