Help

log4j - jamf pro server still on 10.34

Go to solution
mickl089
Contributor III

Posted on ‎12-15-2021 02:33 AM

hello,
when we get the 10.34.1 patch? our managed jamf pro server is still on 10.34 😞

thanks!

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mm2270
Legendary Contributor III

Posted on ‎12-15-2021 05:48 AM

So, if you read Jamf's official statement on their cloud instances and this vulnerability, they specifically mention the issue has been addressed through other controls. Apparently Jamf cloud servers do not allow the type of traffic that would be required to use this exploit, even if a vulnerable version of log4j2 is still installed on them. So 10.34.1 may only be necessary for on prem servers.

I would imagine eventually, like maybe in the next full release, Jamf will roll in an updated version of log4j 2, maybe 2.16, so it's fully patched.

View solution in original post

4 REPLIES 4

Go to solution
spotmac
New Contributor III

Posted on ‎12-15-2021 03:44 AM

I suspect Jamf Pro is still vulnerable. Version 2.15.0 was used in the 10.31.1 update. 

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎12-15-2021 05:48 AM

So, if you read Jamf's official statement on their cloud instances and this vulnerability, they specifically mention the issue has been addressed through other controls. Apparently Jamf cloud servers do not allow the type of traffic that would be required to use this exploit, even if a vulnerable version of log4j2 is still installed on them. So 10.34.1 may only be necessary for on prem servers.

I would imagine eventually, like maybe in the next full release, Jamf will roll in an updated version of log4j 2, maybe 2.16, so it's fully patched.

Go to solution
jwojda
Valued Contributor II

Posted on ‎12-15-2021 06:46 AM

I did reach out to jamf support re: this same question.  would be nice to have the warm fuzzy feeling of the version bump on the cloud.  I'm sure we could request the update given the situation.

 

0 Kudos