Note that contrary to the comment in the release notes: "This
vulnerability poses a risk to private data. It does not have the
potential to impact managed devices or the integrity and availability of
your web server." - this does appear to allow RCE ...
We did not receive (and still have not received) any emails from JAMF
about this. If not for seeing the Register article this evening, we
still wouldn't have heard about it... I also don't see any guidance on
determining if the issue has been exploit...