Closed lukeheath closed 1 year ago
Fleet 4.29.0 is scheduled for release on 2022-03-21 (afternoon PST)
Prepare and publish the release article for Fleet 4.29.0 so that folks in the Fleet/osquery community can understand the latest features.
https://docs.google.com/document/d/1pJmyYBexfV2mW-UK91tExODFCdHWTjOR_Hdo0IF3kqI/edit#
Added activity feed items for enabling and disabling disk encryption with MDM.
Added FileVault banners on the Host Details and My Device pages.
Added activities for when macOS disk encryption setting is enabled or disabled.
Added UI for fleet mdm managed disk encryption toggling and the disk encryption aggregate data.
Added support to update a team's disk encryption via the Modify Team (PATCH /api/latest/fleet/teams/{id}) endpoint.
PATCH /api/latest/fleet/teams/{id}
Added a new API endpoint to gate access to an enrollment profile behind Okta authentication.
Added new configuration values to integrate Okta in the DEP MDM flow.
Added GET /mdm/apple/profiles/summary endpoint.
GET /mdm/apple/profiles/summary
Updated API endpoints that use team_id query parameter so that team_id=0 filters results to include only hosts that are not assigned to any team.
team_id
team_id=0
Adjusted the aggregated_stats table to compute and store statistics for "no team" in addition to per-team and for all teams.
aggregated_stats
Added MDM profiles status filter to hosts endpoints.
Added indicators of aggregate host count for each possible status of MDM-enforced mac settings (hidden until 4.30.0).
As part of JIT provisioning, read user roles from SAML custom attributes.
Added Win 10 policies for CIS Benchmark 18.x.
Added Win 10 policies for CIS Benchmark 2.3.17.x.
Added Win 10 policies for CIS Benchmark 2.3.10.x.
Documented CIS Windows10 Benchmarks 9.2.x to cis policy queries.
Document CIS Windows10 Benchmarks 9.3.x to cis policy queries.
Added button to show query on policy results page.
Run periodic cleanup of pending cron_stats outside the schedule package to prevent Fleet outages from breaking cron jobs.
cron_stats
schedule
Added an invitation for users to upgrade to Premium when viewing the Premium-only "macOS updates" feature.
Added an icon on the policy table to indicate if a policy is marked critical.
Added "instanceID" (aka owner of locks) to schedule logging (to help troubleshooting when running multiple Fleet instances).
"instanceID"
owner
locks
Introduce UUIDs to Fleet errors and logs.
Added EndeavourOS, Manjaro, openSUSE Leap and Tumbleweed to HostLinuxOSs.
Global observer can view settings for all teams.
Team observers can view the team's settings.
Updated translation rules so that Docker Desktop can be mapped to the correct CPE.
Pinned Docker image hashes in Dockerfiles for increased security.
Remove the ATTACH check on SQL osquery queries (osquery bug fixed a while ago in 4.6.0).
ATTACH
Don't return internal error information on Fleet API requests (internal errors are logged to stderr).
Fixed an issue when applying the configuration YAML returned by fleetctl get config with fleetctl apply when MDM is not enabled.
fleetctl get config
fleetctl apply
Fixed a bug where fleetctl trigger doesn't release the schedule lock when the triggered run spans the regularly scheduled interval.
fleetctl trigger
Fixed a bug that prevented starting the Fleet server with MDM features if Apple Business Manager (ABM) was not configured.
Fixed incorrect MDM-related settings documentation and payload response examples.
Fixed bug to keep team when clicking on policy tab twice.
Fixed software table links that were cutting off tooltip.
Working Google doc.
Published. https://fleetdm.com/releases/fleet-4.29.0
Clouds in the sky, Fleet 4.29 brings a sigh, Features to simplify.
Fleet 4.29.0 is scheduled for release on 2022-03-21 (afternoon PST)
Goal
Prepare and publish the release article for Fleet 4.29.0 so that folks in the Fleet/osquery community can understand the latest features.
How?
Primary features
https://docs.google.com/document/d/1pJmyYBexfV2mW-UK91tExODFCdHWTjOR_Hdo0IF3kqI/edit#
List of MDM features
Added activity feed items for enabling and disabling disk encryption with MDM.
Added FileVault banners on the Host Details and My Device pages.
Added activities for when macOS disk encryption setting is enabled or disabled.
Added UI for fleet mdm managed disk encryption toggling and the disk encryption aggregate data.
Added support to update a team's disk encryption via the Modify Team (
PATCH /api/latest/fleet/teams/{id}
) endpoint.Added a new API endpoint to gate access to an enrollment profile behind Okta authentication.
Added new configuration values to integrate Okta in the DEP MDM flow.
Added
GET /mdm/apple/profiles/summary
endpoint.Updated API endpoints that use
team_id
query parameter so thatteam_id=0
filters results to include only hosts that are not assigned to any team.Adjusted the
aggregated_stats
table to compute and store statistics for "no team" in addition to per-team and for all teams.Added MDM profiles status filter to hosts endpoints.
Added indicators of aggregate host count for each possible status of MDM-enforced mac settings (hidden until 4.30.0).
Other Features
As part of JIT provisioning, read user roles from SAML custom attributes.
Added Win 10 policies for CIS Benchmark 18.x.
Added Win 10 policies for CIS Benchmark 2.3.17.x.
Added Win 10 policies for CIS Benchmark 2.3.10.x.
Documented CIS Windows10 Benchmarks 9.2.x to cis policy queries.
Document CIS Windows10 Benchmarks 9.3.x to cis policy queries.
Added button to show query on policy results page.
Run periodic cleanup of pending
cron_stats
outside theschedule
package to prevent Fleet outages from breaking cron jobs.Added an invitation for users to upgrade to Premium when viewing the Premium-only "macOS updates" feature.
Added an icon on the policy table to indicate if a policy is marked critical.
Added
"instanceID"
(akaowner
oflocks
) toschedule
logging (to help troubleshooting when running multiple Fleet instances).Introduce UUIDs to Fleet errors and logs.
Added EndeavourOS, Manjaro, openSUSE Leap and Tumbleweed to HostLinuxOSs.
Global observer can view settings for all teams.
Team observers can view the team's settings.
Updated translation rules so that Docker Desktop can be mapped to the correct CPE.
Pinned Docker image hashes in Dockerfiles for increased security.
Remove the
ATTACH
check on SQL osquery queries (osquery bug fixed a while ago in 4.6.0).Don't return internal error information on Fleet API requests (internal errors are logged to stderr).
Fixed an issue when applying the configuration YAML returned by
fleetctl get config
withfleetctl apply
when MDM is not enabled.Fixed a bug where
fleetctl trigger
doesn't release the schedule lock when the triggered run spans the regularly scheduled interval.Fixed a bug that prevented starting the Fleet server with MDM features if Apple Business Manager (ABM) was not configured.
Fixed incorrect MDM-related settings documentation and payload response examples.
Fixed bug to keep team when clicking on policy tab twice.
Fixed software table links that were cutting off tooltip.