mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 00:45:19 +00:00
Prepare for 4.22 (#8253)
This commit is contained in:
Noah Talerman
GitHub
parent
3953a1f4dd
commit
90f5fbb63a
70
CHANGELOG.md
70
CHANGELOG.md
@ -1,3 +1,73 @@
|
||||
## Fleet 4.22.0 (Oct 20, 2022)
|
||||
|
||||
* Added usage statistics for the weekly count of aggregate policy violation days. One policy violation day is counted for each policy that a host is failing, measured as of the time the count increments. The count increments once per 24-hour interval and resets each week.
|
||||
|
||||
* Fleet Premium: Add ability to see how many and which hosts have low disk space (less than 32GB available) on the **Home** page.
|
||||
|
||||
* Fleet Premium: Add ability to see how many and which hosts are missing (offline for at least 30 days) on the **Home** page.
|
||||
|
||||
* Improved the query console by indicating which columns are required in the WHERE clause, indicated which columns are platform-specific, and adding example queries for almost all osquery tables in the right sidebar. These improvements are also live on [fleetdm.com/tables](https://fleetdm.com/tables)
|
||||
|
||||
* Added a new display name for hosts in the Fleet UI. To determine the display name, Fleet uses the `computer_name` column in the [`system_info` table](https://fleetdm.com/tables/system_info). If `computer_name` isn't present, the `hostname` is used instead.
|
||||
|
||||
* Added functionality to consider device tokens as expired after one hour. This change is not compatible with older versions of Fleet Desktop. We recommend to manually update Orbit and Fleet Desktop to > v1.0.0 in addition to upgrading the server if:
|
||||
* You're managing your own TUF server.
|
||||
* You have auto-updates disabled (`fleetctl package [...] --disable-updates`)
|
||||
* You have channels pinned to an older version (`fleetctl package [...] --orbit-channel 1.0.0 --desktop-channel 1.1.0`).
|
||||
|
||||
* Added security headers to HTML, CSV, and installer responses.
|
||||
|
||||
* Added validation of the `command_line_flags` object in the Agent Options section of Organization Settings and Team Settings.
|
||||
|
||||
* Added logic to clean up irrelevant policies for a host on re-enrollment (e.g., if a host changes its OS from linux to macOS or it changes teams).
|
||||
|
||||
* Added the `inherited_policies` array to the `GET /teams/{team_id}/policies` endpoint that lists the global policies inherited by the team, along with the pass/fail counts for the hosts on that team.
|
||||
|
||||
* Added a new UI state for when results are coming in from a live query or policy query.
|
||||
|
||||
* Added better team name suggestions to the Create teams modal.
|
||||
|
||||
* Clarified last seen time and last fetched time in the Fleet UI.
|
||||
|
||||
* Translated technical error messages returned by Agent options validation to be more user-friendly.
|
||||
|
||||
* Renamed machine serial to serial number and IPv4 properly to private IP address.
|
||||
|
||||
* Fleet Premium: Updated Fleet Desktop to use the `/device/{token}/desktop` API route to display the number of failing policies.
|
||||
|
||||
* Made host details software tables more responsive by adding links to software details.
|
||||
|
||||
* Fixed a bug in which a user would not be rerouted to the Home page if already logged in.
|
||||
|
||||
* Fixed a bug in which clicking the select all checkbox did not select all in some cases.
|
||||
|
||||
* Fixed a bug introduced in 4.21.0 where a Windows-specific query was being sent to non-Windows hosts, causing an error in query ingestion for `directIngestOSWindows`.
|
||||
|
||||
* Fixed a bug in which uninstalled software (DEB packages) appeared in Fleet.
|
||||
|
||||
* Fixed a bug in which a team that didn't have `config.features` settings was edited via the UI, then both `features.enable_host_users` and `features.enable_software_inventory` would be false instead of the global default.
|
||||
|
||||
* Fixed a bug that resulted in false negatives for vulnerable versions of Zoom, Google Chrome, Adobe Photoshop, Node.js, Visual Studio Code, Adobe Media Encoder, VirtualBox, Adobe Premiere Pro, Pip, and Firefox software.
|
||||
|
||||
* Fixed bug that caused duplicated vulnerabilities to be sent to third-party integrations.
|
||||
|
||||
* Fixed panic in `ingestKubequeryInfo` query ingestion.
|
||||
|
||||
* Fixed a bug in which `host_count` and `user_count` returned as `0` in the `teams/{id}` endpoint.
|
||||
|
||||
* Fixed a bug in which tooltips for Munki issue would be cut off at the edge of the browser window.
|
||||
|
||||
* Fixed a bug in which tooltips for Munki issue would be cut off at the edge of the browser window.
|
||||
|
||||
* Fixed a bug in which running `fleetctl apply` with the `--dry-run` flag would fail in some cases.
|
||||
|
||||
* Fixed a bug in which **Hosts** table displayed 20 hosts per page.
|
||||
|
||||
* Fixed a server panic that occured when a team was edited via YAML without an `agent_options` key.
|
||||
|
||||
* Fixed an bug where Pop!\_OS hosts were not being included in the linux hosts count on the hosts dashboard page.
|
||||
|
||||
|
||||
## Fleet 4.21.0 (Sep 28, 2022)
|
||||
|
||||
* Fleet Premium: Added the ability to know how many hosts and which hosts, on a team, are failing a global policy.
|
||||
|
||||
@ -1 +0,0 @@
|
||||
* Added server-side validation of user emails
|
||||
@ -1,5 +0,0 @@
|
||||
- Added functionality to consider device tokens as expired after one hour.
|
||||
This change is not compatible with older versions of Fleet Desktop, we recommend to manually update Orbit and Fleet Desktop to > v1.0.0 in addition to upgrading the server if:
|
||||
- You're managing your own TUF server.
|
||||
- Or have auto-updates disabled (`fleetctl package [...] --disable-updates`)
|
||||
- Or have channels pinned to an older version (`fleetctl package [...] --orbit-channel 1.0.0 --desktop-channel 1.1.0`)
|
||||
@ -1 +0,0 @@
|
||||
* Add value `missing` to parameter `status` from endpoint `hosts`.
|
||||
@ -1 +0,0 @@
|
||||
- Added security headers to HTML, CSV and installer responses.
|
||||
@ -1 +0,0 @@
|
||||
- Fixed panic in `ingestKubequeryInfo` query ingestion.
|
||||
@ -1 +0,0 @@
|
||||
* Fix host_count and user_count being always returned as `0` in `teams/{id}` endpoint.
|
||||
@ -1 +0,0 @@
|
||||
* Only ingest DEB packages with the proper status.
|
||||
@ -1 +0,0 @@
|
||||
* return http status 400 if json decoding fails.
|
||||
@ -1 +0,0 @@
|
||||
- When the NVD CVE feed cannot be synced, Fleet should use feeds from the last sync.
|
||||
@ -1 +0,0 @@
|
||||
* UI allows for global or team agent options to be empty and save object properties to null
|
||||
@ -1 +0,0 @@
|
||||
* Truncated cell default browser tooltip hidden and fleet tooltip responsive sized to fit on screen
|
||||
@ -1 +0,0 @@
|
||||
* Fix host table to default to 100 hosts per page
|
||||
@ -1 +0,0 @@
|
||||
- Fixed host filters by mdm enrollment status
|
||||
@ -1,2 +0,0 @@
|
||||
- Fixed bug introduced in 4.21.0 where Windows-specific query was being sent to non-Windows hosts
|
||||
causing an error in query ingestion for `directIngestOSWindows`.
|
||||
@ -1 +0,0 @@
|
||||
* Fixed a bug when running `fleetctl apply` with the `--dry-run` flag, it could fail with an obscure "invalid JSON" error due to the way the internal caching was done.
|
||||
@ -1,11 +0,0 @@
|
||||
- Changed the way we performed searches when mapping software to CPEs, by first sanitizing the vendor
|
||||
and product name, and then searching for (in this order):
|
||||
|
||||
* The vendor and product.
|
||||
* The product name only.
|
||||
* Free text search on the 'title' property.
|
||||
|
||||
- When performing vulnerability detection using the NVD database, we now exclude software from the
|
||||
'rpm' and 'deb' sources (we will be using OVAL for those).
|
||||
- Fixed bug that caused duplicated vulnerabilities to be sent to third party integrations.
|
||||
- Moved NVD vulnerability detection to its own directory.
|
||||
@ -1,2 +0,0 @@
|
||||
- Updated Fleet Desktop to use the new endpoint introduced in
|
||||
https://github.com/fleetdm/fleet/issues/7084
|
||||
@ -1,2 +0,0 @@
|
||||
* Add display_name to hosts, which is either the computer-name or the hostname.
|
||||
* Add display_name to lists, searches, integrations and web-hooks.
|
||||
@ -1 +0,0 @@
|
||||
* Add `missing_30_days_count` to `host_summary` response.
|
||||
@ -1 +0,0 @@
|
||||
- Fixed undetected missing migrations in the cases where the are also unknown migrations.
|
||||
@ -1 +0,0 @@
|
||||
* Return status code 408 at tcp read timeouts instead of 500
|
||||
@ -1 +0,0 @@
|
||||
- add new UI state when results are coming in from a live query or policy query
|
||||
@ -1,3 +0,0 @@
|
||||
- Added usage statistics for the weekly count of aggregate policy violation days. One policy
|
||||
violation day is counted for each policy that a host is failing, measured as of the time the
|
||||
count increments. The count increments once per 24-hour interval and resets each week.
|
||||
@ -1 +0,0 @@
|
||||
* Rename machine serial to serial number and IPv4 properly to private IP address
|
||||
@ -1 +0,0 @@
|
||||
- add new query sidebar with updated and improved docs
|
||||
@ -1 +0,0 @@
|
||||
* App UI uses new display_name key to reference hosts
|
||||
@ -1 +0,0 @@
|
||||
* Clarify last seen time and last fetched time in Fleet UI
|
||||
@ -1 +0,0 @@
|
||||
* Added validation of the `command_line_flags` object in the Agent Options section of Organization Settins and Team Settings.
|
||||
@ -1 +0,0 @@
|
||||
* Fixed a server panic happening when a team was edited via yaml without an `agent_options` key.
|
||||
@ -1 +0,0 @@
|
||||
* Create teams modal has better team name suggestions
|
||||
@ -1,2 +0,0 @@
|
||||
* Premium users can see missing hosts and low disk space hosts on the homepage
|
||||
* Premium users can filter hosts by missing hosts and low disk space hosts on the manage host page
|
||||
@ -1 +0,0 @@
|
||||
* Host details software table links to software details, better responsive UI for software table
|
||||
@ -1 +0,0 @@
|
||||
* Added logic to clean up irrelevant policies for a host on re-enrollment, for example: if a host changes its OS from linux to macOS or it changes teams.
|
||||
@ -1,2 +0,0 @@
|
||||
- Added ingestion of `ReleaseId` from Windows registry (which will be used to populate `host.os_version`
|
||||
in the case that `DisplayVersion` is empty)
|
||||
@ -1 +0,0 @@
|
||||
* Manage host page filters status as a query param instead of a route param
|
||||
@ -1 +0,0 @@
|
||||
* Translated technical error messages returned by Organization's and Team's validations to be more user-friendly.
|
||||
@ -1 +0,0 @@
|
||||
* Changed saving of enroll secrets so that the `created_at` timestamp of existing ones are maintained.
|
||||
@ -1 +0,0 @@
|
||||
* Added the `inherited_policies` array to the `GET /teams/{team_id}/policies` endpoint that lists the global policies inherited by the team, along with the pass/fail counts only for hosts that belong to that team.
|
||||
@ -1 +0,0 @@
|
||||
* Permissions documentation includes initiating and retreiving file carving
|
||||
@ -1 +0,0 @@
|
||||
* Add delay to compatibility tooltip that is covering UI action checkbox
|
||||
@ -1 +0,0 @@
|
||||
* Login route reroutes to dashboard if already logged in
|
||||
@ -1 +0,0 @@
|
||||
- fixes 500 error issue on details/:token page when host has software.
|
||||
@ -1 +0,0 @@
|
||||
- updates label filter chevron icon to match the icon on the status filter dropdown
|
||||
@ -1 +0,0 @@
|
||||
* Clicking the select all checkbox will select all, unless all are selected it will deselect all
|
||||
@ -1 +0,0 @@
|
||||
* Padding between multiple enroll secrets
|
||||
@ -1,2 +0,0 @@
|
||||
* Fixed an issue where a host was enrolled with orbit, but was being omitted when listing hosts and ordering by display name
|
||||
* Fixed an issue where popos hosts were not being includes in the linux hosts count on the hosts dashboard page.
|
||||
@ -1 +0,0 @@
|
||||
* Fixed a bug where if a team didn't have a `config.features` settings and was edited via the UI, the both `features.enable_host_users` and `features.enable_software_inventory` would be `false` instad of the global default.
|
||||
@ -4,9 +4,9 @@ name: fleet
|
||||
keywords:
|
||||
- fleet
|
||||
- osquery
|
||||
version: v4.21.0
|
||||
version: v4.22.0
|
||||
home: https://github.com/fleetdm/fleet
|
||||
sources:
|
||||
- https://github.com/fleetdm/fleet.git
|
||||
appVersion: v4.21.0
|
||||
appVersion: v4.22.0
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
# All settings related to how Fleet is deployed in Kubernetes
|
||||
hostName: fleet.localhost
|
||||
replicas: 3 # The number of Fleet instances to deploy
|
||||
imageTag: v4.21.0 # Version of Fleet to deploy
|
||||
imageTag: v4.22.0 # Version of Fleet to deploy
|
||||
createIngress: true # Whether or not to automatically create an Ingress
|
||||
ingressAnnotations: {} # Additional annotation to add to the Ingress
|
||||
podAnnotations: {} # Additional annotations to add to the Fleet pod
|
||||
|
||||
@ -264,7 +264,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: fleet
|
||||
image: fleetdm/fleet:4.21.0
|
||||
image: fleetdm/fleet:4.22.0
|
||||
env:
|
||||
# if running Fleet behind external ingress controller that terminates TLS
|
||||
- name: FLEET_SERVER_TLS
|
||||
|
||||
@ -56,7 +56,7 @@ variable "database_name" {
|
||||
|
||||
variable "fleet_image" {
|
||||
description = "the name of the container image to run"
|
||||
default = "fleetdm/fleet:v4.21.0"
|
||||
default = "fleetdm/fleet:v4.22.0"
|
||||
}
|
||||
|
||||
variable "software_inventory" {
|
||||
|
||||
@ -68,5 +68,5 @@ variable "redis_mem" {
|
||||
}
|
||||
|
||||
variable "image" {
|
||||
default = "fleet:v4.21.0"
|
||||
default = "fleet:v4.22.0"
|
||||
}
|
||||
|
||||
@ -157,7 +157,7 @@ resource "helm_release" "main" {
|
||||
|
||||
set {
|
||||
name = "imageTag"
|
||||
value = "v4.21.0"
|
||||
value = "v4.22.0"
|
||||
}
|
||||
|
||||
set {
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "fleetctl",
|
||||
"version": "v4.21.0",
|
||||
"version": "v4.22.0",
|
||||
"description": "Installer for the fleetctl CLI tool",
|
||||
"bin": {
|
||||
"fleetctl": "./run.js"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user