Resolved Issues

Jamf Pro Release Notes 11.22.0
Solution
Application
Content Type
Technical Documentation
Release Notes
Utilities & Services
version
11.22.0
ft:locale
en-US
vrm_version
11.22.0

Note:

Some resolved issues in this release may have been addressed in a previous maintenance release.

Jamf Pro Server: Security Issues

Jamf provides the CVE-ID for security issues with high or critical severity when possible.

  • [PI136452] Fixed: An injection vulnerability in the Jamf Pro API.

  • [PI140956] Fixed: A broken access control issue.

  • [PI141217] Fixed: A cross-site scripting (XSS) issue.

  • [PI141254] Fixed: A known vulnerability in a third-party library (CVE-2025-58754).

  • [PI141347] Fixed: A known vulnerability in a third-party library (CVE-2025-41249).

  • [PI141349] Fixed: A known vulnerability in a third-party library (CVE-2205-41248).

  • [PI141856] Fixed: A cross-site scripting (XSS) issue.

  • [PI141857] Fixed: A cross-site scripting (XSS) issue.

Jamf Pro Server

  • [PI110214] Fixed: Computers fail to re-enroll if there are duplicate corresponding entries in the jamf_package_active_reenrollments table in the Jamf Pro database.

  • [PI116238] Fixed: Certificate renewal errors may occur in external certificate authority (CA) integrations if the length of time between certificate issuance and renewal is too short.

  • [PI135923] Fixed: Self Service+ incorrectly displays an "Item failed" notification when executing a Self Service policy containing a jamf policy command in the Files and Processes payload despite successful policy execution.

  • [PI135990] Fixed: When a minimum required OS version is specified in computer and mobile device PreStage enrollments, the OS version is automatically updated to the latest version released by Apple without user input.

  • [PI136833] Fixed: When running a search or export, the Inventory Display attribute field is always blank when the following criteria are used: User Last Logged in Computer, User Last Logged in - Computer timestamp, User Last Logged in - Self Service, or User Last Logged in - Self Service timestamp.

  • [PI140393] Fixed: Configuration profiles with a Network Relay payload containing a large number of URLs (e.g., 500 or more) in the Match Domains field cause the browser to become unresponsive.

  • [PI141164] Fixed: In environments using OIDC-based SSO with Jamf Account, Jamf Pro can mishandle user logouts, resulting in unexpected "Access denied" errors, loss of app switcher functionality, and platform sessions ending prematurely.

  • [PI141237] Fixed: The /v2/mobile-devices/detail API endpoint returns a 500 error when queried with section=SECURITY for mobile devices that have blank or unknown values in the OS family field.

  • [PI141309] Fixed: Self Service classic may display multiple progress indicators during policy execution.