Jamf Pro 10.43 Now Available

JustinV
Contributor
Contributor
 
Update 31 January 2023: Today we released 10.43.1. Full details, including the Cloud Upgrade schedule, are posted here.
 
Today we are releasing Jamf Pro 10.43. Highlights of this release include:
 
Conditional Access Registration Improvements
The process for registering computers with Microsoft Intune has been improved in the following
ways:
 
• The process name of the agent on client computers with Conditional Access has been renamed
from "JamfAAD" to "Jamf Conditional Access". This change helps promote familiarity and confidence
for end users when their computers prompt them to sign in with their Microsoft Azure account
credentials.
• When configured to use WKWebview, Jamf Conditional Access no longer displays the sign in
window over the top of the information window, creating a clearer experience for end users.
• When configured to use the WebAuth view, Jamf Conditional Access now includes instructions for
end users to click OK on the browser's Select a Certificate prompt.
 
Device Compliance Enhancements
The Jamf Pro Device Compliance integration with Microsoft Intune now includes the following
enhancements:
 
• Both macOS and iOS devices are now available from a single Settings pane and offer the same
functionality.
• The latest Microsoft Partner Compliance Management API is used to communicate compliance.
• Compliance calculations only happen in Jamf Pro.
• The Device Compliance integration is less likely to go through the re-integration flow when editing
and saving.
 
Retrieve FileVault Information via the Jamf Pro API
You can now retrieve FileVault information for computers using two new endpoints via the Jamf Pro
API. This improvement allows the endpoint to return the same FileVault information that is available
in the Jamf Pro user interface.
 
To learn more about this release and the product issues it addresses, review the release notes
 
To access new versions of Jamf Pro, log into Jamf Account with your Jamf ID. The latest version is
located in the Products section under Jamf Pro.
19 REPLIES 19

patrickj
New Contributor III

This feature Retrieve FileVault Information via the Jamf Pro API is VERY exciting!

Indeed, that will be so exciting!

mm2270
Legendary Contributor III

I've forgotten how many years I've been waiting for this feature! I was in fact someone who submitted a FR for this many years back. Bravo Jamf for finally getting this one done.

karthikeyan_mac
Valued Contributor

Finally, Jamf added API for Retrieving FileVault Information via the Jamf Pro API. This was a long awaited feature. Thanks Jamf team for bringing this API.

Samstar777
Contributor II

This is very helpful article as it shows exactly what we are looking for 🙂

DBrowning
Valued Contributor II

This should not have been skipped in this post.  

DBrowning_0-1674575180580.png

 

foobarfoo
Contributor

Please clarify if you indeed intend to recommend MySQL 8.0.30 and not .31 - .30 is already pretty old and has known security vulnerabilities. It would be great if you could update the documentation if .31 is indeed working, or test internally if you could shiftt your recommendation to .31 .

mschroder
Valued Contributor

The announcements says nothing about security issues, but https://docs.jamf.com/10.43.0/jamf-pro/release-notes/Resolved_Issues.html mentions quite a few CVEs, some of them marked as CRITICAL in the NVD.

So how serious are these vulnerabilities for the JSS? How urgent is it to upgrade?

I'm extremely disappointed that JAMF fails again to properly inform its clients and users about the seriousness of the vulnerabilities!

Hello @mschroder,
Historically we often did not document when we updated 3rd party libraries even if they had identified vulnerabilities within. We have recently changed that with the intention of being more transparent on the upgrade of 3rd party libraries we use, especially if they have corresponding vulnerabilities identified with them.

When we see that a library we use has an identified vulnerability we assess the risk and determine our next course of action. If we find that the issue potentially presents a big risk to our customers we will convey that in different communication means; typically via email, a Jamf Nation post and potentially its very own hot fix release. Often times a vulnerability is identified in a library we use but after investigation we can see that either due to usage or configurations on our part that the risk is exponentially lower. If we determine the risk is lower it just becomes part of our normal development process and will be patched in a future release, as is seen with the entires in this 10.43 release.

As you may remember, the Release Notes > Resolved Issues > Security Issues in Jamf Pro 10.42 was actually longer list than this release and if all goes according to plan the 10.44 release's list of issues resolved will be even longer. That is to say we are attempting to do a better job of patching all libraries we use, regardless of risk presented by them, in all releases. Going along with that we are working at doing a better job of disclosing those items being patched in our release notes.

We intentionally don't list the issues resolved in our beta notes as to not disclose the risks, even if they are low, until a version is available for all customers to download. We also intentionally keep the description of the security issues resolved vague as to not provide greater risks to those customers who cannot update quickly (it also makes my writing of each of those description that much easier). If you feel that you need more information on any of those issues listed don't hesitate to reach out to support.

But rest assured, our intentions is to keep you the most secure in all the means we can. And if something is identified that we feel is a larger risk, we will let you know. 

Mike Paul
Product Security Engineer 

manadrain
New Contributor

Just tried to run upgrade in our test setup for JAMF Pro version 10.43.   Servers are running on CENTOS 7 and this is the first time I remember running into this error during installation.   Running the install "sudo sh ./jamfproinstaller.run" I get an "Error: Found 8080 in use, but no Jamf Pro web app is running over the port... in the jamf-pro-installer.log file.  Our JAMF Setups are configured with SSL and run on port 8443 and not 8080.   

Here is a copy of the infomation in the install log for today:

 

[2023-01-27 09:56:20]: Starting the Linux Jamf Pro Installation
[2023-01-27 09:56:20]: Checking installation requirements...
[2023-01-27 09:56:20]: Checking for a 64-bit OS...
[2023-01-27 09:56:20]: OK
[2023-01-27 09:56:20]: Checking available disk space...
[2023-01-27 09:56:20]: Warning: Available disk space is below the recommended 150 GB to install Jamf Pro. Ensure your server has adequate disk space before proceeding.
[2023-01-27 09:56:23]: Continuing installation requirements...
[2023-01-27 09:56:23]: Checking for Java 11...
[2023-01-27 09:56:23]: Verifying JCE Unlimited Strength Jurisdiction Policy files...
[2023-01-27 09:56:24]: Java JCE files verified
[2023-01-27 09:56:24]: Checking if Tomcat is running...
[2023-01-27 09:56:24]: Stopping Tomcat for the upgrade...
[2023-01-27 09:56:32]: Error: Found 8080 in use, but no Jamf Pro web app is running over the port...
[2023-01-27 09:56:32]: Aborting installer...
[2023-01-27 09:56:32]: Aborting installation due to unsatisfied requirements.

jjouyan
New Contributor II

conditional access or device compliance for macOS? we start to register mac with Conditional access. should i wait of 10.43 and register all mac with device compliance?

scottlep
Contributor II

@JustinV, It doesn't look like the 10.43 upgrade happened over the weekend as per emails received from Jamf. Anyone else still see their JSS version showing as 10.42.1? Were the upgrades postponed but no notice sent?

DBrowning
Valued Contributor II

if you look at the end of this original post, they postponed it back on the 25th.

scottlep
Contributor II

Odd, because we received the emails on the 25th saying the upgrades were happening this weekend but no email saying the upgrade was being postponed.

Screenshot 2023-01-30 at 12.57.23 PM.png

 

Samstar777
Contributor II

Hello All,

there were newly discovered issue and hence jamf is holding off the update.

Obviously, but in the past if an upgrade was being postponed then an email was sent by Jamf letting us know. Adding a line to the bottom of a JN post doesn't seem like a great way to let customers know.

JustinV
Contributor
Contributor

Hey All, 

As we do monitor these post we wanted to share with our community that your concerns are being heard and we will share additional information as soon as it is available. 

We appreciate your patience dearly, please be on the lookout for more information. 

- Justin

dpwlg
New Contributor III

Anyone heard when Jamf cloud will be upgraded to 10.43?

DBrowning
Valued Contributor II