fleet-v4.84.3

Bug fixes

• Reduced database load from GET /api/latest/fleet/device/{token}/desktop and other Fleet Desktop endpoints when invalid or expired device auth tokens are presented, by resolving the token to a host id with a single-table indexed lookup before running the multi-join host-details query.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

8323559b7c4a586beb31997c585f4000305a754d90902b42796ca84929e8c442  fleet_v4.84.3_linux.tar.gz
deaa661f852646cdbffd50d48278635717661b294c3d02279d112a787e228c1e  fleetctl_v4.84.3_linux_amd64.tar.gz
c6fb3708ea246ee05b756c242cb6f8978bd124d216b3621c2d7fb6637494afb8  fleetctl_v4.84.3_linux_amd64.zip
bce3986624a1d33badb31df1b533feafae877206ac81d3c268cc7428a8625461  fleetctl_v4.84.3_linux_arm64.tar.gz
1a0219499f50cc190949b7ad08686a49df4edb74349283e5c965aa2dc38d8859  fleetctl_v4.84.3_linux_arm64.zip
2d002968c2e2b03b1a05b7925087acce75df90e00458c91af6435e7a9ad87f73  fleetctl_v4.84.3_macos.tar.gz
5d3383af113eed7f12b75b07f8d834c6fa79299e8dce0a3f2bc7a92c10b8453e  fleetctl_v4.84.3_macos.zip
56e88759715ee94f64197869bc60799df06426493b4efa662e55bf8148b057f5  fleetctl_v4.84.3_windows_amd64.tar.gz
6f3d202f5ac908dd6261eee70ee39a9cad91f00687fa93adf13121f67d96777c  fleetctl_v4.84.3_windows_amd64.zip
d3ceac170d1f3315c71f5d71e57f288ceb73e2dc14a04414ad1f63a55286f9bf  fleetctl_v4.84.3_windows_arm64.tar.gz
6a9e17827f10c99dcddfe2d61bff309daf685159411cb4481483e1a8be4f5214  fleetctl_v4.84.3_windows_arm64.zip

fleet-v4.84.2

Bug fixes

• Fixed filtering in /api/v1/fleet/labels/:id/hosts endpoint.
• Fixed a dead SQL condition in hostVPPInstalls that was misleading but harmless: Android VPP apps never produce nano_command_results entries (they use Google's Android Management API, not nanoMDM), so the previous (hvsi.platform != 'android' OR ncr.id IS NULL) guard was a tautology. Replaced with a clarifying comment.
• Fleet UI > Settings > Variables: Fixed access to not allow adding custom variable while in gitops mode both in the empty state and when a variable already exists
• Fixed a bug where custom package installers were not removed when adding an FMA for the same title via GitOps, which caused setup experience to install duplicate software.
• Fixed a bug where host environment variables in script-only packages would cause gitops to fail
• Updated go to 1.26.2
• Fixed an issue where trying to wipe a device after its certificate was renewed could fail due to a missing bootstrap token. Note: The device might still have wiped
• Fixed a bug where duplicate software installers for linux could be added.
• Improved validation for invalid order_key values in /api/v1/fleet/commands, /api/v1/fleet/mdm/commands and /api/v1/fleet/mdm/apple/commands endpoints.
• Fixed a server panic when an Apple MDM DeviceInformation refetch response omitted DeviceName or other expected fields.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

5bb555863948d05299e252e6df5b11914b981773f9b7e7253a1a8b2dc8d83143  fleet_v4.84.2_linux.tar.gz
1b2c7c3a320fc506de9f8b185c9d66de847e14d0d1b5ebffdc9179aeefe0c05c  fleetctl_v4.84.2_linux_amd64.tar.gz
b75e046e5fc70060e7c6383d4fe2d9b388e42367b816bee837491c3274c30000  fleetctl_v4.84.2_linux_amd64.zip
aec1812e1b406f9ac2e4694a2477902760bb3475d58506707f3626e88ef0aa12  fleetctl_v4.84.2_linux_arm64.tar.gz
b1c590f38a1992aa569783c66707986eed2418ccc557570a3bf71d249102ec86  fleetctl_v4.84.2_linux_arm64.zip
6f2d7dbdd6d51722e9373a9558fa78377c83f9b904ad5930031644d07f5e5607  fleetctl_v4.84.2_macos.tar.gz
358bc348bcf54008ac4892dc8d09553acb221b6f0f163039fd56b0ddd8e9dfa3  fleetctl_v4.84.2_macos.zip
69f8b57c80e702a9edf608dd698d3572f8a30860228a381cbbd004c4c1c3346f  fleetctl_v4.84.2_windows_amd64.tar.gz
c58b932c5aa9f003a53262a45021f3af1d94723f703cb50bf6feba8fcf9bf065  fleetctl_v4.84.2_windows_amd64.zip
ec94d3257a195336bd1a6843eaff7440a58e8a51299589725c7bb37bbb5a524a  fleetctl_v4.84.2_windows_arm64.tar.gz
425fb7a53842a0d0f0da43e1d781b5446a5817eee204edd88e94c62be77f1e6c  fleetctl_v4.84.2_windows_arm64.zip

fleet-v4.84.1

Bug fixes

• Fixed Fleet's Docker image failing to start in Kubernetes with an unknown userid error, triggered by a fleetctl dependency side effect.
• Use Docker as the default WiX runtime on macOS (including Apple Silicon) when generating .msi packages via fleetctl package. Wine is no longer required on macOS for the default path.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

d8f4cfe973fdba253eae70d6e0c83e681d6d945ec52d37a8c9e20a887cc21c32  fleet_v4.84.1_linux.tar.gz
615567928c7e94f9cee9ae60e81852f9d300031f1e3933c5c34981f5883b9861  fleetctl_v4.84.1_linux_amd64.tar.gz
ba79ac36c7aef0e7259c9f2bc6615a42ff098b18dd4baf3564ed704c973a730b  fleetctl_v4.84.1_linux_amd64.zip
d042ff15c6c2a27eba7e992d4b11fbfd9b1dcc99b95741c6b19723601e7025cc  fleetctl_v4.84.1_linux_arm64.tar.gz
8da325cf0c2c4c729c22d4c66ab2c53c355fabb16aae1a45b43df04c8c6bfb6d  fleetctl_v4.84.1_linux_arm64.zip
75acdbd6945eb374c77cde0f65350945712cd93f9098f93bf246df88b520ae8d  fleetctl_v4.84.1_macos.tar.gz
6809e7b94fd8c99fe9f243130d1049ff4735b7c3eedb65a00d51e4526602d761  fleetctl_v4.84.1_macos.zip
72819485c95a0c7b1b765c4b64f34241d3a2712de6700c2059533427e9bded52  fleetctl_v4.84.1_windows_amd64.tar.gz
2e3cf8977a08f331fa441af11aecc0592f833f079bacdd9efb26768cd94a258e  fleetctl_v4.84.1_windows_amd64.zip
eacfbeb4cb83e8ea42fab4ea9e430ff114b6f0c7d742f781c552921b5ecdfa82  fleetctl_v4.84.1_windows_arm64.tar.gz
433efde225f9f62f95812a0b76a4335f7446210dd1d2e7319905618ff724026d  fleetctl_v4.84.1_windows_arm64.zip

fleet-v4.84.0

NOTE FOR SELF-HOSTED: the fleetdm/fleet:v4.84.0 Docker image is broken in Kubernetes environments. Use fleetdm/fleet:v4.84.1 instead.

Fleet 4.84.0 (Apr 24, 2026)

IT Admins

• Added support for Entra conditional access to Windows devices.
• Added ability to pin Fleet-maintained apps to a specific major version in GitOps.
• Implemented ACME for MDM protocol communication, and hardware device attestation.
• Added GET /api/v1/fleet/hosts/{id}/reports endpoint (also accessible as /hosts/{id}/queries) that lists the query reports associated with a specific host.
• Added support for labels_include_all conditional scoping for software installers and apps.
• Added validation for software install, uninstall, and post-install scripts.
• Added ability to specify custom patch policy query in an FMA manifest.
• Added ability to re-send Android certificates to a specific host.
• Added Reports tab to Host details page.
• Allowed specifying a Fleet-Maintained App (FMA) as a policy software automation in GitOps.
• Added support for running python scripts on macOS and Linux.
• Added automatic retry (up to 3 times) when the Android agent reports a certificate install failure.
• Added activity logging when a certificate is installed or fails to install on an Android host.
• Enabled the host activity card on the Android host details page.
• Switched Fleet-maintained apps serving location from GitHub to https://maintained-apps.fleetdm.com/manifests. NOTE: If you limit outbound Fleet server traffic, make sure it can access the new FMA manifests location.
• Increased automatic retry limit for failed Apple (macOS, iOS, iPadOS) configuration profiles from 1 to 3. Windows profiles remain at 1 retry.
• Added a new disk_space fleetd table for macOS that reports available disk space including purgeable storage, matching the value shown in Finder's "Get Info" dialog and System Settings → General → Storage.
• Added configuration profile deletion when a Windows configuration profile is deleted or a host moves teams via SyncML <Delete> commands, bringing Windows profile removal to parity with macOS.
• Added support for outputting VPP policy automations in fleetctl generate-gitops.
• Added logging of profile names alongside MDM commands installing or removing them.
• Added indication in the UI when a profile command was deferred via NotNow status.
• Added activity when setup experience is canceled due to software install failure.
• Added cancel activities for each VPP app install skipped due to setup experience cancellation, and switched "failed" activity to "canceled" for package-based software installs in the same situation.
• Added install failure activity when VPP installs fail due to licensing issues during setup experience.

Security Engineers

• Added vulnerability detection for Microsoft 365 Apps and Office products on Windows.
• Added OSV data source for Ubuntu vulnerability scanning.
• Added automatic rotation of Mac recovery lock passwords 1 hour after the password is viewed via the API.
• Updated ingestion/CVE logic to support JetBrains software with 2 version numbers, like WebStorm 2025.1
• Addressed false positive vulnerabilities (CVE-2019-17201, CVE-2019-17202) reported for Admin By Request on macOS and Linux hosts. These CVEs are Windows-specific.
• Generated correct CPE from malformed ipswitch whatsup CPE, ensuring applicable CVEs are matched.
• Added software source to ecosystem matching to help prevent non-deterministic CPE selection when multiple vendors exist for the same product.

Other improvements and bug fixes

• Upped the default limit for the software batch endpoint, from 1MiB to 25MiB.
• Added FLEET_MDM_CERTIFICATE_PROFILES_LIMIT server config option to throttle the number of CA certificate profile installations per reconciler cycle, preventing CA server overload in large deployments.
• Added banner to Add software page to inform users that Android web apps require Google Chrome.
• Enabled Windows MDM in fleetctl preview by auto-generating WSTEP certificates on startup.
• Used the same templates for fleetctl new and new instance initialization.
• Added "API time" to GitOps output on API errors.
• Allowed clearing Windows OS update deadline and grace period fields to remove enforcement.
• Updated ordering of setup experience software to take display names into account.
• Updated iOS/iPadOS refetch logic to slowly clear out old/stale results.
• Increased the default SSO session validity period from 5 to 15 minutes.
• Improved performance of distributed read endpoint by reducing mutex contention in shouldUpdate using sync.RWMutex instead of sync.Mutex.
• Allowed OTEL service name to be overridden with standard OTEL_SERVICE_NAME env var.
• Revised which versions Fleet tests MySQL against to remove 8.0.39 and add 8.0.42.
• Allowed typing whitespace on Settings > Integrations > SSO > End users form.
• Removed incorrect report key from get/create/modify API responses.
• Added (query_id, has_data, host_id, last_fetched) index on query_results.
• Improved database query performance for the Host Details > Reports page by adding a has_data virtual generated column to query_results.
• Made sure that fleet names are trimmed and validate to prevent whitespace-only or padded names across API, gitops, frontend, and existing data.
• Hid host details > reports in the UI from platforms that do not support scheduled reporting.
• Updated GitOps label functionality to allow omitting the hosts: key under a manual label to mean "preserve existing host membership", rather than removing all hosts.
• Added Flatcar Container Linux and CoreOS to the list of recognized Linux platforms, fixing host detail queries (IP address, disk space, etc.) not being sent to hosts running these distributions.
• Updated the default fleet selected when navigating to the dashboard and to controls.
• Reduced redundant database queries during policy result submission by computing flipping policies once per host check-in instead of multiple times.
• Reduced redundant database calls in the osquery distributed query results hot path by pre-loading configuration (AppConfig, HostFeatures, TeamMDMConfig, conditional access) once per request instead of once per detail query result.
• Updated UI to use new multiplatform API keys.
• Activated warnings for deprecated API parameters, API URLs, fleetctl commands and fleetctl command options.
• Updated the Request Certificate API to return the proper PEM header for PKCS #7 certificates returned by EST CAs.
• Added "Learn more" link on End User Authentication section.
• Moved Apple MDM worker to a faster cron, and started sending profiles on Post DEP enrollment job, to speed up initial macOS setup.
• Optimized PolicyQueriesForHost and ListPoliciesForHost SQL queries by replacing correlated subqueries with a single aggregated LEFT JOIN for label-based policy scoping, reducing query time by ~77% at scale.
• Improved VPP install failure messaging to explain verification timeouts in Host details and My device install details.
• Refactored large anonymous functions into named functions to improve nil-safety static analysis coverage.
• Renamed "Custom settings" to "Configuration profiles" in Fleet UI.
• Added description to UI to help users understand which fleet a policy belongs to during add/edit.
• Updated Fleet-maintained apps to overwrite software title names on sync and when adding an FMA installer.
• Improved Fleet server performance for the Windows MDM profiles summary and host OS settings filter queries by replacing correlated subqueries with a single aggregation pass.
• Improved Windows MDM server performance at scale by reducing redundant database queries during device check-ins.
• Updated go to 1.26.1
• Fixed a server panic when uploading a Windows MDM profile to a fleet on a free license.
• Fixed MSRC vulnerability scanning to differentiate between Windows Server Core and full desktop installations, preventing false positive/negative CVEs caused by non-deterministic product matching.
• Fixed GitOps policy software resolution failing when URL lookup doesn't match, by falling back to hash-based lookup.
• Fixed GitOps failing to delete a certificate authority when certificate templates still reference it in fleet configs.
• Fixed duplicate text in error message when script validation fails when adding a custom package.
• Fixed issue where the include_available_for_install query param wasn't being applied correctly to the GET /api/latest/fleet/hosts/{id}/software endpoint.
• Fixed disk encryption key modal to not show stale key when switching between hosts.
• Fixed SCIM user not associating with host when IdP username was set before the SCIM user was created.
• Fixed Google Drive version not matching upstream.
• Fixed bug that cleared the MDM lock state if an "idle" message was received right after the lock ACK.
• Fixed team maintainers, admins, and GitOps users being unable to add certificate templates due to missing read access to certificate authorities.
• Fixed fleetd installation failure on macOS when installing it through Host details page > Software > Library as a Custom package.
• Fixed a bug where SQL queries using table aliases (e.g., FROM mounts m) incorrectly reported no compatible platforms.
• Fixed fleetctl gitops failing with "No available VPP Token" when assigning VPP apps alongside a new team.
• Fixed a bug where OS versions were not populated in vulnerability details for OS-only vulnerabilities (e.g., macOS CVEs).
• Fixed a TOCTOU-related issue when checking before deleting last admin.
• Fixed database locking issues on the policy_membership table by batching cleanup DELETE operations and moving them outside the primary GitOps apply transaction.
• Fixed success message on Android softwar...

fleet-v4.83.2

Bug fixes

• Fixed a crash on the "My device" page for Fleet Free instances. The page returned a 402 error when the host was assigned to a team because the device endpoint called a premium-only API, and also crashed when accessing undefined policies data.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

08ef96bfc8c7b2d7650169054fa68fc9fa99a33409459d9f569859df34fb5602  fleet_v4.83.2_linux.tar.gz
9594c7a29cb210efe74eb3ac82aeeb6720a0f9a99af17197b21f7fcebbe42128  fleetctl_v4.83.2_linux_amd64.tar.gz
b6e230fe251f8f8a6a03ba3690abb012870c19944002e199a88e61f9051f4f3a  fleetctl_v4.83.2_linux_amd64.zip
46946bb498bf98f0d00265addbffba4e3a192350e6f90567021a04f679b452cb  fleetctl_v4.83.2_linux_arm64.tar.gz
0385f2981215df1e3a1ed9d1ef044066c1038a09564b2500cdda2075006e9b89  fleetctl_v4.83.2_linux_arm64.zip
8bbe2ab6244d9a04fdd555777bc9a1838cd6b988dadf4b30c45983ac0c9786aa  fleetctl_v4.83.2_macos.tar.gz
414340f61c7d31b67000311b6f91ebd0b8d4b4da280c7ffdb08cfea2ab81a0ea  fleetctl_v4.83.2_macos.zip
a52bc3bbd14cbad8227b1d68a68a0192a978381e10f70f24fb6125a0e8c7c1d2  fleetctl_v4.83.2_windows_amd64.tar.gz
0296691003856e6129a1191e8dc23d3e52f46ba627674750e533c658b5e62dc9  fleetctl_v4.83.2_windows_amd64.zip
cb009ccba74c1893607b22d57738507ff324f622d836d94f9fcf6e027dfe869b  fleetctl_v4.83.2_windows_arm64.tar.gz
d66710c52f78484b3a087c35db18d749b674f9921834bf15a299cbcd90c281b8  fleetctl_v4.83.2_windows_arm64.zip

fleet-v4.83.1

Bug fixes

• Fixed policy creation failing when type was omitted.
• Fixed auth token not persisting when logging in via SSO.
• Fleet UI: Fixed infinite page loop pagination bug on software table page happening when viewing a subsequent page and then using the software filter dropdown to filter.
• Fleet UI: Fixed software table page number to be bookmarkable

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

441e87e397898df479f0ef2cece844a40d43954e5481e2ff5ca02b45ddf2e589  fleet_v4.83.1_linux.tar.gz
66db9fb3c7eb517afc7e6200ae5187b6697c032ba49bebd0d68cce6e34a522c1  fleetctl_v4.83.1_linux_amd64.tar.gz
3ba7302fe8d7ed6940d249163fb1f4ddedb1b83adc61928e31994482ea8d2f47  fleetctl_v4.83.1_linux_amd64.zip
c474120d20e4faedd57d8a82fc5fd9d87f29b03f0307daba1815cb6ae3c614d9  fleetctl_v4.83.1_linux_arm64.tar.gz
56f9bdb2f2532f855ef568a908a20c211b0d64afb673c5de9cec22fe5e138e51  fleetctl_v4.83.1_linux_arm64.zip
89576e2506797b631d80672f02a9e5ce7e3fc80dbcbc8a7f2db615568c158cca  fleetctl_v4.83.1_macos.tar.gz
2b28948788d53bdbf72a53e064f5de781409c4e2df2b4a0db6517ef5f905e3c5  fleetctl_v4.83.1_macos.zip
7a83a83b1cce5ca3cdf66d27fb57c0b4470797143fc2771df3ce8f405153c63d  fleetctl_v4.83.1_windows_amd64.tar.gz
4d6ef7d46b6cf2e3d1c9da8457e7c4959b2fe05f70fb39baff423d57508bbf50  fleetctl_v4.83.1_windows_amd64.zip
4eca5f033644966859eb44df73962b98d687c926ee56d83276982cf166515a7a  fleetctl_v4.83.1_windows_arm64.tar.gz
5fd20d2dc1a9a62ddb256f52ef06d707db9edb44d4005f7b955d20904df3e2cb  fleetctl_v4.83.1_windows_arm64.zip

fleet-v4.83.0

Fleet 4.83.0 (Apr 1, 2026)

IT Admins

• Added ability to deploy an Android web app via setup experience or self-service.
• Added ability to set and manually rotate Mac recovery lock passwords.
• Added ability to lock the pre-filled user information for macOS hosts that login via End User Authentication during Setup Experience.
• Added automatic retries for failed software installs, excluding VPP apps.
• Updated host software library to always allow filtering.
• Added retry functionality when adding software installers to Fleet via GitOps.
• Added fleetctl new command to initialize a GitOps folder.
• Added support for paths: key under reports:, labels: and policies: in GitOps files.
• Added glob support for configuration_profiles in GitOps files.
• Added support for referencing .sh or .ps1 script files directly in the GitOps path field for software packages.
• Implemented webhooks_and_tickets_enabled flag for policies in GitOps.
• Added server config for allowing all Apple MDM declaration types.
• Added ability to use FLEET_JIT_USER_ROLE_FLEET_ as a prefix on SAML attributes.
• Added fleet_name and fleet_id columns to hosts CSV export.
• Added resend button in the OS settings modal for iOS and iPadOS hosts.
• Added patch policies for Fleet-maintained apps that automatically update when the app is updated.

Security Engineers

• Added support for NDES CA for Windows hosts.
• Added vulnerability scanning support for Windows Server 2025 hosts.
• Added OTEL instrumentation to Fleet's internal HTTP client.
• Added Content-Type header to Smallstep authorization requests to prevent Cloudflare from blocking them.
• Added ability to omit secrets: in GitOps files to retain existing enroll secrets on server.
• Fixed python package false positives on Ubuntu, such as python3-setuptools on Ubuntu 24.04 with version 68.1.2-2ubuntu1.2.
• Fixed false positive vulnerabilities for Mattermost Desktop.

Other improvements and bug fixes

• Most top-level keys can now be omitted from GitOps files in place of supplying them with an empty value.
• Improved host search to always match against host email addresses, not only when the query looks like an email.
• Prevented a 500 error on the host details page when an MDM command reference in host_mdm_actions pointed to a non-existent command (orphan reference).
• Allowed Fleet-maintained apps to be added if they have default categories configured that are not available in older builds from this point forward.
• Migrated to using Policy critical option when disallowing Okta conditional access bypass.
• Updated DEP enrollment flow to apply minimum macOS version check when specified.
• Updated GitOps to fail runs when unknown keys are detected in files.
• Updated default last opened time diff to 2m to increase the chances of updating the last opened time for software that is opened frequently.
• Updated the host results endpoint URL to be consistent with the other URLs.
• Added tooltip to batch run result host count to clarify that the count might include deleted hosts.
• Updated table heading and result filter styles.
• Reordered the columns on the Hosts page.
• Updated Fleet desktop to surface custom transparency links to the device user.
• Changed PostJSONWithTimeout to log response body in error case.
• Removedd unused and confusingly-named --mdm_apple_scep_signer_allow_renewal_days config.
• Refactored NewActivity functionality by moving it to the new activity bounded context.
• Modified Android certificate renewal logic to make it easier to test.
• Optimized api/latest/fleet/software/titles endpoint.
• Trimmed incoming ABM suffix for Arch Linux hosts so Arch OSs are grouped together in the database and UI.
• Updated determination process used for selecting which user email address to use when scheduling a maintenance event for a host failing policies.
• Added license checks for fleet-free targeting queries by label.
• Added APNs expiry banner in the UI for Fleet free users.
• Added error if GitOps/batch attempts to add setup experience software when manual agent install is enabled.
• Added Fleet-maintained app utilization to anonymous usage statistics collected by Fleet.
• Surfaced data constraints using the proper HTTP status code on the /api/v1/fleet/scim/users endpoint.
• Updated macOS device details UI to delay showing FileVault "action required" notifications banner during the first hour after MDM enrollment to allow sufficient time for Fleet to automatically escrow keys from ADE devices.
• Added an early return in the PUT /hosts/{id}/device_mapping endpoint so that setting the same IDP email that is already stored no longer triggers unnecessary database updates, activity log entries, or profile resends.
• Improved cleanup functionality so that when deleting a host record, Fleet will now clean up host issues, such as failing policies and critical vulnerabilities associated with the host.
• Improved the way we verify Windows profiles to no longer rely on osquery for faster verification.
• Improved body parsing validation by using http.MaxBytesReader and wrapping gzip decode output too.
• Improved rate-limiting on conditional access endpoints.
• Finished migrating code from go-kit/log to slog.
• Updated UI for disabling stored report results for clarity.
• Revised which versions Fleet tests MySQL against to 9.5.0 (unchanged), 8.4.8, 8.0.44, and 8.0.39, 8.0.44.
• Deprecated several configuration keys in favor of new names: custom_settings -> configuration_profiles, macos_settings -> apple_settings, macos_setup -> setup_experience and macos_setup_assistant -> apple_setup_assistant.
• Deprecated setup_experience.bootstrap_package in favor of setup_experience.macos_bootstrap_package.
• Deprecated setup_experience.manual_agent_install in favor of setup_experience.macos_manual_agent_install.
• Deprecated setup_experience.enable_release_device_manually in favor of setup_experience.apple_enable_release_device_manually.
• Deprecated setup_experience.script in favor of setup_experience.macos_script.
• Fixed an issue where the MDM section on the integration page did not update correctly when Apple MDM is turned off.
• Fixed an issue where iOS/iPadOS hosts couldn't add app store apps from the host library page.
• Fixed inaccurate error message when clearing identity provider settings while end user authentication is enabled.
• Fixed Microsoft NDES CA not being selectable after deleting an existing NDES CA without a page refresh.
• Fixed an issue where Apple setup experience could get stuck, if the device was in the middle of a SCEP renewal, and then re-enrolled.
• Fixed secure.OpenFile to self-heal incorrect file permissions via chmod instead of returning a fatal error.
• Fixed an issue where personal iOS and iPadOS enrollments could see software in the self-service webclip.
• Fixed table footer rendering unexpectedly in the host targets search dropdown.
• Fixed a security issue where canceling a pending lock or wipe command permanently deleted the original locked_host/wiped_host activity from the audit log. The original activity is now preserved, and the subsequent cancellation activity serves as the follow-up record.
• Fixed dropdown rendering center of a row and from pushing down save button below open dropdown options.
• Fixed end user authentication form to allow saving cleared IdP settings.
• Fixed inconsistent link styling in UI.
• Fixed the error resend button overflowing over the edge of the os settings modal table.
• Fixed CPE matching failing for software names that sanitize to FTS5 reserved keywords (AND, OR, NOT).
• Fixed table shifting left when clicking the copy hash icon in host software inventory.
• Fixed a bug where vulnerability counts increased over time due to orphaned entries remaining in the database after hosts were removed.
• Fixed a bug where software installers could create titles with the wrong platform.
• Fixed a bug where Fleet maintained apps for Windows won't show as available in the list when they actually are.
• Fixed host search in live queries returning no results for observer users when many hosts on inaccessible teams matched the search term before accessible ones.
• Fixed live query host/team targeting to correctly scope observer_can_run to the query's own team, preventing observers from targeting hosts on other observed teams.
• Fixed alignment of tooltip text in the certificate details modal.
• Fixed a bug where a policy that links a software to install fails to apply when that software package uses an environment variable in its yaml definition.
• Fixed error message when deleting a certificate authority (that is referenced by a certificate template) to show a helpful message instead of a raw database error.
• Fixed observer query bypass by restricting live query/report team targeting to only teams where the user has sufficient permissions, including global observers who are now limited to the query's own team when observer_can_run is true.
• Fixed a bug where manage hosts page header button text would wrap and distort at certain widths.
• Fixed an issue where $FLEET_SECRET was being double encoded, if set via GitOps.
• Fixed editing reports on free tier failing due to labels_include_any triggering a premium license check.
• Fixed a bug where certain incorrect resolved-in versions were reported for certain vulnerable versions of Citrix Workspace.
• Fixed DigiCert CA UPN variable substitution so each host receives a certificate containing its own unique values instead of another host's substituted values.
• Fixed alignment and spacing of the "rolling" tooltip next to "Arch Linux" in the host vitals card.
• Fixed select-all header checkbox not selecting rows on partial pages where not all rows are selectable.
• Fixed an issue where it was poss...

fleet-v4.82.2

Bug fixes

• Fixed a metadata extraction bug for .pkg macOS installers (introduced in 4.77). It prevented updating some packages that were added in a previous Fleet version. Before this fix, deleting and re-adding the package as a workaround didn’t work. Now it does.
  • You'll know you ran into this bug if you tried updating a package and you saw this error: "The selected package is for different software".
• Fixed FMA apps not showing up for a fleet when added via GitOps after an automated FMA version update with an unchanged binary.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

c73e7ebc8418ea5407fc4f77fd7818fc9a6ef519939f28bba2d5d0a12ec7937b  fleet_v4.82.2_linux.tar.gz
d836f068c89567434a0b533e79213828dcd15733fdc1d4498a2c629c38691a76  fleetctl_v4.82.2_linux_amd64.tar.gz
fa7d4b53775ed2d0ff15a3966c71fc6c9e9e6fbecdb89915124df11424a0f305  fleetctl_v4.82.2_linux_amd64.zip
00f811ae423103a16ec78fbb7f8b70f7fcd7c9af698a987bf5e724cf6670067b  fleetctl_v4.82.2_linux_arm64.tar.gz
034755490342ac0fd9864e810c8e1ad38ac22d248370c9b80837204634967109  fleetctl_v4.82.2_linux_arm64.zip
a0afd5cb2dab1ac7ed32b2841c2b987630bcc0d8e33cba615b2c7e473a36e3b4  fleetctl_v4.82.2_macos.tar.gz
9608053f4491d5100ca88d8cfb6d11b4cd18d3b6c0e26f0e0a08c2b690b4ef09  fleetctl_v4.82.2_macos.zip
732ce2b3f1d3cd39e904ccd3a8546cf1fd94249fdaa955720236c713d55f87a9  fleetctl_v4.82.2_windows_amd64.tar.gz
f7baa714c0e3ce155a13f8fd55733f98bbbbc8361b39836a0095db6dc2e90f2b  fleetctl_v4.82.2_windows_amd64.zip
100a578c7ed57bf0d82e5b8357ba7a957e54290405ea9a5a04f3555e78e6f806  fleetctl_v4.82.2_windows_arm64.tar.gz
f65494eaf8df124e7082aea4846ccb0139bc73e7fc1d68426253540b2e8097ed  fleetctl_v4.82.2_windows_arm64.zip

fleet-v4.81.3

Bug fixes

• Added configurable body size limits for the /api/osquery/log and /api/osquery/distributed/write endpoints.
• Fixed false positive PayloadTooLargeError errors.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

bce0a2bdd79381abb94dd04f443f241e04b1e933edbeb9f0b0df34a0ef9c24db  fleet_v4.81.3_linux.tar.gz
b0355092e52a3139cb50eae770c2815099eb47599a113222bcf3b6cf2b340aa9  fleetctl_v4.81.3_linux_amd64.tar.gz
103d5ef83efecdcd94088cf636e785e5476f19d312d01ebefe60133a048cf472  fleetctl_v4.81.3_linux_amd64.zip
c0655b309f702cddb4a749dcb50d504a8d59ce3cfc797a80adbad3a5d0eeae4f  fleetctl_v4.81.3_linux_arm64.tar.gz
6a39dda1a423de92bef0c2ab26f0aca455a168b0efd8a4656bce68192d65ef3f  fleetctl_v4.81.3_linux_arm64.zip
0dca8a860b4d8fdf3e63ac230ed6d35535fc0e41273a582965dca12d1105c926  fleetctl_v4.81.3_macos.tar.gz
b0dc4c32758843c00e838c72e0a9c643d118dd0623f59a07a20c7481c3f24885  fleetctl_v4.81.3_macos.zip
ee8bee43398232d4733d62ac9ff31748f81f9359216ab1673ec54bafdd781469  fleetctl_v4.81.3_windows_amd64.tar.gz
26d11698c033ca7fbe304ad440480d80086b081a219a04d8dbfa6224db13ba77  fleetctl_v4.81.3_windows_amd64.zip
5fe7a8394427e61d06819d4c65ed5ae98dea34977560c6db4aff58afd3934d17  fleetctl_v4.81.3_windows_arm64.tar.gz
0178565774d229634db4ab3534a5bcf778495c13392c0afd45c23cf513b7d37f  fleetctl_v4.81.3_windows_arm64.zip

fleet-v4.82.1

Bug fixes

• Fixed a crash on the "My device" page for Fleet Free instances. The page returned a 402 error when the host was assigned to a team because the device endpoint called a premium-only API, and also crashed when accessing undefined policies data.
• Stopped duplicate Fleet-maintained app entries from showing up in setup experience.
• Reduced database contention during the vulnerability cron.
• Added a secondary index on host_software(software_id) to improve query performance.
• Fixed an issue where the "add Fleet-maintained app" endpoint incorrectly added software to the Unassigned fleet.
• Muted deprecation warnings for body params when the "deprecated-field-names" topic is not enabled.
• Fixed custom app icons not getting set via GitOps when the same software title exists in multiple teams.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

e20f5e600b04e5e76b97cc4d72d25857996401e50b30c349c33d814d25e60a17  fleet_v4.82.1_linux.tar.gz
2bf908c90db1b310e0806b614dc3d01620a36cd30771db713374023a3487cbdd  fleetctl_v4.82.1_linux_amd64.tar.gz
98daf26686fc909ca0aa396c9b379a98c4aa381b082141fa4b5a5c9143145bfe  fleetctl_v4.82.1_linux_amd64.zip
6c9701ab0fe725389aa411766ab2012972d9b7a01bb994ffb9ca65b5884c2034  fleetctl_v4.82.1_linux_arm64.tar.gz
04cb955bcccf23334a24dbe36a35d9f8a8a1b84a1948f9217653c5553f601f6f  fleetctl_v4.82.1_linux_arm64.zip
965147846622d1e4c52689fa8ee044c3dfd884b2c523c13f29a0d676b0e8bd46  fleetctl_v4.82.1_macos.tar.gz
50b332c3bfe7aaefd7dedd6537d8c347b314786b6f90494176f807a75977455d  fleetctl_v4.82.1_macos.zip
740ddd324b592b0e48a0ecd25d8da9df9eb889439e9b23c4fbc45e9cf80b972a  fleetctl_v4.82.1_windows_amd64.tar.gz
5913036d550e30bedafc6f309f0a72058b6e45e65b5d247a0b056f3f2ff71c60  fleetctl_v4.82.1_windows_amd64.zip
b348a265022cd1311db5cd4a8a4faf754ce155dee2360e7e86a5caf4bfcfc64b  fleetctl_v4.82.1_windows_arm64.tar.gz
18330c5416c54739beddfb23d49f4cc9daa30de6e226d2cff3407738477db07e  fleetctl_v4.82.1_windows_arm64.zip