From b2de875a036ba61b1d69dd84bdcf7797a3ee67ac Mon Sep 17 00:00:00 2001 From: Luke Heath Date: Thu, 9 Jan 2025 16:47:23 -0600 Subject: [PATCH] Prepare for Fleet v4.62.0 (#25091) --- CHANGELOG.md | 75 +++++++++++++++++++ changes/19930-alert-on-cron-errors | 2 - changes/21855-paginate-queries | 5 -- changes/22444-gitops-script-missing-path | 1 - changes/22448-searchable-query-targets | 1 - changes/22523-cve-500 | 1 - changes/22723-jetbrains-eap-versions | 1 - changes/22813-software-scope-labels | 1 - changes/22875-uninstall-with-scripts-disabled | 1 - changes/22884-license-error-fleetctl | 1 - changes/22944-homebrew-casks | 1 - changes/23011-dynamic-column-sort-type | 2 - changes/23238-use-secrets-in-scripts-profiles | 5 -- changes/23309-mastodon-in-email-templates | 1 - ...23315-show-sw-install-details-on-my-device | 2 - changes/23448-maintainer-policy-automations | 1 - .../23490-null-script-software-on-policies | 1 - changes/23541-fileversion-fallback | 1 - changes/23557-minio | 1 - changes/23579-cve-2024-10004-false-positive | 1 - changes/23611-Update-CIS | 1 - changes/23783-controls-subnav-pagination | 1 - changes/23800-host-online-pctage | 1 - changes/23803-leading-zeros-bug | 1 - ...23886-remove-associations-on-policy-delete | 1 - changes/24006-host-query-report-team-id | 1 - changes/24025-add-label-team-bug | 1 - changes/24033-helm-customization-options | 1 - changes/24120-sw-title-id | 1 - changes/24166-script-line-endings | 1 - .../24244-macos-encryption-verifying-query | 1 - changes/24268-update-fleetctl-deps | 1 - changes/24286-vulncheck | 1 - changes/24315-update-windows-policy-constants | 1 - changes/24334-policy-truncation | 1 - .../24385-automatic-install-custom-packages | 1 - changes/24386-fleet-legacy-query-pack | 1 - ...de-linux-encryption-data-only-when-enabled | 1 - changes/24459-chart-serrvice-annotation | 1 - changes/24533-skip-policy | 1 - changes/24534-hide-software-2 | 1 - ...t-label-deletion-if-referenced-by-software | 1 - ...538-24542-UI-for-scope-software-via-labels | 1 - changes/24549-validate-script-profle-secrets | 1 - .../24663-software-scoped-via-labels-gitops | 1 - changes/24725-no-private-ip-found | 1 - ...24792-update-software-installer-activities | 1 - ...24795-add-helpful-tooltip-setup-experience | 1 - .../24899-software-installer-scripts-secrets | 1 - changes/24917-installer-url-length | 1 - changes/24961-invalid-uuid | 1 - ...-profile-status-aggregate-tooltips-spacing | 1 - changes/8903c-table-text-wrapping | 1 - charts/fleet/Chart.yaml | 4 +- charts/fleet/values.yaml | 2 +- .../dogfood/terraform/aws/variables.tf | 2 +- .../dogfood/terraform/gcp/variables.tf | 2 +- infrastructure/guardduty/.terraform.lock.hcl | 4 +- infrastructure/guardduty/main.tf | 2 +- .../infrastructure/cloudtrail/main.tf | 2 +- .../elastic-agent/.terraform.lock.hcl | 4 +- .../infrastructure/elastic-agent/main.tf | 2 +- .../guardduty-alerts/.terraform.lock.hcl | 4 +- .../infrastructure/guardduty-alerts/main.tf | 2 +- .../infrastructure/spend_alerts/main.tf | 2 +- terraform/addons/ses/README.md | 2 +- terraform/addons/vuln-processing/variables.tf | 4 +- terraform/byo-vpc/byo-db/README.md | 2 +- terraform/byo-vpc/byo-db/byo-ecs/variables.tf | 4 +- terraform/byo-vpc/byo-db/variables.tf | 4 +- terraform/byo-vpc/example/main.tf | 2 +- terraform/byo-vpc/variables.tf | 4 +- terraform/example/main.tf | 4 +- terraform/variables.tf | 4 +- tools/fleetctl-npm/package.json | 2 +- 75 files changed, 107 insertions(+), 95 deletions(-) delete mode 100644 changes/19930-alert-on-cron-errors delete mode 100644 changes/21855-paginate-queries delete mode 100644 changes/22444-gitops-script-missing-path delete mode 100644 changes/22448-searchable-query-targets delete mode 100644 changes/22523-cve-500 delete mode 100644 changes/22723-jetbrains-eap-versions delete mode 100644 changes/22813-software-scope-labels delete mode 100644 changes/22875-uninstall-with-scripts-disabled delete mode 100644 changes/22884-license-error-fleetctl delete mode 100644 changes/22944-homebrew-casks delete mode 100644 changes/23011-dynamic-column-sort-type delete mode 100644 changes/23238-use-secrets-in-scripts-profiles delete mode 100644 changes/23309-mastodon-in-email-templates delete mode 100644 changes/23315-show-sw-install-details-on-my-device delete mode 100644 changes/23448-maintainer-policy-automations delete mode 100644 changes/23490-null-script-software-on-policies delete mode 100644 changes/23541-fileversion-fallback delete mode 100644 changes/23557-minio delete mode 100644 changes/23579-cve-2024-10004-false-positive delete mode 100644 changes/23611-Update-CIS delete mode 100644 changes/23783-controls-subnav-pagination delete mode 100644 changes/23800-host-online-pctage delete mode 100644 changes/23803-leading-zeros-bug delete mode 100644 changes/23886-remove-associations-on-policy-delete delete mode 100644 changes/24006-host-query-report-team-id delete mode 100644 changes/24025-add-label-team-bug delete mode 100644 changes/24033-helm-customization-options delete mode 100644 changes/24120-sw-title-id delete mode 100644 changes/24166-script-line-endings delete mode 100644 changes/24244-macos-encryption-verifying-query delete mode 100644 changes/24268-update-fleetctl-deps delete mode 100644 changes/24286-vulncheck delete mode 100644 changes/24315-update-windows-policy-constants delete mode 100644 changes/24334-policy-truncation delete mode 100644 changes/24385-automatic-install-custom-packages delete mode 100644 changes/24386-fleet-legacy-query-pack delete mode 100644 changes/24456-include-linux-encryption-data-only-when-enabled delete mode 100644 changes/24459-chart-serrvice-annotation delete mode 100644 changes/24533-skip-policy delete mode 100644 changes/24534-hide-software-2 delete mode 100644 changes/24536-prevent-label-deletion-if-referenced-by-software delete mode 100644 changes/24538-24542-UI-for-scope-software-via-labels delete mode 100644 changes/24549-validate-script-profle-secrets delete mode 100644 changes/24663-software-scoped-via-labels-gitops delete mode 100644 changes/24725-no-private-ip-found delete mode 100644 changes/24792-update-software-installer-activities delete mode 100644 changes/24795-add-helpful-tooltip-setup-experience delete mode 100644 changes/24899-software-installer-scripts-secrets delete mode 100644 changes/24917-installer-url-length delete mode 100644 changes/24961-invalid-uuid delete mode 100644 changes/25038-fix-profile-status-aggregate-tooltips-spacing delete mode 100644 changes/8903c-table-text-wrapping diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fc2d7d3f10b..51f4d1d6b7b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,78 @@ +## Fleet 4.62.0 (Jan 09, 2025) + +## Endpoint operations +- Updated macos 13, 14 per latest CIS documents. Added macos 15 support. +- Updated queries API to support above targeted platform filtering. +- Updated UI queries page to filter, sort, paginate, etc. via query params in call to server. +- Added searchable query targets and cleaner UI for uses with many teams or labels. + +## Device management (MDM) +- Added ability to use secrets (`$FLEET_SECRET_YOURNAME`) in scripts and profiles. +- Added ability to scope Fleet-maintained apps and custom packages via labels in UI, API, and CLI. +- Added capability to automatically generate "trigger policies" for custom software packages. +- Added UI for scoping software via labels. +- Added validation to prevent label deletion if it is used to scope the hosts targeted by a software installer. +- Added ability to filter host software based on label scoping. +- Added support for Fleet secret validation in software installer scripts. +- Updated `fleetctl gitops` to support scope software installers by labels, with the `labels_include_any` or `labels_exclude_any` conditions. +- Updated `fleetctl gitops` to identify secrets in scripts and profiles and saves them on the Fleet server. +- Updated `fleetctl gitops` so that when it updates profiles, if the secret value has changed, the profile is updated on the host. +- Added `/fleet/spec/secret_variables` API endpoint. +- Added functionality for skipping automatic installs if the software is not scoped to the host via labels. +- Added the ability to click a software row on the my device page and see the details of that software's installation on the host. +- Allowed software uninstalls and script-based host lock/unlock/wipe to run while global scripts are disabled. + +## Vulnerability management +- Added missing vulncheck data from NVD feeds. +- Fixed MSI parsing for packages including long interned strings (e.g. licenses for the OpenVPN Connect installer). +- Fixed a panic (and resulting failure to load CVE details) on new installs when OS versions have not been populated yet. +- Fixed CVE-2024-10004 false positive on Fleet-supported platforms (vuln is iOS-only and iOS vuln checking is not supported). + +## Bug fixes and improvements +- Added license key validation on `fleetctl preview` if a license key is provided; fixes cases where an invalid license key would cause `fleetctl preview` to hang. +- Increased maximum length for installer URLs specified in GitOps to 4000 characters. +- Stopped older scheduled queries from filling logs with errors. +- Changed script upload endpoint (`POST /api/v1/fleet/scripts`) to automatically switch CRLF line endings to LF. +- Fleshed out server response from `queries` endpoint to include `count` and `meta` pagination information. +- Updated platform filtering on queries page to refer to targeted platforms instead of compatible platforms. +- Included osquery pre-releases in daily UI constant update GitHub Actions job. +- Updated to send alert via SNS when a scheduled "cron" job returns errors. +- SNS topic for job error alerts can be configured separately from the existing monitor alert by adding "cron_job_failure_monitoring" to sns_topic_arns_map, otherwise defaults to the using the same topic. +- Improved validation workflow on SMTP settings page. +- Allowed team policy endpoint (`PATCH /api/latest/fleet/teams/{team_id}/policies/{policy_id}`) to receive explicit `null` as a value for `script_id` or `software_title_id` to unset a script or software installer respectively. +- Aliased EAP versions of JetBrains IDEs to "last release version plus all fixes" (e.g. 2024.3 EAP -> 2024.2.99) to avoid vulnerability false positives. +- Removed server error if no private IP was found by detail_query_network_interface. +- Updated `fleetctl` dependencies that cause warnings. +- Added service annotation field to Helm Chart. +- Updated so that on policy deletion any associated pending software installer or scripts are deleted. +- Added fallback to FileVersion on EXE installers when FileVersion is set but ProductVersion isn't to allow more custom packages to be uploaded. +- Added Mastodon icon and URL to server email templates. +- Improved table text wrapper in UI. +- Added helpful tooltip for the install software setup experience page. +- Added offset to the tooltips on hover of the profile aggregate status indicators. +- Added the `software_title_id` field to the `added_software` activity details. +- Allow maintainers to manage install software or run scripts on policy automations. +- Removed duplicate software records from homebrew casks already reported in the osquery `apps` table to address false positive vulnerabilities due to lack of bundle_identifier. +- Added the `labels_include_any` and `labels_exclude_any` fields to the software installer activities. +- Updated the get host endpoint to include disk encryption stats for a linux host only if the setting is enabled. +- Updated Helm chart to support customization options such as the Google cloud_sql_proxy in the fleet-migration job. +- Updated example windows policies. +- Added a descriptive error when a GitOps file contains script references that are missing paths. +- Removed `invalid UUID` log message when validating Apple MDM UDID. +- Added validation Fleet secrets embedded into scripts and profiles on ingestion. +- Display the correct percentage of hosts online when there are no hosts online. +- Fixed bug when creating a label to preserve the selected team. +- Fixed export to CSV trimming leading zeros by treating those values as strings. +- Fixed reporting of software uninstall results after a host has been locked/unlocked. +- Fixed issue where minio software was not scanned for vulnerabilities correctly because of unexpected trailing characters in the version string. +- Fixed bug on the "Controls" page where incorrect timestamp information was displayed while the "Current versions" table was loading. +- Fixed policy truncation UI bug. +- Fixed cases where showing results of an inherited query viewed inside a team would include results from hosts not on thta team by adding an optional team_id parameter to queris report endpoint (`GET /api/latest/fleet/queries/{query_id}/report`). +- Fixed issue where deleted Apple config profiles were installing on devices because devices were offline when the profile was added. +- Fixed UI bug involving pagination of subsections within the "Controls" page. +- Fixed "Verifying" disk encryption status count and filter for macOS hosts to not include hosts where end-user action is required. +- Fixed a bug in determining sort type of query result columns by deducing that type from the data present in those columns. + ## Fleet 4.61.0 (Dec 17, 2024) ## Endpoint operations diff --git a/changes/19930-alert-on-cron-errors b/changes/19930-alert-on-cron-errors deleted file mode 100644 index 0374bf8b0530..000000000000 --- a/changes/19930-alert-on-cron-errors +++ /dev/null @@ -1,2 +0,0 @@ -- Send alert via SNS when a scheduled "cron" job returns errors -- SNS topic for job error alerts can be configured separately from the existing monitor alert by adding "cron_job_failure_monitoring" to sns_topic_arns_map, otherwise defaults to the using the same topic diff --git a/changes/21855-paginate-queries b/changes/21855-paginate-queries deleted file mode 100644 index a54dfb43c8c7..000000000000 --- a/changes/21855-paginate-queries +++ /dev/null @@ -1,5 +0,0 @@ -- Fleshed out server response from `queries` endpoint to include `count` and `meta` pagination information. -- Updated UI queries page to filter, sort, paginate, etc. via query params in call to server. -- Updated platform filtering on queries page to refer to targeted platforms instead of compatible - platforms -- Updated queries API to support above targeted platform filtering diff --git a/changes/22444-gitops-script-missing-path b/changes/22444-gitops-script-missing-path deleted file mode 100644 index e9a5bb299731..000000000000 --- a/changes/22444-gitops-script-missing-path +++ /dev/null @@ -1 +0,0 @@ -* Added a descriptive error when a GitOps file contains script references that are missing paths diff --git a/changes/22448-searchable-query-targets b/changes/22448-searchable-query-targets deleted file mode 100644 index 5cbb33f42d34..000000000000 --- a/changes/22448-searchable-query-targets +++ /dev/null @@ -1 +0,0 @@ -- Fleet UI: Add searchable query targets and cleaner UI I for uses with many teams or labels diff --git a/changes/22523-cve-500 b/changes/22523-cve-500 deleted file mode 100644 index d2170348a354..000000000000 --- a/changes/22523-cve-500 +++ /dev/null @@ -1 +0,0 @@ -* Fixed a panic (and resulting failure to load CVE details) on new installs when OS versions have not been populated yet. diff --git a/changes/22723-jetbrains-eap-versions b/changes/22723-jetbrains-eap-versions deleted file mode 100644 index 6efe38c67461..000000000000 --- a/changes/22723-jetbrains-eap-versions +++ /dev/null @@ -1 +0,0 @@ -* Aliased EAP versions of JetBrains IDEs to "last release version plus all fixes" (e.g. 2024.3 EAP -> 2024.2.99) to avoid vulnerability false positives \ No newline at end of file diff --git a/changes/22813-software-scope-labels b/changes/22813-software-scope-labels deleted file mode 100644 index 4a4681a2c618..000000000000 --- a/changes/22813-software-scope-labels +++ /dev/null @@ -1 +0,0 @@ -- Added features to scope Fleet-maintained apps and custom packages via labels in UI, API, and CLI. diff --git a/changes/22875-uninstall-with-scripts-disabled b/changes/22875-uninstall-with-scripts-disabled deleted file mode 100644 index 5f399869b5e5..000000000000 --- a/changes/22875-uninstall-with-scripts-disabled +++ /dev/null @@ -1 +0,0 @@ -* Allowed software uninstalls and script-based host lock/unlock/wipe to run while global scripts are disabled. diff --git a/changes/22884-license-error-fleetctl b/changes/22884-license-error-fleetctl deleted file mode 100644 index f3bb25527ebe..000000000000 --- a/changes/22884-license-error-fleetctl +++ /dev/null @@ -1 +0,0 @@ -* Added license key validation on `fleetctl preview` if a license key is provided; fixes cases where an invalid license key would cause `fleetctl preview` to hang. diff --git a/changes/22944-homebrew-casks b/changes/22944-homebrew-casks deleted file mode 100644 index abaf22ffa250..000000000000 --- a/changes/22944-homebrew-casks +++ /dev/null @@ -1 +0,0 @@ -* removed duplicate software records from homebrew casks already reported in the osquery `apps` table to address false positive vulnerabilities due to lack of bundle_identifier \ No newline at end of file diff --git a/changes/23011-dynamic-column-sort-type b/changes/23011-dynamic-column-sort-type deleted file mode 100644 index 9ac874713f1d..000000000000 --- a/changes/23011-dynamic-column-sort-type +++ /dev/null @@ -1,2 +0,0 @@ -- Fixed a bug in determining sort type of query result columns by deducing that type from the data - present in those columns. diff --git a/changes/23238-use-secrets-in-scripts-profiles b/changes/23238-use-secrets-in-scripts-profiles deleted file mode 100644 index 4df69e0d13cc..000000000000 --- a/changes/23238-use-secrets-in-scripts-profiles +++ /dev/null @@ -1,5 +0,0 @@ -Added ability to use secrets ($FLEET_SECRET_YOURNAME) in scripts and profiles. -- Added `/fleet/spec/secret_variables` API endpoint. -- fleetctl gitops identifies secrets in scripts and profiles and saves them on the Fleet server. -- secret values are populated when scripts and profiles are sent to devices. -- When fleetctl gitops updates profiles, if the secret value has changed, the profile is updated on the host. diff --git a/changes/23309-mastodon-in-email-templates b/changes/23309-mastodon-in-email-templates deleted file mode 100644 index 6eac06da3e60..000000000000 --- a/changes/23309-mastodon-in-email-templates +++ /dev/null @@ -1 +0,0 @@ -* Added Mastodon icon and URL to server email templates. diff --git a/changes/23315-show-sw-install-details-on-my-device b/changes/23315-show-sw-install-details-on-my-device deleted file mode 100644 index fc5c476c8c9c..000000000000 --- a/changes/23315-show-sw-install-details-on-my-device +++ /dev/null @@ -1,2 +0,0 @@ -* Add the ability to click a software row on the my device page and see the details of that -software's installation on the host. diff --git a/changes/23448-maintainer-policy-automations b/changes/23448-maintainer-policy-automations deleted file mode 100644 index a5a0f38532c9..000000000000 --- a/changes/23448-maintainer-policy-automations +++ /dev/null @@ -1 +0,0 @@ -- Fleet UI bug fix: Allow maintainers to manage install software or run scripts on policy automations diff --git a/changes/23490-null-script-software-on-policies b/changes/23490-null-script-software-on-policies deleted file mode 100644 index cf2db860dce3..000000000000 --- a/changes/23490-null-script-software-on-policies +++ /dev/null @@ -1 +0,0 @@ -* Allowed team policy endpoint (`PATCH /api/latest/fleet/teams/{team_id}/policies/{policy_id}`) to receive explicit `null` as a value for `script_id` or `software_title_id` to unset a script or software installer respectively. \ No newline at end of file diff --git a/changes/23541-fileversion-fallback b/changes/23541-fileversion-fallback deleted file mode 100644 index b9ec9f22adbe..000000000000 --- a/changes/23541-fileversion-fallback +++ /dev/null @@ -1 +0,0 @@ -* Added fallback to FileVersion on EXE installers when FileVersion is set but ProductVersion isn't to allow more custom packages to be uploaded diff --git a/changes/23557-minio b/changes/23557-minio deleted file mode 100644 index 2fa00913f424..000000000000 --- a/changes/23557-minio +++ /dev/null @@ -1 +0,0 @@ -* fixed issue where minio software was not scanned for vulnerabilities correctly because of unexpected trailing characters in the version string \ No newline at end of file diff --git a/changes/23579-cve-2024-10004-false-positive b/changes/23579-cve-2024-10004-false-positive deleted file mode 100644 index de3ed40f7b56..000000000000 --- a/changes/23579-cve-2024-10004-false-positive +++ /dev/null @@ -1 +0,0 @@ -* Fixed CVE-2024-10004 false positive on Fleet-supported platforms (vuln is iOS-only and iOS vuln checking is not supported) diff --git a/changes/23611-Update-CIS b/changes/23611-Update-CIS deleted file mode 100644 index 8b72853be652..000000000000 --- a/changes/23611-Update-CIS +++ /dev/null @@ -1 +0,0 @@ - * Updated macos 13, 14 per latest CIS documents. Added macos 15 support. diff --git a/changes/23783-controls-subnav-pagination b/changes/23783-controls-subnav-pagination deleted file mode 100644 index 46094c2e5f89..000000000000 --- a/changes/23783-controls-subnav-pagination +++ /dev/null @@ -1 +0,0 @@ -- Fixed UI bug involving pagination of subsections within the "Controls" page. diff --git a/changes/23800-host-online-pctage b/changes/23800-host-online-pctage deleted file mode 100644 index 4e6d92d75e68..000000000000 --- a/changes/23800-host-online-pctage +++ /dev/null @@ -1 +0,0 @@ -* Display the correct percentage of hosts online, 0, when there are no hosts online. diff --git a/changes/23803-leading-zeros-bug b/changes/23803-leading-zeros-bug deleted file mode 100644 index a3ea4104bfad..000000000000 --- a/changes/23803-leading-zeros-bug +++ /dev/null @@ -1 +0,0 @@ -- Fleet UI: Fix export to CSV from trimming leading zeros by treating those values as strings diff --git a/changes/23886-remove-associations-on-policy-delete b/changes/23886-remove-associations-on-policy-delete deleted file mode 100644 index 318ca34bec79..000000000000 --- a/changes/23886-remove-associations-on-policy-delete +++ /dev/null @@ -1 +0,0 @@ -* On policy deletion any associated pending software installer or scripts are deleted. \ No newline at end of file diff --git a/changes/24006-host-query-report-team-id b/changes/24006-host-query-report-team-id deleted file mode 100644 index 588ab1eac91e..000000000000 --- a/changes/24006-host-query-report-team-id +++ /dev/null @@ -1 +0,0 @@ -* Fixed cases where showing results of an inherited query viewed inside a team would include results from hosts not on thta team by adding an optional team_id parameter to queries report endpoint (`GET /api/latest/fleet/queries/{query_id}/report`) \ No newline at end of file diff --git a/changes/24025-add-label-team-bug b/changes/24025-add-label-team-bug deleted file mode 100644 index cb4396199129..000000000000 --- a/changes/24025-add-label-team-bug +++ /dev/null @@ -1 +0,0 @@ -- Fix bug when creating a label to preserve the selected team diff --git a/changes/24033-helm-customization-options b/changes/24033-helm-customization-options deleted file mode 100644 index 1aafbedcde5f..000000000000 --- a/changes/24033-helm-customization-options +++ /dev/null @@ -1 +0,0 @@ -Helm chart: Supported customization options such as the Google cloud_sql_proxy in the fleet-migration job. diff --git a/changes/24120-sw-title-id b/changes/24120-sw-title-id deleted file mode 100644 index 5a1b8ebe72e3..000000000000 --- a/changes/24120-sw-title-id +++ /dev/null @@ -1 +0,0 @@ -- Adds the `software_title_id` field to the `added_software` activity details. \ No newline at end of file diff --git a/changes/24166-script-line-endings b/changes/24166-script-line-endings deleted file mode 100644 index 3beeb8d9dd4a..000000000000 --- a/changes/24166-script-line-endings +++ /dev/null @@ -1 +0,0 @@ -* Changed script upload endpoint (`POST /api/v1/fleet/scripts`) to automatically switch CRLF line endings to LF diff --git a/changes/24244-macos-encryption-verifying-query b/changes/24244-macos-encryption-verifying-query deleted file mode 100644 index f88dbd6e88d9..000000000000 --- a/changes/24244-macos-encryption-verifying-query +++ /dev/null @@ -1 +0,0 @@ -* Fixed "Verifying" disk encryption status count and filter for macOS hosts to not include hosts where end-user action is required diff --git a/changes/24268-update-fleetctl-deps b/changes/24268-update-fleetctl-deps deleted file mode 100644 index 0b22a53d6585..000000000000 --- a/changes/24268-update-fleetctl-deps +++ /dev/null @@ -1 +0,0 @@ -* Update fleetctl dependencies that cause warnings \ No newline at end of file diff --git a/changes/24286-vulncheck b/changes/24286-vulncheck deleted file mode 100644 index 2104095dd5b5..000000000000 --- a/changes/24286-vulncheck +++ /dev/null @@ -1 +0,0 @@ -* added missing vulncheck data from nvd feeds \ No newline at end of file diff --git a/changes/24315-update-windows-policy-constants b/changes/24315-update-windows-policy-constants deleted file mode 100644 index 36032790089d..000000000000 --- a/changes/24315-update-windows-policy-constants +++ /dev/null @@ -1 +0,0 @@ -- Update example windows policies diff --git a/changes/24334-policy-truncation b/changes/24334-policy-truncation deleted file mode 100644 index a8137dcb3d05..000000000000 --- a/changes/24334-policy-truncation +++ /dev/null @@ -1 +0,0 @@ -- Fix policy truncation UI bug diff --git a/changes/24385-automatic-install-custom-packages b/changes/24385-automatic-install-custom-packages deleted file mode 100644 index b36526d1687f..000000000000 --- a/changes/24385-automatic-install-custom-packages +++ /dev/null @@ -1 +0,0 @@ -* Added capability to automatically generate "trigger policies" for custom software packages. diff --git a/changes/24386-fleet-legacy-query-pack b/changes/24386-fleet-legacy-query-pack deleted file mode 100644 index 66878d24a716..000000000000 --- a/changes/24386-fleet-legacy-query-pack +++ /dev/null @@ -1 +0,0 @@ -- Stop older scheduled queries from filling logs with errors diff --git a/changes/24456-include-linux-encryption-data-only-when-enabled b/changes/24456-include-linux-encryption-data-only-when-enabled deleted file mode 100644 index cefe63053829..000000000000 --- a/changes/24456-include-linux-encryption-data-only-when-enabled +++ /dev/null @@ -1 +0,0 @@ -- Updated the get host endpoint to include disk encryption stats for a linux host only if the setting is enabled diff --git a/changes/24459-chart-serrvice-annotation b/changes/24459-chart-serrvice-annotation deleted file mode 100644 index 62a199ec582d..000000000000 --- a/changes/24459-chart-serrvice-annotation +++ /dev/null @@ -1 +0,0 @@ -* Added service annotation field to Helm Chart diff --git a/changes/24533-skip-policy b/changes/24533-skip-policy deleted file mode 100644 index 4de7d634a3b3..000000000000 --- a/changes/24533-skip-policy +++ /dev/null @@ -1 +0,0 @@ -- Adds functionality for skipping automatic installs if the software is not scoped to the host via labels. \ No newline at end of file diff --git a/changes/24534-hide-software-2 b/changes/24534-hide-software-2 deleted file mode 100644 index 9b73513ddd20..000000000000 --- a/changes/24534-hide-software-2 +++ /dev/null @@ -1 +0,0 @@ -- Add functionality to filter host software based on label scoping. \ No newline at end of file diff --git a/changes/24536-prevent-label-deletion-if-referenced-by-software b/changes/24536-prevent-label-deletion-if-referenced-by-software deleted file mode 100644 index ef3e4753f351..000000000000 --- a/changes/24536-prevent-label-deletion-if-referenced-by-software +++ /dev/null @@ -1 +0,0 @@ -* Added a validation to prevent label deletion if it is used to scope the hosts targeted by a software installer. diff --git a/changes/24538-24542-UI-for-scope-software-via-labels b/changes/24538-24542-UI-for-scope-software-via-labels deleted file mode 100644 index d8d65558df8e..000000000000 --- a/changes/24538-24542-UI-for-scope-software-via-labels +++ /dev/null @@ -1 +0,0 @@ -- add UI for scoping software via labels diff --git a/changes/24549-validate-script-profle-secrets b/changes/24549-validate-script-profle-secrets deleted file mode 100644 index fdf7ea4a416e..000000000000 --- a/changes/24549-validate-script-profle-secrets +++ /dev/null @@ -1 +0,0 @@ -- Validate fleet secrets embedded into scripts and profiles on ingestion diff --git a/changes/24663-software-scoped-via-labels-gitops b/changes/24663-software-scoped-via-labels-gitops deleted file mode 100644 index 4bb1c15cf230..000000000000 --- a/changes/24663-software-scoped-via-labels-gitops +++ /dev/null @@ -1 +0,0 @@ -* Added `fleetctl gitops` support to scope software installers by labels, with the `labels_include_any` or `labels_exclude_any` conditions. diff --git a/changes/24725-no-private-ip-found b/changes/24725-no-private-ip-found deleted file mode 100644 index 83b72288a521..000000000000 --- a/changes/24725-no-private-ip-found +++ /dev/null @@ -1 +0,0 @@ -Removed server error if no private IP was found by detail_query_network_interface. diff --git a/changes/24792-update-software-installer-activities b/changes/24792-update-software-installer-activities deleted file mode 100644 index 206fa80dac8b..000000000000 --- a/changes/24792-update-software-installer-activities +++ /dev/null @@ -1 +0,0 @@ -* Added the `labels_include_any` and `labels_exclude_any` fields to the software installer activities. diff --git a/changes/24795-add-helpful-tooltip-setup-experience b/changes/24795-add-helpful-tooltip-setup-experience deleted file mode 100644 index 4c108c223152..000000000000 --- a/changes/24795-add-helpful-tooltip-setup-experience +++ /dev/null @@ -1 +0,0 @@ -- add helpful tooltip for the install software setup experience page diff --git a/changes/24899-software-installer-scripts-secrets b/changes/24899-software-installer-scripts-secrets deleted file mode 100644 index f5f11a77c74c..000000000000 --- a/changes/24899-software-installer-scripts-secrets +++ /dev/null @@ -1 +0,0 @@ -- Add support for fleet secret validation in software installer scripts diff --git a/changes/24917-installer-url-length b/changes/24917-installer-url-length deleted file mode 100644 index af3287c8076f..000000000000 --- a/changes/24917-installer-url-length +++ /dev/null @@ -1 +0,0 @@ -* Increased maximum length for installer URLs specified in GitOps to 4000 characters diff --git a/changes/24961-invalid-uuid b/changes/24961-invalid-uuid deleted file mode 100644 index fae9c81341ee..000000000000 --- a/changes/24961-invalid-uuid +++ /dev/null @@ -1 +0,0 @@ -Removed `invalid UUID` log message when validating Apple MDM UDID. diff --git a/changes/25038-fix-profile-status-aggregate-tooltips-spacing b/changes/25038-fix-profile-status-aggregate-tooltips-spacing deleted file mode 100644 index 79504e60eca0..000000000000 --- a/changes/25038-fix-profile-status-aggregate-tooltips-spacing +++ /dev/null @@ -1 +0,0 @@ -* Add offset to the tooltips on hover of the profile aggregate status indicators. diff --git a/changes/8903c-table-text-wrapping b/changes/8903c-table-text-wrapping deleted file mode 100644 index 08ce77f6b0dd..000000000000 --- a/changes/8903c-table-text-wrapping +++ /dev/null @@ -1 +0,0 @@ -- Fleet UI: Clean up some table text wrapping diff --git a/charts/fleet/Chart.yaml b/charts/fleet/Chart.yaml index b258d1c234fb..4acca084c686 100644 --- a/charts/fleet/Chart.yaml +++ b/charts/fleet/Chart.yaml @@ -4,11 +4,11 @@ name: fleet keywords: - fleet - osquery -version: v6.3.0 +version: v6.3.1 home: https://github.com/fleetdm/fleet sources: - https://github.com/fleetdm/fleet.git -appVersion: v4.61.0 +appVersion: v4.62.0 dependencies: - name: mysql condition: mysql.enabled diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml index 4d7aa0885577..692bec1b86ac 100644 --- a/charts/fleet/values.yaml +++ b/charts/fleet/values.yaml @@ -3,7 +3,7 @@ hostName: fleet.localhost replicas: 3 # The number of Fleet instances to deploy imageRepository: fleetdm/fleet -imageTag: v4.61.0 # Version of Fleet to deploy +imageTag: v4.62.0 # Version of Fleet to deploy podAnnotations: {} # Additional annotations to add to the Fleet pod serviceAnnotations: {} # Additional annotations to add to the Fleet service serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account diff --git a/infrastructure/dogfood/terraform/aws/variables.tf b/infrastructure/dogfood/terraform/aws/variables.tf index 922b0aca5b1b..dd6ed876ee7a 100644 --- a/infrastructure/dogfood/terraform/aws/variables.tf +++ b/infrastructure/dogfood/terraform/aws/variables.tf @@ -56,7 +56,7 @@ variable "database_name" { variable "fleet_image" { description = "the name of the container image to run" - default = "fleetdm/fleet:v4.61.0" + default = "fleetdm/fleet:v4.62.0" } variable "software_inventory" { diff --git a/infrastructure/dogfood/terraform/gcp/variables.tf b/infrastructure/dogfood/terraform/gcp/variables.tf index ad04cc135115..611659347ad6 100644 --- a/infrastructure/dogfood/terraform/gcp/variables.tf +++ b/infrastructure/dogfood/terraform/gcp/variables.tf @@ -68,7 +68,7 @@ variable "redis_mem" { } variable "image" { - default = "fleetdm/fleet:v4.61.0" + default = "fleetdm/fleet:v4.62.0" } variable "software_installers_bucket_name" { diff --git a/infrastructure/guardduty/.terraform.lock.hcl b/infrastructure/guardduty/.terraform.lock.hcl index 7f09debdb20c..58a7bcaa32ee 100644 --- a/infrastructure/guardduty/.terraform.lock.hcl +++ b/infrastructure/guardduty/.terraform.lock.hcl @@ -2,8 +2,8 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "4.61.0" - constraints = ">= 3.0.0, >= 4.8.0, >= 4.9.0, ~> 4.61.0" + version = "4.62.0" + constraints = ">= 3.0.0, >= 4.8.0, >= 4.9.0, ~> 4.62.0" hashes = [ "h1:fuIdjl9f2JEH0TLoq5kc9NIPbJAAV7YBbZ8fvNp5XSg=", "zh:0341a460210463a0bebd5c12ce13dc49bd8cae2399b215418c5efa607fed84e4", diff --git a/infrastructure/guardduty/main.tf b/infrastructure/guardduty/main.tf index da8fefa70b8e..217e5cac8e1d 100644 --- a/infrastructure/guardduty/main.tf +++ b/infrastructure/guardduty/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.61.0" + version = "~> 4.62.0" } } backend "s3" { diff --git a/infrastructure/infrastructure/cloudtrail/main.tf b/infrastructure/infrastructure/cloudtrail/main.tf index f5060a07307a..a70d86812bd9 100644 --- a/infrastructure/infrastructure/cloudtrail/main.tf +++ b/infrastructure/infrastructure/cloudtrail/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.61.0" + version = "~> 4.62.0" } } backend "s3" { diff --git a/infrastructure/infrastructure/elastic-agent/.terraform.lock.hcl b/infrastructure/infrastructure/elastic-agent/.terraform.lock.hcl index 88f28475952a..cfc173555821 100644 --- a/infrastructure/infrastructure/elastic-agent/.terraform.lock.hcl +++ b/infrastructure/infrastructure/elastic-agent/.terraform.lock.hcl @@ -2,8 +2,8 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "4.61.0" - constraints = ">= 3.63.0, ~> 4.61.0" + version = "4.62.0" + constraints = ">= 3.63.0, ~> 4.62.0" hashes = [ "h1:fuIdjl9f2JEH0TLoq5kc9NIPbJAAV7YBbZ8fvNp5XSg=", "zh:0341a460210463a0bebd5c12ce13dc49bd8cae2399b215418c5efa607fed84e4", diff --git a/infrastructure/infrastructure/elastic-agent/main.tf b/infrastructure/infrastructure/elastic-agent/main.tf index fdaa05002c8d..a53a8b13c3ee 100644 --- a/infrastructure/infrastructure/elastic-agent/main.tf +++ b/infrastructure/infrastructure/elastic-agent/main.tf @@ -20,7 +20,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.61.0" + version = "~> 4.62.0" } } backend "s3" { diff --git a/infrastructure/infrastructure/guardduty-alerts/.terraform.lock.hcl b/infrastructure/infrastructure/guardduty-alerts/.terraform.lock.hcl index 7f09debdb20c..58a7bcaa32ee 100644 --- a/infrastructure/infrastructure/guardduty-alerts/.terraform.lock.hcl +++ b/infrastructure/infrastructure/guardduty-alerts/.terraform.lock.hcl @@ -2,8 +2,8 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "4.61.0" - constraints = ">= 3.0.0, >= 4.8.0, >= 4.9.0, ~> 4.61.0" + version = "4.62.0" + constraints = ">= 3.0.0, >= 4.8.0, >= 4.9.0, ~> 4.62.0" hashes = [ "h1:fuIdjl9f2JEH0TLoq5kc9NIPbJAAV7YBbZ8fvNp5XSg=", "zh:0341a460210463a0bebd5c12ce13dc49bd8cae2399b215418c5efa607fed84e4", diff --git a/infrastructure/infrastructure/guardduty-alerts/main.tf b/infrastructure/infrastructure/guardduty-alerts/main.tf index 57e1adadc22b..dd0b2aa48427 100644 --- a/infrastructure/infrastructure/guardduty-alerts/main.tf +++ b/infrastructure/infrastructure/guardduty-alerts/main.tf @@ -15,7 +15,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.61.0" + version = "~> 4.62.0" } } backend "s3" { diff --git a/infrastructure/infrastructure/spend_alerts/main.tf b/infrastructure/infrastructure/spend_alerts/main.tf index ed97ff3476c8..5e1a650e19b0 100644 --- a/infrastructure/infrastructure/spend_alerts/main.tf +++ b/infrastructure/infrastructure/spend_alerts/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.61.0" + version = "~> 4.62.0" } } backend "s3" { diff --git a/terraform/addons/ses/README.md b/terraform/addons/ses/README.md index b18947647d1d..98a614a6febe 100644 --- a/terraform/addons/ses/README.md +++ b/terraform/addons/ses/README.md @@ -9,7 +9,7 @@ No requirements. | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.61.0 | +| [aws](#provider\_aws) | 4.62.0 | ## Modules diff --git a/terraform/addons/vuln-processing/variables.tf b/terraform/addons/vuln-processing/variables.tf index d9fd4e46fa58..3f851113c097 100644 --- a/terraform/addons/vuln-processing/variables.tf +++ b/terraform/addons/vuln-processing/variables.tf @@ -24,7 +24,7 @@ variable "fleet_config" { vuln_processing_cpu = optional(number, 2048) vuln_data_stream_mem = optional(number, 1024) vuln_data_stream_cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.61.0") + image = optional(string, "fleetdm/fleet:v4.62.0") family = optional(string, "fleet-vuln-processing") sidecars = optional(list(any), []) extra_environment_variables = optional(map(string), {}) @@ -82,7 +82,7 @@ variable "fleet_config" { vuln_processing_cpu = 2048 vuln_data_stream_mem = 1024 vuln_data_stream_cpu = 512 - image = "fleetdm/fleet:v4.61.0" + image = "fleetdm/fleet:v4.62.0" family = "fleet-vuln-processing" sidecars = [] extra_environment_variables = {} diff --git a/terraform/byo-vpc/byo-db/README.md b/terraform/byo-vpc/byo-db/README.md index 14ea8baf47a2..c2dcbc86af3e 100644 --- a/terraform/byo-vpc/byo-db/README.md +++ b/terraform/byo-vpc/byo-db/README.md @@ -6,7 +6,7 @@ No requirements. | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.61.0 | +| [aws](#provider\_aws) | 4.62.0 | ## Modules diff --git a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf index 73477bd34afd..bfe4187a8bbf 100644 --- a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf +++ b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf @@ -16,7 +16,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.61.0") + image = optional(string, "fleetdm/fleet:v4.62.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -119,7 +119,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.61.0" + image = "fleetdm/fleet:v4.62.0" family = "fleet" sidecars = [] depends_on = [] diff --git a/terraform/byo-vpc/byo-db/variables.tf b/terraform/byo-vpc/byo-db/variables.tf index 38fffa6e7ba4..615474683914 100644 --- a/terraform/byo-vpc/byo-db/variables.tf +++ b/terraform/byo-vpc/byo-db/variables.tf @@ -77,7 +77,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.61.0") + image = optional(string, "fleetdm/fleet:v4.62.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -205,7 +205,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.61.0" + image = "fleetdm/fleet:v4.62.0" family = "fleet" sidecars = [] depends_on = [] diff --git a/terraform/byo-vpc/example/main.tf b/terraform/byo-vpc/example/main.tf index 4e147d5ada2f..6b16e4b0f743 100644 --- a/terraform/byo-vpc/example/main.tf +++ b/terraform/byo-vpc/example/main.tf @@ -17,7 +17,7 @@ provider "aws" { } locals { - fleet_image = "fleetdm/fleet:v4.61.0" + fleet_image = "fleetdm/fleet:v4.62.0" domain_name = "example.com" } diff --git a/terraform/byo-vpc/variables.tf b/terraform/byo-vpc/variables.tf index 415ec25710f7..47e0e793a891 100644 --- a/terraform/byo-vpc/variables.tf +++ b/terraform/byo-vpc/variables.tf @@ -170,7 +170,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.61.0") + image = optional(string, "fleetdm/fleet:v4.62.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -298,7 +298,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.61.0" + image = "fleetdm/fleet:v4.62.0" family = "fleet" sidecars = [] depends_on = [] diff --git a/terraform/example/main.tf b/terraform/example/main.tf index e5355fd09f76..bd17e50be707 100644 --- a/terraform/example/main.tf +++ b/terraform/example/main.tf @@ -63,8 +63,8 @@ module "fleet" { fleet_config = { # To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror - # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.61.0" - image = "fleetdm/fleet:v4.61.0" # override default to deploy the image you desire + # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.62.0" + image = "fleetdm/fleet:v4.62.0" # override default to deploy the image you desire # See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling # memory and cpu. autoscaling = { diff --git a/terraform/variables.tf b/terraform/variables.tf index f3722ca3de75..c492e357ec2c 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -218,7 +218,7 @@ variable "fleet_config" { mem = optional(number, 4096) cpu = optional(number, 512) pid_mode = optional(string, null) - image = optional(string, "fleetdm/fleet:v4.61.0") + image = optional(string, "fleetdm/fleet:v4.62.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) @@ -346,7 +346,7 @@ variable "fleet_config" { mem = 512 cpu = 256 pid_mode = null - image = "fleetdm/fleet:v4.61.0" + image = "fleetdm/fleet:v4.62.0" family = "fleet" sidecars = [] depends_on = [] diff --git a/tools/fleetctl-npm/package.json b/tools/fleetctl-npm/package.json index 9a9422bad4ff..ec249a5dc170 100644 --- a/tools/fleetctl-npm/package.json +++ b/tools/fleetctl-npm/package.json @@ -1,6 +1,6 @@ { "name": "fleetctl", - "version": "v4.61.0", + "version": "v4.62.0", "description": "Installer for the fleetctl CLI tool", "bin": { "fleetctl": "./run.js"