github fleetdm/fleet fleet-v4.77.0
on GitHub

one day ago

Fleet 4.77.0 (Dec 02, 2025)

Security Engineers

  • Added integration for Okta conditional access, where Fleet acts as a factor and blocks end users from logging into third-party apps, via Okta, if they are failing specific policies.
  • Added activity log entries for: host deletion and expiration, updating or deleting host IdP mappings.
  • Resolved multiple false positive vulnerability matches for the VSCode golang extension.
  • Resolved false positive CVE matches for Logi Bolt.app.
  • Detected vulnerabilities in JetBrains IDE plugins.

IT Admins

  • Updated MDM enrollment flow for BYOD macOS hosts to enable end user authentication prior to downloading the MDM profile via the "My device" page.
  • Added self-service install support for custom IPA apps on iOS and iPadOS.
  • Added support for in-house (".ipa") apps to fleetctl gitops.
  • Updated existing POST /setup_experience/script endpoint to allow updating the macOS setup experience script in-place, and modified GitOps to remove the DELETE call.
  • Added support for Custom EST certificate authorities.
  • Added ability to deploy certificates from Custom SCEP certificate authorities on Windows.
  • Added status counts to batch script detail page tabs.
  • Added InstallAnywhere as a self-extracting archive for PE metadata extraction.
  • Added ingestion of upgrade_codes from Windows software, and provided to all relevant software endpoints.

Other improvements and bug fixes

  • Improved performance of /api/latest/fleet/software/versions API endpoint.
  • Updated host expiry logic to not delete macOS hosts that checkin via MDM protocol but not via fleetd.
  • Optimized the cleanup Apple host profiles query to reduce probability of DB locking.
  • Implemented UI logic to call existing manual update IdP API functionality.
  • Implemented UI logic and new DELETE endpoint to manually remove host IdP mappings.
  • Added experimental FLEET_MDM_ENABLE_CUSTOM_OS_UPDATES_AND_FILEVAULT configuration to allow deploying custom OS settings including Filevault payloads and macOS and Windows update settings.
  • Added ability to change software display names in the UI.
  • Fixed table styling for selecting table rows.
  • Simplified setup experience configuration UI.
  • Added better error messages when using build-in labels on GitOps and on the LabelSpecs endpoint.
  • Hid software host count and version table when no hosts have the software installed.
  • Adjusted UI section headers and layout of Settings > Integrations in Fleet Free.
  • Added vulnerability seeding and performance testing tools.
  • Moved end user authentication SSO settings under Integrations > SSO in global settings.
  • Removed the premium check for host OS settings in host summary UI.
  • Reduced Android device reconciler frequency to 1 hour.
  • Reduced Android API usage by listing devices instead of getting and checking Android Enterprise disconnects hourly.
  • Set the order of software installed during the setup experience to alphanumeric.
  • Updated Go to 1.25.3.
  • Fixed a layout issue on the script batch details page.
  • Fixed installer for Cisco Secure Client not showing as installed in inventory/library due to using the wrong bundle identifier. This application should show up correctly now in the software inventory.
  • Fixed errors when trying to run the apple_mdm_iphone_ipad_refetcher cron job.
  • Fixed bug that prevented users from editing custom EST certificates URLs.
  • Fixed incorrect UI placeholder element by replacing it with it's actual value.
  • Fixed issue where vulnerabilities would occasionally show as missing.

Fleet-maintained app updates and vulnerability fixes are applied, whether or not you upgrade.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.50.1
  2. fleet-desktop-v1.50.1 (included with Orbit)
  3. osquery-5.20.0 (included with Orbit)
  4. fleetd-chrome-v1.3.3

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our upgrade guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256 

014f227e5e473510a215d64c7d589eca436a7ae8dd4418af30d50b2f36cbb4ff  fleet_v4.77.0_linux.tar.gz
694ba395c6274c36876a364a1c0c48cbcfa29e0fbe48cd5bdb4b249281657ba8  fleetctl_v4.77.0_linux_amd64.tar.gz
b9c7f4fab027228d1d9ee03d3d91e4f0d21ddcd2d66ca5260b237861285f50a1  fleetctl_v4.77.0_linux_amd64.zip
7f1abd61ec0e113c8f2c1344901a4fc93620da86bcef90b546f82498fe512758  fleetctl_v4.77.0_linux_arm64.tar.gz
8376763b99fa04f89fa4cfd4fdcafd1e3e0d50b7706f70ce12f0e8ef6886bfc8  fleetctl_v4.77.0_linux_arm64.zip
cac4ae3ccb3816d1ef8cd29b347d39126a3c33fc178393fac936ba3489fe4a06  fleetctl_v4.77.0_macos.tar.gz
b641a3e666150e4eeec6cca8e3e4bbf37a0c69605ad54cc0b997c47df684fb48  fleetctl_v4.77.0_macos.zip
e53f1d9ea91c31661bd6e5521911553beaf1af48163d6887f5075f82460a1ddb  fleetctl_v4.77.0_windows_amd64.tar.gz
6dcfca6971b22bd842e30e5f24051fe97f81432bc3d7be81c034fbb98e491004  fleetctl_v4.77.0_windows_amd64.zip
f9cf1cfcf510ca724c55778edad5dff585073aa94797c4fc9e9cc44693cda071  fleetctl_v4.77.0_windows_arm64.tar.gz
9b11e38a413c6f73cdfe680e024a0874e62c249fa2696129f3bb0dcd13e81efe  fleetctl_v4.77.0_windows_arm64.zip
Check out latest releases or
releases around fleetdm/fleet fleet-v4.77.0

Don't miss a new fleet release

NewReleases is sending notifications on new releases.

Get notifications