Resolved Issues

Jamf Pro Release Notes 11.21.0
Solution
Application
Content Type
Technical Documentation
Release Notes
Utilities & Services
version
11.21.0
ft:locale
en-US
vrm_version
11.21.0

Note:

Some resolved issues in this release may have been addressed in a previous maintenance release.

Jamf Pro Server: Security Issues

Jamf provides the CVE-ID for security issues with high or critical severity when possible.

[PI141565] Jamf Pro 11.21.0 includes Tomcat 10.1.44, resolving a known security vulnerability in a third-party library (CVE-2025-48989).

Jamf Pro Server

  • [PI103704] Fixed: In environments using Jamf Infrastructure Manager for LDAP Proxy, disabling LDAP Proxy while the LDAP server is unreachable may cause the Jamf Pro startup to fail.

  • [PI111901] Fixed: The log_actions table contains orphaned data.

  • [PI113032] Fixed: During the first inventory update of a managed computer enrolling via PreStage, a computer inventory record may briefly report the "Enrolled via Automated Device Enrollment" attribute with a value of "No" until the full inventory update completes, and the correct value is shown. For organizations that utilize this inventory attribute for smart computer groups and scoping actions to target non-PreStage enrolled computers only, this can trigger undesired enrollment workflows to execute.

  • [PI119501] Fixed: Policy notifications do not display for recurring check-in events. In addition, using compliance benchmarks disables all policy event notifications.

  • [PI132283] Fixed: MDM commands can stay pending indefinitely after a Jamf management framework Redeploy command receives a "NotNow" response from a managed device until the original command is manually cleared from the Jamf Pro interface.

  • [PI134363] Fixed: When configuring a computer configuration profile with a Network payload with "Any ethernet" selected, Jamf Pro incorrectly uses the string "AnyEthernet" instead of the required "GlobalEthernet" in the payload, preventing computers from successfully joining corporate 802.1x wired networks.

  • [PI136395] Fixed: When a device that was originally enrolled using an enrollment invitation needs to be re-enrolled after the original invitation has been deleted, the re-enrollment process fails with a null pointer exception error.

  • [PI136453] Fixed: In environments integrated with DigiCert, Jamf Pro incorrectly creates configuration profiles with a SCEP payload if the redistribution option is enabled.

  • [PI138582] Fixed: When a local administrator account is configured in a Jamf Pro PreStage enrollment, the FileVault skip option is unavailable in Setup Assistant settings, preventing administrators from bypassing FileVault encryption during device enrollment.

  • [PI139022] Fixed: User-level MDM commands can fail to deliver to computers and remain in pending status indefinitely when the apn_token and push_magic values are blank in the mdm_client database table.

  • [PI139045] Fixed: Activation Lock status fails to display for eligible iOS devices in the Management > Activation Lock bypass category of a mobile device inventory record.

  • [PI140234] Fixed: Static groups fail to display in the Management > Mobile Device Groups category of a mobile device inventory record.

  • [PI140306] Fixed: Jamf Pro fails to display new, updated, and existing students imported from Apple School Manager.

  • [PI140403] Fixed: Jamf Pro requires Platform Single Sign-on (Platform SSO) configurations to include an Associated Domain payload, despite not being necessary for every identity provider.