Release article: 4.28.0

[noahtalerman]

Fleet 4.28.0 is scheduled for release on 2022-02-24 (afternoon PST)

Goal

Prepare and publish the release article for Fleet 4.28.0 so that folks in the Fleet/osquery community can understand the latest features.

How?

• [x] @noahtalerman: Add features to "Primary improvements" section
• [x] @lukeheath: Add draft CHANGELOG to "List of improvements" section
• [ ] @jarodreyes: Write and publish blogpost
• [ ] @mike-j-thomas: Hand images for cover and primary improvements to Jarod

Primary features

• CIS for macOS 13 Ventura (level 1 and 2): https://docs.google.com/presentation/d/1GoPFc0Lf5Pn5rV61zLzIzaNeSRQrWuZfe9fx5-jWObo/edit#slide=id.g25f6af9dd6_0_0
• MDM beta which includes these features:
  • Set up: https://fleetdm.com/docs/using-fleet/mobile-device-management#set-up
  • Manual enrollment: https://fleetdm.com/docs/using-fleet/mobile-device-management#manually-enrolled-hosts
  • Automatic enrollment: https://fleetdm.com/docs/using-fleet/mobile-device-management#default-team
  • Encourage macOS updates via Nudge: https://fleetdm.com/docs/using-fleet/mobile-device-management#mac-os-updates
  • Enforce macOS settings with profiles: #8360
• IP address improvements: #9907 Reduced infrastructure spend: #3723
  • Reach out to @zayhanlon for details on how much some users will save

List of MDM features

• Added logic to ingest and decrypt FileVault recovery keys on macOS if Fleet's MDM is enabled.

• Create activity feed types for the creation, update, and deletion of macOS profiles (settings) via MDM.

• Added an API endpoint to retrieve a host disk encryption key for macOS if Fleet's MDM is enabled.

• Added UI implementation for users to upload, download, and deleted macos profiles.

• Added activity feed types for the creation, update, and deletion of macOS profiles (settings) via MDM.

• Added API endpoints to create, delete, list, and download MDM configuration profiles.

• Added "edited macos profiles" activity when updating a team's (or no team's) custom macOS settings via fleetctl apply.

• Enabled installation and auto-updates of Nudge via Orbit.

• Added support for providing macos_settings.custom_settings profiles for team (with Fleet Premium) and no-team levels via fleetctl apply.

List of other features

• Added --policies-team flag to fleetctl apply to easily import a group of policies into a team.

• Remove requirement for Rosetta in installation of macOS packages on Apple Silicon. The binaries have been "universal" for a while now, but the installer still required Rosetta until now.

• Added max height on org logo image to ensure consistent height of the nav bar.

• UI default policies pre-select targeted platform(s) only.

• Parse the Mac Office release notes and use that for doing vulnerability processing.

• Only set public IPs on the host.public_ip field and add documentation on how to properly configure the deployment to ingest correct public IPs from enrolled devices.

• Added tooltip with link to UI when Public IP address cannot be determined.

• Update to better URL validation in UI.

• Set policy platforms using the platform checkboxes as a user would expect the options to successfully save.

• Standardized on a default value for empty cells in the UI.

• Added link to query table in UI source (fleetdm.com/tables/table_name).

• Added live query distributed interval warnings on select targets picker and live query result page.

• Added a macOS settings indicator and modal on the host details and device user pages.

• Added configuration parameters for the filesystem logging destination -- max_size, max_age, and max_backups are now configurable rather than hardcoded values.

• Live query/policy selecting "All hosts" is mutually exclusive from other filters.

• Minor server changes to support Fleetd for ChromeOS (to be released soon).

• Fixed network_interface_unix and network_interface_windows to ingest "Private IPs" only (filter out "Public IPs").

• Fixed how the Fleet MDM server URL is generated when stored for hosts enrolled in Fleet MDM.

• Fixed a panic when loading information for a host enrolled in MDM and its is_server field is NULL.

• Fixed bug with host count on hosts filtered by operating system version.

• Fixed permissions warnings reported by Suspicious Package in macos pkg installers. These warnings appeared to be purely cosmetic.

• Fixed UI bug: Long words in activity feed wrap within the div.

[noahtalerman]

Hey @jarodreyes I added the primary features in 4.28.0 release and assigned you this issue.

When you get the chance, can you please draft the release article for 4.28.0? Thanks!

[noahtalerman]

@mike-j-thomas when you get the chance, can you please provide Jarod with screenshots for the release article?

[noahtalerman]

@lukeheath when you get the chance, can you please update the issue description with the CHANGELOG?

[lukeheath]

@noahtalerman Is it helpful to receive a partial changelog earlier, or should I wait until we have a final changelog once the freeze starts?

[noahtalerman]

Is it helpful to receive a partial changelog earlier, or should I wait until we have a final changelog once the freeze starts?

@lukeheath I think waiting until we have the final changelog makes sense. Thanks for pointing this out.

This way, product and marketing have a final list of features to work with in the blogpost. We don't have to worry about more features coming in later.

cc @jarodreyes

[lukeheath]

I will add the changelog as soon as the freeze starts.

[jarodreyes]

cc: @spokanemac

[spokanemac]

Working document. @lukeheath please let me know when you have a change log.

[lukeheath]

@spokanemac Change log has been added! 🪵

[spokanemac]

Published.

[fleet-release]

New MDM perks arise A fleet of security bliss Clouds of safety reign