* Add `fleetctl` agent auto-updates beta which introduces the ability to self-manage an agent update server. Available for Fleet Basic customers.
* Add option for Identity Provider-Initiated (IdP-initiated) Single Sign-On (SSO).
* Improve logging. All errors are logged regardless of log level, some non-errors are logged regardless of log level (agent enrollments, runs of live queries etc.), and all other non-errors are logged on debug level.
* Improve login resilience by adding rate-limiting to login and password reset attempts and preventing user enumeration.
* Add Fleet version and Go version in the My Account page of the Fleet UI.
* Improvements to `fleetctl preview` that ensure the latest version of Fleet is fired up on every run. In addition, the Fleet UI is now accessible without having to click through browser security warning messages.
* Add configurable host identifier to help with duplicate host enrollment scenarios. By default, Fleet's behavior does not change (it uses the identifier configured in osquery's `--host_identifier` flag), but for users with overlapping host UUIDs changing `--osquery_host_identifier` to `instance` may be helpful.
* Make cool-down period for host enrollment configurable to control load on the database in scenarios in which hosts are using the same identifier. By default, the cooldown is off, reverting to the behavior of Fleet <=3.4.0. The cooldown can be enabled with `--osquery_enroll_cooldown`.
* Refresh the Fleet UI with a new layout and horizontal navigation bar.
* Trim down the size of Fleet binaries.
* Improve handling of config_refresh values from osquery clients.
* Fix an issue with IP addresses and host additional info dropping.
* Add search, sort, and column selection in the hosts dashboard.
* Add AWS Lambda logging plugin.
* Improve messaging about number of hosts responding to live query.
* Update host listing API endpoints to support search.
* Fixes to the `fleetctl preview` experience.
* Fix `denylist` parameter in scheduled queries.
* Fix an issue with errors table rendering on live query page.
* Deprecate `KOLIDE_` environment variable prefixes in favor of `FLEET_` prefixes. Deprecated prefixes continue to work and the Fleet server will log warnings if the deprecated variable names are used.
* Deprecate `/api/v1/kolide` routes in favor of `/api/v1/fleet`. Deprecated routes continue to work and the Fleet server will log warnings if the deprecated routes are used.
* Change the default `--server_tls_compatibility` to `intermediate`. The new settings caused TLS connectivity issues for users in some environments. This new default is a more appropriate balance of security and compatibility, as recommended by Mozilla.
* **Security**: Fixed a vulnerability in which a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. See https://github.com/fleetdm/fleet/security/advisories/GHSA-xwh8-9p3f-3x45 and the linked content within that advisory.
* Add new Host details page which includes a rich view of a specific host’s attributes.
* Reveal live query errors in the Fleet UI and `fleetctl` to help target and diagnose hosts that fail.
* Add Helm chart to make it easier for users to deploy to Kubernetes.
* Add support for `denylist` parameter in scheduled queries.
* Add debug flag to `fleetctl` that enables logging of HTTP requests and responses to stderr.
* Improvements to the `fleetctl preview` experience that include adding containerized osquery agents, displaying login information, creating a default directory, and checking for Docker daemon status.
* Add improved error handling in host enrollment to make debugging issues with the enrollment process easier.
* Upgrade TLS compatibility settings to match Mozilla.
* Add comments in generated flagfile to add clarity to different features being configured.
* Fix a bug in Fleet UI that allowed user to edit a scheduled query after it had been deleted from a pack.
* **Security**: Introduce XML validation library to mitigate Go stdlib XML parsing vulnerability effecting SSO login. See https://github.com/fleetdm/fleet/security/advisories/GHSA-w3wf-cfx3-6gcx and the linked content within that advisory.
Follow up: Rotate `--auth_jwt_key` to invalidate existing sessions. Audit for suspicious activity in the Fleet server.
* **Security**: Prevent new queries from using the SQLite `ATTACH` command. This is a mitigation for the osquery vulnerability https://github.com/osquery/osquery/security/advisories/GHSA-4g56-2482-x7q8.
Follow up: Audit existing saved queries and logs of live query executions for possible malicious use of `ATTACH`. Upgrade osquery to 4.6.0 to prevent `ATTACH` queries from executing.
* Update icons and fix hosts dashboard for wide screen sizes.
* Backend performance overhaul. The Fleet server can now handle hundreds of thousands of connected hosts.
* Pagination implemented in the web UI. This makes the UI usable for any host count supported by the backend.
* Add capability to collect "additional" information from hosts. Additional queries can be set to be updated along with the host detail queries. This additional information is returned by the API.
* Removed extraneous network interface information to optimize server performance. Users that require this information can use the additional queries functionality to retrieve it.
* Add "manual" labels implementation. Static labels can be set by providing a list of hostnames with `fleetctl`.
* Add JSON output for `fleetctl get` commands.
* Add `fleetctl get host` to retrieve details for a single host.
* Update table schema for osquery 4.4.0.
* Add support for multiple enroll secrets.
* Logging verbosity reduced by default. Logs are now much less noisy.
* Fix import of github.com/kolide/fleet Go packages for consumers outside of this repository.
* Add `--server_url_prefix` flag to configure a URL prefix to prepend on all Fleet URLs. This can be useful to run fleet behind a reverse-proxy on a hostname shared with other services.
* Add option to automatically expire hosts that have not checked in within a certain number of days. Configure this in the "Advanced Options" of "App Settings" in the browser UI.
* Add ability to search for hosts by UUID when targeting queries.
* Allow SAML IdP name to be as short as 4 characters.
* Security: Upgrade Go to 1.12.8 to fix CVE-2019-9512, CVE-2019-9514, and CVE-2019-14809.
* Add capability to export packs, labels, and queries as yaml in `fleetctl get` with the `--yaml` flag. Include queries with a pack using `--with-queries`.
* Modify email templates to load image assets from Github CDN rather than Fleet server (fixes broken images in emails when Fleet server is not accessible from email clients).
* Add warning in query UI when Redis is not functioning.
* Fix minor bugs in frontend handling of scheduled queries.
* Add GCP PubSub logging plugin. Thanks to Michael Samuel for adding this capability.
* Improved escaping for target search in live query interface. It is now easier to target hosts with + and - characters in the name.
* Server and browser performance improvements by reduced loading of hosts in frontend. Host status will only update on page load when over 100 hosts are present.
* Utilize details sent by osquery in enrollment request to more quickly display details of new hosts. Also fixes a bug in which hosts could not complete enrollment if certain platform-dependent options were used.
* Fix a bug in which the default query runs after targets are edited.
* Add capability to log osquery status and results to AWS Firehose. Note that this deprecated some existing logging configuration (`--osquery_status_log_file` and `--osquery_result_log_file`). Existing configurations will continue to work, but will be removed at some point.
* Automatically clean up "incoming hosts" that do not complete enrollment.
* Fix bug with SSO requests that caused issues with some IdPs.
* Hide built-in platform labels that have no hosts.
* Fix references to Fleet documentation in emails.
* Minor improvements to UI in places where editing objects is disabled.
* Fix a bug where duplicate queries were being created in the same pack but only one was ever delivered to osquery. A migration was added to delete duplicate queries in packs created by the UI.
* It is possible to schedule the same query with different options in one pack, but only via the CLI.
* If you thought you were relying on this functionality via the UI, note that duplicate queries will be deleted when you run migrations as apart of a cleanup fix. Please check your configurations and make sure to create any double-scheduled queries via the CLI moving forward.
* Fix a bug in which packs created in UI could not be loaded by fleetctl.
* Fix a bug where deleting a query would not delete it from the packs that the query was scheduled in.
The primary new addition in Fleet 2 is the new `fleetctl` CLI and file-format, which dramatically increases the flexibility and control that administrators have over their osquery deployment. The CLI and the file format are documented [in the Fleet documentation](https://github.com/fleetdm/fleet/blob/master/docs/1-Using-Fleet/2-fleetctl-CLI.md).
* New `fleetctl` CLI for managing your entire osquery workflow via CLI, API, and source controlled files!
* You can use `fleetctl` to manage osquery packs, queries, labels, and configuration.
* In addition to the CLI, Fleet 2.0.0 introduces a new file format for articulating labels, queries, packs, options, etc. This format is designed for composability, enabling more effective sharing and re-use of intelligence.
```yaml
apiVersion: v1
kind: query
spec:
name: pending_updates
query: >
select value
from plist
where
path = "/Library/Preferences/ManagedInstalls.plist" and
key = "PendingUpdateCount" and
value > "0";
```
* Run live osquery queries against arbitrary subsets of your infrastructure via the `fleetctl query` command.
* Use `fleetctl setup`, `fleetctl login`, and `fleetctl logout` to manage the authentication life-cycle via the CLI.
* Use `fleetctl get`, `fleetctl apply`, and `fleetctl delete` to manage the state of your Fleet data.
* Manage any osquery option you want and set platform-specific overrides with the `fleetctl` CLI and file format.
* Managing osquery options via the UI has been removed in favor of the more flexible solution provided by the CLI. If you have customized your osquery options with Fleet, there is [a database migration](./server/datastore/mysql/migrations/data/20171212182458_MigrateOsqueryOptions.go) which will port your existing data into the new format when you run `fleet prepare db`. To download your osquery options after migrating your database, run `fleetctl get options > options.yaml`. Further modifications to your options should occur in this file and it should be applied with `fleetctl apply -f ./options.yaml`.
* Added feature that allows users to import existing Osquery configuration files using the [configimporter](https://github.com/kolide/configimporter) utility.
The Kolide server now tracks the `distributed_interval` and `config_tls_refresh` values for each individual host (these can be different if they are set via flagfile and not through Kolide), to ensure that online status is represented as accurately as possible.
* Log rotation is no longer the default setting for Osquery status and results logs. To enable log rotation use the `--osquery_enable_log_rotation` flag.
* Add a debug endpoint for collecting performance statistics and profiles.
When `kolide serve --debug` is used, additional handlers will be started to provide access to profiling tools. These endpoints are authenticated with a randomly generated token that is printed to the Kolide logs at startup. These profiling tools are not intended for general use, but they may be useful when providing performance-related bug reports to the Kolide developers.
osquery 2.3.2 incorrectly reports an empty value for `platform` on CentOS6 hosts. We added a workaround to properly detect platform in Kolide, and also [submitted a fix](https://github.com/facebook/osquery/pull/3071) to upstream osquery.
Previously this item was visible to non-admin users and if selected, a blank options page would be displayed since server side authorization constraints prevent regular users from viewing or changing options.
In an effort to provide a more resilient web server, timeouts are more strictly enforced by the Kolide HTTP server (regardless of whether or not you're using the built-in TLS termination).
For customers using Kolide's built-in TLS server (if the `server.tls` configuration is `true`), the server was hardened to only accept modern cipher suites as recommended by [Mozilla](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility).
* Improve the mechanism used to calculate whether or not hosts are online.
Previously, hosts were categorized as "online" if they had been seen within the past 30 minutes. To make the "online" status more representative of reality, hosts are marked "online" if the Kolide server has heard from them within two times the lowest polling interval as described by the Kolide-managed osquery configuration. For example, if you've configured osqueryd to check-in with Kolide every 10 seconds, only hosts that Kolide has heard from within the last 20 seconds will be marked "online".
Customers running Kolide behind a web balancer lacking support for websockets were unable to use the distributed query feature. Also, in certain circumstances, Safari users with a self-signed cert for Kolide would receive an error. This release add a fallback mechanism from websockets using SockJS for improved compatibility.
Previously Kolide was determining platform based on the OS of the system osquery was built on instead of the OS it was running on. Please note: Offline hosts may continue to report an erroneous platform until they check-in with Kolide.
* Support MySQL client certificate authentication. More details can be found in the [Configuring the Fleet binary docs](./docs/infrastructure/configuring-the-fleet-binary.md).
