Merge branch 'main' into docs-v4.59.0

CODEOWNERS

@@ -41,7 +41,7 @@ go.mod @fleetdm/go
 /cmd/ @fleetdm/go
 /server/ @fleetdm/go
 /ee/server/ @fleetdm/go
-/orbit/ @lucasmrod @roperzh @lukeheath @georgekarrv @sharon-fdm
+/orbit/ @fleetdm/go
 
 ##############################################################################################
 # 🚀 React files and other files related to the core product frontend.

articles/automatic-software-install-in-fleet.md

@@ -76,5 +76,4 @@ By automating software deployment, you can gain greater control over what's inst
 <meta name="authorGitHubUsername" value="sharon-fdm">
 <meta name="category" value="guides">
 <meta name="publishedOn" value="2024-09-23">
-<meta name="articleImageUrl" value="../website/assets/images/articles/[email protected]">
 <meta name="description" value="A guide to workflows using automatic software installation in Fleet.">

articles/fleetctl.md

@@ -10,15 +10,19 @@ fleetctl also provides a quick way to work with all the data exposed by Fleet wi
 
 ## Installing fleetctl
 
-Install fleetctl with npm or download the binary from [GitHub](https://github.com/fleetdm/fleet/releases).
+Download and install [Node.js](https://nodejs.org/en).
+
+Install fleetctl with npm (included in Node.js).
 
 ```sh
-npm install -g fleetctl
+sudo npm install -g fleetctl
 ```
 
+To install fleetctl on Windows or Linux, download the fleectl binary here on [GitHub](https://github.com/fleetdm/fleet/releases).
+
 ### Upgrading fleetctl
 
-The easiest way to update fleetctl is by running the installation command again.
+The easiest way to update fleetctl is by rerunning the installation command.
 
 ```sh
 npm install -g fleetctl@latest
@@ -30,7 +34,7 @@ npm install -g fleetctl@latest
 ### Available commands
 
 
-Much of the functionality available in the Fleet UI is also available in `fleetctl`. You can run queries, add and remove users, generate Fleet's agent (fleetd) to add new hosts, get information about existing hosts, and more!
+Much of the functionality available in the Fleet UI is also available in fleetctl. You can run queries, add and remove users, generate Fleet's agent (fleetd) to add new hosts, get information about existing hosts, and more!
 
 > Note: Unless a logging infrastructure is configured on your Fleet server, osquery-related logs will be stored locally on each device. Read more [here](https://fleetdm.com/guides/log-destinations)
 
@@ -74,7 +78,7 @@ This section walks you through authentication, assuming you already have a runni
 
 ### Login
 
-To log in to your Fleet instance, run following commands:
+To log in to your Fleet instance, run the following commands:
 
 1. Set the Fleet instance address
 
@@ -93,11 +97,11 @@ Password:
 [+] Fleet login successful and context configured!
 ```
 
-Once your local context is configured, you can use `fleetctl` normally.
+Once your local context is configured, you can use fleetctl normally.
 
 ### Log in with SAML (SSO) authentication
 
-Users that authenticate to Fleet via SSO should retrieve their API token from the UI and set it manually in their `fleetctl` configuration (instead of logging in via `fleetctl login`).
+Users that authenticate to Fleet via SSO should retrieve their API token from the UI and manually set it in their fleetctl configuration (instead of logging in via `fleetctl login`).
 
 **Fleet UI:**
 1. Go to the **My account** page (https://fleet.example.com/profile)
@@ -116,13 +120,13 @@ The token can also be set with `fleetctl config set --token`, but this may leak
 
 ## Using fleetctl with an API-only user
 
-When running automated workflows using the Fleet API, we recommend an API-only user's API key rather than the API key of a regular user. A regular user's API key expires frequently for security purposes, requiring routine updates. Meanwhile, an API-only user's key does not expire.   
+When running automated workflows using the Fleet API, we recommend using an API-only user's API key rather than a regular user's API key. A regular user's API key expires frequently for security purposes, requiring routine updates. Meanwhile, an API-only user's key does not expire.   
 
 An API-only user does not have access to the Fleet UI. Instead, it's only purpose is to interact with the API programmatically or from fleetctl.
 
 ### Create API-only user
 
-Before creating the API-only user, log in to `fleetctl` as an admin.  See [authentication](https://#authentication) above for details.
+Before creating the API-only user, log in to fleetctl as an admin.  See [authentication](https://#authentication) above for details.
 
 To create your new API-only user, use `fleetctl user create`:
 
@@ -154,12 +158,12 @@ fleetctl user create --name "API User" --email [email protected] --password temp@p
 
 #### Changing permissions
 
-To change roles of a current user, log into the Fleet UI as an admin and navigate to **Settings > Users**.
-> Suggestion: To disable/enable a user's access to the UI (converting a regular user to an API-only user or vice versa), create a new user.
+To change the role of a current user, log into the Fleet UI as an admin and navigate to Settings > Users.
+> Suggestion: Create a new user to disable/enable a user's access to the UI (converting a regular user to an API-only user or vice versa).
 
 ### Switching users
 
-To use `fleetctl` with your regular user account but occasionally use your API-only user for specific cases, you can set up your `fleetctl` config with a new `context` to hold the credentials of your API-only user:
+To use fleetctl with your regular user account but occasionally use your API-only user for specific cases, you can set up your fleetctl config with a new `context` to hold the credentials of your API-only user:
 
 ```sh
 fleetctl config set --address https://dogfood.fleetdm.com --context api
@@ -181,7 +185,7 @@ Running a command with no context will use the default profile.
 
 ## Debugging Fleet
 
-`fleetctl` provides debugging capabilities about the running Fleet server via the `debug` command. To see a complete list of all the options run:
+fleetctl provides debugging capabilities about the running Fleet server via the `debug` command. To see a complete list of all the options, run:
 
 ```sh
 fleetctl debug --help
@@ -204,4 +208,4 @@ This will generate a `tar.gz` file with:
 <meta name="authorFullName" value="Noah Talerman">
 <meta name="publishedOn" value="2024-07-04">
 <meta name="articleTitle" value="fleetctl">
-<meta name="description" value="Read about fleetctl, a CLI tool for managing Fleet and osquery configurations, running queries, generating Fleet's agent (fleetd) and more.">
+<meta name="description" value="Read about fleetctl, a CLI tool for managing Fleet and osquery configurations, running queries, generating Fleet's agent (fleetd), and more.">

changes/21594-host-software-filter-bug

@@ -0,0 +1 @@
+- Fleet UI: Fix host software filter bug that resets dropdown filter on table changes (pagination, order by column, etc)

docs/REST API/rest-api.md

@@ -8696,6 +8696,7 @@ Get a list of all software.
 | vulnerable              | boolean | query | If true or 1, only list software that has detected vulnerabilities. Default is `false`.                                                                                    |
 | available_for_install   | boolean | query | If `true` or `1`, only list software that is available for install (added by the user). Default is `false`.                                                                |
 | self_service            | boolean | query | If `true` or `1`, only lists self-service software. Default is `false`.  |
+| packages_only           | boolean | query | If `true` or `1`, only lists packages available for install (without App Store apps).  |
 | min_cvss_score | integer | query | _Available in Fleet Premium_. Filters to include only software with vulnerabilities that have a CVSS version 3.x base score higher than the specified value.   |
 | max_cvss_score | integer | query | _Available in Fleet Premium_. Filters to only include software with vulnerabilities that have a CVSS version 3.x base score lower than what's specified.   |
 | exploit | boolean | query | _Available in Fleet Premium_. If `true`, filters to only include software with vulnerabilities that have been actively exploited in the wild (`cisa_known_exploit: true`). Default is `false`.  |

frontend/pages/hosts/components/DeleteHostModal/DeleteHostModal.tsx

@@ -69,17 +69,6 @@ const DeleteHostModal = ({
         <p>
           This will remove the record of <b>{hostText()}</b>.{largeVolumeText()}
         </p>
-        <p>
-          The {pluralizeHost()} will re-appear unless fleet&apos;s agent is
-          uninstalled.
-        </p>
-        <p>
-          <CustomLink
-            url={"https://fleetdm.com/learn-more-about/uninstall-fleetd"}
-            text="Uninstall Fleet's agent"
-            newTab
-          />
-        </p>
         <div className="modal-cta-wrap">
           <Button
             type="button"

frontend/pages/hosts/details/cards/Software/HostSoftwareTable/HostSoftwareTable.tsx

@@ -118,6 +118,7 @@ const HostSoftwareTable = ({
       />
     );
   }, [handleFilterDropdownChange, hostSoftwareFilter]);
+
   const determineQueryParamChange = useCallback(
     (newTableQuery: ITableQueryData) => {
       const changedEntry = Object.entries(newTableQuery).find(([key, val]) => {
@@ -148,9 +149,15 @@ const HostSoftwareTable = ({
         page: changedParam === "pageIndex" ? newTableQuery.pageIndex : 0,
       };
 
+      if (hostSoftwareFilter === "vulnerableSoftware") {
+        newQueryParam.vulnerable = "true";
+      } else if (hostSoftwareFilter === "installableSoftware") {
+        newQueryParam.available_for_install = "true";
+      }
+
       return newQueryParam;
     },
-    []
+    [hostSoftwareFilter]
   );
 
   // TODO: Look into useDebounceCallback with dependencies

frontend/pages/policies/constants.ts

@@ -205,7 +205,7 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
   },
   {
     key: 16,
-    query: "SELECT 1 FROM os_version WHERE version >= '12.5.1';",
+    query: "SELECT 1 FROM os_version WHERE version >= '14.6.1' OR version >= '15.0';",
     name: "Operating system up to date (macOS)",
     description: "Using an outdated macOS version risks exposure to security vulnerabilities and potential system instability.",
     resolution:

website/api/controllers/webhooks/receive-from-github.js

@@ -91,6 +91,7 @@ module.exports = {
       'rebeccaui',
       'allenhouchins',
       'harrisonravazzolo',
+      'KendraAtFleet',
     ];
 
     let GREEN_LABEL_COLOR = 'C2E0C6';// « Used in multiple places below.  (FUTURE: Use the "+" prefix for this instead of color.  2022-05-05)

website/config/routes.js

@@ -570,12 +570,14 @@ module.exports.routes = {
   'GET /learn-more-about/apple-business-manager-teams-api': 'https://github.com/fleetdm/fleet/blob/main/docs/Contributing/API-for-contributors.md#update-abm-tokens-teams',
   'GET /learn-more-about/apple-business-manager-gitops': '/docs/using-fleet/gitops#apple-business-manager',
   'GET /learn-more-about/s3-bootstrap-package': '/docs/configuration/fleet-server-configuration#s-3-software-installers-bucket',
+  'GET /learn-more-about/available-os-update-versions': '/guides/enforce-os-updates#available-macos-ios-and-ipados-versions',
   'GET /learn-more-about/policy-automation-install-software': '/guides/automatic-software-install-in-fleet',
   'GET /learn-more-about/exe-install-scripts': '/guides/exe-install-scripts',
   'GET /learn-more-about/install-scripts': '/guides/deploy-software-packages#install-script',
   'GET /learn-more-about/uninstall-scripts': '/guides/deploy-software-packages#uninstall-script',
   'GET /learn-more-about/read-package-version': '/guides/deploy-software-packages##add-a-software-package-to-a-team',
 
+
   // Sitemap
   // =============================================================================================================
   // This is for search engines, not humans.  Search engines know to visit fleetdm.com/sitemap.xml to download this