What's new in the Jamf Pro 10.35 Release

kaylee_carlson
Contributor
Contributor

Good morning Jamf Nation! 

Today we released Jamf Pro 10.35 which includes support for user deferrals for macOS Software Updates, cloud identity provider page enhancements and Bearer Authentication for Classic API.

 

Jamf Pro Security Issues

Jamf provides the CVE-ID for security issues with high or critical severity when possible.

  • [PI-010403] This release fixes a security vulnerability with Jamf Pro. The Jamf Pro installers have been updated to include Apache Log4j 2 version 2.15.0, which remediated the vulnerability (CVE-2021-44228). This bug fix is also included in Jamf Pro 10.34.1 or later.

  • [PI-010408] This release fixes a security vulnerability with Jamf Pro. The Jamf Pro installers have been updated to include Apache Log4j 2 version 2.16.0, which remediated a log4j vulnerability (CVE-2021-45046). This bug fix is also included in Jamf Pro 10.34.2 or later.

  • [PI-010417] This release fixes a security vulnerability with Jamf Pro. The Jamf Pro installers have been updated to include Apache Log4j 2 version 2.17.0, which remediated the vulnerability (CVE-2021-45105).

To learn more about new features and additional resolved issues please read full release notes here.

Kaylee

 

Cloud Upgrade Schedule
Your Jamf Pro server, including any free sandbox environments, will be updated to Jamf Pro 10.35 based on your hosted data region below.

Need assistance identifying the Hosted Data Region of your Jamf Cloud instance? Check out this guide to find out how.

 

Hosted RegionBeginsEnds
ap-southeast-2Jan 7 at 1300 UTCJan 7 at 2200 UTC
ap-northeast-1Jan 7 at 1500 UTCJan 7 at 2300 UTC
eu-central-1Jan 7 at 2300 UTCJan 8 at 0900 UTC
eu-west-2Jan 8 at 0000 UTCJan 8 at 0700 UTC
us-east-1 sandbox/us-west-2-sandboxJan 8 at 0100 UTCJan 8 at 1000 UTC
us-east-1 Jan 8 at 0500 UTCJan 8 at 1700 UTC
us-west-2Jan 8 at 0800 UTCJan 8 at 2100 UTC

 

Next Steps

For real-time messages about your upgrade, subscribe to alerts.

For information on what's new in Jamf Pro 10.35, please review the release notes.

29 REPLIES 29

ChrisP
New Contributor II

Is the .1 release planning to incorporate log4j 2.17.1 since the 2.17 has since been deemed vulnerable? 😫

ubcoit
Contributor II

FYI, as per the previous "manual" instructions I updated my 10.32.1 on prem instances (two prod, one dev) to 2.17.1 without issue.

https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html

Per https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740

Jamf Pro is apparently not vulnerable to the issue fixed in log4j 2.17.1. This means we can choose to manually update, or wait for the next Jamf Pro update.

user-TykYEzpbkp
New Contributor II

So slightly more info than the useless email, but no where near what you were providing a year ago. PLEASE PROVIDE UPDATE INFORMATION IN YOUR EMAILS!

Emails have not decreased from Jamf. I get several per week. But important email like this only says there's a new version.

<deleted>

I stopped receiving emails and had to open a support case to get it fixed. but now I know ahead of this weekend that Jamf Pro 10.35 will be rolled out

- I am @exno or @exnozero on almost everything that exists.

I'm a big fan of getting alerted to check out the forums (who has time to manually check anyways?) but disappointed with the speed of some of the "critical" road map items for future Jamf release version. Here's to hoping! 🤞

wakco
Contributor

Jamf Admin 10.35.0 has a major bug, it fails to upload package manifests, workaround for now is to continue to use an older version of Jamf Admin, such as 10.34.1 or 10.34.2 (I had forgotten about 10.34.2 when I resolved my issue by going back to 10.34.1). I have logged Case # JAMF-3317981, but thought people should know about the issue.

Hello guys, we're also affected by that issue. Wakco's workaround works. We also opened a support case.

Ran into this as well. The specific manifestation for this is that there will be a failure message when trying to upload. The file will actually copy to the server but you will not be able to delete from within Jamf admin. I found that I could, via the web interface, "add" the package that was already on the distribution point manually, and when launching Jamf admin the package would show up, minus the checksum. But the earlier version of Jamf admin works better as already noted.

jonn1e
Contributor

Wrong topic. 

A bug in a new release seems to be right topic

NGoode
New Contributor

So the real question here is, as an on-prem instance..do we NEED to upgrade to 10.35? We are currently on 10.34.2.

I think it depends on the release notes. All log4J related and security is always interesting to do the update asap. But 10.35.0 had a very short beta, is suppose it's because of the log4j stuff it was released so quickly.

we see on our on prem a performance degrad of about 30% in comparison to 10.34-2 after updating to 10.35.0.

Also opened a tix for that.

Can you define the performance degradation? Which tasks or processes? All of them?

All of them. The entire GUI is awfully slow. We got some help from support which makes it a little better, but compared to previous release it's very non.reactive.

TSOAFTVPPC
Contributor

I see in the release notes that Jamf Remote will not be supported in a future release. This is terrible. The web interface does NOT provide equivalent functionality. There are no IMMEDIATELY install package options, immediately run custom command options, immediately run script options, screen sharing options. Removing a competitive advantage compared to other tools doesn't make much sense to me. ( Don't tell me there are other tools, the point is not needing to use other tools if you have Jamf.)

"It is recommended to use TeamViewer.."  LOL. Love how tech writers switch to passive voice when they tell you that their product is a failure and you're going to have to buy another product to make up for it. 

And team viewer doesn't let you QUICKLY AND IMMEDIATELY push out packages and scripts to dozens of computers without waiting for checkin or dependency on apples servers. Jamf is not going to exist in 5 years. Everyone of it's competitive advantages, things no other product could accomplish are being mothballed. Jamf is only a bit better at doing some things than other products, which are cross platform by the way. If you are only going to support one platform you can't only be marginally better. The bean counters don't care about your marginal productivity. My university is abandoning Jamf quickly; I believe I am only one of two departmental holdouts.

I use Jamf Remote heavily so this will be sorely missed if there is no replacement. I will admit though that when we went completely offsite when covid first hit that it was the kick in the pants to realize that something needed to change since it was useless in that situation. 

What do you mean Jamf remote was useless off site? We used it very heavily while we were working remote. Worked great! You did setup a vpn to access to your remote site first right?

Our users aren't connected to vpn unless they absolutely have to.

So you are trying to use Jamf remote  to control users devices that are also offsight?

263
New Contributor II

we also have performance trouble since 10.35

bovardjc
New Contributor

Significant slowdowns for us also since 10.35

mbracco
Contributor

We had with support some cleanups in DB but this did not resolve the performance degradation. Windows stay white for 20 secs before displaying the content. Working on multiple tabs in browser is in the meantime impossible as content is shown minutes later.....

hunter990
Contributor

Anyone else seeing a package with a custom manifest no longer deploying from a Prestage with this version?

hector_cast
New Contributor II

Bad latency issues for us since 10.35. Going on for two weeks now. Jamf needs to patch this version ASAP. My only saving grace is to use a dedicated M1 with Safari. It helps, but not much. This is the first time an update was so impactful to our system.😞

263
New Contributor II

it seems that a hotfix 10.35.1 is available.