Good morning Jamf Nation!
Today we released Jamf Pro 10.35 which includes support for user deferrals for macOS Software Updates, cloud identity provider page enhancements and Bearer Authentication for Classic API.
Jamf Pro Security Issues
Jamf provides the CVE-ID for security issues with high or critical severity when possible.
[PI-010403] This release fixes a security vulnerability with Jamf Pro. The Jamf Pro installers have been updated to include Apache Log4j 2 version 2.15.0, which remediated the vulnerability (CVE-2021-44228). This bug fix is also included in Jamf Pro 10.34.1 or later.
[PI-010408] This release fixes a security vulnerability with Jamf Pro. The Jamf Pro installers have been updated to include Apache Log4j 2 version 2.16.0, which remediated a log4j vulnerability (CVE-2021-45046). This bug fix is also included in Jamf Pro 10.34.2 or later.
[PI-010417] This release fixes a security vulnerability with Jamf Pro. The Jamf Pro installers have been updated to include Apache Log4j 2 version 2.17.0, which remediated the vulnerability (CVE-2021-45105).
To learn more about new features and additional resolved issues please read full release notes here.
Cloud Upgrade Schedule
Your Jamf Pro server, including any free sandbox environments, will be updated to Jamf Pro 10.35 based on your hosted data region below.
Need assistance identifying the Hosted Data Region of your Jamf Cloud instance? Check out this guide to find out how.
|ap-southeast-2||Jan 7 at 1300 UTC||Jan 7 at 2200 UTC|
|ap-northeast-1||Jan 7 at 1500 UTC||Jan 7 at 2300 UTC|
|eu-central-1||Jan 7 at 2300 UTC||Jan 8 at 0900 UTC|
|eu-west-2||Jan 8 at 0000 UTC||Jan 8 at 0700 UTC|
|us-east-1 sandbox/us-west-2-sandbox||Jan 8 at 0100 UTC||Jan 8 at 1000 UTC|
|us-east-1||Jan 8 at 0500 UTC||Jan 8 at 1700 UTC|
|us-west-2||Jan 8 at 0800 UTC||Jan 8 at 2100 UTC|
For real-time messages about your upgrade, subscribe to alerts.
For information on what's new in Jamf Pro 10.35, please review the release notes.
FYI, as per the previous "manual" instructions I updated my 10.32.1 on prem instances (two prod, one dev) to 2.17.1 without issue.
Jamf Pro is apparently not vulnerable to the issue fixed in log4j 2.17.1. This means we can choose to manually update, or wait for the next Jamf Pro update.
Jamf Admin 10.35.0 has a major bug, it fails to upload package manifests, workaround for now is to continue to use an older version of Jamf Admin, such as 10.34.1 or 10.34.2 (I had forgotten about 10.34.2 when I resolved my issue by going back to 10.34.1). I have logged Case # JAMF-3317981, but thought people should know about the issue.
Ran into this as well. The specific manifestation for this is that there will be a failure message when trying to upload. The file will actually copy to the server but you will not be able to delete from within Jamf admin. I found that I could, via the web interface, "add" the package that was already on the distribution point manually, and when launching Jamf admin the package would show up, minus the checksum. But the earlier version of Jamf admin works better as already noted.
I think it depends on the release notes. All log4J related and security is always interesting to do the update asap. But 10.35.0 had a very short beta, is suppose it's because of the log4j stuff it was released so quickly.
we see on our on prem a performance degrad of about 30% in comparison to 10.34-2 after updating to 10.35.0.
Also opened a tix for that.
I see in the release notes that Jamf Remote will not be supported in a future release. This is terrible. The web interface does NOT provide equivalent functionality. There are no IMMEDIATELY install package options, immediately run custom command options, immediately run script options, screen sharing options. Removing a competitive advantage compared to other tools doesn't make much sense to me. ( Don't tell me there are other tools, the point is not needing to use other tools if you have Jamf.)
And team viewer doesn't let you QUICKLY AND IMMEDIATELY push out packages and scripts to dozens of computers without waiting for checkin or dependency on apples servers. Jamf is not going to exist in 5 years. Everyone of it's competitive advantages, things no other product could accomplish are being mothballed. Jamf is only a bit better at doing some things than other products, which are cross platform by the way. If you are only going to support one platform you can't only be marginally better. The bean counters don't care about your marginal productivity. My university is abandoning Jamf quickly; I believe I am only one of two departmental holdouts.