Fleet device management

vfleet-v4.85.1 scope: fleet Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 12d Configuration Management

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

binary-authorization configuration-management device-management gitops ios linux

+11 more

macos mdm orchestration osquery patching powershell scripting security software-management telemetry vulnerability-management

ReleasePort's take

Light signal

editorial:auto 11d

The release fixes `fleetctl gitops` to correctly accept Android or Windows configuration profiles when editing existing teams with configured MDM platforms, and resolves SCEP certificate issuance failures caused by HTTP Basic auth gateways like Okta.

Why it matters: Addresses two operational blockers—team profile rejections and SCEP cert issuance errors—enabling reliable fleet management workflows without additional workarounds.

Summary

AI summary

Updates Bug fixes, https://fleetdm.com/docs/deploying/upgrading-fleet, and https://fleetdm.com/docs across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Performance	Medium	Implements roaring bitmaps in historical data collection for improved performance. Implements roaring bitmaps in historical data collection for improved performance. Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	Fixes `fleetctl gitops` rejecting Android or Windows configuration profiles when editing an existing team despite MDM platform being configured. Fixes `fleetctl gitops` rejecting Android or Windows configuration profiles when editing an existing team despite MDM platform being configured. Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	Fixes dynamic SCEP certificate issuance failing with "Invalid NDES admin credentials" when NDES Admin URL is fronted by Okta or another HTTP Basic auth gateway. Fixes dynamic SCEP certificate issuance failing with "Invalid NDES admin credentials" when NDES Admin URL is fronted by Okta or another HTTP Basic auth gateway. Source: llm_adapter@2026-05-22 Confidence: high	—
Refactor	Medium	Removes unneeded call to get tracked CVEs when reading CVE chart data. Removes unneeded call to get tracked CVEs when reading CVE chart data. Source: llm_adapter@2026-05-22 Confidence: low	—

Full changelog

Bug fixes

Fixed fleetctl gitops rejecting Android or Windows configuration profiles when editing an existing team, even when the corresponding MDM platform was configured.
Implement roaring bitmaps in historical data collection for improved performance.
Fixed dynamic SCEP certificate issuance failing with an "Invalid NDES admin credentials" error when the NDES Admin URL is fronted by Okta or another gateway that uses HTTP Basic auth instead of NTLM.
Remove unneeded call to get tracked CVEs when reading CVE chart data

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for Fleet is available at fleetdm.com/docs.

Binary Checksum

SHA256

1aa5bbaf65833a60040fe28aa1d8b88535a025947185842c6dc6d128052f6132  fleet_v4.85.1_linux.tar.gz
1ca2b8543d5e2cb738536db75f92192c63b8bd650022b0f9ffe5b01fff3c791d  fleetctl_v4.85.1_linux_amd64.tar.gz
04d9f24669ceabad7467c40c2ca631e076a700def73291dd621c22a2dd1dad26  fleetctl_v4.85.1_linux_amd64.zip
5bd235b4840ab2fde87456267843c2ff4f29cae3fb4d431e1d0b87287d15b568  fleetctl_v4.85.1_linux_arm64.tar.gz
118dcc5a485bf1bb337496ab5bb75c6b437b8ecb9858b5ff29d405172a5cc8bd  fleetctl_v4.85.1_linux_arm64.zip
43667769f2d59e45c78d7558e05cd9350f4606681642e8238eaeea6247b7c337  fleetctl_v4.85.1_macos.tar.gz
def4fa7b8d40d6525822ef2a4e810ba8fd9b1525f6ffafa384110f4547df3fc9  fleetctl_v4.85.1_macos.zip
e7567a7e1d61cbe1a6dadc19d0c7ba6e4801dc51b9c91e58f4d303a4fe86cfdb  fleetctl_v4.85.1_windows_amd64.tar.gz
18d8861a7a0242fe2eb032b4d262c4a02411609463f0314adb7e915ccf437e03  fleetctl_v4.85.1_windows_amd64.zip
7e0ae875f2e0a86fb8cd5b746b885f10b1f6c176b404776be79a1480b21a510f  fleetctl_v4.85.1_windows_arm64.tar.gz
7c5604be0976801b00bb6bdb7199a02e10bf88bfcf3feab58011a891caf4d382  fleetctl_v4.85.1_windows_arm64.zip

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Fleet device management

Get notified when new releases ship.

About Fleet device management

Open device management

All releases →

Related context

Related tools

Earlier breaking changes

vfleet-v4.86.0 Required `--host` flag for `fleetctl get mdm-commands`; deprecated `GET /api/v1/fleet/commands` without a `host_identifier`.
vfleet-v4.85.0 Enforced fleet name uniqueness across UI, API, and GitOps paths, returning 409 on conflicts