fleet-v4.57.2

Bug fixes

• Fixed software uninstaller script for pkgs to only remove '.app' directories installed by the package.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4f9678462840fdd46693a9b87cd4d024e4c0291841db61a646ccc33a032d2217  fleet_v4.57.2_linux.tar.gz
bc2f66959cdf256636cb7c0579c6dfd93318a72e154c6bb6d0d8921e1fd57236  fleetctl_v4.57.2_linux.tar.gz
2dd2f42a277ae496d552096211dce07a21fe95458da30e352fb0141f4308b86b  fleetctl_v4.57.2_linux.zip
e3fb6a535d708ee119b57ef58dd48879f26a3e704221db2ee2c942f4186049a1  fleetctl_v4.57.2_macos.tar.gz
593424c998c32dcda57e358661caa3a28ccf6c51bdac984a86a5fdb31c9041f8  fleetctl_v4.57.2_macos.zip
6d2a143622987064bf54ac614f18f400a8f44294155e11398676e6fb99624d66  fleetctl_v4.57.2_windows.tar.gz
965703982904c75140a135073afdfabc2392a002b14806e42d27ba1812d3edb4  fleetctl_v4.57.2_windows.zip

fleet-v4.57.1

Note: 4.57.1 contains two critical bugs

Two critical bugs have been identified in 4.57.1:

1. Fleet uninstall script removes other apps from the host
2. Software Package installs for Windows .exe and .msi installers stuck in Pending state

We are currently developing fixes for both and will issue 4.57.2 as soon as possible.

Bug fixes

• Improved performance of SQL queries used to determine MDM profile status for Apple hosts.
• Ensured request timeouts for software installer edits were just as high as for initial software installer uploads.
• Fixed an issue with the migration that added support for multiple VPP tokens, which would happen if a token was removed prior to upgrading Fleet.
• Fixed a "no rows" error when adding a software installer that matched an existing title's name and source but not its bundle ID.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

56e09992faa0f1b67c2bfe61760954a25a78fce60d8595de48686ed2913aa6ea  fleet_v4.57.1_linux.tar.gz
2a6a92bc80fe841e880ca750f6a66c6c909ebeb2e3c6ab57d7c28c057f379d16  fleetctl_v4.57.1_linux.tar.gz
86937bd7113c96b814be3ecb9c0cdafec20ebfbef6080a95f234c379a714636c  fleetctl_v4.57.1_linux.zip
2c2b3e51d0d87a7ff0d9b0dfffd2e528b16ab4a55ffa2aa7c03af8d476bc1299  fleetctl_v4.57.1_macos.tar.gz
2344a72117b71aa2419460805f04dd0f904e3e53fc4d2e06b06be28065db9144  fleetctl_v4.57.1_macos.zip
4c136e10c1d4b3dc7fedf7928392e45633defb09e6aa4906d906e0ddd101619e  fleetctl_v4.57.1_windows.tar.gz
e09ea5bef0d53cc95eced508e3ecb0a12d8def4b64260bea21924c91a2912474  fleetctl_v4.57.1_windows.zip

fleet-v4.57.0

Note: 4.57.0 contains two critical bugs

Two critical bugs have been identified in 4.57.0:

1. Fleet uninstall script removes other apps from the host
2. Software Package installs for Windows .exe and .msi installers stuck in Pending state

We are currently developing fixes for both and will issue 4.57.2 as soon as possible.

Fleet 4.57.0 (Sep 23, 2024)

Endpoint Operations

• Added support for configuring policy installers via GitOps.
• Added support for policies in "No team" that run on hosts that belong to "No team".
• Added reserved team names: "All teams" and "No team".
• Added support the software status filter for 'No teams' on the hosts page.
• Enable 'No teams' funcitonality for the policies page and associated workflows.
• Added reset install counts and cancel pending installs/uninstalls when GitOps installer updates change package contents.
• Added support for software installer packages, self-service flag, scripts, pre-install query, and self-service availability to be edited in-place rather than deleted and re-added.

Device Management (MDM)

• Added feature allowing automatic installation of software on hosts that fail policies.
• Added feature for end users to enroll BYOD devices into Fleet MDM.
• Added the ability to use Fleet to uninstall packages from hosts.
• Added an endpoint for getting an OTA MDM profile for enrolling iOS and iPadOS hosts.
• Added protocol support for OTA enrollment and automatic team assignment for hosts.
• Added validation of Setup Assistant profiles on profile upload.
• Added validation to prevent installing software on a host with a pending installation.
• Allowed custom SCEP CA certificates with any kind of extendedKeyUsage attributes.
• Modified POST /api/latest/fleet/software/batch endpoint to be asynchronous and added a new endpoint GET /api/latest/fleet/software/batch/{request_uuid} to retrieve the result of the batch upload.

Vulnerability Management

• Fixed a false negative vulnerability for git.
• Fixed false positive vulnerabilities for minio.
• Fixed an issue where virtual box for macOS wasn't matching against the NVD product name.
• Fixed Ubuntu python package false positive vulnerabilities by removing duplicate entries for ubuntu python packages installed by dpkg and renaming remaining pip installed packages to match OVAL definitions.

Bug fixes and improvements

• Updated Go to go1.23.1.
• Removed validation of APNS certificate from server startup.
• Removed invalid node keys from server logs.
• Improved the UX of turning off MDM on an offline host.
• Improved clarity of GitOps VPP app ID type errors.
• Improved gitops error message about enabling windows MDM.
• Improved messaging for VPP token constraint errors.
• Improved loading state for UI tables when no data is present yet.
• Improved permissions so that hosts can no longer access installers that aren't directly assigned to them.
• Improved verification of premium license before uploading VPP tokens.
• Added "0 items" description on empty software tables for UI consistency.
• Updated the macos target minimum version tooltip.
• Fixed logic to properly catch and log APNs errors.
• Fixed UI overflow issues with OS settings table data.
• Fixed regression for checking email used to get a signed CSR.
• Fixed bugs on enrollment profiles when the organization name contains invalid XML characters.
• Fixed an issue with cron profiles delivery failing if a Windows VM is enrolled twice.
• Fixed issue where Fleet server could start when an expired ABM certificate was provided as server config.
• Fixed self-service checkbox appearing when iOS or iPadOS app is selected.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.33.0
2. fleet-desktop-v1.33.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

5add72a4f9ebfcf7d3adbb20b37bac886c920aa055b0fbbfe4f84dccf6047cbc  fleet_v4.57.0_linux.tar.gz
42f207bf0a39df2d50e2adcf33760fdf504f9924790df2d02a4ccdb928fe31d2  fleetctl_v4.57.0_linux.tar.gz
1fbbc2618817200af95533d1682ba5c522346e49f162456ad3efc4b3fff7c3c2  fleetctl_v4.57.0_linux.zip
83afac7d2dbd4a7707e7268fa893dbdc15ae1b8dfce280720760af27d20b0063  fleetctl_v4.57.0_macos.tar.gz
688837872c0aad1a2c48d89a600b38a40f89bdb550b25d4f9f265d3a95468539  fleetctl_v4.57.0_macos.zip
588ee392e35e4e4e74606977bae8413cde82f248cb23bf053747cb3ab947d4dc  fleetctl_v4.57.0_windows.tar.gz
255e79e4b352b24d865e82a01f982b3d0ae72615b411649a20fb9780828ec87c  fleetctl_v4.57.0_windows.zip

fleet-v4.56.0

Fleet 4.56.0 (Sep 7, 2024)

Endpoint operations

• Added index to query_results DB table to speed up finding last query timestamp for a given query and host.
• Added a link in the UI to the error message when a CSR can't be downloaded due to missing private key.
• Added a disabled overlay to the Other Workflows modal on the policy page.
• Improved performance of live queries to accommodate for higher volumes when utilizing zero-trust workflows.
• Improved fleetctl gitops error message when trying to change team name to a team that already exists.

Device management

• Added server support for multiple VPP tokens.
• Added new endpoints and updated existing endpoints for managing multiple Apple Business Manager tokens.
• Added support for S3 to store MDM bootstrap packages (uses the same bucket configuration as for software installers).
• Added support to UI for self service VPP software.
• Added backend and gitops support for self service VPP.
• Added ability for MDM migrations if the host is manually enrolled to a 3rd party MDM.
• Added an offline screen to the macOS MDM migration flow.
• Added new ABM page to Fleet UI.
• Added new VPP page to the fleet UI
• Added support to track the Apple Business Manager "terms expired" API error per token, as well as a global flag that gets set as soon as one token has its terms expired.
• Updated the instructions on "My device" for MDM migrations on pre-Sonoma macOS hosts.
• Updated to allow multiple teams to be assigned to the same VPP Token.
• Updated process so that deleting installed software or VPP app now makes it available for re-installation.
• Updated to enforce minimum OS version settings during Apple Automated Device Enrollment (ADE).
• Updated ABM ingestion so that deleted iOS/iPadOS host will continue to report to Fleet as long as host is in Apple Business Manager (ABM).
• Updated so that refetching an offline iOS/iPadOS host will not add new MDM commands to the queue if previous refetch has not completed yet.
• Updated UI so that downloading a software installer package now shows the browser's built-in progress bar.
• Updated relevant documentation to include references to multiple ABM and VPP tokens.
• Consolidated Automatic Enrollment and VPP settings under the MDM settings integration page.
• Cleared apps associated with a VPP token if it's moved off of a team.

Vulnerability management

• Added ALAS bulletins as vulnerability source for Amazon Linux (instead of OVAL for Amazon Linux 2, and adds support for Amazon Linux 1, 2022, and 2023).
• Added matching rules for July and August Microsoft 365 security updates (https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates).
• Added the following filters to /software/titles and /software/versions API endpoints: exploit: bool, min_cvss_score: float, max_cvss_score: float.
• Updated software titles/versions tables to allow for filtering by vulnerabilities including severity and known exploit.
• Updated to use empty CVE description when the NVD CVE feed doesn't include description entries (instead of panicking).
• Updated matching software that is not installed by Fleet so that it shows up as 'Available for install' on host details page.
• Updated base images of fleetdm/fleetctl, fleetdm/bomutils and fleetdm/wix to fix critical vulnerabilities found by Trivy.
• Updated vulnerability scanning to use macos SW target for CPEs of homebrew packages.
• Updated vulnerability scanning to not ignore software with non-ASCII en dash and em dash characters.
• Updated GET /api/v1/fleet/vulnerabilities/{cve} endpoint to add validation of CVE format, and a 204 response. The 204 response indicates that the vulnerability is known to Fleet but not present on any hosts.
• Updated the UI to add new empty states for searching vulnerabilities: invalid CVE format searched, a known CVE serached but not present on hosts, not a known CVE searched, exploited vulnerability empty state, operating systems empty state, new icons.

Bug fixes and improvements

• Added support for MySQL 8.4.2 LTS.
• Updated Go to go1.22.6.
• Updated Fleet server to now accept arguments via stdin. This is useful for passing secrets that you don't want to expose as env vars, in the command line, or in the config file.
• Updated text for "Turn on MDM" banners in UI.
• Updated ABM host tooltip copy on the manage host page to clarify when host vitals will be available to view.
• Updated copy on auotmatic enrollment modal on my device page.
• Updated host details activities tooltip and empty state copy to reflect recently added capabilities.
• Updated Fleet Free so users see a Premium feature message when clicking to add software.
• Updated usage reporting to report statistics on new AI features, maintenance window, and fleetd.
• Fixed bug where configuration profile was still showing the old label name after the name was updated.
• Fixed a bug when a cached prepared statement gets deleted in the MySQL server itself without Fleet knowing.
• Fixed a bug where the wrong API path was used to download a software installer.
• Fixed the failing_host_count so it is never 0. This count is normally updated once an hour during cleanups_then_aggregation cron job.
• Fixed CVE-2024-4030 in Vulncheck feed incorrectly targeting non-Windows hosts.
• Fixed a bug where the "Self-service" filter for the list of software and the list of host's software did not take App Store apps into account.
• Fixed a bug where the "My device" page in Fleet Desktop did not show the self-service software tab when App Store apps were available as self-install.
• Fixed a bug where a software installer (a package or a VPP app) that has been installed on a host still shows up as "Available for install" and can still be requested to be installed after the host is transferred to a different team without that installer (or after the installer is deleted).
• Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.
• Fixed UI popup messages bleeding off viewport in some cases.
• Fixed an issue with the scheduling of cron jobs at startup if the job has never run, which caused it to be delayed.
• Fixed UI to display the label names in case-insensitive alphabetical order.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.32.0
2. fleet-desktop-v1.32.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

71643aa0cf144ed97cec20b85fe34b221659ec84200c126dacb5f0e60d8f8966  fleet_v4.56.0_linux.tar.gz
25bbbc05dc731d9aa2a3644f288dfa92286e66ebb611569f7a8c6b36dc7831e1  fleetctl_v4.56.0_linux.tar.gz
00cca9c8f05278aa6d8bdcec68fddebeefbd7a4f3555d77abef93e194f9fef9c  fleetctl_v4.56.0_linux.zip
c22e235acf96354bce2b164c468c7648755803a6df30e180be957a0bc133d26b  fleetctl_v4.56.0_macos.tar.gz
a106ba43047ff3b31f4dc1db54a9695430f3932b00668d4f5439eac66daf0ec2  fleetctl_v4.56.0_macos.zip
bc350b275520f5b09e6b80fc523846316e3c2d5f88fe0f603076799050651631  fleetctl_v4.56.0_windows.tar.gz
de776ea3c0a896c85d229e39fca13ce51c48b8c5ba10eb46eaed055afbf61a0a  fleetctl_v4.56.0_windows.zip

fleet-v4.55.2

Bug fixes

• Removed validation of APNS certificate from server startup. This was no longer necessary because we now allow for APNS certificates to be renewed in the UI.
• Fixed logic to properly catch and log APNs errors.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

9e1dc63d1a5d106852205a7a4df992d219e56416bc7aa91866e3c5e7ac08a3bd  fleet_v4.55.2_linux.tar.gz
4f0c77ad9633856b2655aa8597f9d584180699b4cd01bca1a237504cc1707787  fleetctl_v4.55.2_linux.tar.gz
78416839860ee2a8177c5e0177428ba5e99d59b09ca4629740959dffbf0ad410  fleetctl_v4.55.2_linux.zip
8a1a954e94082da50ebc7f123499da5998064562b3203a80aeb20fdeb47d2b41  fleetctl_v4.55.2_macos.tar.gz
a4c9d1aa097c6fee9a6d84511e56ee1bb36421e67f8757b8bf275626b1b7d3ba  fleetctl_v4.55.2_macos.zip
930ee32691c3e5f433b58b6468102f185a04af6b9af191e15cc53473b69b7a6c  fleetctl_v4.55.2_windows.tar.gz
7a2154e82a287f32e103f323ecca73ffbcae3c7ec640c29f09607f86ababfeb4  fleetctl_v4.55.2_windows.zip

fleet-v4.54.2

Bug fixes

• Removed validation of APNS certificate from server startup. This was no longer necessary because we now allow for APNS certificates to be renewed in the UI.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

963a503afebd2daf0352fd8c3d89718db0e093635602e7251ad644e69f0e7239  fleet_v4.54.2_linux.tar.gz
5c32e47c6be27df4a657a76ae7ee24412855d0b847c73516746ea37e02e7e45a  fleetctl_v4.54.2_linux.tar.gz
1e7faae0e28dce21528325c1fccb8370f507b5d196672cbbf97b83dabb33ad17  fleetctl_v4.54.2_linux.zip
492c6ee000ec272c4715c645e0f71c48440497e111d043f162142efcfe2c6891  fleetctl_v4.54.2_macos.tar.gz
3548f2763d54e11078c352ff0412f3a3413f306d7d744dd0e11c3eaf56b72401  fleetctl_v4.54.2_macos.zip
24f69cc9cbe9e124e5c51c8dec6305651f09a66bbd64d5005fc001b90ce299bf  fleetctl_v4.54.2_windows.tar.gz
a5163e187083ac9a29ab5b49f5d22b11e0a2e2b2c8baee940834ed5bbff517b7  fleetctl_v4.54.2_windows.zip

fleet-v4.55.1

Bug fixes

• Added a disabled overlay to the Other Workflows modal on the policy page.
• Updated text for "Turn on MDM" banners in UI.
• Fixed a bug when a cached prepared statement got deleted in the MySQL server itself without Fleet knowing.
• Continued with an empty CVE description when the NVD CVE feed didn't include description entries (instead of panicking).
• Scheduled maintenance events are now scheduled over calendar events marked "Free" (not busy) in Google Calendar.
• Fixed a bug where the wrong API path was used to download a software installer.
• Improved fleetctl gitops error message when trying to change team name to a team that already exists.
• Updated ABM (Apple Business Manager) host tooltip copy on the manage host page to clarify when host vitals will be available to view.
• Added index to query_results DB table to speed up finding the last query timestamp for a given query and host.
• Displayed the label names in case-insensitive alphabetical order in the fleet UI.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

795635a27e282752eab821f860f0b6dcd25705076779a1044b1c41d83cc106df  fleet_v4.55.1_linux.tar.gz
523fec46f239b69700645ecc0bb51e74afc87bb3e0f8cb141560e5a014d55b10  fleetctl_v4.55.1_linux.tar.gz
e14d3e0c110ad9575aed7a66c39acc5790c1ff0e1892f715fad1714fc5d71401  fleetctl_v4.55.1_linux.zip
4e976c19f1c000e4c1f0777bb61f9c889ebca0b0d9618edb965a2d0c5309a26e  fleetctl_v4.55.1_macos.tar.gz
4568d927c739e0edadb56565b87288595e63c327f06f1e87c1dde10e7bd004d9  fleetctl_v4.55.1_macos.zip
3e61eb6a7e3847b06ffc2c7969d631bcfe8af176c1fe578e52dacaed000b38ff  fleetctl_v4.55.1_windows.tar.gz
c62cc32c58d844362bb41626700531baa3702ce22b400465beae34bfb4854e08  fleetctl_v4.55.1_windows.zip

fleet-v4.55.0

Fleet 4.55.0 (Aug 9, 2024)

NOTE: Beginning with v4.55.0, Fleet no longer supports MySQL 5.7 because it has reached end of life. The minimum version supported is MySQL 8.0.36.

NOTE: Changes to software field in GitOps:

• software field is optional for TEAMs in 4.54.1 and lower
• software field should NOT be added to NO-TEAM before 4.55.0
• software field is mandatory for NO-TEAM and TEAMs in 4.55.0 and up

Endpoint operations

• Added support for generating fleetd packages for Linux ARM64.
• Added new fleetctl package --arch flag.
• Updated fleetctl package command to remove the --version flag. The version of the package can be controlled by --orbit-channel flag.
• Updated maintenance window descriptions to update regularly to match the failing policy description/resolution.
• Updated maintenance windows using Google Calendar so that calendar events are now recreated within 30 seconds if deleted or moved to the past.
  • Fleet server watches for potential changes for up to 1 week after original event time. If event is moved forward more than 1 week, then after 1 week Fleet server will check for event changes once every 30 minutes.
  • NOTE: These near real-time updates may add additional load to the Google Calendar API, so it is recommended to use API usage alerts or other monitoring methods.

Device management

• Integrated Escrow Buddy to add enforcement of FileVault during the MacOS Setup Assistant process for hosts that are
  enrolled into teams (or no team) with disk encryption turned on. Thank you homebysix and team!
• Updated fleetd to use Escrow Buddy to rotate FileVault keys. Removed or modified internal API endpoints documented in the API for contributors.
• Added OS updates support to iOS/iPadOS devices.
• Added iOS and iPadOS device details refetch triggered with the existing POST /api/latest/fleet/hosts/:id/refetch endpoint.
• Added iOS and iPadOS user-installed apps to Fleet.
• Added iOS and iPadOS apps to be installed using Apple's VPP (Volume Purchase Program) to Fleet.
• Added support for VPP to GitOps.
• Added the POST /mdm/apple/vpp_token, DELETE /mdm/apple/vpp_token and GET /vpp endpoints and related functionality.
• Added new GET /software/app_store_apps and POST /software/app_store_apps endpoints and associated functionality.
• Added the associated VPP apps to the GET /software/titles and GET /software/titles/:id endpoints.
• Added the associated VPP apps to the GET /hosts/:id/software and GET /device/:token/software endpoints.
• Added support to delete a VPP app from a team in DELETE /software/titles/:software_title_id/available_for_install.
• Added exclude_software query parameter to "Get host by identifier" API.
• Added ability to add/remove/disable apps with VPP in the Fleet UI.
• Added a warning banner to the UI if the uploaded VPP token is about to expire/has expired.
• Added UI updates for VPP feature on host software and my device pages.
• Added global activity support for VPP-related activities.
• Added UI features for managing VPP apps for iPadOS and iOS hosts.
• Updated profile activities to include iOS and iPadOS.
• Updated Fleet UI to show OS version compliance on host details page.
• Added support for "No teams" on all software pages including adding software installers.
• Added DB migration to support VPP software features.
• Added DB migration to migrate older team configurations to the new version that includes both installers and App Store apps.
• Linux lock/unlock scripts now make use of pam_nologin to keep AD users locked out.
• Installed software list now includes Linux .deb packages that are 'on hold'.
• Added a special-case to properly name the Notion .exe Windows installer the same as how it will be reported by osquery post-install.
• Increased threshold to renew Apple SCEP certificates for MDM enrollments to 180 days.

Vulnerability management

• Fixed CVEs identified as 'Rejected' in NVD not matching against software.
• Fixed false negative vulnerabilities with IntelliJ IDEA CE and PyCharm CE installed via Homebrew.

Bug fixes and improvements

• Dropped support for MySQL 5.7 and raised minimum required to MySQL 8.0.36.
• Updated software pre-install to use new GitOps format for query.
• Updated UI tooltips for pending OS settings.
• Added a migration to migrate older team configurations to the new version that includes both installers and App Store apps.
• Fixed a styling issue in the controls > OS settings > disk encryption table.
• Fixed a bug in fleetctl preview that was causing it to fail if Docker was installed without support for the deprecated docker-compose CLI.
• Fixed an issue where the app-wide warning banners were not showing on the initial page load.
• Fixed a bug where the hosts page would sometimes allow excess pagination.
• Fixed a bug where software install results could not be retrieved for deleted hosts in the activity feed.
• Fixed path that was incorrect for the download software installer package endpoint GET /software/titles/:software_title_id/package.
• Fixed a bug that set last_enrolled_at during orbit re-enrollment, which caused osquery enroll failures when FLEET_OSQUERY_ENROLL_COOLDOWN is set.
• Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.
• Fixed a styling issue in the Controls > OS Settings > disk encryption table.
• Fixed a bug where Fleet google calendar events generated by Fleet <= 4.53.0 were not correctly processed by 4.54.0.
• Fixed a bug in fleetctl preview that was causing it to fail if Docker was installed without support for the deprecated docker-compose CLI.
• Fixed a bug where software install results could not be retrieved for deleted hosts in the activity feed.
• Fixed a bug where a software installer (a package or a VPP app) that has been installed on a host still shows up as "Available for install" and can still be requested to be installed after the host is transferred to a different team without that installer (or after the installer is deleted).
• Fixed the "Available for install" filter in the host's software page so that installers that were requested to be installed on the host (regardless of installation status) also show up in the list.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.30.0
2. fleet-desktop-v1.30.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

752e667c725e98eafad0a9ec4acebe432dd8d3adf4bd38a523ddf44bd5cdb4c4  fleet_v4.55.0_linux.tar.gz
1d07e349dd563fbda06d1cae7841c7e03dbb7204f6130bcc3d41650f099d29d0  fleetctl_v4.55.0_linux.tar.gz
324af95989785c7c76e8bc17e7acfafd1416e8c2a635e60fd7fe76cd26323a90  fleetctl_v4.55.0_linux.zip
9b70adaf92dcf3646096118bb73aaa1e15ebf79f9b17f46954b59fbcecb14ad6  fleetctl_v4.55.0_macos.tar.gz
fd40e5e4e37fff8aaa208f505b73d38faea7fabee305807e71c41db40ba708e1  fleetctl_v4.55.0_macos.zip
f4f85c7406c3dd6f1664f335203cb5cf5a0d769282e1119fc605fded00a2e643  fleetctl_v4.55.0_windows.tar.gz
cf2de2ab3811e40514623a04d0219446f331d735a619d1ee7ff8db6a69b5e5da  fleetctl_v4.55.0_windows.zip

fleet-v4.54.1

Bug fixes

• Fixed a startup bug by performing an early restart of orbit if an agent options setting has changed.
• Implemented a small refactor of orbit subsystems.
• Removed the --version flag from the fleetctl package command. The version of the package can now be controlled by the --orbit-channel flag.
• Fixed a bug that set last_enrolled_at during orbit re-enrollment, which caused osquery enroll failures when FLEET_OSQUERY_ENROLL_COOLDOWN is set .
• In fleetctl package command, removed the --version flag. The version of the package can be controlled by --orbit-channel flag.
• Fixed a bug where Fleet google calendar events generated by Fleet <= 4.53.0 were not correctly processed by 4.54.1.
• Re-enabled cached logins after windows Unlock.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4511497ad6ecfef8d3a9fcf7585eb454edf22ea0dae6f77be2c81e7a6539dcd7  fleet_v4.54.1_linux.tar.gz
151e41e5d547de46a4557bef41a35790951a7926646c7d35d1ed1ef7f9961964  fleetctl_v4.54.1_linux.tar.gz
fd075f9c84e91c2f7c0937e730df44f3e9fe9b74c41bdf62645a9798cd1a45c5  fleetctl_v4.54.1_linux.zip
f3c40d7fc7a91a57e7689ada1c1b6b7167f4a740bb2124ea1c3a75d0bde8030b  fleetctl_v4.54.1_macos.tar.gz
43e4ddd1285dfb190c49ab4c6d488369b5ae72234a5d87afd93bc6fc2d675076  fleetctl_v4.54.1_macos.zip
86f533145306e79ccdbe21d0b46326ae9fab9507f3a1740d0ffc8a088ce18d02  fleetctl_v4.54.1_windows.tar.gz
a7446e282755e5340b33572986e83bffa2a984d04d6f465d0a30da9538f9cea4  fleetctl_v4.54.1_windows.zip

fleet-v4.54.0

Fleet 4.54.0 (Jul 17, 2024)

Endpoint Operations

• Updated fleetctl gitops to be used to rename teams.
  • NOTE: fleetctl gitops needs to have previously run with this Fleet/fleetctl version or later.
  • The team name is changed if the YAML config is applied from the same filename as before.
• Updated fleetctl query --hosts to work with hostnames, host UUIDs, and/or hardware serial numbers.
• Added a host's upcoming scheduled maintenance window, if any, on the host details page of the UI and in host responses from the API.
• Added support to fleetctl debug connection to test TLS connection with the embedded certs.pem in
  the fleetctl executable.
• Added host's display name to calendar event descriptions.
• Added .yml and .yaml file type validation and error message to fleetctl apply.
• Added a tooltip to truncated text and not to untruncated values.

Device Management (MDM)

• Added iOS/iPadOS builtin manual labels.
  • NOTE: Before migrating to this version, make sure to delete any labels with name "iOS" or "iPadOS".
• Added aggregation of iOS/iPadOS OS versions.
• Added change to custom profiles for iOS/iPadOS to go from 'pending' straight to 'verified' (skip 'verifying').
• Added support for renewing SCEP certificates with custom enrollment profiles.
• Added automatic install of fleetd when a host turns on MDM now uses the latest released fleetd version.
• Added support for END_USER_EMAIL and FLEET_DESKTOP parameters to Windows MSI install package.
• Added API changes to support the labels_include_all and labels_exclude_any fields (and accept the deprecated labels field as an alias for labels_include_all).
• Added fleetctl gitops and fleetctl apply support for labels_include_all and labels_exclude_any to configure a custom setting.
• Added UI for uploading custom profiles with a target of hosts that include all/exclude any selected labels.
• Added the database migrations to create the new exclude column for labels associated with MDM profiles (and declarations).
• Updated host script timeouts to be configurable via agent options using script_execution_timeout.
• fleetctl now uses a polling mechanism when running run-script to accommodate longer script timeout values.
• Updated the profile reconciliation logic to handle the new "exclude any" labels.
• Updated so that the fleetd cleanup script for macOS that will return completed when run from Fleet.
• Updated so that the fleetd uninstall script will return completed when run from Fleet.
• Updated script run permissions -- only admins and maintainers can run arbitrary or saved scripts (not observer or observer+).
• Updated fleetctl get mdm_commands to return 20 rows and support --host --type filters to improve response time.
• Updated the instructions for manual MDM enrollment on the "My device" page to be clearer and align with Apple updates.
• Updated UI to allow device users to reinstall self-service software.
• Updated API to not return a 500 status code if a host sends a command response with an invalid command uuid.
• Increased the timeout of the upload software installer endpoint to 4 minutes.
• Disabled credential caching and reboot on Windows lock.

Vulnerability Management

• Added "Vulnerable" filter to the host details software table.
• Fixed Microsoft Office June 2024 false negative vulnerabilities and added custom vulnerability matching.
• Fixed issue where some Windows applications were getting matched against Windows OS vulnerabilities.

Bug fixes and improvements

• Updated Go version to go1.22.4.
• Updated to render only one banner on the my device page based on priority order.
• Updated software updated timestamp tooltip.
• Removed DB error message from the UI when showing a error response.
• Updated fleetctl get queries/labels/hosts descriptions.
• Reinstated ability to sort policies by passing count.
• Improved the accuracy of the heuristic used to deterimine if a host is connected to Fleet via MDM by using osquery data for hosts that didn't send a Checkout message.
• Improved the matching of pkg installer files to existing software.
• Improved extraction of application name from pkg installers.
• Clarified various help and error texts around host identifiers.
• Hid CTA on inherited queries/policies from team level users.
• Hid query delete checkboxes from team observers.
• Hid "Self-service" in Fleet Desktop and My device page if there is no self-service software available.
• Hid the host detail page's "Run script" action from Global and Team Observer/+s.
• Aligned the "View all hosts" links in the Software titles and versions tables.
• Fixed counts for hosts with with low disk space in summary page.
• Fixed allowing Observer and Observer+ roles to download software installers.
• Fixed crash in fleetd installer on Windows if there are registry keys with special characters on the system.
• Fixed fleetctl debug connection to support server TLS certificates with intermediates.
• Fixed macOS declarations being stuck in "to be removed" state indefinitely.
• Fixed link to fleetd uninstall instructions in "Delete device" modal.
• Fixed exporting CSVs with fields that contain commas to render properly.
• Fixed issue where the Fleet UI could not be used to renew the ABM token after the ABM user who created the token was deleted.
• Fixed styling issues with the target inputs loading spinner on the run live query/policy page.
• Fixed an issue where special characters in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall breaks the "installer_utils.ps1 -uninstallOrbit" step in the Windows MSI installer.
• Fixed a bug causing "No Team" OS versions to display the wrong number.
• Fixed various UI capitalizations.
• Fixed UI issue where "Script is already running" tooltip incorrectly displayed when the script is not running.
• Fixed the script details modal's error message on script timeout to reflect the newly dynamic script timeout limit, if hit.
• Fixed a discrepancy in the spacing between DataSet labels and values on Firefox relative to other browsers.
• Fixed bug that set Added to Fleet to Never after macOS hosts re-enrolled to Fleet via MDM.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

1. orbit-v1.27.0
2. fleet-desktop-v1.27.0 (included with Orbit)
3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

ef3cc05f5d86042c926a3243c081957445717960268743953793980df144b145  fleet_v4.54.0_linux.tar.gz
f4be7647922d6d458692d149c3aec12c3ecd84ed97761dd5478b1e10cbb94d7e  fleetctl_v4.54.0_linux.tar.gz
2266628a8f1495e4ec904646ee77797367b359aaa3b3a1dd49449031bb5c7878  fleetctl_v4.54.0_linux.zip
4eb752de605ffcacb6aaf1e613bef1596b6a4583811d1b2fc6b0948df4febddd  fleetctl_v4.54.0_macos.tar.gz
d12ea4fbcf04a2b0d848ed5b610b78055558e95b7cfd6461ee2e81ba4a7216b5  fleetctl_v4.54.0_macos.zip
6d331a0cf4808cc0a5141960acfe009d99e5b6e33b477216c9e888d55a04885e  fleetctl_v4.54.0_windows.tar.gz
a0b1523b50b26c6ceb479513d2278d448d9e826cebbaf2af7decd3e01b5d7a59  fleetctl_v4.54.0_windows.zip