github fleetdm/fleet fleet-v4.69.0
on GitHub

latest releases: orbit-v1.47.2, orbit-v1.47.1, orbit-v1.47.0...
2 months ago

Fleet 4.69.0 (June 14, 2025)

Security Engineers

  • Added vulnerability detection via OVAL for Ubuntu 24.10 and 25.04.
  • Added ability to sync end user's IdP information with Microsoft Entra ID using SCIM protocol.
  • Added ability to sync end user's IdP information with Authentik using SCIM protocol.
  • Updated Windows 11 Enterprise CIS policies to version 4.0.
  • Added new Detail Query 'luks_verify' used to verify if the stored LUKS key is valid.
  • Added additional checks to vulnerability feed validation to prevent deploying an un-enriched NVD feed.
  • Added SHA256 hash of Mac applications to signature information in host software response.
  • Added FLEET_AUTH_SSO_SESSION_VALIDITY_PERIOD environment variable for overriding how long end users have to complete SSO.
  • Added ability to execute scripts on up to 5,000 hosts at a time using filters.
  • Added ability to run a script on all hosts that match the current set of supported filters.
  • Added a new API GET /scripts/batch/summary/:batch_execution_id endpoint for retrieving a summary of the current state of a batch script execution.
  • Added the endpoint POST /api/v1/fleet/configuration_profiles/resend/batch to resend a profile to all hosts that satisfy the filter.
  • Added a starter library that is automatically applied to all new Fleet instances during setup.

IT Admins

  • Added ability to execute scripts on up to 5,000 hosts at a time using filters.
  • Added ability to run a script on all hosts that match the current set of supported filters.
  • Added a new API GET /scripts/batch/summary/:batch_execution_id endpoint for retrieving a summary of the current state of a batch script execution.
  • Added the endpoint POST /api/v1/fleet/configuration_profiles/resend/batch to resend a profile to all hosts that satisfy the filter.
  • Added ability to uninstall software via Self-service tab of My device.
  • Added a starter library that is automatically applied to all new Fleet instances during setup.
  • Added FLEET_MDM_SSO_RATE_LIMIT_PER_MINUTE environment variable to allow increasing MDM SSO endpoint rate limit from 10 per minute. When supplied, this parameter also splits MDM SSO into its own rate limit bucket (default is shared with login endpoints).
  • Added ability to sync end user's IdP information with Microsoft Entra ID using SCIM protocol.
  • Added ability to sync end user's IdP information with Authentik using SCIM protocol.
  • Updated Apple MDM enrollment to skip webview popup when end user authentication is disabled.
  • Added SHA256 hash of Mac applications to signature information in host software response.
  • Added UI to filter hosts by config profile status.
  • Added UI for seeing custom profile status and to batch resend to hosts its failed on.
  • Added filtering for hosts endpoints by MFM config profile and status.
  • Added immediate cancellation of profile delivery when a profile is deleted; if it had already been installed then its removal will be pending.
  • Added ability to turn off MDM for iPhone and iPad hosts on the hosts details page.
  • Added ability for gitops mode to add a custom package on the software page to then copy/paste the YAML needed for packages that cannot be referenced with a URL.

Other improvements and bug fixes

  • Fixed issue where SSO settings, SMTP settings, Features and MDM end-user authentication settings would not be cleared if they were omitted from YAML files used in a GitOps run.

GITOPS USERS: If you have these settings configured via the Fleet web application and you use GitOps to manage your configuration, be sure settings are present in your global YAML settings file before your next GitOps run.

  • Added Neon to the list of platforms that are detected as Linux distributions.
  • Updated scripts so that editing will now cancel queued executions.
  • Warn users of consequences when updating script contents.
  • Improved effectiveness of app-wide text-truncation-into-tooltip functionality.
  • Prevented misleading UI when a saved script's contents have changed by only showing a run script activity's script contents if the script run was ad-hoc.
  • Stopped policy automations from running on macOS hosts until after setup experience finishes so that Fleet doesn't attempt to install software twice.
  • Added tooltip informing users a test email will be sent when SMTP settings are changed.
  • Added copyable SHA256 hash to the software details page.
  • Added device user API error state to replace generic Fleet UI error state in Fleet desktop.
  • Revised PKG custom package parsing to pick the correct app name and bundle ID in more instances.
  • Ensured consistent failing policies and total issues counts on the host details page by re-calculating these counts every time the API receives a request for that host.
  • Allowed Fleet secret environment variables for the MacOS setup script.
  • Validated uploaded bootstrap package to ensure that it is a Distribution package since that is required by Apple's InstallEnterpriseApplication MDM command.
  • Modified the Windows MDM detection query to more accurately detect existing MDM enrollment details on hosts with multiple enrollments.
  • Created consistent UI for the copy button of an input field.
  • Updated the notes for the disk_info table to clarify usage in ChromeOS.
  • Fixed an issue where the cursor on the SQL editor would sometimes become misaliged.
  • Fixed slight style issues with the user menu.
  • Fixed an issue where adding/updating a manual label had inconsistent results when multiple hosts shared a serial number.
  • Fixed reading disk encryption key not showing up in host activities.
  • Fixed a bug where a host that was wiped and re-enrolled without deleting the corresponding host row in Fleet had its old Google Chrome profiles (and other osquery-based data) showing for about an hour.
  • Fixed an issue in the database migrations released in 4.68.0 where Apple devices with UDID values longer than 36 characters would cause a failure in the migration process; the host_uuid column for tables added by that migration has been increased to accommodate these longer UDID values.
  • Fixed issue with GitOps command that prevented non-managed labels to be deleted if used by software installations.
  • Fixed several corner cases with Apple DDM profile verification, including a migration to clear out "remove" operations with invalid status.
  • Fixed a bug that caused a 500 error when searching for non-existent Fleet-maintained apps.
  • Fixed a bug where global observers could access the "delete query" UX on the queries table.
  • Fixed parsing of some MSI installer names.
  • Fixed a bug where deleting an upcoming activity did not ensure the upcoming activities queue made progress in some cases.
  • Fixed a CIS query (Ensure Show Full Website Address in Safari Is Enabled).

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.43.0
  2. fleet-desktop-v1.43.0 (included with Orbit)
  3. fleetd-chrome-v1.3.2

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256 

c2c36d24e68074ea850ea215c52bcd1a0d4b47018b9df331c21965dd38e98624  fleet_v4.69.0_linux.tar.gz
ff54222ce7002721eebfd8de97e508bcc5718035a993551c0a0ad8da79dfadb7  fleetctl_v4.69.0_linux_amd64.tar.gz
d9865fdd0492b17d5b569eeba189a020301d339c3a6cf28a319f7c66901b864f  fleetctl_v4.69.0_linux_amd64.zip
cb4b6698f848734ba900f10c54cb4a128b05b0fc2a2e8ba01e2d44a4d54ee61d  fleetctl_v4.69.0_linux_arm64.tar.gz
ce9cd4e77a2dc2f1ea0250befb7fbf530cfe66b40d693695b63032bc5b6fda42  fleetctl_v4.69.0_linux_arm64.zip
c8017c6ae1b46f6cda05d304913152e589a1aef39195b8c7e12d52a12fd528d0  fleetctl_v4.69.0_macos.tar.gz
9d3cd4d4b0a1233b171ab2a930a7c36ce5d05c4b510cc2874b86921b8dc69bea  fleetctl_v4.69.0_macos.zip
da41fead78ea0bb9116b6f2d60f526b039747abbb8e8565ae17fd495bdaabfe9  fleetctl_v4.69.0_windows_amd64.tar.gz
f2e56aa5eb4ade9c2bc7d2af7e96eaf98b1bed214b13ec0eeca0529b70263279  fleetctl_v4.69.0_windows_amd64.zip
9d93911515c61f37f54465f96ecc6558124bcffbd167dded25101e2c0d759a9a  fleetctl_v4.69.0_windows_arm64.tar.gz
3cef4f8ce5fd5e5f59fb46d8f7dca2e7e56bb58977b63829ff3ecab26a3162dc  fleetctl_v4.69.0_windows_arm64.zip
Check out latest releases or
releases around fleetdm/fleet fleet-v4.69.0

Don't miss a new fleet release

NewReleases is sending notifications on new releases.

Get notifications