Adding changes for Fleet v4.63.0

CHANGELOG.md

@@ -1,3 +1,60 @@
+## Fleet 4.63.0 (Jan 14, 2025)
+
+### Bug fixes
+
+### Endpoint Operations
+- When running a live query from the edit query form, considered the results of the run in calculating an existing query's performance impact if the user didn't change the query from the stored version.
+- Implemented user-level settings, used them to persist a user's selection of which columns to display on the hosts table.
+- Displayed command line installation instructions when a package is generated.
+- Allowed delivery of bootstrap packages and software installers using signed URLs from CloudFront CDN. To enable, configure server settings:
+ - `s3_software_installers_cloudfront_url`
+ - `s3_software_installers_cloudfront_url_signing_public_key_id`
+ - `s3_software_installers_cloudfront_url_signing_private_key`
+- Displayed the correct path for agent options when a key is placed in the wrong object.
+- Improved validation workflow on SMTP settings page.
+- Fixed reporting of software uninstall results after a host has been locked/unlocked.
+- Stopped VPP apps from being removed from teams whenever the VPP token team assignment is updated.
+- Improved software installation for failed policies: Added platform-specific filtering in the software dropdown, ensuring only compatible software are displayed based on each policy's targeted platforms.
+- Added ability to install VPP apps on policy failure.
+- Allowed filtering titles by "any of these platforms" in `GET /api/v1/fleet/software/titles`.
+- Included a host's team-level queries when the user is selecting a query to target for a specific host via the host details page.
+- Fix issue when identical MDM commands are sent twice to the same device when replica DB is being used.
+
+### Device Management (MDM)
+- Fixed issue where deleted Apple config profiles were installing on devices because devices were offline when the profile was added.
+- Downgraded expected/common "BootstrapPackage not found" server error to a debug message. Occurs when UI/API checks if bootstrap package exists.
+- Fixed MSI parsing for packages including long interned strings (e.g. licenses for the OpenVPN Connect installer).
+- Fixed issue where deleted Apple config profiles were installing on devices because devices were offline when the profile was added.
+- Fixed issue where deleted Apple config profiles were installing on devices because devices were offline when the profile was added.
+
+### Vulnerability Management
+- Fixed issue where the vulnerabilities cron was failing in large environments due to large SQL queries.
+- Fixed CVE-2024-10327 false positive on Fleet-supported platforms (vuln is iOS-only and iOS vuln checking is not supported).
+
+### Bug fixes and improvements
+- Fleet UI: Clarified editing VPP teams will remove App Store apps available to the team, not uninstalling apps from hosts.
+- Fleet UI: Fixed two broken links in Setup experience.
+- Pushed correct paths to the URL on the my device page when self-service is not enabled for the host.
+- Included osquery pre-releases in daily UI constant update GitHub Actions job.
+- Added a fallback for extracting app name from .pkg installers that have default or incorrect title attributes in their distribution file.
+- Fixed UI bug in "My device" page where the "Software" tab included filter elements that did not match the expected design.
+- Fixed UI bug on the "Controls" page where incorrect timestamp information was displayed while the "Current versions" table was loading.
+- For batch upload of Apple DDM profiles with `fleetctl gitops`, fixed issue where activity feed was showing a change when profiles didn't actually change.
+- Fleet UI: Fixed software name overflow in various modals.
+- Clarified expected behavior of policy host counts, dashboard controls software count, and controls os updates versions count.
+- Fix form validation behavior on the SSO settings form.
+- Fleet UI: Fix software actions dropdown styling bug.
+- Rendered the default empty value when a host has no UUID.
+- Included a host's team-level queries when the user is selecting a query to target for a specific host via the host details page.
+- Fleet UI: Added timestamp for software, OS, and vulnerability detail pages for host count last update time.
+- Fleet UI: Fixed redirect when clicking on any column in the Fleet Maintained Apps table.
+- Use an email logo compatible with dark modes.
+- Removed arrow icon from MDM solution table on dashboard page.
+- Fixed issue where deleted Apple config profiles were installing on devices because devices were offline when the profile was added.
+- Improve readability of success message on email update by never including the sender address.
+- Fixed missing capabilities in the UI for team admins creating or editing a user by exposing more information from the API for team admins.
+- Updated Fleet-maintained app install scripts for non-PKG-based installers to allow the apps to be installed over an existing installation.
+
 ## Fleet 4.62.1 (Jan 14, 2025)
 
 ### Bug fixes

charts/fleet/Chart.yaml

@@ -8,7 +8,7 @@ version: v6.3.2
 home: https://github.com/fleetdm/fleet
 sources:
   - https://github.com/fleetdm/fleet.git
-appVersion: v4.62.1
+appVersion: v4.63.0
 dependencies:
   - name: mysql
     condition: mysql.enabled

charts/fleet/values.yaml

@@ -3,7 +3,7 @@
 hostName: fleet.localhost
 replicas: 3 # The number of Fleet instances to deploy
 imageRepository: fleetdm/fleet
-imageTag: v4.62.1 # Version of Fleet to deploy
+imageTag: v4.63.0 # Version of Fleet to deploy
 podAnnotations: {} # Additional annotations to add to the Fleet pod
 serviceAnnotations: {} # Additional annotations to add to the Fleet service
 serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account

infrastructure/dogfood/terraform/aws/variables.tf

@@ -56,7 +56,7 @@ variable "database_name" {
 
 variable "fleet_image" {
   description = "the name of the container image to run"
-  default     = "fleetdm/fleet:v4.62.1"
+  default     = "fleetdm/fleet:v4.63.0"
 }
 
 variable "software_inventory" {

infrastructure/dogfood/terraform/gcp/variables.tf

@@ -68,7 +68,7 @@ variable "redis_mem" {
 }
 
 variable "image" {
-  default = "fleetdm/fleet:v4.62.1"
+  default = "fleetdm/fleet:v4.63.0"
 }
 
 variable "software_installers_bucket_name" {

infrastructure/guardduty/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.62.1"
+      version = "~> 4.63.0"
     }
   }
   backend "s3" {

infrastructure/infrastructure/cloudtrail/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.62.1"
+      version = "~> 4.63.0"
     }
   }
   backend "s3" {

infrastructure/infrastructure/elastic-agent/main.tf

@@ -20,7 +20,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.62.1"
+      version = "~> 4.63.0"
     }
   }
   backend "s3" {

infrastructure/infrastructure/guardduty-alerts/main.tf

@@ -15,7 +15,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.62.1"
+      version = "~> 4.63.0"
     }
   }
   backend "s3" {

infrastructure/infrastructure/spend_alerts/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.62.1"
+      version = "~> 4.63.0"
     }
   }
   backend "s3" {

terraform/addons/ses/README.md

@@ -9,7 +9,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.62.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.63.0 |
 
 ## Modules
 

terraform/addons/vuln-processing/variables.tf

@@ -24,7 +24,7 @@ variable "fleet_config" {
     vuln_processing_cpu                  = optional(number, 2048)
     vuln_data_stream_mem                 = optional(number, 1024)
     vuln_data_stream_cpu                 = optional(number, 512)
-    image                                = optional(string, "fleetdm/fleet:v4.62.1")
+    image                                = optional(string, "fleetdm/fleet:v4.63.0")
     family                               = optional(string, "fleet-vuln-processing")
     sidecars                             = optional(list(any), [])
     extra_environment_variables          = optional(map(string), {})
@@ -82,7 +82,7 @@ variable "fleet_config" {
     vuln_processing_cpu                  = 2048
     vuln_data_stream_mem                 = 1024
     vuln_data_stream_cpu                 = 512
-    image                                = "fleetdm/fleet:v4.62.1"
+    image                                = "fleetdm/fleet:v4.63.0"
     family                               = "fleet-vuln-processing"
     sidecars                             = []
     extra_environment_variables          = {}

terraform/byo-vpc/byo-db/README.md

@@ -6,7 +6,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.62.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.63.0 |
 
 ## Modules
 

terraform/byo-vpc/byo-db/byo-ecs/variables.tf

@@ -16,7 +16,7 @@ variable "fleet_config" {
     mem                          = optional(number, 4096)
     cpu                          = optional(number, 512)
     pid_mode                     = optional(string, null)
-    image                        = optional(string, "fleetdm/fleet:v4.62.1")
+    image                        = optional(string, "fleetdm/fleet:v4.63.0")
     family                       = optional(string, "fleet")
     sidecars                     = optional(list(any), [])
     depends_on                   = optional(list(any), [])
@@ -119,7 +119,7 @@ variable "fleet_config" {
     mem                          = 512
     cpu                          = 256
     pid_mode                     = null
-    image                        = "fleetdm/fleet:v4.62.1"
+    image                        = "fleetdm/fleet:v4.63.0"
     family                       = "fleet"
     sidecars                     = []
     depends_on                   = []

terraform/byo-vpc/byo-db/variables.tf

@@ -77,7 +77,7 @@ variable "fleet_config" {
     mem                          = optional(number, 4096)
     cpu                          = optional(number, 512)
     pid_mode                     = optional(string, null)
-    image                        = optional(string, "fleetdm/fleet:v4.62.1")
+    image                        = optional(string, "fleetdm/fleet:v4.63.0")
     family                       = optional(string, "fleet")
     sidecars                     = optional(list(any), [])
     depends_on                   = optional(list(any), [])
@@ -205,7 +205,7 @@ variable "fleet_config" {
     mem                          = 512
     cpu                          = 256
     pid_mode                     = null
-    image                        = "fleetdm/fleet:v4.62.1"
+    image                        = "fleetdm/fleet:v4.63.0"
     family                       = "fleet"
     sidecars                     = []
     depends_on                   = []

terraform/byo-vpc/example/main.tf

@@ -17,7 +17,7 @@ provider "aws" {
 }
 
 locals {
-  fleet_image = "fleetdm/fleet:v4.62.1"
+  fleet_image = "fleetdm/fleet:v4.63.0"
   domain_name = "example.com"
 }
 

terraform/byo-vpc/variables.tf

@@ -170,7 +170,7 @@ variable "fleet_config" {
     mem                          = optional(number, 4096)
     cpu                          = optional(number, 512)
     pid_mode                     = optional(string, null)
-    image                        = optional(string, "fleetdm/fleet:v4.62.1")
+    image                        = optional(string, "fleetdm/fleet:v4.63.0")
     family                       = optional(string, "fleet")
     sidecars                     = optional(list(any), [])
     depends_on                   = optional(list(any), [])
@@ -298,7 +298,7 @@ variable "fleet_config" {
     mem                          = 512
     cpu                          = 256
     pid_mode                     = null
-    image                        = "fleetdm/fleet:v4.62.1"
+    image                        = "fleetdm/fleet:v4.63.0"
     family                       = "fleet"
     sidecars                     = []
     depends_on                   = []

terraform/example/main.tf

@@ -63,8 +63,8 @@ module "fleet" {
 
   fleet_config = {
     # To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror
-    # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.62.1"
-    image = "fleetdm/fleet:v4.62.1" # override default to deploy the image you desire
+    # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.63.0"
+    image = "fleetdm/fleet:v4.63.0" # override default to deploy the image you desire
     # See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling
     # memory and cpu.
     autoscaling = {

terraform/variables.tf

@@ -218,7 +218,7 @@ variable "fleet_config" {
     mem                          = optional(number, 4096)
     cpu                          = optional(number, 512)
     pid_mode                     = optional(string, null)
-    image                        = optional(string, "fleetdm/fleet:v4.62.1")
+    image                        = optional(string, "fleetdm/fleet:v4.63.0")
     family                       = optional(string, "fleet")
     sidecars                     = optional(list(any), [])
     depends_on                   = optional(list(any), [])
@@ -346,7 +346,7 @@ variable "fleet_config" {
     mem                          = 512
     cpu                          = 256
     pid_mode                     = null
-    image                        = "fleetdm/fleet:v4.62.1"
+    image                        = "fleetdm/fleet:v4.63.0"
     family                       = "fleet"
     sidecars                     = []
     depends_on                   = []