Posted on 07-27-2018 02:26 AM
Just had my security guys pick me up about the Tomcat released with 10.6 thats currnetly on our pre box. dont like the idea of updating tomcat outside Jamf so reached out to our account manager to see if at least Jamf is aware.
http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700@minotaur.apache.org%3E
Posted on 07-27-2018 03:26 AM
And what did Jamf say?
Posted on 07-27-2018 10:19 AM
Posting so i get notified of new posts too ;)
Posted on 07-27-2018 11:03 AM
have a feeling we may see a Jamf Pro 10.6.1 with updated tomcat
Posted on 07-27-2018 12:12 PM
following....
Posted on 07-30-2018 01:07 PM
Following...
Posted on 07-31-2018 12:21 PM
Joining the conga line
Posted on 07-31-2018 01:00 PM
Oof I have the upgrade scheduled for this weekend. I reached out to Jamf for comment.
Posted on 07-31-2018 07:07 PM
Following...
Posted on 07-31-2018 07:42 PM
Interested
Posted on 08-01-2018 06:25 AM
Jamf suggested using the root.war manual upgrade path to me. This would be upgrading without upgrading Tomcat itself.
EDIT - Spoke with Jamf again and they don't want us changing our upgrade method from the Windows .msi based one. To be continued another weekend.
Posted on 08-07-2018 12:33 PM
So is Apache Tomcat 8.5.31 not updatable without breaking JAMF? Because 8.5.32 is current including REQUIRED patching from 8.5.31.
Posted on 08-07-2018 01:07 PM
@ryan.yohnk I don't know if you're the right person to tag on this, but you had responded to my discussion on Java support moving forward.
I was wondering whether you or someone else on Jamf could comment on the current situation with the Tomcat CVEs being discussed here.
Posted on 08-07-2018 01:14 PM
We are in a hold pattern on Jamf upgrades until the CVE(s) are closed out. Interested to know where we are in closing these out.
Posted on 08-07-2018 02:27 PM
Jamf is planning a release associated with this vulnerability based on the severity. I cannot share a timeline yet on when, but it is in process.
Posted on 08-27-2018 12:31 PM
Pro Tip: Instead of posting a one-word comment to the thread to be informed of future updates, 'Add Bookmark'.
:)
Posted on 08-27-2018 12:35 PM
But i like adding to my count of new notifications.
Posted on 08-27-2018 12:54 PM
P.S. We released 10.6.2 on August 21 to address this CVE. You can find 10.6.2 in Jamf Nation in your assets. What's New in 10.6.2