fleet-v4.66.0

Security Engineers

• Added integration with DigiCert Trust Lifecycle Manager. Fleet admins can now deploy DigiCert certificates to their macOS devices via configuration profiles.
• Updated activity log UI for new certificate authority features.
• Updated host details > software table to filter by vulnerability severity and known exploit.
• Return more granular data for live query and policy runs so it can be displayed to users.
• Allowed adding labels when saving or editing queries in the UI.
• Added support for queries with LabelsIncludeAny in backend.
• Added author_id to labels DB table to track who created a label.
• Removed duplicate download/delete attempts for MSRC bulletins when hosts are enrolled spanning multiple builds of the same version of Windows.
• Split up expired query deletion to avoid deadlocks in zero-trust flows.
• Moved software version transformations for vulnerability matching out of software ingestion to ensure software inventory versions match what osquery reports.
• Modified host software query to apply the vulnerability filter on VPP apps and latest software installs & uninstalls.
• Fixed false positive on macOS 15.3 by making sure we match the version format reported by Vulncheck.
• Fixed false positive for CVE-2024-6286 on non-Windows hosts.

IT Admins

• Added support for Fleet-maintained apps for Windows.
• Added integration with a custom SCEP server. Fleet admins can now deploy certificates from their own SCEP server to their macOS devices via configuration profiles. The SCEP server will only see traffic from the Fleet server.
• Return more granular data for live query and policy runs so it can be displayed to users.
• Added support for queries with LabelsIncludeAny in backend.
• Allowed adding labels when saving or editing queries in the UI.
• Updated macOS setup experience to show an error if an App Store app installation fails due to lack of licenses.
• Added platform key to software_package and app_store_app keys throughout API.
• Improved error messages when Fleet admin tries to upload a FileVault (macOS) or a BitLocker (Windows) configuration profile.
• Ignored compatible Linux hosts in disk encryption statistics and filters if disk encryption is disabled.
• Allowed for any number of comments at the top of XML files for Windows MDM profile CSPs.
• Disabled unsupported automatic install option during add flow of .exe custom packages.
• Updated Fleet to treat software installer download errors as a failure for that installation attempt, which prevents the software installation from remaining in "pending".
• Added Apple Root Certificate for HTTP requests to https://gdmf.apple.com/v2/pmv. This solves the issue of minimum macOS version not being enforced at enrollment.
• Removed unreliable default (un)install scripts for .exe software packages; install and uninstall scripts are now required when adding .exe packages.
• Added software URL validation in GitOps to catch URL parse errors earlier.

Other improvements

• Updated the empty states when choosing a label scope for new software, queries, and profiles.
• Clarified meanings of various types and fields involved in live query/policy infrastructure, document, and refactor for improved code clarity.
• Added configuration to Fleet server to enable H2C (forcing http2) to get around a limitation in GCP Cloud Run for upload file sizes.
• Added validation to both org logo URL fields, and accept data URIs as valid.
• Removed redundant json array parsing in osquery pack report handler.
• Added took field (request duration) on server logs for requests that fail (non-2XX).
• Unified all pagination logic and styling.
• Updated the new policy flow and associated UI elements.
• Updated UI to cleanly truncate two overflowing values and display full values in a tooltip.
• Removed extra space above Next and Previous buttons in host activity feeds.
• Allowed team GitOps to run without global config.
• Added support for displaying scheduled query labels in fleetctl.
• Updated fleetctl to print an informative error message when it is authenticated with a user who is required to reset their password.
• Stopped fleetctl npm publishing script from tagging patch releases for old versions as latest.

Bug fixes

• Fixed software installer download and Fleet Maintained App errors by extending the timeout for the download and FMA add endpoints.
• Fixed issue where bootstrap package was incorrectly installed during renewal of Apple MDM enrollment profiles.
• Fixed a bug to ignore Windows hosts that are not enrolled in Fleet MDM for disk encryption statistics and filters.
• Fixed policy automation with scripts to surface errors to user instead of rendering false success message.
• Fixed whitespace not being displayed correctly in policy automation calendar preview.
• Fixed bug where Windows profiles were not being resent after fleetctl GitOps update.
• Fixed row selection firing twice in host selection screen.
• Fixed Dashboard > Software table truncating host count.
• Fixed an error when requesting /fleet/software/titles endpoint unpaginated with > 33k software titles by batching the policies by software title id query
• Fixed an issue where removing label conditions on configuration profiles (e.g. labels_include_any, labels_include_all or labels_exclude_any) did not clear the labels associated with the profile when applied via fleetctl gitops.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.40.1
2. fleet-desktop-v1.40.1 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

e87e0bba04a09b8ef473aba22221c131016299cca30f57d72b85ebba1d4be651  fleet_v4.66.0_linux.tar.gz
169c8684f5a3dcf998ee002e3a0dc28c57a6d1e93bca408fb3f663235bdfc319  fleetctl_v4.66.0_linux_amd64.tar.gz
2d95b8e37bc6892a927d492c3a17f74b2e62003eedec2f68a6d351c84e693965  fleetctl_v4.66.0_linux_amd64.zip
982fa86301f291b5b9f39d984d40e295364cfc9d50c973eb31f64f088f5900a5  fleetctl_v4.66.0_linux_arm64.tar.gz
8c386bb8ea6b8fbab628929a4f8e399481130bc5cbe13fce0fc0f9ac0f712bba  fleetctl_v4.66.0_linux_arm64.zip
29e6df3d07282fbe1712be88a21d10766e91cf5f83513bfc040bcd9907904a4b  fleetctl_v4.66.0_macos.tar.gz
8fe0d5bbfb7b1a76028d11377cead60408938637fec88117f97e138955a0ad31  fleetctl_v4.66.0_macos.zip
9c65a45586f06ad6d0751381638b3472d0c1689fa7cdbb856c20b67860e8a853  fleetctl_v4.66.0_windows_amd64.tar.gz
0fc0bbb063dd948b9755afc8e689b7263fb965c1445a58b7548a4443545fd519  fleetctl_v4.66.0_windows_amd64.zip
3c2e8b4c2f336341864a3328f02e068b5fcca93553b511da8fabc28aef6030f7  fleetctl_v4.66.0_windows_arm64.tar.gz
ee28179a69234fdb31042105df51363ad438967a6c7c1a7d4cf5efb998f5fab4  fleetctl_v4.66.0_windows_arm64.zip

fleet-v4.65.0

Fleet 4.65.0 (Mar 14, 2025)

Security

• Added UI for viewing certificate details on the host details and my device pages.
• Added new features to include certificates in host vitals for macOS, iOS, and iPadOS.
• Added the list host certificates (and list device's certificates) endpoints.
• Improved the copy for the delete and transfer host modal to be more clear about the disk encryption key behavior.
• Permit setting SSO metadata and metadata_url in gitops and UI.
• Fixed an issue where the Show Query modal would truncate large queries.
• Fixed Python for Windows software version mutation to avoid panics on software ingestion in some cases.
• Prevented an invalid FLEET_VULNERABILITIES_MAX_CONCURRENCY value from causing deadlocks during vulnerability processing.
• Updated default for vulnerabilities max concurrency from 5 to 1.
• Updated CPE generation to more closely align with CPEs use in vulnerability feeds.
• Changed software version CVE resolved in version parsing and comparison to use custom code rather than semver.
• Added new (as of 2025-03-07) archives page to data source for MS Mac Office vulnerability feed (applies to vulnerabilities feed rather than a specific Fleet release).
• Fixed an issue with Fleet's processing of Python versions to ensure that the correct CPEs are checked for vulnerabilities.
• Fixed an issue with increased resource usage during vulnerabilities processing by adding database indexes.
• Fixed false-positives on released PowerShell versions for CVE-2025-21171 and all PowerShell versions on CVE-2023-48795.

IT

• Implemented GitOps mode that locks settings in the UI that are managed by GitOps.
• Allowed VPP apps to be automatically installed via a Fleet-created policy.
• Added ability for users to automatically install App Store Apps without writing a policy in the Fleet UI.
• Updated the UI for adding and editing software for a cleaner, cohesive experience.
• Added auto-install to FMA via the API, replacing a more brittle client-side implementation.
• Added pagination inside each of the Manage Automations modals for policies.
• Added script execution to the new upcoming_activities table.
• Added software installs to the new upcoming_activities table.
• Added vpp apps installs to the new upcoming_activities table.
• Updated the list upcoming activities endpoint to use the new upcoming_activities table as source of truth.
• Added support to activate the next activity when one is enqueued or when one is completed.
• Added UI to the BYOD enrollment page to support enrolling Android devices into Fleet MDM.
• Added UI to turn on and off Android MDM.
• Added Android MDM activities.

NOTE: Android features are currently experimental and disabled by default. To enable, set ANDROID_FEATURE_ENABLED=1.

• Updated UI for device user page with improved instructions for turning on MDM.
• Added PATCH /api/latest/fleet/software/titles/:id/name endpoint for cleaning up incorrect software titles for software that has a bundle ID.
• Added a daily job that keeps the App Store app version displayed in Fleet in sync with the actual latest version.
• Properly re-routed deleting a app on no team to no team software page insteal of all teams software page.
• Added a DB migration to migrate existing pending activities to the new unified queue.
• Added created_at timestamp for when a VPP app was added to a specific team.

NOTE: The database migration for the above hydrates timestamps for existing VPP app team associations based on when the associated VPP apps were first added to the database. To hydrate more accurate timestamps by pulling from VPP app add/edit activities, you can run the following query manually. It is not included in migrations as it requires full table scans of the activities table, which may result in long migration times.

UPDATE vpp_apps_teams vat
LEFT JOIN (SELECT MAX(created_at) added_at, details->>"$.app_store_id" adam_id, details->>"$.platform" platform, details->>"$.team_id" team_id
    	FROM activities WHERE activity_type = 'added_app_store_app' GROUP BY adam_id, platform, team_id) aa ON
	vat.global_or_team_id = aa.team_id AND vat.adam_id = aa.adam_id AND vat.platform = aa.platform
LEFT JOIN (SELECT MAX(created_at) edited_at, details->>"$.app_store_id" adam_id, details->>"$.platform" platform, details->>"$.team_id" team_id
		FROM activities WHERE activity_type = 'edited_app_store_app' GROUP BY adam_id, platform, team_id) ae ON
	vat.global_or_team_id = ae.team_id AND vat.adam_id = ae.adam_id AND vat.platform = ae.platform
SET vat.created_at = COALESCE(added_at, vat.created_at), vat.updated_at = COALESCE(edited_at, added_at, vat.updated_at);

• Fixed an issue with assigning Windows MDM profiles to large numbers (> 65k) of hosts by batching the relevant database queries.
• Fixed policy software automation that falsely reported success in UI when updates actually failed. Users will now be properly notified of failed automation saves.
• Fixed a bug where uploading a macOS installer could prevent the software from being inventoried.
• Fixed a bug where target selector was present in a premature stage.
• Fixed a bug that caused macOS App Store apps to show up in Fleet as Windows apps if the Windows ersion of the app was already in Fleet.
• Fixed an issue where the ABM token teams were being reset when making updates to the app config.
• Fixed parsing of relative paths for MDM profiles in gitops no-team.yml.
• Fixed a bug where new fleetd could not install software from old fleet server.
• Fixed issue where fleetctl gitops was NOT deleting macOS setup experience bootstrap package and enrollment profile. GitOps should clear all settings that are not explicitly set in YAML config files.

Bug fixes and improvements

• Set collation and character set explicitly on database tables that were missing explicit values.
• Updated the copy printed on successful runs of fleetctl package.
• Enabled redis cluster follow redierctions by default.
• Switched to a simpler, more reliable query for checking if an initial admin user has been added.
• Updated the styling of the "Used by" line on host details page to be easier to read and include more data in the tooltip.
• Added constistent behavior for table overflow and not hiding badges when user names overflow table cell.
• Updated wine to version 10.0 to improve support macOS-to-Windows installer creation on M1 chips.
• Updated UI to always show "Manage Automations" to permitted users.
• Fixed clicking "Show details" to open the software details modal on the My device page.
• Fixed an issue where link protection services would prematurely redeem MFA links.
• Fixed several links that were dropping team_id parameters resetting team to all teams.
• Fixed password authentication getting disabled when SMTP isn't configured.
• Fixed an issue where restarting the desktop manager on Ubuntu would cause the Fleet Desktop tray icon to disappear and not return.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.40.1
2. fleet-desktop-v1.40.1 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

bcba43ca75ecd2ae6ea909ea947dfef61df4c22fb0ad0c72782bfe003140d2bb  fleet_v4.65.0_linux.tar.gz
8359af5b95acff2ac0b1124fe167c6a46144c1a73679827c0bd497c51bf3a0a6  fleetctl_v4.65.0_linux_amd64.tar.gz
4f42efd2505b17077444819993d99ea1c1444829e317ce1ac4180153af68725c  fleetctl_v4.65.0_linux_amd64.zip
71313864e43d2071e6036a6b6f483859484b9cc5fc4606916356676a821223e2  fleetctl_v4.65.0_linux_arm64.tar.gz
de847aa6a189aa530a36b786aa2214a64bc2fd767324185e09b90cb7ddee918d  fleetctl_v4.65.0_linux_arm64.zip
207680c4559b3c26bfa31b0d5d38ce277597b8e719e8d4c707a845e71049ee0e  fleetctl_v4.65.0_macos.tar.gz
2c56038f7cdab28c26dd688d3bf38dcb26dbca99ebf587edb2653215383f03a9  fleetctl_v4.65.0_macos.zip
ec21ef7ab53702919b70abd71124a2cf1765084e1d632f6e99b67df707dcd8d3  fleetctl_v4.65.0_windows_amd64.tar.gz
92b5e82b7b5bde10e2bd8de9b0cd32e20a545bfea5f0d875615953ebe5bcb1a5  fleetctl_v4.65.0_windows_amd64.zip
41cb3774a6743719605b2672ff0842ae8ae530a54e64b57313421804e2a13cfc  fleetctl_v4.65.0_windows_arm64.tar.gz
5fa928283df7b0ef723770fe2586b4f6593ff4846a3b936ac82815d22af13fcd  fleetctl_v4.65.0_windows_arm64.zip

fleet-v4.58.1

Bug fixes

• Improve validation handling.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

cac462eeae5f056b1c04325e95416faae9c414ed969dd2176a5b2c6604f07ddb  fleet_v4.58.1_linux.tar.gz
392e3f10a3ad16ed3633eb424a659ccde776383d79a9be03a182db60306b6b6f  fleetctl_v4.58.1_linux.tar.gz
4ee8f0d40626ea1a3c939a8f68f248f659df8e0d17a4cc6849ff790b88fc6ec9  fleetctl_v4.58.1_linux.zip
03aeeee0261aa1b95730dba8191f69d413c7782b50bd625d7d5430eeb0040ac2  fleetctl_v4.58.1_macos.tar.gz
4f203095d09f5260a54a206addc94758ecb237647063ff01f66f63f9cda032a0  fleetctl_v4.58.1_macos.zip
c334747b1398838f351021b6c3858df46ba34a0ee95fa337412ed8af58fe28b2  fleetctl_v4.58.1_windows.tar.gz
1703fc1dedbfa4bcf8f4e02d8651bc4a73d44f007dfcf825bee62d15b642f91c  fleetctl_v4.58.1_windows.zip

fleet-v4.53.2

Bug fixes

• Improve validation handling.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

3a70668581fdec15ad2f04b002d3297cb850fd53806e20194d54f79adad64d0c  fleet_v4.53.2_linux.tar.gz
5a2f5d987d5765544aece56d6eb57c536738410ce762c6c91ba658ff54413093  fleetctl_v4.53.2_linux.tar.gz
c0feac6d6d2b16e7d15c81557558b24fbce1573fa3afa1eec8653c60707d7e67  fleetctl_v4.53.2_linux.zip
ba87c66fa0ad56480dd1c1aac2aef29b819b0dc0891871565f5f481669dedadb  fleetctl_v4.53.2_macos.tar.gz
19e811827479d080686d0a805d5b3cd0c827276236ea335c6a55419a5bac05ec  fleetctl_v4.53.2_macos.zip
3fd4d383b3737be79e4f92ab33b97067208cfe8dc593c8a2e672efc8b0051bff  fleetctl_v4.53.2_windows.tar.gz
ce6579bfaeec772f6873da4529f0739c149d37c1e89300464ed0a7f1e0fc86a4  fleetctl_v4.53.2_windows.zip

fleet-v4.64.2

Bug fixes

• Improve validation handling.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

39c5b41253292eca48a4d0e95418a2436af7b2a0c92c0a862f4f59af060a7ef2  fleet_v4.64.2_linux.tar.gz
6c1c6880395a476702f847928eea0c290cd50c50241b07872a29c6f7ca2e1f9c  fleetctl_v4.64.2_linux.tar.gz
956111d8080c3324c34da4914581d0b9ae5fa3f85103114692b70d8fff651f26  fleetctl_v4.64.2_linux.zip
b764770f606a3b2f4771194f026f867ea566dae24b9d9372fb144fc313ca04f7  fleetctl_v4.64.2_linux_arm64.tar.gz
deec45d80922c7594bd6991c6845ec4a30575fa4039fe2ce11d57642da8a327e  fleetctl_v4.64.2_linux_arm64.zip
1352b1c9ad8cafe45fe27433d1fa276d560fafaecfaf9510e218975c31c670ae  fleetctl_v4.64.2_macos.tar.gz
bb67b9763cfaaa6e2861fd43630808c4dfb6b0b479ef3f60ea0969aa5cf2cbc1  fleetctl_v4.64.2_macos.zip
4e8000a01a8a37ae89ed7f4f49c92e27e7f4e70f59e309da878fcbb9b215018f  fleetctl_v4.64.2_windows.tar.gz
eb0ebfeddaef07b87d4f44e2667d4b613f43ccc53ffe19d2fcc68d4ab977de89  fleetctl_v4.64.2_windows.zip
14f40dce21158ab4a8921763a2fd1c81fc4eb6b6d074462277d9537aa3ec12f8  fleetctl_v4.64.2_windows_arm64.tar.gz
31dbd6611bf602a2893d5791ccccaa8884dd1ded24c206bd955ab72b29ecf609  fleetctl_v4.64.2_windows_arm64.zip

fleet-v4.63.2

Bug fixes

• Improve validation handling.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

1e7d215b71845055592f7dc0d1879cfe90780264a894a077c4f33c2eef0534ea  fleet_v4.63.2_linux.tar.gz
f61d56bc8f3da2983560e529f3df144f211cad26078ff13e059b2a365d42e0a4  fleetctl_v4.63.2_linux.tar.gz
85640fa20886affe18d9c97eaa13d0c238caed2fd253860476094aa7f945d4cb  fleetctl_v4.63.2_linux.zip
eb0b90f616f1987bef9223c14e512ae0fd0a03aac921a2ebd74c901445901412  fleetctl_v4.63.2_macos.tar.gz
0f823089e6e399a09f1eb98eb7391037d52e736f3affc59a5687683d8e2c1377  fleetctl_v4.63.2_macos.zip
2a11995eef0f82fa5c164660694f4e8a813f0ea9b4e64cc21f032f69dcb097b5  fleetctl_v4.63.2_windows.tar.gz
7228c01a80ffde8ee76316614b6bd54df652303d165d11706893029507f1a43f  fleetctl_v4.63.2_windows.zip

fleet-v4.62.4

Bug fixes

• Improve validation handling.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

05417e9b44b6f7df8911af2e650ddae20223c02f01dd0d907afa2d32556ad8ab  fleet_v4.62.4_linux.tar.gz
ef342f465b0c22c296282a9fa2f8adb8a237e8540cf6ebda0b62f5040537e714  fleetctl_v4.62.4_linux.tar.gz
858fca4651ba3d32b35c1e23009b3fb0723e6991360464b18ce6c4de5f206f87  fleetctl_v4.62.4_linux.zip
95cd77580fa99440607530f4f266d7d2e4fa35d5c6cab3a585889b2ef7b9567f  fleetctl_v4.62.4_macos.tar.gz
19ad7b8d178979a5f411b3ca23c6d259a20fa1d2dd1e157fd2f905316a2fc5db  fleetctl_v4.62.4_macos.zip
7b7c23ff1e70dab192cc3608669e5a89239f9f4a6eedaad91af161c389081f48  fleetctl_v4.62.4_windows.tar.gz
860d9c189d720d51d7edc86e23c32fe047a20bc80efb43a2f7c55ba8a3fd732d  fleetctl_v4.62.4_windows.zip

fleet-v4.64.1

Bug fixes

• Fixed an issue where the ABM token teams were being reset when making updates to the app config.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

26474e75e73c8eceee6ec15002432afda7f0dc8f8afba288fa96cfb167c15a58  fleet_v4.64.1_linux.tar.gz
2922517a56340b576b78d7a666d7e739e6b37ad0d9d7ee7b3bda9cc122b94f86  fleetctl_v4.64.1_linux.tar.gz
83e2d169f54d9e16a3aff303f69fb8ee781a75e5b7b5d88d2d95d876a03bc589  fleetctl_v4.64.1_linux_amd64.zip
b9123b8d8e2571cecb562b563f2abc98624c8cee3bdc74a2405216745b837550  fleetctl_v4.64.1_linux_arm64.tar.gz
e46c82d07743ec7d421a869862b641d053224b895efe0651d405a2cc99ca7b15  fleetctl_v4.64.1_linux_arm64.zip
f01c0ffc91d9610f09986f22d5e40ea8c64470cf6e7ea0c3f84557c3b7e9ee92  fleetctl_v4.64.1_macos_all.tar.gz
096a2fb33524c5ae61403c6b0c86c2bc963dd41ed65d0b9976cf8e85f1658c8e  fleetctl_v4.64.1_macos_all.zip
ea2a569f69386a4aed1e99286e95f3162782acf126d18bd8ad4f61f313a6b2f2  fleetctl_v4.64.1_windows_amd64.tar.gz
d81d3bda39da22f14e507b0b1e83113035799f27c29b1a2edcefdfd5c19a0254  fleetctl_v4.64.1_windows_amd64.zip
0b8ac6b983be92592080dbd686754b63b9d278d3b26cbc3d205b87d6e4372992  fleetctl_v4.64.1_windows_arm64.tar.gz
e7aeb2b5a7c3c8f4d96ce219774f14af098516410e91ad9e93ca54dd6340f908  fleetctl_v4.64.1_windows_arm64.zip

fleet-v4.63.1

Bug fixes

• Fixed an issue where the abm token teams were being reset when making updates to the app config

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

de7dd03cc020116b20dcefa8702b21fefff60cc04f4eeb68be4ca69461245c2c  fleet_v4.63.1_linux.tar.gz
6e48ae58ef3ffdf4dc54d46df84503d1645ef99d701448b072cf224f29ed64e8  fleetctl_v4.63.1_linux.tar.gz
9a7114f8b3d27cab33bbb60764d3384ec590a2f5d00a30cfa7ce43ea9ff78611  fleetctl_v4.63.1_linux.zip
c98bf40e8b8c40f45bf99f83fdac35f6a5fab7ba666e5241afd74f5a11aab0cd  fleetctl_v4.63.1_macos.tar.gz
cf37eeec31e1826dac6ee2c244c302ad87adeae461d83dd86e2196c8399b7e39  fleetctl_v4.63.1_macos.zip
d0750ca4fb486789bd7348bf45913c58cc9814ede9e4a791292cddea359b86c5  fleetctl_v4.63.1_windows.tar.gz
e6ebb5fdf2a909be1edf12c3b5b6ae29f16a47c9536b3e4307d77c2a7bc56465  fleetctl_v4.63.1_windows.zip

fleet-v4.64.0

Fleet 4.64.0 (Feb 18, 2025)

Device management (MDM)

• Included current host status and pending action in lock, unlock, and wipe API calls.
• Disk encryption keys are now archived when they are created or updated. They are never fully deleted from the database.
• Hosts that are restored from ABM no longer have old activities in their feed.

Orchestration

• Added bash interpreter support for script execution.
• Updated the activities feed with new design.
• Added fleetctl on Linux ARM binary to releases.
• Added clearer error states to metadata-related fields in the SSO settings form.
• Enforced consistency of on-click behavior of table rows.
• Added gzip compression for static CSS and JS assets to decrease bundle download times.
• Added API endpoint for updating script contents.
• Implemented various UI improvements to the scripts list.
• Added option to populate users and labels on list hosts endpoint.
• Checked the server for validity of any Fleet invites on load.
• Updateed user form validation to require a password be present when switching a user from SSO to password authentication.
• Updated the way new manual labels are created to better support adding large numbers of hosts at one time.
• Replaced "Include Fleet desktop" with host type radio selection buttons when adding Windows or Linux hosts.
• Disabled webhooks if not present in gitops.

Software

• Added ability to target app store apps with include/exclude labels.
• Added ability to edit targets or self service option for app store apps.
• Added details modal for add, edit, and delete app store app global activities.
• Added modal to edit script contents.
• Added download url for fleet maintained apps as url property on fleet/software/fleet_maintained_apps/:id.
• Added "exclude_fleet_maintained_apps" option to GET /api/v1/fleet/software/titles.
• Surfaced download URL for Fleet-maintained app when adding the software to Fleet.
• Surfaced cleaner errors when adding Fleet-maintained apps.
• Revised software installer package validation to mark installers with no version as "unknown" for version rather than rejecting them.
• Resolved false negatives on vulnerabilities for IntelliJ IDEA Community Edition on Windows.
• Resolved false-positives for the pass Homebrew package and jira Python package via a vulnerability feed update available to all Fleet versions on 2025-01-22.
• Fixed a false negative vulnerability reporting for iTerm2 (available to all recent Fleet releases as of January 17th via a vulnerability feed update).

Bug fixes and improvements

• Removed duplicate Linux lock and wipe scripts from repository.
• Clarified text on the policies and queries pages when no policies/queries exist for the selected team (or All Teams).
• Updated the help text for 3 tabs of the Add hosts modal.
• Improved the look and feel of dropdowns in the UI.
• Improved look and feel of dashboard host count cards including hiding platforms with 0 count.
• Added util wrapper func around semver package to allow for custom preprocessing. Upgraded semver library to 3.3.1 and usage everywhere to version 3.
• Added link to information about installing fleetd when packages are generated.
• Optimized software ingestion queries to use existing DB indexes in the software titles table.
• Normalized padding spacing for list headers, lists, and help text across various modals.
• Removed the resend button for failed windows disk encryption profiles and add messaging that tells the user that Fleet with automatically retry this profile again.
• Refactored upstream error logic to allow disabling submit button when form errors are present.
• Improved the verified and verifying tooltips on the Profile Status on OS settings page.
• Improved settings context so that user's updates to the team agent options form when they navigate away and back again.
• Improved the teams dropdown so that it gracefully hides overflow from long team names.
• Updated the os settings Target form deadline input tooltip to make it more clear how the deadline works for hosts.
• Updated language in query comppatibility tooltip to clarify that compatibility is based only on tables.
• Optimized logging by ensuring illegal argument errors will no longer be logged at the ERROR level on the server. Since these are client errors, they will be logged at the DEBUG level instead. This will reduce the amount of noise in the server logs and help debugging other issues.
• Raised the frequency of sending anonymous statistics from every 24 hours to every 1 hour.
• Bumped Node.js version to 20.18.1.
• Bumped github cache action to 4.2.0.
• Added server debug logging for unexpected Apple DDM configuration status.
• Removed fleetctl binary from the fleetdm/fleet docker image.
• Removed erroneous "manage automations" link on dashboard for maintainers.
• Fixed window profiles error message being cut off in the OS settings modal.
• Fixed user page responsiveness to not overflow horizontally.
• Fixed case consistency for "Disk encryption" in host OS settings modal.
• Fixed styling for manage automation buttons and dropdown.
• Fixed a bug where query reports where not being recorded for hosts configured with --logger_snapshot_event_type=true.
• Fixed incorrect source value in device mapping REST API documentation.
• Fixed a bug in Fleet's handling of VPP token renewal requests.
• Fixed mail being sent with the incorrect SMTP Domain (thank you @mccormickt).
• Fixed filtering by vulnerable software for ios or ipad host.
• Fixed issue where some Windows MDM profiles were not being sent to hosts when hosts came back online.
• Fixed a bug where adding or removing a host with an identical name to/from a label caused the same action to be performed on other host(s) with the same name as well.
• Fixed Windows MDM issue where SessionID of 0 was not allowed.
• Fixed a bug with paginating team policies.
• Fixed a bug "software not found for checksum" in software ingestion transaction retries.
• Fixed issue with Windows disk encryption where status updates from "Verifying" to "Verified" were sometimes stuck in the "Verifying" state.
• Fixed a bug where server errors returned from the API were not successfully being incorporated into the user form error states.
• Fixed a bug where team admins are unable to enable or disable MFA for a user.
• Fixed a bug where only the first of multiple software titles with the same name and source but different bundle IDs would be successfully inserted into the database.
• Fixed issue verifying Windows CSP profiles that contain ADMX policies.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.39.1
2. fleet-desktop-v1.39.1 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

51a811aaabbee948566e60a7521d4f9575be7625e8f3f0c730bb5eaa7603c4cb  fleet_v4.64.0_linux.tar.gz
3c28599271ae296c3d4f027ff71576d2ca0b8ceb8b3a79f7c9411fb9d786af5e  fleetctl_v4.64.0_linux.tar.gz
0a56aefb8135635c4bb7cb530b65d2cd6065cffa9a08170d59d5734763fc48f1  fleetctl_v4.64.0_linux.zip
9dd40e358a2e964b1d7768fde0898f3dfc10004895478d8cec2b91be0a5fc5c1  fleetctl_v4.64.0_linux_arm64.tar.gz
c279b7ff8ef5052588e7cd7cd78362e4a086b5c9a0c4291c819929d8435d431f  fleetctl_v4.64.0_linux_arm64.zip
2cc53904097a7916e9712417b611c1e3fc43be4fab4ff0819d8e0ee4e9770032  fleetctl_v4.64.0_macos.tar.gz
62cb7587e55ebb2280f40379d296098fd0b75584279d4ae10649fa28844ca6b7  fleetctl_v4.64.0_macos.zip
935e797b12becaabb66deb818d04f60efd2a81e474e6522ebece8e8111fa8bc7  fleetctl_v4.64.0_windows.tar.gz
4035b2a555671ac1bbe68955a93029b1deec8242e0ef568aee50b91828a1c51a  fleetctl_v4.64.0_windows.zip
08512fa9d118d00b02abb28ea02359d425c7827dadafeb9c922ab6f6c5da61e8  fleetctl_v4.64.0_windows_arm64.tar.gz
bbfae41779201acd34b1bce2f1b2426fcabf36365014881e3aebb44333f4c4e3  fleetctl_v4.64.0_windows_arm64.zip