Skip to content

Releases: fleetdm/fleet

3.11.0

28 Apr 16:41
@noahtalerman noahtalerman
3.11.0
6f5a755
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.11.0

Changes

  • Improve Fleet performance by batch updating host seen time instead of updating synchronously. This improvement reduces MySQL CPU usage by ~33% with 4,000 simulated hosts and MySQL running in Docker.

  • Add support for software inventory, introducing a list of installed software items on each host's respective Host details page. This feature is flagged off by default (for now). Check out the feature flag documentation for instructions on how to turn this feature on.

  • Add Windows support for fleetctl agent autoupdates. The fleetctl updates command provides the ability to self-manage an agent update server. Available for Fleet Basic customers.

  • Make running common queries more convenient by adding the ability to select a saved query directly from a host's respective Host details page.

  • Fix an issue on the Query page in which Fleet would override the CMD + L browser hotkey.

  • Fix an issue in which a host would display an unreasonable time in the "Last fetched" column.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.11.0/docs/README.md

Binary Checksum

SHA256

b0dc06c137cce0386b8fabde34da3ad63321991edbaca252e986bfae8fc53d9a  fleet.zip
05b212fe4bee3e4a4b2374ec930d21c22d68708b95c89988e094f4852f43c0d6  fleetctl.exe.zip
be79e12ba2cd2a7b7bb4e0485662cb0b87fd0ed5a32e6dc779b0e2672d993433  fleetctl-macos.tar.gz
ff5da49fa62c3e4d6131da3e0ae02af22f51122fda1446e020dcf0b3198ee520  fleetctl-windows.tar.gz
6d56cb93de747eb91916b85d857bbeebaea6fe7c2b50d04a7104267358a18102  fleetctl-linux.tar.gz
Assets 7
Loading

3.10.1

06 Apr 23:28
@noahtalerman noahtalerman
3.10.1
f5e862a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.10.1

Changes

  • Fix a frontend bug that prevented the "Pack" page and "Edit pack" page from rendering in the Fleet UI. This issue occurred when the platform key, in the requested pack's configuration, was set to any value other than darwin, linux, windows, or all.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.10.1/docs/README.md

Binary Checksum

SHA256

674106ae4971be40c83d14244ef7e420317c895936fddc1990e8395d50e9a1d3  fleet.zip
8dda58549dc887237bc5c0a7ca6fdf9834cc56d8a140c925c442df83b4c0b16a  fleetctl.exe.zip
6cf1672332e7ae60a406a70c35a9806e2007a511c03b2f82cbfc77c1feb1cdfe  fleetctl-macos.tar.gz
179e8c99831441cf5f27031f9457c9d0d36e1b55bfebc0e0347b4e89721cd7ce  fleetctl-windows.tar.gz
4300ea09aeb122fef837e1957b92d3491e6637bf5fbddebfa8e7c558f044a427  fleetctl-linux.tar.gz

Note

3.10.1 unintentionally included image assets that are unused in the Fleet application, resulting in larger-than-normal binaries.

Assets 7
Loading

3.10.0

31 Mar 17:31
@noahtalerman noahtalerman
3.10.0
c46cedc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.10.0

Changes

  • Add fleetctl agent auto-updates beta which introduces the ability to self-manage an agent update server. Available for Fleet Premium customers.

  • Add option for Identity Provider-Initiated (IdP-initiated) Single Sign-On (SSO).

  • Improve logging. All errors are logged regardless of log level, some non-errors are logged regardless of log level (agent enrollments, runs of live queries etc.), and all other non-errors are logged on debug level.

  • Improve login resilience by adding rate-limiting to login and password reset attempts and preventing user enumeration.

  • Add Fleet version and Go version in the My Account page of the Fleet UI.

  • Improvements to fleetctl preview that ensure the latest version of Fleet is fired up on every run. In addition, the Fleet UI is now accessible without having to click through browser security warning messages.

  • Prefer storing IPv4 addresses for host details.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.10.0/docs/README.md

Binary Checksum

SHA256

a71e6c6b30adde4464efb6484290575dad5a29ba09cf069581c7ec33778360eb  fleet.zip
3acf9b7fbccf119842df5d2671cd3d9d1bac977a75f41f4ab5a60161deb7303b  fleetctl.exe.zip
df676cb2a916b39c3ab009fcddae87117a319a5fce12c58b7112e5647cf9026d  fleetctl-macos.tar.gz
153024a1e00dd9b99a24ad9f2f93dd1794900ba7a9f23125fe5a2f369ec7c69f  fleetctl-windows.tar.gz
e26d4ddae2107c10b3870ef38666fad071cbc58735c944a553a136b93564af1d  fleetctl-linux.tar.gz
Assets 7
Loading

3.9.0

09 Mar 19:28
@noahtalerman noahtalerman
3.9.0
b93b2c5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.9.0

Changes

  • Add configurable host identifier to help with duplicate host enrollment scenarios. By default, Fleet's behavior does not change (it uses the identifier configured in osquery's --host_identifier flag), but for users with overlapping host UUIDs changing --osquery_host_identifier to instance may be helpful.

  • Make cool-down period for host enrollment configurable to control load on the database in scenarios in which hosts are using the same identifier. By default, the cooldown is off, reverting to the behavior of Fleet <=3.4.0. The cooldown can be enabled with --osquery_enroll_cooldown.

  • Refresh the Fleet UI with a new layout and horizontal navigation bar.

  • Trim down the size of Fleet binaries.

  • Improve handling of config_refresh values from osquery clients.

  • Fix an issue with IP addresses and host additional info dropping.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.9.0/docs/README.md

Binary Checksum

SHA256

55261bd63612b21e14e8bcefbd95bd1a5453549c3080924845319e22cddf2bb7  fleet.zip
b71492d064e9baf01624a2a54d56bbf6cde73a6820734035e69aa6e68cd44382  fleetctl.exe.zip
9708469b67bcb2cbc739a96098a646c9183b0e79f1d15ea30ee31a22a3c74b0c  fleetctl-macos.tar.gz
eaf99180eb504cba8d4625ddc572faa14ec27730aee8a9de8a8028502cb11238  fleetctl-windows.tar.gz
4ffd6f942f0d94cca15a56f4d543563553229d2d1f872d216cb1a4487a306aa5  fleetctl-linux.tar.gz
Assets 7
Loading

3.8.0

25 Feb 17:34
@noahtalerman noahtalerman
3.8.0
499cd1d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.8.0

Changes

  • Add search, sort, and column selection in the hosts dashboard.

  • Add AWS Lambda logging plugin.

  • Improve messaging about number of hosts responding to live query.

  • Update host listing API endpoints to support search.

  • Fixes to the fleetctl preview experience.

  • Fix denylist parameter in scheduled queries.

  • Fix an issue with errors table rendering on live query page.

  • Deprecate KOLIDE_ environment variable prefixes in favor of FLEET_ prefixes. Deprecated prefixes continue to work and the Fleet server will log warnings if the deprecated variable names are used.

  • Deprecate /api/v1/kolide routes in favor of /api/v1/fleet. Deprecated routes continue to work and the Fleet server will log warnings if the deprecated routes are used.

  • Add Javascript source maps for development.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.8.0/docs/README.md

Binary Checksum

SHA256

e93f7efb13387f6fa538d253a088d719af7895a4002ca146b22bd7ca007703a9  fleet.zip
6f352ab40d37b672990f42ea1704aedcefdb048f262e410428dc54b50e7df109  fleetctl.exe.zip
2ac4c0e9fbdac3f8ec4fa586157ab87cd4fd3767bd3cc9534a2733e472232908  fleetctl-macos.tar.gz
79c503cc3e1baf46a359d91f79c815d382ca3f8fc25f7cbc1d35655d3e131de3  fleetctl-windows.tar.gz
0900d5e9d09e19811cfba40f8cb7fc9bd42d8e2917a20e1145bacfb3f4e08648  fleetctl-linux.tar.gz
Assets 7
Loading

3.7.4

15 Feb 00:13
@zwass zwass
3.7.4
7a77672
Compare
Choose a tag to compare
3.7.4

Changes

This is a fleetctl only release with fixes to the fleetctl preview experience. Existing Fleet users need not upgrade to fleetctl 3.7.4.

Binary Checksum

SHA256

ba9032b18676ec853dc3324fbf6d2f371b1dcbe5b6697b0e6117f9035a7c58cd  fleetctl.exe.zip
6d512d09dce738b0d6de157b75c7379ed43ac2b9301a6e193453d4580c1b2336  fleetctl-macos.tar.gz
6a542901d6b0100fbbacac99eba826eb3c9b7c0c1a048df2c3e0b19e14e22e1c  fleetctl-windows.tar.gz
9ab1c9aefba6c918612dd9a32f959cd729a721d00ada40105a0bafe87ae3cb35  fleetctl-linux.tar.gz
Assets 6
Loading

3.7.1

03 Feb 19:59
@zwass zwass
3.7.1
413695b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.7.1

Read the blog post: https://medium.com/fleetdm/fleet-3-7-1-d4c83f6875ac

Changes

  • Change the default --server_tls_compatibility to intermediate. The new settings caused TLS connectivity issues for users in some environments. This new default is a more appropriate balance of security and compatibility, as recommended by Mozilla.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.7.1/docs/README.md

Binary Checksum

SHA256

f23dc4436969abd1053657c8894ec172de046e88e5cf1fd3597f7a3dba80046e  fleet.zip
9cac01f32141275928506d5c1d72bb443f6cbf8c346a233b7bb082779ddae1db  fleetctl.exe.zip
2df72ca82b0fefac56739fa11b8879a45af7189757f32d72ebc122c1b49fcb2a  fleetctl-macos.tar.gz
1c3094ac86dd58f7b0a91c1ef4afcd1aadd9f642fb694322fb2277f859a662e5  fleetctl-windows.tar.gz
d0fdac75fdf1908c1558f4e91433dd30aa8897708fb5194c5d880bdd7961a0ed  fleetctl-linux.tar.gz
Assets 7
Loading

3.7.0

03 Feb 17:50
@noahtalerman noahtalerman
3.7.0
bb89099
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.7.0

Changes

This is a security release.

  • Security: Fixed a vulnerability in which a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. See GHSA-xwh8-9p3f-3x45 and the linked content within that advisory.

  • Add new Host details page which includes a rich view of a specific host’s attributes.

  • Reveal live query errors in the Fleet UI and fleetctl to help target and diagnose hosts that fail.

  • Add Helm chart to make it easier for users to deploy to Kubernetes.

  • Add support for denylist parameter in scheduled queries.

  • Add debug flag to fleetctl that enables logging of HTTP requests and responses to stderr.

  • Improvements to the fleetctl preview experience that include adding containerized osquery agents, displaying login information, creating a default directory, and checking for Docker daemon status.

  • Add improved error handling in host enrollment to make debugging issues with the enrollment process easier.

  • Upgrade TLS compatibility settings to match Mozilla.

  • Add comments in generated flagfile to add clarity to different features being configured.

  • Fix a bug in Fleet UI that allowed user to edit a scheduled query after it had been deleted from a pack.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.7.0/docs/README.md

Binary Checksum

SHA256

58fd16818e6062fda819fab0aa5629a6292fc48f50427172d1aac08a46272a30  fleet.zip
84cebe3a7837e77ec5f9384f8a4bed9e14e86ee0adc5f54f522c8ca148a8a3c9  fleetctl.exe.zip
cd72f9089b3c28122483de6edcd958d57748ee1592037ceb296ffea9ef9fd64e  fleetctl-macos.tar.gz
ba29a3555336e728e268efbe30b08f5be9046ef2e7f38d47469299ab3728f7f9  fleetctl-windows.tar.gz
7535bf71359e02703720acb7a3e9d2fb2bbb74690408e2348bf631ebeafed774  fleetctl-linux.tar.gz
Assets 7
Loading

3.6.0

07 Jan 22:46
@noahtalerman noahtalerman
3.6.0
68718c1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.6.0

Changes

  • Add the option to set up an S3 bucket as the storage backend for file carving.

  • Build Docker container with Fleet running as non-root user.

  • Add support to read in the MySQL password and JWT key from a file.

  • Improve the fleetctl preview experience by automatically completing the setup process and configuring fleetctl for users.

  • Restructure the documentation into three top-level sections titled "Using Fleet," "Deployment," and "Contribution."

  • Fix a bug that allowed hosts to enroll with an empty enroll secret in new installations before setup was completed.

  • Fix a bug that made the query editor render strangely in Safari.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.6.0/docs/README.md

Binary Checksum

SHA256

ca0e73bbe6773d79e75766947718d883bbf924558237785a7ae7cc25815bd5d5  fleet.zip
996c27e4964ddd285e5678f8e43f4c66c938054f3a30d28502621371ce6f711e  fleetctl.exe.zip
4ab4f7d976099c7e1c30d17972caf87e9a8281503b45f413388972713e15692d  fleetctl-linux.tar.gz
d50a9a99b9d5b77132fe11597f1783a4ecaf3f2200f058740d5c963583d92ebb  fleetctl-macos.tar.gz
e904ac8190e76628bf03893fcd4e678e571dccb771d8863abbb95356f0d1d073  fleetctl-windows.tar.gz
Assets 7
Loading

3.5.1

15 Dec 02:53
@zwass zwass
3.5.1
55a2aa2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.5.1

This is a security release.

Changes

  • Security: Introduce XML validation library to mitigate Go stdlib XML parsing vulnerability effecting SSO login. See GHSA-w3wf-cfx3-6gcx and the linked content within that advisory.

Follow up: Rotate --auth_jwt_key to invalidate existing sessions. Audit for suspicious activity in the Fleet server.

  • Security: Prevent new queries from using the SQLite ATTACH command. This is a mitigation for the osquery vulnerability GHSA-4g56-2482-x7q8.

Follow up: Audit existing saved queries and logs of live query executions for possible malicious use of ATTACH. Upgrade osquery to 4.6.0 to prevent ATTACH queries from executing.

  • Update icons and fix hosts dashboard for wide screen sizes.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.5.1/docs/README.md

Binary Checksum

SHA256

1476e27814861bc7964f1c0db122cb156d56996f1612518c330c522ba24368f4  fleet.zip
0adf9b70e6e1099d3c0d026b984a78996c2d1badb3884b4da7e5b1ca7f90fc3f  fleetctl.exe.zip
beab8bad8d48a3f7a4712610b1ba460ec8952f108337b02d709dc7aacd956ebe  fleetctl-macos.tar.gz
aabc45c718bc5286e0cb9bbb3b2afa9d9443e5089a33fdcee47c099b4b5f94af  fleetctl-windows.tar.gz
14da11eb9b389d13fd1e84888590fbf860491758fa251da0d7b86f5a5ad7ad74  fleetctl-linux.tar.gz
Assets 7
Loading