Changes
-
Added implementation of Fleetd for Chrome.
-
Added the
mdm.macos_settings.enable_disk_encryption
option to thefleetctl apply
configuration
files of "config" and "team" kind as a Fleet Premium feature. -
Added
mdm.macos_settings.disk_encryption
andmdm.macos_settings.action_required
status fields in the response for a single host (GET /hosts/{id}
andGET /device/{token}
endpoints). -
Added MDM solution name to
host.mdm
in API responses. -
Added support for fleetd to enroll a device using its serial number (in addition to its system
UUID) to help avoid host-matching issues when a host is first created in Fleet via the MDM
automatic enrollment (Apple Business Manager). -
Added ability to filter data under the Hosts tab by the aggregate status of hosts' MDM-managed macos
settings. -
Added activity feed items for enabling and disabling disk encryption with MDM.
-
Added FileVault banners on the Host Details and My Device pages.
-
Added activities for when macOS disk encryption setting is enabled or disabled.
-
Added UI for fleet mdm managed disk encryption toggling and the disk encryption aggregate data.
-
Added support to update a team's disk encryption via the Modify Team (
PATCH /api/latest/fleet/teams/{id}
) endpoint. -
Added a new API endpoint to gate access to an enrollment profile behind Okta authentication.
-
Added new configuration values to integrate Okta in the DEP MDM flow.
-
Added
GET /mdm/apple/profiles/summary
endpoint. -
Updated API endpoints that use
team_id
query parameter so thatteam_id=0
filters results to include only hosts that are not assigned to any team. -
Adjusted the
aggregated_stats
table to compute and store statistics for "no team" in addition to
per-team and for all teams. -
Added MDM profiles status filter to hosts endpoints.
-
Added indicators of aggregate host count for each possible status of MDM-enforced mac settings
(hidden until 4.30.0). -
As part of JIT provisioning, read user roles from SAML custom attributes.
-
Added Win 10 policies for CIS Benchmark 18.x.
-
Added Win 10 policies for CIS Benchmark 2.3.17.x.
-
Added Win 10 policies for CIS Benchmark 2.3.10.x.
-
Documented CIS Windows10 Benchmarks 9.2.x to cis policy queries.
-
Document CIS Windows10 Benchmarks 9.3.x to cis policy queries.
-
Added button to show query on policy results page.
-
Run periodic cleanup of pending
cron_stats
outside theschedule
package to prevent Fleet outages from breaking cron jobs. -
Added an invitation for users to upgrade to Premium when viewing the Premium-only "macOS updates"
feature. -
Added an icon on the policy table to indicate if a policy is marked critical.
-
Added
"instanceID"
(akaowner
oflocks
) toschedule
logging (to help troubleshooting when
running multiple Fleet instances). -
Introduce UUIDs to Fleet errors and logs.
-
Added EndeavourOS, Manjaro, openSUSE Leap and Tumbleweed to HostLinuxOSs.
-
Global observer can view settings for all teams.
-
Team observers can view the team's settings.
-
Updated translation rules so that Docker Desktop can be mapped to the correct CPE.
-
Pinned Docker image hashes in Dockerfiles for increased security.
-
Remove the
ATTACH
check on SQL osquery queries (osquery bug fixed a while ago in 4.6.0). -
Don't return internal error information on Fleet API requests (internal errors are logged to stderr).
-
Fixed an issue when applying the configuration YAML returned by
fleetctl get config
with
fleetctl apply
when MDM is not enabled. -
Fixed a bug where
fleetctl trigger
doesn't release the schedule lock when the triggered run
spans the regularly scheduled interval. -
Fixed a bug that prevented starting the Fleet server with MDM features if Apple Business Manager
(ABM) was not configured. -
Fixed incorrect MDM-related settings documentation and payload response examples.
-
Fixed bug to keep team when clicking on policy tab twice.
-
Fixed software table links that were cutting off tooltip.
-
Fixed authorization action used on host/search endpoint.
Fleet 4.28.1 (March 14, 2023)
- Fixed a bug that prevented starting the Fleet server with MDM features if Apple Business Manager (ABM) was not configured.
Fleet 4.28.0 (Feb 24, 2023)
-
Added logic to ingest and decrypt FileVault recovery keys on macOS if Fleet's MDM is enabled.
-
Create activity feed types for the creation, update, and deletion of macOS profiles (settings) via
MDM. -
Added an API endpoint to retrieve a host disk encryption key for macOS if Fleet's MDM is enabled.
-
Added UI implementation for users to upload, download, and deleted macos profiles.
-
Added activity feed types for the creation, update, and deletion of macOS profiles (settings) via
MDM. -
Added API endpoints to create, delete, list, and download MDM configuration profiles.
-
Added "edited macos profiles" activity when updating a team's (or no team's) custom macOS settings via
fleetctl apply
. -
Enabled installation and auto-updates of Nudge via Orbit.
-
Added support for providing
macos_settings.custom_settings
profiles for team (with Fleet Premium) and no-team levels viafleetctl apply
. -
Added
--policies-team
flag tofleetctl apply
to easily import a group of policies into a team. -
Remove requirement for Rosetta in installation of macOS packages on Apple Silicon. The binaries have been "universal" for a while now, but the installer still required Rosetta until now.
-
Added max height on org logo image to ensure consistent height of the nav bar.
-
UI default policies pre-select targeted platform(s) only.
-
Parse the Mac Office release notes and use that for doing vulnerability processing.
-
Only set public IPs on the
host.public_ip
field and add documentation on how to properly configure the deployment to ingest correct public IPs from enrolled devices. -
Added tooltip with link to UI when Public IP address cannot be determined.
-
Update to better URL validation in UI.
-
Set policy platforms using the platform checkboxes as a user would expect the options to successfully save.
-
Standardized on a default value for empty cells in the UI.
-
Added link to query table in UI source (fleetdm.com/tables/table_name).
-
Added live query distributed interval warnings on select targets picker and live query result page.
-
Added a macOS settings indicator and modal on the host details and device user pages.
-
Added configuration parameters for the filesystem logging destination -- max_size, max_age, and max_backups are now configurable rather than hardcoded values.
-
Live query/policy selecting "All hosts" is mutually exclusive from other filters.
-
Minor server changes to support Fleetd for ChromeOS (to be released soon).
-
Fixed
network_interface_unix
andnetwork_interface_windows
to ingest "Private IPs" only
(filter out "Public IPs"). -
Fixed how the Fleet MDM server URL is generated when stored for hosts enrolled in Fleet MDM.
-
Fixed a panic when loading information for a host enrolled in MDM and its
is_server
field is
NULL
. -
Fixed bug with host count on hosts filtered by operating system version.
-
Fixed permissions warnings reported by Suspicious Package in macos pkg installers. These warnings
appeared to be purely cosmetic. -
Fixed UI bug: Long words in activity feed wrap within the div.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
2dee40746d565ae0294c417deabfd151587e14d2702fc2960119f0103d363b25 fleetctl_v4.29.0_linux.tar.gz
37a83abb7852da9b51059c449a2684f5f3c96a2784345091614d691ba84799e0 fleetctl_v4.29.0_linux.zip
62fe66bebdc86de466965bbc2f2da7cb1a3452ea7ba2edb821fc8a46d55a5224 fleet_v4.29.0_linux.tar.gz
83641dbb578de93b35f55a3f69f02d5a9b8042d8ad3454dc41d23ab257c83959 fleetctl_v4.29.0_macos.tar.gz
ad0968185cf8bfda16727223b5a5716eae443f72df0bdd1d93d41dcf30f40a7f fleetctl_v4.29.0_macos.zip
b351df4a1dd5eb55e567db259cce1e9d1e37fab858ae208b58b83d2519a0b97c fleetctl_v4.29.0_windows.zip
cf8f39045e06a45aaa18772476342f4c6871ae236b8d8fed16dbf3db5857f7b9 fleetctl_v4.29.0_windows.tar.gz