Jamf Pro 10.46.1 Now Available

PCalomeni
Moderator
Moderator

Today we are releasing a maintenance version of Jamf Pro.

Jamf Pro 10.46.1 fixes the following product issues:

  • [PI111508] Resolved a broken access control issue within an authentication implementation (CVE-2023-31224).
  • [PI111680] Jamf Pro users who use group-based access roles will no longer see an error when attempting to access the Volume Purchasing settings page.
  • [PI111688] In clustered environments, Jamf Pro no longer stalls on the setup assistant if setup was initiated on a non-primary web app.
  • [PI111726] A java.lang.OutOfMemoryError error no longer occurs when configuration profiles with a Certificate payload that is associated with an Active Directory Certificate Services (AD CS) integration are distributed to or removed from computers or mobile devices.

 

For additional information on what's included in this release, review the release notes via the Jamf Learning Hub.

To access new versions of Jamf Pro, log into Jamf Account with your Jamf ID. The latest version is located in the Products section under Jamf Pro.

 

Cloud Upgrade Schedule

Your Jamf Pro server, including any free sandbox environments, will be updated to Jamf Pro 10.46.1 based on your hosted data region below. Review this guide if you need assistance identifying the Hosted Data Region of your Jamf Cloud instance.

 

Hosted Region Begins Ends
ap-southeast-2 19 May at 1400 UTC 19 May at 2300 UTC
ap-northeast-1 19 May at 1500 UTC 20 May at 0100 UTC
eu-central-1 19 May at 2200 UTC 20 May at 0800 UTC
eu-west-2 19 May at 2300 UTC 20 May at 0600 UTC
us-east-1-sandbox/us-west-2-sandbox 20 May at 0000 UTC 20 May at 1000 UTC
us-east-1 20 May at 0400 UTC 20 May at 1700 UTC
us-west-2 20 May at 0700 UTC 20 May at 2000 UTC
10 REPLIES 10

khurram
Contributor III

Where do we find the details of "[PI111508] Resolved a broken access control issue within an authentication implementation (CVE-2023-31224)." ?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31224

Currently, it is in a 'RESERVED' state. When it becomes public, the vulnerability will be available for the public.

Due to the fact that we don't control upgrade schedules for on premises customers we don't have a clear date on when we will be sharing much more information on the issue.  @Aitorhdez is correct though that when we are ready to share more information it will be provided in that CVE.  

What I can say is that this issue was not just introduced in 10.46, so people on earlier versions could be impacted.  We would also classify this as a High security severity based on our findings.  

We would recommend all customers to upgrade to a patched version when they are able.  Jamf Cloud standard hosting is planned to be upgraded starting today.  

bwoods
Valued Contributor

Noticed that the format for the documentation has changed quite a bit. Is there still a section for known issues? Experienced multiple issues with 10.45.0. (Most problems I've had since I started using Casper years ago) Also noticed that 10.46.0 never automatically updated on my server for some reason.

Hi @bwoods. The list of known issues can be accessed from the Jamf Pro product page in Jamf Account.

scrjeff
New Contributor II

Have any of you noticed an issue with the formatting of patch information in the dashboard? My cloud instance was upgraded, and the device counts for each version are now aligning vertically.  This is in Chrome, and there is no change with window sizing or zoom setting. 

I'm seeing this:

Version      Devices

                          2

5.14.7 (18149)   3

                          2

 

vs

5.14.7 (18149)  232

 

yep same here.  I have a ticket open, they are getting UX involved.

This is disappointing.  My ticket was marked closed and they said it was a UI issue that would hopefully be addressed in the future.  No PI.

scrjeff
New Contributor II

It's very annoying, and I would think it would be a simple fix that could be rolled out quickly. 

dlondon
Valued Contributor

In my initial testing I see that a pre-enrolled machine now gets its old name when it's wiped and rebuilt instead of the generic macbook name it would have received.  I think this is great but can't find a mention of it