Jamf Pro 10.42.1 Now Available

JustinV
Contributor

Today we are releasing a maintenance version of Jamf Pro.

 

Jamf Pro 10.42.1 fixes the following product issues:

 

  • [PI110600] Updated a third-party library to resolve a known vulnerability (CVE-2022-42889).
  • [PI110632] The device inventory record no longer fails to load due to a blank "priority" value in a database column.

 

Review the release notes here.

 

To access new versions of Jamf Pro, log into Jamf Account with your Jamf ID. The latest version is located in the Products section under Jamf Pro.

 

Cloud Upgrade Schedule

 

Your Jamf Pro server, including any free sandbox environments, will be updated to Jamf Pro 10.42.1 based on your hosted data region below. Review this guide if you need assistance identifying the Hosted Data Region of your Jamf Cloud instance.

 

Hosted Region

Begins

Ends

ap-southeast-2

4 November at 1300 UTC

4 November at 2200 UTC

ap-northeast-1

4 November at 1400 UTC

5 November at 0000 UTC

eu-central-1

4 November at 2300 UTC

5 November at 0900 UTC

eu-west-2

5 November at 0000 UTC

5 November at 0700 UTC

us-east-1-sandbox/us-west-2-sandbox

5 November at 0100 UTC

5 November at 1000 UTC

us-east-1

5 November at 0400 UTC

5 November at 1700 UTC

us-west-2

5 November at 0700 UTC

5 November at 2000 UTC

5 REPLIES 5

mike_paul
Contributor III
Contributor III

For additional clarity, as our CISO Aaron Kiemele mentioned in this post specifically about CVE-2022-42889, all of our Jamf products that use the Apache Commons Text library, including Jamf Pro, are not at risk to the vulnerability based on our configurations.  This is still the case. But since we were doing another release to help customers impacted by PI110632 we figured we'd include the updated Apache Commons Text library since it still shows up on many customers own security scanning software.

Thank you 
Mike Paul
Jamf Product Security Engineer

grahamrpugh
Release Candidate Programs Tester

Out of curiosity, is the Apache Commons Text library patch part of the tomcat ROOT.war of the manual installation, or only a part of the bundled Linux/Windows installations?

Hello @grahamrpugh, its part of the tomcat ROOT.war.  

donmontalvo
Esteemed Contributor III

Thanks as always for being ahead of the curve. We opened a ticket yesterday to ask about CVE-2022-42889 and the fix was already in the works. Kudos! 

--
https://donmontalvo.com

saracron
New Contributor

I recently started using Jamf Pro 10.42.1 with MCA Leads and I am extremely impressed. The combination of Jamf Pro has made it incredibly easy to manage Mac devices in our environment. The user interface is intuitive and the integrated tools help to streamline the process of managing our Macs.