Skip to content

fleet-v4.68.0
Compare
Choose a tag to compare
@github-actions github-actions released this 22 May 18:02
· 1276 commits to main since this release
fleet-v4.68.0
d8999ee
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Fleet 4.68.0 (May 22, 2025)

Security Engineers

  • Built Fleet integration with Microsoft Entra to conditionally prevent single sign-on for hosts failing policies.
  • Added ability to set conditional access per policy, and update host policy UI to incorporate conditional access data.
  • Added CVE ID as matching criteria for host software queries, in addition to software name. Also rebuild host software querying for better maintainability.
  • Updated Fleet-managed DigiCert, NDES, and SCEP certificates to be renewed 30 days before expiry for those valid longer than 30 days or when half the validity period remains for certificates valid 30 days or less. Applies to certificates requested using this release or later.
  • Added webhook as a logging configuration option.
  • Added webhook query automation logging.
  • Added shell and Powershell syntax highlighting when editing scripts.
  • Added ability to run a script on a batch of hosts with a single user flow.
  • Added download validation and existing-installer matching in GitOps via a new hash_sha256 field in software YAML.
  • Added hash_sha256 field to the response for the GET /software/titles API.
  • Added fleetctl generate-gitops command to generate gitops YAML files based on current Fleet configuration.
  • Enabled saving Integrations > Advanced in GitOps mode.

IT Admins

  • Added ability to run a script on a batch of hosts with a single user flow.
  • Added the ability to upload and install tarball archives (.tar.gz).
  • Added support for Fleet-maintained apps in GitOps.
  • Added ability to add FMA via fleetctl YAML files.
  • Added shell and Powershell syntax highlighting when editing scripts.
  • Added query ID to query automation logs.
  • Added UI for the manual agent install of a bootstrap package.
  • Added categorization for self-service software, including filtering on the "My device" page.
  • Added number of policies triggering automatic install of software in software table.
  • Added webhook as a logging configuration option.
  • Added webhook query automation logging.
  • Added download validation and existing-installer matching in GitOps via a new hash_sha256 field in software YAML.
  • Added hash_sha256 field to the response for the GET /software/titles API.
  • Added support for FLEET_VAR_HOST_END_USER_IDP_USERNAME, FLEET_VAR_HOST_END_USER_IDP_USERNAME_LOCAL_PART and FLEET_VAR_HOST_END_USER_IDP_GROUPS fleet variables in macOS MDM configuration profiles.
  • Added last_mdm_enrolled_at and last_mdm_checked_in_at to host detail endpoints to return the last time a host enrolled, or re-enrolled in MDM and the last time a host checked in via MDM, respectively.
  • Added fleetctl generate-gitops command to generate gitops YAML files based on current Fleet configuration.
  • Updated Fleet-managed DigiCert, NDES, and SCEP certificates to be renewed 30 days before expiry for those valid longer than 30 days or when half the validity period remains for certificates valid 30 days or less. Applies to certificates requested using this release or later.
  • Updated host certificates with serial numbers below 2^63 will now display the decimal represntation of the serial number in addition to hex so that it is easier to match them up to what is displayed in the macOS keychain.
  • Updated Install Status to correctly display available for self-service VPP apps.
  • Logged invalid Windows MDM SOAP message and return 400 instead of 5XX. This change helps debug Windows MDM issues.
  • Added macos_setup.manual_agent_install option in Mac setup experience to bypass fleetd install. Instead, fleetd should be installed via customer-customized bootstrap package.
  • Allowed uploading VPP apps when GitOps mode is enabled.
  • Allowed viewing the status details for an (un)install via the "My device" page.
  • Updated Apple MDM enrollment flow to improve device-to-user mapping.
  • Updated verification of Windows Wireless profiles to avoid resending already-applied profiles.
  • Enabled saving Integrations > Advanced in GitOps mode.

Other improvements and bug fixes

  • Added hover cursors to checkbox and radio form elements.
  • Added keyboard accessibility controls to activities on dashboard and host details pages.
  • Added an additional statistic item to count ABM pending hosts.
  • Added truncation and a conditional tooltip for long host names on the host details page.
  • Updated the parser used when editing SQL in the UI to handle modern expressions like window functions.
  • Updated "My device" page layout.
  • Updated Google Calendar event bodies and relevant previews in the Fleet UI.
  • Updated UI for Settings > Organization settings > Organization info.
  • Updated LUKS escrow instrucitons.
  • Updated error message and related documentation for Windows MDM configuration.
  • Updated UI to show the premium feature message when viewing the GitOps mode toggle page on Fleet free.
  • Cleaned up various empty and configured states on the settings pages.
  • Improved performance on database migration from 4.66 and earlier for instances with large macOS host counts.
  • Removed Apple MDM profile validation checks for com.apple.MCX keys (dontAllowFDEDisable and dontAllowFDEEnable) due to customer feedback.
  • Removed Fleet config no team settings when the no-team.yml file is removed via GitOps.
  • Updated Go to 1.24.2.
  • Fixed an issue where the upcoming host activities showed the incorrect created at date in the tooltip.
  • Fixed bug where Fleet failed to restore some "pending" hosts (i.e. hosts that remained assigned to Fleet in Apple Business Manager) when multiple hosts are deleted from Fleet.
  • Fixed an issue with how names for macOS software titles were calculated and prevents duplicate entries being created if the software is renamed by end users.
  • Fixed issue when Apple device was removed/re-added to ABM, it was not getting an enrollment profile.
  • Fixed issue where fleetctl gitops --dry-run would sometimes fail when creating and using labels in the same run.
  • Fixed a small bug with the way live policy result percentages were being rounded.
  • Fixed an issue where selections made on the Queries page were cleared a few seconds after page load.
  • Fixed an issue with the gitops command caused when trying to interpolate variables inside the 'description'/'remediation' sections.
  • Fixed fleetctl gitops issue where creating a new team containing VPP apps caused an error.
  • Fixed issue where GitOps may fail to apply new queries due to deadlocks.
  • Fixed spurious install/uninstall script errors on EXE software edits when install and uninstall scripts were specified.
  • Fixed issue where the host expiry window caused MDM devices assigned to Fleet in Apple Business Manager (ABM) to be repeatedly deleted and re-added to Fleet, which in some cases also caused the device to revert to the default team.
  • Fixed missing To: email header.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.42.0
  2. fleet-desktop-v1.42.0 (included with Orbit)
  3. fleetd-chrome-v1.3.2

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

4d9e2bdfef1dd602e758e514ddbb235b1c325f5f4699b6a80e1272fdb3c932a4  fleet_v4.68.0_linux.tar.gz
b656ed745d87972034b0324b35b096c372a33143e6883dbf6d893e9e65ff47bb  fleetctl_v4.68.0_linux_amd64.tar.gz
c3647a1baa91dac84ac1756d0dd2727277c0e37e1a4060a29693b0d61a26b943  fleetctl_v4.68.0_linux_amd64.zip
943fed94ce9851f5c5edb27c2e277b250bece751520b31232d24428aada55173  fleetctl_v4.68.0_linux_arm64.tar.gz
6e1adca9a2eb46b76ace23a4ff95c6a290f12528e1d0771ec84d50d4280634d6  fleetctl_v4.68.0_linux_arm64.zip
dd4eeb7b0a5c4f004d5fdd544cddd35e33f9aba9394647982c78340f3b6d6ed8  fleetctl_v4.68.0_macos.tar.gz
66c392390d4280e81ef287045c58654a8f37f5663165d2655ae835ec464d10f4  fleetctl_v4.68.0_macos.zip
755075bda573755d2a17c8d96092819d87f89867ffa542cc68227691bea256d9  fleetctl_v4.68.0_windows_amd64.tar.gz
7e0cdd787631a6221367bca2d73f7874a8a57d235a28d0a3521d6f6f33a5e830  fleetctl_v4.68.0_windows_amd64.zip
c732a32ca2a20abaf6ea4816f7e19b05d233c36266c6e8afdc5a80a747056fe3  fleetctl_v4.68.0_windows_arm64.tar.gz
cb06d934e0b527a05d42c4fef43802a539856287fdda106f67f8e232869efc9a  fleetctl_v4.68.0_windows_arm64.zip
Assets 14
Loading