fleetdm/fleet fleet-v4.76.0

on GitHub

Fleet 4.76.0 (Nov 7, 2025)

Security Engineers

• Added support for software inventory on Android hosts.
• Added support for npm packages in software inventory and vulnerability matching for macOS and Linux hosts.
• Added support for JetBrains inventory on hosts.
• Added vulnerbaility detection in JetBrains plugins.
• Added support for VSCode fork (Cursor, Windsurf, VSCodium, VSCodium Insiders, and Trae) extensions in software inventory.
• Added Santa tables to fleetd.

IT Admins

• Added ability to install software for iOS and iPadOS hosts during the setup experience.
• Added ability to specify VPP apps for automatic installation during ADE iOS and iPadOS host enrollment.
• Added the ability to lock iOS and iPadOS devices through lost mode.
• Added support for locking and unlocking iOS and iPadOS devices from the UI.
• Added configuration option to setup experience for macOS hosts to halt if any software install fails.
• Added gigs_all_disk_space vital collection, storage, service, and UI rendering for Linux hosts.
• Added new server config flag for specifying the cleanup age for completed distributed targets.

Other improvements and bug fixes

• Added link component shown in the host column to the host details page.
• Added flash warning when an unauthorized user tries to access teams settings.
• Added descriptive error in cases of manual macOS profile download failure.
• Updated the macOS setup experience to use the new web UI.
• Updated the UI for adding new scripts to the scripts library.
• Changed display logic for the organization logo component on the My Device page to prevent flickering.
• Improved performance of /api/latest/fleet/os_versions endpoint, especially for deployments with Linux hosts.
• Optimized MySQL queries on /api/latest/fleet/vulnerabilities and /api/latest/fleet/software/versions to improve performance for Fleet UI use cases.
• Optimized /config API endpoint to use the primary DB node for both persisting changes and fetching modified app config.
• Improved live query response times by adding a new server config flag for specifying the cleanup age for completed distributed targets.
• Improved query performance by using a lighter-weight query for checking if a team is enabled for conditional access.
• Changed license warning to only show one time during GitOps runs.
• Updated to allow setting an org support url to use the "file" protocol in the url.
• Changed the default name of Host Identity CA to 'Fleet Host Identity CA' to avoid conflict with Fleet's Apple MDM CA.
• Updated host details run script user flows to include a confirmation step.
• Applied singular word form to GitOps log messages when a single entity is referenced in the message.
• Updated the "Setting up your device" page to show status of setup script run.
• Deprecate browser in favor of extension_for in API responses and JSON/YAML outputs.
• Added migration to clear the platform field on all builtin labels.
• Added migration to relink missing SCIM user data to hosts.
• Updated host certificate renewal flow for NDES, Smallstep, custom scep proxy CAs to support $FLEET_VAR_SCEP_RENEWAL_ID in the OU field rather than CN.
• Updated device mapping API to allow an "idp" source to manually set IDP user mappings.
• Updated styling to be more consistent in edit policies view for FireFox.
• Replaced outdated Firefox icon with a new one that follows brand guidelines.
• Allowed testing a new or edited policy query via live query while in GitOps Mode.
• Fixed missing "failed" VPP app install activities when installation is canceled due to MDM being turned off for a host.
• Fixed bug where uploading a software installer failed because it was "not found in the datastore".
• Fixed missing aboslute timestamp tooltips on script creation date in script list, query modification date in query list.
• Fixed bug with the ChangeManagement component where the GitOps checkbox local UI state was being reset due to GET request after PATCH request.
• Fixed MySQL deadlocks when multiple hosts are updating their certificates in host vitals at the same time.
• Fixed an issue where longer variable names ($FLEET_VAR_HOST_END_USER_IDP_USERNAME_LOCAL_PART) with the same base ($FLEET_VAR_HOST_END_USER_IDP_USERNAME) was not processed in the right order.
• Fixed UI bug where "Show disk encryption key" option was incorrectly displayed for hosts enrolled with a third-party MDM solution.
• Fixed WhatsApp and VS Code icons not displaying correctly
• Fixed bad software ingestion debug message and added filter for invalid software with missing names.
• Fixed a bug where a software installer could be installed in the same team and same platform (macOS) where an App Store app already existed for the same software title, and vice-versa (App Store app added when a sofware package already existed, this one was only possible just via fleetctl gitops).
• Fixed listing hosts with populate_software not returning hash_sha256 for macos apps.
• Fixed bug where batch setting MDM profiles could cause a nil pointer dereference when processing an invalid profile (e.g., cannot parse mobileconfig because it is bad xml).
• Fixed bug hiding the UI elements post install script output in Software Install Details modal.
• Fixed software title host count mismatch that was caused by including software installers in the count.
• Fixed a scenario where a wiped Windows host re-enrolled as a distinct host row in Fleet and the previous host's page could not be loaded successfully.
• Fixed an issue where a host transfer on mdm_enrolled activity would be reversed by orbit enroll.
• Fixed a bug in live queries that caused livequery:{$CAMPAIGN_ID} Redis keys to not be cleaned up or expire.
• Fixed inconsistency in GitOps for App store apps if no VPP token was found, so that both dry run and actual run fails.
• Fixed the software title counts by status to be consistent with the status reported in the host's software list and filter by status.
• Fixed outdated tooltip on dark background logo URL field in Organization info settings.
• Fixed fleetctl generate-gitops when MDM is not turned on.

Fleet-maintained app updates and vulnerability fixes are applied, whether or not you upgrade.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.48.1
2. fleet-desktop-v1.49.1 (included with Orbit)
3. osquery-5.20.0 (included with Orbit)
4. fleetd-chrome-v1.3.3

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our upgrade guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

0fbb04d29e075b25a80d1c5acfdf60e9bfb38289cdf123a8f72b78dfe3bd805f  fleet_v4.76.0_linux.tar.gz
9d3eadeae6d3f1a2fbe65032c2a667945040d8a5db17f664c7532f5109701dd0  fleetctl_v4.76.0_linux_amd64.tar.gz
fa78a4fdddef9bf9ebb7eaeba43b719c24dc1629a30e46feed57855a4ad9d3ab  fleetctl_v4.76.0_linux_amd64.zip
7f030c055185d50d47852f152f8ec8bfc86bf883435a4b4ca6317a50b7e849b6  fleetctl_v4.76.0_linux_arm64.tar.gz
3d59a661cf054db548f0aca6da4ab68fa8d94e11ae749fd0e8896a09dac8aec9  fleetctl_v4.76.0_linux_arm64.zip
2e3a52d862238877e190733e597eadb801f6ef63cf32c0247b2f3237ea2f9c11  fleetctl_v4.76.0_macos.tar.gz
5a8f36ed77cf1d80cce10cca2ac66c4cb04c1deb32d9364512de2cf1d3c7bd01  fleetctl_v4.76.0_macos.zip
849e04c80a830095739a84541525d7d79ff4e2485c98d7765f987f5fd12db546  fleetctl_v4.76.0_windows_amd64.tar.gz
584d9a2d476182d2307c275070257e80ab903d1eb51f329bfef88d0a647eaefc  fleetctl_v4.76.0_windows_amd64.zip
8aacc129b1483b044ea576e3efd3b9d418a7634edb16623349a784f7ff9c7582  fleetctl_v4.76.0_windows_arm64.tar.gz
1bf46c17000a3e83e2ae68b368d78b32e1ddf9dee9d9ed333534ef9eec818f0c  fleetctl_v4.76.0_windows_arm64.zip