Prepare for 4.16.0 release (#6256)

CHANGELOG.md

@@ -1,7 +1,40 @@
+## Fleet 4.16.0 (Jun 20, 2022)
+
+* Fleet Premium: Added the ability to set a Custom URL for the "Transparency" link included in Fleet Desktop. This allows you to use custom branding, as well as gives you control over what information you want to share with your end-users. 
+
+* Fleet Premium: Added scoring to vulnerability detection, including EPSS probability score, CVSS base score, and known exploits. This helps you to quickly categorize which threats need attention today, next week, next month, or "someday."
+
+* Added a ticket-workflow for policy automations. Configured Fleet to automatically create a Jira issue or Zendesk ticket when one or more hosts fail a specific policy.
+
+* Added [Open Vulnerability and Assement Language](https://access.redhat.com/solutions/4161) (`OVAL`) processing for Ubuntu hosts. This increases the accuracy of detected vulnerabilities. 
+
+* Added software details page to the Fleet UI.
+
+* Improved live query experience by saving the state of selected targets and adding count of visible results when filtering columns.
+
+* Fixed an issue where the **Device user** page redirected to login if an expired session token was present. 
+
+* Fixed an issue that caused a delay in availability of **My device** in Fleet Desktop.
+
+* Added support for custom headers for requests made to `fleet` instances by the `fleetctl` command.
+
+* Updated to an improved `users` query in every query we send to osquery.
+
+* Fixed `no such table` errors for `mdm` and `munki_info` for vanilla osquery MacOS hosts.
+
+* Fixed data inconsistencies in policy counts caused when a host was re-enrolled without a team or in a different one.
+
+* Fixed a bug affecting `fleetctl debug` `archive` and `errors` commands on Windows.
+
+* Added `/api/_version_/fleet/device/{token}/policies` to retrieve policies for a specific device. This endpoint can only be accessed with a premium license.
+
+* Added `POST /targets/search` and `POST /targets/count` API endpoints.
+
+* Updated `GET /software`, `GET /software/{:id}`, and `GET /software/count` endpoints to no include software that has been removed from hosts, but not cleaned up yet (orphaned).
+
 ## Fleet 4.15.0 (May 26, 2022)
 
-* Expanded beta support for vulnerability reporting to include both Zendesk and Jira integration. This allows users to configure Fleet to
-  automatically create a Zendesk ticket or Jira issue when a new vulnerability (CVE) is detected on your hosts.
+* Expanded beta support for vulnerability reporting to include both Zendesk and Jira integration. This allows users to configure Fleet to automatically create a Zendesk ticket or Jira issue when a new vulnerability (CVE) is detected on your hosts.
 
 * Expanded beta support for Fleet Desktop to Mac and Windows hosts. Fleet Desktop allows the device user to see
 information about their device. To add Fleet Desktop to a host, generate a Fleet-osquery installer with `fleetctl package` and include the `--fleet-desktop` flag. Then, open this installer on the device.
@@ -70,7 +103,7 @@ includes Fleet Desktop. Then, open this installer on the device.
 
 * Improved the empty states and forms on the **Policies** page, **Queries** page, and **Host details** page in the Fleet UI.
 
-- All duration settings returned by `fleetctl get config --include-server-config` were changed from
+* All duration settings returned by `fleetctl get config --include-server-config` were changed from
 nanoseconds to an easy to read format.
 
 * Fixed a bug in which the "Bundle identifier" tooltips displayed on **Host details > Software** did not
@@ -1452,7 +1485,7 @@ repository. Please follow changes and releases there.
 
 * Added GCP PubSub logging plugin. Thanks to Michael Samuel for adding this capability.
 
-* Improved escaping for target search in live query interface. It is now easier to target hosts with + and - characters in the name.
+* Improved escaping for target search in live query interface. It is now easier to target hosts with + and * characters in the name.
 
 * Server and browser performance improved to reduced loading of hosts in frontend. Host status will only update on page load when over 100 hosts are present.
 

articles/fleet-4.16.0.md

@@ -0,0 +1,83 @@
+# Fleet 4.16.0 brings more customization, beefs up vulnerability management and adds value to integrations. 
+
+![Fleet 4.16.0](<../website/assets/images/articles/[email protected]>)
+
+Fleet 4.16.0 is up and running. Check out the full [changelog](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.16.0) or continue reading to get the highlights.
+
+For update instructions, see our [upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs.
+
+## Highlights
+- Customize your organization's "Transparency" landing page. 
+- Prioritize your vulnerability management efforts.
+- Automatically create Jira issues or Zendesk tickets for failing policies.
+- More accurate vulnerability detection for Ubuntu hosts.
+
+## Customize your organization's "Transparency" landing page
+**Available in Fleet Premium**
+
+![Customize your "Transparency" landing page.](<../website/assets/images/articles/[email protected]>)
+Fleet Desktop gives end-users a **Transparency** landing page to see what information Fleet is able to access.
+
+Fleet 4.16.0 adds settings for a custom **Transparency** URL. This allows you to use custom branding, as well as giving you control over what information you want to share with your end-users. 
+
+## Prioritize your vulnerability management efforts
+**Available in Fleet Premium**
+
+![Prioritize your vulnerability management efforts](<../website/assets/images/articles/[email protected]>)
+We've added [EPSS probability scores](https://www.first.org/epss/), [CVSS base scores](https://nvd.nist.gov/), and [CISA's](https://www.cisa.gov/) known exploits to Fleet's vulnerability detection. This allows you to quickly categorize which threats need attention today, next week, next month, or "someday."
+
+## Automatically create Jira issues or Zendesk tickets for failing policies.
+**Available in Fleet Free & Fleet Premium**
+
+![Automatically create Jira issues or Zendesk tickets for failing policies](../website/assets/images/articles/[email protected])
+We've expanded our integration efforts to include Policies. You can configure Fleet to automatically create a Jira issue or Zendesk ticket when one or more hosts fails a specific policy. To add policies to your integrations in the Fleet UI, go to **Policies >> Manage Automations** and select the policies you'd like to monitor and the integration to use. 
+
+> Zendesk integration is currently in beta.
+
+## More accurate vulnerability detection for Ubuntu hosts.
+**Available in Fleet Free & Fleet Premium**
+
+Fleet now utilizes [Open Vulnerability and Assement Language](https://access.redhat.com/solutions/4161) (OVAL) processing for Ubuntu hosts. Adding additional data sources increases the accuracy of detected vulnerabilities. 
+
+> There are ongoing efforts to include OVAL datasources in CentOS and other Linux distributions as well. 
+
+## More new features, improvements, and bug fixes
+
+In 4.16.0, we also:
+
+* Added software details page to the Fleet UI.
+
+* Improved live query experience by saving the state of selected targets and adding count of visible results when filtering columns.
+
+* Fixed an issue where the **Device user** page redirected to login if an expired session token was present. 
+
+* Fixed an issue that caused a delay in availability of **My device** in Fleet Desktop.
+
+* Added support for custom headers for requests made to `fleet` instances by the `fleetctl` command.
+
+* Updated to an improved `users` query in every query we send to osquery.
+
+* Fixed `no such table` errors for `mdm` and `munki_info` for vanilla osquery MacOS hosts.
+
+* Fixed data inconsistencies in policy counts caused when a host was re-enrolled without a team or in a different one.
+
+* Fixed a bug affecting `fleetctl debug` `archive` and `errors` commands on Windows.
+
+* Added `/api/_version_/fleet/device/{token}/policies` to retrieve policies for a specific device. This endpoint can only be accessed with a premium license.
+
+* Added `POST /targets/search` and `POST /targets/count` API endpoints.
+
+* Updated `GET /software`, `GET /software/{:id}`, and `GET /software/count` endpoints to no include software that has been removed from hosts, but not cleaned up yet (orphaned).
+
+---
+
+### Ready to update?
+
+Visit our [Update guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs for instructions on updating to Fleet 4.15.0.
+
+<meta name="category" value="releases">
+<meta name="authorFullName" value="Kathy Satterlee">
+<meta name="authorGitHubUsername" value="ksatter">
+<meta name="publishedOn" value="2022-06-16">
+<meta name="articleTitle" value="Fleet 4.16.0 gives you the option to customize the information you share to end-users in Fleet Desktop, beefs up vulnerability management and adds additional workflows to Jira and Zendesk integrations.">
+<meta name="articleImageUrl" value="../website/assets/images/articles/[email protected]">

charts/fleet/Chart.yaml

@@ -4,8 +4,8 @@ name: fleet
 keywords:
   - fleet
   - osquery
-version: v4.15.0
+version: v4.16.0
 home: https://github.com/fleetdm/fleet
 sources:
   - https://github.com/fleetdm/fleet.git
-appVersion: v4.15.0
+appVersion: v4.16.0

docs/Deploying/Server-Installation.md

@@ -445,7 +445,7 @@ spec:
     spec:
       containers:
       - name: fleet
-        image: fleetdm/fleet:4.15.0
+        image: fleetdm/fleet:4.16.0
         env:
           - name: FLEET_MYSQL_ADDRESS
             valueFrom:

infrastructure/dogfood/terraform/aws/variables.tf

@@ -56,7 +56,7 @@ variable "database_name" {
 
 variable "fleet_image" {
   description = "the name of the container image to run"
-  default     = "fleetdm/fleet:v4.15.0"
+  default     = "fleetdm/fleet:v4.16.0"
 }
 
 variable "software_inventory" {

tools/fleetctl-npm/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fleetctl",
-  "version": "v4.15.0",
+  "version": "v4.16.0",
   "description": "Installer for the fleetctl CLI tool",
   "bin": {
     "fleetctl": "./run.js"
@@ -24,4 +24,4 @@
     "osquery",
     "security"
   ]
-}
+}