Note that contrary to the comment in the release notes: "This
vulnerability poses a risk to private data. It does not have the
potential to impact managed devices or the integrity and availability of
your web server." - this does appear to allow RCE ...
@tlarkin Yeah, we updated ASAP after seeing the article, THEN came here
to find out why we were not notified. Guidelines for detecting prior
exploitation would be good to have...
We did not receive (and still have not received) any emails from JAMF
about this. If not for seeing the Register article this evening, we
still wouldn't have heard about it... I also don't see any guidance on
determining if the issue has been exploit...
