Jamf Nation Community

Release notes say still supported under minimum system requirements. Available until removal in March 2022.

Pending removal note has been on the last few JAMF Pro version release notes.  

"Support for using the Jamf Pro Installer for macOS will be discontinued in a future release (estimated removal date: March 2022)."

Thanks for your mention @AntMac. To ensure we are the same page, we are sunsetting Jamf Imaging in 10.33.0, which is a workflow no longer supported. I believe your mention is more around an installer workflow. Deprecation of the installer for the macOS was announced 10.28.0, and we offer resources for migration https://docs.jamf.com/10.28.0/jamf-pro/release-notes/Deprecations_and_Removals.html . Please let us know if you have any additional questions. Thank you.

CC: @kaylee_carlson 

you can find in this link https://account.jamf.com/

This is an issue I have been repeating since Jamf management made this poor decision. There is no explanation why Jamf refuses to include this in notification emails, and it makes Mac admins jobs more difficult when a manager is not notified of what is changing.

Why should corporate management have to create a Jamf account just to read up on changes to the Jamf environment?

Jamf hasn't stopped sending us promotional emails. Why stop sending us useful information?

Thank you for this feedback. We understand your concerns and will look to post resolved issues more clearly going forward. 

We appreciate this feedback and will work to make resolved issues part of our release communication going forward. 

Tomcat issues date back to 2020! Not only did I report the concern in our Linux server environment, Jamf support had provided a difficult method of replacing the JSS installed Tomcat with one from the Apache foundation. And this had to be done for each update.

The next several releases they were still using a Tomcat 6 months old with known vulnerabilities. Jamf Cloud is using 8.5.58 (2020-09-15), while https://tomcat.apache.org/tomcat-8.5-doc/changelog.html lists the latest version of 8.5.72 (2021-10-01)! Jamf's version is A YEAR OLD!

This release, at least for on-prem users, does include Tomcat 8.5.71 (instead of 72) so the situation isn't as dire as it could be.  But given the recent disclosures, was hoping this would include the latest update in the 8.5 series, if not move to a more recent branch.

Hello, 

Thank you for raising theses concerns up and continuing the discussion. I’ve reviewed the community feedback with our Engineering and Product Security teams. Our findings concluded with the following. 

• Jamf Pro 10.33 is shipped with Tomcat 8.5.71.
• The DoS vulnerability was determined to have a “low” impact on Jamf Pro customers. Reasons include:
  • The vulnerability does not pose risk to the confidentiality or integrity of Jamf Pro customer data.
  • Jamf customers are at a low risk for being impacted by the DoS issue.

However, to remediate any potential risk, Jamf will be upgrading Tomcat in a near future release. 

Please feel free to reach out with additional questions related to Tomcat 8.5.71. Happy to help!

Thank you, 

Travis Cynor

Jamf Product Team

With version 10.33 on prem i'm at this version of Tomcat.

Tomcat Version .................................... Apache Tomcat/8.5.71

Exactly.  We are still behind (i.e. not at 8.5.72) and vulnerable to the recent exploits.

Has this been fixed yet?  They sent an email saying it would be fixed on 11/17/21, but I have heard nothing yet.

Hi @Sobchak! You'll find the current version (2.7.11) of Server Tool in Jamf Account (https://account.jamf.com/products/other/jamf-pro-server-tools). That's the one you should use  to perform database backups if you're running Jamf Pro 10.33.

Please let us know if you have other questions.

Do you just replace the jamf-pro.exe file?

I did that and have the following:
GUI version is 2.7.9
CLI version is 2.7.11

Is that ok to run the backup?

Thanks!

@mvanstone Yes, you are good to run the backup.

We are currently running 10.28 and were waiting for the database backup bug to be fixed before upgrading to 10.33.  If we upgrade to 10.33 now will the new server tools be included or are we going to need to install those separately after the upgrade?

@Sobchak The latest version of the server tools (2.7.11) is not included with 10.33.  If you upgrade to 10.33 you will need to manually upgrade the server tools.  You can do so following this link (https://account.jamf.com/products/other/jamf-pro-server-tools).