fleet-v4.54.1

Bug fixes

• Fixed a startup bug by performing an early restart of orbit if an agent options setting has changed.
• Implemented a small refactor of orbit subsystems.
• Removed the --version flag from the fleetctl package command. The version of the package can now be controlled by the --orbit-channel flag.
• Fixed a bug that set last_enrolled_at during orbit re-enrollment, which caused osquery enroll failures when FLEET_OSQUERY_ENROLL_COOLDOWN is set .
• In fleetctl package command, removed the --version flag. The version of the package can be controlled by --orbit-channel flag.
• Fixed a bug where Fleet google calendar events generated by Fleet <= 4.53.0 were not correctly processed by 4.54.1.
• Re-enabled cached logins after windows Unlock.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4511497ad6ecfef8d3a9fcf7585eb454edf22ea0dae6f77be2c81e7a6539dcd7  fleet_v4.54.1_linux.tar.gz
151e41e5d547de46a4557bef41a35790951a7926646c7d35d1ed1ef7f9961964  fleetctl_v4.54.1_linux.tar.gz
fd075f9c84e91c2f7c0937e730df44f3e9fe9b74c41bdf62645a9798cd1a45c5  fleetctl_v4.54.1_linux.zip
f3c40d7fc7a91a57e7689ada1c1b6b7167f4a740bb2124ea1c3a75d0bde8030b  fleetctl_v4.54.1_macos.tar.gz
43e4ddd1285dfb190c49ab4c6d488369b5ae72234a5d87afd93bc6fc2d675076  fleetctl_v4.54.1_macos.zip
86f533145306e79ccdbe21d0b46326ae9fab9507f3a1740d0ffc8a088ce18d02  fleetctl_v4.54.1_windows.tar.gz
a7446e282755e5340b33572986e83bffa2a984d04d6f465d0a30da9538f9cea4  fleetctl_v4.54.1_windows.zip

fleet-v4.54.0

Fleet 4.54.0 (Jul 17, 2024)

Endpoint Operations

• Updated fleetctl gitops to be used to rename teams.
  • NOTE: fleetctl gitops needs to have previously run with this Fleet/fleetctl version or later.
  • The team name is changed if the YAML config is applied from the same filename as before.
• Updated fleetctl query --hosts to work with hostnames, host UUIDs, and/or hardware serial numbers.
• Added a host's upcoming scheduled maintenance window, if any, on the host details page of the UI and in host responses from the API.
• Added support to fleetctl debug connection to test TLS connection with the embedded certs.pem in
  the fleetctl executable.
• Added host's display name to calendar event descriptions.
• Added .yml and .yaml file type validation and error message to fleetctl apply.
• Added a tooltip to truncated text and not to untruncated values.

Device Management (MDM)

• Added iOS/iPadOS builtin manual labels.
  • NOTE: Before migrating to this version, make sure to delete any labels with name "iOS" or "iPadOS".
• Added aggregation of iOS/iPadOS OS versions.
• Added change to custom profiles for iOS/iPadOS to go from 'pending' straight to 'verified' (skip 'verifying').
• Added support for renewing SCEP certificates with custom enrollment profiles.
• Added automatic install of fleetd when a host turns on MDM now uses the latest released fleetd version.
• Added support for END_USER_EMAIL and FLEET_DESKTOP parameters to Windows MSI install package.
• Added API changes to support the labels_include_all and labels_exclude_any fields (and accept the deprecated labels field as an alias for labels_include_all).
• Added fleetctl gitops and fleetctl apply support for labels_include_all and labels_exclude_any to configure a custom setting.
• Added UI for uploading custom profiles with a target of hosts that include all/exclude any selected labels.
• Added the database migrations to create the new exclude column for labels associated with MDM profiles (and declarations).
• Updated host script timeouts to be configurable via agent options using script_execution_timeout.
• fleetctl now uses a polling mechanism when running run-script to accommodate longer script timeout values.
• Updated the profile reconciliation logic to handle the new "exclude any" labels.
• Updated so that the fleetd cleanup script for macOS that will return completed when run from Fleet.
• Updated so that the fleetd uninstall script will return completed when run from Fleet.
• Updated script run permissions -- only admins and maintainers can run arbitrary or saved scripts (not observer or observer+).
• Updated fleetctl get mdm_commands to return 20 rows and support --host --type filters to improve response time.
• Updated the instructions for manual MDM enrollment on the "My device" page to be clearer and align with Apple updates.
• Updated UI to allow device users to reinstall self-service software.
• Updated API to not return a 500 status code if a host sends a command response with an invalid command uuid.
• Increased the timeout of the upload software installer endpoint to 4 minutes.
• Disabled credential caching and reboot on Windows lock.

Vulnerability Management

• Added "Vulnerable" filter to the host details software table.
• Fixed Microsoft Office June 2024 false negative vulnerabilities and added custom vulnerability matching.
• Fixed issue where some Windows applications were getting matched against Windows OS vulnerabilities.

Bug fixes and improvements

• Updated Go version to go1.22.4.
• Updated to render only one banner on the my device page based on priority order.
• Updated software updated timestamp tooltip.
• Removed DB error message from the UI when showing a error response.
• Updated fleetctl get queries/labels/hosts descriptions.
• Reinstated ability to sort policies by passing count.
• Improved the accuracy of the heuristic used to deterimine if a host is connected to Fleet via MDM by using osquery data for hosts that didn't send a Checkout message.
• Improved the matching of pkg installer files to existing software.
• Improved extraction of application name from pkg installers.
• Clarified various help and error texts around host identifiers.
• Hid CTA on inherited queries/policies from team level users.
• Hid query delete checkboxes from team observers.
• Hid "Self-service" in Fleet Desktop and My device page if there is no self-service software available.
• Hid the host detail page's "Run script" action from Global and Team Observer/+s.
• Aligned the "View all hosts" links in the Software titles and versions tables.
• Fixed counts for hosts with with low disk space in summary page.
• Fixed allowing Observer and Observer+ roles to download software installers.
• Fixed crash in fleetd installer on Windows if there are registry keys with special characters on the system.
• Fixed fleetctl debug connection to support server TLS certificates with intermediates.
• Fixed macOS declarations being stuck in "to be removed" state indefinitely.
• Fixed link to fleetd uninstall instructions in "Delete device" modal.
• Fixed exporting CSVs with fields that contain commas to render properly.
• Fixed issue where the Fleet UI could not be used to renew the ABM token after the ABM user who created the token was deleted.
• Fixed styling issues with the target inputs loading spinner on the run live query/policy page.
• Fixed an issue where special characters in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall breaks the "installer_utils.ps1 -uninstallOrbit" step in the Windows MSI installer.
• Fixed a bug causing "No Team" OS versions to display the wrong number.
• Fixed various UI capitalizations.
• Fixed UI issue where "Script is already running" tooltip incorrectly displayed when the script is not running.
• Fixed the script details modal's error message on script timeout to reflect the newly dynamic script timeout limit, if hit.
• Fixed a discrepancy in the spacing between DataSet labels and values on Firefox relative to other browsers.
• Fixed bug that set Added to Fleet to Never after macOS hosts re-enrolled to Fleet via MDM.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.27.0
2. fleet-desktop-v1.27.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

ef3cc05f5d86042c926a3243c081957445717960268743953793980df144b145  fleet_v4.54.0_linux.tar.gz
f4be7647922d6d458692d149c3aec12c3ecd84ed97761dd5478b1e10cbb94d7e  fleetctl_v4.54.0_linux.tar.gz
2266628a8f1495e4ec904646ee77797367b359aaa3b3a1dd49449031bb5c7878  fleetctl_v4.54.0_linux.zip
4eb752de605ffcacb6aaf1e613bef1596b6a4583811d1b2fc6b0948df4febddd  fleetctl_v4.54.0_macos.tar.gz
d12ea4fbcf04a2b0d848ed5b610b78055558e95b7cfd6461ee2e81ba4a7216b5  fleetctl_v4.54.0_macos.zip
6d331a0cf4808cc0a5141960acfe009d99e5b6e33b477216c9e888d55a04885e  fleetctl_v4.54.0_windows.tar.gz
a0b1523b50b26c6ceb479513d2278d448d9e826cebbaf2af7decd3e01b5d7a59  fleetctl_v4.54.0_windows.zip

fleet-v4.53.1

Bug fixes

• Updated fleetctl get queries/labels/hosts descriptions.
• Fixed exporting CSVs with fields that contain commas to render properly.
• Fixed link to fleetd uninstall instructions in "Delete device" modal.
• Rendered only one banner on the my device page based on priority order.
• Hidden query delete checkboxes from team observers.
• Fixed issue where the Fleet UI could not be used to renew the ABM token after the ABM user who created the token was deleted.
• Fixed an issue where special characters in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall broke the "installer_utils.ps1 -uninstallOrbit" step in the Windows MSI installer.
• Fixed counts for hosts with low disk space in summary page.
• Fleet UI fixes: Hide CTA on inherited queries/policies from team level users.
• Updated software updated timestamp tooltip.
• Fixed issue where some Windows applications were getting matched against Windows OS vulnerabilities.
• Fixed crash in fleetd installer on Windows if there are registry keys with special characters on the system.
• Fixed UI capitalizations.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4773c4275d0b56d5b80953003dc9956a6a7aa8c4a016480986fb409aef9b161c  fleet_v4.53.1_linux.tar.gz
c22224a6e32bc2f071373a53c528513f993239f3a3bc52bfb0ed3d854fba86b5  fleetctl_v4.53.1_linux.tar.gz
a0503d04e1f71f6856503024b70552eeeb6954e4aac61040a008f3917b38a684  fleetctl_v4.53.1_linux.zip
9887df54ec10a12b986c325675b360e2c43924618104c7914928520ede514fa0  fleetctl_v4.53.1_macos.tar.gz
a220124d70563eb4e79926b0b7ff4bfab36fc29d58b21152455ae1c63bbd5a28  fleetctl_v4.53.1_macos.zip
9e4a589aa9658c35abbcca54036c9cc0070d05f0708b8df2d8e9030bbb9f541a  fleetctl_v4.53.1_windows.tar.gz
c18e861f5e44c1b731f14ddebcbbe4f6d4bd9ad24e71b49feb7d1ddde7cc1741  fleetctl_v4.53.1_windows.zip

fleet-v4.53.0

Fleet 4.53.0 (Jun 25, 2024)

Endpoint Operations

• Enabled fleetctl gitops to create teams with no enroll secrets, or clear enroll secrets for an existing team.
• Added support for upgrades to fleetd RPMs packages.
• Changed activities.created_at timestamp precision to microseconds.
• Added character validation to /api/fleet/orbit/device_token endpoint.
• Cleaned up count rendering fixing clientside flashing counts.
• Improved performance by removing unnecessary database query that listed host software during
  initial page load of the "My device" page.
• Made the rendering of empty text cell values consistent. Also render the '0' value as a number instead of the default value.
• Added a server setting to configure the query report max size.
• Fixed a bug where scrollbars were always present on modal backgrounds.
• Fixed bug in fleetctl preview caused by creating enroll secrets.

Device Management (MDM)

• Extended the timeout for the endpoint to upload a software installer.
• Improved the logic used by Fleet to detect if a host is currently MDM-managed.
• Added S3 config variables with a carves_ and software_installers prefix.
• Fixed bug where MDM migration failed when attempting to renew enrollment profiles on macOS Sonoma devices.
• Fixed issue where Windows-specific error message was displayed when failing to parse macOS configuration profiles.
• Fixed a bug where MDM migration failed when attempting to renew enrollment profiles on macOS Sonoma devices.
• Fixed a server panic when sending a request to /mdm/apple/mdm without certificate headers.
• Fixed issue where profiles larger than 65KB were being truncated when stored on MySQL 8.
• Fixed a bug that prevented unused script contents to be periodically cleaned up from the database.
• Fixed UI bug where error detail was overflowing the table in "OS settings" modal in "My device"
  page UI.
• Fixed a bug where the software installer exists in the database but the installer does not exist
  in the storage.
• Added a "soft-delete" approach when deleting a host so that its script execution details are still
  available for the activities feed.
• Fixed UI bug where Zoom icon was displayed for ZoomInfo.
• Fixed issue with backwards compatibility with the deprecated FLEET_S3_* environment variables.
• Fixed a code linter issue where a slice was created non-empty and appended-to, instead of empty with the required capacity.

Vulnerability Management

• Added vulnerabilities matching for applications that include an OS scope.
• Added vulnerability detection in NVD for custom ubuntu kernels.
• Removed duplicate os_versions results in /api/latest/fleet/vulnerabilities/:cve endpoint.
• Removed vscode false positive vulnerabilities.
• Clarified Fleet uses CVSS base score version 3.x.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.27.0
2. fleet-desktop-v1.27.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

881f6c9e3c1e70dd076b850c146352b733957e1ef90a76c46595631f2cd5ff7c  fleet_v4.53.0_linux.tar.gz
710c8601b26a63482c9d8044bfb12d8dec9297aaa593942cb68185276dd304b6  fleetctl_v4.53.0_linux.tar.gz
3ba1b87c659e4c9ca752c50c7e9414ed46f982ce88d668e7d918a95af13315c9  fleetctl_v4.53.0_linux.zip
0fdf8c16ffc44fe0006ac5e07721c17a7995c0bcdb4309d3d66697a8f153b402  fleetctl_v4.53.0_macos.tar.gz
c4d9880b59c833dd69c78533381854a62dd100fc738c15780f512ec879018864  fleetctl_v4.53.0_macos.zip
df1ecdc0031475f4481f32911d5222f265ca016bc23a2ce5febe24339f473c02  fleetctl_v4.53.0_windows.tar.gz
6ebf021ec1ecf18a97b59fcf9c045aa245120b84a84a5319dbbc5ff4c34f42ee  fleetctl_v4.53.0_windows.zip

fleet-v4.52.0

Bug fixes

• Fixed an issue where profiles larger than 65KB were being truncated when stored on MySQL 8.
• Fixed activity without public IP to be human readable.
• Made the rendering of empty text cell values consistent. Also rendered the '0' value as a number instead of the default value ---.
• Fixed bug in fleetctl preview caused by creating enroll secrets.
• Disabled AI features on non-new installations upgrading from < 4.50.X to >= 4.51.X.
• Fixed various icon misalignments on the dashboard page.
• Used a "soft-delete" approach when deleting a host so that its script execution details are still available for the activities feed.
• Fixed UI bug where error detail was overflowing the table in "OS settings" modal in "My device" page UI.
• Fixed bug where MDM migration failed when attempting to renew enrollment profiles on macOS Sonoma devices.
• Fixed queries with dot notation in the column name to show results.
• /api/latest/fleet/hosts/:id/lock returns unlock_pin for Apple hosts when query parameter view_pin=true is set. UI no longer uses unlock pending state for Apple hosts.
• Improved the logic used by Fleet to detect if a host is currently MDM-managed.
• Fixed issue where the MDM ingestion flow would fail if an invalid enrollment reference was passed.
• Removed vscode false positive vulnerabilities.
• Fixed a code linter issue where a slice was created non-empty and appended-to, instead of empty with the required capacity.
• Fixed UI bug where Zoom icon was displayed for ZoomInfo.
• Error with 404 when the user attempts to delete team policies for a non-existent team.
• Fixed the Linux unlock script to support passwordless users.
• Fixed an issue with the Windows-specific windows-remove-fleetd.ps1 script provided in the Fleet repository where running the script did remove fleetd but made it impossible to reinstall the agent.
• Fixed host details page and device details page not showing the latest software. Added exclude_software query parameter to the /api/latest/fleet/hosts/:id endpoint to exclude software from the response.
• Fixed the /mdm/apple/mdm endpoint so that it returns status code 408 (request timeout) instead of 500 (internal server error) when encountering a timeout reading the request body.
• Extended the timeout for the endpoint to upload a software installer (POST /fleet/software/package), and improved handling of the maximum size.
• Fixed issue where Windows-specific error message was displayed when failing to parse macOS configuration profiles.
• Fixed a panic (API returning code 500) when the software installer exists in the database but the installer does not exist in the storage.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

f004ede766d83d38ded3358bef66fd56b564fcea19cde01f79dee4a426916448  fleet_v4.52.0_linux.tar.gz
65f081caa613ba53342c9c3dd7188f22552b83c9e8ac73f740321f99f6a9fe5b  fleetctl_v4.52.0_linux.tar.gz
763e2f8597ef969c08a17932f0d4e10424b478314ceddbf72ba13a5d41aa8df0  fleetctl_v4.52.0_linux.zip
92f34dca0bd5715dbfffcdceeb89ffab9cd8115c2faf07cbd1e34071795cdb44  fleetctl_v4.52.0_macos.tar.gz
52e9a87377d0237b7c1a1c8247898ec1a41bfa2a52af411694ff62b70b64917b  fleetctl_v4.52.0_macos.zip
b4aa7c480ce02aeb723529ed5e8c2874738ca4d2aeb9e718cdc96c5e5cbded3b  fleetctl_v4.52.0_windows.tar.gz
1d289b4fb2f8766a1a1e7f8bab7472322f721c1c2f7ecf676f0c9dadfc7f66b3  fleetctl_v4.52.0_windows.zip

fleet-v4.51.1

Bug fixes

• Added S3 config variables with a carves_ and software_installers prefix, which were used to configure buckets for those features. The existing non-prefixed variables were kept for backwards compatibility.
• Fixed a bug that prevented unused script contents to be periodically cleaned up from the database.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4e5d34573206efd1a545796a8c2c233a80fe5301c11eee3024e978b0977a4521  fleet_v4.51.1_linux.tar.gz
4f4a7ad2eedc23ab3b6127a704fe66efbbda6bc654b98741aa2aadb8293d5864  fleetctl_v4.51.1_linux.tar.gz
7f08d1c537cc683674c8b85e02ba5ae0513a779fc416c687f82a1b0eba4010d8  fleetctl_v4.51.1_linux.zip
e9ca78d11b144352ca1d9ec83d7ec0f44fba238ae3ba46560ed01b45eaa1f232  fleetctl_v4.51.1_macos.tar.gz
4daa7e8e607567451a1db6eb4c297c60a028263756b460c75bc5a31c39bc968b  fleetctl_v4.51.1_macos.zip
3bad0a20a77b7839ab4e236d31b4de469a0e0e58ce2195d2d7b2df8decec7ce3  fleetctl_v4.51.1_windows.tar.gz
b8e073c828b106964df38c2a16c30d9acae5aac15a2b4204f084bdf2579c3145  fleetctl_v4.51.1_windows.zip

fleet-v4.51.0

Endpoint Operations

• Added support for environment variables in configuration profiles for GitOps.
• fleetctl gitops --dry-run now errors on duplicate (or conflicting) global/team enroll secrets.
• Added activities_webhook configuration option to allow for a webhook to be called when an activity is recorded. This can be used to send activity data to external services. If the webhook response is a 429 error code, the webhook retries for up to 30 minutes.
• Added Tuxedo OS to the Linux distribution platform list.

Device Management (MDM)

• NOTE: Added new required Fleet server config environment variable when MDM is enabled,
  FLEET_SERVER_PRIVATE_KEY. This variable contains the private key used to encrypt the MDM
  certificates and keys stored in Fleet. Learm more at
  https://fleetdm.com/learn-more-about/fleet-server-private-key.
• Added MDM support for iPhone/iPad.
• Added software self-service support.
• Added query parameter self_service to filter the list of software titles and the list of a host's software so that only those available to install via self-service are returned.
• Added the device-authenticated endpoint POST /device/{token}/software/install/{software_title_id} to self-install software.
• Added new endpoints to configure ABM keypairs and tokens.
• Added GET /fleet/mdm/apple/request_csr endpoint, which returns the signed APNS CSR needed to activate Apple MDM.
• Added the ability to automatically log off and lock out Administrator users on Windows hosts.
• Added clearer error messages when attempting to set up Apple MDM without a server private key configured.
• Added UI for the global and host activities for self-service software installation.
• Updated UI to support new workflows for macOS MDM setup and credentials.
• Updated UI to support software self-service features.
• Updated UI controls page language and hid CTA button for users without access to turn on MDM.

Vulnerability Management

• Updated the CIS policies for Windows 11 Enterprise from v2.0.0 (03-07-2023) to v3.0.0 (02-22-2024).
• Fleet now detects Ubuntu kernel vulnerabilities from the Canonical OVAL feed.
• Fleet now detects and reports vulnerabilities on Firefox ESR editions on macOS.

Bug fixes and improvements

• Fixed a bug that might prevent enqueuing commands to renew SCEP certificates if the host was enrolled more than once.
• Prevented the host_ids field from being returned from the list labels endpoint.
• Improved software ingestion performance by deduplicating incoming software.
• Placed all form field label tooltips on top.
• Fixed a number of related issues with the filtering and sorting of the queries table.
• Added various optimizations to the rendering of the queries table.
• Fixed host query page styling bugs.
• Fixed a UI bug where "Wipe" action was not being hidden from observers.
• Fixed UI bug for builtin label names for selecting targets.
• Removed references to Administrator accounts in the comments of the Windows lock script.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.26.0 (pending release week of 2024-06-09)
2. fleet-desktop-v1.26.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

a41b226ee731ac6c200b17e4367a5f57515f826896aed0a37f0595f9fe68b979  fleet_v4.51.0_linux.tar.gz
4a45903123dc54041be3142c9736129aad4a5a440d1f0388e0b8875808cc3d56  fleetctl_v4.51.0_linux.tar.gz
ed716e9d8a9382928e6a20bbac0f2245b7996125d9d86ace9c9a88fb9f8e4fde  fleetctl_v4.51.0_linux.zip
639d2a5d5cab0b60d2f2d22c835f997db1b16cf5ac4a8d88f3c91d43247d359d  fleetctl_v4.51.0_macos.tar.gz
244b58636bb8104b7b48fbb09402827ad91fd9424a1cb9dc15f8ca353718906d  fleetctl_v4.51.0_macos.zip
f99653446a9eb4dbc8bb2bcbef659f8fe2af69d5ad9319eaba68c394cb1c2b06  fleetctl_v4.51.0_windows.tar.gz
568be7e64dc6dd20516910fe1cd2db611fee2b3051b2ff81ca1ef092bf3bbd91  fleetctl_v4.51.0_windows.zip

fleet-v4.50.2

Bug fixes

* Fixed a critical bug where S3 operation were not possible on a different AWS account.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

3071cf9b377f62becd8f5ede7a3370eb94499fe28e87a6f6a4be6f6df3c0ac12  fleet_v4.50.2_linux.tar.gz
c5185db5e8a84cb5fcad17d8501c2fd8aadb451d5c54fdda88af3504b4c850df  fleetctl_v4.50.2_linux.tar.gz
9507e23a60968916342e626ca86fdde847cb30dafbe12a3f50f8854efef0f62e  fleetctl_v4.50.2_linux.zip
a706b0c389ebfbd01cbdf08359c81497eda81c315a7963960ed8968a2173c866  fleetctl_v4.50.2_macos.tar.gz
bd7c78ae36f84966ffd5effbb9f9227d1a018d8cdb51a2e4e883d4d113453304  fleetctl_v4.50.2_macos.zip
56f939d7b5513df64ad63f7bf2da6cafa98778872aecfbce5f55161648ca4231  fleetctl_v4.50.2_windows.tar.gz
c488cce70defe02c6a90ebdfe276d88f4fdaab9264e157588bdb0e6dba9c5a91  fleetctl_v4.50.2_windows.zip

fleet-v4.50.1

Bug fixes

• Fixed a bug that might prevent enqueing commands to renew SCEP certificates if the host was enrolled more than once.
• Fixed a bug by preventing the host_ids field from being returned from the list labels endpoint.
• Fixed a number of related issues with the filtering and sorting of the queries table.
• Added various optimizations to the rendering of the queries table.
• Fixed a bug where Bulk Host Delete and Transfer now support status and labelID filters together.
• Added the ability to automatically log off and lock out Administrator users on Windows hosts.
• Removed references to Administrator accounts in the comments of the Windows lock script.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

1e938fb7b547413a088c96ada20ab163fe27f12d2124aa1cb652f68ec0448970  fleet_v4.50.1_linux.tar.gz
388d03b5f42d14e0d68541fa74da9abc891e3fb7f7f6daae98d8e0e963c255b4  fleetctl_v4.50.1_linux.tar.gz
af1fa340c0d3690024a828f2099482530d20351bafcd114860b7faf37ddf11cb  fleetctl_v4.50.1_linux.zip
376c1371b87dd3ea20ad65ada4ef47f811218382422843a4ecb3fd590fc62c8a  fleetctl_v4.50.1_macos.tar.gz
c0f76101eeb0225230ebae6e980fc1161eb5b3727c8d1fd9ccfe3ac1169ba5b7  fleetctl_v4.50.1_macos.zip
4655c54ddae45ebc1b2b32a9568af775791964cf9ed6e2198a5d11ce466c23fd  fleetctl_v4.50.1_windows.tar.gz
ee3e0370955bb5c44e5a5370bdd268e5e948e18dbe86ae89e9f243f4a1668850  fleetctl_v4.50.1_windows.zip

fleet-v4.50.0

Endpoint Operations

• Added optional AI-generated policy descriptions and remediations.
• Added flag to enable deletion of old activities and associated data in cleanup cron job.
• Added support for escaping $ (with \) in gitops yaml files.
• Optimized policy_stats updates to not lock the policy_membership table.
• Optimized the hourly host_software count query to reduce individual query runtime.
• Updated built-in labels to support being applied via fleetctl apply.

Device Management (MDM)

• Added endpoints to upload, delete, and download software installers.
• Added ability to upload software from the UI.
• Added functionality to filter hosts by software installer status.
• Added support to the global activity feed for "Added software" and "Deleted software" actions.
• Added the POST /api/fleet/orbit/software_install/result endpoint for fleetd to send results for a software installation attempt.
• Added the GET /api/v1/fleet/hosts/{id}/software endpoint to list the installed software for the host.
• Added support for uploading and running zsh scripts on macOS and Linux hosts.
• Added the cron job to periodically remove unused software installers from the store.
• Added a new command fleetctl api to easily use fleetctl to hit any REST endpoint via the CLI.
• Added support to extract package name and version from software installers.
• Added the uninstalled but available software installers to the response payload of the "List software titles" endpoint.
• Updated MySQL host_operating_system insert statement to reduce table lock time.
• Updated software page to support new add software feature.
• Updated fleetctl to print team id as part of the fleetctl get teams command.
• Implemented an S3-based and local filesystem-based storage abstraction for software installers.

Vulnerability Management

• Added OVAL vulnerability scanning support on Ubuntu 22.10, 23.04, 23.10, and 24.04.

Bug fixes and improvements

• Fixed ingestion of private IPv6 address from agent.
• Fixed a bug where a singular software version in the Software table generated a tooltip unnecessarily.
• Fixed bug where updating user via /api/v1/fleet/users/:id endpoint sometimes did not update activity feed.
• Fixed bug where hosts query results were not cleared after transferring the host to other teams.
• Fixed a bug where the returned count field included hosts that the user did not have permission to see.
• Fixed issue where resolved_in_version was not returning if the version number differed by a 4th part.
• Fixed MySQL sort buffer overflow when fetching activities.
• Fixed a bug with users not being collected on Linux devices.
• Fixed typo in Powershell scripts for installing Windows software.
• Fixed an issue with software severity column display in Fleet UI.
• Fixed the icon on Software OS table to show a Linux icon for Linux operating systems.
• Fixed missing tooltips in disabled "Calendar events" manage automations dropdown option.
• Updated switched accordion text.
• Updated sort the host details page queries table case-insensitively.
• Added support for ExternalId in STS Assume Role APIs.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

d7102b8487a285583c69c54bf0bb7a40148eee6050e45ced1d0380bf83ae7aaa  fleet_v4.50.0_linux.tar.gz
33afcd4459db6fdcd977d24963acff551615be452d0fe8e1df8f862f058d6c48  fleetctl_v4.50.0_linux.tar.gz
91e7b6bf8831219775f176389103295d7065a7e6eb74c68c1093416be508ba14  fleetctl_v4.50.0_linux.zip
2c775985d8d4e0262216794d6924aea06a6f9ce9888c6918347e3df3886e8579  fleetctl_v4.50.0_macos.tar.gz
a25a28812d135f5a5dbc0a5a697cce19d94acd80913472d3dcc61178f9479e40  fleetctl_v4.50.0_macos.zip
f3f3cc358d84f4adca20bf1ba7a0a08d733d54cfd6a62276b7b465a58902bf99  fleetctl_v4.50.0_windows.tar.gz
0b860218a265d58208a132a83dcf04780635337c722caa05cbbd281b32749a91  fleetctl_v4.50.0_windows.zip