Fleet 4.65.0 (Mar 14, 2025)
Security engineering
- Added UI for viewing certificate details on the host details and my device pages.
- Added new features to include certificates in host vitals for macOS, iOS, and iPadOS.
- Added the list host certificates (and list device's certificates) endpoints.
- Improved the copy for the delete and transfer host modal to be more clear about the disk encryption key behavior.
- Permit setting SSO metadata and metadata_url in gitops and UI.
- Fixed an issue where the Show Query modal would truncate large queries.
Vulnerability management
- Fixed Python for Windows software version mutation to avoid panics on software ingestion in some cases.
- Prevented an invalid
FLEET_VULNERABILITIES_MAX_CONCURRENCY
value from causing deadlocks during vulnerability processing. - Updated default for vulnerabilities max concurrency from 5 to 1.
- Updated CPE generation to more closely align with CPEs use in vulnerability feeds.
- Changed software version CVE resolved in version parsing and comparison to use custom code rather than semver.
- Added new (as of 2025-03-07) archives page to data source for MS Mac Office vulnerability feed (applies to vulnerabilities feed rather than a specific Fleet release).
- Fixed an issue with Fleet's processing of Python versions to ensure that the correct CPEs are checked for vulnerabilities.
- Fixed an issue with increased resource usage during vulnerabilities processing by adding database indexes.
- Fixed false-positives on released PowerShell versions for CVE-2025-21171 and all PowerShell versions on CVE-2023-48795.
IT engineering
- Implemented GitOps mode that locks settings in the UI that are managed by GitOps.
- Allowed VPP apps to be automatically installed via a Fleet-created policy.
- Added ability for users to automatically install App Store Apps without writing a policy in the Fleet UI.
- Updated the UI for adding and editing software for a cleaner, cohesive experience.
- Added auto-install to FMA via the API, replacing a more brittle client-side implementation.
- Added pagination inside each of the Manage Automations modals for policies.
- Added script execution to the new
upcoming_activities
table. - Added software installs to the new
upcoming_activities
table. - Added vpp apps installs to the new
upcoming_activities
table. - Updated the list upcoming activities endpoint to use the new
upcoming_activities
table as source of truth. - Added support to activate the next activity when one is enqueued or when one is completed.
- Added UI to the BYOD enrollment page to support enrolling Android devices into Fleet MDM.
- Added UI to turn on and off Android MDM.
- Added Android MDM activities.
NOTE: Android features are currently experimental and disabled by default. To enable, set
ANDROID_FEATURE_ENABLED=1
.
- Updated UI for device user page with improved instructions for turning on MDM.
- Added
PATCH /api/latest/fleet/software/titles/:id/name
endpoint for cleaning up incorrect software titles for software that has a bundle ID. - Added a daily job that keeps the App Store app version displayed in Fleet in sync with the actual latest version.
- Properly re-routed deleting a app on no team to no team software page insteal of all teams software page.
- Added a DB migration to migrate existing pending activities to the new unified queue.
- Added created_at timestamp for when a VPP app was added to a specific team.
NOTE: The database migration for the above hydrates timestamps for existing VPP app team associations based on when the associated VPP apps were first added to the database. To hydrate more accurate timestamps by pulling from VPP app add/edit activities, you can run the following query manually. It is not included in migrations as it requires full table scans of the
activities
table, which may result in long migration times.
UPDATE vpp_apps_teams vat
LEFT JOIN (SELECT MAX(created_at) added_at, details->>"$.app_store_id" adam_id, details->>"$.platform" platform, details->>"$.team_id" team_id
FROM activities WHERE activity_type = 'added_app_store_app' GROUP BY adam_id, platform, team_id) aa ON
vat.global_or_team_id = aa.team_id AND vat.adam_id = aa.adam_id AND vat.platform = aa.platform
LEFT JOIN (SELECT MAX(created_at) edited_at, details->>"$.app_store_id" adam_id, details->>"$.platform" platform, details->>"$.team_id" team_id
FROM activities WHERE activity_type = 'edited_app_store_app' GROUP BY adam_id, platform, team_id) ae ON
vat.global_or_team_id = ae.team_id AND vat.adam_id = ae.adam_id AND vat.platform = ae.platform
SET vat.created_at = COALESCE(added_at, vat.created_at), vat.updated_at = COALESCE(edited_at, added_at, vat.updated_at);
- Fixed an issue with assigning Windows MDM profiles to large numbers (> 65k) of hosts by batching the relevant database queries.
- Fixed policy software automation that falsely reported success in UI when updates actually failed. Users will now be properly notified of failed automation saves.
- Fixed a bug where uploading a macOS installer could prevent the software from being inventoried.
- Fixed a bug where target selector was present in a premature stage.
- Fixed a bug that caused macOS App Store apps to show up in Fleet as Windows apps if the Windows ersion of the app was already in Fleet.
- Fixed an issue where the ABM token teams were being reset when making updates to the app config.
- Fixed parsing of relative paths for MDM profiles in gitops
no-team.yml
. - Fixed a bug where new
fleetd
could not install software from old fleet server. - Fixed issue where
fleetctl gitops
was NOT deleting macOS setup experience bootstrap package and enrollment profile. GitOps should clear all settings that are not explicitly set in YAML config files.
Bug fixes and improvements
- Set collation and character set explicitly on database tables that were missing explicit values.
- Updated the copy printed on successful runs of
fleetctl package
. - Enabled redis cluster follow redierctions by default.
- Switched to a simpler, more reliable query for checking if an initial admin user has been added.
- Updated the styling of the "Used by" line on host details page to be easier to read and include more data in the tooltip.
- Added constistent behavior for table overflow and not hiding badges when user names overflow table cell.
- Updated wine to version 10.0 to improve support macOS-to-Windows installer creation on M1 chips.
- Updated UI to always show "Manage Automations" to permitted users.
- Fixed clicking "Show details" to open the software details modal on the My device page.
- Fixed an issue where link protection services would prematurely redeem MFA links.
- Fixed several links that were dropping team_id parameters resetting team to all teams.
- Fixed password authentication getting disabled when SMTP isn't configured.
- Fixed an issue where restarting the desktop manager on Ubuntu would cause the Fleet Desktop tray icon to disappear and not return.
Fleet's agent
The following version of Fleet's agent (fleetd
) support the latest changes to Fleet:
- orbit-v1.40.1
fleet-desktop-v1.40.1
(included with Orbit)- fleetd-chrome-v1.3.1
While newer versions of
fleetd
still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for Fleet is available at fleetdm.com/docs.
Binary Checksum
SHA256
bcba43ca75ecd2ae6ea909ea947dfef61df4c22fb0ad0c72782bfe003140d2bb fleet_v4.65.0_linux.tar.gz
8359af5b95acff2ac0b1124fe167c6a46144c1a73679827c0bd497c51bf3a0a6 fleetctl_v4.65.0_linux_amd64.tar.gz
4f42efd2505b17077444819993d99ea1c1444829e317ce1ac4180153af68725c fleetctl_v4.65.0_linux_amd64.zip
71313864e43d2071e6036a6b6f483859484b9cc5fc4606916356676a821223e2 fleetctl_v4.65.0_linux_arm64.tar.gz
de847aa6a189aa530a36b786aa2214a64bc2fd767324185e09b90cb7ddee918d fleetctl_v4.65.0_linux_arm64.zip
207680c4559b3c26bfa31b0d5d38ce277597b8e719e8d4c707a845e71049ee0e fleetctl_v4.65.0_macos.tar.gz
2c56038f7cdab28c26dd688d3bf38dcb26dbca99ebf587edb2653215383f03a9 fleetctl_v4.65.0_macos.zip
ec21ef7ab53702919b70abd71124a2cf1765084e1d632f6e99b67df707dcd8d3 fleetctl_v4.65.0_windows_amd64.tar.gz
92b5e82b7b5bde10e2bd8de9b0cd32e20a545bfea5f0d875615953ebe5bcb1a5 fleetctl_v4.65.0_windows_amd64.zip
41cb3774a6743719605b2672ff0842ae8ae530a54e64b57313421804e2a13cfc fleetctl_v4.65.0_windows_arm64.tar.gz
5fa928283df7b0ef723770fe2586b4f6593ff4846a3b936ac82815d22af13fcd fleetctl_v4.65.0_windows_arm64.zip