Releases: micromdm/micromdm
MicroMDM 1.12.1
MicroMDM 1.12
This release includes new features and fixes.
Thanks to our contributors: @grahamgilbert, @jamesez, @jessepeterson, @korylprince
- Add
-log-time
flag to include timestamps in log messages (#890) - Add
-device-signature-skew
flag to allow configuring clock skew when verifying device signatures (#887) - Tidy code for Go 1.20 and update Go version for Docker and CI (#902)
- Add support for inspecting the MDM command queue (#895)
- See the docs for how to use!
- Fix HTTP status codes being swallowed by -http-debug flag (#906)
- Remove unused tools package
- Fix pkg signature checks on non-macOS platforms (#930, #962)
- Add go:generate for command_queued protobuf
- Switch to smallstep/pkcs7 for PKCS7 library (#944)
- Remove PayloadScope=System from enrollment profile (See #766)
- Allow disabling default HTTP to HTTPS redirect (#967)
- Project dependency updates (#881, #888, #899, #900, #918, #933, #946, #948, #954, #958, #960, #961, #965, #966)
MicroMDM 1.11
This release includes new features and fixes.
Thanks to our contributors: @williamtheaker, @korylprince, @krmzbbr
- Add Dependabot updating (#857)
- Add SoftwareUpdateSettings to Settings command (#771, #856)
- Add tools script install_vpp_application to install VPP apps (#865)
- Note MicroMDM doesn't support VPP/A&B itself.
- Fix bug that prevented errors being logged on the Checkin and Connect endpoints (#871)
- Add support for submitting "raw" plist MDM commands! (#864)
- See the docs for how to use!
- Add NanoMDM-compatible Declarative Device Management (DDM) "proxy" support. (#882)
- Use the
-dm
switch to extract and forward the Declarative Management protocol Endpoints to a specialized HTTP server. Such as KMFDDM. - Check out the older blog post about DDM for more info.
- KMFDDM v0.2.0 required for MicroMDM support. Use the
-micromdm
switch KMFDDM.
- Use the
- Project dependency updates (#858, #859, #860, #861, #867, #869, #873, #872, #874, #875, #879)
MicroMDM 1.10.1
Patch release. Thanks to our contributors: @korylprince
MicroMDM 1.10
This release includes new features and fixes.
Thanks to our contributors for this release: @networkpanic, @meta-github, @korylprince, @ayush5harma, @discentem, @hrgbcxd, @petitout
- Add support for
Priority
in ScheduleOSUpdate command (#803) - Added RefreshCellularPlans support (#809)
- Add LOM commands (#839)
- See Apple's newer documentation on configuring MDM via LOM
- Including example configurations
- Fix RotateFileVaultKey panics (#801)
- Fix for DEP client library to be thread safe (#850)
- Add ability to sign apps when they're uploaded:
mdmctl apply app -sign-identity
(#785) mdmctl
: don't send a request body for GET requests (#821)- Updated
schedule_os_update
script to support more parameters. (#828) - Switch to using cfgprofiles for enrollment profile generation (#827)
- Documentation & CLI usage improvements (#799, #811, #817, #819, #823)
MicroMDM 1.9
This release includes new features and fixes.
- Add new fields for the ScheduleOSUpdate command (#793)
- Use HTTPS for retrieving Apple certificates (#792)
- Add CLI help for
mdmctl config switch
(#791) - Update builder to Go 1.17 (#783)
- Replace gogo/protobuf with Google protobuf (#773)
- Add GHCR container workflow. Add ARM build. (#745)
- New in-memory-only command queue (#736)
- Bootstrap token support (#781, #782)
- Fix potential DEP sync data loss (#779)
- Support logging proxy IP headers
X-Forwarded-For
,X-Real-IP
. Enable with-http-proxy-headers
switch (#744) - Allow MDM check-in messages to return data (#764)
- Added support for SetRecoveryLock and VerifyRecoveryLock (#757)
- Fix SetFirmwarePassword and VerifyFirmwarePassword parameters (#743)
- Command UUID can now be passed in as as a request parameter (#754)
- Update to SCEP v2, switch to Mozilla PKCS7, interface cleanup (#737, #772, #778)
- Fix panic when using DEP mdmctl commands with no DEP tokens configured (#750)
- Spruce up built-in landing page including better accessibility (#721, #751)
- Documentation & CLI usage improvements (#729, #730, #748, #749)
Thanks to our contributors for this release: @discentem, @korylprince, @williamtheaker, @bpmcneilly, @daemonsy, @tomaswallentinus, @ivanhata, @networkpanic, @HernanPaez
v1.9.0-beta
MicroMDM v1.9.0-beta pre-release. See the changelog for details about this release.
Focus areas for testing are primarily SCEP issuance (i.e. enrollment), normal MDM command/delivery. As always backup your database before testing, just in case.
MicroMDM 1.8
This release includes fixes and new features.
- Fix embedded manifest of InstallEnterpriseApplication (#669)
- Added Activation Lock Bypass support code (#677)
- Fix DEP device serialization so that
ProfileStatus
of device now works (#682) - mdmctl can now have a base server URL (#683)
- Fix an asymptomatic queue marshaling bug (#690)
- Add ability to unassign DEP devices via API (#687)
- A device's command queue is now cleared during enrollment (#692)
- APNS is now proxy aware (#698)
- Add
-validate-scep-issuer
and-validate-scep-expiration
flags to only validate the SCEP certificate was issued by the MicrMDM SCEP CA, and optionally to validate that the certificate hasn't expired (#700) - Add
-udid-cert-auth-warn-only
flag that disables the UDID-certificate authentication mechanism. Can be used to help remediate expiring device identity certificates (#643) - Fix for multiple InstallApplications in Blueprints (#549, #704)
- More secure argument passing in API scripts (#709)
- TimeZone setting support in Settings command (#719)
- Support tls-alpn-01 for Let's Encrypt certificates (#720)
- Update MDM Vendor CSR signing to SHA-2 and use new Apple intermediate cert (#723, #725)
- Avoid unnecessary command queue save/disk write (#711)
- Documentation updates
Thanks to our contributors for this release: @MobileDan, @meta-github, @grahamgilbert, @tperfitt, @williamtheaker, @slawoslawo, @choehn-signogy, @natewalck, @korylprince
MicroMDM 1.7.1
This is a release of 1.7.0 with a few additional commits.
Reliability, scalability, security, and usability improvements:
- Add device DEP status to API response (#617)
- CLI improvements (#618, #620, #621)
- Support new values for AccountConfiguration (#627)
- Fix issue where DEP watcher would stop permanently for transient network issues (#582, #632)
- Workaround issue where a newly added DEP token would not be used after a restart (#546, #633)
- Fix bug with applying an empty blueprint (#615, #634)
- Add
-no-command-history
flag to disable saving of command history (#640). This works around a race-condition/scalability issue with device records (#556). - Add dynamic SCEP challenges (#642). Require dynamic SCEP challenges for certificate issuance with
-use-dynamic-challenge
and (only recommended for testing) generate them in enrollment profiles with-gen-dynamic-challenge
. - Add MDM commands to enable and disable remote desktop (#651)
- SCEP payload key names were corrected (#652)
Thanks to our contributors for this release: @grahamgilbert, @n8felton, @tomaswallentinus @netproteus
MicroMDM 1.7 alpha
Reliability, scalability, security, and usability improvements:
- Add device DEP status to API response (#617)
- CLI improvements (#618, #620, #621)
- Support new values for AccountConfiguration (#627)
- Fix issue where DEP watcher would stop permanently for transient network issues (#582, #632)
- Workaround issue where a newly added DEP token would not be used after a restart (#546, #633)
- Fix bug with applying an empty blueprint (#615, #634)
- Add
-no-command-history
flag to disable saving of command history (#640). This works around a race-condition/scalability issue with device records (#556). - Add dynamic SCEP challenges (#642). Require dynamic SCEP challenges for certificate issuance with
-use-dynamic-challenge
and (only recommended for testing) generate them in enrollment profiles with-gen-dynamic-challenge
. - Add MDM commands to enable and disable remote desktop (#651)
- SCEP payload key names were corrected (#652)
Thanks to our contributors for this release: @grahamgilbert, @n8felton, @tomaswallentinus