Skip to content

fleet-v4.70.0
Compare
Choose a tag to compare
@github-actions github-actions released this 30 Jun 20:41
· 765 commits to main since this release
fleet-v4.70.0
cdc543e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Fleet 4.70.0 (June 30, 2025)

Security Engineers

  • Added support for Microsoft Entra ID conditional access.
  • Updated vulnerabilities feed to fall back to non-primary CVSSv2/v3 sources when primary (NVD) data is not available, instead of omitting scores entirely.
  • Updated custom SCEP proxy implementation to include one-time challenges.
  • Added the source and username fields for host certificates, reporting 'system' or 'user' based on which keychain it was from (for macOS, it will be 'user' if coming from the "login" keychain), and the corresponding username if the source is 'user'.
  • Updated certificates card on the host details and my device page to show a new keychain column.

IT Admins

  • Added support for Microsoft Entra ID conditional access.
  • Enabled Android MDM support. The functionality is limited to turning on Android MDM and enrolling a BYOD device.

NOTE: If your server was already using Android via the experimental DEV_ANDROID_ENABLED=1 flag, please turn off Android MDM before updating your Fleet server.

  • Added support for filtering the hosts page for hosts with any of the 3 batch script execution statuses.
  • Extended POST /api/v1/fleet/hosts/:id/wipe endpoint to allow users to specify the type of remote wipe for windows hosts.
  • Improved releasing a macOS device during ADE enrollment, by increasing the frequency of checks for readiness.
  • Added an audit log activity item for automatic install policy creation.

Other improvements and bug fixes

  • Updated the Open Policy Agent (OPA) dependency to v1.4.2.

NOTE: This upgrade drops support for YAML 1.1 in configuration files. If you use the -c option to specify a configuration file when starting the Fleet server, you will need to update any yes or on values in the file to true, and any no or off values to false.

  • Improved error and loading state for self-service page.
  • Implemented searching the teams dropdown.
  • Removed sort column buttons for host software columns that do not support sorting.
  • Updated migrations to use the utf8mb4_unicode_ci collation across all tables and added a test to validate that new migrations use this collation.
  • Added new optional parameter --outfile to fleetctl package to override the filename being generated.
  • Updated software detection so that a new installer uploaded over an FMA app does not report as an FMA app.
  • Improved error when trying to apply builtin labels.
  • Updated copy and remove platform callout in manage automations modal.
  • Update UI references to "Frequency" to now say "Interval".
  • Prevented editing the UI MDM > End user migration section when GitOps mode is enabled, since this is GitOps-configurable.
  • Made the gap between characters in password fields consistent.
  • Updated to consistent 14px font size across all input and dropdown fields.
  • Removed username requirements for certain MDM CIS policies.
  • Added macOS redis cluster support.
  • Changed to using DeleteObject S3 api for GCP interoperability.
  • Updated to use the Source Code Pro font in the Disk encryption key modal for clear differentiation betweenvthe letter oh and the number zero.
  • Updated go to 1.24.4
  • Fixed result count shown when running a policy.
  • Fixed bug with the 'Observers can run this query' tooltip due to missing styling rules.
  • Fixed possible user invite race condition.
  • Fixed issue where NDES SCEP admin page was parsed using wrong UTF16 endianness.
  • Fixed manual labels in gitops not selecting hosts by hardware serial or uuid.
  • Fixed a database bug where the host_uuid column was too small in some secondary tables related to ADE-enrollment and IdP accounts.
  • Fixed missing CORS header check for JSON requests.
  • Fixed bug when listing software titles for 'All teams' which caused duplicated entries.
  • Fixed a bug that caused custom OS settings targeted using "include any" label rules to never verify on hosts that only included a subset of the targeted labels
  • Fixed the Docker Fleet-maintained app install script to prevent a successful install from showing
    up as a failure due to directory existence checks (live as of 2025-06-13 FMA update).
  • Fixed issue causing a 500 error when clicking "Manage Automations" from the Queries page when osquery logging has certain configurations.
  • Fixed issue where you could not delete a bootstrap package.
  • Fixed policy autofill using incorrect media-type for query.
  • Fleet Free: Removed the installer dropdown (Premium-only) from the Software page and Host details > Software tab as installer filtering isn’t applicable on the Free tier.
  • Fixed issue where users were not able to reenable end user migration in the UI.

Fleet's agent

The following version of Fleet's agent (fleetd) support the latest changes to Fleet:

  1. orbit-v1.44.0
  2. fleet-desktop-v1.44.0 (included with Orbit)
  3. fleetd-chrome-v1.3.2

While newer versions of fleetd still function with older versions of the Fleet server (and vice versa), Fleet does not actively test these scenarios and some newer features won't be available.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

34fa0b6f194719506ad456eb75947db7a28b8739b2f91913ca89f00e097829b0  fleet_v4.70.0_linux.tar.gz
12e1a5b1395769510c8be26cf158b72ab9de237ffb883d33f904fe0babafaaeb  fleetctl_v4.70.0_linux_amd64.tar.gz
6fc802ac1157f98d9f6b3af9c30463d8008623fc592ab72bba3034af88e68f5c  fleetctl_v4.70.0_linux_amd64.zip
2210073fee432258fbb47cc3600f3e663c049d51a8b25029d0a6c4d74d15fe01  fleetctl_v4.70.0_linux_arm64.tar.gz
5fa8956d70154a10ba16ebd81b0c3038586c4bf4037a4e01e61489952d94f10d  fleetctl_v4.70.0_linux_arm64.zip
5366920f777dc81ead004203111c4aaf6fd24c8f835684249afa0b0dfded0187  fleetctl_v4.70.0_macos.tar.gz
815131a44741ad82cc13d330eb3eb9665d104a442e90ef981371660c5e6a817f  fleetctl_v4.70.0_macos.zip
88e7f265819cbb46aa8a74112dfe328edb0d28d7a2146f85e010820fe37975a1  fleetctl_v4.70.0_windows_amd64.tar.gz
74382f020dc9422697e48d87f6ebeeed00022f6647e0a6d392d4204467fc8da4  fleetctl_v4.70.0_windows_amd64.zip
b75ff6a3f3b756cad1c020b55c38a7c80872d73a7c105b59eb43474b897bb48e  fleetctl_v4.70.0_windows_arm64.tar.gz
47904adf9579fef51e945c305904dc2d640452caf150d5b236384a78f238bf10  fleetctl_v4.70.0_windows_arm64.zip
Assets 14
Loading