Release article: 4.29.0

[lukeheath]

Fleet 4.29.0 is scheduled for release on 2022-03-21 (afternoon PST)

Goal

Prepare and publish the release article for Fleet 4.29.0 so that folks in the Fleet/osquery community can understand the latest features.

How?

• [x] @noahtalerman: Add features to "Primary improvements" section
• [x] @lukeheath: Add draft CHANGELOG to "List of improvements" section
• [x] @jarodreyes: Write and publish blogpost
• [x] @mike-j-thomas: Hand images for cover and primary improvements to Jarod

Primary features

https://docs.google.com/document/d/1pJmyYBexfV2mW-UK91tExODFCdHWTjOR_Hdo0IF3kqI/edit#

List of MDM features

• Added activity feed items for enabling and disabling disk encryption with MDM.

• Added FileVault banners on the Host Details and My Device pages.

• Added activities for when macOS disk encryption setting is enabled or disabled.

• Added UI for fleet mdm managed disk encryption toggling and the disk encryption aggregate data.

• Added support to update a team's disk encryption via the Modify Team (PATCH /api/latest/fleet/teams/{id}) endpoint.

• Added a new API endpoint to gate access to an enrollment profile behind Okta authentication.

• Added new configuration values to integrate Okta in the DEP MDM flow.

• Added GET /mdm/apple/profiles/summary endpoint.

• Updated API endpoints that use team_id query parameter so that team_id=0 filters results to include only hosts that are not assigned to any team.

• Adjusted the aggregated_stats table to compute and store statistics for "no team" in addition to per-team and for all teams.

• Added MDM profiles status filter to hosts endpoints.

• Added indicators of aggregate host count for each possible status of MDM-enforced mac settings (hidden until 4.30.0).

Other Features

• As part of JIT provisioning, read user roles from SAML custom attributes.

• Added Win 10 policies for CIS Benchmark 18.x.

• Added Win 10 policies for CIS Benchmark 2.3.17.x.

• Added Win 10 policies for CIS Benchmark 2.3.10.x.

• Documented CIS Windows10 Benchmarks 9.2.x to cis policy queries.

• Document CIS Windows10 Benchmarks 9.3.x to cis policy queries.

• Added button to show query on policy results page.

• Run periodic cleanup of pending cron_stats outside the schedule package to prevent Fleet outages from breaking cron jobs.

• Added an invitation for users to upgrade to Premium when viewing the Premium-only "macOS updates" feature.

• Added an icon on the policy table to indicate if a policy is marked critical.

• Added "instanceID" (aka owner of locks) to schedule logging (to help troubleshooting when running multiple Fleet instances).

• Introduce UUIDs to Fleet errors and logs.

• Added EndeavourOS, Manjaro, openSUSE Leap and Tumbleweed to HostLinuxOSs.

• Global observer can view settings for all teams.

• Team observers can view the team's settings.

• Updated translation rules so that Docker Desktop can be mapped to the correct CPE.

• Pinned Docker image hashes in Dockerfiles for increased security.

• Remove the ATTACH check on SQL osquery queries (osquery bug fixed a while ago in 4.6.0).

• Don't return internal error information on Fleet API requests (internal errors are logged to stderr).

• Fixed an issue when applying the configuration YAML returned by fleetctl get config with fleetctl apply when MDM is not enabled.

• Fixed a bug where fleetctl trigger doesn't release the schedule lock when the triggered run spans the regularly scheduled interval.

• Fixed a bug that prevented starting the Fleet server with MDM features if Apple Business Manager (ABM) was not configured.

• Fixed incorrect MDM-related settings documentation and payload response examples.

• Fixed bug to keep team when clicking on policy tab twice.

• Fixed software table links that were cutting off tooltip.

[spokanemac]

Working Google doc.

[spokanemac]

Published. https://fleetdm.com/releases/fleet-4.29.0

[fleet-release]

Clouds in the sky,
Fleet 4.29 brings a sigh,
Features to simplify.