github fleetdm/fleet v4.0.0-rc2

latest releases: orbit-v0.0.11, fleet-v4.14.0, orbit-v0.0.10...
pre-release11 months ago


The primary additions in Fleet 4.0.0 are the new Role-based access control (RBAC) and Teams features.

RBAC adds the ability to define a user's access to features in Fleet. This way, more individuals in an organization can utilize Fleet with appropriate levels of access.

Teams adds the ability to separate hosts into exclusive groups. This way, users can easily act on consistent groups of hosts.

New features breakdown

  • Add ability to define a user's access to features in Fleet by introducing the Admin, Maintainer, and Observer roles. Available in Fleet Core.

  • Add ability to separate hosts into exclusive groups with the Teams feature. The Teams feature is available for Fleet Basic customers. Check out the list below for the new functionality included with Teams:

  • Teams: Add ability to enroll hosts to one team using team specific enroll secrets.

  • Teams: Add ability to manually transfer hosts to a different team in the Fleet UI.

  • Teams: Add ability to apply unique agent options to each team. Note that "osquery options" have been renamed to "agent options."

  • Teams: Add ability to grant users access to one or more teams. This allows you to define a user's access to specific groups of hosts in Fleet.

  • Add ability to create an API-only user. API-only users cannot access the Fleet UI. These users can access all Fleet API endpoints and fleetctl features. Available in Fleet Core.

  • Add Redis cluster support. Available in Fleet Core.

  • Fix a bug that prevented the columns chosen for the "Hosts" table from persisting after logging out of Fleet.

Upgrade plan

Fleet 4.0.0 is a major release and introduces several breaking changes and database migrations.

  • Use strictly fleet in Fleet's configuration, API routes, and environment variables. Users must update all usage of kolide in these items (deprecated since Fleet 3.8.0).

  • Change configuration option server_tlsprofile to server_tls_compatability. This option previously had an inconsistent key name.

  • Replace the use of the api/v1/fleet/spec/osquery/options with api/v1/fleet/config. In Fleet 4.0.0, "osquery options" are now called "agent options." The new agent options are moved to the Fleet application config spec file and the api/v1/fleet/config API endpoint.

  • Enroll secrets no longer have "names" and are now either global or for a specific team. Hosts no longer store the “name” of the enroll secret that was used. Users that want to be able to segment hosts (for configuration, queries, etc.) based on the enrollment secret should use the Teams feature in Fleet Basic.

  • auth_jwt_key and auth_jwt_key_file are no longer accepted as configuration.

  • JWT encoding is no longer used for session keys. Sessions now default to expiring in 4 hours of inactivity.

Known issues

There are currently no known issues in this release. However, we recommend only upgrading to Fleet 4.0.0-rc2 for testing purposes. Please file a GitHub issue for any issues discovered when testing Fleet 4.0.0!


Please visit our update guide for upgrade instructions.


Documentation for this release can be found at

Binary Checksum


9d6be11444a0e2d9170b690aba969afdfef3782fd4defaa030812c10af492e6f  fleetctl-macos.tar.gz
7107330a59dd413769a4bb476495e98b55068b2f46f99813450a1ad9991a34d1  fleetctl-windows.tar.gz
7a3b9d6eebf48fd9862785dd6c42391a37bb955ca108c39dde802dce096d67e1  fleetctl-linux.tar.gz

Don't miss a new fleet release

NewReleases is sending notifications on new releases.