Skip to content

fleet-v4.66.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 04 Apr 19:27
· 212 commits to main since this release
fleet-v4.66.0
af941c9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security Engineers

  • Added integration with DigiCert Trust Lifecycle Manager. Fleet admins can now deploy DigiCert certificates to their macOS devices via configuration profiles.
  • Updated activity log UI for new certificate authority features.
  • Updated host details > software table to filter by vulnerability severity and known exploit.
  • Return more granular data for live query and policy runs so it can be displayed to users.
  • Allowed adding labels when saving or editing queries in the UI.
  • Added support for queries with LabelsIncludeAny in backend.
  • Added author_id to labels DB table to track who created a label.
  • Removed duplicate download/delete attempts for MSRC bulletins when hosts are enrolled spanning multiple builds of the same version of Windows.
  • Split up expired query deletion to avoid deadlocks in zero-trust flows.
  • Moved software version transformations for vulnerability matching out of software ingestion to ensure software inventory versions match what osquery reports.
  • Modified host software query to apply the vulnerability filter on VPP apps and latest software installs & uninstalls.
  • Fixed false positive on macOS 15.3 by making sure we match the version format reported by Vulncheck.
  • Fixed false positive for CVE-2024-6286 on non-Windows hosts.

IT Admins

  • Added support for Fleet-maintained apps for Windows.
  • Added integration with a custom SCEP server. Fleet admins can now deploy certificates from their own SCEP server to their macOS devices via configuration profiles. The SCEP server will only see traffic from the Fleet server.
  • Return more granular data for live query and policy runs so it can be displayed to users.
  • Added support for queries with LabelsIncludeAny in backend.
  • Allowed adding labels when saving or editing queries in the UI.
  • Updated macOS setup experience to show an error if an App Store app installation fails due to lack of licenses.
  • Added platform key to software_package and app_store_app keys throughout API.
  • Improved error messages when Fleet admin tries to upload a FileVault (macOS) or a BitLocker (Windows) configuration profile.
  • Ignored compatible Linux hosts in disk encryption statistics and filters if disk encryption is disabled.
  • Allowed for any number of comments at the top of XML files for Windows MDM profile CSPs.
  • Disabled unsupported automatic install option during add flow of .exe custom packages.
  • Updated Fleet to treat software installer download errors as a failure for that installation attempt, which prevents the software installation from remaining in "pending".
  • Added Apple Root Certificate for HTTP requests to https://gdmf.apple.com/v2/pmv. This solves the issue of minimum macOS version not being enforced at enrollment.
  • Removed unreliable default (un)install scripts for .exe software packages; install and uninstall scripts are now required when adding .exe packages.
  • Added software URL validation in GitOps to catch URL parse errors earlier.

Other improvements

  • Updated the empty states when choosing a label scope for new software, queries, and profiles.
  • Clarified meanings of various types and fields involved in live query/policy infrastructure, document, and refactor for improved code clarity.
  • Added configuration to Fleet server to enable H2C (forcing http2) to get around a limitation in GCP Cloud Run for upload file sizes.
  • Added validation to both org logo URL fields, and accept data URIs as valid.
  • Removed redundant json array parsing in osquery pack report handler.
  • Added took field (request duration) on server logs for requests that fail (non-2XX).
  • Unified all pagination logic and styling.
  • Updated the new policy flow and associated UI elements.
  • Updated UI to cleanly truncate two overflowing values and display full values in a tooltip.
  • Removed extra space above Next and Previous buttons in host activity feeds.
  • Allowed team GitOps to run without global config.
  • Added support for displaying scheduled query labels in fleetctl.
  • Updated fleetctl to print an informative error message when it is authenticated with a user who is required to reset their password.
  • Stopped fleetctl npm publishing script from tagging patch releases for old versions as latest.

Bug fixes

  • Fixed software installer download and Fleet Maintained App errors by extending the timeout for the download and FMA add endpoints.
  • Fixed issue where bootstrap package was incorrectly installed during renewal of Apple MDM enrollment profiles.
  • Fixed a bug to ignore Windows hosts that are not enrolled in Fleet MDM for disk encryption statistics and filters.
  • Fixed policy automation with scripts to surface errors to user instead of rendering false success message.
  • Fixed whitespace not being displayed correctly in policy automation calendar preview.
  • Fixed bug where Windows profiles were not being resent after fleetctl GitOps update.
  • Fixed row selection firing twice in host selection screen.
  • Fixed Dashboard > Software table truncating host count.
  • Fixed an error when requesting /fleet/software/titles endpoint unpaginated with > 33k software titles by batching the policies by software title id query
  • Fixed an issue where removing label conditions on configuration profiles (e.g. labels_include_any, labels_include_all or labels_exclude_any) did not clear the labels associated with the profile when applied via fleetctl gitops.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.40.1
  2. fleet-desktop-v1.40.1 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

e87e0bba04a09b8ef473aba22221c131016299cca30f57d72b85ebba1d4be651  fleet_v4.66.0_linux.tar.gz
169c8684f5a3dcf998ee002e3a0dc28c57a6d1e93bca408fb3f663235bdfc319  fleetctl_v4.66.0_linux_amd64.tar.gz
2d95b8e37bc6892a927d492c3a17f74b2e62003eedec2f68a6d351c84e693965  fleetctl_v4.66.0_linux_amd64.zip
982fa86301f291b5b9f39d984d40e295364cfc9d50c973eb31f64f088f5900a5  fleetctl_v4.66.0_linux_arm64.tar.gz
8c386bb8ea6b8fbab628929a4f8e399481130bc5cbe13fce0fc0f9ac0f712bba  fleetctl_v4.66.0_linux_arm64.zip
29e6df3d07282fbe1712be88a21d10766e91cf5f83513bfc040bcd9907904a4b  fleetctl_v4.66.0_macos.tar.gz
8fe0d5bbfb7b1a76028d11377cead60408938637fec88117f97e138955a0ad31  fleetctl_v4.66.0_macos.zip
9c65a45586f06ad6d0751381638b3472d0c1689fa7cdbb856c20b67860e8a853  fleetctl_v4.66.0_windows_amd64.tar.gz
0fc0bbb063dd948b9755afc8e689b7263fb965c1445a58b7548a4443545fd519  fleetctl_v4.66.0_windows_amd64.zip
3c2e8b4c2f336341864a3328f02e068b5fcca93553b511da8fabc28aef6030f7  fleetctl_v4.66.0_windows_arm64.tar.gz
ee28179a69234fdb31042105df51363ad438967a6c7c1a7d4cf5efb998f5fab4  fleetctl_v4.66.0_windows_arm64.zip
Assets 14
Loading