Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

*Security advisory*

Fleet 4.9.1 has just been released fixing an SSO vulnerability reported to us. This vulnerability is not easy to exploit, but we still recommend upgrading for anyone using SSO.

The 4.9.1 release is <https://github.com/fleetdm/fleet/releases/tag/fleet-v4.9.1|available>, along with <https://github.com/fleetdm/fleet/security/advisories/GHSA-ch68-7cf4-35vr|further details on the vulnerability>. Consider temporarily enabling a non-SSO admin user before upgrading in case changes to validation will require updating SSO configurations.

<!here>

Updated, my SSO with AzureAD still working :D

As long as the Entity ID matches (<https://fleetdm.com/docs/deploying/configuration#identity-provider-idp-configuration|as documented><https://fleetdm.com/docs/deploying/configuration#identity-provider-idp-configuration))|)>, folks should be good.

<@U0JFM04MS> hi, I noticed this release isn’t on the main CHANGELOG will it be added there eventually? <https://github.com/fleetdm/fleet/blob/main/CHANGELOG.md>

<@U015TANF4HX> yes, thank you. We cut patch releases from branches separate from `main` and then need to commit the changelog back to `main`. I'll PR that now.

Here it is on the patch branch: <https://github.com/fleetdm/fleet/blob/release-candidate-4.9.1/CHANGELOG.md>

ah right, ok that’s great :slightly_smiling_face:

Thanks for the reminder though! PR up now: <https://github.com/fleetdm/fleet/pull/4005/files>