fleet-v4.61.0

Fleet 4.61.0 (Dec 17, 2024)

Endpoint operations

• Added support to require email verification (MFA) on each login when setting up a Fleet user outside SSO.
• Extended Linux encryption key escrow support to Ubuntu 20.04.6.
• Added missing APM instrumentation for Fleet API routes.
• Improved label validation when running live queries. Previously, when passing label(s) that do not exist, the labels were ignored. Now, an error is returned indicating which labels were not found. This change affects both the API and fleetctl query command.

Device management (MDM)

• Added functionality for creating an automatic install policy for Fleet-maintained apps.
• Replaced Zoom Fleet-maintained app with Zoom for IT, which does not open any windows during installation.
• Added support for the new windows_migration_enabled setting (can be set via fleetctl, the PATCH /api/latest/fleet/config API endpoint and the UI). Requires a premium license.
• Updated to only show the "follow instructions on My device" banner for Linux hosts whose disks are encrypted but for which Fleet hasn't escrowed a valid key.
• Added App Store app UI: Added different empty state when VPP token is not added at all vs. when it's not assigned to a team to prevent confusion.
• Allowed APNS key to be in unencrypted PKCS8 format, which may happen when migrating from another MDM.
• Allowed calling /api/v1/fleet/software/fleet_maintained_apps with no team ID to retrieve the full global list of maintained apps.
• Added UI changes for windows MDM page and allow for automatic migration for windows hosts.
• Bypassed the setup experience UI if there is no setup experience item to process (no software to install, no script to execute), so that releasing the device is done without going through that window.

Vulnerability management

• Added without_vulnerability_details to software versions endpoint (/api/latest/fleet/software/versions) so CVE details can be truncated when on Fleet Premium.
• Fixed an issue where the github cli software name was not matching against the cpe vulnerability name.

Bug fixes and improvements

• Updated Go version to 1.23.4.
• Update help text for policy automation Install software and run script modals.
• Updated to display Windows MDM WSTEP flags in fleet --help.
• Added language in email templates indicating that users should not reply to the automated emails.
• Added better information on what deleting a host does.
• Added a clearer error message when users attempt to turn MDM off on a Windows host.
• Improved side nav empty state UI under /settings.
• Added missing loading spinner for delete modals (delete configuration profile, delete script, delete setup script and delete software).
• Improved performance of updating the nano_enrollments.last_seen_at timestamp of Apple MDM devices by an order of magnitude under load.
• Improved MDM SELECT FROM nano_enrollment_queue MySQL query performance, including calling it on DB reader much of the time.
• Updated Inter font to latest version for woff2 files.
• Added better documentation around how the --label flag works in the fleetctl query command.
• Switched Twitter logo to X logo in Fleet-initiated automated emails.
• Removed duplicate indexes from the database schema..
• Added cleanup job to delete stuck pending Apple profiles, and requeue them.
• Exclude any custom sourced "users" from the host details "used by" display if Fleet doesn't have an email for them.
• Replaced the internal use of the deprecated go.mozilla.org/pkcs7 package with the maintained fork github.com/smallstep/pkcs7.
• Switched email template font to Inter to match previous changes in the rest of the UI.
• Updated resend config profile API from hosts/[hostid}/configuration_profiles/resend/{uuid} to hosts/{hostid}/configuration_profiles/{uuid}/resend.
• Update nanomdm dependency with latest bug fixes and improvements.
• Updated documentation to include firefox_preferences table for Linux and Windows platforms.
• Restored the user's previous scroll, if any, when they change the filter on the host software table.
• Updated a link in the Fleet-maintained apps UI to point to the correct place.
• Removed image borders that are included in Apple's app store icons.
• Redirect when user provides an invalid URL param for fleet-maintained software id.
• Added additional statistics item for number of saved queries.
• Fixed a bug where the name of the setup experience script was not showing up in the activity for that script execution.
• Present a nicely formatted and more informative UI for log destination in two places.
• Fixed bug in fleetdm/fleetctl docker image where the build directory does not exist when generating deb/rpm packages.
• Fixed missing read permission for team maintainers and admins on Fleet maintained apps.
• Fixed a bug that would add "Fleet" to activities where it shouldn't be.
• Fixed ability to clear policy automation that empties webhook URL.
• Fixes a bug with pagination in the profiles and scripts lists.
• Fixed duplicate queries in query stats list in host details.
• Fixed zip and dmg automations showing null platform for installer
• Fixed a typo in the loading modal when adding a Fleet-maintained app.
• Fixed UI bug where "Actions" dropdown on host software page included "Install" and "Uninstall" options for software that is not able to be installed via Fleet.
• Fixed a bug where the HTTP client used for MDM APNs push notifications did not support using a configured proxy.
• Fixed potential deadlocks when deploying Apple configuration profiles.
• Fixed releasing a DEP-enrolled macOS device if mTLS is configured for fleetd.
• Fixed learn more about JIT provisioning link.
• Fixed an issue with the copy for the activity generated by viewing a locked macOS host's PIN.
• Fixed breaking with gitops user role running fleetctl gitops command when MDM is enabled.
• Fixed responsive styles for the ADM table.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.36.0
2. fleet-desktop-v1.37.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

14f97001f6b56195c780d9290a08572a83fcce345d5a9210f34673b88bd9d344  fleet_v4.61.0_linux.tar.gz
f80ae28f3244b088098de4ce69f6bde059fee71bfeb12688f9acd25b0becfbae  fleetctl_v4.61.0_linux.tar.gz
bbb36cb827c6c71b4cf345d7cad2523a650a650ecb16dcc65944444d2946cd12  fleetctl_v4.61.0_linux.zip
a7bda439294f71754d81514238208f6a15dcae96988fcf931d01ed5c4dca4d1f  fleetctl_v4.61.0_macos.tar.gz
f193caeaf4ebc870dc5c5ace4537e8810e8a3fc75e740e9b78510666c9e11a99  fleetctl_v4.61.0_macos.zip
e425d22aacdf33348dced3ada6e5e515f21e215d4650955c3f7b0d112def4d49  fleetctl_v4.61.0_windows.tar.gz
763234cb5a254e22c355517500b8a02d383f8d69221a446c4b6664ab9b6ef3ec  fleetctl_v4.61.0_windows.zip

fleet-v4.60.1

Bug fixes

• Fixed a bug that caused breaking with gitops user role running fleetctl gitops command when MDM was enabled.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

c602435261037d0606a86927fb4ee109cf5087c674515db9aef4cd1c6ca8fbca  fleet_v4.60.1_linux.tar.gz
4456037762ef6b5139fc036f22590f9a8601024ef521f13824e9761659e3c601  fleetctl_v4.60.1_linux.tar.gz
506d406e0f90d4cb124fcd2fd6fe67802c40a06900884e7e6a90cb18a2ffa675  fleetctl_v4.60.1_linux.zip
28f921c0eb60bb7545e1ebd9c3ab52343a0042d425cc7ce842630b598e3cd6d9  fleetctl_v4.60.1_macos.tar.gz
cd99fb722dc3ec8015c47c6c5cd36f9f63bd759e96f362ebcc6bf251d755e9b9  fleetctl_v4.60.1_macos.zip
75c672b3b89f736b12f4f3ed9c69f68209399ccc33e00ba8bd4afae69f98279a  fleetctl_v4.60.1_windows.tar.gz
bc0c8a6802ef130bf79305b305b1eede3f38ca4462da708a7de1b6f917898d9c  fleetctl_v4.60.1_windows.zip

fleet-v4.60.0

Fleet 4.60.0 (Nov 27, 2024)

Endpoint operations

• Added support for labels_include_any to gitops.
• Added major improvements to keyboard accessibility throughout app (e.g. checkboxes, dropdowns, table navigation).
• Added activity item for fleetd enrollment with host serial and display name.
• Added capability for Fleet to serve YARA rules to agents over HTTPS authenticated via node key (requires osquery 5.14+).
• Added a query to allow users to turn on/off automations while being transparent of the current log destination.
• Updated UI to allow users to view scripts (from both the scripts page and host details page) without downloading them.
• Updated activity feed to generate an activity when activity automations are enabled, edited, or disabled.
• Cancelled pending script executions when a script is edited or deleted.

Device management (MDM)

• Added better handling of timeout and insufficient permissions errors in NDES SCEP proxy.
• Added info banner for cloud customers to help with their windows autoenrollment setup.
• Added DB support for "include any" label profile deployment.
• Added support for "include any" label/profile relationships to the profile reconciliation machinery.
• Added team_identifier signature information to Apple macOS applications to the /api/latest/fleet/hosts/:id/software API endpoint.
• Added indicator of how fresh a software title's host and version counts are on the title's details page.
• Added UI for allowing users to install custom profiles on hosts that include any of the defined labels.
• Added UI features supporting disk encryption for Ubuntu and Fedora Linux.
• Added support for deb packages compressed with zstd.

Vulnerability management

• Allowed skipping computationally heavy population of vulnerability details when populating host software on hosts list endpoint (GET /api/latest/fleet/hosts) when using Fleet Premium (populate_software=without_vulnerability_descriptions).

Bug fixes and improvements

• Improved memory usage of the Fleet server when uploading a large software installer file. Note that the installer will now use (temporary) disk space and sufficient storage space is required.
• Improved performance of adding and removing profiles to large teams by an order of magnitude.
• Disabled accessibility via keyboard for forms that are disabled via a slider.
• Updated software batch endpoint status code from 200 (OK) to 202 (Accepted).
• Updated a package used for testing (msw) to improve security.
• Updated to reboot linux machine on unlock to work around GDM bug on Ubuntu 24.04.
• Updated GitOps to return an error if the deprecated apple_bm_default_team key is used and there are more than 1 ABM tokens in Fleet.
• Dismissed error flash on the my device page when navigating to another URL.
• Modified the Fleet setup experience feature to not run if there is no software or script configured for the setup experience.
• Set a more accurate minimum height for the Add hosts > ChromeOS > Policy for extension field, avoiding a scrollbar.
• Added UI prompt for user to reenter the password if SCEP/NDES url or username has changed.
• Updated ABM public key to download as as PEM format instead of CRT.
• Fixed issue with uploading macOS software packages that do not have a top level Distribution.xml, but do have a top level PackageInfo.xml. For example, Okta Verify.app.
• Fixed some cases where Fleet Maintained Apps generated incorrect uninstall scripts.
• Fixed a bug where a device that was removed from ABM and then added back wouldn't properly re-enroll in Fleet MDM.
• Fixed name/version parsing issue with PE (EXE) installer self-extracting archives such as Opera.
• Fixed a bug where the create and update label endpoints could return outdated information in a deployment using a mysql replica.
• Fixed the MDM configuration profiles deployment when based on excluded labels.
• Fixed gitops path resolution for installer queries and scripts to always be relative to where the query file or script is referenced. This change breaks existing YAML files that had to account for previous inconsistent behavior (e.g. installers in a subdirectory referencing scripts elsewhere).
• Fixed issue where minimum OS version enforcement was not being applied during Apple ADE if MDM IdP integration was enabled.
• Fixed a bug where users would be allowed to attempt an install of an App Store app on a host that was not MDM enrolled.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.36.0
2. fleet-desktop-v1.36.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

ae0ab2cbd84b0b4db7cf8f0a700a59018a5ac8587216d0af361824096f0c789f  fleet_v4.60.0_linux.tar.gz
89ecf2ac3a2cd9c30bd3ccf975a1d325e04d04762dfc8e2da99f13b28fd06885  fleetctl_v4.60.0_linux.tar.gz
75e95310fdbd9ddd32f0ebc2d609be1961791ba91c73b4016cd19f8264f3441b  fleetctl_v4.60.0_linux.zip
31c40735cb8a1cdd4aaa8b543d175de5be0e9c8f284a844ced4a1749fc77890b  fleetctl_v4.60.0_macos.tar.gz
5c4a07f6baddbfe7e7420244d4e128617382fac910b77891b8552ac1c114bdd7  fleetctl_v4.60.0_macos.zip
8a02fe28ca9cac37ea7106cef3be7055b09893c6c38080d452579ae9aa3c693f  fleetctl_v4.60.0_windows.tar.gz
0380415b15075d63977abe88ef43c3236c25be2cb87b2cf877b2f648b792eae7  fleetctl_v4.60.0_windows.zip

fleet-v4.59.1

Fleet 4.59.1 (Nov 18, 2024)

Bug fixes

• Added team_identifier signature information to Apple macOS applications to the /api/latest/fleet/hosts/:id/software API endpoint.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.35.0
2. fleet-desktop-v1.35.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

65b9ee21bebed9429a57420085f0c5433db53bcd0250b4531f9dfc9f525090b6  fleet_v4.59.1_linux.tar.gz
db454f9008bd7b3e133c9f64d351bef66e2ac629be6b3db7e68234588f76e591  fleetctl_v4.59.1_linux.tar.gz
052472b569992cdd29664f8890110e93d55920fe8069fed9c8cd446ad79eb575  fleetctl_v4.59.1_linux.zip
96f96a99d402bd0f037177ce44d688d221503bca7bef578d2bbc9b447a4d78c3  fleetctl_v4.59.1_macos.tar.gz
5ae316067cdbb0c7a9ab9ecae5f95f0a1df4af43241247ea233dbff61da95ffd  fleetctl_v4.59.1_macos.zip
34fdf27f4cfb2e7954d8d2b7e8e1f119d5703df1e95055be6cd95695993b4811  fleetctl_v4.59.1_windows.tar.gz
dd25402cfa1b0c5f1bf452833ea40eaa19357b14a87a236f61d37d5946222a0a  fleetctl_v4.59.1_windows.zip

fleet-v4.59.0

Fleet 4.59.0 (Nov 12, 2024)

Endpoint operations

• Updated OpenTelemetry libraries to latest versions. This includes the following changes when OpenTelemetry is enabled:
  • MySQL spans outside of HTTPS transactions are now logged.
  • Renamed MySQL spans to include the query, for easier tracking/debugging.
• Added capability for fleetd to report vital errors to Fleet server, such as when Fleet Desktop is unable to start.

Device management (MDM)

• Added UI for adding a setup experience script.
• Added UI for the install software setup experience.
• Added software experience software title selection API.
• Added database migrations to support Setup Experience.
• Added support to fleetctl gitops to specify a setup experience script to run and software to install, for a team or no team.
• Added an Orbit endpoint (POST /orbit/setup_experience/status) for checking the status of a macOS host's setup experience steps.
• Added service to track install status.
• Added ability to connect a SCEP NDES proxy.
• Added SCEP proxy for Windows NDES (Network Device Enrollment Service) AD CS server, which allows devices to request certificates.
• Added error message on the My Device page when MDM is off for the host.
• Added a config field to the UI for custom MDM URLs.
• Added integration to queue setup experience software installation on automatic enrollment.
• Added a validation to prevent removing a software package or a VPP app from a team if that software is selected to be installed during the setup experience.
• Updated user permissions to allow gitops users to run MDM commands.
• Updated to remove a pending MDM device if it was deleted from current ABM.
• Updated to ensure details for a software installation run are available and accurate even after the corresponding installer has been edited or deleted.
  • NOTE: The database migration included with this update backfills installer data into installation details based on the currently uploaded installer. If you want to backfill data from activities (which will be more comprehensive and accurate than the migration default, but may take awhile as the entire activities table will be scanned), run this database query after running database migrations:

UPDATE host_software_installs i
JOIN activities a ON a.activity_type = 'installed_software'
	AND i.execution_id = a.details->>"$.install_uuid"
SET i.software_title_name = COALESCE(a.details->>"$.software_title", i.software_title_name),
	i.installer_filename = COALESCE(a.details->>"$.software_package", i.installer_filename),
	i.updated_at = i.updated_at

• The above query is optional, and is unnecessary if no software installers have been edited.

Vulnerability management

• Added filtering Software OS view to show only OSes from a particular platform (Windows, macOS, Linux, etc.)
• Fixed issue where the vulnerabilities cron failed to complete due to a large temporary table creation when calculating host issue counts.
• Fixed Debian python package false positive vulnerabilities by removing duplicate entries for Debian python packages installed by dpkg and renaming remaining pip installed packages to match OVAL definitions.

Bug fixes and improvements

• Fixed the ADE enrollment release device processing for hosts running an old fleetd version.
• Fixed an issue with the BYOD enrollment page where it sometimes would show a 404 page.
• Fixed issue where macOS and Linux scripts failed to timeout on long running commands.
• Fixed bug in ABM renewal process that caused upload of new token to fail.
• Fixed blank install status when retrieving install details from the activity feed when the installer package has been updated or the software has since been removed from the host.
• Fixed the svg icon for Edge.
• Fixed frontend error when trying to view install details for an install with a blank status.
• Fixed loading state for the profile status aggregate UI.
• Fixed incorrect character set header on manual Mac enrollment config download.
• Fixed fleetctl gitops to support VPP apps, along with setting the VPP apps to install during the setup experience.
• Fixed bug where PATCH /api/latest/fleet/config was incorrectly clearing VPP token<->team associations.
• Fixed issue when trying to download the manual enrollment profile when device token is expired. We now show an error for this case.
• Fixed a bug where DDM declarations would remaing "pending" forever if they were deleted from Fleet before being sent to hosts.
• Fixed a bug where policy failures of a host were not being cleared in the host details page after configuring the host to not run any policies.
• Fixed iOS and iPadOS device release during the ADE enrollment flow.
• Ignored --delete-other-teams flag in fleetctl gitops command for non-Premium license users.
• Switched Nudge deadline time for OS upgrades on macOS pre-14 hosts from 04:00 UTC to 20:00 UTC.
• Added a more descriptive error message when install or uninstall details do not exist for an activity.
• Updated to allow FLEET_REDIS_ADDRESS to include a redis:// prefix. Allowed formats are: redis://host:port or host:port.
• Documented that Microsoft enrollments have less fields filled in the mdm_enrolled activity due to how this MDM enrollment flow is implemented.
• Updated UI to make entire rows of the Disk encryption table clickable.
• Updated software install activities from policy automations to be authored by "Fleet", store policy ID and name on each activity.
• Updated tooltip for bootstrap package and VPP app statuses in UI.
• Added created_at/updated_at timestamps on user create endpoint.
• Updated UI notifications so that clicking in the horizontal dimension of a flash message, outside of the message itself, and always hide flash messages when changing routes.
• Filtered out VPP apps on non-MDM enrolled devices.
• Explicitly set line heights on "add profile" messages so they are consistent cross-browser.
• Deprecated the worker-based job to release macOS devices automatically after the setup experience, replace it with the fleetd-specific "/status" endpoint that is polled by the Setup Experience dialog controlled by Fleet during the setup flow.
• Improved UI feedback when user attempts and fails to reset password.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.35.0
2. fleet-desktop-v1.35.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4fd0375d38834bfcfbda7cc90eb3a9a686a4c437d2fd0052f8413406503f0006  fleet_v4.59.0_linux.tar.gz
cc2290edd90efeaf0206ba916b2120ccf2670b689b8132df805c93bb41c4d1c0  fleetctl_v4.59.0_linux.tar.gz
7c152fe34f7b81a6bb44e44b76534c0ff8031f2c7cbad10aa5aca93c9154c345  fleetctl_v4.59.0_linux.zip
3470c3a79a7ab3ede1a9275c45689d42946b01ce1a1a7090e02c1e898d3c9a34  fleetctl_v4.59.0_macos.tar.gz
924f80b8017bfda84218fe785eb8a082695510d8b610c02a758ea999dc85caf3  fleetctl_v4.59.0_macos.zip
893632921a873386f69d361f429ed04242490c8616c06bd38e4be27e61fa24b2  fleetctl_v4.59.0_windows.tar.gz
b9c4661bbe8df2b91e3e80cda61dc46af8064c6276cc72474b86919bbc49db94  fleetctl_v4.59.0_windows.zip

fleet-v4.58.0

Fleet 4.58.0 (Oct 17, 2024)

Endpoint Operations:

• Added builtin label for Fedora Linux. Warning: Migrations will fail if a pre-existing 'Fedora Linux' label exists. To resolve, delete the existing 'Fedora Linux' label.
• Added ability to trigger script run on policy failure.
• Updated GitOps script and software installer relative paths to now always relative to the file they're in. This change breaks existing YAML files that had to account for previous inconsistent behavior (e.g. script paths declared in no-team.yml being relative to default.yaml one directory up).
• Improved performance for host details and Fleet Desktop, particularly in environments using high volumes of live queries.
• Updated activity cleanup job to remove all expired live queries to improve API performance in environment using large volumes of live queries. To note, the cleanup cron may take longer on the first run after upgrade.
• Added an event for when a policy automation triggers a script run in the activity feed.
• Added battery status to Windows host details.

Device Management (MDM):

• Added the POST /software/fleet_maintained_apps endpoint for adding Fleet-maintained apps.
• Added the GET /software/fleet_maintained_apps/{app_id} endpoint to retrieve details of a Fleet-maintained app.
• Added API endpoint to list team available Fleet-maintained apps.
• Added UI for managing Fleet-maintained apps.
• Updated add software modal to be seperate pages in Fleet UI.
• Added support for uploading RPM packages.
• Updated the request timeouts for software installer edits to be the same as initial software installer uploads.
• Updated UI for software uploads to include upload progress bar.
• Improved performance of SQL queries used to determine MDM profile status for Apple hosts.

Vulnerability Management:

• Fixed MSRC feed pulls (for NVD release builds) in environments where GitHub access is authenticated.

Bug fixes and improvements:

• Added the 'Unsupported screen size' UI on the My device page.
• Removed redundant built in label filter pills.
• Updated success messages for lock, unlock, and wipe commands in the UI.
• Restricted width of policy description wrappers for better UI.
• Updated host details about section to condense information into fewer columns at smaller widths.
• Hid CVSS severity column from Fleet Free software details > vulnerabilities sections.
• Updated UI to remove leading/trailing whitespace when creating or editing team or query names.
• Added UI improvements when selecting live query targets (e.g. styling, closing behavior).
• Updated API to return 409 instead of 500 when trying to delete an installer associated with a policy automation.
• Updated battery health definitions to be defined as cycle counts greater than 1000 or max capacity falling under 80% of designed capacity for macOS and Windows.
• Added information on how battery health is defined to the UI.
• Updated UI to surface duplicate label name error to user.
• Fixed software uninstaller script for pkgs to only remove '.app' directories installed by the package.
• Fixed "no rows" error when adding a software installer that matches an existing title's name and source but not its bundle ID.
• Fixed an issue with the migration adding support for multiple VPP tokens that would happen if a token is removed prior to upgrading Fleet.
• Fixed UI flow for observers to easily query hosts from the host details page.
• Fixed bug with label display names always sentence casing.
• Fixed a bug where a profile wouldn't be removed from a host if it was deleted or if the host was moved to another team before the profile was installed on the host.
• Fixed a bug where removing a VPP or ABM token from a GitOps YAML file would leave the team assignments unchanged.
• Fixed host software filter bug that resets dropdown filter on table changes (pagination, order by column, etc).
• Fixed UI bug: Edit team name closes modal.
• Fixed UI so that switching vulnerability search types does not cause page re-render.
• Fixed UI policy automation truncation when selecting software to auto-install.
• Fixed UI design bug where software package file name was not displayed as expected.
• Fixed a small UI bug where a button overlapped some copy.
• Fixed software icon for chrome packages.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.34.0
2. fleet-desktop-v1.34.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

b64c43029e3751d738b8b9402b450aca3d79021cfc3008dc5beecfe7d04f40a5  fleet_v4.58.0_linux.tar.gz
93552ff29f5e65939c12ad6536d8b958a486635dd1134da5e230b3a133d8759d  fleetctl_v4.58.0_linux.tar.gz
13876db49b09463c70bd9b5a994e40047df5d077d5f1f35ed7cf9d6df7c84072  fleetctl_v4.58.0_linux.zip
ea4c58d760f9579b99bb9b9b35aae9e3d66dc3616aa330a7ddb74e1b6b58e8c1  fleetctl_v4.58.0_macos.tar.gz
c7c8bd5a7120bdf065dc3a19b5d73e068f448dfb0eabf1e000b4896433b21125  fleetctl_v4.58.0_macos.zip
9b0239a4f5147a34157cbd299038da0c7643460f319806909998f9804839d889  fleetctl_v4.58.0_windows.tar.gz
5267fd7905b51a88d9f8f2ad00dfcfb46cb2debdf35bc79bf235658f06640793  fleetctl_v4.58.0_windows.zip

fleet-v4.57.3

Bug fix

• Fixed Orbit configuration endpoint returning 500 for Macs running Rapid Security Response macOS releases that are enrolled in OS major version enforcement.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

79db83177cc02b9a50c375622554f74b0c60a0fc2ad812a38eb305001348118e  fleet_v4.57.3_linux.tar.gz
d47184baff8c1de6f19fd285c276485e9a6c736fdb4bcd42e5770ce014844f6d  fleetctl_v4.57.3_linux.tar.gz
55dd22652ec98a5f54782d35e34e335e784382abdd0e5656c19b52269a319547  fleetctl_v4.57.3_linux.zip
50d8e366a99710a5636dc865d44f074d41b9555fc54dbb390c888d2ce16cf8c7  fleetctl_v4.57.3_macos.tar.gz
10edafb7a9002b3ae08e32f047820a9e5688b1f43e7af6582bbe7818ab8c769b  fleetctl_v4.57.3_macos.zip
29435a2389541a4ae7c16394bdc074845b555ef8d896a02339670dfdab7317c4  fleetctl_v4.57.3_windows.tar.gz
297175700f2607bc78afbddd1d43017d49488672f2de7e5d194d357531d31986  fleetctl_v4.57.3_windows.zip

fleet-v4.57.2

Bug fixes

• Fixed software uninstaller script for pkgs to only remove '.app' directories installed by the package.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4f9678462840fdd46693a9b87cd4d024e4c0291841db61a646ccc33a032d2217  fleet_v4.57.2_linux.tar.gz
bc2f66959cdf256636cb7c0579c6dfd93318a72e154c6bb6d0d8921e1fd57236  fleetctl_v4.57.2_linux.tar.gz
2dd2f42a277ae496d552096211dce07a21fe95458da30e352fb0141f4308b86b  fleetctl_v4.57.2_linux.zip
e3fb6a535d708ee119b57ef58dd48879f26a3e704221db2ee2c942f4186049a1  fleetctl_v4.57.2_macos.tar.gz
593424c998c32dcda57e358661caa3a28ccf6c51bdac984a86a5fdb31c9041f8  fleetctl_v4.57.2_macos.zip
6d2a143622987064bf54ac614f18f400a8f44294155e11398676e6fb99624d66  fleetctl_v4.57.2_windows.tar.gz
965703982904c75140a135073afdfabc2392a002b14806e42d27ba1812d3edb4  fleetctl_v4.57.2_windows.zip

fleet-v4.57.1

Note: 4.57.1 contains two critical bugs

Two critical bugs have been identified in 4.57.1:

1. Fleet uninstall script removes other apps from the host
2. Software Package installs for Windows .exe and .msi installers stuck in Pending state

We are currently developing fixes for both and will issue 4.57.2 as soon as possible.

Bug fixes

• Improved performance of SQL queries used to determine MDM profile status for Apple hosts.
• Ensured request timeouts for software installer edits were just as high as for initial software installer uploads.
• Fixed an issue with the migration that added support for multiple VPP tokens, which would happen if a token was removed prior to upgrading Fleet.
• Fixed a "no rows" error when adding a software installer that matched an existing title's name and source but not its bundle ID.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

56e09992faa0f1b67c2bfe61760954a25a78fce60d8595de48686ed2913aa6ea  fleet_v4.57.1_linux.tar.gz
2a6a92bc80fe841e880ca750f6a66c6c909ebeb2e3c6ab57d7c28c057f379d16  fleetctl_v4.57.1_linux.tar.gz
86937bd7113c96b814be3ecb9c0cdafec20ebfbef6080a95f234c379a714636c  fleetctl_v4.57.1_linux.zip
2c2b3e51d0d87a7ff0d9b0dfffd2e528b16ab4a55ffa2aa7c03af8d476bc1299  fleetctl_v4.57.1_macos.tar.gz
2344a72117b71aa2419460805f04dd0f904e3e53fc4d2e06b06be28065db9144  fleetctl_v4.57.1_macos.zip
4c136e10c1d4b3dc7fedf7928392e45633defb09e6aa4906d906e0ddd101619e  fleetctl_v4.57.1_windows.tar.gz
e09ea5bef0d53cc95eced508e3ecb0a12d8def4b64260bea21924c91a2912474  fleetctl_v4.57.1_windows.zip

fleet-v4.57.0

Note: 4.57.0 contains two critical bugs

Two critical bugs have been identified in 4.57.0:

1. Fleet uninstall script removes other apps from the host
2. Software Package installs for Windows .exe and .msi installers stuck in Pending state

We are currently developing fixes for both and will issue 4.57.2 as soon as possible.

Fleet 4.57.0 (Sep 23, 2024)

Endpoint Operations

• Added support for configuring policy installers via GitOps.
• Added support for policies in "No team" that run on hosts that belong to "No team".
• Added reserved team names: "All teams" and "No team".
• Added support the software status filter for 'No teams' on the hosts page.
• Enable 'No teams' funcitonality for the policies page and associated workflows.
• Added reset install counts and cancel pending installs/uninstalls when GitOps installer updates change package contents.
• Added support for software installer packages, self-service flag, scripts, pre-install query, and self-service availability to be edited in-place rather than deleted and re-added.

Device Management (MDM)

• Added feature allowing automatic installation of software on hosts that fail policies.
• Added feature for end users to enroll BYOD devices into Fleet MDM.
• Added the ability to use Fleet to uninstall packages from hosts.
• Added an endpoint for getting an OTA MDM profile for enrolling iOS and iPadOS hosts.
• Added protocol support for OTA enrollment and automatic team assignment for hosts.
• Added validation of Setup Assistant profiles on profile upload.
• Added validation to prevent installing software on a host with a pending installation.
• Allowed custom SCEP CA certificates with any kind of extendedKeyUsage attributes.
• Modified POST /api/latest/fleet/software/batch endpoint to be asynchronous and added a new endpoint GET /api/latest/fleet/software/batch/{request_uuid} to retrieve the result of the batch upload.

Vulnerability Management

• Fixed a false negative vulnerability for git.
• Fixed false positive vulnerabilities for minio.
• Fixed an issue where virtual box for macOS wasn't matching against the NVD product name.
• Fixed Ubuntu python package false positive vulnerabilities by removing duplicate entries for ubuntu python packages installed by dpkg and renaming remaining pip installed packages to match OVAL definitions.

Bug fixes and improvements

• Updated Go to go1.23.1.
• Removed validation of APNS certificate from server startup.
• Removed invalid node keys from server logs.
• Improved the UX of turning off MDM on an offline host.
• Improved clarity of GitOps VPP app ID type errors.
• Improved gitops error message about enabling windows MDM.
• Improved messaging for VPP token constraint errors.
• Improved loading state for UI tables when no data is present yet.
• Improved permissions so that hosts can no longer access installers that aren't directly assigned to them.
• Improved verification of premium license before uploading VPP tokens.
• Added "0 items" description on empty software tables for UI consistency.
• Updated the macos target minimum version tooltip.
• Fixed logic to properly catch and log APNs errors.
• Fixed UI overflow issues with OS settings table data.
• Fixed regression for checking email used to get a signed CSR.
• Fixed bugs on enrollment profiles when the organization name contains invalid XML characters.
• Fixed an issue with cron profiles delivery failing if a Windows VM is enrolled twice.
• Fixed issue where Fleet server could start when an expired ABM certificate was provided as server config.
• Fixed self-service checkbox appearing when iOS or iPadOS app is selected.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.33.0
2. fleet-desktop-v1.33.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

5add72a4f9ebfcf7d3adbb20b37bac886c920aa055b0fbbfe4f84dccf6047cbc  fleet_v4.57.0_linux.tar.gz
42f207bf0a39df2d50e2adcf33760fdf504f9924790df2d02a4ccdb928fe31d2  fleetctl_v4.57.0_linux.tar.gz
1fbbc2618817200af95533d1682ba5c522346e49f162456ad3efc4b3fff7c3c2  fleetctl_v4.57.0_linux.zip
83afac7d2dbd4a7707e7268fa893dbdc15ae1b8dfce280720760af27d20b0063  fleetctl_v4.57.0_macos.tar.gz
688837872c0aad1a2c48d89a600b38a40f89bdb550b25d4f9f265d3a95468539  fleetctl_v4.57.0_macos.zip
588ee392e35e4e4e74606977bae8413cde82f248cb23bf053747cb3ab947d4dc  fleetctl_v4.57.0_windows.tar.gz
255e79e4b352b24d865e82a01f982b3d0ae72615b411649a20fb9780828ec87c  fleetctl_v4.57.0_windows.zip