New version: Fleet.fleetctl version 4.85.0

manifests/f/Fleet/fleetctl/4.85.0/Fleet.fleetctl.installer.yaml

@@ -0,0 +1,25 @@
+# Created with YamlCreate.ps1 Dumplings Mod
+# yaml-language-server: $schema=https://aka.ms/winget-manifest.installer.1.12.0.schema.json
+
+PackageIdentifier: Fleet.fleetctl
+PackageVersion: 4.85.0
+InstallerType: zip
+NestedInstallerType: portable
+Commands:
+- fleetctl
+ReleaseDate: 2026-05-14
+Installers:
+- Architecture: x64
+  NestedInstallerFiles:
+  - RelativeFilePath: fleetctl_v4.85.0_windows_amd64\fleetctl.exe
+    PortableCommandAlias: fleetctl
+  InstallerUrl: https://github.com/fleetdm/fleet/releases/download/fleet-v4.85.0/fleetctl_v4.85.0_windows_amd64.zip
+  InstallerSha256: 2229F249A7BFE0C574EA16727F2DFD8093E674D33CDB9960C28FBC17DF705019
+- Architecture: arm64
+  NestedInstallerFiles:
+  - RelativeFilePath: fleetctl_v4.85.0_windows_arm64\fleetctl.exe
+    PortableCommandAlias: fleetctl
+  InstallerUrl: https://github.com/fleetdm/fleet/releases/download/fleet-v4.85.0/fleetctl_v4.85.0_windows_arm64.zip
+  InstallerSha256: FD23AF063CC59C50F125ADE79D531952207595488F4C179C8EFD1D5242C08411
+ManifestType: installer
+ManifestVersion: 1.12.0

manifests/f/Fleet/fleetctl/4.85.0/Fleet.fleetctl.locale.en-US.yaml

@@ -0,0 +1,117 @@
+# Created with YamlCreate.ps1 Dumplings Mod
+# yaml-language-server: $schema=https://aka.ms/winget-manifest.defaultLocale.1.12.0.schema.json
+
+PackageIdentifier: Fleet.fleetctl
+PackageVersion: 4.85.0
+PackageLocale: en-US
+Publisher: Fleet Device Management Inc.
+PublisherUrl: https://fleetdm.com/
+PublisherSupportUrl: https://github.com/fleetdm/fleet/issues
+PrivacyUrl: https://fleetdm.com/legal/privacy
+Author: Fleet Device Management Inc.
+PackageName: fleetctl
+PackageUrl: https://github.com/fleetdm/fleet
+License: MIT
+LicenseUrl: https://github.com/fleetdm/fleet/blob/HEAD/LICENSE
+Copyright: Copyright (c) 2026-present Fleet Device Management Inc
+ShortDescription: A command line interface (CLI) tool for managing Fleet from the command line.
+Description: |-
+  fleetctl (pronounced "Fleet control") is a command line interface (CLI) tool for managing Fleet from the command line. fleetctl enables a GitOps workflow with Fleet.
+  fleetctl also provides a quick way to work with all the data exposed by Fleet without having to use the Fleet UI or work directly with the Fleet API.
+Tags:
+- fleet
+ReleaseNotes: |-
+  IT Admins
+  - Added a dark theme to the Fleet UI, selectable in account settings with light, dark, and system options.
+  - Implemented Clear Passcode feature for iOS and iPadOS.
+  - Added support for Fleet variables in Apple's declaration profiles (DDM).
+  - Added support for passing end-user authentication context to the Fleet MSI installer during Windows MDM enrollment, so end users are not prompted to authenticate twice when EUA is enabled.
+  - Switched to Docker as the default WiX runtime on macOS (including Apple Silicon) when generating .msi packages via fleetctl package. Wine is no longer required on macOS for the default path.
+  - Updated macOS 15 CIS benchmark to include v2.0.0 changes.
+  - Updated the macOS 14 (Sonoma) CIS policy set to benchmark v3.0.0.
+  - Switched Fleet-maintained apps serving location from GitHub to https://maintained-apps.fleetdm.com/manifests. If this site is inaccessible, Fleet will fall back to the previous GitHub-hosted copies of manifest files.
+  - Added conditional HTTP downloads using ETag headers for software in GitOps, skipping re-download when content hasn't changed.
+  - Added always_download option for software in GitOps to bypass the new conditional download feature.
+  - Added automatic escaping of JSON special characters in GitOps variables used in .json configuration profiles (Apple DDM declarations and Android profiles).
+  - Updated fleetctl gitops to process Android certificates before Android profiles.
+  - Made fleet name uniqueness rules consistent across the UI, API, and GitOps paths. Fleet names must now differ by more than letter case, and conflicts return a 409 error on all code paths.
+  - Enabled renewing and deleting AB tokens in the UI in GitOps mode.
+  - Changed the team's script_execution_timeout in agent options to default to the global agent options value when unset.
+  - Added ability to save policies whose SQL is flagged as a syntax error.
+  - Withheld Android Wi-Fi configuration profiles (openNetworkConfiguration with ClientCertKeyPairAlias) until the referenced certificate is installed or terminally failed on the device.
+  - Updated the host OS settings detail column to show the reason when an Android profile is pending due to a certificate dependency.
+  - Added "Hosts online", "Vulnerability exposure", and "Hosts enrolled" charts to the dashboard.
+  - Added an admin setting to control retention of vulnerability-exposure data used by the dashboard chart.
+  - Added new policy details page with a read-only view of policy information.
+  - Updated edit policy page to redirect users with read-only access to the policy details page.
+  - Added dedicated /policies/:id/live route for running policies.
+  Security Engineers
+  - Added UI pages for creating and editing API-only users with support for fleet assignment, role selection, and API endpoint access control.
+  - Added new middleware (APIOnlyEndpointCheck) that enforces a 403 response for API-only users whose request either isn't in the API endpoint catalog or falls outside their configured per-user endpoint restrictions.
+  - Added POST /users/api_only endpoint for creating API-only users.
+  - Added PATCH /users/api_only/{id} endpoint for updating existing API-only users.
+  - Updated fleetctl user create --api-only to remove email and password field requirements.
+  - Added a new premium GET /api/_version_/fleet/rest_api endpoint that returns the contents of the embedded api_endpoints.yml artifact.
+  - Updated GET /users/{id} response to include the new api_endpoints field for API-only users.
+  - Added user_api_endpoints table to track per-user API endpoint permissions.
+  Bug fixes and improvements
+  - Updated Go to 1.26.3.
+  - Improved MySQL writer performance by skipping no-op UPDATE host_orbit_info and UPDATE host_disks writes when the stored values already match the incoming ingest values from osquery, cutting these writes to near zero at steady state.
+  - Improved Fleet-maintained apps (FMA) sync performance by adding an index on software.bundle_identifier that eliminates a full table scan during the hourly sync, reducing writer CPU load on large deployments.
+  - Improved the performance of deleting Windows MDM configuration profiles at scale by collapsing the per-profile update loop into a single batched statement that spans multiple profiles per chunk.
+  - Updated copy, show, and other action buttons app-wide for a more consistent style.
+  - Improved button and link styling.
+  - Improved the OS settings modal layout.
+  - Improved host policy empty state.
+  - Updated the enrollment page enroll button to render at full screen width for larger-resolution mobile devices.
+  - Updated the error message returned when an invalid domain is supplied for MDM Apple CSR signing.
+  - Updated EULA PDF upload size check to use the default max request body size.
+  - Added activity when a Windows MDM wipe command fails.
+  - Improved documentation for MySQL read replica configuration, clarifying that all settings (including region for IAM authentication) must be explicitly set for the read replica.
+  - Upgraded to TypeScript 6.0 for the app frontend.
+  - Moved some core UI form components to TypeScript for better predictability and reliability.
+  - Removed the unused windows_updates MySQL table and ingestion code.
+  - Implemented the chart bounded context and schema to support charting capabilities in Fleet.
+  - Added gitOpsModeEnabled and gitOpsModeExceptions to the anonymous statistics payload.
+  - Added startup validation that panics if any route declared in service/api_endpoints.yml is not registered in the router.
+  - Stopped turning on Prometheus serving by default with a hard-coded username and password when the server is started with --dev.
+  - Fixed a Windows BitLocker encrypt/decrypt loop on machines with secondary drives using auto-unlock. Fleet now detects disk encryption using conversion_status (not just protection_status), preventing the server from repeatedly requesting encryption when the disk is already encrypted. Added bitlocker_protection_status tracking so the UI shows "Action required" when BitLocker protection is off instead of misleadingly showing "Verified."
+  - Fixed a race condition where a host could silently revert to its previous team after an admin team transfer.
+  - Fixed an issue where trying to wipe a device after its certificate was renewed could fail due to a missing bootstrap token. Note: The device might still have wiped.
+  - Fixed a server panic (502) when an Android pubsub status report arrived for a host that had been deleted from Fleet.
+  - Fixed a server panic when an Apple MDM DeviceInformation refetch response omitted DeviceName or other expected fields.
+  - Fixed an issue where Fleet would send an AccountConfiguration command to iOS and iPadOS devices when end user authentication was enabled; AccountConfiguration is macOS-only.
+  - Fixed a bug where pending MDM profile rows persisted in the database after Apple or Windows MDM was turned off, causing stale profiles to reappear when MDM was re-enabled. Also fixed cleanup of pending Windows profile rows when a device unenrolls from MDM.
+  - Fixed a bug where custom package installers were not removed when adding an FMA for the same title via GitOps, which caused setup experience to install duplicate software.
+  - Fixed a bug where renaming a patch policy in a GitOps file caused it to be deleted initially.
+  - Fixed a bug where host environment variables in script-only packages would cause GitOps to fail.
+  - Fixed an issue where the DDM reconciler would not self-heal for stuck remove/pending profiles due to resend with update.
+  - Fixed an issue where a host DDM cleanup function was not executed for stale remove/pending profiles that weren't reported by the device.
+  - Fixed an issue where batch processing many DDM profile changes would result in stuck remove/pending profiles.
+  - Fixed an issue where sending a differently cased display name for a DDM profile via the batch endpoint would result in recreating the DDM profile and triggering a resend.
+  - Fixed an issue where Fleet would not remove the host OS setting entry if a RemoveProfile command failed with error code 89 (profile not found on device).
+  - Fixed an issue where adding a custom icon for a script-only package was not allowed in GitOps.
+  - Fixed an issue where duplicate Disk Encryption activity types showed up.
+  - Fixed the host details activity feed showing the previously opened host's activities by including the host ID in the activity query cache keys.
+  - Fixed navigation to the settings page for multi-team admin users.
+  - Fixed software table page number to be bookmarkable.
+  - Fixed an infinite page loop pagination bug on the software table page that occurred when viewing a subsequent page and then using the software filter dropdown.
+  - Fixed styling bugs in GitOps mode UI.
+  - Fixed padding between GitOps exceptions checkboxes.
+  - Fixed a nil pointer dereference in the contributor API spec/policies.
+  Fleet-maintained app updates and vulnerability fixes are applied, whether or not you upgrade.
+  Fleet's agent
+  The following version of Fleet's agent (fleetd) support the latest changes to Fleet:
+  1. orbit-v1.55.0
+  2. fleet-desktop-v1.55.0 (included with Orbit)
+  3. osquery-5.23.0 (included with Orbit)
+  4. fleetd-chrome-v1.3.5
+  5. fleetd-android-v1.0.2
+  While newer versions of fleetd still function with older versions of Fleet, old versions of fleetd and osquery may not function with new versions of Fleet. We do not actively test these scenarios, and we recommend deploying a minimum of the agent versions above before upgrading to this version of Fleet.
+ReleaseNotesUrl: https://github.com/fleetdm/fleet/releases/tag/fleet-v4.85.0
+PurchaseUrl: https://fleetdm.com/pricing
+Documentations:
+- DocumentLabel: Docs
+  DocumentUrl: https://fleetdm.com/docs
+ManifestType: defaultLocale
+ManifestVersion: 1.12.0

manifests/f/Fleet/fleetctl/4.85.0/Fleet.fleetctl.locale.zh-CN.yaml

@@ -0,0 +1,16 @@
+# Created with YamlCreate.ps1 Dumplings Mod
+# yaml-language-server: $schema=https://aka.ms/winget-manifest.locale.1.12.0.schema.json
+
+PackageIdentifier: Fleet.fleetctl
+PackageVersion: 4.85.0
+PackageLocale: zh-CN
+ShortDescription: 从命令行管理 Fleet 的命令行界面（CLI）工具。
+Description: |-
+  fleetctl（读作“Fleet control”）是一种命令行界面（CLI）工具，用于通过命令行管理 Fleet。
+  fleetctl 还提供了一种快速方法来处理 Fleet 公开的所有数据，而无需使用 Fleet UI 或直接使用 Fleet API。
+ReleaseNotesUrl: https://github.com/fleetdm/fleet/releases/tag/fleet-v4.85.0
+Documentations:
+- DocumentLabel: 文档
+  DocumentUrl: https://fleetdm.com/docs
+ManifestType: locale
+ManifestVersion: 1.12.0

manifests/f/Fleet/fleetctl/4.85.0/Fleet.fleetctl.yaml

@@ -0,0 +1,8 @@
+# Created with YamlCreate.ps1 Dumplings Mod
+# yaml-language-server: $schema=https://aka.ms/winget-manifest.version.1.12.0.schema.json
+
+PackageIdentifier: Fleet.fleetctl
+PackageVersion: 4.85.0
+DefaultLocale: en-US
+ManifestType: version
+ManifestVersion: 1.12.0