Fleet 4.64.0 (Feb 18, 2025)
Device management (MDM)
- Included current host status and pending action in lock, unlock, and wipe API calls.
- Disk encryption keys are now archived when they are created or updated. They are never fully deleted from the database.
- Hosts that are restored from ABM no longer have old activities in their feed.
Orchestration
- Added bash interpreter support for script execution.
- Updated the activities feed with new design.
- Added
fleetctlon Linux ARM binary to releases. - Added clearer error states to metadata-related fields in the SSO settings form.
- Enforced consistency of on-click behavior of table rows.
- Added gzip compression for static CSS and JS assets to decrease bundle download times.
- Added API endpoint for updating script contents.
- Implemented various UI improvements to the scripts list.
- Added option to populate users and labels on list hosts endpoint.
- Checked the server for validity of any Fleet invites on load.
- Updateed user form validation to require a password be present when switching a user from SSO to password authentication.
- Updated the way new manual labels are created to better support adding large numbers of hosts at one time.
- Replaced "Include Fleet desktop" with host type radio selection buttons when adding Windows or Linux hosts.
- Disabled webhooks if not present in gitops.
Software
- Added ability to target app store apps with include/exclude labels.
- Added ability to edit targets or self service option for app store apps.
- Added details modal for add, edit, and delete app store app global activities.
- Added modal to edit script contents.
- Added download url for fleet maintained apps as
urlproperty onfleet/software/fleet_maintained_apps/:id. - Added "exclude_fleet_maintained_apps" option to
GET /api/v1/fleet/software/titles. - Surfaced download URL for Fleet-maintained app when adding the software to Fleet.
- Surfaced cleaner errors when adding Fleet-maintained apps.
- Revised software installer package validation to mark installers with no version as "unknown" for version rather than rejecting them.
- Resolved false negatives on vulnerabilities for IntelliJ IDEA Community Edition on Windows.
- Resolved false-positives for the
passHomebrew package andjiraPython package via a vulnerability feed update available to all Fleet versions on 2025-01-22. - Fixed a false negative vulnerability reporting for iTerm2 (available to all recent Fleet releases as of January 17th via a vulnerability feed update).
Bug fixes and improvements
- Removed duplicate Linux lock and wipe scripts from repository.
- Clarified text on the policies and queries pages when no policies/queries exist for the selected team (or All Teams).
- Updated the help text for 3 tabs of the Add hosts modal.
- Improved the look and feel of dropdowns in the UI.
- Improved look and feel of dashboard host count cards including hiding platforms with 0 count.
- Added util wrapper func around semver package to allow for custom preprocessing. Upgraded semver library to 3.3.1 and usage everywhere to version 3.
- Added link to information about installing fleetd when packages are generated.
- Optimized software ingestion queries to use existing DB indexes in the software titles table.
- Normalized padding spacing for list headers, lists, and help text across various modals.
- Removed the resend button for failed windows disk encryption profiles and add messaging that tells the user that Fleet with automatically retry this profile again.
- Refactored upstream error logic to allow disabling submit button when form errors are present.
- Improved the verified and verifying tooltips on the Profile Status on OS settings page.
- Improved settings context so that user's updates to the team agent options form when they navigate away and back again.
- Improved the teams dropdown so that it gracefully hides overflow from long team names.
- Updated the os settings Target form deadline input tooltip to make it more clear how the deadline works for hosts.
- Updated language in query comppatibility tooltip to clarify that compatibility is based only on tables.
- Optimized logging by ensuring illegal argument errors will no longer be logged at the ERROR level on the server. Since these are client errors, they will be logged at the DEBUG level instead. This will reduce the amount of noise in the server logs and help debugging other issues.
- Raised the frequency of sending anonymous statistics from every 24 hours to every 1 hour.
- Bumped Node.js version to 20.18.1.
- Bumped github cache action to 4.2.0.
- Added server debug logging for unexpected Apple DDM configuration status.
- Removed
fleetctlbinary from thefleetdm/fleetdocker image. - Removed erroneous "manage automations" link on dashboard for maintainers.
- Fixed window profiles error message being cut off in the OS settings modal.
- Fixed user page responsiveness to not overflow horizontally.
- Fixed case consistency for "Disk encryption" in host OS settings modal.
- Fixed styling for manage automation buttons and dropdown.
- Fixed a bug where query reports where not being recorded for hosts configured with
--logger_snapshot_event_type=true. - Fixed incorrect source value in device mapping REST API documentation.
- Fixed a bug in Fleet's handling of VPP token renewal requests.
- Fixed mail being sent with the incorrect SMTP Domain (thank you @mccormickt).
- Fixed filtering by vulnerable software for ios or ipad host.
- Fixed issue where some Windows MDM profiles were not being sent to hosts when hosts came back online.
- Fixed a bug where adding or removing a host with an identical name to/from a label caused the same action to be performed on other host(s) with the same name as well.
- Fixed Windows MDM issue where SessionID of 0 was not allowed.
- Fixed a bug with paginating team policies.
- Fixed a bug "software not found for checksum" in software ingestion transaction retries.
- Fixed issue with Windows disk encryption where status updates from "Verifying" to "Verified" were sometimes stuck in the "Verifying" state.
- Fixed a bug where server errors returned from the API were not successfully being incorporated into the user form error states.
- Fixed a bug where team admins are unable to enable or disable MFA for a user.
- Fixed a bug where only the first of multiple software titles with the same name and source but different bundle IDs would be successfully inserted into the database.
- Fixed issue verifying Windows CSP profiles that contain ADMX policies.
Fleet's agent
The following version of Fleet's agent (fleetd) support the latest changes to Fleet:
- orbit-v1.39.1
fleet-desktop-v1.39.1(included with Orbit)- fleetd-chrome-v1.3.1
While newer versions of
fleetdstill function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
51a811aaabbee948566e60a7521d4f9575be7625e8f3f0c730bb5eaa7603c4cb fleet_v4.64.0_linux.tar.gz
3c28599271ae296c3d4f027ff71576d2ca0b8ceb8b3a79f7c9411fb9d786af5e fleetctl_v4.64.0_linux.tar.gz
0a56aefb8135635c4bb7cb530b65d2cd6065cffa9a08170d59d5734763fc48f1 fleetctl_v4.64.0_linux.zip
9dd40e358a2e964b1d7768fde0898f3dfc10004895478d8cec2b91be0a5fc5c1 fleetctl_v4.64.0_linux_arm64.tar.gz
c279b7ff8ef5052588e7cd7cd78362e4a086b5c9a0c4291c819929d8435d431f fleetctl_v4.64.0_linux_arm64.zip
2cc53904097a7916e9712417b611c1e3fc43be4fab4ff0819d8e0ee4e9770032 fleetctl_v4.64.0_macos.tar.gz
62cb7587e55ebb2280f40379d296098fd0b75584279d4ae10649fa28844ca6b7 fleetctl_v4.64.0_macos.zip
935e797b12becaabb66deb818d04f60efd2a81e474e6522ebece8e8111fa8bc7 fleetctl_v4.64.0_windows.tar.gz
4035b2a555671ac1bbe68955a93029b1deec8242e0ef568aee50b91828a1c51a fleetctl_v4.64.0_windows.zip
08512fa9d118d00b02abb28ea02359d425c7827dadafeb9c922ab6f6c5da61e8 fleetctl_v4.64.0_windows_arm64.tar.gz
bbfae41779201acd34b1bce2f1b2426fcabf36365014881e3aebb44333f4c4e3 fleetctl_v4.64.0_windows_arm64.zip