From 92d2d8eb60d8d50c9f62b7ecc1bef6d82af276e7 Mon Sep 17 00:00:00 2001 From: Luke Heath Date: Tue, 12 Nov 2024 10:51:09 -0600 Subject: [PATCH] Adding changes for Fleet v4.59.0 (#23292) --- CHANGELOG.md | 170 +++++++++++++----- changes/20248-non-windows-script-timeout | 1 - changes/20385-filter-os-by-platforms | 1 - changes/21345-profile-aggregate-lodaing | 1 - changes/21470-fix-policy-counts-on-hosts | 1 - changes/21654-install-details | 14 -- changes/21675-install-status-tooltip | 1 - changes/21807-gitops-mdm-auth | 1 - changes/21955-ndes-scep-proxy | 1 - changes/21998-nudge-retime | 1 - changes/22041-error-message-mdm-off | 1 - changes/22125-scep-ndes-proxy | 1 - changes/22219-python-package-demian | 1 - changes/22322-fix-issue-man-enrollment-device | 2 - changes/22331-remove-pending-devices | 1 - changes/22366-host-issues | 1 - ...3-install-software-for-setup-experience-ui | 1 - .../22374-add-ui-for-setup-experience-script | 1 - changes/22375-setup-experience-migration | 1 - changes/22377-setup-experience-software-api | 1 - changes/22379-queue-setup-experience-software | 1 - changes/22381-setup-experience-state-machine | 1 - ...2382-prevent-delete-software-used-in-setup | 1 - ...cli-gitops-macos-setup-software-and-script | 1 - changes/22387-user-timestamp | 1 - changes/22424-install-automation-activity | 1 - ...document-mdm-enrolled-activity-limitations | 1 - changes/22637-status | 2 - changes/22661-improve-flash-message-ux | 4 - changes/22700-add-custom-mdm-url-field | 1 - changes/22783-release-ade-enrolled-device | 1 - changes/22954-fix-edge-icon | 1 - changes/22955-bugfix-abm-renewal | 1 - changes/22965-error-cleanup | 1 - .../22970-support-vpp-apps-for-no-team-gitops | 1 - changes/22976-ddm-delete | 2 - changes/23050-delete-other-teams | 1 - changes/23057-redis-address | 1 - changes/23068-hsi-status-icon-fe | 1 - changes/23070-install-execution-status | 1 - .../23174-fix-patch-config-vpp-associations | 1 - changes/23183-opentelemetry | 3 - changes/23207-filter-vpp-mdm | 1 - changes/23215-message-spacing | 1 - changes/23219 | 1 - .../23340-fix-device-release-for-ios-ipados | 1 - changes/23341-handle-error-change-password | 1 - changes/23349-orbit-telemetry | 1 - .../23366-fix-release-device-for-old-fleetd | 1 - changes/fix-issue-with-enroll-handler | 1 - changes/urf-8 | 1 - charts/fleet/Chart.yaml | 2 +- charts/fleet/values.yaml | 2 +- .../dogfood/terraform/aws/variables.tf | 2 +- .../dogfood/terraform/gcp/variables.tf | 2 +- terraform/addons/vuln-processing/variables.tf | 4 +- terraform/byo-vpc/byo-db/byo-ecs/variables.tf | 4 +- terraform/byo-vpc/byo-db/variables.tf | 4 +- terraform/byo-vpc/example/main.tf | 2 +- terraform/byo-vpc/variables.tf | 4 +- terraform/example/main.tf | 4 +- terraform/variables.tf | 4 +- tools/fleetctl-npm/package.json | 2 +- 63 files changed, 139 insertions(+), 138 deletions(-) delete mode 100644 changes/20248-non-windows-script-timeout delete mode 100644 changes/20385-filter-os-by-platforms delete mode 100644 changes/21345-profile-aggregate-lodaing delete mode 100644 changes/21470-fix-policy-counts-on-hosts delete mode 100644 changes/21654-install-details delete mode 100644 changes/21675-install-status-tooltip delete mode 100644 changes/21807-gitops-mdm-auth delete mode 100644 changes/21955-ndes-scep-proxy delete mode 100644 changes/21998-nudge-retime delete mode 100644 changes/22041-error-message-mdm-off delete mode 100644 changes/22125-scep-ndes-proxy delete mode 100644 changes/22219-python-package-demian delete mode 100644 changes/22322-fix-issue-man-enrollment-device delete mode 100644 changes/22331-remove-pending-devices delete mode 100644 changes/22366-host-issues delete mode 100644 changes/22373-install-software-for-setup-experience-ui delete mode 100644 changes/22374-add-ui-for-setup-experience-script delete mode 100644 changes/22375-setup-experience-migration delete mode 100644 changes/22377-setup-experience-software-api delete mode 100644 changes/22379-queue-setup-experience-software delete mode 100644 changes/22381-setup-experience-state-machine delete mode 100644 changes/22382-prevent-delete-software-used-in-setup delete mode 100644 changes/22385-cli-gitops-macos-setup-software-and-script delete mode 100644 changes/22387-user-timestamp delete mode 100644 changes/22424-install-automation-activity delete mode 100644 changes/22532-document-mdm-enrolled-activity-limitations delete mode 100644 changes/22637-status delete mode 100644 changes/22661-improve-flash-message-ux delete mode 100644 changes/22700-add-custom-mdm-url-field delete mode 100644 changes/22783-release-ade-enrolled-device delete mode 100644 changes/22954-fix-edge-icon delete mode 100644 changes/22955-bugfix-abm-renewal delete mode 100644 changes/22965-error-cleanup delete mode 100644 changes/22970-support-vpp-apps-for-no-team-gitops delete mode 100644 changes/22976-ddm-delete delete mode 100644 changes/23050-delete-other-teams delete mode 100644 changes/23057-redis-address delete mode 100644 changes/23068-hsi-status-icon-fe delete mode 100644 changes/23070-install-execution-status delete mode 100644 changes/23174-fix-patch-config-vpp-associations delete mode 100644 changes/23183-opentelemetry delete mode 100644 changes/23207-filter-vpp-mdm delete mode 100644 changes/23215-message-spacing delete mode 100644 changes/23219 delete mode 100644 changes/23340-fix-device-release-for-ios-ipados delete mode 100644 changes/23341-handle-error-change-password delete mode 100644 changes/23349-orbit-telemetry delete mode 100644 changes/23366-fix-release-device-for-old-fleetd delete mode 100644 changes/fix-issue-with-enroll-handler delete mode 100644 changes/urf-8 diff --git a/CHANGELOG.md b/CHANGELOG.md index 88f6b82a6efb..46bf107edfa2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,80 +1,152 @@ +## Fleet 4.59.0 (Nov 12, 2024) + +### Endpoint operations +- Updated OpenTelemetry libraries to latest versions. This includes the following changes when OpenTelemetry is enabled: + - MySQL spans outside of HTTPS transactions are now logged. + - Renamed MySQL spans to include the query, for easier tracking/debugging. +- Added capability for fleetd to report vital errors to Fleet server, such as when Fleet Desktop is unable to start. + +### Device management (MDM) +- Added UI for adding a setup experience script. +- Added UI for the install software setup experience. +- Added software experience software title selection API. +- Added database migrations to support Setup Experience. +- Added support to `fleetctl gitops` to specify a setup experience script to run and software to install, for a team or no team. +- Added an Orbit endpoint (`POST /orbit/setup_experience/status`) for checking the status of a macOS host's setup experience steps. +- Added service to track install status. +- Added ability to connect a SCEP NDES proxy. +- Added SCEP proxy for Windows NDES (Network Device Enrollment Service) AD CS server, which allows devices to request certificates. +- Added error message on the My Device page when MDM is off for the host. +- Added a config field to the UI for custom MDM URLs. +- Added integration to queue setup experience software installation on automatic enrollment. +- Added a validation to prevent removing a software package or a VPP app from a team if that software is selected to be installed during the setup experience. +- Updated user permissions to allow gitops users to run MDM commands. +- Updated to remove a pending MDM device if it was deleted from current ABM. +- Updated to ensure details for a software installation run are available and accurate even after the corresponding installer has been edited or deleted. + - **NOTE:** The database migration included with this update backfills installer data into installation details based on the currently uploaded installer. If you want to backfill data from activities (which will be more comprehensive and accurate than the migration default, but may take awhile as the entire activities table will be scanned), run this database query _after_ running database migrations: +```sql +UPDATE host_software_installs i +JOIN activities a ON a.activity_type = 'installed_software' + AND i.execution_id = a.details->>"$.install_uuid" +SET i.software_title_name = COALESCE(a.details->>"$.software_title", i.software_title_name), + i.installer_filename = COALESCE(a.details->>"$.software_package", i.installer_filename), + i.updated_at = i.updated_at +``` + - The above query is optional, and is unnecessary if no software installers have been edited. + +### Vulnerability management +- Added filtering Software OS view to show only OSes from a particular platform (Windows, macOS, Linux, etc.) +- Fixed issue where the vulnerabilities cron failed to complete due to a large temporary table creation when calculating host issue counts. +- Fixed Debian python package false positive vulnerabilities by removing duplicate entries for Debian python packages installed by dpkg and renaming remaining pip installed packages to match OVAL definitions. + +### Bug fixes and improvements +- Fixed the ADE enrollment release device processing for hosts running an old fleetd version. +- Fixed an issue with the BYOD enrollment page where it sometimes would show a 404 page. +- Fixed issue where macOS and Linux scripts failed to timeout on long running commands. +- Fixed bug in ABM renewal process that caused upload of new token to fail. +- Fixed blank install status when retrieving install details from the activity feed when the installer package has been updated or the software has since been removed from the host. +- Fixed the svg icon for Edge. +- Fixed frontend error when trying to view install details for an install with a blank status. +- Fixed loading state for the profile status aggregate UI. +- Fixed incorrect character set header on manual Mac enrollment config download. +- Fixed `fleetctl gitops` to support VPP apps, along with setting the VPP apps to install during the setup experience. +- Fixed bug where `PATCH /api/latest/fleet/config` was incorrectly clearing VPP token<->team associations. +- Fixed issue when trying to download the manual enrollment profile when device token is expired. We now show an error for this case. +- Fixed a bug where DDM declarations would remaing "pending" forever if they were deleted from Fleet before being sent to hosts. +- Fixed a bug where policy failures of a host were not being cleared in the host details page after configuring the host to not run any policies. +- Fixed iOS and iPadOS device release during the ADE enrollment flow. +- Ignored `--delete-other-teams` flag in `fleetctl gitops` command for non-Premium license users. +- Switched Nudge deadline time for OS upgrades on macOS pre-14 hosts from 04:00 UTC to 20:00 UTC. +- Added a more descriptive error message when install or uninstall details do not exist for an activity. +- Updated to allow FLEET_REDIS_ADDRESS to include a `redis://` prefix. Allowed formats are: `redis://host:port` or `host:port`. +- Documented that Microsoft enrollments have less fields filled in the `mdm_enrolled` activity due to how this MDM enrollment flow is implemented. +- Updated UI to make entire rows of the Disk encryption table clickable. +- Updated software install activities from policy automations to be authored by "Fleet", store policy ID and name on each activity. +- Updated tooltip for bootstrap package and VPP app statuses in UI. +- Added created_at/updated_at timestamps on user create endpoint. +- Updated UI notifications so that clicking in the horizontal dimension of a flash message, outside of the message itself, and always hide flash messages when changing routes. +- Filtered out VPP apps on non-MDM enrolled devices. +- Explicitly set line heights on "add profile" messages so they are consistent cross-browser. +- Deprecated the worker-based job to release macOS devices automatically after the setup experience, replace it with the fleetd-specific "/status" endpoint that is polled by the Setup Experience dialog controlled by Fleet during the setup flow. +- Improved UI feedback when user attempts and fails to reset password. + ## Fleet 4.58.0 (Oct 17, 2024) **Endpoint Operations:** -* Added builtin label for Fedora Linux. **Warning:** Migrations will fail if a pre-existing 'Fedora Linux' label exists. To resolve, delete the existing 'Fedora Linux' label. -* Added ability to trigger script run on policy failure. -* Updated GitOps script and software installer relative paths to now always relative to the file they're in. This change breaks existing YAML files that had to account for previous inconsistent behavior (e.g. script paths declared in no-team.yml being relative to default.yaml one directory up). -* Improved performance for host details and Fleet Desktop, particularly in environments using high volumes of live queries. -* Updated activity cleanup job to remove all expired live queries to improve API performance in environment using large volumes of live queries. To note, the cleanup cron may take longer on the first run after upgrade. -* Added an event for when a policy automation triggers a script run in the activity feed. -* Added battery status to Windows host details. +- Added builtin label for Fedora Linux. **Warning:** Migrations will fail if a pre-existing 'Fedora Linux' label exists. To resolve, delete the existing 'Fedora Linux' label. +- Added ability to trigger script run on policy failure. +- Updated GitOps script and software installer relative paths to now always relative to the file they're in. This change breaks existing YAML files that had to account for previous inconsistent behavior (e.g. script paths declared in no-team.yml being relative to default.yaml one directory up). +- Improved performance for host details and Fleet Desktop, particularly in environments using high volumes of live queries. +- Updated activity cleanup job to remove all expired live queries to improve API performance in environment using large volumes of live queries. To note, the cleanup cron may take longer on the first run after upgrade. +- Added an event for when a policy automation triggers a script run in the activity feed. +- Added battery status to Windows host details. **Device Management (MDM):** -* Added the `POST /software/fleet_maintained_apps` endpoint for adding Fleet-maintained apps. -* Added the `GET /software/fleet_maintained_apps/{app_id}` endpoint to retrieve details of a Fleet-maintained app. -* Added API endpoint to list team available Fleet-maintained apps. -* Added UI for managing Fleet-maintained apps. -* Updated add software modal to be seperate pages in Fleet UI. -* Added support for uploading RPM packages. -* Updated the request timeouts for software installer edits to be the same as initial software installer uploads. -* Updated UI for software uploads to include upload progress bar. -* Improved performance of SQL queries used to determine MDM profile status for Apple hosts. +- Added the `POST /software/fleet_maintained_apps` endpoint for adding Fleet-maintained apps. +- Added the `GET /software/fleet_maintained_apps/{app_id}` endpoint to retrieve details of a Fleet-maintained app. +- Added API endpoint to list team available Fleet-maintained apps. +- Added UI for managing Fleet-maintained apps. +- Updated add software modal to be seperate pages in Fleet UI. +- Added support for uploading RPM packages. +- Updated the request timeouts for software installer edits to be the same as initial software installer uploads. +- Updated UI for software uploads to include upload progress bar. +- Improved performance of SQL queries used to determine MDM profile status for Apple hosts. **Vulnerability Management:** -* Fixed MSRC feed pulls (for NVD release builds) in environments where GitHub access is authenticated. +- Fixed MSRC feed pulls (for NVD release builds) in environments where GitHub access is authenticated. **Bug fixes and improvements:** -* Added the 'Unsupported screen size' UI on the My device page. -* Removed redundant built in label filter pills. -* Updated success messages for lock, unlock, and wipe commands in the UI. -* Restricted width of policy description wrappers for better UI. -* Updated host details about section to condense information into fewer columns at smaller widths. -* Hid CVSS severity column from Fleet Free software details > vulnerabilities sections. -* Updated UI to remove leading/trailing whitespace when creating or editing team or query names. -* Added UI improvements when selecting live query targets (e.g. styling, closing behavior). -* Updated API to return 409 instead of 500 when trying to delete an installer associated with a policy automation. -* Updated battery health definitions to be defined as cycle counts greater than 1000 or max capacity falling under 80% of designed capacity for macOS and Windows. -* Added information on how battery health is defined to the UI. -* Updated UI to surface duplicate label name error to user. -* Fixed software uninstaller script for `pkg`s to only remove '.app' directories installed by the package. -* Fixed "no rows" error when adding a software installer that matches an existing title's name and source but not its bundle ID. -* Fixed an issue with the migration adding support for multiple VPP tokens that would happen if a token is removed prior to upgrading Fleet. -* Fixed UI flow for observers to easily query hosts from the host details page. -* Fixed bug with label display names always sentence casing. -* Fixed a bug where a profile wouldn't be removed from a host if it was deleted or if the host was moved to another team before the profile was installed on the host. -* Fixed a bug where removing a VPP or ABM token from a GitOps YAML file would leave the team assignments unchanged. -* Fixed host software filter bug that resets dropdown filter on table changes (pagination, order by column, etc). -* Fixed UI bug: Edit team name closes modal. -* Fixed UI so that switching vulnerability search types does not cause page re-render. -* Fixed UI policy automation truncation when selecting software to auto-install. -* Fixed UI design bug where software package file name was not displayed as expected. -* Fixed a small UI bug where a button overlapped some copy. -* Fixed software icon for chrome packages. +- Added the 'Unsupported screen size' UI on the My device page. +- Removed redundant built in label filter pills. +- Updated success messages for lock, unlock, and wipe commands in the UI. +- Restricted width of policy description wrappers for better UI. +- Updated host details about section to condense information into fewer columns at smaller widths. +- Hid CVSS severity column from Fleet Free software details > vulnerabilities sections. +- Updated UI to remove leading/trailing whitespace when creating or editing team or query names. +- Added UI improvements when selecting live query targets (e.g. styling, closing behavior). +- Updated API to return 409 instead of 500 when trying to delete an installer associated with a policy automation. +- Updated battery health definitions to be defined as cycle counts greater than 1000 or max capacity falling under 80% of designed capacity for macOS and Windows. +- Added information on how battery health is defined to the UI. +- Updated UI to surface duplicate label name error to user. +- Fixed software uninstaller script for `pkg`s to only remove '.app' directories installed by the package. +- Fixed "no rows" error when adding a software installer that matches an existing title's name and source but not its bundle ID. +- Fixed an issue with the migration adding support for multiple VPP tokens that would happen if a token is removed prior to upgrading Fleet. +- Fixed UI flow for observers to easily query hosts from the host details page. +- Fixed bug with label display names always sentence casing. +- Fixed a bug where a profile wouldn't be removed from a host if it was deleted or if the host was moved to another team before the profile was installed on the host. +- Fixed a bug where removing a VPP or ABM token from a GitOps YAML file would leave the team assignments unchanged. +- Fixed host software filter bug that resets dropdown filter on table changes (pagination, order by column, etc). +- Fixed UI bug: Edit team name closes modal. +- Fixed UI so that switching vulnerability search types does not cause page re-render. +- Fixed UI policy automation truncation when selecting software to auto-install. +- Fixed UI design bug where software package file name was not displayed as expected. +- Fixed a small UI bug where a button overlapped some copy. +- Fixed software icon for chrome packages. ## Fleet 4.57.3 (Oct 11, 2024) ### Bug fixes -* Fixed Orbit configuration endpoint returning 500 for Macs running Rapid Security Response macOS releases that are enrolled in OS major version enforcement. +- Fixed Orbit configuration endpoint returning 500 for Macs running Rapid Security Response macOS releases that are enrolled in OS major version enforcement. ## Fleet 4.57.2 (Oct 03, 2024) ### Bug fixes -* Fixed software uninstaller script for `pkg`s to only remove '.app' directories installed by the package. +- Fixed software uninstaller script for `pkg`s to only remove '.app' directories installed by the package. ## Fleet 4.57.1 (Oct 01, 2024) ### Bug fixes -* Improved performance of SQL queries used to determine MDM profile status for Apple hosts. -* Ensured request timeouts for software installer edits were just as high as for initial software installer uploads. -* Fixed an issue with the migration that added support for multiple VPP tokens, which would happen if a token was removed prior to upgrading Fleet. -* Fixed a "no rows" error when adding a software installer that matched an existing title's name and source but not its bundle ID. +- Improved performance of SQL queries used to determine MDM profile status for Apple hosts. +- Ensured request timeouts for software installer edits were just as high as for initial software installer uploads. +- Fixed an issue with the migration that added support for multiple VPP tokens, which would happen if a token was removed prior to upgrading Fleet. +- Fixed a "no rows" error when adding a software installer that matched an existing title's name and source but not its bundle ID. ## Fleet 4.57.0 (Sep 23, 2024) diff --git a/changes/20248-non-windows-script-timeout b/changes/20248-non-windows-script-timeout deleted file mode 100644 index 743694b6568b..000000000000 --- a/changes/20248-non-windows-script-timeout +++ /dev/null @@ -1 +0,0 @@ -- fixed issue where macOS and Linux scripts failed to timeout on long running commands \ No newline at end of file diff --git a/changes/20385-filter-os-by-platforms b/changes/20385-filter-os-by-platforms deleted file mode 100644 index 946a4771c6c8..000000000000 --- a/changes/20385-filter-os-by-platforms +++ /dev/null @@ -1 +0,0 @@ -Allow filtering Software OS view to show only OSes from a particular platform (Windows, macOS, Linux, etc.) diff --git a/changes/21345-profile-aggregate-lodaing b/changes/21345-profile-aggregate-lodaing deleted file mode 100644 index beb047c40221..000000000000 --- a/changes/21345-profile-aggregate-lodaing +++ /dev/null @@ -1 +0,0 @@ -- fix loading state for the profile status aggregate UI diff --git a/changes/21470-fix-policy-counts-on-hosts b/changes/21470-fix-policy-counts-on-hosts deleted file mode 100644 index 997f249230f5..000000000000 --- a/changes/21470-fix-policy-counts-on-hosts +++ /dev/null @@ -1 +0,0 @@ -* Fixed a bug where policy failures of a host were not being cleared in the host details page after configuring the host to not run any policies. diff --git a/changes/21654-install-details b/changes/21654-install-details deleted file mode 100644 index 0666cd5f4308..000000000000 --- a/changes/21654-install-details +++ /dev/null @@ -1,14 +0,0 @@ -* Ensure details for a software installation run are available and accurate even after the corresponding installer has been edited or deleted - -NOTE: The database migration included with this update backfills installer data into installation details based on the currently uploaded installer. To backfill data from activities (which will be more comprehensive and accurate than the migration default, but may take awhile as the entire activities table will be scanned), run this database query _after_ running database migrations: - -```sql -UPDATE host_software_installs i -JOIN activities a ON a.activity_type = 'installed_software' - AND i.execution_id = a.details->>"$.install_uuid" -SET i.software_title_name = COALESCE(a.details->>"$.software_title", i.software_title_name), - i.installer_filename = COALESCE(a.details->>"$.software_package", i.installer_filename), - i.updated_at = i.updated_at -``` - -The above query is optional, and is unnecessary if no software installers have been edited. \ No newline at end of file diff --git a/changes/21675-install-status-tooltip b/changes/21675-install-status-tooltip deleted file mode 100644 index f2c441f34cbf..000000000000 --- a/changes/21675-install-status-tooltip +++ /dev/null @@ -1 +0,0 @@ -- Updated tooltip for bootstrap package and VPP app statuses in UI. \ No newline at end of file diff --git a/changes/21807-gitops-mdm-auth b/changes/21807-gitops-mdm-auth deleted file mode 100644 index b60d563adc63..000000000000 --- a/changes/21807-gitops-mdm-auth +++ /dev/null @@ -1 +0,0 @@ -- Updated user permissions to allow gitops users to run MDM commands. \ No newline at end of file diff --git a/changes/21955-ndes-scep-proxy b/changes/21955-ndes-scep-proxy deleted file mode 100644 index 0460f4c15655..000000000000 --- a/changes/21955-ndes-scep-proxy +++ /dev/null @@ -1 +0,0 @@ -Added SCEP proxy for Windows NDES (Network Device Enrollment Service) AD CS server, which allows devices to request certificates. diff --git a/changes/21998-nudge-retime b/changes/21998-nudge-retime deleted file mode 100644 index bb9280abb13e..000000000000 --- a/changes/21998-nudge-retime +++ /dev/null @@ -1 +0,0 @@ -* Switched Nudge deadline time for OS upgrades on macOS pre-14 hosts from 04:00 UTC to 20:00 UTC diff --git a/changes/22041-error-message-mdm-off b/changes/22041-error-message-mdm-off deleted file mode 100644 index b02e81a9c8de..000000000000 --- a/changes/22041-error-message-mdm-off +++ /dev/null @@ -1 +0,0 @@ -- add error message on the My Device page when mdm is off for the host diff --git a/changes/22125-scep-ndes-proxy b/changes/22125-scep-ndes-proxy deleted file mode 100644 index 580ab00d1477..000000000000 --- a/changes/22125-scep-ndes-proxy +++ /dev/null @@ -1 +0,0 @@ -- Add ability to connect a SCEP NDES proxy diff --git a/changes/22219-python-package-demian b/changes/22219-python-package-demian deleted file mode 100644 index f9b50d4ea24b..000000000000 --- a/changes/22219-python-package-demian +++ /dev/null @@ -1 +0,0 @@ -- Addressed Debian python package false positive vulnerabilities by removing duplicate entries for Debian python packages installed by dpkg and renaming remaining pip installed packages to match OVAL definitions. diff --git a/changes/22322-fix-issue-man-enrollment-device b/changes/22322-fix-issue-man-enrollment-device deleted file mode 100644 index c6caafb1b372..000000000000 --- a/changes/22322-fix-issue-man-enrollment-device +++ /dev/null @@ -1,2 +0,0 @@ -- fix issue when trying to download the manual enrollment profile when device token is expired. We - now show an error for this case. diff --git a/changes/22331-remove-pending-devices b/changes/22331-remove-pending-devices deleted file mode 100644 index ddd32ef2b0ae..000000000000 --- a/changes/22331-remove-pending-devices +++ /dev/null @@ -1 +0,0 @@ -Remove a pending MDM device if it was deleted from current ABM diff --git a/changes/22366-host-issues b/changes/22366-host-issues deleted file mode 100644 index 0d681b1b29ef..000000000000 --- a/changes/22366-host-issues +++ /dev/null @@ -1 +0,0 @@ -- fixed issue where the vulnerabilities cron failed to complete due to a large temporary table creation when calculating host issue counts \ No newline at end of file diff --git a/changes/22373-install-software-for-setup-experience-ui b/changes/22373-install-software-for-setup-experience-ui deleted file mode 100644 index 86346c672189..000000000000 --- a/changes/22373-install-software-for-setup-experience-ui +++ /dev/null @@ -1 +0,0 @@ -- add UI for the isntall software setup experience diff --git a/changes/22374-add-ui-for-setup-experience-script b/changes/22374-add-ui-for-setup-experience-script deleted file mode 100644 index c598cb0d8cde..000000000000 --- a/changes/22374-add-ui-for-setup-experience-script +++ /dev/null @@ -1 +0,0 @@ -- add UI for adding a setup experience script diff --git a/changes/22375-setup-experience-migration b/changes/22375-setup-experience-migration deleted file mode 100644 index 7158083881e1..000000000000 --- a/changes/22375-setup-experience-migration +++ /dev/null @@ -1 +0,0 @@ -- Add database migrations to support Setup Experience diff --git a/changes/22377-setup-experience-software-api b/changes/22377-setup-experience-software-api deleted file mode 100644 index 386f68546619..000000000000 --- a/changes/22377-setup-experience-software-api +++ /dev/null @@ -1 +0,0 @@ -- Add software experience software title selection API diff --git a/changes/22379-queue-setup-experience-software b/changes/22379-queue-setup-experience-software deleted file mode 100644 index a9b5b2b547b2..000000000000 --- a/changes/22379-queue-setup-experience-software +++ /dev/null @@ -1 +0,0 @@ -- Add integration to queue setup experience software installation on automatic enrollment diff --git a/changes/22381-setup-experience-state-machine b/changes/22381-setup-experience-state-machine deleted file mode 100644 index 35e126302bbe..000000000000 --- a/changes/22381-setup-experience-state-machine +++ /dev/null @@ -1 +0,0 @@ -- Add service to track install status diff --git a/changes/22382-prevent-delete-software-used-in-setup b/changes/22382-prevent-delete-software-used-in-setup deleted file mode 100644 index 10c1183204cc..000000000000 --- a/changes/22382-prevent-delete-software-used-in-setup +++ /dev/null @@ -1 +0,0 @@ -* Added a validation to prevent removing a software package or a VPP app from a team if that software is selected to be installed during the setup experience. diff --git a/changes/22385-cli-gitops-macos-setup-software-and-script b/changes/22385-cli-gitops-macos-setup-software-and-script deleted file mode 100644 index 09ea4359f317..000000000000 --- a/changes/22385-cli-gitops-macos-setup-software-and-script +++ /dev/null @@ -1 +0,0 @@ -* Added support to `fleetctl gitops` to specify a setup experience script to run and software to install, for a team or no team. diff --git a/changes/22387-user-timestamp b/changes/22387-user-timestamp deleted file mode 100644 index 3ec5c79b857b..000000000000 --- a/changes/22387-user-timestamp +++ /dev/null @@ -1 +0,0 @@ -* Set created_at/updated_at timestamps on user create endpoint diff --git a/changes/22424-install-automation-activity b/changes/22424-install-automation-activity deleted file mode 100644 index a37d68f6049b..000000000000 --- a/changes/22424-install-automation-activity +++ /dev/null @@ -1 +0,0 @@ -* Show software install activities from policy automations as authored by "Fleet", store policy ID and name on each activity diff --git a/changes/22532-document-mdm-enrolled-activity-limitations b/changes/22532-document-mdm-enrolled-activity-limitations deleted file mode 100644 index dd0acf4de84b..000000000000 --- a/changes/22532-document-mdm-enrolled-activity-limitations +++ /dev/null @@ -1 +0,0 @@ -* Documented that Microsoft enrollments have less fields filled in the `mdm_enrolled` activity due to how this MDM enrollment flow is implemented. diff --git a/changes/22637-status b/changes/22637-status deleted file mode 100644 index e68062c162d8..000000000000 --- a/changes/22637-status +++ /dev/null @@ -1,2 +0,0 @@ -- Adds an Orbit endpoint (`POST /orbit/setup_experience/status`) for checking the status of a macOS -host's setup experience steps. \ No newline at end of file diff --git a/changes/22661-improve-flash-message-ux b/changes/22661-improve-flash-message-ux deleted file mode 100644 index fa3ff1416796..000000000000 --- a/changes/22661-improve-flash-message-ux +++ /dev/null @@ -1,4 +0,0 @@ -* Allow clicking in the horizontal dimension of a flash message, outside of the message itself, and -always hide flash messages when changing routes. -* Refactor `renderFlash` and associated logic to by default dismiss the rendered message on page - change. Provide optional `persistOnPageChange` option to allow overriding this behavior. \ No newline at end of file diff --git a/changes/22700-add-custom-mdm-url-field b/changes/22700-add-custom-mdm-url-field deleted file mode 100644 index 90d7672555fb..000000000000 --- a/changes/22700-add-custom-mdm-url-field +++ /dev/null @@ -1 +0,0 @@ -* Add a config field to the UI for custom MDM URLs diff --git a/changes/22783-release-ade-enrolled-device b/changes/22783-release-ade-enrolled-device deleted file mode 100644 index 90e83023f391..000000000000 --- a/changes/22783-release-ade-enrolled-device +++ /dev/null @@ -1 +0,0 @@ -* Deprecated the worker-based job to release macOS devices automatically after the setup experience, replace it with the fleetd-specific "/status" endpoint that is polled by the Setup Experience dialog controlled by Fleet during the setup flow. diff --git a/changes/22954-fix-edge-icon b/changes/22954-fix-edge-icon deleted file mode 100644 index fcbc114c4377..000000000000 --- a/changes/22954-fix-edge-icon +++ /dev/null @@ -1 +0,0 @@ -- fix the svg icon for Edge diff --git a/changes/22955-bugfix-abm-renewal b/changes/22955-bugfix-abm-renewal deleted file mode 100644 index b18a359755d1..000000000000 --- a/changes/22955-bugfix-abm-renewal +++ /dev/null @@ -1 +0,0 @@ -- Fixed bug in ABM renewal process that caused upload of new token to fail. diff --git a/changes/22965-error-cleanup b/changes/22965-error-cleanup deleted file mode 100644 index 40c23de691b5..000000000000 --- a/changes/22965-error-cleanup +++ /dev/null @@ -1 +0,0 @@ -* Added a more descriptive error message when install or uninstall details do not exist for an activity diff --git a/changes/22970-support-vpp-apps-for-no-team-gitops b/changes/22970-support-vpp-apps-for-no-team-gitops deleted file mode 100644 index 364e38264a36..000000000000 --- a/changes/22970-support-vpp-apps-for-no-team-gitops +++ /dev/null @@ -1 +0,0 @@ -* Fixed `fleetctl gitops` to support VPP apps, along with setting the VPP apps to install during the setup experience. diff --git a/changes/22976-ddm-delete b/changes/22976-ddm-delete deleted file mode 100644 index 7c355b79a70b..000000000000 --- a/changes/22976-ddm-delete +++ /dev/null @@ -1,2 +0,0 @@ -- Fixes a bug where DDM declarations would remaing "pending" forever if they were deleted - from Fleet before being sent to hosts. \ No newline at end of file diff --git a/changes/23050-delete-other-teams b/changes/23050-delete-other-teams deleted file mode 100644 index a6e555e3f2ad..000000000000 --- a/changes/23050-delete-other-teams +++ /dev/null @@ -1 +0,0 @@ -Ignore `--delete-other-teams` flag in `fleetctl gitops` command for non-Premium license users. diff --git a/changes/23057-redis-address b/changes/23057-redis-address deleted file mode 100644 index f037237c67c5..000000000000 --- a/changes/23057-redis-address +++ /dev/null @@ -1 +0,0 @@ -Allow FLEET_REDIS_ADDRESS to include a `redis://` prefix. Allowed formats are: `redis://host:port` or `host:port` diff --git a/changes/23068-hsi-status-icon-fe b/changes/23068-hsi-status-icon-fe deleted file mode 100644 index 3c50bb90f43a..000000000000 --- a/changes/23068-hsi-status-icon-fe +++ /dev/null @@ -1 +0,0 @@ -* Fix frontend error when trying to view install details for an install with a blank status diff --git a/changes/23070-install-execution-status b/changes/23070-install-execution-status deleted file mode 100644 index dc61f4432ffa..000000000000 --- a/changes/23070-install-execution-status +++ /dev/null @@ -1 +0,0 @@ -* Fixed blank install status when retrieving install details from the activity feed when the installer package has been updated or the software has since been removed from the host. diff --git a/changes/23174-fix-patch-config-vpp-associations b/changes/23174-fix-patch-config-vpp-associations deleted file mode 100644 index f8edd86b47ec..000000000000 --- a/changes/23174-fix-patch-config-vpp-associations +++ /dev/null @@ -1 +0,0 @@ -* Fixed bug where `PATCH /api/latest/fleet/config` was incorrectly clearing VPP token<->team associations. diff --git a/changes/23183-opentelemetry b/changes/23183-opentelemetry deleted file mode 100644 index 5dc48a73d24e..000000000000 --- a/changes/23183-opentelemetry +++ /dev/null @@ -1,3 +0,0 @@ -Updated OpenTelemetry libraries to latest versions. This includes the following changes when OpenTelemetry is enabled: -- MySQL spans outside of HTTPS transactions are now logged. -- Renamed MySQL spans to include the query, for easier tracking/debugging. diff --git a/changes/23207-filter-vpp-mdm b/changes/23207-filter-vpp-mdm deleted file mode 100644 index 2fd8f529c3e2..000000000000 --- a/changes/23207-filter-vpp-mdm +++ /dev/null @@ -1 +0,0 @@ -- Filter out VPP apps on non-MDM enrolled devices diff --git a/changes/23215-message-spacing b/changes/23215-message-spacing deleted file mode 100644 index 3ad12430b283..000000000000 --- a/changes/23215-message-spacing +++ /dev/null @@ -1 +0,0 @@ -* Explicitly set line heights on "add profile" messages so they are consistent cross-browser \ No newline at end of file diff --git a/changes/23219 b/changes/23219 deleted file mode 100644 index ea0982ba0e60..000000000000 --- a/changes/23219 +++ /dev/null @@ -1 +0,0 @@ -* Make entire rows of the Disk encryption table clickable \ No newline at end of file diff --git a/changes/23340-fix-device-release-for-ios-ipados b/changes/23340-fix-device-release-for-ios-ipados deleted file mode 100644 index 9942c419852f..000000000000 --- a/changes/23340-fix-device-release-for-ios-ipados +++ /dev/null @@ -1 +0,0 @@ -* Fixed iOS and iPadOS device release during the ADE enrollment flow, which was broken by changes made to support the new setup experience for macOS. diff --git a/changes/23341-handle-error-change-password b/changes/23341-handle-error-change-password deleted file mode 100644 index ec010c38e757..000000000000 --- a/changes/23341-handle-error-change-password +++ /dev/null @@ -1 +0,0 @@ -* Have the UI inform the user why they could not update their password \ No newline at end of file diff --git a/changes/23349-orbit-telemetry b/changes/23349-orbit-telemetry deleted file mode 100644 index 31c17f33bbe1..000000000000 --- a/changes/23349-orbit-telemetry +++ /dev/null @@ -1 +0,0 @@ -Added capability for fleetd to report vital errors to Fleet server, such as when Fleet Desktop is unable to start. diff --git a/changes/23366-fix-release-device-for-old-fleetd b/changes/23366-fix-release-device-for-old-fleetd deleted file mode 100644 index beee1c5a1bc0..000000000000 --- a/changes/23366-fix-release-device-for-old-fleetd +++ /dev/null @@ -1 +0,0 @@ -* Fixed the ADE enrollment release device processing for hosts running an old fleetd version. diff --git a/changes/fix-issue-with-enroll-handler b/changes/fix-issue-with-enroll-handler deleted file mode 100644 index 1405452321f6..000000000000 --- a/changes/fix-issue-with-enroll-handler +++ /dev/null @@ -1 +0,0 @@ -- fix an issue with the byod enrollment page where it sometimes would show a 404 page. diff --git a/changes/urf-8 b/changes/urf-8 deleted file mode 100644 index 23095d90726a..000000000000 --- a/changes/urf-8 +++ /dev/null @@ -1 +0,0 @@ -* Fixed incorrect character set header on manual Mac enrollment config download diff --git a/charts/fleet/Chart.yaml b/charts/fleet/Chart.yaml index bacdc21fb5e4..bf4f88bea1b3 100644 --- a/charts/fleet/Chart.yaml +++ b/charts/fleet/Chart.yaml @@ -8,7 +8,7 @@ version: v6.2.0 home: https://github.com/fleetdm/fleet sources: - https://github.com/fleetdm/fleet.git -appVersion: v4.58.0 +appVersion: v4.59.0 dependencies: - name: mysql condition: mysql.enabled diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml index c99628f2ab4f..da975de66ad3 100644 --- a/charts/fleet/values.yaml +++ b/charts/fleet/values.yaml @@ -3,7 +3,7 @@ hostName: fleet.localhost replicas: 3 # The number of Fleet instances to deploy imageRepository: fleetdm/fleet -imageTag: v4.58.0 # Version of Fleet to deploy +imageTag: v4.59.0 # Version of Fleet to deploy podAnnotations: {} # Additional annotations to add to the Fleet pod serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account resources: diff --git a/infrastructure/dogfood/terraform/aws/variables.tf b/infrastructure/dogfood/terraform/aws/variables.tf index ecf76f59dd12..f81ed35ca06c 100644 --- a/infrastructure/dogfood/terraform/aws/variables.tf +++ b/infrastructure/dogfood/terraform/aws/variables.tf @@ -56,7 +56,7 @@ variable "database_name" { variable "fleet_image" { description = "the name of the container image to run" - default = "fleetdm/fleet:v4.58.0" + default = "fleetdm/fleet:v4.59.0" } variable "software_inventory" { diff --git a/infrastructure/dogfood/terraform/gcp/variables.tf b/infrastructure/dogfood/terraform/gcp/variables.tf index 2ce08050834d..6e690ee8a54a 100644 --- a/infrastructure/dogfood/terraform/gcp/variables.tf +++ b/infrastructure/dogfood/terraform/gcp/variables.tf @@ -68,7 +68,7 @@ variable "redis_mem" { } variable "image" { - default = "fleetdm/fleet:v4.58.0" + default = "fleetdm/fleet:v4.59.0" } variable "software_installers_bucket_name" { diff --git a/terraform/addons/vuln-processing/variables.tf b/terraform/addons/vuln-processing/variables.tf index 1d0533f68b38..17947300da25 100644 --- a/terraform/addons/vuln-processing/variables.tf +++ b/terraform/addons/vuln-processing/variables.tf @@ -24,7 +24,7 @@ variable "fleet_config" { vuln_processing_cpu = optional(number, 2048) vuln_data_stream_mem = optional(number, 1024) vuln_data_stream_cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.58.0") + image = optional(string, "fleetdm/fleet:v4.59.0") family = optional(string, "fleet-vuln-processing") sidecars = optional(list(any), []) extra_environment_variables = optional(map(string), {}) @@ -82,7 +82,7 @@ variable "fleet_config" { vuln_processing_cpu = 2048 vuln_data_stream_mem = 1024 vuln_data_stream_cpu = 512 - image = "fleetdm/fleet:v4.58.0" + image = "fleetdm/fleet:v4.59.0" family = "fleet-vuln-processing" sidecars = [] extra_environment_variables = {} diff --git a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf index dd1b41a515cf..049841c1f735 100644 --- a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf +++ b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf @@ -16,7 +16,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.58.0") + image = optional(string, "fleetdm/fleet:v4.59.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -119,7 +119,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.58.0" + image = "fleetdm/fleet:v4.59.0" family = "fleet" sidecars = [] depends_on = [] diff --git a/terraform/byo-vpc/byo-db/variables.tf b/terraform/byo-vpc/byo-db/variables.tf index 1061c755f459..20040d516caf 100644 --- a/terraform/byo-vpc/byo-db/variables.tf +++ b/terraform/byo-vpc/byo-db/variables.tf @@ -77,7 +77,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.58.0") + image = optional(string, "fleetdm/fleet:v4.59.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -205,7 +205,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.58.0" + image = "fleetdm/fleet:v4.59.0" family = "fleet" sidecars = [] depends_on = [] diff --git a/terraform/byo-vpc/example/main.tf b/terraform/byo-vpc/example/main.tf index 0a9d210df164..8b0eefb3bea0 100644 --- a/terraform/byo-vpc/example/main.tf +++ b/terraform/byo-vpc/example/main.tf @@ -17,7 +17,7 @@ provider "aws" { } locals { - fleet_image = "fleetdm/fleet:v4.58.0" + fleet_image = "fleetdm/fleet:v4.59.0" domain_name = "example.com" } diff --git a/terraform/byo-vpc/variables.tf b/terraform/byo-vpc/variables.tf index 9c725a12b2ad..593d3a390ffc 100644 --- a/terraform/byo-vpc/variables.tf +++ b/terraform/byo-vpc/variables.tf @@ -170,7 +170,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.58.0") + image = optional(string, "fleetdm/fleet:v4.59.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -298,7 +298,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.58.0" + image = "fleetdm/fleet:v4.59.0" family = "fleet" sidecars = [] depends_on = [] diff --git a/terraform/example/main.tf b/terraform/example/main.tf index 1bb4f8f57327..8b92f669bece 100644 --- a/terraform/example/main.tf +++ b/terraform/example/main.tf @@ -63,8 +63,8 @@ module "fleet" { fleet_config = { # To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror - # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.58.0" - image = "fleetdm/fleet:v4.58.0" # override default to deploy the image you desire + # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.59.0" + image = "fleetdm/fleet:v4.59.0" # override default to deploy the image you desire # See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling # memory and cpu. autoscaling = { diff --git a/terraform/variables.tf b/terraform/variables.tf index 637d7095a266..34c6d7a1f58c 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -218,7 +218,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.58.0") + image = optional(string, "fleetdm/fleet:v4.59.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -346,7 +346,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.58.0" + image = "fleetdm/fleet:v4.59.0" family = "fleet" sidecars = [] depends_on = [] diff --git a/tools/fleetctl-npm/package.json b/tools/fleetctl-npm/package.json index d7c3201df007..4832a3f837ca 100644 --- a/tools/fleetctl-npm/package.json +++ b/tools/fleetctl-npm/package.json @@ -1,6 +1,6 @@ { "name": "fleetctl", - "version": "v4.58.0", + "version": "v4.59.0", "description": "Installer for the fleetctl CLI tool", "bin": { "fleetctl": "./run.js"