Blogpost: 4.23.0

[noahtalerman]

Fleet 4.23.0 is scheduled for release on 2022-11-10 (afternoon PST)

Goal

Prepare and publish the release blogpost for Fleet 4.23.0 so that folks in the Fleet/osquery community can understand the latest improvements.

How?

• [x] @noahtalerman: Add features to "Primary improvements" section
• [x] @lukeheath: Add draft CHANGELOG to "List of improvements" section
• [x] @chris-mcgillicuddy: Write and publish blogpost
• [x] @mike-j-thomas: Hand images for cover and primary improvements to @chris-mcgillicuddy

Primary improvements

• 7671

• 7884

• 7440

• 7825

List of other improvements

• Added preview screenshots for Jira and Zendesk vulnerability tickets for Premium users.

• Improve host detail query to populate primary ip and mac address on host.

• Add option to show public IP address in Hosts table.

• Improve ingress resource by replacing the template with a most recent version, that enables:

  • Not having any annotation hardcoded, all annotations are optional.
  • Custom path, as of now it was hardcoded to /*, but depending on the ingress controller, it can require an extra annotation to work with regular expressions.
  • Specify ingressClassName, as it was hardcoded to gce, and this is a setting that might be different on each cluster.

• Added ingestion of host orbit version from orbit_info osquery extension table.

• Added number of hosts enrolled by orbit version to usage statistics payload.

• Added number of hosts enrolled by osquery version to usage statistics payload.

• Added arch and linuxmint to list of linux distros so that their data is displayed and host count includes them.

• When submitting invalid agent options, inform user how to override agent options using fleetctl force flag.

• Exclude Windows Servers from mdm lists and aggregated data.

• Activity feed includes editing team config file using fleetctl.

• Update Go to 1.19.3.

• Host details page includes information about the host's disk encryption.

• Information surfaced to device user includes all summary/about information surfaced in host details page.

• Support low_disk_space filter for endpoint /labels/{id}/hosts.

• Select targets pages implements cleaner icons.

• Added validation of unknown keys for the Apply Teams Spec request payload (POST /spec/teams endpoint).

• Orbit MSI installer now includes the necessary manifest file to use windows_event_log as a logger_plugin.

• UI allows for filtering low disk space hosts by platform.

• Add passed policies column on the inherited policies table for teams.

• Use the MSRC security bulletins to scan for Windows vulnerabilities. Detected vulnerabilities are inserted in a new table, 'operating_system_vulnerabilities'.

• Added vulnerability scores to Jira and Zendesk integrations for Fleet Premium users.

• Improve database usage to prevent some deadlocks.

• Added ingestion of disk encryption status for hosts, and added that flag in the response of the GET /hosts/{id} API endpoint.

• Trying to add a host with 0 enroll secrets directs user to manage enroll secrets.

• Detect Windows MDM solutions and add mdm endpoints.

• Styling updates on login and forgot password pages.

• Add UI polish and style fixes for query pages.

• Update styling of tooltips and modals.

• Update colors, issues icon.

• Cleanup dashboard styling.

• Add tooling for writing integration tests on the frontend.

• Fixed host details page so munki card only shows for mac hosts.

• Fixed a bug where duplicate vulnerability webhook requests, jira, and zendesk tickets were being made when scanning for vulnerabilities. This affected ubuntu and redhat hosts that support OVAL vulnerability detection.

• Fixed bug where password reset token expiration was not enforced.

• Fixed a bug in fleetctl apply for teams, where a missing agent_options key in the YAML spec file would clear the existing agent options for the team (now it leaves it unchanged). If the key is present but empty, then it clears the agent options.

• Fixed bug with our CPE matching process. UTM.app was matching to the wrong CPE.

• Fixed an issue where fleet would send invalid usage stats if no hosts were enrolled.

• Fixed an Orbit MSI installer bug that caused Orbit files not to be removed during uninstallation.

[noahtalerman]

@lukeheath I'm going back on what I said during our call today. It would be very helpful for you to take on completing the draft CHANGELOG and "Prepare for 4.23.0" PR: #8589

Can you please update the draft CHANGELOG and paste it in this issue's description?

In the CHANGELOG, any change that you think isn't relevant for Fleet users can be removed. I usually order the changes by relevance/importance to a user (large features first and bug fixes last).

When this is done can you please @ mention me in this issue? Thanks :)

[noahtalerman]

@chris-mcgillicuddy I assigned you this issue. I added the primary improvements to this issue's description.

[noahtalerman]

@mike-j-thomas can you please provide Chris with screenshots for the blogpost?

The screenshots should reflect the features included in the "Primary improvements" section of the issue description.

[mike-j-thomas]

[chris-mcgillicuddy]

Fleet 4.23.0 release article is ready for review. I'll follow up on the CHANGELOG for the list of more new features, improvements, and bug fixes.

https://docs.google.com/document/d/1kD3sizH5xOZrPoGHB4393fcfe-g4rq9fg4Z1J5Y_QzY/edit?usp=sharing

[lukeheath]

@noahtalerman @chris-mcgillicuddy Apologies for the delay. The draft changelog has been added to this issue.

[chris-mcgillicuddy]

No worries, @lukeheath! PR has been created https://github.com/fleetdm/fleet/pull/8665.

I forgot to ask Mike T. for a cover image. I'll follow up during the Digital Experience huddle.

[mike-j-thomas]

@chris-mcgillicuddy, forgot to include this, sorry.

[chris-mcgillicuddy]

Fleet 4.23.0 release blog post is live: https://fleetdm.com/releases/fleet-4.23.0.