Skip to content

fleet-v4.61.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 17 Dec 22:08
· 196 commits to main since this release
fleet-v4.61.0
1c5afda
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Fleet 4.61.0 (Dec 17, 2024)

Endpoint operations

  • Added support to require email verification (MFA) on each login when setting up a Fleet user outside SSO.
  • Extended Linux encryption key escrow support to Ubuntu 20.04.6.
  • Added missing APM instrumentation for Fleet API routes.
  • Improved label validation when running live queries. Previously, when passing label(s) that do not exist, the labels were ignored. Now, an error is returned indicating which labels were not found. This change affects both the API and fleetctl query command.

Device management (MDM)

  • Added functionality for creating an automatic install policy for Fleet-maintained apps.
  • Replaced Zoom Fleet-maintained app with Zoom for IT, which does not open any windows during installation.
  • Added support for the new windows_migration_enabled setting (can be set via fleetctl, the PATCH /api/latest/fleet/config API endpoint and the UI). Requires a premium license.
  • Updated to only show the "follow instructions on My device" banner for Linux hosts whose disks are encrypted but for which Fleet hasn't escrowed a valid key.
  • Added App Store app UI: Added different empty state when VPP token is not added at all vs. when it's not assigned to a team to prevent confusion.
  • Allowed APNS key to be in unencrypted PKCS8 format, which may happen when migrating from another MDM.
  • Allowed calling /api/v1/fleet/software/fleet_maintained_apps with no team ID to retrieve the full global list of maintained apps.
  • Added UI changes for windows MDM page and allow for automatic migration for windows hosts.
  • Bypassed the setup experience UI if there is no setup experience item to process (no software to install, no script to execute), so that releasing the device is done without going through that window.

Vulnerability management

  • Added without_vulnerability_details to software versions endpoint (/api/latest/fleet/software/versions) so CVE details can be truncated when on Fleet Premium.
  • Fixed an issue where the github cli software name was not matching against the cpe vulnerability name.

Bug fixes and improvements

  • Updated Go version to 1.23.4.
  • Update help text for policy automation Install software and run script modals.
  • Updated to display Windows MDM WSTEP flags in fleet --help.
  • Added language in email templates indicating that users should not reply to the automated emails.
  • Added better information on what deleting a host does.
  • Added a clearer error message when users attempt to turn MDM off on a Windows host.
  • Improved side nav empty state UI under /settings.
  • Added missing loading spinner for delete modals (delete configuration profile, delete script, delete setup script and delete software).
  • Improved performance of updating the nano_enrollments.last_seen_at timestamp of Apple MDM devices by an order of magnitude under load.
  • Improved MDM SELECT FROM nano_enrollment_queue MySQL query performance, including calling it on DB reader much of the time.
  • Updated Inter font to latest version for woff2 files.
  • Added better documentation around how the --label flag works in the fleetctl query command.
  • Switched Twitter logo to X logo in Fleet-initiated automated emails.
  • Removed duplicate indexes from the database schema..
  • Added cleanup job to delete stuck pending Apple profiles, and requeue them.
  • Exclude any custom sourced "users" from the host details "used by" display if Fleet doesn't have an email for them.
  • Replaced the internal use of the deprecated go.mozilla.org/pkcs7 package with the maintained fork github.com/smallstep/pkcs7.
  • Switched email template font to Inter to match previous changes in the rest of the UI.
  • Updated resend config profile API from hosts/[hostid}/configuration_profiles/resend/{uuid} to hosts/{hostid}/configuration_profiles/{uuid}/resend.
  • Update nanomdm dependency with latest bug fixes and improvements.
  • Updated documentation to include firefox_preferences table for Linux and Windows platforms.
  • Restored the user's previous scroll, if any, when they change the filter on the host software table.
  • Updated a link in the Fleet-maintained apps UI to point to the correct place.
  • Removed image borders that are included in Apple's app store icons.
  • Redirect when user provides an invalid URL param for fleet-maintained software id.
  • Added additional statistics item for number of saved queries.
  • Fixed a bug where the name of the setup experience script was not showing up in the activity for that script execution.
  • Present a nicely formatted and more informative UI for log destination in two places.
  • Fixed bug in fleetdm/fleetctl docker image where the build directory does not exist when generating deb/rpm packages.
  • Fixed missing read permission for team maintainers and admins on Fleet maintained apps.
  • Fixed a bug that would add "Fleet" to activities where it shouldn't be.
  • Fixed ability to clear policy automation that empties webhook URL.
  • Fixes a bug with pagination in the profiles and scripts lists.
  • Fixed duplicate queries in query stats list in host details.
  • Fixed zip and dmg automations showing null platform for installer
  • Fixed a typo in the loading modal when adding a Fleet-maintained app.
  • Fixed UI bug where "Actions" dropdown on host software page included "Install" and "Uninstall" options for software that is not able to be installed via Fleet.
  • Fixed a bug where the HTTP client used for MDM APNs push notifications did not support using a configured proxy.
  • Fixed potential deadlocks when deploying Apple configuration profiles.
  • Fixed releasing a DEP-enrolled macOS device if mTLS is configured for fleetd.
  • Fixed learn more about JIT provisioning link.
  • Fixed an issue with the copy for the activity generated by viewing a locked macOS host's PIN.
  • Fixed breaking with gitops user role running fleetctl gitops command when MDM is enabled.
  • Fixed responsive styles for the ADM table.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.36.0
  2. fleet-desktop-v1.37.0 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

14f97001f6b56195c780d9290a08572a83fcce345d5a9210f34673b88bd9d344  fleet_v4.61.0_linux.tar.gz
f80ae28f3244b088098de4ce69f6bde059fee71bfeb12688f9acd25b0becfbae  fleetctl_v4.61.0_linux.tar.gz
bbb36cb827c6c71b4cf345d7cad2523a650a650ecb16dcc65944444d2946cd12  fleetctl_v4.61.0_linux.zip
a7bda439294f71754d81514238208f6a15dcae96988fcf931d01ed5c4dca4d1f  fleetctl_v4.61.0_macos.tar.gz
f193caeaf4ebc870dc5c5ace4537e8810e8a3fc75e740e9b78510666c9e11a99  fleetctl_v4.61.0_macos.zip
e425d22aacdf33348dced3ada6e5e515f21e215d4650955c3f7b0d112def4d49  fleetctl_v4.61.0_windows.tar.gz
763234cb5a254e22c355517500b8a02d383f8d69221a446c4b6664ab9b6ef3ec  fleetctl_v4.61.0_windows.zip
Assets 10
Loading