SpringShell: Spring Core RCE 0-day VulnerabilityUPDATE: 4/2Thank you for
your patience as we continued to monitor and work through the Spring
Framework vulnerability. Jamf Pro 10.37.2, which includes the patched
version of the spring framework, is no...
Update 12/28On December 9, 2021, a Remote Code Execution (RCE)
vulnerability (CVE-2021-44228) was identified in the log4j library
(https://www.lunasec.io/docs/blog/log4j-zero-day/). The log4j project
released version 2.15 to address this issue. New i...
Hi Jamf Nation, On June 15, 2021, we were made aware of a URL redirect
vulnerability, affecting Jamf Pro customers who host their environments
on-premises and less than 1% of Jamf Cloud customer environments. We
have not discovered any evidence of ma...
Jamf Critical Security Issue Patch Policy SummaryJamf strives to provide
the highest level of security for its customers. Unfortunately, there
are occasions where a security vulnerability within a Jamf product
codebase is detected. The following poli...
6/24/20 Update Hi Jamf Nation, I want to provide a brief update
following the security issue last weekend. Whether you are a Standard
Cloud, Premium Cloud, or on-premises customer, you should have heard
from our team via email with an update on how y...
Versions prior to 10.36 do contain the vulnerable Spring component. We
do not recommend manual upgrades as it is more complex than a direct
update of the impacted component, and may cause instability or future
update issues. While we did not see a cl...
Thank you for your patience as we continued to monitor and work through
the Spring Framework vulnerability. Jamf Pro 10.37.2, which includes the
patched version of the spring framework, is now generally available and
should completely mitigate the is...
We still have yet to verify any exploitable path to our customers,
regardless of what Jamf products they use. Our team is working around
the clock investigating this reported vulnerability, and we will
continue to update you as soon as we learn more....
We are actively investigating this reported vulnerability. Though Jamf
Pro does utilize the Spring Framework, we have not found any evidence
that Jamf customers are affected in any way at this time.Aaron
Thank you, this is a good point. I will look into how we might best
improve. Any ambiguous information can also be authenticated via the
release notes here, by contacting your Customer Success rep, or reaching
out to email@example.comAaron KiemeleChie...