mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
e981b7be84
187 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Sarah Gillespie
|
b660715e56
|
Add database migrations to support software titles feature (#15401)
Issue #15222 |
||
Jahziel Villasana-Espinoza
|
5131879292
|
feat: remove file if it exists before creating new one (#15186)
# Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality |
||
Victor Lyuboslavsky
|
eada583ff1
|
Updating CPE generator to use new NVD API. (#15018)
Loom explaining changes (hit 5 min limit):
https://www.loom.com/share/e59b63bf638e4d9cad7984ef589b878d?sid=111fff75-115a-4a44-ae4f-6f25fede0d51
#14887
- [x] Need to merge fleetdm/nvd PR
https://github.com/fleetdm/nvd/pull/25 before this one.
# Checklist for submitter
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- Manually tested (with corresponding fleetdm/fleet changes) in my
personal fork: https://github.com/getvictor/nvd/releases
# QA Plan (must be done before merging this PR, and after merging the
nvd PR)
- [ ] Fork https://github.com/fleetdm/nvd and point `generate.yml` to
this branch.
[example](
|
||
Lucas Manuel Rodriguez
|
4cf682d78f
|
Downgrade osquery-go due to panics in Shutdown and add more logging (#15017)
#15022 The issue in the package is being fixed here https://github.com/osquery/osquery-go/pull/117 But to not block on that we will downgrade the osquery-go version we use. - ~[ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information.~ - ~[ ] Documented any permissions changes (docs/Using Fleet/manage-access.md)~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - ~[ ] Added/updated tests~ - [ ] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
dependabot[bot]
|
fa566dbf96
|
Bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.40.0 to 0.44.0 (#14588)
Bumps [go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.40.0 to 0.44.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go-contrib/releases">go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux's releases</a>.</em></p> <blockquote> <h2>Release v1.20.0/v0.45.0/v0.14.0</h2> <h3>Added</h3> <ul> <li>Set the description for the <code>rpc.server.duration</code> metric in <code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4302">#4302</a>)</li> <li>Add <code>NewServerHandler</code> and <code>NewClientHandler</code> that return a <code>grpc.StatsHandler</code> used for gRPC instrumentation in <code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/3002">#3002</a>)</li> <li>Add new Prometheus bridge module in <code>go.opentelemetry.io/contrib/bridges/prometheus</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4227">#4227</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade dependencies of OpenTelemetry Go to use the new <a href="https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0"><code>v1.19.0</code>/<code>v0.42.0</code>/<code>v0.0.7</code> release</a>.</li> <li>Use <code>grpc.StatsHandler</code> for gRPC instrumentation in <code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/example</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4325">#4325</a>)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/puckpuck"><code>@puckpuck</code></a> made their first contribution in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/4302">open-telemetry/opentelemetry-go-contrib#4302</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/open-telemetry/opentelemetry-go-contrib/compare/v1.19.0...v1.20.0">https://github.com/open-telemetry/opentelemetry-go-contrib/compare/v1.19.0...v1.20.0</a></p> <h2>Release v1.19.0/v0.44.0/v0.13.0</h2> <h3>Added</h3> <ul> <li>Add <code>gcp.gce.instance.name</code> and <code>gcp.gce.instance.hostname</code> resource attributes to <code>go.opentelemetry.io/contrib/detectors/gcp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4263">#4263</a>)</li> </ul> <h3>Changed</h3> <ul> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/detectors/aws/ec2</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/detectors/aws/ecs</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/detectors/aws/eks</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/detectors/aws/lambda</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-lambda-go/otellambda</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>) <ul> <li>The <code>faas.execution</code> attribute is now <code>faas.invocation_id</code>.</li> <li>The <code>faas.id</code> attribute is now <code>aws.lambda.invoked_arn</code>.</li> </ul> </li> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-sdk-go-v2/otelaws</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li> <li>The <code>http.request.method</code> attribute will only allow known HTTP methods from the metrics generated by <code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4277">#4277</a>)</li> </ul> <h3>Removed</h3> <ul> <li>The high cardinality attributes <code>net.sock.peer.addr</code>, <code>net.sock.peer.port</code>, <code>http.user_agent</code>, <code>enduser.id</code>, and <code>http.client_ip</code> were removed from the metrics generated by <code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4277">#4277</a>)</li> <li>The deprecated <code>go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego</code> module is removed. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li> <li>The deprecated <code>go.opentelemetry.io/contrib/instrumentation/github.com/go-kit/kit/otelkit</code> module is removed. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li> <li>The deprecated <code>go.opentelemetry.io/contrib/instrumentation/github.com/Shopify/sarama/otelsarama</code> module is removed. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li> <li>The deprecated <code>go.opentelemetry.io/contrib/instrumentation/github.com/bradfitz/gomemcache/memcache/otelmemcache</code> module is removed. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li> <li>The deprecated <code>go.opentelemetry.io/contrib/instrumentation/github.com/gocql/gocql/otelgocql</code> module is removed. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/utsushiiro"><code>@utsushiiro</code></a> made their first contribution in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/4260">open-telemetry/opentelemetry-go-contrib#4260</a></li> <li><a href="https://github.com/RangelReale"><code>@RangelReale</code></a> made their first contribution in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/4230">open-telemetry/opentelemetry-go-contrib#4230</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/open-telemetry/opentelemetry-go-contrib/compare/v1.18.0...v1.19.0">https://github.com/open-telemetry/opentelemetry-go-contrib/compare/v1.18.0...v1.19.0</a></p> <h2>Release v1.18.0/v0.43.0/v0.12.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md">go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux's changelog</a>.</em></p> <blockquote> <h2>[1.19.0/0.44.0/0.13.0] - 2023-09-12</h2> <h3>Added</h3> <ul> <li>Add <code>gcp.gce.instance.name</code> and <code>gcp.gce.instance.hostname</code> resource attributes to <code>go.opentelemetry.io/contrib/detectors/gcp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4263">#4263</a>)</li> </ul> <h3>Changed</h3> <ul> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/detectors/aws/ec2</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/detectors/aws/ecs</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/detectors/aws/eks</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/detectors/aws/lambda</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-lambda-go/otellambda</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>) <ul> <li>The <code>faas.execution</code> attribute is now <code>faas.invocation_id</code>.</li> <li>The <code>faas.id</code> attribute is now <code>aws.lambda.invoked_arn</code>.</li> </ul> </li> <li>The semantic conventions used by <code>go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-sdk-go-v2/otelaws</code> have been upgraded to v1.21.0. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li> <li>The <code>http.request.method</code> attribute will only allow known HTTP methods from the metrics generated by <code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4277">#4277</a>)</li> </ul> <h3>Removed</h3> <ul> <li>The high cardinality attributes <code>net.sock.peer.addr</code>, <code>net.sock.peer.port</code>, <code>http.user_agent</code>, <code>enduser.id</code>, and <code>http.client_ip</code> were removed from the metrics generated by <code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4277">#4277</a>)</li> <li>The deprecated <code>go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego</code> module is removed. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li> <li>The deprecated <code>go.opentelemetry.io/contrib/instrumentation/github.com/go-kit/kit/otelkit</code> module is removed. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li> <li>The deprecated <code>go.opentelemetry.io/contrib/instrumentation/github.com/Shopify/sarama/otelsarama</code> module is removed. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li> <li>The deprecated <code>go.opentelemetry.io/contrib/instrumentation/github.com/bradfitz/gomemcache/memcache/otelmemcache</code> module is removed. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li> <li>The deprecated <code>go.opentelemetry.io/contrib/instrumentation/github.com/gocql/gocql/otelgocql</code> module is removed. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li> </ul> <h2>[1.18.0/0.43.0/0.12.0] - 2023-08-28</h2> <h3>Added</h3> <ul> <li>Add <code>NewMiddleware</code> function in <code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/2964">#2964</a>)</li> <li>The <code>go.opentelemetry.io/contrib/exporters/autoexport</code> package to provide configuration of trace exporters with useful defaults and environment variable support. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/2753">#2753</a>, <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4100">#4100</a>, <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4130">#4130</a>, <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4132">#4132</a>, <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4134">#4134</a>)</li> <li><code>WithRouteTag</code> in <code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code> adds HTTP route attribute to metrics. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/615">#615</a>)</li> <li>Add <code>WithSpanOptions</code> option in <code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/3768">#3768</a>)</li> <li>Add testing support for Go 1.21. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4233">#4233</a>)</li> <li>Add <code>WithFilter</code> option to <code>go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4230">#4230</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Change interceptors in <code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code> to disable <code>SENT</code>/<code>RECEIVED</code> events. Use <code>WithMessageEvents()</code> to turn back on. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/3964">#3964</a>)</li> </ul> <h3>Changed</h3> <ul> <li><code>go.opentelemetry.io/contrib/detectors/gcp</code>: Detect <code>faas.instance</code> instead of <code>faas.id</code>, since <code>faas.id</code> is being removed. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4198">#4198</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>AWS XRay Remote Sampling to cap <code>quotaBalance</code> to 1x quota in <code>go.opentelemetry.io/contrib/samplers/aws/xray</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/3651">#3651</a>, <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/3652">#3652</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Martin Angers
|
f42f4d48af
|
Implement the database migrations for the Windows profiles story. (#14973) | ||
George Karr
|
51772873bc
|
Update to latest gon with notarytool until we find a better solution (#14918)
Co-authored-by: Roberto Dip <dip.jesusr@gmail.com> |
||
|
George Karr
|
970854e078
|
Switching systray dependency to one without glibc requirements (#14197) | ||
Sharon Katz
|
ab7717009e
|
Add Kolide osquery tables | ||
|
dependabot[bot]
|
8659155c98
|
Bump github.com/docker/docker from 23.0.4+incompatible to 24.0.7+incompatible (#14795)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.4+incompatible to 24.0.7+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v24.0.7</h2> <h2>24.0.7</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.7">docker/cli, 24.0.7 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.7">moby/moby, 24.0.7 milestone</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Write overlay2 layer metadata atomically. <a href="https://redirect.github.com/moby/moby/pull/46703">moby/moby#46703</a></li> <li>Fix "Rootful-in-Rootless" Docker-in-Docker on systemd version 250 and later. <a href="https://redirect.github.com/moby/moby/pull/46626">moby/moby#46626</a></li> <li>Fix <code>dockerd-rootless-setuptools.sh</code> when username contains a backslash. <a href="https://redirect.github.com/moby/moby/pull/46407">moby/moby#46407</a></li> <li>Fix a bug that would prevent network sandboxes to be fully deleted when stopping containers with no network attachments and when <code>dockerd --bridge=none</code> is used. <a href="https://redirect.github.com/moby/moby/pull/46702">moby/moby#46702</a></li> <li>Fix a bug where cancelling an API request could interrupt container restart. <a href="https://redirect.github.com/moby/moby/pull/46697">moby/moby#46697</a></li> <li>Fix an issue where containers would fail to start when providing <code>--ip-range</code> with a range larger than the subnet. <a href="https://redirect.github.com/docker/for-mac/issues/6870">docker/for-mac#6870</a></li> <li>Fix data corruption with zstd output. <a href="https://redirect.github.com/moby/moby/pull/46709">moby/moby#46709</a></li> <li>Fix the conditions under which the container's MAC address is applied. <a href="https://redirect.github.com/moby/moby/pull/46478">moby/moby#46478</a></li> <li>Improve the performance of the stats collector. <a href="https://redirect.github.com/moby/moby/pull/46448">moby/moby#46448</a></li> <li>Fix an issue with source policy rules ending up in the wrong order. <a href="https://redirect.github.com/moby/moby/pull/46441">moby/moby#46441</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Add support for Fedora 39 and Ubuntu 23.10. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/940">docker/docker-ce-packaging#940</a>, <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/955">docker/docker-ce-packaging#955</a></li> <li>Fix <code>docker.socket</code> not getting disabled when uninstalling the <code>docker-ce</code> RPM package. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/852">docker/docker-ce-packaging#852</a></li> <li>Upgrade Go to <code>go1.20.10</code>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/951">docker/docker-ce-packaging#951</a></li> <li>Upgrade containerd to <code>v1.7.6</code> (static binaries only). <a href="https://redirect.github.com/moby/moby/pull/46103">moby/moby#46103</a></li> <li>Upgrade the <code>containerd.io</code> package to <a href="https://github.com/containerd/containerd/releases/tag/v1.6.24"><code>v1.6.24</code></a>.</li> </ul> <h3>Security</h3> <ul> <li>Deny containers access to <code>/sys/devices/virtual/powercap</code> by default. This change hardens against <a href="https://scout.docker.com/v/CVE-2020-8694">CVE-2020-8694</a>, <a href="https://scout.docker.com/v/CVE-2020-8695">CVE-2020-8695</a>, and <a href="https://scout.docker.com/v/CVE-2020-12912">CVE-2020-12912</a>, and an attack known as <a href="https://platypusattack.com/">the PLATYPUS attack</a>. For more details, see <a href="https://github.com/moby/moby/security/advisories/GHSA-jq35-85cj-fj4p">advisory</a>, <a href=" |
||
|
Lucas Manuel Rodriguez
|
512699614d
|
Update facebookincubator/nvdtools package to fix false positive (#14798)
#14543
Python's certifi package is ingested with the following version string:
`2023.7.22`.
The NVD dataset uses the following versioning: `2023.07.22`.
This PR updates the nvdtools package.
This is the fix in nvdtools that fixes this exact false positive:
|
||
Marcos Oviedo
|
f0d77ab3db
|
Merging Bitlocker feature branch (#14350)
This relates to #12577 --------- Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com> |
||
Roberto Dip
|
ea6b59f179
|
upgrade Go version to 1.21.1 (#13877)
For #13715, this: - Upgrades the Go version to `1.21.1`, infrastructure changes are addressed separately at https://github.com/fleetdm/fleet/pull/13878 - Upgrades the linter version, as the current version doesn't work well after the Go upgrade - Fixes new linting errors (we now get errors for memory aliasing in loops! 🎉 ) After this is merged people will need to: 1. Update their Go version. I use `gvm` and I did it like: ``` $ gvm install go1.21.1 $ gvm use go1.21.1 --default ``` 2. Update the local version of `golangci-lint`: ``` $ go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2 ``` 3. (optional) depending on your setup, you might need to re-install some packages, for example: ``` # goimports to automatically import libraries $ go install golang.org/x/tools/cmd/goimports@latest # gopls for the language server $ go install golang.org/x/tools/gopls@latest # etc... ``` |
||
|
Martin Angers
|
7b0a0fbe5e
|
DB migrations for saved scripts (#13765) | ||
|
gillespi314
|
37fb4b0dab
|
Add fleetctl run-script command (#13622)
|
||
|
gillespi314
|
e08bb000c9
|
Update nanomdm dependency (#12721)
Updates include: - Fix issues where `GetBootstrapToken` returned `500` instead of no data and no error per Apple MDM [documentation](https://developer.apple.com/documentation/devicemanagement/get_bootstrap_token) - Incorporate additional updates from the upstream nanomdm repo |
||
|
Roberto Dip
|
19a5ae6465
|
update macadmins/osquery-extension to v0.0.15 (#13371)
changelog for the version bump can be found here: https://github.com/macadmins/osquery-extension/releases/tag/v0.0.15 related to #13158 as this fixes a bug in the extension causing `profiles show --type enrollment` to be run almost every time we queried something from the `mdm` table. I couldn't find any new tables. Other than that, some dependencies were updated on their repo as well, most notably `osquery/osquery-go` |
||
|
Martin Angers
|
6f77911ffe
|
Fix performance regression found in load testing (#12981) | ||
|
gillespi314
|
410cbc3972
|
Add certificate management for Microsoft MDM (WSTEP) (#12543)
Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
|
dependabot[bot]
|
349149ef6a
|
Bump github.com/aws/aws-sdk-go from 1.43.16 to 1.44.288 (#12466)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.43.16 to 1.44.288. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws/aws-sdk-go/releases">github.com/aws/aws-sdk-go's releases</a>.</em></p> <blockquote> <h1>Release v1.44.288 (2023-06-22)</h1> <h3>Service Client Updates</h3> <ul> <li><code>service/chime-sdk-identity</code>: Updates service API and documentation</li> <li><code>service/chime-sdk-messaging</code>: Updates service API and documentation</li> <li><code>service/kendra</code>: Updates service API and documentation <ul> <li>Introducing Amazon Kendra Retrieve API that can be used to retrieve relevant passages or text excerpts given an input query.</li> </ul> </li> <li><code>service/states</code>: Updates service API and documentation <ul> <li>Adds support for Versions and Aliases. Adds 8 operations: PublishStateMachineVersion, DeleteStateMachineVersion, ListStateMachineVersions, CreateStateMachineAlias, DescribeStateMachineAlias, UpdateStateMachineAlias, DeleteStateMachineAlias, ListStateMachineAliases</li> </ul> </li> </ul> <h1>Release v1.44.287 (2023-06-21)</h1> <h3>Service Client Updates</h3> <ul> <li><code>service/dynamodb</code>: Updates service API, documentation, waiters, paginators, and examples <ul> <li>Documentation updates for DynamoDB</li> </ul> </li> <li><code>service/elasticmapreduce</code>: Updates service API, documentation, and paginators <ul> <li>This release introduces a new Amazon EMR EPI called ListSupportedInstanceTypes that returns a list of all instance types supported by a given EMR release.</li> </ul> </li> <li><code>service/inspector2</code>: Updates service API and documentation</li> <li><code>service/mediaconvert</code>: Updates service API and documentation <ul> <li>This release introduces the bandwidth reduction filter for the HEVC encoder, increases the limits of outputs per job, and updates support for the Nagra SDK to version 1.14.7.</li> </ul> </li> <li><code>service/mq</code>: Updates service API and documentation <ul> <li>The Cross Region Disaster Recovery feature allows to replicate a brokers state from one region to another in order to provide customers with multi-region resiliency in the event of a regional outage.</li> </ul> </li> <li><code>service/sagemaker</code>: Updates service API and documentation <ul> <li>This release provides support in SageMaker for output files in training jobs to be uploaded without compression and enable customer to deploy uncompressed model from S3 to real-time inference Endpoints. In addition, ml.trn1n.32xlarge is added to supported instance type list in training job.</li> </ul> </li> <li><code>service/transfer</code>: Updates service API and documentation <ul> <li>This release adds a new parameter StructuredLogDestinations to CreateServer, UpdateServer APIs.</li> </ul> </li> </ul> <h1>Release v1.44.286 (2023-06-20)</h1> <h3>Service Client Updates</h3> <ul> <li><code>service/appflow</code>: Updates service API and documentation</li> <li><code>service/config</code>: Updates service API</li> <li><code>service/ec2</code>: Updates service API and documentation <ul> <li>Adds support for targeting Dedicated Host allocations by assetIds in AWS Outposts</li> </ul> </li> <li><code>service/lambda</code>: Updates service API and documentation <ul> <li>This release adds RecursiveInvocationException to the Invoke API and InvokeWithResponseStream API.</li> </ul> </li> <li><code>service/redshift</code>: Updates service API, documentation, and paginators <ul> <li>Added support for custom domain names for Redshift Provisioned clusters. This feature enables customers to create a custom domain name and use ACM to generate fully secure connections to it.</li> </ul> </li> </ul> <h1>Release v1.44.285 (2023-06-19)</h1> <h3>Service Client Updates</h3> <ul> <li><code>service/cloudformation</code>: Updates service API and documentation <ul> <li>Specify desired CloudFormation behavior in the event of ChangeSet execution failure using the CreateChangeSet OnStackFailure parameter</li> </ul> </li> <li><code>service/ec2</code>: Updates service API, documentation, and examples <ul> <li>API changes to AWS Verified Access to include data from trust providers in logs</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
gillespi314
|
e2243d24bf
|
Insert "verified" to mdm_apple_delivery_status table (#12033)
|
||
|
Lucas Manuel Rodriguez
|
6de555a181
|
Update sockjs-go package to v3.0.2 (#11884)
In #10957, a customer attempted to run a live query on ~60k devices. We saw that Fleet receives all results from the devices, but stops sending them to the browser. We believe this _might_ be a deadlock (we couldn't confirm this because of lack of access to the Fleet instance itself). We haven't fully confirmed this to be the reason of the hang/missing-results, but it's worth updating because it [fixes a possible deadlock in the package](https://github.com/igm/sockjs-go/releases/tag/v3.0.2). The remaining changes are the result of running `go mod tidy`. - ~[ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information.~ - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - ~[ ] Added/updated tests~ - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~ |
||
Juan Fernandez
|
827c4a7c33
|
Feature 8058: Added resource.syso metadata file (#10783)
Addresses https://github.com/fleetdm/fleet/issues/8058, https://github.com/fleetdm/fleet/issues/11012 and https://github.com/fleetdm/fleet/issues/11013 This PR adds a new VERSIONINFO metadata file using the https://github.com/josephspurrier/goversioninfo library. |
||
Zach Wasserman
|
3f0111964f
|
Add macos_rsr table from macadmins extension (#11537)
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Roberto Dip <me@roperzh.com> Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> |
||
|
Martin Angers
|
b3993ebda4
|
Allow "not_before" timestamp for worker jobs, schedule more quickly (#11512) | ||
Zachary Winnerman
|
2ec19979c2
|
APM Improvements (#11103)
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
|
dependabot[bot]
|
23a2964eef
|
Bump github.com/docker/docker from 20.10.23+incompatible to 23.0.4+incompatible (#11259)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.23+incompatible to 23.0.4+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v23.0.4</h2> <h2>23.0.4</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/milestone/77?closed=1">docker/cli, 23.0.4 milestone</a></li> <li><a href="https://github.com/moby/moby/milestone/117?closed=1">moby/moby, 23.0.4 milestone</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Fix a performance regression in Docker CLI 23.0.0 <a href="https://redirect.github.com/docker/cli/pull/4141">docker/cli#4141</a>.</li> <li>Fix progress indicator on <code>docker cp</code> not functioning as intended <a href="https://redirect.github.com/docker/cli/pull/4157">docker/cli#4157</a>.</li> <li>Fix shell completion for <code>docker compose --file</code> <a href="https://redirect.github.com/docker/cli/pull/4177">docker/cli#4177</a>.</li> <li>Fix an error caused by incorrect handling of "default-address-pools" in <code>daemon.json</code> <a href="https://redirect.github.com/moby/moby/pull/45246">moby/moby#45246</a>.</li> </ul> <h3>Packaging Updates</h3> <ul> <li>Fix missing packages for CentOS 9 Stream.</li> <li>Upgrade Go to <code>1.19.8</code>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/878">docker/docker-ce-packaging#878</a>, <a href="https://redirect.github.com/docker/cli/pull/4164">docker/cli#4164</a>, <a href="https://redirect.github.com/moby/moby/pull/45277">moby/moby#45277</a>, which contains fixes for <a href="https://github.com/advisories/GHSA-fp86-2355-v99r">CVE-2023-24537</a>, <a href="https://github.com/advisories/GHSA-v4m2-x4rp-hv22">CVE-2023-24538</a>, <a href="https://github.com/advisories/GHSA-8v5j-pwr7-w5f8">CVE-2023-24534</a>, and <a href="https://github.com/advisories/GHSA-9f7g-gqwh-jpf5">CVE-2023-24536</a></li> </ul> <h2>v23.0.3</h2> <h2>23.0.3</h2> <blockquote> <p><strong>Note</strong></p> <p>Due to an issue with CentOS 9 Stream's package repositories, packages for CentOS 9 are currently unavailable. Packages for CentOS 9 may be added later, or as part of the next (23.0.4) patch release.</p> </blockquote> <h3>Bug fixes and enhancements</h3> <ul> <li>Fixed a number of issues that can cause Swarm encrypted overlay networks to fail to uphold their guarantees, addressing <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841">CVE-2023-28841</a>, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840">CVE-2023-28840</a>, and <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842">CVE-2023-28842</a>. <ul> <li>A lack of kernel support for encrypted overlay networks now reports as an error.</li> <li>Encrypted overlay networks are eagerly set up, rather than waiting for multiple nodes to attach.</li> <li>Encrypted overlay networks are now usable on Red Hat Enterprise Linux 9 through the use of the <code>xt_bpf</code> kernel module.</li> <li>Users of Swarm overlay networks should review <a href="https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw">GHSA-vwm3-crmr-xfxw</a> to ensure that unintentional exposure has not occurred.</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Zachary Winnerman
|
b43aa3a911
|
Upgtade opentelemetry dependancies (#10950)
``` go get -u go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux go.opentelemetry.io/otel go.opentelemetry.io/otel/exporters/otlp/otlptrace go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc go.opentelemetry.io/otel/sdk; go mod tidy ``` # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
|
Zach Wasserman
|
9246a2e61a
|
Downgrade Docker client version (#10570)
A recent dependabot PR (#9792) upgraded the Docker library, resulting in errors running some tests: ``` FLEET_VERSION_A=v4.28.0 FLEET_VERSION_B=main go test ./test/upgrade *[main] go: downloading github.com/stretchr/testify v1.8.2 --- FAIL: TestUpgradeAToB (34.73s) fleet_test.go:71: start fleet: Error response from daemon: client version 1.42 is too new. Maximum supported API version is 1.41 ``` Even after upgrading Docker Desktop to the latest, this error still persisted. It seems that Docker released a version of the client that is newer than the latest version of the server. Reverting to a supported client version. |
||
|
gillespi314
|
2ddf377c73
|
Treat MDM profile not found error as if profile was successfully removed (#10579) | ||
|
Roberto Dip
|
305392e7bb
|
enforce an uniform collation for all tables (#10515)
related to #10441, inspired by the prior work done in https://github.com/kolide/fleet/pull/1360, this PR: 1. Adds a migration to use `utf8mb4_general_ci` as the default collation for the database and all the tables. From [MySQL's documentation][1]: > To change the table default character set and all character columns > (CHAR, VARCHAR, TEXT) to a new character set, use a statement like > this: > > ``` > ALTER TABLE tbl_name CONVERT TO CHARACTER SET charset_name; > ``` > The statement also changes the collation of all character columns. If > you specify no COLLATE clause to indicate which collation to use, the > statement uses default collation for the character set. 2. Changes the connection settings to use `utf8mb4_general_ci` as the default collation, from the [driver docs][2]: > Sets the collation used for client-server interaction on connection. In contrast to charset, collation does not issue additional queries. If the specified collation is unavailable on the target server, the connection will fail. [1]: https://dev.mysql.com/doc/refman/5.7/en/alter-table.html [2]: https://github.com/go-sql-driver/mysql **TODO:** discuss how we can enforce this, is setting the database default collation enough? should we add some kind of custom lint rule to all migrations? # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality |
||
|
gillespi314
|
c838395c44
|
Add profile name to host mdm apple profiles (#10455) | ||
|
dependabot[bot]
|
f3ed6f3037
|
Bump github.com/kevinburke/go-bindata from 3.22.0+incompatible to 3.24.0+incompatible (#10186)
Bumps [github.com/kevinburke/go-bindata](https://github.com/kevinburke/go-bindata) from 3.22.0+incompatible to 3.24.0+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/kevinburke/go-bindata/releases">github.com/kevinburke/go-bindata's releases</a>.</em></p> <blockquote> <p>v3.24.0</p> <p>v3.23.0</p> <p>test</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kevinburke/go-bindata/blob/master/CHANGELOG.md">github.com/kevinburke/go-bindata's changelog</a>.</em></p> <blockquote> <h2>3.24.0</h2> <p>Remove uses of io/ioutil; you must use Go 1.18 or higher with this version of go-bindata and its generated asset files.</p> <p>Update generated doc comments for compatibility with Go's updated doc comment guidelines.</p> <h2>3.21.0</h2> <p>Replace "Debug" with "AssetDebug" to reduce the likelihood of conflicts.</p> <h2>3.20.0</h2> <p>Add the "Debug" constant if assets have been generated using the <code>--debug</code> flag at the command line.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
e28288a618
|
Bump github.com/go-kit/log from 0.2.0 to 0.2.1 (#10187)
Bumps [github.com/go-kit/log](https://github.com/go-kit/log) from 0.2.0 to 0.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-kit/log/releases">github.com/go-kit/log's releases</a>.</em></p> <blockquote> <h2>v0.2.1</h2> <p>This release fixes a few small bugs and adds <code>level.Parse</code> which allows levels to be set by a string input from e.g. flags or environment variables. Thanks, <a href="https://github.com/mcosta74"><code>@mcosta74</code></a>!</p> <h2>What's Changed</h2> <ul> <li>fix safeError & safeString for json format by <a href="https://github.com/dwiyanr"><code>@dwiyanr</code></a> in <a href="https://github-redirect.dependabot.com/go-kit/log/pull/20">go-kit/log#20</a></li> <li>Update CI and add badges to README by <a href="https://github.com/ChrisHines"><code>@ChrisHines</code></a> in <a href="https://github-redirect.dependabot.com/go-kit/log/pull/21">go-kit/log#21</a></li> <li>Allow to configure allowed levels by string value by <a href="https://github.com/mcosta74"><code>@mcosta74</code></a> in <a href="https://github-redirect.dependabot.com/go-kit/log/pull/22">go-kit/log#22</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dwiyanr"><code>@dwiyanr</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/go-kit/log/pull/20">go-kit/log#20</a></li> <li><a href="https://github.com/mcosta74"><code>@mcosta74</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/go-kit/log/pull/22">go-kit/log#22</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-kit/log/compare/v0.2.0...v0.2.1">https://github.com/go-kit/log/compare/v0.2.0...v0.2.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
85a665aa6b
|
Bump golang.org/x/net from 0.5.0 to 0.7.0 (#9941)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.7.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
145f143dde
|
Bump github.com/getsentry/sentry-go from 0.12.0 to 0.18.0 (#9793)
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.12.0 to 0.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-go/releases">github.com/getsentry/sentry-go's releases</a>.</em></p> <blockquote> <h2>0.18.0</h2> <p>The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.18.0. This release contains initial support for <a href="https://opentelemetry.io/">OpenTelemetry</a> and various other bug fixes and improvements.</p> <p><strong>Note</strong>: This is the last release supporting Go 1.17.</p> <h3>Features</h3> <ul> <li> <p>Initial support for <a href="https://opentelemetry.io/">OpenTelemetry</a>. You can now send all your OpenTelemetry spans to Sentry.</p> <p>Install the <code>otel</code> module</p> <pre lang="bash"><code>go get github.com/getsentry/sentry-go \ github.com/getsentry/sentry-go/otel </code></pre> <p>Configure the Sentry and OpenTelemetry SDKs</p> <pre lang="go"><code>import ( "go.opentelemetry.io/otel" sdktrace "go.opentelemetry.io/otel/sdk/trace" "github.com/getsentry/sentry-go" "github.com/getsentry/sentry-go/otel" // ... ) <p>// Initlaize the Sentry SDK sentry.Init(sentry.ClientOptions{ Dsn: "<strong>DSN</strong>", EnableTracing: true, TracesSampleRate: 1.0, })</p> <p>// Set up the Sentry span processor tp := sdktrace.NewTracerProvider( sdktrace.WithSpanProcessor(sentryotel.NewSentrySpanProcessor()), // ... ) otel.SetTracerProvider(tp)</p> <p>// Set up the Sentry propagator otel.SetTextMapPropagator(sentryotel.NewSentryPropagator()) </code></pre></p> <p>You can read more about using OpenTelemetry with Sentry in our <a href="https://docs.sentry.io/platforms/go/performance/instrumentation/opentelemetry/">docs</a>.</p> </li> </ul> <h3>Bug Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md">github.com/getsentry/sentry-go's changelog</a>.</em></p> <blockquote> <h2>0.18.0</h2> <p>The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.18.0. This release contains initial support for <a href="https://opentelemetry.io/">OpenTelemetry</a> and various other bug fixes and improvements.</p> <p><strong>Note</strong>: This is the last release supporting Go 1.17.</p> <h3>Features</h3> <ul> <li> <p>Initial support for <a href="https://opentelemetry.io/">OpenTelemetry</a>. You can now send all your OpenTelemetry spans to Sentry.</p> <p>Install the <code>otel</code> module</p> <pre lang="bash"><code>go get github.com/getsentry/sentry-go \ github.com/getsentry/sentry-go/otel </code></pre> <p>Configure the Sentry and OpenTelemetry SDKs</p> <pre lang="go"><code>import ( "go.opentelemetry.io/otel" sdktrace "go.opentelemetry.io/otel/sdk/trace" "github.com/getsentry/sentry-go" "github.com/getsentry/sentry-go/otel" // ... ) <p>// Initlaize the Sentry SDK sentry.Init(sentry.ClientOptions{ Dsn: "<strong>DSN</strong>", EnableTracing: true, TracesSampleRate: 1.0, })</p> <p>// Set up the Sentry span processor tp := sdktrace.NewTracerProvider( sdktrace.WithSpanProcessor(sentryotel.NewSentrySpanProcessor()), // ... ) otel.SetTracerProvider(tp)</p> <p>// Set up the Sentry propagator otel.SetTextMapPropagator(sentryotel.NewSentryPropagator()) </code></pre></p> <p>You can read more about using OpenTelemetry with Sentry in our <a href="https://docs.sentry.io/platforms/go/performance/instrumentation/opentelemetry/">docs</a>.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
9192d5ce91
|
Bump github.com/docker/docker from 20.10.17+incompatible to 23.0.1+incompatible (#9792)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.17+incompatible to 23.0.1+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v23.0.1</h2> <h2>23.0.1</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/milestone/73?closed=1">docker/cli, 23.0.1 milestone</a></li> <li><a href="https://github.com/moby/moby/milestone/113?closed=1">moby/moby, 23.0.1 milestone</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Fix containers not starting if the kernel has AppArmor enabled, but <code>apparmor_parser</code> is not available. <a href="https://github-redirect.dependabot.com/moby/moby/pull/44942">moby/moby#44942</a></li> <li>Fix BuildKit-enabled builds with inline caching causing the daemon to crash. <a href="https://github-redirect.dependabot.com/moby/moby/pull/44944">moby/moby#44944</a></li> <li>Fix BuildKit improperly loading cached layers created by previous versions. <a href="https://github-redirect.dependabot.com/moby/moby/pull/44959">moby/moby#44959</a></li> <li>Fix an issue where <code>ipvlan</code> networks created prior to upgrading would prevent the daemon from starting. <a href="https://github-redirect.dependabot.com/moby/moby/pull/44937">moby/moby#44937</a></li> <li>Fix the <code>overlay2</code> storage driver failing early in <code>metacopy</code> testing when initialized on an unsupported backing filesystem. <a href="https://github-redirect.dependabot.com/moby/moby/pull/44922">moby/moby#44922</a></li> <li>Fix <code>exec</code> exit events being misinterpreted as container exits under some runtimes, such as Kata Containers. <a href="https://github-redirect.dependabot.com/moby/moby/pull/44892">moby/moby#44892</a></li> <li>Improve the error message returned by the CLI when recieving a truncated JSON response caused by the API hanging up mid-request. <a href="https://github-redirect.dependabot.com/docker/cli/pull/4004">docker/cli#4004</a></li> <li>Fix an incorrect CLI exit code when attempting to execute a directory with a <code>runc</code> compiled using Go 1.20. <a href="https://github-redirect.dependabot.com/docker/cli/pull/4004">docker/cli#4004</a></li> <li>Fix mishandling the size argument to <code>--device-write-bps</code> as a path. <a href="https://github-redirect.dependabot.com/docker/cli/pull/4004">docker/cli#4004</a></li> </ul> <h3>Packaging</h3> <ul> <li>Add <code>/etc/docker</code> to RPM and DEB packaging. <a href="https://github-redirect.dependabot.com/docker/docker-ce-packaging/pull/842">docker/docker-ce-packaging#842</a> <ul> <li>Not all use cases will benefit; if you depend on this, you should explicitly <code>mkdir -p /etc/docker</code>.</li> </ul> </li> <li>Upgrade Compose to <code>v2.16.0</code>. <a href="https://github-redirect.dependabot.com/docker/docker-ce-packaging/pull/844">docker/docker-ce-packaging#844</a></li> </ul> <h2>v23.0.0</h2> <h2>23.0.0</h2> <p>For more information about:</p> <ul> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v23.0.0/docs/deprecated.md">Deprecated Engine Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v23.0.0/docs/api/version-history.md">Engine API version history</a>.</li> </ul> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/milestone/51?closed=1">docker/cli, 23.0.0 milestone</a></li> <li><a href="https://github.com/moby/moby/milestone/91?closed=1">moby/moby, 23.0.0 milestone</a></li> </ul> <h3>New</h3> <ul> <li>Set Buildx and BuildKit as the default builder on Linux. <a href="https://github-redirect.dependabot.com/moby/moby/pull/43992">moby/moby#43992</a> <ul> <li>Alias <code>docker build</code> to <code>docker buildx build</code>. <a href="https://github-redirect.dependabot.com/docker/cli/pull/3314">docker/cli#3314</a></li> <li>The legacy builder can still be used by explicitly setting <code>DOCKER_BUILDKIT=0</code>.</li> <li>There are differences in how BuildKit and the legacy builder handle multi-stage builds. For more information, see <a href="https://github.com/docker/docker/build/building/multi-stage.md#differences-between-legacy-builder-and-buildkit">Multi-stage builds</a>.</li> </ul> </li> <li>Add support for pulling <code>zstd</code> compressed layers. <a href="https://github-redirect.dependabot.com/moby/moby/pull/41759">moby/moby#41759</a>, <a href="https://github-redirect.dependabot.com/moby/moby/pull/42862">moby/moby#42862</a></li> <li>Add support for alternate OCI runtimes on Linux, compatible with the containerd runtime v2 API. <a href="https://github-redirect.dependabot.com/moby/moby/pull/43887">moby/moby#43887</a>, <a href="https://github-redirect.dependabot.com/moby/moby/pull/43993">moby/moby#43993</a></li> <li>Add support for the containerd <code>runhcs</code> shim on Windows (off by default). <a href="https://github-redirect.dependabot.com/moby/moby/pull/42089">moby/moby#42089</a></li> <li>Add <code>dockerd --validate</code> to check the daemon JSON config and exit. <a href="https://github-redirect.dependabot.com/moby/moby/pull/42393">moby/moby#42393</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
gillespi314
|
e31fc889f1
|
Add MDM profiles to host detail in API responses (#10034)
Issue #9599 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
|
Marcos Oviedo
|
97c06791dc
|
Adding new Windows MDM table to interact with the Windows MDM stack (#9448) | ||
|
Roberto Dip
|
b4f46bf91c
|
run go mod tidy and fix incorrectly imported dependency (#9529)
Two minor things are happening here: 1. A new direct dependency was added in #9489, this runs `go mod tidy` to update `go.mod` and `go.sum` 2. `"go.uber.org/atomic"` was automatically imported instead of `"sys/atomic"` in #9494 |
||
|
Sharon Katz
|
86c4c15d6b
|
Cis 5.2.x (#9489) | ||
|
Martin Angers
|
6c3738a0d2
|
Fix a flaky integration test (#9382) | ||
|
Lucas Manuel Rodriguez
|
cadcdbb992
|
Add table implementation to query SNTP servers (#9312)
This may be needed for CIS 2.3.2.2 check: ``` Correct date and time settings are required for authentication protocols, file creation, modification dates and log entries. Ensure that time on the computer is within acceptable limits. Truly accurate time is measured within milliseconds. For this audit, a drift under four and a half minutes passes the control check. Since Kerberos is one of the important features of macOS integration into Directory systems, the guidance here is to warn you before there could be an impact to operations. From the perspective of accurate time, this check is not strict, so it may be too great for your organization. Your organization can adjust to a smaller offset value as needed. ``` #9239 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - ~[ ] Added/updated tests~ - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~ |
||
|
Martin Angers
|
1abcb6e227
|
Add integration tests for setting apple BM default team (#9291) | ||
|
Martin Angers
|
656e5bfc70
|
Flag when the Apple BM terms have expired (#9091)
#8862 Co-authored-by: Roberto Dip <dip.jesusr@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> |
||
|
Zach Wasserman
|
d5e4a9a66f
|
Signing tool for MDM Push CSRs (#8884)
This PR provides the tooling that fleetdm.com will use to sign MDM Push CSRs. This was tested against the output of #8812, and the resulting requests were validated to be accepted by Apple. Co-authored-by: Roberto Dip <me@roperzh.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com> |
||
|
gillespi314
|
94dd1c3745
|
Ingest pending MDM hosts (#9065)
Co-authored-by @roperzh |
||
|
Marcos Oviedo
|
53b74e576c
|
Adding fallback mechanism to retrive UUID on Windows (#8993)
* Adding fallback mechanism to retrive UUID on Windows * Fixing erroneous code comments * Addressing code review findings |
||
Michal Nicpon
|
10b3179b63
|
Add fleetctl generate mdm-apple (#8812) | ||
|
Martin Angers
|
a1252b74df
|
Add a static check for misuse of ds.writer/ds.reader when inside a transaction (#8621) |