Changes
This is a security release.
-
Security: Fixed a vulnerability in which a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. See GHSA-xwh8-9p3f-3x45 and the linked content within that advisory.
-
Add new Host details page which includes a rich view of a specific host’s attributes.
-
Reveal live query errors in the Fleet UI and
fleetctlto help target and diagnose hosts that fail. -
Add Helm chart to make it easier for users to deploy to Kubernetes.
-
Add support for
denylistparameter in scheduled queries. -
Add debug flag to
fleetctlthat enables logging of HTTP requests and responses to stderr. -
Improvements to the
fleetctl previewexperience that include adding containerized osquery agents, displaying login information, creating a default directory, and checking for Docker daemon status. -
Add improved error handling in host enrollment to make debugging issues with the enrollment process easier.
-
Upgrade TLS compatibility settings to match Mozilla.
-
Add comments in generated flagfile to add clarity to different features being configured.
-
Fix a bug in Fleet UI that allowed user to edit a scheduled query after it had been deleted from a pack.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.7.0/docs/README.md
Binary Checksum
SHA256
58fd16818e6062fda819fab0aa5629a6292fc48f50427172d1aac08a46272a30 fleet.zip
84cebe3a7837e77ec5f9384f8a4bed9e14e86ee0adc5f54f522c8ca148a8a3c9 fleetctl.exe.zip
cd72f9089b3c28122483de6edcd958d57748ee1592037ceb296ffea9ef9fd64e fleetctl-macos.tar.gz
ba29a3555336e728e268efbe30b08f5be9046ef2e7f38d47469299ab3728f7f9 fleetctl-windows.tar.gz
7535bf71359e02703720acb7a3e9d2fb2bbb74690408e2348bf631ebeafed774 fleetctl-linux.tar.gz