Jamf Nation Community

Aaron_Kiemele · 10-18-2022

We recently became aware of a Java vulnerability in the Apache Commons Text library [CVE-2022-42889] that could allow for code injection by a malicious actor. While Jamf Pro, Jamf Now, Jamf School, Jamf Threat Defense, Jamf Data Policy, Infrastructur...

Aaron_Kiemele · 03-31-2022

SpringShell: Spring Core RCE 0-day VulnerabilityUPDATE: 4/2Thank you for your patience as we continued to monitor and work through the Spring Framework vulnerability. Jamf Pro 10.37.2, which includes the patched version of the spring framework, is no...

Aaron_Kiemele · 12-10-2021

Update 12/28On December 9, 2021, a Remote Code Execution (RCE) vulnerability (CVE-2021-44228) was identified in the log4j library (https://www.lunasec.io/docs/blog/log4j-zero-day/). The log4j project released version 2.15 to address this issue. New i...

Aaron_Kiemele · 06-18-2021

Hi Jamf Nation, On June 15, 2021, we were made aware of a URL redirect vulnerability, affecting Jamf Pro customers who host their environments on-premises and less than 1% of Jamf Cloud customer environments. We have not discovered any evidence of ma...

Aaron_Kiemele · 06-26-2020

Jamf Critical Security Issue Patch Policy SummaryJamf strives to provide the highest level of security for its customers. Unfortunately, there are occasions where a security vulnerability within a Jamf product codebase is detected. The following poli...

Aaron_Kiemele · 04-04-2022

Versions prior to 10.36 do contain the vulnerable Spring component. We do not recommend manual upgrades as it is more complex than a direct update of the impacted component, and may cause instability or future update issues. While we did not see a cl...

Aaron_Kiemele · 04-02-2022

Thank you for your patience as we continued to monitor and work through the Spring Framework vulnerability. Jamf Pro 10.37.2, which includes the patched version of the spring framework, is now generally available and should completely mitigate the is...

Aaron_Kiemele · 04-01-2022

We still have yet to verify any exploitable path to our customers, regardless of what Jamf products they use. Our team is working around the clock investigating this reported vulnerability, and we will continue to update you as soon as we learn more....

Aaron_Kiemele · 03-30-2022

We are actively investigating this reported vulnerability. Though Jamf Pro does utilize the Spring Framework, we have not found any evidence that Jamf customers are affected in any way at this time.Aaron KiemeleJamf, CISO

Aaron_Kiemele · 01-03-2022

Thank you, this is a good point. I will look into how we might best improve. Any ambiguous information can also be authenticated via the release notes here, by contacting your Customer Success rep, or reaching out to support@jamf.comAaron KiemeleChie...

Jamf Nation Community

User Statistics

User Activity

Apache Commons Text Vulnerability

Spring4Shell Vulnerability

Third-Party Security Issue

Jamf Pro 10.30.1 Security Upgrade

Jamf Critical Security Issue Patch Policy

Re: Spring4Shell Vulnerability

Re: Spring4Shell Vulnerability

Re: Spring4Shell Vulnerability

Re: Is Jamf Pro affected by SpringShell vulnerability?

Re: Third-Party Security Issue