hello,
when we get the 10.34.1 patch? our managed jamf pro server is still on 10.34 😞
thanks!
Solved
log4j - jamf pro server still on 10.34
+11Best answer by mm2270
So, if you read Jamf's official statement on their cloud instances and this vulnerability, they specifically mention the issue has been addressed through other controls. Apparently Jamf cloud servers do not allow the type of traffic that would be required to use this exploit, even if a vulnerable version of log4j2 is still installed on them. So 10.34.1 may only be necessary for on prem servers.
I would imagine eventually, like maybe in the next full release, Jamf will roll in an updated version of log4j 2, maybe 2.16, so it's fully patched.
+24So, if you read Jamf's official statement on their cloud instances and this vulnerability, they specifically mention the issue has been addressed through other controls. Apparently Jamf cloud servers do not allow the type of traffic that would be required to use this exploit, even if a vulnerable version of log4j2 is still installed on them. So 10.34.1 may only be necessary for on prem servers.
I would imagine eventually, like maybe in the next full release, Jamf will roll in an updated version of log4j 2, maybe 2.16, so it's fully patched.
+23I did reach out to jamf support re: this same question. would be nice to have the warm fuzzy feeling of the version bump on the cloud. I'm sure we could request the update given the situation.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.