hello,
when we get the 10.34.1 patch? our managed jamf pro server is still on 10.34 😞
thanks!
Page 1 / 1
I suspect Jamf Pro is still vulnerable. Version 2.15.0 was used in the 10.31.1 update.
So, if you read Jamf's official statement on their cloud instances and this vulnerability, they specifically mention the issue has been addressed through other controls. Apparently Jamf cloud servers do not allow the type of traffic that would be required to use this exploit, even if a vulnerable version of log4j2 is still installed on them. So 10.34.1 may only be necessary for on prem servers.
I would imagine eventually, like maybe in the next full release, Jamf will roll in an updated version of log4j 2, maybe 2.16, so it's fully patched.
I did reach out to jamf support re: this same question. would be nice to have the warm fuzzy feeling of the version bump on the cloud. I'm sure we could request the update given the situation.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.