Jamf Nation Community

JustinV · ‎01-24-2023

Update 31 January 2023: Today we released 10.43.1. Full details, including the Cloud Upgrade schedule, are posted here.

Today we are releasing Jamf Pro 10.43. Highlights of this release include:

Conditional Access Registration Improvements

The process for registering computers with Microsoft Intune has been improved in the following

ways:

• The process name of the agent on client computers with Conditional Access has been renamed

from "JamfAAD" to "Jamf Conditional Access". This change helps promote familiarity and confidence

for end users when their computers prompt them to sign in with their Microsoft Azure account

credentials.

• When configured to use WKWebview, Jamf Conditional Access no longer displays the sign in

window over the top of the information window, creating a clearer experience for end users.

• When configured to use the WebAuth view, Jamf Conditional Access now includes instructions for

end users to click OK on the browser's Select a Certificate prompt.

Device Compliance Enhancements

The Jamf Pro Device Compliance integration with Microsoft Intune now includes the following

enhancements:

• Both macOS and iOS devices are now available from a single Settings pane and offer the same

functionality.

• The latest Microsoft Partner Compliance Management API is used to communicate compliance.

• Compliance calculations only happen in Jamf Pro.

• The Device Compliance integration is less likely to go through the re-integration flow when editing

and saving.

Retrieve FileVault Information via the Jamf Pro API

You can now retrieve FileVault information for computers using two new endpoints via the Jamf Pro

API. This improvement allows the endpoint to return the same FileVault information that is available

in the Jamf Pro user interface.

To learn more about this release and the product issues it addresses, review the release notes

here.

To access new versions of Jamf Pro, log into Jamf Account with your Jamf ID. The latest version is

located in the Products section under Jamf Pro.

patrickj · ‎01-24-2023

This feature Retrieve FileVault Information via the Jamf Pro API is VERY exciting!

peterlbk · ‎01-24-2023

Indeed, that will be so exciting!

mm2270 · ‎01-24-2023

I've forgotten how many years I've been waiting for this feature! I was in fact someone who submitted a FR for this many years back. Bravo Jamf for finally getting this one done.

karthikeyan_mac · ‎01-24-2023

Finally, Jamf added API for Retrieving FileVault Information via the Jamf Pro API. This was a long awaited feature. Thanks Jamf team for bringing this API.

Samstar777 · ‎01-24-2023

This is very helpful article as it shows exactly what we are looking for 🙂

DBrowning · ‎01-24-2023

This should not have been skipped in this post.

foobarfoo · ‎01-24-2023

Please clarify if you indeed intend to recommend MySQL 8.0.30 and not .31 - .30 is already pretty old and has known security vulnerabilities. It would be great if you could update the documentation if .31 is indeed working, or test internally if you could shiftt your recommendation to .31 .

mschroder · ‎01-24-2023

The announcements says nothing about security issues, but https://docs.jamf.com/10.43.0/jamf-pro/release-notes/Resolved_Issues.html mentions quite a few CVEs, some of them marked as CRITICAL in the NVD.

So how serious are these vulnerabilities for the JSS? How urgent is it to upgrade?

I'm extremely disappointed that JAMF fails again to properly inform its clients and users about the seriousness of the vulnerabilities!

mike_paul · ‎01-25-2023

Hello @mschroder,
Historically we often did not document when we updated 3rd party libraries even if they had identified vulnerabilities within. We have recently changed that with the intention of being more transparent on the upgrade of 3rd party libraries we use, especially if they have corresponding vulnerabilities identified with them.

When we see that a library we use has an identified vulnerability we assess the risk and determine our next course of action. If we find that the issue potentially presents a big risk to our customers we will convey that in different communication means; typically via email, a Jamf Nation post and potentially its very own hot fix release. Often times a vulnerability is identified in a library we use but after investigation we can see that either due to usage or configurations on our part that the risk is exponentially lower. If we determine the risk is lower it just becomes part of our normal development process and will be patched in a future release, as is seen with the entires in this 10.43 release.

As you may remember, the Release Notes > Resolved Issues > Security Issues in Jamf Pro 10.42 was actually longer list than this release and if all goes according to plan the 10.44 release's list of issues resolved will be even longer. That is to say we are attempting to do a better job of patching all libraries we use, regardless of risk presented by them, in all releases. Going along with that we are working at doing a better job of disclosing those items being patched in our release notes.

We intentionally don't list the issues resolved in our beta notes as to not disclose the risks, even if they are low, until a version is available for all customers to download. We also intentionally keep the description of the security issues resolved vague as to not provide greater risks to those customers who cannot update quickly (it also makes my writing of each of those description that much easier). If you feel that you need more information on any of those issues listed don't hesitate to reach out to support.

But rest assured, our intentions is to keep you the most secure in all the means we can. And if something is identified that we feel is a larger risk, we will let you know.

Mike Paul
Product Security Engineer

manadrain · ‎01-27-2023

Just tried to run upgrade in our test setup for JAMF Pro version 10.43. Servers are running on CENTOS 7 and this is the first time I remember running into this error during installation. Running the install "sudo sh ./jamfproinstaller.run" I get an "Error: Found 8080 in use, but no Jamf Pro web app is running over the port... in the jamf-pro-installer.log file. Our JAMF Setups are configured with SSL and run on port 8443 and not 8080.

Here is a copy of the infomation in the install log for today:

[2023-01-27 09:56:20]: Starting the Linux Jamf Pro Installation
[2023-01-27 09:56:20]: Checking installation requirements...
[2023-01-27 09:56:20]: Checking for a 64-bit OS...
[2023-01-27 09:56:20]: OK
[2023-01-27 09:56:20]: Checking available disk space...
[2023-01-27 09:56:20]: Warning: Available disk space is below the recommended 150 GB to install Jamf Pro. Ensure your server has adequate disk space before proceeding.
[2023-01-27 09:56:23]: Continuing installation requirements...
[2023-01-27 09:56:23]: Checking for Java 11...
[2023-01-27 09:56:23]: Verifying JCE Unlimited Strength Jurisdiction Policy files...
[2023-01-27 09:56:24]: Java JCE files verified
[2023-01-27 09:56:24]: Checking if Tomcat is running...
[2023-01-27 09:56:24]: Stopping Tomcat for the upgrade...
[2023-01-27 09:56:32]: Error: Found 8080 in use, but no Jamf Pro web app is running over the port...
[2023-01-27 09:56:32]: Aborting installer...
[2023-01-27 09:56:32]: Aborting installation due to unsatisfied requirements.

jjouyan · ‎01-28-2023

conditional access or device compliance for macOS? we start to register mac with Conditional access. should i wait of 10.43 and register all mac with device compliance?

scottlep · ‎01-30-2023

@JustinV, It doesn't look like the 10.43 upgrade happened over the weekend as per emails received from Jamf. Anyone else still see their JSS version showing as 10.42.1? Were the upgrades postponed but no notice sent?

DBrowning · ‎01-30-2023

if you look at the end of this original post, they postponed it back on the 25th.

scottlep · ‎01-30-2023

Odd, because we received the emails on the 25th saying the upgrades were happening this weekend but no email saying the upgrade was being postponed.

Samstar777 · ‎01-30-2023

Hello All,

there were newly discovered issue and hence jamf is holding off the update.

scottlep · ‎01-30-2023

Obviously, but in the past if an upgrade was being postponed then an email was sent by Jamf letting us know. Adding a line to the bottom of a JN post doesn't seem like a great way to let customers know.

JustinV · ‎01-30-2023

Hey All,

As we do monitor these post we wanted to share with our community that your concerns are being heard and we will share additional information as soon as it is available.

We appreciate your patience dearly, please be on the lookout for more information.

- Justin

dpwlg · ‎01-31-2023

Anyone heard when Jamf cloud will be upgraded to 10.43?

DBrowning · ‎01-31-2023

https://community.jamf.com/t5/jamf-pro/jamf-pro-10-43-1-now-available/td-p/282872

This weekend.

Jamf Nation Community

Jamf Pro 10.43 Now Available