What's new in the Jamf Pro 10.33 Release

kaylee_carlson
Contributor
Contributor

Hi Jamf Nation and happy JNUC 2021! 

Today we released Jamf Pro 10.33 which includes support for Account-driven user enrollment for iOS/iPadOS. This workflow streamlines the user enrollment onboarding process and focuses on providing corporate access to BYO users while maintaining user privacy on their personal device.

 

We are also excited to announce Unified Endpoint Management Connector (UEMC) which is an integration between Jamf Threat Defense, Jamf Private Access, Jamf Data Policy and Jamf Pro for iOS/iPadOS. To learn more, please check out the Jamf blog post here.

 

This release also includes improvements to the Azure Active Directory integration within Jamf Pro, Recovery Lock password rotation, and a patch title filter option.

NOTE: Support for Jamf Imaging has been discontinued. With Jamf Pro 10.33, Jamf will no longer distribute Jamf Imaging as part of the Jamf Pro .dmg file.

 

Please read full release notes here.

Kaylee

 

Cloud Upgrade Schedule
Your Jamf Pro server, including any free sandbox environments, will be updated to Jamf Pro 10.33 based on your hosted data region below.

Need assistance identifying the Hosted Data Region of your Jamf Cloud instance? Check out this guide to find out how.

 

Hosted RegionBeginsEnds
ap-southeast-2Oct 29 at 1300 UTCOct 29 at 2200 UTC
ap-northeast-1Oct 29 at 1500 UTCOct 29 at 2300 UTC
eu-central-1Oct 29 at 2200 UTCOct 30 at 0800 UTC
eu-west-2Oct 29 at 2300 UTCOct 30 at 0600 UTC
us-east-1Oct 30 at 0400 UTCOct 30 at 1900 UTC
us-east-1 sandboxOct 30 at 0000 UTCOct 30 at 0900 UTC
us-west-2Oct 30 at 0700 UTCOct 30 at 2100 UTC

 

Next Steps

For real-time messages about your upgrade, subscribe to alerts.

For information on what's new in Jamf Pro 10.33, please review the release notes.

1 ACCEPTED SOLUTION

Aginion_Helpdes
New Contributor

10.33.0 also fixes security issues, outlined here: https://docs.jamf.com/10.33.0/jamf-pro/release-notes/Resolved_Issues.html

Would be nice to include this fact in the "Jamf Pro Release" email-notifications and the release blog post instead of hiding it in "Resolved Issues"...

Thanks

View solution in original post

24 REPLIES 24

tomt
Valued Contributor

Wow, so Jamf is no longer going to support running a Jamf Pro server on macOS?

AntMac
Contributor II

Release notes say still supported under minimum system requirements. Available until removal in March 2022.

Pending removal note has been on the last few JAMF Pro version release notes.  

"Support for using the Jamf Pro Installer for macOS will be discontinued in a future release (estimated removal date: March 2022)."

sara_graves
New Contributor III
New Contributor III

Thanks for your mention @AntMac. To ensure we are the same page, we are sunsetting Jamf Imaging in 10.33.0, which is a workflow no longer supported. I believe your mention is more around an installer workflow. Deprecation of the installer for the macOS was announced 10.28.0, and we offer resources for migration https://docs.jamf.com/10.28.0/jamf-pro/release-notes/Deprecations_and_Removals.html . Please let us know if you have any additional questions. Thank you.

CC: @kaylee_carlson 

bgaudet399
New Contributor

where do I fine the App to download?

attintl
New Contributor II

you can find in this link https://account.jamf.com/

wmehilos
Contributor

RIP Logout Hooks 😫

Aginion_Helpdes
New Contributor

10.33.0 also fixes security issues, outlined here: https://docs.jamf.com/10.33.0/jamf-pro/release-notes/Resolved_Issues.html

Would be nice to include this fact in the "Jamf Pro Release" email-notifications and the release blog post instead of hiding it in "Resolved Issues"...

Thanks

This is an issue I have been repeating since Jamf management made this poor decision. There is no explanation why Jamf refuses to include this in notification emails, and it makes Mac admins jobs more difficult when a manager is not notified of what is changing.

Why should corporate management have to create a Jamf account just to read up on changes to the Jamf environment?

Jamf hasn't stopped sending us promotional emails. Why stop sending us useful information?

Thank you for this feedback. We understand your concerns and will look to post resolved issues more clearly going forward. 

We appreciate this feedback and will work to make resolved issues part of our release communication going forward. 

jrippy
Contributor III

Unfortunately this release does not seem to include mitigations for the recent Tomcat vulnerabilities.  Assuming we'll see a 10.33.1 soon for that fix.

 

Tomcat issues date back to 2020! Not only did I report the concern in our Linux server environment, Jamf support had provided a difficult method of replacing the JSS installed Tomcat with one from the Apache foundation. And this had to be done for each update.

The next several releases they were still using a Tomcat 6 months old with known vulnerabilities. Jamf Cloud is using 8.5.58 (2020-09-15), while https://tomcat.apache.org/tomcat-8.5-doc/changelog.html lists the latest version of 8.5.72 (2021-10-01)! Jamf's version is A YEAR OLD!

This release, at least for on-prem users, does include Tomcat 8.5.71 (instead of 72) so the situation isn't as dire as it could be.  But given the recent disclosures, was hoping this would include the latest update in the 8.5 series, if not move to a more recent branch.

TravisC
New Contributor II
New Contributor II

Hello, 

Thank you for raising theses concerns up and continuing the discussion. I’ve reviewed the community feedback with our Engineering and Product Security teams. Our findings concluded with the following. 

  • Jamf Pro 10.33 is shipped with Tomcat 8.5.71.
  • The DoS vulnerability was determined to have a “low” impact on Jamf Pro customers. Reasons include:
    • The vulnerability does not pose risk to the confidentiality or integrity of Jamf Pro customer data.
    • Jamf customers are at a low risk for being impacted by the DoS issue.

However, to remediate any potential risk, Jamf will be upgrading Tomcat in a near future release. 

Please feel free to reach out with additional questions related to Tomcat 8.5.71. Happy to help!

 

Thank you, 

Travis Cynor

Jamf Product Team

With version 10.33 on prem i'm at this version of Tomcat.

Tomcat Version .................................... Apache Tomcat/8.5.71

Exactly.  We are still behind (i.e. not at 8.5.72) and vulnerable to the recent exploits.

JayDuff
Contributor II

Careful with this one, folks!  Make sure you have the latest server-tools and back up your database! 

10.33 corrupted our database, and what normally takes 15 minutes cost me 3.5 hours because of an old server-tools binary!  I had to restore the whole DB server virtual machine from backup.

A word to the wise....

Has this been fixed yet?  They sent an email saying it would be fixed on 11/17/21, but I have heard nothing yet.

Hi @Sobchak! You'll find the current version (2.7.11) of Server Tool in Jamf Account (https://account.jamf.com/products/other/jamf-pro-server-tools). That's the one you should use  to perform database backups if you're running Jamf Pro 10.33.

Please let us know if you have other questions.

Do you just replace the jamf-pro.exe file?

I did that and have the following:
GUI version is 2.7.9
CLI version is 2.7.11

Is that ok to run the backup?

 

Thanks!

@mvanstone Yes, you are good to run the backup.

We are currently running 10.28 and were waiting for the database backup bug to be fixed before upgrading to 10.33.  If we upgrade to 10.33 now will the new server tools be included or are we going to need to install those separately after the upgrade?

@Sobchak The latest version of the server tools (2.7.11) is not included with 10.33.  If you upgrade to 10.33 you will need to manually upgrade the server tools.  You can do so following this link (https://account.jamf.com/products/other/jamf-pro-server-tools).

JayDuff
Contributor II

Disregard - already answered above....  😀