Important Note: If upgrading from 4.1.2 or before, please read the 4.2.3 release notes.
Version: 4.2.4.137 + Connector 4.2.4.215 (Apr 2nd, 2023)
- 4.2.4 UR1 (build 148) - Apr 23, 2023
- 4.2.4 UR2 (build 162) - May 7, 2023
- 4.2.4 UR3 (build 173) - May 25, 2023
- 4.2.4 UR4 (build 180) + Connector 4.2.4.216 - June 7, 2023
- 4.2.4 UR5 (build 191) + Connector 4.2.4.218 - June 29, 2023
- 4.2.4 UR6 (build 194) - July 13, 2023
- 4.2.4 UR7 (build 199) - August 18, 2023
- 4.2.4 UR8 (build 199, rpm 433) - September 20, 2023
Note - To upgrade to 4.2.4 using the repository, see: Upgrading JetPatch using repository
Extended Platforms Support
Requires latest 4.2.4 connector
- Red Hat Enterprise Linux 9
- Support for Patches and Agents
- Windows Server 2022
- Support for Patches and Agents
- Ubuntu
- Ubuntu 22
- Support for Patches and Agents
- Ubuntu Security Notices (USN)
- Support for Security Notices
- JetPatch server must have the following URL whitelisted: https://ubuntu.com/security/notices.json
- Post upgrade, run the ‘Collect Endpoint Update’ task for new output
- Includes CVE Mapping
- Ubuntu 22
- AlmaLinux OS
- Support for Patches and Agents
- Alma Linux 8
- Alma Linux 9
- Support for Patches and Agents
Visit JetPatch Supported Platforms for more information.
Rules Screen
Places all Existing and New Rules Under One Section
New Rule - Maintenance Schedule Rule
Under the ‘Rules’ Section, there is now Maintenance Rules, which allows you to cr eate a rule to auto-assign Smart Group to Maintenance Window (MW) - This means all the Endpoints will auto-assign to the selected MW
You will be able to Create / Edit MW Rule By Selecting the Smart Groups & The Maintenance Window to be Auto-Assigned
Note: You can also create a New Smart Group and Maintenance from this window.
Remediation Plan Improvements
Send an Email on Remediation Plan Completion
When an active Remediation Plan is Moved to the ‘Completed’ Status, JetPatch can now send a notification email with an executive summary
Create Blank RP Immediately from Remediation Plans Screen
New option to instantly create a New and Empty Remediation Plan, directly from the Remediation Plans Screen.
This Option Places under the list of options shown in the ACTIONS button.
Endpoint Readiness Improvements
Add New Section to display the Total Readiness that will Calculate based on All Status (Ready, Not Ready, and Unknown)
Note: Effective Readiness is based on what's Ready vs Not Ready (excluding Unknown)
Show the Readiness Activity Details
On page Endpoints > Readiness, the Endpoint Name value of each EP presented in the table should be a clickable link. Once clicked it will open a modal to display the latest Activity Details of that EP that is related to the task Endpoint readiness for <OS> endpoint
You can update the results by checking the endpoint and clicking on Actions > Run Readiness Tests (then waiting 1-2 mins and clicking on the EP link again.
Auto-configure Endpoint Readiness Repositories
Under Repository List Title we’ll add 2 Options :
-
Manual
-
By selecting an option for manual
-
The system will behave as it is now without any changes
-
-
-
Autocomplete - New
-
By selecting an option for Autocomplete
-
New Search Field will be displayed
-
The search will bring all matches Endpoints (Search - ‘Include’) & display them on a Table with the relevant information
-
-
Continuous Improvements
Run as an Unmanaged Task
From version 4.2.4 UR3 (Connector 4.2.4.216) onwards, unmanaged tasks can be executed without connector monitoring. This execution will not obstruct the Endpoint from running additional tasks in its regular run (System / User / User Schedule).
When the User chooses to execute a task as an Unmanaged Task:
- The task will run as an Unmanaged Task.
- The task will run without a timeout, disregarding the configured timeout on Task Settings (located on the 'Configuration' Tab).
- The task will run without Connector monitoring.
- It will be possible to set the task to run at a specific time.
- Running a task as Unmanaged will not prevent the Endpoint from executing additional tasks in its regular run (System / User / User Schedule)."
Note: It is required to make configuration changes for this feature to work:
- Connect to the JetPatch Core server through SSH and edit the file /usr/share/tomcat/default/conf/intigua.properties
- Add the line
automation.task.unmanaged.enabled=true
3. Save the file and restart the tomcat.
To run the task please follow the same steps from "Run Task". Make sure the option "Run as Unmanaged Task" is selected.
AWS Organization Multi-Account Support
JetPatch can now connect to the Master (or Trusted) account in a given AWS Organization, allowing the user to have access to list the available child (or Trusting) accounts and to assume the role of all child accounts. This new feature(single account) is available as of 4.2.4 UR6. Starting 4.2.4 UR7 Multi-Account is supported.
In order to modify the default member role, use the “aws.members.role“ in intigua.properties
UI/UX Improvements
Various improvements have been made to the UI to not only improve the visual aspect of JetPatch but also many workflow improvements.
Manage Tags
Create an Additional option to manage Tags under Endpoint > Management screen
Procedures available for this Button
- Performed CRUD operations for TAGS
- When the user Only clicks the button (without selecting the endpoint) he will have the option to create, update and delete TAGS
- ASSIGN Button - Disable
- Select Tags - Disable
- Assign Tags to Endpoints
- The user will select an Endpoint and by clicking the button will be able to associate them with TAGS, as well as be able to create a new TAG, update or delete existing TAGS
- ASSIGN Button - Enable
- Import Tags
- Same Behavior: Tagging Endpoints in Bulk
Table UI / UX Changes
As you can see, there have various changes On Multiple Screens :
- Set Statuses Directly from Table - Rules / Scripts
- More Buttons & Table Design
- More Help Links
-
Add the ability to search by IP
-
- Adding ‘IP Address’ Columns & the ability to search also by IP for all the ‘Endpoints’ Tables Screens
- Endpoint > Management
- Endpoint > Activities
- Endpoint > Maintenance
- Endpoint > Groups
- Endpoint > Readiness
- Predictive Patching > How to Improve
- Adding ‘IP Address’ Columns & the ability to search also by IP for all the ‘Endpoints’ Tables Screens
Endpoint Activities
Various improvements have been made to the Screen & Table Details :
- Default ‘Task Type’ - ‘All’ (Include System & User Schedule)
- Add New Sorting Option - ‘Activity Status'
- Mark Statuses with Relevant Colors
- Succeeded
- In Progress
- Queued
- Error
- Fail
- Canceled
If an endpoint is in the “updating endpoint” status in Endpoints > Groups, which can prevent patching, a new warning is display on Endpoints > Management
Reports and Dashboards
New CSV Report
New CSV Report was Added to the Endpoints > Management: Endpoint Management Report segment by Operating Systems. This report creates a Pivot Table based on the endpoint compliance & OS Family
Insights Improvement
Dashboards > Insights: Add The Ability to Filter according to Patches Release ‘Age’ for Dedicated Reports
- Adding New Filter 'Released more then…” with Values: 14 - 90 Days
- Patches By Age
- Endpoints By Oldest Missing Patch
Connector Improvements
Requires latest 4.2.4 connector
Ability to manual upgrade connector from endpoint itself
- Move the vai file of the new connector (for example vlink_Windows_all-arch_4.2.4.211_1.0_Release.vai) that we want to install, to the endpoint (for example to the Temp directory "C:\Windows\Temp")
- Run the new CLI command (for example: intigua.exe upgrade_connector C:\Windows\Temp\vlink_Windows_all-arch_4.2.4.211_1.0_Release.vai
- Check the connector version by running "intigua.exe connector" CLI command
- Ceck if the agents still run on the endpoint by running "intigua.exe val" CLI command
Additional Enhancements
- The default workflows, Patch Windows and Patch Linux, now include the post-patching task "Check If [Windows/Linux] Reboot Is Needed And Reboot If Needed" by default.
- Create Smart Group - Allow Bulk Inputs for common fields (Endpoint Name, Hostname, and IP Address)
- Support > Download JetPatch Logs - Include also 'Activities' Report
- Azure Discovery Source - Auto-Adding Tags Based on the Subscription ID
- Compliance Report - Removed Unnecessary Endpoint Compliance Graph
- GWT > Servers - 'Discovery source' & 'Last status collected' enabled by default
- Custom Compliance Rule - Add Icon 'Show Patch Filter'
- System > Compliance > Replace the 'Tag' Filter with 'Smart Group' Selection
- System > Maintenance Schedule - Make Number of Endpoints Cells Clickable
- Pending Reboot Suspension default from 3 days to 1 day.
- Logs & Alerts - Extended logs
- WSUS - Improved Capacities, Communication, and Synchronization
- Added the ability to search by IP in Predictive Patching (Added In: 4.2.4 UR1)
- Trial Mode enhancements (Added In: 4.2.4 UR1)
- The CVE listed in the column of a remediation plan is now a clickable link to the given CVE (Added In: 4.2.4 UR4)
Bug Fixes
- Tasks - User Scheduled Queued Tasks now persist after tomcat restart
- Unable to patch WSUS Server with JetPatch if it is apart of multiple smart groups
- Patching WSUS Replica Servers with JetPatch - No longer need to set WUA of Replica to Primary, see article
- Patches Catalogs - No Indication for broken saved filter Based on Smart Groups
- Predictive Patching - Smart Group statistics can show the same group twice
- Predictive Analytics disabled only on new installed
- In Endpoints > Activities, "Succeeded" in the Status column is cut off at the final letter
- Broken filter based on Smart Groups
- If you are using JetPatch to patch WSUS Replicas, please make sure the Replicas are pointing to the Primary (see article), otherwise replica endpoints will be stuck in "Synchronizing Endpoint".
- In Endpoints>Management>Manage Tags, Select Tags did not display previously selected tags. (Fixed In: 4.2.4 UR1)
- Fixed issue while using Unignore in Agent&Tools>Exceptions (Fixed In: 4.2.4 UR1)
- Names are not visible in the checklist in Agent&Tools>Exceptions (Fixed In: 4.2.4 UR1)
- Selecting all statuses in Endpoints>Management displays no endpoints (Fixed In: 4.2.4 UR1)
- Filtering by Windows operating system in Endpoints>Readiness>Autocomplete displays no endpoints (Fixed In: 4.2.4 UR1)
- Fixed an issue where dropdown menus in open windows would get cut off (Fixed In: 4.2.4 UR1)
- Users with Server Scope are supposed to be allowed to see Compliance Rules (Fixed In: 4.2.4 UR1)
- Fixed an endpoint population issue in discovery when using multiple active discovery sources (Fixed In: 4.2.4 UR2)
- Fixed an issue that caused CPU spikes while using the "Collect endpoint updates" task on linux endpoints (Fixed In: 4.2.4 UR2)
- Fixed an issue that caused queued tasks to not cancel when using the Cancel feature in Endpoints > Management (Fixed In: 4.2.4 UR2)
- Enhancements to Ubuntu patch processing (Fixed In: 4.2.4 UR2)
- Improved patch selection processing (Fixed In: 4.2.4 UR3)
- Improved connector compatibility with AIX systems (Fixed In: 4.2.4 UR3)
- Improved the dropdown for Applicable Endpoint Compliance Status (Fixed In: 4.2.4 UR3)
- Trial life experience improvements (Fixed In: 4.2.4 UR3)
- Added .vai to compatible file types for logos in the Tools Catalog (Fixed In: 4.2.4 UR3)
- Enhanced Tomcat processing on Linux systems (Fixed In: 4.2.4 UR3)
- Improved Maintenance Schedule advanced filtering (Fixed In: 4.2.4 UR3)
- Improvements to the Manager Log Export function (Fixed In 4.2.4 UR3)
- Improved the filtering for Exemptions in Predictive Patching (Fixed In: 4.2.4 UR3)
- Fixed known issue from 4.2.3: "Predictive Patching - Smart Group statistics can show the same group twice" (Fixed In: 4.2.4 UR3)
-
Filters now persist when switching across different pages (Fixed In: 4.2.4 UR3)
- Improvements to compliance calculation (Fixed In: 4.2.4 UR4)
- Fixed a display bug when filtering Remediation Plans by CVE column (Fixed In: 4.2.4 UR4)
- Improvements to discovery in the patch catalog (Fixed In: 4.2.4 UR4)
- Fixed an issue related to persisting permissions tied to deleted groups in JetAgent (Fixed In: 4.2.4 UR5)
- Improvements to the Run Task feature in Endpoints > Management in JetAgent (Fixed In: 4.2.4 UR5)
- Fixed a bug where the tools catalog would get stuck while loading (Fixed In: 4.2.4 UR5)
- Improvements to the Patch Catalog regarding WSUS updates (Fixed In: 4.2.4 UR5)
- Added a reference to the troubleshooting article in the error prompt related to high load or low disk space on a target server (Fixed In: 4.2.4 UR5)
- Corrected JetAgent displaying settings pages not relevant to the product (Fixed In: 4.2.4 UR5)
- Fixed an error displaying duplicate entries for endpoints in Endpoints > Management in JetAgent (Fixed In: 4.2.4 UR5)
- Patch compliance fix (Fixed In: 4.2.4 UR7)
- Updated tomcat (Added In: 4.2.4 UR8)
Known Issues
From Previous Versions
- Unable to patch WSUS Server with JetPatch if it is apart of multiple smart groups (Fix: 4.2.6)
- Patching WSUS Replica Servers with JetPatch - Must set WUA of Replica to Primary, see article (Fix: 4.2.6)
- WSUS servers operating in Client Side Targeting mode are not supported in this version. Client side targeting is not necessary with the move to smart groups and the WSUS group management mechanism enhancement. (Fix: 4.3)
- Dashboard->Operating System filter drop down list is not aligned with user server scope (Fix: 4.3)
Comments
0 comments
Please sign in to leave a comment.