Fleet and Elastic Agent 8.5.1

edit

Review important information about the Fleet and Elastic Agent 8.5.1 release.

Known issues

edit
Installation of Elastic Agent on MacOS Ventura may fail if Full Disk Access has not been granted to the installer

Details
This issue occurs on MacOS Ventura when Full Disk Access is not granted to the application that runs the installation command. This could be either a Terminal or any custom package that a user has built to distribute Elastic Agent.

Impact
Elastic Agent will fail to install and produce "Error: failed to fix permissions: chown elastic-agent.app: operation not permitted" message. Ensure that the application used to install Elastic Agent (for example, the Terminal or custom package) has Full Disk Access before running sudo ./elastic-agent install.

Unable to add Fleet Server integration on Windows

Details

We discovered a high severity issue in version 8.5.1 that only affects Windows users in self-managed environments. When you attempt to add a Fleet Server, Kibana is unable to add the Fleet Server integration, and the Fleet Server polices are created without the necessary integration. For more information, see issue #144880.

Impact

This issue will be resolved in version 8.5.2. We advise Windows users not to upgrade to version 8.5.1.

Offline Elastic Agents fail to unenroll after timeout has expired

Details

A known issue in Fleet Server 8.5.1 prevents offline agents from being automatically unenrolled after the unenrollment timeout expires.

Impact

Offline agents will be displayed in the Fleet Agents list until you explicitly force unenroll them. You can do this through the Fleet UI or by using the API.

To use the API:

  1. Find agent’s ID. Go to Fleet > Agents and click the agent to see its details. Copy the Agent ID.
  2. In a terminal window, run:

    curl -u <username>:<password> --request POST \
      --url <kibana_url>/api/fleet/agents/<agentID>/unenroll \
      --header 'content-type: application/json' \
      --header 'kbn-xsrf: xx' \
      --data-raw '{"force":true,"revoke":true}' \
      --compressed

    Where <agentID> is the ID you copied in the previous step.

Enhancements

edit
Elastic Agent
  • Improve shutdown logs #1618

Bug fixes

edit
Fleet
  • Make asset tags space aware #144066
Fleet Server
  • No bug fixes for this release
Elastic Agent
  • Fix: Windows Agent left unhealthy after removing Endpoint integration #1286
  • Fix how multiple Fleet Server hosts are handled #1329
  • Beats will now attempt to recover if a lock file has not been removed #33169