Resolved Issues

Jamf Pro Server: Security Issues

Jamf provides the CVE-ID for security issues with high or critical severity when possible.

  • [PI-008788] Fixed an issue where adding /uapi/auth/tokens to any Jamf instance URL resulted in different HTTP error codes generated by the application.

  • [PI-009767] Jamf Pro no longer uses a vulnerable image library in the Jamf Pro installers.

  • [PI-010024] This release fixes a security vulnerability involving Spring Core Framework. It is strongly recommended that you upgrade to Jamf Pro 10.33.0 as soon as possible.

  • [PI-010085] Fixed an issue that could allow Server-Side Request Forgery from the gsxConnectionTest HTTP response.

  • [PI-010101] Fixed an issue that created a security vulnerability on the bookmarks page if you created a site using XSS input and assigned it to a bookmark.

  • [PI-010111] CVE-2021-40808 This release fixes a security vulnerability with Jamf Pro which is also fixed in Jamf Pro 10.32.1 or later. We strongly recommended that you upgrade to Jamf Pro 10.32.1 or later as soon as possible. This vulnerability poses a risk to private data. It does not have the potential to impact managed devices or the integrity and availability of your web server. More details will be communicated via email and on Jamf Nation.

Jamf Pro Server

  • [PI-002194] Fixed an issue that incorrectly required administrators to have create privileges for computers to export a mobile device or user volume content search.

  • [PI-002202] Fixed an issue that caused fast user switching to prevent login and logout hooks from working correctly.

  • [PI-002244] An issue has been closed in which enabling the Perform login hook actions in the background setting and deploying a script with a jamf mount command would cause the macOS login window to freeze because the setting has been removed from Jamf Pro.

  • [PI-002269] Fixed an issue that caused policies configured with a login hook trigger to intermittently fail to run.

  • [PI-002775] Fixed an issue that caused Jamf Pro to incorrectly allow the content associated with a VPP token to be overwritten by the content of another VPP token that was distributed to the same user.

  • [PI-003298] Icons associated with the volume purchasing service token are no longer downloaded to the Jamf Pro database.

  • [PI-003363] Jamf Pro no longer fails to install an eBook when the eBook had a filename that did not use American Standard Code for Information Interchange (ASCII) characters.

  • [PI-003918] Fixed an issue that caused Jamf Pro to incorrectly create a VPP invitation when an invitation was already sent and accepted by a user.

  • [PI-004217] Fixed an issue that sometimes caused Jamf Pro to incorrectly handle the volume purchasing service token reclaim process.

  • [PI-004366] Fixed an issue that caused Jamf Pro to ignore values for a different app when updating existing app information, which prevented the different app from being distributed.

  • [PI-004488], [PI-009042] Fixed an issue that prevented the Enforce Mobile Device Name setting from being updated via the Jamf Pro API. You can now use the GET /v2/mobile-devices/{id}/detail endpoint to view whether the setting is enforced for a device and the PATCH /v2/mobile-devices/{id} endpoint to update the setting. See the Jamf Pro API documentation for more information.

  • [PI-005348] Errors no longer occur in the Jamf Pro server log after deleting an app from the App Catalog in Jamf Pro.

  • [PI-005516] Fixed an issue that prevented volume content search results from loading in Jamf Pro if the search was performed for a site.

  • [PI-005643] Fixed an issue that caused uploading a PLIST file to the Application and Custom Settings payload of a computer configuration profile to fail.

  • [PI-006183] Fixed an issue that caused apps distributed via VPP-managed distribution to be incorrectly removed from devices when the scope of the app included an LDAP group when the LDAP directory service was unavailable.

  • [PI-006308] Fixed an issue that prevented Jamf Pro from associating newly purchased Book licenses with the Book in Jamf Pro if there was updated data about the Book after the initial purchase. As a result, Jamf Pro now displays the Quality data for the book with the values "STDQ" or "PLUS".

  • [PI-007487] Fixed an issue that caused an app icon to persist on a mobile device if the scope of the app was modified using the Jamf Pro API to remove the device.

  • [PI-007526] Fixed an issue that caused policies based on login or logout triggers to fail to execute scripts that required full disk access.

  • [PI-007537] Fixed an issue that incorrectly retained information from the previous volume purchasing registration when a user attempted to re-register with volume purchasing.

  • [PI-007659] Fixed an issue that caused packages from an SMB share to fail to install on computers with macOS 10.15 or later if the policy was configured with a login or logout trigger.

  • [PI-008701] Fixed an issue in which the Jamf Helper caused the login window to freeze on computers with macOS 10.15.6 if called by a script on a login trigger.

  • [PI-009831] Fixed an issue that caused Jamf Pro to send duplicate install commands for Jamf Connect deployments to computers if they were in the scope of multiple Jamf Connect configuration profiles with differing deployment versions.

  • [PI-009893] Fixed an issue where API integration wasn't re-enabled after disabling the application in Jamf Pro.

  • [PI-009973] Fixed an issue that caused a misleading error message to be returned when running a policy with an MDM restart payload on Macs with Apple silicon (M1 chip).

  • [PI-010020] Fixed an issue where the redirection to the device-compliance-registration page in some scenarios started a loop that resulted in a large number of calls made to Azure AD.

  • [PI-010042] Fixed an issue where an administrator logging into Jamf Pro Server with group based single sign-on credentials cannot start a TeamViewer session.

  • [PI-010077] Fixed an issue which caused the connection pool to become exhausted due to connections not being released when SCEP challenge requests failed.

  • [PI-010133] Recovery Lock is now set after the first "volume owner" user is created on computers with macOS 11.5, such as during enrollment using a PreStage enrollment. This resolves the issues with setting Recovery Lock using a PreStage enrollment.

  • [PI-010150] Fixed an issue with the mobile_device_management_commands table that caused Jamf Pro server performance degradation. This bug fix is also included in Jamf Pro 10.32.2 or later.

  • [PI-010151] Fixed an issue with the mobile_device_management_commands table that prevented apps from updating. This bug fix is also included in Jamf Pro 10.32.2 or later.

  • [SUS-3821] Fixed an issue that caused unnecessary logging in the Jamf Pro server log if Tomcat was stopped during a Volume Purchasing service token upload to Jamf Pro.

Jamf Self Service for macOS

  • [PI-009447] Fixed an issue where the Self Service for macOS branding icon does not show up in the applications folder.

  • [PI-009903] Fixed an issue that caused Jamf Self Service for macOS to crash if more than 32 characters were used in a category.

  • [PI-009929] Fixed an issue that caused Self Service for macOS to incorrectly handle the return keystroke when using the search bar.