github fleetdm/fleet fleet-v4.82.0
on GitHub

6 hours ago

Fleet 4.82.0 (Mar 11, 2026)

IT Admins

  • Added support for enrolling fully managed Android hosts without a work profile.
  • Added capability to uninstall Android apps on the device (and removal from self-service in the managed Google Play store) when an app is removed from Fleet.
  • Added ability to allow or disallow end-users to bypass conditional access on a per-policy basis.
  • Added filtering by platform and add status to the Software > Add Fleet-maintained apps table.
  • Updated Android status reports to re-verify profiles that previously failed.
  • Added ability to roll back to previously added versions of Fleet-maintained apps.
  • Added new Technician role designed for help desk and IT support teams. Technicians can run scripts, view results, and install or uninstall software.
  • Added support for JIT provisioning of the Technician role via SSO SAML attributes.
  • Added automatic retries for failed software operations.

Security Engineers

  • Added ability to scan for kernel vulnerabilities on RHEL based hosts.
  • Added AWS GovCloud RDS CA certificates to the RDS MySQL TLS bundle, enabling IAM authentication for Fleet deployments connecting to RDS in AWS GovCloud regions (us-gov-east-1, us-gov-west-1).
  • Added CVE alias for python visual studio code extension.
  • Added new activity for edited enroll secrets.

Other improvements and bug fixes

  • Renamed teams and queries to fleets and reports in the UI, API, CLI, and GitOps.
  • Deprecated no-team.yml in GitOps in favor of unassigned.yml.
  • Deprecated certain API field names to reflect the renaming of "teams" to "fleets" and "queries" to "reports".
  • Updated Android MDM profiles to show up as pending on upload, the same as Apple MDM profiles.
  • Improved the speed of a database query that runs every minute to avoid database locking.
  • Added configurable body size limits for the /api/osquery/log and /api/osquery/distributed/write endpoints.
  • Updated logic to trigger vulnerability webhook when on Fleet free tier.
  • Updated storage of the auth token used in the UI.
  • Dynamically alphabetized vitals on the host details page.
  • Reworked how we handle server/worker delays to fix flaky tests.
  • Disabled "Calendar" dropdown option in Policy > Manage automations for Unassigned.
  • Added Go slog logging infrastructure and migrated a portion of the code from go-kit/log to slog.
  • Added CTA to turn on Android MDM for Android software setup experience if MDM is not configured.
  • Left-aligned "Critical" checkbox in Save policy form.
  • Improved spacing on the Controls > OS Settings page.
  • Updated to not allow editing Fleet-maintained app in the UI while GitOps mode is enabled.
  • Updated to accept the previous device authentication token for up to one rotation cycle, so the My Device page URL remains valid after token refresh.
  • Updated default macOS, iOS, and iPadOS update deadline time to 7PM (19:00) local time.
  • Updated UI to enable adding/removing multiple Microsoft Entra tenant ids.
  • Added additional logging for SCEP proxy requests and SCEP profile renewals.
  • Added warning message on gitops label rename to clarify to users that renaming a label implies a delete operation.
  • Added the ability to specify allowed Entra tenant IDs for enrollments.
  • Updated the DEP syncer to properly reassign a profile when ABM unilaterally removes it.
  • Increased the maximum script execution timeout from 1 hour (3600 seconds) to 5 hours (18000 seconds).
  • Improved error handling on AWS DB failover. Fleet will now fail health check if the primary DB is read-only, or trigger graceful shutdown when write operations encounter read-only errors.
  • Generated a server-side device token in the Okta conditional access flow when none exists or the current token is expired.
  • Moved the copy button for text areas out of the text area itself and in line with its label.
  • Removed unnecessary calls to svc.ds.BulkSetPendingMDMHostProfiles in POST /api/latest/fleet/spec/fleets.
  • Internal refactoring: moved /api/_version_/fleet/hosts/{id:[0-9]+}/activities endpoint and MarkActivitiesAsStreamed to new server/activity bounded context.
  • Added logging.otel_logs_enabled contributor config option to export server logs to OpenTelemetry.
  • Added automatic tagging of prerelease/post-release versions on local build based on branch name.
  • Added ability to enable/disable logs by topic.
  • Improved detection of DISPLAY variable in X11 sessions.
  • Updated the "Used by" column heading on the hosts page to "User email".
  • Refactored query used for deleting host_mdm_apple_profiles in bulk to use Primary keys only.
  • Added team_id to host details page param in URL to allow retaining team on refresh.
  • Added help text on the software details page, below the installer status table, to explain the meanings of the counts.
  • Added Country:US to new CA certs created by Fleet.
  • Added error if GitOps/batch attempts to add setup experience software when manual agent install is enabled.
  • Updated "Manage automations" button on the Queries and Policies pages to now always be visible, and disabled only when the current team has no queries of its own.
  • Updated validation rules around the creation of labels to make sure only valid platforms are used.
  • Improved host software inventory table's handling of long "Type" values.
  • Updated expiration date of the auth token cookie to match the fleet session duration.
  • Surfaced FMA version used and whether it's out of date in the UI.
  • Updated nats-server dependency to resolve dependency vulnerabilities.
  • Improved validation for host transfers.
  • Fixed matching logic on App component for pages titles.
  • Fixed adding Windows Fleet maintained apps failing when a software title with the same upgrade code already exists.
  • Fixed an issue where GitOps would not respect the value set on update_new_hosts for macOS updates.
  • Fixed an issue where duplicate kernels were reported in the OS versions API for RHEL-family distributions (RHEL, AlmaLinux, CentOS, Rocky, Fedora).
  • Fixed issue where Windows Jetbrains products would not report the correct version number.
  • Fixed a bug where custom software installer display names and icons were not used in the setup experience UI.
  • Fixed a bug where the list activities API endpoint would fail with a database error when there were more than 65,535 activities and no pagination parameters were specified. The maximum per_page for activities endpoints is now 10,000.
  • Fixed issue where MySQL IAM authentication could fail when a custom TLS CA/TLS config was set (for example GovCloud), by ensuring Fleet includes the configured TLS mode in IAM DSNs.
  • Fixed styling issues for the UI when no enroll secret is present on a fleet.
  • Fixed an issue where some UI users saw a blank gutter on the right side of parts of the UI.
  • Fixed a bug where certain macOS app names could be ingested as empty strings due to incorrect ".app" suffix removal.
  • Fixed install/uninstall tarballs package to skip recently updated status that is waiting for a change in software inventory
  • Fixed a bug where software installers could create titles with the wrong platform.
  • Fixed a bug where 2 vulnerability jobs can run in parallel if one is taking longer than 2 hours.
  • Fixed issue with hosts incorrectly reporting policy failures after policy label targets changed.
  • Fixed client-side errors being incorrectly reported as server errors in OTEL telemetry.
  • Fixed issue where the status name was wrapping at smaller viewport widths on the mdm card on the Dashboard page.
  • Fixed false negative CVE-2026-20841 on Windows Notepad.
  • Fixed false positive CVE for Nextcloud Desktop.
  • Fixed rare CPE error when software name sanitizes to empty (e.g. only special characters).
  • Fixed Android enrollment to associate hosts with SCIM users, populating full name, groups, and department in host vitals.
  • Fixed a hover style issue in the label filter close button.
  • Fixed mismatches between disk encryption summary counts vs hosts displayed.
  • Fixed truncation of certificate fields containing non-ASCII characters.
  • Fixed an issue where policy automation settings in the Other Workflows modal reverted to stale values after saving when using a MySQL read replica.
  • Fixed query results cleanup cron failing with "too many placeholders" error by filtering to only saved queries and batching the SQL IN clause.
  • Fixed DB lock contention during vulnerability cron's software cleanup that caused failures under load.
  • Fixed pagination on the host software page incorrectly disabling the "Next" button when a software title has multiple installer versions.
  • Fixed a bug where macOS systems previous enrolled in fleet wouldn't always go through setup experience after a wipe
  • Fixed stale software titles list after adding a VPP or fleet-maintained app by invalidating the query cache on success.
  • Fixed issue where Windows Jetbrains products would not report the correct version number.
  • Fixed false positive PayloadTooLargeError errors.
  • Fixed software appearance edits not reflected until page refresh.
  • Fixed issue where policy automation retries were potentially reading stale data from replica database.
  • Fixed label edits not reflected until page refresh.
  • Fixed report creation API returning zero timestamps for created_at and updated_at fields.
  • Fixed issue where arbitrary order_key values could be used to extract data.
  • Fixed stale software titles list after deleting a software installer.
  • Fixed query results cleanup cron failing with "too many placeholders" error by filtering to only saved queries and batching the SQL IN clause.

Fleet-maintained app updates and vulnerability fixes are applied, whether or not you upgrade.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.53.0
  2. fleet-desktop-v1.53.0 (included with Orbit)
  3. osquery-5.21.0 (included with Orbit)
  4. fleetd-chrome-v1.3.5
  5. fleetd-android-v1.0.2

While newer versions of fleetd still function with older versions of Fleet, old versions of fleetd and osquery may not function with new versions of Fleet. We do not actively test these scenarios, and we recommend deploying a minimum of the agent versions above before upgrading to this version of Fleet.

Upgrading

Please visit our upgrade guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256 

c7a65efcb286dca140ed390e34eefa4eb87c72cf1adaae476cd606087bec522e  fleet_v4.82.0_linux.tar.gz
8994021172c144e3fe361d33e8d3820d39128838797a8ace502309720c808334  fleetctl_v4.82.0_linux_amd64.tar.gz
3d8691ce8c88702aaa5c22b8f05a3c930a41e76dde0799280f42525039a28240  fleetctl_v4.82.0_linux_amd64.zip
c3d6c8f6afc73baa1d9af18903f25bdbae282b948b53acb1b4bc7cf5218b6d0e  fleetctl_v4.82.0_linux_arm64.tar.gz
0463b1ce392444076dfc5de66cca4e9b35ea61dc3813ca92c1fe94d13b04d162  fleetctl_v4.82.0_linux_arm64.zip
adb9e9e657972eec2e358640f94c2abfb3e444f745d3b8b181d31b5f4645301f  fleetctl_v4.82.0_macos.tar.gz
30f484ede205ccce287da53cfcd6cd18d4f9103c9eaebe75d602b08c44d3a3f7  fleetctl_v4.82.0_macos.zip
9286933a93255e31c4f5f673c63feb1a4cd6629e06ede172b8d3514c155acab6  fleetctl_v4.82.0_windows_amd64.tar.gz
4cf624121914bbe66b8f6b6f5b2e61dee37f9c097f80be6d5b434467aad31d39  fleetctl_v4.82.0_windows_amd64.zip
3da0f7e1aa0975ce0d4f21b0e4e64b2c228debc8df0a4602c2e673c067364a3a  fleetctl_v4.82.0_windows_arm64.tar.gz
010ca1284bc99d9870432b2323c5bdefae9f4b57b2b9848b0fa98a18b3eff78a  fleetctl_v4.82.0_windows_arm64.zip
Check out latest releases or
releases around fleetdm/fleet fleet-v4.82.0

Don't miss a new fleet release

NewReleases is sending notifications on new releases.

Get notifications