Related to https://github.com/fleetdm/fleet/issues/8010 and https://github.com/fleetdm/fleet/issues/8013 this prevents a bug that happens when:
1. A team doesn't have a `config.features` key in the JSON stored in the table or `config` is `NULL`
2. The team is edited from the UI
All `config.features` will default to `false`, which can be a problem if your global settings are `true` for both (which is the default)
* Create zero-trust-attestation-with-fleet
* Added images
I made the following changes:
- added .md file extension
- added artwork for the article
* Image update
- updated thumbnail image
- moved position of zero touch diagram
* Added file extension
* Added revisions from Google doc
Incorporated revisions I had been discussing with Mo.
Co-authored-by: Mike Thomas <mthomas@fleetdm.com>
Co-authored-by: Chris McGillicuddy <108031970+chris-mcgillicuddy@users.noreply.github.com>
* create new components for query side panel
* add reusable icon component that uses svg for icons
* integrate with new osquery_fleet_schema.json data
* update UI to work with osquery_fleet_schema.json
* add remark-gfm to safely support direct urls in markdown
* move fleet ace into markdown component so we can render code with ace editor
* add testing for new query sidebar
* remove incomplete tests for query sidepanel
- Changed the "Use workflow from" instructions per advice from @zwinnerman-fleetdm
- Added note that "main" is not a valid image name and the commit hash must be used instead.
* Adding a new synchronization mechanism between fleet-desktop app and Orbit service. Improved windows service teardown to ensure that fleet-desktop does not get force killed without getting signaled. Improved windows process enumeration to avoid unnecessary delays during windows service start and windows service teardown. Updating windows service to reflect service teardown extra time due to synchronization.
related to #8031, this adds the following headers to HTML responses:
- Strict-Transport-Security: informs browsers that the site should only
be accessed using HTTPS, and that any future attempts to access it
using HTTP should automatically be converted to HTTPS.
- X-Frames-Options: disallows embedding the UI in other sites via
<frame>, <iframe>, <embed> or <object>, which can prevent attacks like
clickjacking.
- X-Content-Type-Options: prevents browsers from trying to guess the MIME
type which can cause browsers to transform non-executable content into
executable content.
- Referrer-Policy: prevents leaking the origin of the referrer in the
Referer.
additionally, this ensures we set `X-Content-Type-Options` for CSV and
installer responses.
this modifies the migration order CI check to only check for added files
by:
1. Escaping the blob we give to git, so bash doesn't perform expansion,
this lets git handle the blob matching, which for reasons I don't
fully understand allows to find file renames.
2. Applying `--diff-filter=A`, which makes git only list file additions.
Related to #6142, this adds a CI check for the order of migrations.
As I noted in a comment on the workflow file, it's important to keep in mind that some migrations might still go unnoticed even with this check, example:
1. PR1 adds a migration, CI check pass
2. PR2 adds a migration, CI pass, gets merged
3. PR1 can still be merged because the CI checks aren't run again
The check will fail in `main` however, so if we find the current script to be reliable, we could setup a Slack ping or something similar, to make sure somebody takes a look
