github fleetdm/fleet fleet-v4.74.0
on GitHub

15 hours ago

Fleet 4.74.0 (Oct 6, 2025)

Security Engineers

  • Added support for Hydrant as a Certificate Authority and added an experimental API that can be used to have Fleet request a certificate from a Hydrant.
  • Added a check to disallow FLEET_SECRET variables in Apple configuration profile <PayloadDisplayName> fields for security.
  • Added /batch/{batch_execution_id:[a-zA-Z0-9-]+}/host-results API endpoint to list hosts targeted in batch.
  • Added POST /api/v1/fleet/configuration_profiles/batch API endpoint to batch modify MDM configuration profiles.
  • Added a new page in the UI for batch script run details.
  • Added support for AWS RDS (MySQL) IAM authentication.
  • Added support for AWS ElastiCache (Redis) IAM authentication.
  • Added support for hosts enrolled with Company Portal using the legacy SSO extension for Entra's conditional access.

IT Admins

  • Added setup experience software items for Linux devices.
  • Added API endpoints for Linux setup experience.
    • Device API endpoints for fleetd: POST /api/fleet/orbit/setup_experience/init and POST /api/v1/fleet/device/{token}/setup_experience/status.
    • PUT /api/v1/fleet/setup_experience/software and GET /api/v1/fleet/setup_experience/software now have a platform argument (linux or macos, defaults to macos).
  • Added IdP fullname attribute as a valid Fleet variable for Apple configuration profiles.
  • Added the username of the managed user account user-scoped profiles are delivered to for macOS hosts.
  • Enabled configuring webhook and ticket policy (Jira/Zendesk) automations for "No team".
  • Added support for writing multiple packages in a single GitOps YAML file included under software.packages.
  • Moved self_service, labels_include_any, labels_exclude_any, categories, and setup_experience declarations to team level for software in GitOps; setup_experience can now be set on a software package, Fleet Maintained App, or App Store app.
  • Changed GET /host/:id to return an empty array for software field when exclude_software=true.
  • Updated generate-gitops command to output filenames with emojis and other special characters where applicable.
  • Added a Fleet-maintained app for macOS: Omnissa Horizon Client.
  • Added opening instructions to self-service macOS apps and Windows programs.

Other improvements and bug fixes

  • Added index to distributed_query_campaign_targets table to speed up DB performance for live queries.

WARNING: For deployments with millions of rows in distributed_query_campaign_targets, the database migration to add the index may take significant time. We recommend testing migration duration in a staging environment first. The initial cleanup of old campaign targets will occur progressively over multiple hours to avoid database overload.

  • Added clean up of live query campaign targets 24 hours after campaign completion. This keeps the DB size in check for performance of large and frequent live query campaigns.
  • Improved OpenTelemetry integration to add tracing to async tasks (host seen, labels, policies, query stats) and improve HTTP span naming, enabled gzip compression, reduced batch size to prevent gRPC errors.
  • Updated output from packages_only=true so that it only returns software with available installers.
  • Added tarballs summary card back into UI.
  • Improved the sorting of batch scripts in the Batch Progress UI. Batches in the "started" state now sort by started date, and batches in the "finished" state now sort by the finished date.
  • Removed inaccurate host count timestamp on the software version details page.
  • Downgraded "distributed query is denylisted" error to a warning on the Fleet server since this message indicates a likely issue on the host and not the server. We will surface this issue in the UI in the future.
  • Improved performance for YARA rules: when modifying config (PATCH /api/latest/fleet/config) with a large number of yara rules and when large numbers of hosts fetch rules via /api/osquery/yara/{name} endpoint.
  • Improved performance when updating multiple policies in the UI. The policies are now updated in series to reduce server/DB load.
  • Added user icon to OS settings custom profiles on host details page if they are user scoped.
  • Added clearer error messages when a new password doesn't meet the password criteria.
  • Removed extra spacing from under disk encryption table.
  • Updated fleetctl get mdm-command-results to show output in a vertical format instead of a table.
  • Optimized os_versions API response time.
  • Added logic to detect and fix migration issues caused by improperly published Fleet v4.73.2 Linux binary.
  • Refactored ApplyQueries DS method so that queries are upserted in batches, this was done to avoid deadlocks during large gitops runs.
  • Refactored the way failing policies are computed on host details endpoint to avoid discrepancies due to read replica delays and async computation.
  • Refactored PATH fleet/config endpoint to use the primary DB node for both persisting changes and fetching modified App Config.
  • Fixed missing ticket integration options in Policies -> Other workflows modal for teams.
  • Fixed deduplicating bug in UI to only count unique vulns when counting software title vulnerabilities across versions in various software title vulnerabilities count, and host software title vulnerabilities count.
  • Fixed cases where the default auto-install policy for .deb packages would treat installed-then-uninstalled software as still installed.
  • Fixed the message rendered from user_failed_login global activities on the Activity feed if the email is not specified.
  • Fixed fleetctl printing binary data to terminal in debug mode.
  • Fixed a bug where incorrect CVEs were received from MSRC feed.
  • Fixed Fleet-installed host count not updating after software is installed over an older version.
  • Fixed UI issue in the Dashboard page. The software card is now rendered while content is been fetched to avoid the layout to jump around.
  • Fixed error when updating a script to exactly match the contents of another script.
  • Fixed an issue where string concatenations in a LIKE expression caused a syntax error in the query editor.
  • Fixed fleetctl gitops issue uploading an Apple configuration profile with a FLEET_SECRET in a <data> field.
  • Fixed Linux lock script on Ubuntu with GDM to now switch UI to text mode to work around GUI issues.
  • Fixed Google Cloud Storage (GCS) support broken since Fleet 4.71.0 by implementing a workaround for AWS Go SDK v2 signature compatibility issues with GCS endpoints.
  • Fixed banner link colors in UI.
  • Fixed an alignment issue on the My device page.
  • Fix deadlocks when updating automations for 10+ policies at one time.

Fleet-maintained app updates and vulnerability fixes are applied, whether or not you upgrade.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.47.2
  2. fleet-desktop-v1.48.1 (included with Orbit)
  3. fleetd-chrome-v1.3.3

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our upgrade guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256 

530df71bda192c2468c2d0e26bfbcd76137decab25c7f80749e67c6bdce84167  fleet_v4.74.0_linux.tar.gz
fa54e95129c4c33dd15245de7107cbcea666c9b83fc5facc54f1be9995ab1984  fleetctl_v4.74.0_linux_amd64.tar.gz
94865880a4514d2a0ccfb6e47746d13b030675286f8053b4e274934144b6a140  fleetctl_v4.74.0_linux_amd64.zip
d1ae2a3ab9d51456cda7fe3e165f2a42213db95090d3a92bb94ebf302bd61b77  fleetctl_v4.74.0_linux_arm64.tar.gz
63acdbcbea1de155a45381e97dfb86cff286ff8d551ca803292fada84171153f  fleetctl_v4.74.0_linux_arm64.zip
751d6b30d2cb0afd040fce9af784305c1a72c5d129fe1df1e47cd1a280f81019  fleetctl_v4.74.0_macos.tar.gz
696c8e59a2890bf03e68359db62ea5994ae273202748bc7fbdc6a6ab22761783  fleetctl_v4.74.0_macos.zip
44a549e26072d749a5328e8fbf2a831cfc69689254a9c424d13a862b41a232ac  fleetctl_v4.74.0_windows_amd64.tar.gz
2cefc31893421fb2400d88323c5fbef0e6d57ec52fe5473eda2d6aaac563ee1d  fleetctl_v4.74.0_windows_amd64.zip
701d0df3ad16e370303eca9cc16d0669079c93d0835e8513aa5e06187b069038  fleetctl_v4.74.0_windows_arm64.tar.gz
9f03fdde86877beb19547fcd09473edb65dec20c650598e4ae26f932f9df66b0  fleetctl_v4.74.0_windows_arm64.zip
Check out latest releases or
releases around fleetdm/fleet fleet-v4.74.0

Don't miss a new fleet release

NewReleases is sending notifications on new releases.

Get notifications