|
1 | | -## Fleet 4.62.0 (Jan 02, 2025) |
| 1 | +## Fleet 4.62.0 (Jan 09, 2025) |
2 | 2 |
|
3 | | -### Bug fixes |
| 3 | +## Endpoint operations |
| 4 | +- Updated macos 13, 14 per latest CIS documents. Added macos 15 support. |
| 5 | +- Updated queries API to support above targeted platform filtering. |
| 6 | +- Updated UI queries page to filter, sort, paginate, etc. via query params in call to server. |
| 7 | +- Added searchable query targets and cleaner UI for uses with many teams or labels. |
4 | 8 |
|
5 | | -### Endpoint Operations |
| 9 | +## Device management (MDM) |
| 10 | +- Added ability to use secrets (`$FLEET_SECRET_YOURNAME`) in scripts and profiles. |
| 11 | +- Added ability to scope Fleet-maintained apps and custom packages via labels in UI, API, and CLI. |
6 | 12 | - Added capability to automatically generate "trigger policies" for custom software packages. |
7 | | -- Stop older scheduled queries from filling logs with errors |
8 | | -- Changed script upload endpoint (`POST /api/v1/fleet/scripts`) to automatically switch CRLF line endings to LF |
9 | | -- Fleshed out server response from `queries` endpoint to include `count` and `meta` pagination information. |
10 | | -- Updated UI queries page to filter, sort, paginate, etc. via query params in call to server. |
11 | | -- Updated platform filtering on queries page to refer to targeted platforms instead of compatible platforms |
12 | | -- Updated queries API to support above targeted platform filtering |
| 13 | +- Added UI for scoping software via labels. |
| 14 | +- Added validation to prevent label deletion if it is used to scope the hosts targeted by a software installer. |
| 15 | +- Added ability to filter host software based on label scoping. |
| 16 | +- Added support for Fleet secret validation in software installer scripts. |
| 17 | +- Updated `fleetctl gitops` to support scope software installers by labels, with the `labels_include_any` or `labels_exclude_any` conditions. |
| 18 | +- Updated `fleetctl gitops` to identify secrets in scripts and profiles and saves them on the Fleet server. |
| 19 | +- Updated `fleetctl gitops` so that when it updates profiles, if the secret value has changed, the profile is updated on the host. |
| 20 | +- Added `/fleet/spec/secret_variables` API endpoint. |
| 21 | +- Added functionality for skipping automatic installs if the software is not scoped to the host via labels. |
| 22 | +- Added the ability to click a software row on the my device page and see the details of that software's installation on the host. |
| 23 | +- Allowed software uninstalls and script-based host lock/unlock/wipe to run while global scripts are disabled. |
13 | 24 |
|
14 | | -### Device Management (MDM) |
| 25 | +## Vulnerability management |
| 26 | +- Added missing vulncheck data from NVD feeds. |
| 27 | +- Fixed MSI parsing for packages including long interned strings (e.g. licenses for the OpenVPN Connect installer). |
| 28 | +- Fixed a panic (and resulting failure to load CVE details) on new installs when OS versions have not been populated yet. |
| 29 | +- Fixed CVE-2024-10004 false positive on Fleet-supported platforms (vuln is iOS-only and iOS vuln checking is not supported). |
| 30 | + |
| 31 | +## Bug fixes and improvements |
15 | 32 | - Added license key validation on `fleetctl preview` if a license key is provided; fixes cases where an invalid license key would cause `fleetctl preview` to hang. |
| 33 | +- Increased maximum length for installer URLs specified in GitOps to 4000 characters. |
| 34 | +- Stopped older scheduled queries from filling logs with errors. |
| 35 | +- Changed script upload endpoint (`POST /api/v1/fleet/scripts`) to automatically switch CRLF line endings to LF. |
| 36 | +- Fleshed out server response from `queries` endpoint to include `count` and `meta` pagination information. |
| 37 | +- Updated platform filtering on queries page to refer to targeted platforms instead of compatible platforms. |
| 38 | +- Included osquery pre-releases in daily UI constant update GitHub Actions job. |
| 39 | +- Updated to send alert via SNS when a scheduled "cron" job returns errors. |
| 40 | +- SNS topic for job error alerts can be configured separately from the existing monitor alert by adding "cron_job_failure_monitoring" to sns_topic_arns_map, otherwise defaults to the using the same topic. |
| 41 | +- Improved validation workflow on SMTP settings page. |
16 | 42 | - Allowed team policy endpoint (`PATCH /api/latest/fleet/teams/{team_id}/policies/{policy_id}`) to receive explicit `null` as a value for `script_id` or `software_title_id` to unset a script or software installer respectively. |
17 | | -- Alises EAP versions of JetBrains IDEs to "last release version plus all fixes" to avoid vulnerability false positives. |
18 | | - |
19 | | -### Vulnerability Management |
20 | | -- Added Mastodon icon and URL to server email templates. |
21 | | -- Added a validation to prevent label deletion if it is used to scope the hosts targeted by a software installer. |
22 | | -- Fixed issue where minio software was not scanned for vulnerabilities correctly because of unexpected trailing characters in the version string |
23 | | - |
24 | | -### Bug fixes and improvements |
25 | | -- Fleet UI: Fix export to CSV from trimming leading zeros by treating those values as strings |
26 | | -- Send alert via SNS when a scheduled "cron" job returns errors |
27 | | -- SNS topic for job error alerts can be configured separately from the existing monitor alert by adding "cron_job_failure_monitoring" to sns_topic_arns_map, otherwise defaults to the using the same topic |
28 | | -- Fix bug when creating a label to preserve the selected team |
29 | | -- Add UI for scoping software via labels |
| 43 | +- Aliased EAP versions of JetBrains IDEs to "last release version plus all fixes" (e.g. 2024.3 EAP -> 2024.2.99) to avoid vulnerability false positives. |
30 | 44 | - Removed server error if no private IP was found by detail_query_network_interface. |
31 | | -- Added ability to use secrets ($FLEET_SECRET_YOURNAME) in scripts and profiles. |
32 | | -- Fleet UI: Add searchable query targets and cleaner UI for uses with many teams or labels |
33 | | -- Increased maximum length for installer URLs specified in GitOps to 4000 characters |
34 | | -- Fixed a panic (and resulting failure to load CVE details) on new installs when OS versions have not been populated yet. |
35 | | -- Add functionality to filter host software based on label scoping. |
36 | | -- Add the ability to click a software row on the my device page and see the details of that software's installation on the host. |
37 | | -- Update fleetctl dependencies that cause warnings |
38 | | -- Added service annotation field to Helm Chart |
39 | | -- Added features to scope Fleet-maintained apps and custom packages via labels in UI, API, and CLI. |
40 | | -- Allowed software uninstalls and script-based host lock/unlock/wipe to run while global scripts are disabled. |
41 | | -- Fix policy truncation UI bug |
42 | | -- Add support for fleet secret validation in software installer scripts |
43 | | -- Added fallback to FileVersion on EXE installers when FileVersion is set but ProductVersion isn't to allow more custom packages to be uploaded |
44 | | -- Removed duplicate software records from homebrew casks already reported in the osquery `apps` table to address false positive vulnerabilities due to lack of bundle_identifier |
45 | | -- Fixed cases where showing results of an inherited query viewed inside a team would include results from hosts not on thta team by adding an optional team_id parameter to queries report endpoint (`GET /api/latest/fleet/queries/{query_id}/report`) |
| 45 | +- Updated `fleetctl` dependencies that cause warnings. |
| 46 | +- Added service annotation field to Helm Chart. |
| 47 | +- Updated so that on policy deletion any associated pending software installer or scripts are deleted. |
| 48 | +- Added fallback to FileVersion on EXE installers when FileVersion is set but ProductVersion isn't to allow more custom packages to be uploaded. |
| 49 | +- Added Mastodon icon and URL to server email templates. |
| 50 | +- Improved table text wrapper in UI. |
| 51 | +- Added helpful tooltip for the install software setup experience page. |
| 52 | +- Added offset to the tooltips on hover of the profile aggregate status indicators. |
| 53 | +- Added the `software_title_id` field to the `added_software` activity details. |
| 54 | +- Allow maintainers to manage install software or run scripts on policy automations. |
| 55 | +- Removed duplicate software records from homebrew casks already reported in the osquery `apps` table to address false positive vulnerabilities due to lack of bundle_identifier. |
46 | 56 | - Added the `labels_include_any` and `labels_exclude_any` fields to the software installer activities. |
47 | | -- Updated the get host endpoint to include disk encryption stats for a linux host only if the setting is enabled |
48 | | -- Added a descriptive error when a GitOps file contains script references that are missing paths |
49 | | -- Fixed CVE-2024-10004 false positive on Fleet-supported platforms (vuln is iOS-only and iOS vuln checking is not supported) |
| 57 | +- Updated the get host endpoint to include disk encryption stats for a linux host only if the setting is enabled. |
| 58 | +- Updated Helm chart to support customization options such as the Google cloud_sql_proxy in the fleet-migration job. |
| 59 | +- Updated example windows policies. |
| 60 | +- Added a descriptive error when a GitOps file contains script references that are missing paths. |
50 | 61 | - Removed `invalid UUID` log message when validating Apple MDM UDID. |
| 62 | +- Added validation Fleet secrets embedded into scripts and profiles on ingestion. |
| 63 | +- Display the correct percentage of hosts online when there are no hosts online. |
| 64 | +- Fixed bug when creating a label to preserve the selected team. |
| 65 | +- Fixed export to CSV trimming leading zeros by treating those values as strings. |
| 66 | +- Fixed reporting of software uninstall results after a host has been locked/unlocked. |
| 67 | +- Fixed issue where minio software was not scanned for vulnerabilities correctly because of unexpected trailing characters in the version string. |
| 68 | +- Fixed bug on the "Controls" page where incorrect timestamp information was displayed while the "Current versions" table was loading. |
| 69 | +- Fixed policy truncation UI bug. |
| 70 | +- Fixed cases where showing results of an inherited query viewed inside a team would include results from hosts not on thta team by adding an optional team_id parameter to queris report endpoint (`GET /api/latest/fleet/queries/{query_id}/report`). |
| 71 | +- Fixed issue where deleted Apple config profiles were installing on devices because devices were offline when the profile was added. |
| 72 | +- Fixed UI bug involving pagination of subsections within the "Controls" page. |
| 73 | +- Fixed "Verifying" disk encryption status count and filter for macOS hosts to not include hosts where end-user action is required. |
51 | 74 | - Fixed a bug in determining sort type of query result columns by deducing that type from the data present in those columns. |
52 | | -- Display the correct percentage of hosts online, 0, when there are no hosts online. |
53 | | -- Validate fleet secrets embedded into scripts and profiles on ingestion |
54 | | -- Adds functionality for skipping automatic installs if the software is not scoped to the host via labels. |
55 | 75 |
|
56 | 76 | ## Fleet 4.61.0 (Dec 17, 2024) |
57 | 77 |
|
|
0 commit comments