Skip to content

Releases: fleetdm/fleet

fleet-v4.71.1

04 Aug 20:33
@github-actions github-actions
fleet-v4.71.1
ccef1d2
Compare
Choose a tag to compare
fleet-v4.71.1 Latest
Latest

Bug fixes

  • Added sso_server_url configuration option to support SSO setups with separate URLs for admin access vs agent/API access. When set, SSO authentication will only work from the specified URL. This fixes SSO authentication errors for organizations using dual URL configurations.
  • Fixed an issue where SSO URLs with trailing slashes would cause authentication failures due to double slashes in the ACS URL. Both regular SSO and MDM SSO URLs now properly handle trailing slashes.
  • Added support for MS-MDE2 v7.0 Windows MDM Enrollments

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

5ccb98feafffd94833d2a351789f83df587cc103088462ffb0efcc20471fa952  fleet_v4.71.1_linux.tar.gz
adac200aab77def642f44b656f2b8fcfde54114c41e38f08825cc9a50bf3d1c3  fleetctl_v4.71.1_linux_amd64.tar.gz
de9e9dc3b4545475c4675a366066de5b88129875c7755026d6af167b5497287f  fleetctl_v4.71.1_linux_amd64.zip
e0d3c44cb4111fa213a89b8a759df7b39adc630c15bb554be67d28ed7415013b  fleetctl_v4.71.1_linux_arm64.tar.gz
dc67fa38f8df1053ea06b0ddb769c7f12ea59671edb5143e046c8091948a158f  fleetctl_v4.71.1_linux_arm64.zip
3bb55c16ef401c690509b93f71eee4fa7230f9ee46058ae9de5d91643edd3840  fleetctl_v4.71.1_macos.tar.gz
24851da8de060b76414820a86664965f0b99e2893a1f78933df59ad984c2f033  fleetctl_v4.71.1_macos.zip
5b9d2ee0f048fac46807ba51c0238f7ca6498b835f5d09cc315d0d195d3935ce  fleetctl_v4.71.1_windows_amd64.tar.gz
0dc19ca5227553f4b6c425f7dc8feee76b5293764b162a979bd29d4dad71204f  fleetctl_v4.71.1_windows_amd64.zip
dec0078b965e5dd94186a4e3e06dcd0b76560b6573425da7e2f0a511be4d8ddf  fleetctl_v4.71.1_windows_arm64.tar.gz
53ac2b2fb216ea74f316ad7f83a849e649728a5b055fc71ea4ac96e7874572b7  fleetctl_v4.71.1_windows_arm64.zip
Assets 14

fleet-v4.71.0

23 Jul 21:59
@github-actions github-actions
fleet-v4.71.0
ec85e9a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.71.0

Fleet 4.71.0 (Jul 23, 2025)

Security Engineers

  • Updated CIS benchmarks for Windows 10 to version 3.
  • Added support for IdP-based labels.
  • Added last opened time for Windows applications.
  • Updated GET /hosts/:id/encryption_key to return most recently archived encryption key if current key is not available.
  • Added support for ingesting user's "Department" via SCIM and added support to set the FLEET_VAR_HOST_END_USER_IDP_DEPARTMENT variable on configuration profiles.
  • Cleaned up false-positive vulnerabilities on Amazon Linux 2 hosts reported in Fleet <= 4.55.

IT Admins

  • Added the verification of user-scoped profiles on macOS.
  • Added last opened time for Windows applications.
  • Updated Windows Custom OS Settings including Win32/Desktop Bridge ADMX policies to now be marked verified after the host has acknowledged the MDM install command.
  • Added support for "Host Vitals" label, starting with IdP-based labels which update automatically.
  • Added automatic refetches of host vitals and software inventory after a successful software install or uninstall.
  • Updated GET /hosts/:id/encryption_key to return most recently archived encryption key if current key is not available.
  • Increased how often Fleet checks for new Fleet-maintained apps, from once per day to once per hour.
  • Improved GitOps speed when managing software with hashes on a large number of teams.
  • Separated host details software list into two separate sections: Inventory (software installed on a host) and Library (software available for installation on a host).
  • Updated Apple profile verification code to disallow uploading profiles with the same identifier but differing PayloadScopes.
  • Recorded installer URL when a Fleet-maintained app is added via the web UI or REST API.
  • Added support for ingesting user's "Department" via SCIM and added support to set the FLEET_VAR_HOST_END_USER_IDP_DEPARTMENT variable on configuration profiles.
  • Added support for the Apple MDM user channel. When a mobileconfig with a payloadscope of User is targeted for a host with a user channel connection, it will now be sent to the user channel.
  • Added ability to add EULA end user sees during setup experience via gitops.

Other improvements and bug fixes

  • Switched VPP apps to show as installed only after MDM confirms the app is installed, instead of when the installation command is acknowledged.
  • Added user property api_only to backend activity details.
  • Replaced email with user full name for login activity.
  • Added a new avatar for API-only users in the activity feed.
  • Updated side navigation styles across the app.
  • Added premium tier messaging to the certificates section on the integrations page.
  • Removed ability to upload a EULA in the UI if gitops is enabled.
  • Migrated from aws-sdk-go v1 to aws-sdk-go-v2.
  • Optimized database queries for MDM enrollment checks when one host is being checked at a time.
  • Replaced own SAML implementation with https://github.com/crewjam/saml.
  • Increased page size for software versions shown on the software view page from 5 to 10.
  • Added retries in PATCH policies API requests to fix deadlock errors in "Manage automations" page.
  • Added missing team_name property on /api/v1/fleet/hosts/identifier/:id endpoint.
  • Added missing "url" parameter when exporting YAML on software packages that have a URL specified (thanks @drvcodenta!)
  • Improved performance when pulling team settings on osquery config and distributed read endpoints.
  • Allowed team selection and name updates when saving a copy of an existing query as a new query.
  • Updated Fleet maintained apps uninstall script to use pkgutil to remove applications files.
  • Added functionality for verifying installation of VPP apps.
  • Moved the SSO and Host status webhook settings from Settings > Organization to Settings > Integrations.
  • Updated software installed activities created during setup experience correctly categorized as from automation.
  • Fixed cases where valid operating system vulnerabilities would be periodically incorrectly purged.
  • Fixed details not showing when the device page URL was edited.
  • Fixed an issue where the fleetctl codesignature requirements couldn't be used to verify the codesignature of fleetctl.
  • Fixed issue where IdP integration page did not show the premium feature message.
  • Fixed bug present on gitops cmd when importing no-team.yml with scripts without default.yml.
  • Fixed a bug where Fleet-maintained app updates via GitOps wouldn't pull the latest version of Google Chrome on each run, and would display an invalid SHA256 hash in the UI and API.
  • Fixed host API to returns empty array (instead of 404) if software title or version is not found on hosts on that team consistent with other host filters.
  • Fixed bug with the run script modal on the Hosts page when running under FreeTier due to invalid teamId filter.
  • Fixed a case where host software counts wouldn't be updated if the host_software database table included one or more rows with a zero software_id.
  • Fixed issue where attempting to lock an MDM-unenrolled macOS host was not returning the expected error.
  • Fixed error when deleting a calendar event for a Google Workspace user that no longer exists.
  • Fixed fleetctl panic caused by missing SSO settings during gitops generate.
  • Fixed software title ID + installer status filters to return an empty array with 0 count instead of 404 when an installer is not present on a team.
  • Fixed issue where iOS devices were not refetching at the expected cadence when re-enrolled without first deleting the host.
  • Fixed cases where valid operating system vulnerabilities would be periodically incorrectly purged.
  • Fixed issue with PATCH /fleet/scim/Groups/<group name> endpoint handling duplicate entries.
  • Fixed bug with calendar/webhook endpoint that caused an error if the calendar event relates to a deleted host.
  • Fixed host details > MDM OS settings tooltips from flashing during a host refetch.
  • Fixed an issue where macos_setup would not always be exported by fleetctl generate-gitops when it should have been.
  • Fixed host certificate source recording (including associated performance/database load issues) when multiple hosts share the same certificate on user keychains with differing usernames.
  • Fixed software package version output in generated GitOps YAML.
  • Fixed truncation of the MDM server url value on the about card on host details page.
  • Fixed a bug that prevented users from adding VPP apps to macOS setup experience if the iOS version of the app was also added to their team software library.
  • Fixed cases where installed-then-uninstalled software would show up in software inventory.
  • Fixed automation tooltip not showing the correct filesystem log destination.
  • Fixed SSO settings page returning 500 when SSO settings are undefined.
  • Fixed the linux uninstall script.
  • Fixed broken macOS users causing errors during query ingestion.

Fleet-maintained app updates and vulnerability fixes are applied, whether or not you upgrade.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.45.1
  2. fleet-desktop-v1.45.1 (included with Orbit)
  3. fleetd-chrome-v1.3.2

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our upgrade guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

9aadd3195508920306d46918f6b27e4888b43a659070f58bf541a3aaf2ec38e9  fleet_v4.71.0_linux.tar.gz
2415a2939e7d3a6959eb5bd1403289d3fd6dd06ede9e64d2cbb398eb464e2f16  fleetctl_v4.71.0_linux_amd64.tar.gz
8818b643411f6116309a1c7628ebc804eba4c8e4d9228cc6f6d4447e62f50279  fleetctl_v4.71.0_linux_amd64.zip
e3706ba14e808571ab88f7469560ce16b98b70583a2a5f76d60f86e6fc5c90d5  fleetctl_v4.71.0_linux_arm64.tar.gz
2a3076f916ab1fd68add031d2e565c3335879dc68b9584d2a3445ce7fc73f972  fleetctl_v4.71.0_linux_arm64.zip
2a7cbfacf320cf8b498d28f59a5e05dccf375760dcd1fc5d1b562160934d8d8a  fleetctl_v4.71.0_macos.tar.gz
fda22d71d9e25b4bf9c4d2d5623aa9167b7f3c3ad489782b3ef0bedc944b7912  fleetctl_v4.71.0_macos.zip
78eaf3115e8e72a7e54acafd75235853126b3b0eddfd784243ef5433dc15186a  fleetctl_v4.71.0_windows_amd64.tar.gz
711d5d1afb043c4b8b70fea320d8dcb31ccc3050e569b894a206b9c97adf25df  fleetctl_v4.71.0_windows_amd64.zip
cdb2c3c678a17ddf11a956b4ea40d105e64c0ae2e18c530b93806b69620ba7fc  fleetctl_v4.71.0_windows_arm64.tar.gz
4994f8af4d41d020a9a8e66337ea238f3675d1421603245b54d7756771c92af3  fleetctl_v4.71.0_windows_arm64.zip

Contributors

drvcodenta
Loading

fleet-v4.70.1

09 Jul 21:40
@github-actions github-actions
fleet-v4.70.1
b7ba279
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.70.1

Bug fixes

  • Fixed host certificate source recording (including associated performance/database load issues) when multiple hosts share the same certificate on user keychains with differing usernames.
  • Fixed fleetctl panic caused by missing SSO settings during gitops generate.
  • Fixed SSO settings page returning 500 when SSO settings are undefined.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

1a4594a720b751aaddc9c6806e26e03b2df64f0cc00d5fd1978a3a6f32ad456c  fleet_v4.70.1_linux.tar.gz
dcfe487f5df307c06def072d29cc0ffdbc626b1b78f6e537f996f329b0c5a9ee  fleetctl_v4.70.1_linux_amd64.tar.gz
3df068e75b08be20df187372f59b820d5df3ec21d742b773f7151f4005356f32  fleetctl_v4.70.1_linux_amd64.zip
0916ba596d17eaff7f170f882080a5c592f90021c3ac4ca4bfcfdb5b22e4a06b  fleetctl_v4.70.1_linux_arm64.tar.gz
93daa9d744ee28cb00e49895a77465efb97108a4c45e2e40fe4d49e65a05c13c  fleetctl_v4.70.1_linux_arm64.zip
38313f9cede40a0bc2d66775c7cb7e5adf6e5b5371c936604ed2a57973ba923a  fleetctl_v4.70.1_macos.tar.gz
9c454772e914f0effbcd5d3ad29ecb66ad91ed1ad4e4a6a289e882ef6b610618  fleetctl_v4.70.1_macos.zip
7e531adb75f531204ee7735a97ac24941aa7dc841810cde34a3342eda443b519  fleetctl_v4.70.1_windows_amd64.tar.gz
33669cd4734e8e143c13f63a9b98fe353ed43ddd14d5dbc525b4bdbb5a52e3b6  fleetctl_v4.70.1_windows_amd64.zip
93210672b26f1a2ea50fc92cd3c98032b2c32dca9c60323109730abea61e8d6c  fleetctl_v4.70.1_windows_arm64.tar.gz
81969ca0c4472f889b710f0d8043aed293a90015eb6cf1d3a678db4b83f5131e  fleetctl_v4.70.1_windows_arm64.zip
Loading

fleet-v4.70.0

30 Jun 20:41
@github-actions github-actions
fleet-v4.70.0
cdc543e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.70.0

Fleet 4.70.0 (June 30, 2025)

Security Engineers

  • Added support for Microsoft Entra ID conditional access.
  • Updated vulnerabilities feed to fall back to non-primary CVSSv2/v3 sources when primary (NVD) data is not available, instead of omitting scores entirely.
  • Updated custom SCEP proxy implementation to include one-time challenges.
  • Added the source and username fields for host certificates, reporting 'system' or 'user' based on which keychain it was from (for macOS, it will be 'user' if coming from the "login" keychain), and the corresponding username if the source is 'user'.
  • Updated certificates card on the host details and my device page to show a new keychain column.

IT Admins

  • Added support for Microsoft Entra ID conditional access.
  • Enabled Android MDM support. The functionality is limited to turning on Android MDM and enrolling a BYOD device.

NOTE: If your server was already using Android via the experimental DEV_ANDROID_ENABLED=1 flag, please turn off Android MDM before updating your Fleet server.

  • Added support for filtering the hosts page for hosts with any of the 3 batch script execution statuses.
  • Extended POST /api/v1/fleet/hosts/:id/wipe endpoint to allow users to specify the type of remote wipe for windows hosts.
  • Improved releasing a macOS device during ADE enrollment, by increasing the frequency of checks for readiness.
  • Added an audit log activity item for automatic install policy creation.

Other improvements and bug fixes

  • Updated the Open Policy Agent (OPA) dependency to v1.4.2.

NOTE: This upgrade drops support for YAML 1.1 in configuration files. If you use the -c option to specify a configuration file when starting the Fleet server, you will need to update any yes or on values in the file to true, and any no or off values to false.

  • Improved error and loading state for self-service page.
  • Implemented searching the teams dropdown.
  • Removed sort column buttons for host software columns that do not support sorting.
  • Updated migrations to use the utf8mb4_unicode_ci collation across all tables and added a test to validate that new migrations use this collation.
  • Added new optional parameter --outfile to fleetctl package to override the filename being generated.
  • Updated software detection so that a new installer uploaded over an FMA app does not report as an FMA app.
  • Improved error when trying to apply builtin labels.
  • Updated copy and remove platform callout in manage automations modal.
  • Update UI references to "Frequency" to now say "Interval".
  • Prevented editing the UI MDM > End user migration section when GitOps mode is enabled, since this is GitOps-configurable.
  • Made the gap between characters in password fields consistent.
  • Updated to consistent 14px font size across all input and dropdown fields.
  • Removed username requirements for certain MDM CIS policies.
  • Added macOS redis cluster support.
  • Changed to using DeleteObject S3 api for GCP interoperability.
  • Updated to use the Source Code Pro font in the Disk encryption key modal for clear differentiation betweenvthe letter oh and the number zero.
  • Updated go to 1.24.4
  • Fixed result count shown when running a policy.
  • Fixed bug with the 'Observers can run this query' tooltip due to missing styling rules.
  • Fixed possible user invite race condition.
  • Fixed issue where NDES SCEP admin page was parsed using wrong UTF16 endianness.
  • Fixed manual labels in gitops not selecting hosts by hardware serial or uuid.
  • Fixed a database bug where the host_uuid column was too small in some secondary tables related to ADE-enrollment and IdP accounts.
  • Fixed missing CORS header check for JSON requests.
  • Fixed bug when listing software titles for 'All teams' which caused duplicated entries.
  • Fixed a bug that caused custom OS settings targeted using "include any" label rules to never verify on hosts that only included a subset of the targeted labels
  • Fixed the Docker Fleet-maintained app install script to prevent a successful install from showing
    up as a failure due to directory existence checks (live as of 2025-06-13 FMA update).
  • Fixed issue causing a 500 error when clicking "Manage Automations" from the Queries page when osquery logging has certain configurations.
  • Fixed issue where you could not delete a bootstrap package.
  • Fixed policy autofill using incorrect media-type for query.
  • Fleet Free: Removed the installer dropdown (Premium-only) from the Software page and Host details > Software tab as installer filtering isn’t applicable on the Free tier.
  • Fixed issue where users were not able to reenable end user migration in the UI.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.44.0
  2. fleet-desktop-v1.44.0 (included with Orbit)
  3. fleetd-chrome-v1.3.2

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

34fa0b6f194719506ad456eb75947db7a28b8739b2f91913ca89f00e097829b0  fleet_v4.70.0_linux.tar.gz
12e1a5b1395769510c8be26cf158b72ab9de237ffb883d33f904fe0babafaaeb  fleetctl_v4.70.0_linux_amd64.tar.gz
6fc802ac1157f98d9f6b3af9c30463d8008623fc592ab72bba3034af88e68f5c  fleetctl_v4.70.0_linux_amd64.zip
2210073fee432258fbb47cc3600f3e663c049d51a8b25029d0a6c4d74d15fe01  fleetctl_v4.70.0_linux_arm64.tar.gz
5fa8956d70154a10ba16ebd81b0c3038586c4bf4037a4e01e61489952d94f10d  fleetctl_v4.70.0_linux_arm64.zip
5366920f777dc81ead004203111c4aaf6fd24c8f835684249afa0b0dfded0187  fleetctl_v4.70.0_macos.tar.gz
815131a44741ad82cc13d330eb3eb9665d104a442e90ef981371660c5e6a817f  fleetctl_v4.70.0_macos.zip
88e7f265819cbb46aa8a74112dfe328edb0d28d7a2146f85e010820fe37975a1  fleetctl_v4.70.0_windows_amd64.tar.gz
74382f020dc9422697e48d87f6ebeeed00022f6647e0a6d392d4204467fc8da4  fleetctl_v4.70.0_windows_amd64.zip
b75ff6a3f3b756cad1c020b55c38a7c80872d73a7c105b59eb43474b897bb48e  fleetctl_v4.70.0_windows_arm64.tar.gz
47904adf9579fef51e945c305904dc2d640452caf150d5b236384a78f238bf10  fleetctl_v4.70.0_windows_arm64.zip
Loading

fleet-v4.69.0

14 Jun 19:30
@github-actions github-actions
fleet-v4.69.0
cb7c446
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.69.0

Fleet 4.69.0 (June 14, 2025)

Security Engineers

  • Added vulnerability detection via OVAL for Ubuntu 24.10 and 25.04.
  • Added ability to sync end user's IdP information with Microsoft Entra ID using SCIM protocol.
  • Added ability to sync end user's IdP information with Authentik using SCIM protocol.
  • Updated Windows 11 Enterprise CIS policies to version 4.0.
  • Added new Detail Query 'luks_verify' used to verify if the stored LUKS key is valid.
  • Added additional checks to vulnerability feed validation to prevent deploying an un-enriched NVD feed.
  • Added SHA256 hash of Mac applications to signature information in host software response.
  • Added FLEET_AUTH_SSO_SESSION_VALIDITY_PERIOD environment variable for overriding how long end users have to complete SSO.
  • Added ability to execute scripts on up to 5,000 hosts at a time using filters.
  • Added ability to run a script on all hosts that match the current set of supported filters.
  • Added a new API GET /scripts/batch/summary/:batch_execution_id endpoint for retrieving a summary of the current state of a batch script execution.
  • Added the endpoint POST /api/v1/fleet/configuration_profiles/resend/batch to resend a profile to all hosts that satisfy the filter.
  • Added a starter library that is automatically applied to all new Fleet instances during setup.

IT Admins

  • Added ability to execute scripts on up to 5,000 hosts at a time using filters.
  • Added ability to run a script on all hosts that match the current set of supported filters.
  • Added a new API GET /scripts/batch/summary/:batch_execution_id endpoint for retrieving a summary of the current state of a batch script execution.
  • Added the endpoint POST /api/v1/fleet/configuration_profiles/resend/batch to resend a profile to all hosts that satisfy the filter.
  • Added ability to uninstall software via Self-service tab of My device.
  • Added a starter library that is automatically applied to all new Fleet instances during setup.
  • Added FLEET_MDM_SSO_RATE_LIMIT_PER_MINUTE environment variable to allow increasing MDM SSO endpoint rate limit from 10 per minute. When supplied, this parameter also splits MDM SSO into its own rate limit bucket (default is shared with login endpoints).
  • Added ability to sync end user's IdP information with Microsoft Entra ID using SCIM protocol.
  • Added ability to sync end user's IdP information with Authentik using SCIM protocol.
  • Updated Apple MDM enrollment to skip webview popup when end user authentication is disabled.
  • Added SHA256 hash of Mac applications to signature information in host software response.
  • Added UI to filter hosts by config profile status.
  • Added UI for seeing custom profile status and to batch resend to hosts its failed on.
  • Added filtering for hosts endpoints by MFM config profile and status.
  • Added immediate cancellation of profile delivery when a profile is deleted; if it had already been installed then its removal will be pending.
  • Added ability to turn off MDM for iPhone and iPad hosts on the hosts details page.
  • Added ability for gitops mode to add a custom package on the software page to then copy/paste the YAML needed for packages that cannot be referenced with a URL.

Other improvements and bug fixes

  • Fixed issue where SSO settings, SMTP settings, Features and MDM end-user authentication settings would not be cleared if they were omitted from YAML files used in a GitOps run.

GITOPS USERS: If you have these settings configured via the Fleet web application and you use GitOps to manage your configuration, be sure settings are present in your global YAML settings file before your next GitOps run.

  • Added Neon to the list of platforms that are detected as Linux distributions.
  • Updated scripts so that editing will now cancel queued executions.
  • Warn users of consequences when updating script contents.
  • Improved effectiveness of app-wide text-truncation-into-tooltip functionality.
  • Prevented misleading UI when a saved script's contents have changed by only showing a run script activity's script contents if the script run was ad-hoc.
  • Stopped policy automations from running on macOS hosts until after setup experience finishes so that Fleet doesn't attempt to install software twice.
  • Added tooltip informing users a test email will be sent when SMTP settings are changed.
  • Added copyable SHA256 hash to the software details page.
  • Added device user API error state to replace generic Fleet UI error state in Fleet desktop.
  • Revised PKG custom package parsing to pick the correct app name and bundle ID in more instances.
  • Ensured consistent failing policies and total issues counts on the host details page by re-calculating these counts every time the API receives a request for that host.
  • Allowed Fleet secret environment variables for the MacOS setup script.
  • Validated uploaded bootstrap package to ensure that it is a Distribution package since that is required by Apple's InstallEnterpriseApplication MDM command.
  • Modified the Windows MDM detection query to more accurately detect existing MDM enrollment details on hosts with multiple enrollments.
  • Created consistent UI for the copy button of an input field.
  • Updated the notes for the disk_info table to clarify usage in ChromeOS.
  • Fixed an issue where the cursor on the SQL editor would sometimes become misaliged.
  • Fixed slight style issues with the user menu.
  • Fixed an issue where adding/updating a manual label had inconsistent results when multiple hosts shared a serial number.
  • Fixed reading disk encryption key not showing up in host activities.
  • Fixed a bug where a host that was wiped and re-enrolled without deleting the corresponding host row in Fleet had its old Google Chrome profiles (and other osquery-based data) showing for about an hour.
  • Fixed an issue in the database migrations released in 4.68.0 where Apple devices with UDID values longer than 36 characters would cause a failure in the migration process; the host_uuid column for tables added by that migration has been increased to accommodate these longer UDID values.
  • Fixed issue with GitOps command that prevented non-managed labels to be deleted if used by software installations.
  • Fixed several corner cases with Apple DDM profile verification, including a migration to clear out "remove" operations with invalid status.
  • Fixed a bug that caused a 500 error when searching for non-existent Fleet-maintained apps.
  • Fixed a bug where global observers could access the "delete query" UX on the queries table.
  • Fixed parsing of some MSI installer names.
  • Fixed a bug where deleting an upcoming activity did not ensure the upcoming activities queue made progress in some cases.
  • Fixed a CIS query (Ensure Show Full Website Address in Safari Is Enabled).

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.43.0
  2. fleet-desktop-v1.43.0 (included with Orbit)
  3. fleetd-chrome-v1.3.2

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

c2c36d24e68074ea850ea215c52bcd1a0d4b47018b9df331c21965dd38e98624  fleet_v4.69.0_linux.tar.gz
ff54222ce7002721eebfd8de97e508bcc5718035a993551c0a0ad8da79dfadb7  fleetctl_v4.69.0_linux_amd64.tar.gz
d9865fdd0492b17d5b569eeba189a020301d339c3a6cf28a319f7c66901b864f  fleetctl_v4.69.0_linux_amd64.zip
cb4b6698f848734ba900f10c54cb4a128b05b0fc2a2e8ba01e2d44a4d54ee61d  fleetctl_v4.69.0_linux_arm64.tar.gz
ce9cd4e77a2dc2f1ea0250befb7fbf530cfe66b40d693695b63032bc5b6fda42  fleetctl_v4.69.0_linux_arm64.zip
c8017c6ae1b46f6cda05d304913152e589a1aef39195b8c7e12d52a12fd528d0  fleetctl_v4.69.0_macos.tar.gz
9d3cd4d4b0a1233b171ab2a930a7c36ce5d05c4b510cc2874b86921b8dc69bea  fleetctl_v4.69.0_macos.zip
da41fead78ea0bb9116b6f2d60f526b039747abbb8e8565ae17fd495bdaabfe9  fleetctl_v4.69.0_windows_amd64.tar.gz
f2e56aa5eb4ade9c2bc7d2af7e96eaf98b1bed214b13ec0eeca0529b70263279  fleetctl_v4.69.0_windows_amd64.zip
9d93911515c61f37f54465f96ecc6558124bcffbd167dded25101e2c0d759a9a  fleetctl_v4.69.0_windows_arm64.tar.gz
3cef4f8ce5fd5e5f59fb46d8f7dca2e7e56bb58977b63829ff3ecab26a3162dc  fleetctl_v4.69.0_windows_arm64.zip
Loading

fleet-v4.68.1

04 Jun 16:37
@github-actions github-actions
fleet-v4.68.1
e50dce0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.68.1

Bug fixes

Added FLEET_MDM_SSO_RATE_LIMIT_PER_MINUTE environment variable to allow increasing MDM SSO endpoint rate limit from 10 per minute. When supplied, this parameter also splits MDM SSO into its own rate limit bucket (default is shared with login endpoints).

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

f373799b302c98dda01b0a0ee2327970e8e3726a14e409ce555c01c719a8c4fb  fleet_v4.68.1_linux.tar.gz
dc78c3d0d45e39fe399d23bcd00982cff86f63548452dfd719b9a48b172f19aa  fleetctl_v4.68.1_linux_amd64.tar.gz
d028866fea2ac5c56a235748d15057337ae935859704d5344c6c7094248b0fa3  fleetctl_v4.68.1_linux_amd64.zip
7c2b48de8bfd43da6af90bf4fccc7f75bf4b2f1f2c536acbec725337f9a9c0d2  fleetctl_v4.68.1_linux_arm64.tar.gz
e46cc51741a082a8dc50aa120edb9f1d96c87fea052f3321f8dfb5752f89a3e9  fleetctl_v4.68.1_linux_arm64.zip
a214d8b168dbde1e6e4716ece1fce1c7a14d74b214461af75e9ee18690be25f8  fleetctl_v4.68.1_macos.tar.gz
f6cd2c83a514ff4232e4e701c80eb816005c32cd8f2d5cbcf1e8acd9c3d8265c  fleetctl_v4.68.1_macos.zip
efc9c7aa015917c85230ec4ed0a719d3da92e9057fc754a1334fa0305ccfef95  fleetctl_v4.68.1_windows_amd64.tar.gz
075c7a55041b3ccbbafd39496f2a2155c08edbac11a9a1c19fa81a481e0267b3  fleetctl_v4.68.1_windows_amd64.zip
01f8e857a6c278a5dba8cd36ec1d0ea8329e501962d58cd2460eea59df63fa5a  fleetctl_v4.68.1_windows_arm64.tar.gz
6f398b15938fd5abca8b057044bdd635bf857fdd43ee675e2638d49ebcae59d5  fleetctl_v4.68.1_windows_arm64.zip
Loading

fleet-v4.68.0

22 May 18:02
@github-actions github-actions
fleet-v4.68.0
d8999ee
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.68.0

Fleet 4.68.0 (May 22, 2025)

Security Engineers

  • Built Fleet integration with Microsoft Entra to conditionally prevent single sign-on for hosts failing policies.
  • Added ability to set conditional access per policy, and update host policy UI to incorporate conditional access data.
  • Added CVE ID as matching criteria for host software queries, in addition to software name. Also rebuild host software querying for better maintainability.
  • Updated Fleet-managed DigiCert, NDES, and SCEP certificates to be renewed 30 days before expiry for those valid longer than 30 days or when half the validity period remains for certificates valid 30 days or less. Applies to certificates requested using this release or later.
  • Added webhook as a logging configuration option.
  • Added webhook query automation logging.
  • Added shell and Powershell syntax highlighting when editing scripts.
  • Added ability to run a script on a batch of hosts with a single user flow.
  • Added download validation and existing-installer matching in GitOps via a new hash_sha256 field in software YAML.
  • Added hash_sha256 field to the response for the GET /software/titles API.
  • Added fleetctl generate-gitops command to generate gitops YAML files based on current Fleet configuration.
  • Enabled saving Integrations > Advanced in GitOps mode.

IT Admins

  • Added ability to run a script on a batch of hosts with a single user flow.
  • Added the ability to upload and install tarball archives (.tar.gz).
  • Added support for Fleet-maintained apps in GitOps.
  • Added ability to add FMA via fleetctl YAML files.
  • Added shell and Powershell syntax highlighting when editing scripts.
  • Added query ID to query automation logs.
  • Added UI for the manual agent install of a bootstrap package.
  • Added categorization for self-service software, including filtering on the "My device" page.
  • Added number of policies triggering automatic install of software in software table.
  • Added webhook as a logging configuration option.
  • Added webhook query automation logging.
  • Added download validation and existing-installer matching in GitOps via a new hash_sha256 field in software YAML.
  • Added hash_sha256 field to the response for the GET /software/titles API.
  • Added support for FLEET_VAR_HOST_END_USER_IDP_USERNAME, FLEET_VAR_HOST_END_USER_IDP_USERNAME_LOCAL_PART and FLEET_VAR_HOST_END_USER_IDP_GROUPS fleet variables in macOS MDM configuration profiles.
  • Added last_mdm_enrolled_at and last_mdm_checked_in_at to host detail endpoints to return the last time a host enrolled, or re-enrolled in MDM and the last time a host checked in via MDM, respectively.
  • Added fleetctl generate-gitops command to generate gitops YAML files based on current Fleet configuration.
  • Updated Fleet-managed DigiCert, NDES, and SCEP certificates to be renewed 30 days before expiry for those valid longer than 30 days or when half the validity period remains for certificates valid 30 days or less. Applies to certificates requested using this release or later.
  • Updated host certificates with serial numbers below 2^63 will now display the decimal represntation of the serial number in addition to hex so that it is easier to match them up to what is displayed in the macOS keychain.
  • Updated Install Status to correctly display available for self-service VPP apps.
  • Logged invalid Windows MDM SOAP message and return 400 instead of 5XX. This change helps debug Windows MDM issues.
  • Added macos_setup.manual_agent_install option in Mac setup experience to bypass fleetd install. Instead, fleetd should be installed via customer-customized bootstrap package.
  • Allowed uploading VPP apps when GitOps mode is enabled.
  • Allowed viewing the status details for an (un)install via the "My device" page.
  • Updated Apple MDM enrollment flow to improve device-to-user mapping.
  • Updated verification of Windows Wireless profiles to avoid resending already-applied profiles.
  • Enabled saving Integrations > Advanced in GitOps mode.

Other improvements and bug fixes

  • Added hover cursors to checkbox and radio form elements.
  • Added keyboard accessibility controls to activities on dashboard and host details pages.
  • Added an additional statistic item to count ABM pending hosts.
  • Added truncation and a conditional tooltip for long host names on the host details page.
  • Updated the parser used when editing SQL in the UI to handle modern expressions like window functions.
  • Updated "My device" page layout.
  • Updated Google Calendar event bodies and relevant previews in the Fleet UI.
  • Updated UI for Settings > Organization settings > Organization info.
  • Updated LUKS escrow instrucitons.
  • Updated error message and related documentation for Windows MDM configuration.
  • Updated UI to show the premium feature message when viewing the GitOps mode toggle page on Fleet free.
  • Cleaned up various empty and configured states on the settings pages.
  • Improved performance on database migration from 4.66 and earlier for instances with large macOS host counts.
  • Removed Apple MDM profile validation checks for com.apple.MCX keys (dontAllowFDEDisable and dontAllowFDEEnable) due to customer feedback.
  • Removed Fleet config no team settings when the no-team.yml file is removed via GitOps.
  • Updated Go to 1.24.2.
  • Fixed an issue where the upcoming host activities showed the incorrect created at date in the tooltip.
  • Fixed bug where Fleet failed to restore some "pending" hosts (i.e. hosts that remained assigned to Fleet in Apple Business Manager) when multiple hosts are deleted from Fleet.
  • Fixed an issue with how names for macOS software titles were calculated and prevents duplicate entries being created if the software is renamed by end users.
  • Fixed issue when Apple device was removed/re-added to ABM, it was not getting an enrollment profile.
  • Fixed issue where fleetctl gitops --dry-run would sometimes fail when creating and using labels in the same run.
  • Fixed a small bug with the way live policy result percentages were being rounded.
  • Fixed an issue where selections made on the Queries page were cleared a few seconds after page load.
  • Fixed an issue with the gitops command caused when trying to interpolate variables inside the 'description'/'remediation' sections.
  • Fixed fleetctl gitops issue where creating a new team containing VPP apps caused an error.
  • Fixed issue where GitOps may fail to apply new queries due to deadlocks.
  • Fixed spurious install/uninstall script errors on EXE software edits when install and uninstall scripts were specified.
  • Fixed issue where the host expiry window caused MDM devices assigned to Fleet in Apple Business Manager (ABM) to be repeatedly deleted and re-added to Fleet, which in some cases also caused the device to revert to the default team.
  • Fixed missing To: email header.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.42.0
  2. fleet-desktop-v1.42.0 (included with Orbit)
  3. fleetd-chrome-v1.3.2

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4d9e2bdfef1dd602e758e514ddbb235b1c325f5f4699b6a80e1272fdb3c932a4  fleet_v4.68.0_linux.tar.gz
b656ed745d87972034b0324b35b096c372a33143e6883dbf6d893e9e65ff47bb  fleetctl_v4.68.0_linux_amd64.tar.gz
c3647a1baa91dac84ac1756d0dd2727277c0e37e1a4060a29693b0d61a26b943  fleetctl_v4.68.0_linux_amd64.zip
943fed94ce9851f5c5edb27c2e277b250bece751520b31232d24428aada55173  fleetctl_v4.68.0_linux_arm64.tar.gz
6e1adca9a2eb46b76ace23a4ff95c6a290f12528e1d0771ec84d50d4280634d6  fleetctl_v4.68.0_linux_arm64.zip
dd4eeb7b0a5c4f004d5fdd544cddd35e33f9aba9394647982c78340f3b6d6ed8  fleetctl_v4.68.0_macos.tar.gz
66c392390d4280e81ef287045c58654a8f37f5663165d2655ae835ec464d10f4  fleetctl_v4.68.0_macos.zip
755075bda573755d2a17c8d96092819d87f89867ffa542cc68227691bea256d9  fleetctl_v4.68.0_windows_amd64.tar.gz
7e0cdd787631a6221367bca2d73f7874a8a57d235a28d0a3521d6f6f33a5e830  fleetctl_v4.68.0_windows_amd64.zip
c732a32ca2a20abaf6ea4816f7e19b05d233c36266c6e8afdc5a80a747056fe3  fleetctl_v4.68.0_windows_arm64.tar.gz
cb06d934e0b527a05d42c4fef43802a539856287fdda106f67f8e232869efc9a  fleetctl_v4.68.0_windows_arm64.zip
Loading

fleet-v4.67.3

06 May 21:48
@github-actions github-actions
fleet-v4.67.3
dea96bf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.67.3

Fleet 4.67.3 (May 6, 2025)

  • Removed error caused by macOS electron helper apps during ingestion.
  • Added a temporary index during macOS software names migration to speed up host software installed paths cleanup introduced in 4.67.2. This change only affects upgrades from pre-4.67.0 versions.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.40.1
  2. fleet-desktop-v1.41.0 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

95de98e12e987ca9c20bc6ee5526282d86f16a83ca3f7b8d0a3cf795f3e01efc  fleet_v4.67.3_linux.tar.gz
5ff4b8be1f1ccef6adbf8ae8da532b3ab0f53fb7e7eba24c489b1bfe7a54d875  fleetctl_v4.67.3_linux_amd64.tar.gz
711b75865d15cab8766bc5098cd3b039c5b9109c60b8fb8ebed4a3550d6ed48f  fleetctl_v4.67.3_linux_amd64.zip
0885618970221aa9ed2a09661e7285e4512d285c20fab11710ceb61caf995faf  fleetctl_v4.67.3_linux_arm64.tar.gz
8e67b8461c9bb4d8d13532f361cbfb376c228ab148020cc15fbbd3be5be2213f  fleetctl_v4.67.3_linux_arm64.zip
0225fb336550f654503444e2d6b106399d696d3823f7fed0cef56dbbabf501c9  fleetctl_v4.67.3_macos.tar.gz
792691baa5d6c9612618a60867e1d94a7e347115930596736ef99ecd1da470fe  fleetctl_v4.67.3_macos.zip
1f99a92b6f37d42e358d8e86644a9a784369918760bdc1a83dbe3013099e9fa2  fleetctl_v4.67.3_windows_amd64.tar.gz
efb1ad2d3b291822aa14362349f11629d1249efd2b7d18b743db17848a9393dc  fleetctl_v4.67.3_windows_amd64.zip
1c1d8798038f1d53f2e63dcb10ab9e34813e5e1fb20b21bf6e9c85d316a0728e  fleetctl_v4.67.3_windows_arm64.tar.gz
2b9205a8a2cc8978558a0d81ff667e8089d57256c71a3e80cc9dee7d6411f950  fleetctl_v4.67.3_windows_arm64.zip
Loading

fleet-v4.67.2

27 Apr 18:13
@github-actions github-actions
fleet-v4.67.2
8a05e40
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.67.2

Fleet 4.67.2 (Apr 27, 2025)

  • Fixed software deduplication when migrating from < 4.67.0 for cases where exactly two software entries would be merged into one, and for cases where the same bundle ID has more than one version, each with more than one that needs to be converted into a single software entry.
  • Included host software installed paths migration in the above database migration, instead of waiting for software ingestion to repopulate/clean up affected rows.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.40.1
  2. fleet-desktop-v1.41.0 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

bb56902a05a39e7b522430731910fe3582e4925f72bf05d52b4af21795888b3c  fleet_v4.67.2_linux.tar.gz
e8098e694f79e6a0e38e1a41a4b7d879d067b5d681a714450934acc43ff8b8ed  fleetctl_v4.67.2_linux_amd64.tar.gz
3d0c7f3addfb62f69091b4ecb4166e0881b9c789eee41714ad2885ad0df3c630  fleetctl_v4.67.2_linux_amd64.zip
ce184f4c3f1c4caea4f4e8ded10041d429cf879ac8ea56b4959aa0bd185dedc9  fleetctl_v4.67.2_linux_arm64.tar.gz
fc0bf53ec2ed9af763f955e284fc1970e7a20b28caa425bbf07cffbfc29f7aa0  fleetctl_v4.67.2_linux_arm64.zip
5b74929dc2918ce31ff2e6c495b8a6d4916865a2498d5ef25d39601f60e15af4  fleetctl_v4.67.2_macos.tar.gz
1b86ea1072255886100d8be1ec672b5c1ffd3eee29a6fae842898e1c94722c8d  fleetctl_v4.67.2_macos.zip
1252f0206697c4e092bb870fb17e702cb4a4e0b511620ccac668bc406406683d  fleetctl_v4.67.2_windows_amd64.tar.gz
09eea17fe6e0cdf85b607214568af0020b88b23b4ecdf83e99c5b9e8f7021554  fleetctl_v4.67.2_windows_amd64.zip
9c7ac21cc9ce6a64831f86ef0eb9d77f936114e3ab98ebce47b6b594a9702152  fleetctl_v4.67.2_windows_arm64.tar.gz
1df7945943ef392ab26e95a70ab3d7a6d7456c56e4978478a9610afcbaf43669  fleetctl_v4.67.2_windows_arm64.zip
Loading

fleet-v4.67.1

26 Apr 15:19
@github-actions github-actions
fleet-v4.67.1
1848590
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fleet-v4.67.1

Fleet 4.67.1 (Apr 26, 2025)

  • Removed updates of existing macOS software names on software ingestion to remediate a significant database performance regression introduced in 4.67.0.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.40.1
  2. fleet-desktop-v1.41.0 (included with Orbit)
  3. fleetd-chrome-v1.3.1

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4425dc7b32e99ba379beee8f86c3226590604f38f43e987761ac08db9cb6a4c6  fleet_v4.67.1_linux.tar.gz
31ea8391945a6f4ff33654ae5729e851f9fab805c6f9fc317c5422ee71199208  fleetctl_v4.67.1_linux_amd64.tar.gz
dffcfdece13c7550f7b504de1f7b179e151039fd8431d7f6c6ee1c80cd1922ca  fleetctl_v4.67.1_linux_amd64.zip
b1c88f27fa84e57d76a950746ef88ea84b9562e5c712140bdd0d4c37b0642db3  fleetctl_v4.67.1_linux_arm64.tar.gz
3571b1657b5e713f04f3a00a5fe50e2a20aa7b67a860c84c152363c84ba45c55  fleetctl_v4.67.1_linux_arm64.zip
0530ee1f9fa6e0b413ee93c81651afb6a0331e1f52d5049a90a3ee9b369ae23a  fleetctl_v4.67.1_macos.tar.gz
6c28ada6395c23c2bfb8d23c8b271d705be0aec985f68e74914fa38ab6cf91a2  fleetctl_v4.67.1_macos.zip
8b55e2766222906f4585649e00639202b7acd2c452ffc13c3491d389545843a8  fleetctl_v4.67.1_windows_amd64.tar.gz
781f41c6371422b774d176ebcfb83a6ab12a98fa44848f97e47c41254eda8d31  fleetctl_v4.67.1_windows_amd64.zip
bbd1da11f1a8baeb02b88ee9d8299cc29fbff2330b4f80c0bf6eb6c8f7d14102  fleetctl_v4.67.1_windows_arm64.tar.gz
a9f31ad56404d1cb2b9dd0f187f12f308e88c2159d7138b23a52e0ede899b64f  fleetctl_v4.67.1_windows_arm64.zip
Loading