github fleetdm/fleet 3.5.1

latest releases: orbit-v0.0.11, fleet-v4.14.0, orbit-v0.0.10...
17 months ago

This is a security release.


  • Security: Introduce XML validation library to mitigate Go stdlib XML parsing vulnerability effecting SSO login. See GHSA-w3wf-cfx3-6gcx and the linked content within that advisory.

Follow up: Rotate --auth_jwt_key to invalidate existing sessions. Audit for suspicious activity in the Fleet server.

  • Security: Prevent new queries from using the SQLite ATTACH command. This is a mitigation for the osquery vulnerability GHSA-4g56-2482-x7q8.

Follow up: Audit existing saved queries and logs of live query executions for possible malicious use of ATTACH. Upgrade osquery to 4.6.0 to prevent ATTACH queries from executing.

  • Update icons and fix hosts dashboard for wide screen sizes.


Please visit our update guide for upgrade instructions.


Documentation for this release can be found at

Binary Checksum


beab8bad8d48a3f7a4712610b1ba460ec8952f108337b02d709dc7aacd956ebe  fleetctl-macos.tar.gz
aabc45c718bc5286e0cb9bbb3b2afa9d9443e5089a33fdcee47c099b4b5f94af  fleetctl-windows.tar.gz
14da11eb9b389d13fd1e84888590fbf860491758fa251da0d7b86f5a5ad7ad74  fleetctl-linux.tar.gz

Don't miss a new fleet release

NewReleases is sending notifications on new releases.