github fleetdm/fleet v4.0.0

latest releases: orbit-v0.0.11, fleet-v4.14.0, orbit-v0.0.10...
11 months ago


The primary additions in Fleet 4.0.0 are the new Role-based access control (RBAC) and Teams features.

RBAC adds the ability to define a user's access to features in Fleet. This way, more individuals in an organization can utilize Fleet with appropriate levels of access.

Teams adds the ability to separate hosts into exclusive groups. This way, users can easily act on consistent groups of hosts.

New features breakdown

  • Add ability to define a user's access to features in Fleet by introducing the Admin, Maintainer, and Observer roles. Available in Fleet Core.

  • Add ability to separate hosts into exclusive groups with the Teams feature. The Teams feature is available for Fleet Basic customers. Check out the list below for the new functionality included with Teams:

  • Teams: Add ability to enroll hosts to one team using team specific enroll secrets.

  • Teams: Add ability to manually transfer hosts to a different team in the Fleet UI.

  • Teams: Add ability to apply unique agent options to each team. Note that "osquery options" have been renamed to "agent options."

  • Teams: Add ability to grant users access to one or more teams. This allows you to define a user's access to specific groups of hosts in Fleet.

  • Add ability to create an API-only user. API-only users cannot access the Fleet UI. These users can access all Fleet API endpoints and fleetctl features. Available in Fleet Core.

  • Add Redis cluster support. Available in Fleet Core.

  • Fix a bug that prevented the columns chosen for the "Hosts" table from persisting after logging out of Fleet.

Breaking changes

Fleet 4.0.0 is a major release and introduces several breaking changes and database migrations. The following sections call out changes to consider when upgrading to Fleet 4.0.0:

  • The structure of Fleet's .tar.gz and .zip release archives have changed slightly. Deployments that use the binary artifacts may need to update scripts or tooling. The fleetdm/fleet Docker container maintains the same API.

  • The username artifact has been removed in favor of the more recognizable name (Full name). As a result, users can no longer log in with the username artifact and must instead use the email artifact. In addition, SAML SSO users may need to update their username mapping to match user emails (a common SAML property for this mapping is NameID). Note that upon upgrading to Fleet 4.0.0, existing users will have the name field populated with username.

  • Use strictly fleet in Fleet's configuration, API routes, and environment variables. Users must update all usage of kolide in these items (deprecated since Fleet 3.8.0).

  • Change your SAML SSO URI to use fleet instead of kolide. This is due to the changes to Fleet's API routes outlined in the section above.

  • Change configuration option server_tlsprofile to server_tls_compatibility. This option previously had an inconsistent key name.

  • Replace the use of the api/v1/fleet/spec/osquery/options with api/v1/fleet/config. In Fleet 4.0.0, "osquery options" are now called "agent options." The new agent options are moved to the Fleet application config spec file and the api/v1/fleet/config API endpoint. In addition, the options yaml document has been removed. Agent options can now be configured using the agent_options key in the config yaml document.

  • Enroll secrets no longer have "names" and are now either global or for a specific team. Hosts no longer store the “name” of the enroll secret that was used. Users that want to be able to segment hosts (for configuration, queries, etc.) based on the enrollment secret should use the Teams feature in Fleet Premium.

  • JWT encoding is no longer used for session keys. Sessions now default to expiring in 4 hours of inactivity. auth_jwt_key and auth_jwt_key_file are no longer accepted as configuration.

  • As of Fleet 4.0.0, Fleet Device Management Inc. periodically collects anonymous information about your instance. Sending usage statistics is turned off by default for users upgrading from a previous version of Fleet. Read more about the exact information collected here.


Please visit our update guide for upgrade instructions.


Documentation for this release can be found at

Binary Checksum


06ac4b3842630147308cde2db5cf7cb6148f8eebd42aeaf1adbb3dc923307b47  fleet_v4.0.0_macos.tar.gz
1d0d1554c263bfec7910ce517d0e2d569d044beead86047100de0cb19a5d6991  fleetctl_v4.0.0_macos.tar.gz
27bede60f2dfa5130c37e697dc6f1ba95031a10dabd90690ec3bebc3481fde11  fleetctl_v4.0.0_linux.tar.gz
297f98211dc4aad297dec1c5fbe0e19e32c1dcb8502f6b7bdbd9052d2346e5cf  fleetctl_v4.0.0_windows.tar.gz
9131394e823bc63893a190f91181024e69f82a6af82ac423ff221e9f93b3dbf7  fleet_v4.0.0_linux.tar.gz

Docker images

  • docker pull fleetdm/fleetctl:v4.0.0
  • docker pull fleetdm/fleetctl:v4.0.0
  • docker pull fleetdm/fleetctl:v4
  • docker pull fleetdm/fleet:v4.0.0
  • docker pull fleetdm/fleet:v4.0.0
  • docker pull fleetdm/fleet:v4

Don't miss a new fleet release

NewReleases is sending notifications on new releases.