fleet-v4.45.0

Critical bug report

Fleet Premium users

There is a bug in Fleet v4.45.0 affecting the MacOS MDM automatic setup flow when user authentication is enabled.

If you are using Fleet's MDM for MacOS, please skip this release and upgrade to fleet-v4.45.1.

Changes

• Endpoint operations:

  • Updated policy names to be unique per team.
  • Updated fleetd-chrome to use the latest wa-sqlite v0.9.11.
  • Updated "Add hosts" modal UI to dynamically include the --enable-scripts flag.
  • Added count of upcoming activities to host vitals UI.
  • Updated UI to include upcoming activity counts in host vitals.
  • Updated 405 response for POST requests on the root path to highlight misconfigured osquery instances.

• Device management (MDM):

  • Added MDM command payloads to the response of GET /api/_version_/fleet/mdm/commandresults.
  • Changed several MDM-related endpoints to be platform-agnostic.
  • Added script capabilities to UI for Linux hosts.
  • Added UI for locking and unlocking hosts managed by Fleet MDM.
  • Added fleetctl mdm lock and fleetctl mdm unlock commands.
  • Added validation to reject script enqueue requests for hosts without fleetd.
  • Added the host_mdm_actions DB table for MDM lock and wipe functionality.
  • Updated backend MDM migration flow and added logging.
  • Updated UI text for disk encryption to reflect cross-platform functionality.
  • Renamed and updated fields in MDM configuration profiles for clarity.
  • Improved validation of Windows profiles to prevent delivery errors.
  • Improved Windows MDM profile error tooltip messages.
  • Fixed MDM unlock flow and updated lock/unlock functionality for Windows and Linux.
  • Fixed a bug that would cause OS Settings verification to fail with MySQL's only_full_group_by mode enabled.

• Vulnerability management:

  • Windows OS Vulnerabilities now include a resolved_in_version in the /os_versions API response.
  • Fixed an issue where software from a Parallels VM would incorrectly appear as the host's software.
  • Implemented permission checks for software and software titles.
  • Fixed software title aggregation when triggering vulnerability scans.

Bug fixes and improvements

• Updated text and style across the app for consistency and clarity.
• Improved UI for the view disk encryption key, host details activity card, and "Add hosts" modal.
• Addressed a bug where updating the search field caused unwanted loss of focus.
• Corrected alignment bugs on empty table states for software details.
• Updated URL query parameters to reset when switching tabs.
• Fixed device page showing invalid date for the last restarted.
• Fixed visual display issues with chevron right icons on Chrome.
• Fixed Windows vulnerabilities without exploit/severity from crashing the software page.
• Fixed issues with checkboxes in hidden modals and long enroll secrets overlapping action buttons.
• Fixed a bug with built-in platform labels.
• Fixed enroll secret error messaging showing secret in cleartext.
• Fixed various UI bugs including disk encryption key input icons, alignment issues, and dropdown menus.
• Fixed dropdown behavior in administrative settings and software title/version tables.
• Fixed various UI and style bugs, including issues with long OS names causing table render issues.
• Fixed a bug where checkboxes within a hidden modal were not correctly hidden.
• Fixed vulnerable software dropdown from switching back to all teams.
• Fixed wall_time to report in milliseconds for consistency with other query performance stats.
• Fixed generating duplicate activities when locking or unlocking a host with scripts disabled.
• Fixed how errors are reported to APM to avoid duplicates and improve stack trace accuracy.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

452ef95ff3475ce13c5533a13d6f3e084ec940091c710a75a335d2cdf47ce846  fleet_v4.45.0_linux.tar.gz
c8d5f96c3f1d9054427004f52d87d081f0bd05e4f104eaee857c10bab7400c2d  fleetctl_v4.45.0_linux.tar.gz
ef67236f50b717490ba2d02669aac749eab81b805285e5780cb691006f26f742  fleetctl_v4.45.0_linux.zip
950ecb779365ffc85a6eba98a8d8dd5dfad765692385a2f59bc93ddbf13a489a  fleetctl_v4.45.0_macos.tar.gz
0cfb5b4de55c4affbc5df2d949015300f554d0eca7bb925a79db14997d5c18e2  fleetctl_v4.45.0_macos.zip
035a602153cd10af0c370d9863749b006a2590a7c274bb1cb698016a98ccab3f  fleetctl_v4.45.0_windows.tar.gz
f0585309751d285f47ef51783422235b20248a430dc6daca9d13e4755fd02721  fleetctl_v4.45.0_windows.zip

fleet-v4.44.1

Changes

• Fixed a bug where long enrollment secrets would overlap with the action buttons on top of them.
• Fixed a bug that caused OS Settings to never be verified if the MySQL config of Fleet's database had 'only_full_group_by' mode enabled (enabled by default).
• Ensured policy names are now unique per team, allowing different teams to have policies with the same name.
• Fixed the visual display of chevron right icons on Chrome.
• Renamed the 'mdm_windows_configuration_profiles' and 'mdm_apple_configuration_profiles' 'updated_at' field to 'uploaded_at' and removed the automatic setting of the value, setting it explicitly instead.
• Fixed a small alignment bug in the setup flow.
• Improved the validation of Windows profiles to prevent errors when delivering the profiles to the hosts. If you need to embed a nested XML structure (for example, for Wi-Fi profiles), you can either:

• Escape the XML.
• Use a wrapping <![CDATA[ ... ]]> element.

• Fixed an issue where an inaccurate message was returned after running an asynchronous (queued) script.
• Fixed URL query parameters to reset when switching tabs.
• Fixed the vulnerable software dropdown from switching back to all teams.
• Added fleetctl gitops command:

• Synchronize Fleet configuration with the provided file. This command is intended to be used in a GitOps workflow.

• Updated the response for 'GET /api/v1/fleet/hosts/:id/activities/upcoming' to include the count of all upcoming activities for the host.
• Fixed an issue where software from a Parallels VM on a MacOS host would show up in Fleet as if it were the host's software.
• Removed unnecessary nested database transactions in batch-setting of MDM profiles.
• Added count of upcoming activities to host vitals UI.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

9147ff5871fe6cfb56f5ad85e69570ef5d904a20b4cf8135a59ea687e9efe7b0  fleet_v4.44.1_linux.tar.gz
321f8b3fa818470657f9bf25d73016bf13ca8833c32f3c2fd98e54f4ef5d00d2  fleetctl_v4.44.1_linux.tar.gz
2ce1530925d694ce72da0deda5dc3f7f8ee6b5fe2b3b3ade80973e5b72c35e96  fleetctl_v4.44.1_linux.zip
8a589ad4b3ec87077fb149d95a7c53d4a9422c2270b8d83a17c2ae0e2bcc816f  fleetctl_v4.44.1_macos.tar.gz
82d32160a4bc234ba3e1d34412e65ee7a74c904df4156a896f71c422a103abd6  fleetctl_v4.44.1_macos.zip
fc9a33902b9f6efc6ade3bd7cff30f476d6e7fcfa68d57d063c3ec03f8ac2bf8  fleetctl_v4.44.1_windows.tar.gz
3277b33dfc78aeaf0a039394592d87ecbdd8a1964a0cca388df58a5684f796c1  fleetctl_v4.44.1_windows.zip

fleet-v4.44.0

Changes

• Endpoint operations:

  • Removed rate-limiting from /api/fleet/orbit/ping and /api/fleet/device/ping endpoints.
  • For Windows hosts, fleetd now uses Windows Credential Manager for enroll secret.
  • For macOS hosts, fleetd stores and retrieves enroll secret from macOS keychain for non-MDM flow.
  • Query reports feature now supports a custom pack_delimiter in agent settings.
  • Packaged fleetctl for macOS as a universal binary (native support for both amd64 and arm64 architectures).
  • Added new flow for fleetctl package --type=msi on macOS using arm64 processor.
  • Teams can now configure their own host expiry settings.
  • Added UI for host details activity card.
  • Added host_count_updated_at to policy API responses.
  • Added "Run script" action to host details page.
  • Created the "script ran" activity linked to its host.
  • Updated host details page and GET /api/v1/fleet/hosts/:id endpoint so that failing policies are listed first.

• Device management (MDM):

  • Added new endpoints GET /api/v1/fleet/mdm/manual_enrollment_profile and scripts related endpoints (/hosts/:id/activity, /hosts/:id/activity/upcoming).
  • Added support for label-based MDM profiles reconciliation.
  • Improved MDM migration puppet module.
  • Added Windows scripts for MDM unenrollment and fleetd removal.
  • Added the profile's labels object to MDM profiles response payload.
  • Updated UI with ability to target MDM profiles by label.
  • Added ability to configure custom configuration_web_url values in DEP profile.
  • Fixed a bug causing MDM SSO to fail with certain configurations.
  • Fixed queries reporting inconsistent MDM enrollment status in Windows.

• Vulnerability management:

  • Added support for detecting operating system vulnerabilities for macOS and Windows.
  • Corrected Windows OS false negative for multiple OS build remediations.
  • Fixed issue with incorrect resolved_in_version for vulnerabilities.

Bug fixes and improvements

• Added "No report" text for query results not saved in Fleet.
• Updated forms across the UI for consistent styling.
• Improved UX for globally enabling/disabling SSO.
• Added new consistent header styling across the app.
• Clearer browser page titles and CTAs for Observer+.
• Updated logging destination failure response to return a 4xx error instead of 500.
• Addressed issues with query reports and host expiry settings.
• Resolved platform compatibility checker issues with deprecated osquery tables.
• Updated Go to version 1.21.6.
• osquery flag validation updated for osquery 5.11.
• Fixed validation and error handling for /api/fleet/orbit/device_token and other endpoints.
• Fixed UI bugs in script functionality, side navigation content headers, and premium message alignment.
• Fixed a bug in searching for hosts by email addresses.
• Fixed issues with sticky errors in fleetd-chrome after querying privacy_preferences table.
• Fixed a bug where Munki issues section was incorrectly displayed.
• Fixed OS compatibility calculation for certain queries.
• Fixed a bug where capital characters would not match labels containing them.
• Fixed bug in manage hosts UI where changing the dropdown filter did not clear OS settings filter.
• Fixed a bug in fleetctl where --context and --debug flags were not allowed after certain commands.
• Fixed a bug where the UUID for Windows updates profiles was missing the "w" prefix.
• Fixed a UI bug on the controls page in team targeting forms.
• Fixed a bug where policy automations when saved were resetting automations on other pages.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

85f0b24d9e734c48dfe285aece6b7decb23eaa976590245adf67e43b1bc222d1  fleet_v4.44.0_linux.tar.gz
6de3528cac2c68c0f14a98474db820bb8291b49ab63727e52d58d29288af3fa7  fleetctl_v4.44.0_linux.tar.gz
0cbf3ed058d43997b5b034e7c60de64b16ef94a3578358eaf0b4b4a9e6777446  fleetctl_v4.44.0_linux.zip
3f3ab39136e22d9cf714ab609d182d079a5cf2c6acf36d26ec9d88b64b209509  fleetctl_v4.44.0_macos.tar.gz
69ea24257c033294c33d7bb036d7ea550a75d00c2313c6d4ef25126b67d7a574  fleetctl_v4.44.0_macos.zip
b3f41948b9d55320be0884cdf9634a30089348e31bcb8a6675f75094167c741e  fleetctl_v4.44.0_windows.tar.gz
40c8f1e14c24fe384c4ed1845716ea52b391c9a867838f0a817e60d9eff6f941  fleetctl_v4.44.0_windows.zip

fleet-v4.43.3

Changes

• Fixed incorrect padding on my device page.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

d27c221fc8e4f8abea841bfb222b6e8007bf28a01d6fb59d15127b393c052fd8  fleet_v4.43.3_linux.tar.gz
74214697de2c35d0ea7a6f718e26ae9e975283910436dda092affe88e3a742fa  fleetctl_v4.43.3_linux.tar.gz
077b54749188b7e14f01c1945245ffea6f507e746bd53903e5f55a70b726b9c5  fleetctl_v4.43.3_linux.zip
a03d792c01c5989acfd6017472f6f7d77a28d2a8b7b42696dc18df6965c3a5eb  fleetctl_v4.43.3_macos.tar.gz
c5edc9dd0326d233acb978df39edaf69ecadfc4f0584e19f4e02594335849280  fleetctl_v4.43.3_macos.zip
dd73676da3c8fad35662ee0bc3419b89004bcc0ee5effad1dde9c9a8282539f0  fleetctl_v4.43.3_windows.tar.gz
13069b781ab2e631aab17b7351a0a7614e24b0b7baec710591cb949bf48d1ae0  fleetctl_v4.43.3_windows.zip

fleet-v4.43.2

Changes

• Improved HTTP client used by fleetctl and fleetd to prevent errors for 204 responses.
• Added free tier UI state to OS updates and setup experience pages.
• Added warning/info messages when downgrading/upgrading fleetd or OSQuery.
• Updated links to an expired osquery Slack invitation to go to the support page on the Fleet website.
• Cleaned settings styling.
• Created consistent loading states when using search filter.
• Fixed center styling for empty states. For software/titles and software/versions endpoints, the
  browser property is no longer included in the response when empty.
• Fixed the Windows MDM polling interval so that enrolled devices check-in regularly with Fleet to look for pending MDM-related actions.
• Fixed missing empty members SVG by fixing SVG IDs.
• Fixed a bug that caused the software/titles page to error.
• Fixed 2 vulnerability false positives on Microsoft Teams on MacOS.
• Fixed bug in CIS policy: Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

3c6c3042176f082e1dd1f36c92c783f2a586e48971ae38dc99dfe81706598ec2  fleet_v4.43.2_linux.tar.gz
dfdea74687c84ff0a8b19bec158dfef5f0debf3c9055d33f890e9f745d15c1bf  fleetctl_v4.43.2_linux.tar.gz
d0ef40074c639832aff3218949b60b341dbfbf5d6fef6e1a6b2f2ed8cb8235b3  fleetctl_v4.43.2_linux.zip
1ec7190685d2e9f4ef72d7148915233dd7eb6d4baa135148d995348291e8da5d  fleetctl_v4.43.2_macos.tar.gz
22fd75a1b0fbfb5eefa8212b9dfa65e637cb15fc07df9f88987dee1dfd1a0f62  fleetctl_v4.43.2_macos.zip
9f0ff2366d0c38a35b43373ce63fea7f5cf2a73b37eb0d476088ed2cdabdb7ee  fleetctl_v4.43.2_windows.tar.gz
d53d6203368d518ae488b2e141e2a6f03d2f599ba552fef9746d3d2e443864f3  fleetctl_v4.43.2_windows.zip

fleet-v4.43.1

Bug fixes

• Fixed bug where script results would sometimes show the wrong error message when a user attempts
  to run a script on a host that has scripts disabled.
• Fixed an issue with SCEP endpoints sending back 500 status codes. Should return 400 now if bad
  data is sent to SCEP API.
• Fixed text and icon alignment UI bug.
• Fixed message for script execution timeout.
• Fixed failed scripts showing the wrong error.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

c99fc876d59643f0ec953f18ea032e79c8aacbf9c40b776e4a0b4463455d664a  fleet_v4.43.1_linux.tar.gz
28d376d342cfc3fb69b9b080cd3496e1e4319bb120a6fcef87981b4f5e2bcb07  fleetctl_v4.43.1_linux.tar.gz
4ba47443a1930700b0c479e6b43a05213e198ee6662c249a094cf1499827a88b  fleetctl_v4.43.1_linux.zip
c479ac0319a70a1b959fc944a2fb54e7bad14b0790c577f7c3833b953ed0ccfb  fleetctl_v4.43.1_macos.tar.gz
0dd44ceef78ecf73da7128e8eddc53112d8f03f03fbae1afa41d2ac901c065b4  fleetctl_v4.43.1_macos.zip
cbd28eea3d1c057d898c3a69dc5034db4cfec105ba4072eed79609bf0b61b8b3  fleetctl_v4.43.1_windows.tar.gz
66236a0a5d98a2258df96b8a9938467062a502303307e536d452e52994e89a7d  fleetctl_v4.43.1_windows.zip

fleet-v4.43.0

Changes

• Endpoint operations:

  • Added new POST /api/v1/fleet/queries/:id/run endpoint for synchronous live queries.
  • Added PUT /api/fleet/orbit/device_mapping and PUT /api/v1/fleet/hosts/{id}/device_mapping endpoints for setting or replacing custom email addresses.
  • Added experimental --end-user-email flag to fleetctl package for .msi installer bundling.
  • Added host_count_updated_at to policy API responses.
  • Added ability to query by host display name via list hosts endpoint.
  • Added gigs_total_disk_space to host endpoint responses.
  • Added ability to remotely configure fleetd update channels in agent options (Fleet Premium only, requires fleetd >= 1.20.0).
  • Improved error message for osquery log write failures.
  • Protect live query performance by limiting results per live query.
  • Improved error handling and validation for /api/fleet/orbit/device_token and other endpoints.

• Device management (MDM):

  • Added check for custom end user email fields in enrollment profiles.
  • Modified hosts and labels endpoints to include only user-defined Windows MDM profiles.
  • Improved profile verification logic for 'pending' profiles.
  • Updated enrollment process so that fleetd auto-installs on Apple hosts enabling MDM features manually.
  • Extended script execution timeout to 5 minutes.
  • Extended Script disabling functionality to various script endpoints and fleetctl.

Bug fixes and improvements

• Fix profiles incorrectly being marked as "Failed".
  • NOTE: If you are using MDM features and have already upgraded to v4.42.0, you will need to take manual steps to resolve this issue. Please follow these instructions to reset your profiles.
• Added tooltip to policies page stating when policy counts were last updated.
• Added bold styling to profile name in custom profile activity logs.
• Implemented style tweaks to the nudge preview on OS updates page.
• Updated sort query results and reports case sensitivity and default to sorting.
• Added disk size indication when disk is full.
• Replaced 500 error with 409 for token conflicts with another host.
• Fixed script output text formatting.
• Fixed styling issues in policy automations modal and nudge preview on OS updates page.
• Fixed loading spinner not appearing when running a script on a host.
• Fixed duplicate view all hosts link in disk encryption table.
• Fixed tooltip text alignment UI bug.
• Fixed missing 'Last restarted' values when filtering hosts by label.
• Fixed broken link on callout box on host details page.
• Fixed bugs in searching hosts by email addresses and filtering by labels.
• Fixed a bug where the host details > software > munki issues section was sometimes displayed erroneously.
• Fixed a bug where OS compatibility was not correctly calculated for certain queries.
• Fixed issue where software title aggregation was not running during vulnerability scans.
• Fixed an error message bug for password length on new user creation.
• Fixed a bug causing misreporting of vulnerability scanning status in analytics.
• Fixed issue with query results reporting after discard data is enabled.
• Fixed a bug preventing label selection while the label search field was active.
• Fixed bug where fleetctl did not allow placement of --context and --debug flags following certain commands.
• Fixed a validation bug allowing overrides.platform to be set to null.
• Fixed fleetctl issue with creating a new query when running a query by name.
• Fixed a bug that caused vulnerability scanning status to be misreported in analytics.
• Fixed CVE tooltip bullets on the software page.
• Fixed a bug that didn't allow enabling team disk encryption if macOS MDM was not configured.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

edb90db5125604b243b75f5867aaa9f86703e7c788841173d6884a1aa30be2e3  fleet_v4.43.0_linux.tar.gz
3fbf7cb075336d21ba179f45a69e8eee63d3075bc34d29ab98a69c4ea7e27c76  fleetctl_v4.43.0_linux.tar.gz
87459a61c38f2613d52e6d7b3b102b9ad7e9dfc5a41069c6f3bcea82822d22fb  fleetctl_v4.43.0_linux.zip
3aed0156befca22f192922c94542111eeaba7a0bc51936c43b1cae0cba1497ff  fleetctl_v4.43.0_macos.tar.gz
47bff2b572168328683428a4ac97a57e6c1a0bd533d37e8406d8bf64cb79b75f  fleetctl_v4.43.0_macos.zip
d949541f0f008883f135144f49cb73e273d43e150f70c3dc8c4c721f2740c16e  fleetctl_v4.43.0_windows.tar.gz
479dcd633e5cc7e9db28a04ebd2043e01c94e677c0d71a7228fb51f991d4ad40  fleetctl_v4.43.0_windows.zip

fleet-v4.42.0

NOTE: There is a critical bug in Fleet v4.42.0. This might affect your Fleet if you’re using MDM features. If you’re using MDM features, please wait until v4.43.0 to upgrade Fleet. If you’ve already upgraded to v4.42.0 and run into this bug, follow the instructions for resolving the issue here.

Changes

• Endpoint operations:

  • Added fleet/device/{token}/ping endpoint for agent token checks.
  • Added GET /hosts/{id}/health endpoint for host health data.
  • Added --host-identifier option to fleetd for enrolling with a random identifier.
  • Added capability to look up hosts based on IdP email.
  • Updated manage hosts UI to filter hosts by software_version_id and software_title_id.
  • Added ability to filter hosts by software_version_id and software_title_id in various endpoints.
  • NOTE: Database migrations may take up to five minutes to complete based on number of software items.
  • Live queries now collect and display updated stats.
  • Live query stats are cleared when query SQL is modified.
  • Added UI features to incorporate new live query stats.
  • Improved host query reports and host detail query tab UI.
  • Added firehose delivery addon update for improved data handling.

• Vulnerability management:

  • Added GET /software/versions and GET /software/versions/{id} endpoints for software version management.
  • Deprecated GET /software and GET /software/{id} endpoints.
  • Added new software pages in Fleet UI, including software titles and versions.
  • Resolved scan error during OVAL vulnerability processing.

• Device management (MDM):

  • Removed the FLEET_DEV_MDM_ENABLED feature flag for Windows MDM.
  • Enabled fleetctl to configure Windows MDM profiles for teams and "no team".
  • Added database tables to support the Windows profiles feature.
  • Added support to configure Windows OS updates requirements.
  • Introduced new MDM profile endpoints: POST /mdm/profiles, DELETE /mdm/profiles/{id}, GET /mdm/profiles/{id}, GET /mdm/profiles, GET /mdm/profiles/summary.
  • Added validation to disallow custom MDM profiles with certain names.
  • Added deployment of Windows OS updates settings to targeted hosts.
  • Changed the Apple profiles ID to a prefixed UUID format.
  • Enabled targeting hosts by serial number in fleetctl run-script and fleetctl mdm run-command.
  • Added UI for uploading, deleting, downloading, and viewing Windows custom MDM profiles.

Bug fixes and improvements

• Updated Go version to 1.21.5.
• Query reports now only show results for hosts with user permissions.
• Global observers can now see all queries regardless of the observerCanRun value.
• Added whitespace rendering in policy descriptions and resolutions.
• Added truncation to dropdown options in query tables documentation.
• POST /api/v1/fleet/scripts/run/sync timeout now returns error code 408 instead of 504.
• Fixed possible deadlocks in software data ingestion and host_batteries upsert.
• Fixed button text wrapping in UI for Settings > Integrations > MDM.
• Fixed a bug where opening a modal on the Users page reset the table to the first page.
• Fixed a bug preventing label selection while the label search field was active.
• Fixed issues with UI loading indicators and placeholder texts.
• Fixed a fleetctl issue where running a query by name created a new query instead of using the existing one.
• Fixed installed_from_dep in mdm_enrolled activity for DEP device re-enrollment.
• Fixed a bug in line breaks affecting UI functionality.
• Fixed Syncml cmd data support for raw data.
• Added "copied!" message to the copy button on inputs.
• Fixed an edge case where caching could lead to lost organization settings in multiple instance scenarios.
• Fixed GET /hosts/{id}/health endpoint reporting.
• Fixed validation bugs allowing overrides.platform field to be set to null.
• Fixed an issue with policy counts showing 0 post-upgrade.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

f04c192313dccac982409ddca05ba13e636af0685d74aa0ee602784ecf438abb  fleet_v4.42.0_linux.tar.gz
f33bb2d63b10c447deb07c1c07362f8f2b6a506dad151c81f91693c4cde6ee49  fleetctl_v4.42.0_linux.tar.gz
5dbdeb015906ad92481c727807c460f04cf0e8d382b18cad4fdee446852c03a3  fleetctl_v4.42.0_linux.zip
591da2e02708c026535b821c28af316a005c4eae62800aa89c7228b7cde5546c  fleetctl_v4.42.0_macos.tar.gz
e58fe9e620f849a39e87d352c327cece59c1f3b5603e7854e67b0da02bdc8ab9  fleetctl_v4.42.0_macos.zip
e4c60c42bc5f7f51e706f06fa93f17ffbab129d76275d4c42b3b029cc876c7cd  fleetctl_v4.42.0_windows.tar.gz
e4362c74998031139fe51a022262174b58e50ebd996905154206140dd0f3511b  fleetctl_v4.42.0_windows.zip

fleet-v4.41.1

Bug fix

• Fixed logging of results for scheduled queries configured outside of Fleet when server_settings.query_reports_disabled is set to true.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

0e22bad11fb7dc2709d95b4585271967ceec89a1e1d25f011c15eefa30b22af0  fleet_v4.41.1_linux.tar.gz
0a7616f6e5cacaa40d6eaf8be557caa5480c0b02c6186f0baffac1e8b8494517  fleetctl_v4.41.1_linux.tar.gz
64895941f38bd495a6901863d1a595604a6adcb95e695429d87f1c9ca58b49ef  fleetctl_v4.41.1_linux.zip
8224ab34185e45440d7cbec7400b191cb762aac6be21538572016ac19948d917  fleetctl_v4.41.1_macos.tar.gz
97ff2b5b9903a9bf9a8c35c8d03a6b9390a1e8d19db4d26367cc1864fddb19a4  fleetctl_v4.41.1_macos.zip
b73d15865095ca377932e7a7f6390b3ac2967f961516c140a587d1ba00e8763b  fleetctl_v4.41.1_windows.tar.gz
1bd0338b3dec1cb9231c9efacf938af33651ca768e789fdc95c306bd1f931a9d  fleetctl_v4.41.1_windows.zip

fleet-v4.41.0

IMPORTANT:

• There’s a critical bug in Fleet 4.41.0.
• This bug only affects you if you use query packs, set a custom pack_delimiter in agent options, or manage queries outside of Fleet (ex. via Chef).
• If this sounds like your Fleet, please wait to upgrade to 4.41.0.
• We’re working on cutting a patch (4.41.1) ASAP.

(2023-12-06)

Changes

• Endpoint operations:

  • Enhanced fleetctl and API to support PowerShell (.ps1) scripts.
  • Updated several API endpoints to support os_settings filter, including Windows profiles status.
  • Enabled after parameter for improved pagination in various endpoints.
  • Improved the fleet/queries/run endpoint with better error handling.
  • Increased frequency of metrics reporting from Fleet servers to daily.
  • Added caching for policy results in MySQL for faster operations.

• Device management (MDM):

  • Added database tables for Windows profiles support.
  • Added validation for WSTEP certificate and key pair before enabling Windows MDM.
  • Introduced support for Windows PowerShell scripts in the UI.

• Vulnerability management:

  • Fleet now uses NVD API 2.0 for CVE information download.
  • Added support for JetBrains application vulnerability data.
  • Tightened software matching to reduce false positives.
  • Stopped reporting Atom editor packages in software inventory.

• UI improvements:

  • Updated activity feed for better communication around JIT-provisioned user logins.
  • Query report now displays the host's display name instead of the hostname.
  • Improved UI components like the manage page's label filter and edit columns modal.
  • Enabled all sort headers in the UI to be fully clickable.
  • Removed the creation of OS policies from a host's operating system in the UI.
  • Ensured correct settings visibility in the Settings > Advanced section.

Bug fixes

• Fixed long result cell truncation in live query results and query reports.
• Fixed a Redis cluster mode detection issue for RedisLabs hosted instances.
• Fixed a false positive vulnerability report for Citrix Workspace.
• Fixed an edge case sorting bug related to the last_restarted value for hosts.
• Fixed an issue with creating .deb installers with different enrollment keys.
• Fixed SMTP configuration validation issues for TLS-only servers.
• Fixed caching of team MDM configurations to improve performance at scale.
• Fixed delete pending issue during orbit.exe installation.
• Fixed a bug causing the disk encryption key banner to not display correctly.
• Fixed various error code inconsistencies across endpoints.
• Fixed filtering hosts with invalid team_id now returns a 400 error.
• Fixed false positives in software matching for similar names.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

bc5dd476ea4108d2d26ea4eab99504f02492633c6f8fa9db01f8511099c9f57e  fleet_v4.41.0_linux.tar.gz
03da62accda22d3434d6be235e9b910e04b21aee84085097369707451dc4d219  fleetctl_v4.41.0_linux.tar.gz
ec10a2193a9075b668126b3700189c7fef232978ce8f3504128203afc865a619  fleetctl_v4.41.0_linux.zip
83d78374afdc8d49da20bbbd6fec966b082725aa4060c845f13c0efc7d607182  fleetctl_v4.41.0_macos.tar.gz
1390320c14410c298f4298bd171b257ca8fde0061a62388d5cab1f04c501e062  fleetctl_v4.41.0_macos.zip
7e5eb0b48c15670d75b34acbf8f9f9a470fad76a7c20d77b79e715a56a890f74  fleetctl_v4.41.0_windows.tar.gz
255f6260d5f7f76e7d279a649879d9a27d45a78b916ffbdb1303bc707ab3a745  fleetctl_v4.41.0_windows.zip