github fleetdm/fleet fleet-v4.72.0
on GitHub

latest releases: orbit-v1.50.2, fleetd-android-v1.0.0, fleet-v4.77.0...
4 months ago

Fleet 4.72.0 (Aug 13, 2025)

Security Engineers

  • Added support for issuing host identity certificates through SCEP (Simple Certificate Enrollment Protocol) that fleetd can use with TPM 2.0 hardware to cryptographically sign all HTTP requests.
  • Added flag --fleet-managed-host-identity-certificate to generate fleetd packages for linux that use TPMs to sign HTTP requests.
  • Added sso_server_url configuration option to support SSO setups with separate URLs for admin access vs agent/API access. When set, SSO authentication will only work from the specified URL. This fixes SSO authentication errors for organizations using dual URL configurations.

IT Admins

  • Added support for Apple Account Driven User Enrollment for iOS/iPadOS when end user authentication is configured.
  • Added support for MS-MDE2 v7.0 Windows MDM Enrollments.
  • Added the following Fleet-maintained apps for macOS: iTerm2, Yubikey Manager, VNC Viewer, Beyond Compare.
  • On the host details > software > library page and Fleet Desktop > Self-service page, show installer status and installer actions based on what software is detected in software inventory.
  • On the host details > software > library page and Fleet Desktop > Self-service page, show user's when a software can be updated, allowing users to easily trigger a software update and see fresh data after an update completes.
  • Updated VPP apps reported by osquery to retain their last install information when viewed in host software library.
  • Switched to more comprehensive UpgradeCode based uninstall scripts when an UpgradeCode can be extracted from an MSI custom package.

Other improvements and bug fixes

  • Added support for fleetd TUF extensions on Linux arm64 and Windows arm64 devices.
  • Added a fallback to package install path for extracting app names from uploaded PKG packages.
  • Added special handling for version extraction of Fleet-maintained app manifests that reference a download URL that isn't version-pinned.
  • Improved fleetctl gitops type error mesages.
  • Improved accuracy of auto-install queries for custom MSI packages by using a better identifier.
  • Label created_at no longer factored in when scoping software packages by "exclude any" manual labels.
  • Refactored AddHostsToTeam method to fix race condition introduced by global var.
  • Changed enable_software_inventory to default to true if missing from gitops config.
  • Modified backend for GET /api/v1/fleet/commands when filtering by host_identifier to address performance concerns and exhausting database connections when API is called concurrently for many hosts.
  • Allowed users of Fleet in Primo mode to access Software automations and failing policy ticket & webhook automations.
  • Update UI to support personally enrolled MDM devices.
  • Removed DEB and RPM installers from installable software lists on hosts with incompatible Linux distributions (e.g. Ubuntu for an RPM).
  • Revised MSI uninstall scripts to wait for an uninstall to complete before returning and avoid restarting after an uninstall.
  • Added back software mutation on ingestion to fix non-semver-compliant software versions, starting with DCV Viewer.
  • Increased timeouts on /fleet/mdm/profiles/batch to better support customer workflows with large numbers of profiles.
  • Made consistent and update the Install and Uninstall detail modals for VPP and non-VPP apps across the Fleet UI.
  • Updated go to 1.24.6.
  • Fixed issue with package ids ordering causing software installers' scripts to be inconsistently generated.
  • Fixed incorrectly displayed status in controls OS Settings page, if a host was only pending or failing on declaration for removal.
  • Fixed bug with mdm_bridge Orbit table that caused panics due to invalid COM initialization.
  • Fixed bug where a certificate Distinguished Name (DN) parser did not allow forward slashes in the value which resulted in parsing error.
  • Fixed an issue where the detected date for software vulnerabilities was not being pulled correctly from the database.
  • Fixed missing empty host lists on manual labels in gitops.
  • Fixed an issue where two banners would sometimes be displayed on the host details page.
  • Fixed missing webhook url in automations tooltip.
  • Fixed an issue where using ESCAPE in a LIKE clause caused SQL validation to fail.
  • Fixed error when trying to escrow a linux disk key multiple times.
  • Fixed silent failure when passing flags after arguments in fleetctl.
  • Fixed wrongly formatted URL for EULA when accessing from Fleet UI and when shown in the iFrame for SSO callback.
  • Fixed stale pending remove apple declarations, if the host was offline while adding and removing the same declaration.
  • Fixed a case where a vulnerability would show up twice for a given operating system.
  • Fixed specification of policy software automations via GitOps when referring to software by hash from a software YAML file.
  • Fixed cases where the vulnerabilities list endpoint would count the same CVE multiple times for the count field returned with a result set.
  • Fixed an issue where SSO URLs with trailing slashes would cause authentication failures due to double slashes in the ACS URL. Both regular SSO and MDM SSO URLs now properly handle trailing slashes.
  • Fixed an issue during the DEP sync where errors such as 404 from the DEP API could result in devices never being assigned a cloud configuration profile.
  • Fixed server panic when listing software titles for "All teams" with page that contains a software title with a policy automation in "No team".

Fleet-maintained app updates and vulnerability fixes are applied, whether or not you upgrade.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.45.1
  2. fleet-desktop-v1.45.1 (included with Orbit)
  3. fleetd-chrome-v1.3.2

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our upgrade guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256 

92a387763538e1acd46c582cc7124ee405dfc8e43cdaf3206a5c742f458f3582  fleet_v4.72.0_linux.tar.gz
73e6e271339cabd060ddbc449d3f883d5474db5d5dcb7b493c2c7a018cdb32e5  fleetctl_v4.72.0_linux_amd64.tar.gz
dfcdf025b9b5ded3f720f67c0bef6533e92809426a5aac4064c166e44637f2a0  fleetctl_v4.72.0_linux_amd64.zip
da46a740b2646c3463924d2e755ce92ad4e81a6851b4d3c2c8e6f4fce7d5b2f5  fleetctl_v4.72.0_linux_arm64.tar.gz
c928de0478878829068a8ca625d3a971588baa44d6d78fb003e168563f612972  fleetctl_v4.72.0_linux_arm64.zip
0c71d31bb852e3d585bf33bcb52746418d43ab5fc4beca642ff2b133a2812b1a  fleetctl_v4.72.0_macos.tar.gz
983d407c345a3c8ef47bfa8a510f1ab0b4f710dc5f07f40b6c980837546e3d36  fleetctl_v4.72.0_macos.zip
c2696949505caf5521221200f1f6ecbc259e8d2fcd5c9b4a382927defb3cd6df  fleetctl_v4.72.0_windows_amd64.tar.gz
db953e7791905deba5984e7e813bc41a9fb56292fea5facf6499a88b995b64ae  fleetctl_v4.72.0_windows_amd64.zip
a97965b3fe3e9889ec5db92e8a367921dcc7677e6114bc6ca927c8c941f82021  fleetctl_v4.72.0_windows_arm64.tar.gz
86678801be06f9f361e9fed9c97477b9975ad66d39db71f6c999ab04862fcdea  fleetctl_v4.72.0_windows_arm64.zip
Check out latest releases or
releases around fleetdm/fleet fleet-v4.72.0

Don't miss a new fleet release

NewReleases is sending notifications on new releases.

Get notifications