mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 00:45:19 +00:00
Prepare v4.44.0 (#16486)
This commit is contained in:
Luke Heath
GitHub
parent
93ed597345
commit
668fe41611
58
CHANGELOG.md
58
CHANGELOG.md
@ -1,3 +1,61 @@
|
||||
## Fleet 4.44.0 (Jan 31, 2024)
|
||||
|
||||
### Changes
|
||||
|
||||
* **Endpoint operations**:
|
||||
- Removed rate-limiting from `/api/fleet/orbit/ping` and `/api/fleet/device/ping` endpoints.
|
||||
- For Windows hosts, fleetd now uses Windows Credential Manager for enroll secret.
|
||||
- For macOS hosts, fleetd stores and retrieves enroll secret from macOS keychain for non-MDM flow.
|
||||
- Query reports feature now supports a custom `pack_delimiter` in agent settings.
|
||||
- Packaged `fleetctl` for macOS as a universal binary (native support for both amd64 and arm64 architectures).
|
||||
- Added new flow for `fleetctl package --type=msi` on macOS using arm64 processor.
|
||||
- Teams can now configure their own host expiry settings.
|
||||
- Added UI for host details activity card.
|
||||
- Added `host_count_updated_at` to policy API responses.
|
||||
- Added "Run script" action to host details page.
|
||||
- Created the "script ran" activity linked to its host.
|
||||
- Updated host details page and `GET /api/v1/fleet/hosts/:id` endpoint so that failing policies are listed first.
|
||||
|
||||
* **Device management (MDM)**:
|
||||
- Added new endpoints `GET /api/v1/fleet/mdm/manual_enrollment_profile` and scripts related endpoints (`/hosts/:id/activity`, `/hosts/:id/activity/upcoming`).
|
||||
- Added support for label-based MDM profiles reconciliation.
|
||||
- Improved MDM migration puppet module.
|
||||
- Added Windows scripts for MDM unenrollment and fleetd removal.
|
||||
- Added the profile's `labels` object to MDM profiles response payload.
|
||||
- Updated UI with ability to target MDM profiles by label.
|
||||
- Added ability to configure custom `configuration_web_url` values in DEP profile.
|
||||
- Fixed a bug causing MDM SSO to fail with certain configurations.
|
||||
- Fixed queries reporting inconsistent MDM enrollment status in Windows.
|
||||
|
||||
* **Vulnerability management**:
|
||||
- Added support for detecting operating system vulnerabilities for macOS and Windows.
|
||||
- Corrected Windows OS false negative for multiple OS build remediations.
|
||||
- Fixed issue with incorrect `resolved_in_version` for vulnerabilities.
|
||||
|
||||
### Bug fixes and improvements
|
||||
|
||||
- Added "No report" text for query results not saved in Fleet.
|
||||
- Updated forms across the UI for consistent styling.
|
||||
- Improved UX for globally enabling/disabling SSO.
|
||||
- Added new consistent header styling across the app.
|
||||
- Clearer browser page titles and CTAs for Observer+.
|
||||
- Updated logging destination failure response to return a 4xx error instead of 500.
|
||||
- Addressed issues with query reports and host expiry settings.
|
||||
- Resolved platform compatibility checker issues with deprecated osquery tables.
|
||||
- Updated Go to version 1.21.6.
|
||||
- osquery flag validation updated for osquery 5.11.
|
||||
- Fixed validation and error handling for `/api/fleet/orbit/device_token` and other endpoints.
|
||||
- Fixed UI bugs in script functionality, side navigation content headers, and premium message alignment.
|
||||
- Fixed a bug in searching for hosts by email addresses.
|
||||
- Fixed issues with sticky errors in fleetd-chrome after querying privacy_preferences table.
|
||||
- Fixed a bug where Munki issues section was incorrectly displayed.
|
||||
- Fixed OS compatibility calculation for certain queries.
|
||||
- Fixed a bug where capital characters would not match labels containing them.
|
||||
- Fixed bug in manage hosts UI where changing the dropdown filter did not clear OS settings filter.
|
||||
- Fixed a bug in `fleetctl` where `--context` and `--debug` flags were not allowed after certain commands.
|
||||
- Fixed a bug where the UUID for Windows updates profiles was missing the `"w"` prefix.
|
||||
- Fixed a UI bug on the controls page in team targeting forms.
|
||||
|
||||
## Fleet 4.43.3 (Jan 23, 2024)
|
||||
|
||||
### Bug fixes
|
||||
|
||||
@ -1 +0,0 @@
|
||||
On My device, Host details pages, and GET /api/v1/fleet/hosts/:id API endpoint, failing policies are now listed first.
|
||||
@ -1,7 +0,0 @@
|
||||
For macOS hosts, fleetd now stores and retrieves enroll secret from macOS keychain. This feature is enabled for non-MDM flow. The MDM profile flow will be supported in a future release.
|
||||
- this feature must use the official signed and notarized version of fleetd
|
||||
- for contributors, this feature can disabled with either:
|
||||
- fleetctl package flag: --disable-keystore
|
||||
- fleetd runtime flag: --disable-keystore
|
||||
|
||||
For Windows hosts, fleetd now stores and retrieves enroll secret from Windows Credential Manager.
|
||||
@ -1 +0,0 @@
|
||||
* privacy_preferences table for chrome surfaces column errors
|
||||
@ -1 +0,0 @@
|
||||
- Improved MDM migration puppet module to reduce runs failing because of unexpected API responses.
|
||||
@ -1 +0,0 @@
|
||||
- Clearer CTA for Observer+
|
||||
@ -1 +0,0 @@
|
||||
- Updated UI with ability to target MDM profiles by label.
|
||||
@ -1 +0,0 @@
|
||||
* Added the profile's `labels` object to the response payload of `GET /mdm/profiles` (list configuration profiles) and `GET /mdm/profiles/{profile_uuid}` (get a configuration profile).
|
||||
@ -1 +0,0 @@
|
||||
- osquery-perf Windows 11 agents now return expected `os_version` detail query responses
|
||||
@ -1 +0,0 @@
|
||||
* Added support for label-based MDM profiles reconciliation.
|
||||
@ -1 +0,0 @@
|
||||
- Adds ability for labeled profiles to be fetched for verification.
|
||||
@ -1 +0,0 @@
|
||||
* Update forms across the UI to have consistent styling
|
||||
@ -1,3 +0,0 @@
|
||||
New flow for `fleetctl package --type=msi` on macOS using arm64 processor (M1, M2, etc.)
|
||||
- wine must be installed locally. See ./orbit/tools/build/install-wine-macos.sh and https://wiki.winehq.org/MacOS for reference.
|
||||
- --local-wix-dir can be used to point to a local Wix3 installation (using this switch requires a current Fleet EE subscription)
|
||||
@ -1 +0,0 @@
|
||||
* Query reports feature now supports a custom `pack_delimiter` in the agent settings.
|
||||
@ -1,3 +0,0 @@
|
||||
Teams can configure their own host expiry setting. If global host expiry is enabled, teams cannot disable host expiry, but they can set a longer (or shorter) expiry time (in days).
|
||||
- Added `host_expiry_settings` to team spec, which can be used via fleetctl apply.
|
||||
- Added `host_expiry_settings` to PATH /fleet/teams/:id endpoint.
|
||||
@ -1 +0,0 @@
|
||||
* Added Windows scripts to unenroll MDM and remove fleetd.
|
||||
@ -1,2 +0,0 @@
|
||||
* Update the Host > Queries > Report updated column's empty state to reflect its including live as
|
||||
well as scheduled query runs.
|
||||
@ -1,2 +0,0 @@
|
||||
* Added "No report" text when query results for a host are not being saved in Fleet but are being
|
||||
sent to a configured log destination.
|
||||
@ -1 +0,0 @@
|
||||
- Fleet UI: Clicking an active nav link will reset to the default page navigation
|
||||
@ -1 +0,0 @@
|
||||
Improved UX for globally enabling/disabling SSO
|
||||
@ -1 +0,0 @@
|
||||
- Fix a bug where capital characters would not match labels containing them
|
||||
@ -1 +0,0 @@
|
||||
- Clearer browser page titles
|
||||
@ -1,2 +0,0 @@
|
||||
- fixed issue where the incorrect `resolved_in_version` for a vulnerability was sometimes reported
|
||||
when there were multiple product matches with different version ranges
|
||||
@ -1 +0,0 @@
|
||||
* Added database migration to record the user that requests a script execution and to create the `host_activities` table to associate activities to specific hosts.
|
||||
@ -1,2 +0,0 @@
|
||||
- Added "Run script" action to host details page, which relocates functionality from the "Scripts"
|
||||
tab into a new modal UI.
|
||||
@ -1 +0,0 @@
|
||||
* Created the "script ran" activity linked to its host so the script executions can be listed per host.
|
||||
@ -1 +0,0 @@
|
||||
* Implement the UI for the new team-level host expiry setting feature.
|
||||
@ -1 +0,0 @@
|
||||
Fix policy Jira/Zendesk integration.
|
||||
@ -1 +0,0 @@
|
||||
- New consistent header styling across the app
|
||||
@ -1 +0,0 @@
|
||||
- Ability to run a live query on an edited existing query before saving
|
||||
@ -1 +0,0 @@
|
||||
* Remove ineffective rate-limiting from `/api/fleet/orbit/ping` and `/api/fleet/device/ping` endpoints.
|
||||
@ -1 +0,0 @@
|
||||
* Fixed a bug that would cause MDM SSO to fail with certain valid configurations.
|
||||
@ -1,3 +0,0 @@
|
||||
osquery flag validation has been updated for osquery 5.11
|
||||
- new flags have been added to validation
|
||||
- `table_exceptions` flag has been replaced with `ignore_table_exceptions`
|
||||
@ -1 +0,0 @@
|
||||
- Fixed bug in manage hosts UI where changing the dropdown filter did not clear OS settings filter.
|
||||
@ -1,2 +0,0 @@
|
||||
- Adds a new endpoint `GET /api/v1/fleet/mdm/manual_enrollment_profile` that returns the Apple MDM manual
|
||||
enrollment profile for the organization.
|
||||
@ -1 +0,0 @@
|
||||
Fixed unreleased fleetd-chrome bug with sticky errors showing up after querying privacy_preferences table.
|
||||
@ -1 +0,0 @@
|
||||
* Fix queries that report MDM enrollment status in Windows.
|
||||
@ -1 +0,0 @@
|
||||
- Fixes a UI bug where the pointer cursor wouldn't show up over the entire "Choose file" button.
|
||||
@ -1,2 +0,0 @@
|
||||
- Fixes a bug where the UUID for Windows updates profiles is missing the `"w"` prefix used to denote
|
||||
Windows MDM profiles.
|
||||
@ -1 +0,0 @@
|
||||
Fixed Windows OS false negative when a remediation applies to multiple OS builds.
|
||||
@ -1 +0,0 @@
|
||||
- Platform compatibility checker hides deprecated osquery tables from being checked
|
||||
@ -1,3 +0,0 @@
|
||||
- Fleet now detects operating system vulnerabilities for macOS (via National Vulnerabilities Database) and Windows (via the
|
||||
Microsoft Security Resource Center). We are extending the `os_versions` API to include
|
||||
vulnerabilities, as well as a new OS tab on the Software page.
|
||||
@ -1 +0,0 @@
|
||||
When writing to logging destination fails, fleet server now issues a 4xx error instead of 500.
|
||||
@ -1 +0,0 @@
|
||||
Release fleetctl for macOS as a universal binary (native support for both amd64 and arm64 architectures).
|
||||
@ -1 +0,0 @@
|
||||
* Allow to configure custom `configuration_web_url` values in DEP profile
|
||||
@ -1 +0,0 @@
|
||||
- fix UI bug for side navigation content headers
|
||||
@ -1 +0,0 @@
|
||||
- add UI for host details activity card
|
||||
@ -1 +0,0 @@
|
||||
- removes the premium tier check for scripts feature on the controls page.
|
||||
@ -1,2 +0,0 @@
|
||||
- fix UI bug on controls page where the target forms were not rendering correctly when switching
|
||||
teams
|
||||
@ -1 +0,0 @@
|
||||
- fix alignement of the icon and text on the premium message
|
||||
@ -1,2 +0,0 @@
|
||||
- Adds 2 new scripts related endpoints (`/hosts/:id/activity` and `/hosts/:id/activity/upcoming`) as
|
||||
well as validation and functionality changes for enqueuing scripts.
|
||||
@ -1 +0,0 @@
|
||||
* Updated Go to 1.21.6
|
||||
@ -8,7 +8,7 @@ version: v6.0.1
|
||||
home: https://github.com/fleetdm/fleet
|
||||
sources:
|
||||
- https://github.com/fleetdm/fleet.git
|
||||
appVersion: v4.43.3
|
||||
appVersion: v4.44.0
|
||||
dependencies:
|
||||
- name: mysql
|
||||
condition: mysql.enabled
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
# All settings related to how Fleet is deployed in Kubernetes
|
||||
hostName: fleet.localhost
|
||||
replicas: 3 # The number of Fleet instances to deploy
|
||||
imageTag: v4.43.3 # Version of Fleet to deploy
|
||||
imageTag: v4.44.0 # Version of Fleet to deploy
|
||||
podAnnotations: {} # Additional annotations to add to the Fleet pod
|
||||
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
|
||||
resources:
|
||||
|
||||
@ -56,7 +56,7 @@ variable "database_name" {
|
||||
|
||||
variable "fleet_image" {
|
||||
description = "the name of the container image to run"
|
||||
default = "fleetdm/fleet:v4.43.3"
|
||||
default = "fleetdm/fleet:v4.44.0"
|
||||
}
|
||||
|
||||
variable "software_inventory" {
|
||||
|
||||
@ -68,5 +68,5 @@ variable "redis_mem" {
|
||||
}
|
||||
|
||||
variable "image" {
|
||||
default = "fleet:v4.43.3"
|
||||
default = "fleet:v4.44.0"
|
||||
}
|
||||
|
||||
@ -206,7 +206,7 @@ resource "random_uuid" "jitprovisioner" {
|
||||
|
||||
# Use the local to make the trigger work.
|
||||
locals {
|
||||
fleet_tag = "v4.43.3"
|
||||
fleet_tag = "v4.44.0"
|
||||
}
|
||||
|
||||
resource "null_resource" "standard-query-library" {
|
||||
|
||||
@ -165,7 +165,7 @@ resource "helm_release" "main" {
|
||||
|
||||
set {
|
||||
name = "imageTag"
|
||||
value = "v4.43.3"
|
||||
value = "v4.44.0"
|
||||
}
|
||||
|
||||
set {
|
||||
|
||||
@ -13,7 +13,7 @@ variable "fleet_config" {
|
||||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.43.3")
|
||||
image = optional(string, "fleetdm/fleet:v4.44.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
||||
@ -74,7 +74,7 @@ variable "fleet_config" {
|
||||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.43.3")
|
||||
image = optional(string, "fleetdm/fleet:v4.44.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
||||
@ -17,7 +17,7 @@ provider "aws" {
|
||||
}
|
||||
|
||||
locals {
|
||||
fleet_image = "fleetdm/fleet:v4.43.3"
|
||||
fleet_image = "fleetdm/fleet:v4.44.0"
|
||||
domain_name = "example.com"
|
||||
}
|
||||
|
||||
|
||||
@ -165,7 +165,7 @@ variable "fleet_config" {
|
||||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.43.3")
|
||||
image = optional(string, "fleetdm/fleet:v4.44.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
||||
@ -215,7 +215,7 @@ variable "fleet_config" {
|
||||
type = object({
|
||||
mem = optional(number, 4096)
|
||||
cpu = optional(number, 512)
|
||||
image = optional(string, "fleetdm/fleet:v4.43.3")
|
||||
image = optional(string, "fleetdm/fleet:v4.44.0")
|
||||
family = optional(string, "fleet")
|
||||
sidecars = optional(list(any), [])
|
||||
depends_on = optional(list(any), [])
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "fleetctl",
|
||||
"version": "v4.43.3",
|
||||
"version": "v4.44.0",
|
||||
"description": "Installer for the fleetctl CLI tool",
|
||||
"bin": {
|
||||
"fleetctl": "./run.js"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user