Jamf Nation Community

PCalomeni · ‎03-02-2023

Today we are releasing a maintenance version of Jamf Pro.

Jamf Pro 10.44.1 fixes the following product issues:

[PI111020] Resolved a Cross-Site Scripting (XSS) issue.
[PI111048] An error calculating scope no longer occurs when the scope of an Azure AD group contains 1000 or more users.

For additional information on what's included in this release, review the release notes via the new Jamf Learning Hub.

To access new versions of Jamf Pro, log into Jamf Account with your Jamf ID. The latest version is located in the Products section under Jamf Pro.

Cloud Upgrade Schedule

Your Jamf Pro server, including any free sandbox environments, will be updated to Jamf Pro 10.44.1 based on your hosted data region below. Review this guide if you need assistance identifying the Hosted Data Region of your Jamf Cloud instance.

Hosted Region	Begins	Ends
ap-southeast-2	3 March at 1300 UTC	3 March at 2200 UTC
ap-northeast-1	3 March at 1400 UTC	4 March at 0000 UTC
eu-central-1	3 March at 2300 UTC	4 March at 0900 UTC
eu-west-2	4 March at 0000 UTC	4 March at 0700 UTC
us-east-1-sandbox/us-west-2-sandbox	4 March at 0100 UTC	4 March at 1000 UTC
us-east-1	4 March at 0500 UTC	4 March at 1800 UTC
us-west-2	4 March at 0800 UTC	4 March at 2100 UTC

mschroder · ‎03-02-2023

XSS sounds serious - but how serious is it? Shall I go into emergency mode or consider updating one of these days?

mike_paul · ‎03-02-2023

We ranked it as a 7 on the CVSS scale which puts it at a High security severity in our eyes.

mschroder · ‎03-03-2023

Thanks for the info, indeed helpful. Servers are updated.

user-dIrrpGXxza · ‎03-03-2023

Regarding "[PI111020] Resolved a Cross-Site Scripting (XSS) issue." - does this affect previous versions of JAMF pro as well? In our case 10.43.1 .

mike_paul · ‎03-06-2023

@user-dIrrpGXxza, this issue was present in previous versions of Jamf Pro, including 10.43.1.

Jamf Nation Community

Jamf Pro 10.44.1 Now Available