github fleetdm/fleet fleet-v4.59.0
on GitHub

latest release: orbit-v1.36.0-1-build-test
one day ago

Fleet 4.59.0 (Nov 12, 2024)

Endpoint operations

  • Updated OpenTelemetry libraries to latest versions. This includes the following changes when OpenTelemetry is enabled:
    • MySQL spans outside of HTTPS transactions are now logged.
    • Renamed MySQL spans to include the query, for easier tracking/debugging.
  • Added capability for fleetd to report vital errors to Fleet server, such as when Fleet Desktop is unable to start.

Device management (MDM)

  • Added UI for adding a setup experience script.
  • Added UI for the install software setup experience.
  • Added software experience software title selection API.
  • Added database migrations to support Setup Experience.
  • Added support to fleetctl gitops to specify a setup experience script to run and software to install, for a team or no team.
  • Added an Orbit endpoint (POST /orbit/setup_experience/status) for checking the status of a macOS host's setup experience steps.
  • Added service to track install status.
  • Added ability to connect a SCEP NDES proxy.
  • Added SCEP proxy for Windows NDES (Network Device Enrollment Service) AD CS server, which allows devices to request certificates.
  • Added error message on the My Device page when MDM is off for the host.
  • Added a config field to the UI for custom MDM URLs.
  • Added integration to queue setup experience software installation on automatic enrollment.
  • Added a validation to prevent removing a software package or a VPP app from a team if that software is selected to be installed during the setup experience.
  • Updated user permissions to allow gitops users to run MDM commands.
  • Updated to remove a pending MDM device if it was deleted from current ABM.
  • Updated to ensure details for a software installation run are available and accurate even after the corresponding installer has been edited or deleted.
    • NOTE: The database migration included with this update backfills installer data into installation details based on the currently uploaded installer. If you want to backfill data from activities (which will be more comprehensive and accurate than the migration default, but may take awhile as the entire activities table will be scanned), run this database query after running database migrations: 
UPDATE host_software_installs i
JOIN activities a ON a.activity_type = 'installed_software'
	AND i.execution_id = a.details->>"$.install_uuid"
SET i.software_title_name = COALESCE(a.details->>"$.software_title", i.software_title_name),
	i.installer_filename = COALESCE(a.details->>"$.software_package", i.installer_filename),
	i.updated_at = i.updated_at
  • The above query is optional, and is unnecessary if no software installers have been edited.

Vulnerability management

  • Added filtering Software OS view to show only OSes from a particular platform (Windows, macOS, Linux, etc.)
  • Fixed issue where the vulnerabilities cron failed to complete due to a large temporary table creation when calculating host issue counts.
  • Fixed Debian python package false positive vulnerabilities by removing duplicate entries for Debian python packages installed by dpkg and renaming remaining pip installed packages to match OVAL definitions.

Bug fixes and improvements

  • Fixed the ADE enrollment release device processing for hosts running an old fleetd version.
  • Fixed an issue with the BYOD enrollment page where it sometimes would show a 404 page.
  • Fixed issue where macOS and Linux scripts failed to timeout on long running commands.
  • Fixed bug in ABM renewal process that caused upload of new token to fail.
  • Fixed blank install status when retrieving install details from the activity feed when the installer package has been updated or the software has since been removed from the host.
  • Fixed the svg icon for Edge.
  • Fixed frontend error when trying to view install details for an install with a blank status.
  • Fixed loading state for the profile status aggregate UI.
  • Fixed incorrect character set header on manual Mac enrollment config download.
  • Fixed fleetctl gitops to support VPP apps, along with setting the VPP apps to install during the setup experience.
  • Fixed bug where PATCH /api/latest/fleet/config was incorrectly clearing VPP token<->team associations.
  • Fixed issue when trying to download the manual enrollment profile when device token is expired. We now show an error for this case.
  • Fixed a bug where DDM declarations would remaing "pending" forever if they were deleted from Fleet before being sent to hosts.
  • Fixed a bug where policy failures of a host were not being cleared in the host details page after configuring the host to not run any policies.
  • Fixed iOS and iPadOS device release during the ADE enrollment flow.
  • Ignored --delete-other-teams flag in fleetctl gitops command for non-Premium license users.
  • Switched Nudge deadline time for OS upgrades on macOS pre-14 hosts from 04:00 UTC to 20:00 UTC.
  • Added a more descriptive error message when install or uninstall details do not exist for an activity.
  • Updated to allow FLEET_REDIS_ADDRESS to include a redis:// prefix. Allowed formats are: redis://host:port or host:port.
  • Documented that Microsoft enrollments have less fields filled in the mdm_enrolled activity due to how this MDM enrollment flow is implemented.
  • Updated UI to make entire rows of the Disk encryption table clickable.
  • Updated software install activities from policy automations to be authored by "Fleet", store policy ID and name on each activity.
  • Updated tooltip for bootstrap package and VPP app statuses in UI.
  • Added created_at/updated_at timestamps on user create endpoint.
  • Updated UI notifications so that clicking in the horizontal dimension of a flash message, outside of the message itself, and always hide flash messages when changing routes.
  • Filtered out VPP apps on non-MDM enrolled devices.
  • Explicitly set line heights on "add profile" messages so they are consistent cross-browser.
  • Deprecated the worker-based job to release macOS devices automatically after the setup experience, replace it with the fleetd-specific "/status" endpoint that is polled by the Setup Experience dialog controlled by Fleet during the setup flow.
  • Improved UI feedback when user attempts and fails to reset password.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.35.0
  2. fleet-desktop-v1.35.0 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256 

4fd0375d38834bfcfbda7cc90eb3a9a686a4c437d2fd0052f8413406503f0006  fleet_v4.59.0_linux.tar.gz
cc2290edd90efeaf0206ba916b2120ccf2670b689b8132df805c93bb41c4d1c0  fleetctl_v4.59.0_linux.tar.gz
7c152fe34f7b81a6bb44e44b76534c0ff8031f2c7cbad10aa5aca93c9154c345  fleetctl_v4.59.0_linux.zip
3470c3a79a7ab3ede1a9275c45689d42946b01ce1a1a7090e02c1e898d3c9a34  fleetctl_v4.59.0_macos.tar.gz
924f80b8017bfda84218fe785eb8a082695510d8b610c02a758ea999dc85caf3  fleetctl_v4.59.0_macos.zip
893632921a873386f69d361f429ed04242490c8616c06bd38e4be27e61fa24b2  fleetctl_v4.59.0_windows.tar.gz
b9c4661bbe8df2b91e3e80cda61dc46af8064c6276cc72474b86919bbc49db94  fleetctl_v4.59.0_windows.zip
Check out latest releases or
releases around fleetdm/fleet fleet-v4.59.0

Don't miss a new fleet release

NewReleases is sending notifications on new releases.

Get notifications