Skip to content

Releases: micromdm/micromdm

MicroMDM 1.9

dece2dc
Compare
Choose a tag to compare

This release includes new features and fixes.

  • Add new fields for the ScheduleOSUpdate command (#793)
  • Use HTTPS for retrieving Apple certificates (#792)
  • Add CLI help for mdmctl config switch (#791)
  • Update builder to Go 1.17 (#783)
  • Replace gogo/protobuf with Google protobuf (#773)
  • Add GHCR container workflow. Add ARM build. (#745)
  • New in-memory-only command queue (#736)
  • Bootstrap token support (#781, #782)
  • Fix potential DEP sync data loss (#779)
  • Support logging proxy IP headers X-Forwarded-For, X-Real-IP. Enable with -http-proxy-headers switch (#744)
  • Allow MDM check-in messages to return data (#764)
  • Added support for SetRecoveryLock and VerifyRecoveryLock (#757)
  • Fix SetFirmwarePassword and VerifyFirmwarePassword parameters (#743)
  • Command UUID can now be passed in as as a request parameter (#754)
  • Update to SCEP v2, switch to Mozilla PKCS7, interface cleanup (#737, #772, #778)
  • Fix panic when using DEP mdmctl commands with no DEP tokens configured (#750)
  • Spruce up built-in landing page including better accessibility (#721, #751)
  • Documentation & CLI usage improvements (#729, #730, #748, #749)

Thanks to our contributors for this release: @discentem, @korylprince, @williamtheaker, @bpmcneilly, @daemonsy, @tomaswallentinus, @ivanhata, @networkpanic, @HernanPaez

v1.9.0-beta

Compare
Choose a tag to compare
v1.9.0-beta Pre-release
Pre-release

MicroMDM v1.9.0-beta pre-release. See the changelog for details about this release.

Focus areas for testing are primarily SCEP issuance (i.e. enrollment), normal MDM command/delivery. As always backup your database before testing, just in case.

MicroMDM 1.8

9b4d96a
Compare
Choose a tag to compare

This release includes fixes and new features.

  • Fix embedded manifest of InstallEnterpriseApplication (#669)
  • Added Activation Lock Bypass support code (#677)
  • Fix DEP device serialization so that ProfileStatus of device now works (#682)
  • mdmctl can now have a base server URL (#683)
  • Fix an asymptomatic queue marshaling bug (#690)
  • Add ability to unassign DEP devices via API (#687)
  • A device's command queue is now cleared during enrollment (#692)
  • APNS is now proxy aware (#698)
  • Add -validate-scep-issuer and -validate-scep-expiration flags to only validate the SCEP certificate was issued by the MicrMDM SCEP CA, and optionally to validate that the certificate hasn't expired (#700)
  • Add -udid-cert-auth-warn-only flag that disables the UDID-certificate authentication mechanism. Can be used to help remediate expiring device identity certificates (#643)
  • Fix for multiple InstallApplications in Blueprints (#549, #704)
  • More secure argument passing in API scripts (#709)
  • TimeZone setting support in Settings command (#719)
  • Support tls-alpn-01 for Let's Encrypt certificates (#720)
  • Update MDM Vendor CSR signing to SHA-2 and use new Apple intermediate cert (#723, #725)
  • Avoid unnecessary command queue save/disk write (#711)
  • Documentation updates

Thanks to our contributors for this release: @MobileDan, @meta-github, @grahamgilbert, @tperfitt, @williamtheaker, @slawoslawo, @choehn-signogy, @natewalck, @korylprince

MicroMDM 1.7.1

Compare
Choose a tag to compare

This is a release of 1.7.0 with a few additional commits.

v1.7.0-alpha...v1.7.1

Reliability, scalability, security, and usability improvements:

  • Add device DEP status to API response (#617)
  • CLI improvements (#618, #620, #621)
  • Support new values for AccountConfiguration (#627)
  • Fix issue where DEP watcher would stop permanently for transient network issues (#582, #632)
  • Workaround issue where a newly added DEP token would not be used after a restart (#546, #633)
  • Fix bug with applying an empty blueprint (#615, #634)
  • Add -no-command-history flag to disable saving of command history (#640). This works around a race-condition/scalability issue with device records (#556).
  • Add dynamic SCEP challenges (#642). Require dynamic SCEP challenges for certificate issuance with -use-dynamic-challenge and (only recommended for testing) generate them in enrollment profiles with -gen-dynamic-challenge.
  • Add MDM commands to enable and disable remote desktop (#651)
  • SCEP payload key names were corrected (#652)

Thanks to our contributors for this release: @grahamgilbert, @n8felton, @tomaswallentinus @netproteus

MicroMDM 1.7 alpha

45d478c
Compare
Choose a tag to compare
MicroMDM 1.7 alpha Pre-release
Pre-release

Reliability, scalability, security, and usability improvements:

  • Add device DEP status to API response (#617)
  • CLI improvements (#618, #620, #621)
  • Support new values for AccountConfiguration (#627)
  • Fix issue where DEP watcher would stop permanently for transient network issues (#582, #632)
  • Workaround issue where a newly added DEP token would not be used after a restart (#546, #633)
  • Fix bug with applying an empty blueprint (#615, #634)
  • Add -no-command-history flag to disable saving of command history (#640). This works around a race-condition/scalability issue with device records (#556).
  • Add dynamic SCEP challenges (#642). Require dynamic SCEP challenges for certificate issuance with -use-dynamic-challenge and (only recommended for testing) generate them in enrollment profiles with -gen-dynamic-challenge.
  • Add MDM commands to enable and disable remote desktop (#651)
  • SCEP payload key names were corrected (#652)

Thanks to our contributors for this release: @grahamgilbert, @n8felton, @tomaswallentinus

MicroMDM 1.6

Compare
Choose a tag to compare

Upgrade Go to 1.12.8 to fix CVE-2019-9512, CVE-2019-9514, and CVE-2019-14809

Beside those fixes, the following changes went in:

  • Add assign profile endpoint (#611)
  • Add support for User Enrollment (#597)
  • Add support for Signing Profiles (#602)
  • Add support for setting APNS message expiration (#609)

MicroMDM 1.5

Compare
Choose a tag to compare

This release brings many bug fixes and improvements.
To use it, make sure to update both your micromdm and mdmctl installations simultaneously, as some of the API verbs have changed.

  • Fix DEP token update issue (#513, #510)
  • Refactor certificate verification and implement UDID-cert authentication (#358, #429)
  • Cleanup DEP library and integrate into main project (#504, #505)
  • Add API endpoint to retrieve APNS certificate (#503)
  • Remove deprecated -apns flags from server startup (#528)
  • Move API calls to list endpoints from HTTP GET to HTTP POST (#522, #523, #524, #525, #526)
  • Add support for the ApplicationConfiguration Setting (#521)
  • Add support for the ActivationLockBypassCode Command (#578)
  • Allow SCEP client validity to be adjusted via server startup flag (#577)
  • Fix bug in mdmctl server saving, switch config when saving automatically (#565, #566)
  • Do not send DeviceConfigured automatically when there are no blueprints (#586)
  • Set acknowledge time when moving command to completed queue (#581)
  • Serialize PurchaseMethod when value is 0. (#592)

Stability Improvements

ade912a
Compare
Choose a tag to compare

v1.4.0 September 6 2018

Stability Improvements

  • Handle DEP INVALID_CURSOR response (#497)
  • No longer store SCEP CA on disk or include in enrollment profile (#490)
  • Further SCEP fixes (#492, #493)
  • Base64 fixes for API CLI tools (#477)
  • mdmctl apply block now works with self-signed certs (#479, #480)
  • Add API CLI tool for dep sync (#481)
  • DeviceInformation command API example support query strings (#469)
  • Allow setting curl options in environment variable (#455)
  • Fix URL params decoding. (#467)
  • Reorganize/refactor server init (#458)
  • Allow supplying additional curl options in API CLI tools (#455)

Thanks to our contributors for this release: @erikng, @gerardkok, @knightsc, @marpaia, and @ochimo!

scep and other bugs!

9f60f7b
Compare
Choose a tag to compare

v1.3.1 July 10 2018

  • Update base container to Alpine 3.7 (#437)
  • Fix bugs in SCEP enrollment (#451)
  • Fix issue with APNS timeouts -- Issue #215 (#446)
  • Add device_information and security_info commands with curl API (#448)
  • Add support for InstallEnterpriseApplication command (#452)

v1.3.0

Auto-assigner

  • Reorganize/refactor MDM, device, webhook services. #423, #424, #425, #426, #427
  • Do not allow mdmctl config set without args. #421
  • Fix for multiple UDID records. #422
  • Added/refactored logging. #405, #425
  • Added -homepage switch. #420
  • Warn about deprecated APNS switches. #412
  • Disallow bad TLS configuration with -tls=false. #414
  • Refactored MDM types. #341, #415
  • Added DEP auto-assigner feature. #405
  • Fixed bug with authentication error messages. #411
  • Added support for querying devices by serial(s). #363
  • Added support for triggering a DEP sync via API. #404
  • Added support for mdmcert.download directly to mdmctl #401
  • Reject network MDM user attempts until we add support. #379
  • Warn when starting without an API key. #396
  • Added tools and documentation for ngrok, curl, and APIs. #392
  • Fix issue with MDM command AvailableOSUpdates parsing. #368
  • Validate APNs Push Certificate Topic. #373
  • mdmctl now outputs to stdout vs. stderr. #360
  • Added common HTTP library httputil. #350
  • Added project Code of Conduct. #334
  • Refactored services (mostly for HA). #348, #349, #351, #352, #353, #354, #355, #359
  • Reorganized project layout. #333, #335, #336, #338, #340, #347
  • Added support for version API. #327
  • Added command response webhook feature. #315
  • Added support for supplied depsim URL. #318
  • Added Dockerfile. #316

Auto-assigner

Compare
Choose a tag to compare
Auto-assigner Pre-release
Pre-release

CHANGELOG

  • Reorganize/refactor MDM, device, webhook services. #423, #424, #425, #426, #427
  • Do not allow mdmctl config set without args. #421
  • Fix for multiple UDID records. #422
  • Added/refactored logging. #405, #425
  • Added -homepage switch. #420
  • Warn about deprecated APNS switches. #412
  • Disallow bad TLS configuration with -tls=false. #414
  • Refactored MDM types. #341, #415
  • Added DEP auto-assigner feature. #405
  • Fixed bug with authentication error messages. #411
  • Added support for querying devices by serial(s). #363
  • Added support for triggering a DEP sync via API. #404
  • Added support for mdmcert.download directly to mdmctl #401
  • Reject network MDM user attempts until we add support. #379
  • Warn when starting without an API key. #396
  • Added tools and documentation for ngrok, curl, and APIs. #392
  • Fix issue with MDM command AvailableOSUpdates parsing. #368
  • Validate APNs Push Certificate Topic. #373
  • mdmctl now outputs to stdout vs. stderr. #360
  • Added common HTTP library httputil. #350
  • Added project Code of Conduct. #334
  • Refactored services (mostly for HA). #348, #349, #351, #352, #353, #354, #355, #359
  • Reorganized project layout. #333, #335, #336, #338, #340, #347
  • Added support for version API. #327
  • Added command response webhook feature. #315
  • Added support for supplied depsim URL. #318
  • Added Dockerfile. #316