Version: 4.2.7.157 + Connector 4.2.7.219 (September 23, 2024)

Latest UR available on our 4.2.7 Live Repo
Review our pre and post upgrade best practices.

• UR1 (build 163) + Connector 4.2.7.220 - October 8, 2024
• UR2 (build 165) - October 14, 2024
• UR3 (build 166) - November 19, 2024
• UR4 (build 167) - November 26, 2024
• UR5 (build 171) - January 12, 2025
• UR6 (build 172) - January 20, 2025
• UR7 (build 176) - February 11, 2025
• UR8 (build 180) - February 26, 2025
• UR9 (build 184) - March 6, 2025
• UR10 (build 190) - March 18, 2025
• UR11 (build 196) - March 25, 2025
• UR12 (build 197) - March 26, 2025
• UR13 (build 198) - April 1, 2025
• UR14 (build 199) - April 3, 2025
• UR15 (build 202) - April 29, 2025
• UR16 (build 205) - June 04, 2025
• UR17 (build 215) - July 28, 2025
• UR18 (build 216) - August 13, 2025

Major New Features

Windows Connector Service Logon - Beyond System User

The 4.2.7 Connector now allows configuring a custom administrator logon account for Windows instead of relying on the SYSTEM user

How It Works:

• The default SYSTEM user remains unchanged for existing services.
• Admins can now specify an Administrator account during new Connector deployments.
• The Connector automatically assigns the necessary "Log on as a service" permissions.

Configurable Core Server URL for New Connectors

The 4.2.7 release introduces the ability to define a custom JetPatch Core Server URL for newly created connector services.

How It Works:

• Add the following line to /usr/share/tomcat/default/conf/intigua.properties:

system.core-server-url=https://your-public-url/vmanage-server/

• Restart JetPatch Core Tomcat service.

• All newly created connector services will use this URL instead of the local hostname or private IP.

Example:
Old default: https://10.0.1.45/vmanage-server/
New configuration: https://jetpatch.mycloud.net/vmanage-server/

Notes:

• Affects only new connectors created after the configuration.

• Existing connectors keep their original URL.

"Used By" Resources – Improved Visibility & Control

• A new "Used By" column has been added across multiple resource management screens.
• Displays dependencies for rules, filters, and configurations.
• Clickable references allow easy navigation to related resources.

Windows End-User Patching – Pre-Patching Notifications

•  
  • Users can configure pre-patch notifications for Windows endpoints.
  • Before patch execution, endpoint users receive a non-intrusive alert notifying them of upcoming patches.
  • These notifications do not disrupt the patching process but allow users to acknowledge them.

Enhancements to Existing Features

Endpoint Readiness Changes

• PowerShell Version Check Removed: This check was removed as Windows Server 2008 R2 is no longer supported.
• WSUS Automatic Updates Check Added: The PowerShell column was replaced with WSUS Automatic Updates (wsusAutomaticUpdates), providing better visibility into update configurations.
• Simplified Repository Configuration:
  • Before 4.2.7, Repo Configuration required:
    • WSUS URL must match Endpoint Readiness settings
    • hasUpdateServiceLocation = true
    • wsusAutomaticUpdates = true
  • With 4.2.7+, wsusAutomaticUpdates is no longer required, and Repo Configuration now only checks the WSUS URL and hasUpdateServiceLocation.

Before 4.2.7

With 4.2.7+

Interactive Reboot Enhancement: Users can now duplicate and customize interactive reboot settings per workflow, allowing more flexibility in restart scenarios.

Sequence Patching Enhancements:

• Multi-Select Filtering: Users can now apply multiple filters to the Remediation Plan (RP) Board.
• New Activation Options: RPs associated with Sequence Patching can now be activated even if the sequence has not started.
• Ignore Expired SLAs: RPs with expired SLAs are now automatically flagged with a new status.

ServiceNow Integration Improvements:

•  
  • Added "Cancelled"  close_notes for the Upload Table when canceling a remediation plan (UR5).
  • Added Review Status and Review Notes Fields (UR6).

Agents & Tools > Exceptions Page Upgrade

Before 4.2.7

With 4.2.7+

• Enhanced UI: Modernized layout with better readability.
• Advanced Filtering: Users can filter by multiple criteria (Rule, Tool, Type, Severity, etc.).
• Improved Status Tracking: Clearer resolution states and timestamps for better issue monitoring.
• Actionable Insights: Streamlined workflow for managing exceptions efficiently.
   

Additional Enhancements

• Full application load time after a Tomcat restart has significantly improved.
• Added "Infra" and "Apps" category filters in the Patches Catalog (UR1).
• Improved Remediation Plan Activation Performance (UR5).
• Added a Python script to list UI users (UR5).
• ServiceNow Integration: Added support for multiple statuses in Review Status and Review Notes fields (UR6).

• System > Smart Groups > Assignment: Enhanced Endpoint Status tooltips and color-coded Smart Groups provide clear feedback on assignment. In this example, a Windows Server is in two Smart Groups—one green (ready for patching) and one grey (not ready). Hovering over “Updating endpoint” shows which group is not fully assigned (UR10).

   

  

Bug Fixes & Other Improvements

Added

• System > REST API: Added missing values in 'enabled' and 'apiAccessAllowed' fields in REST API response (UR2)

• Ubuntu Pro Registration: Enabled Ubuntu Pro subscription registration with ESM repositories (UR1)

Fixed

• System > Smart Groups: Fixed pagination issues in Smart Group filters

• System > Exceptions: Fixed error selecting all tools in the filter under Exceptions

• System > CSV Imports: Addressed the duplicate endpoints issue during CSV imports

• System > Patches > Alma Linux: Resolved 404 error when navigating to Alma Linux patches

• System > Patches > Catalog: Corrected vulnerability filter behavior in the Patches Catalog (UR9)

• System > Repository Settings: Ensured CIDR list validation in repository settings

• System > Sequence Patching: Fixed sequence patching filtering issues in the Patches Catalog for endpoint names (UR1)

• System > Maintenance Windows: Fixed incorrect next slot calculation (UR3)

• System > Tasks: Resolved issue preventing saving tasks that contain scripts with parameters (UR4)

• System > WSUS Registration: Fixed CommandNotFoundException when running "Register Win EP to WSUS" script (UR5)

• Smart Groups > Management: Fixed issue where some groups were stuck with the "Used By" section spinning indefinitely (UR7)

• RP Board > Action > Cleanup Board: Fixed error message received during cleanup (UR7)

• Multiple Env > CSV Download: Fixed issue preventing CSV downloads even for small filtered sets (UR8)

• Automated Clean-Up Logic > WSUS: Fixed "unique result set" exception when retrieving groups (UR8)

• Rules > Automatic Remediation Plan Rules: Fixed incorrect calculation of 'Next Creation' (UR8)

• System > Patches > Catalog: Fixed InvalidDataAccessResourceUsageException when limited users prevented access (UR9)

• Remediation Plan > Cancel RPs: Fixed poor performance for large environments when canceling remediation plans (UR9)

• Endpoints > Readiness: Fixed incorrect repository configuration on AWS Debian 11 and 12 (UR10)

• Rules > Maintenance Rules: Fixed enabling/disabling for large numbers of endpoints and corrected MW Rule priority issue (UR10)

• WSUS Group Management: Fixed two-way sync issues (UR11)

• Help > What’s New: Corrected navigation to 4.2.7 Release Notes for version tracking (UR11)

• Remediation Plans: Fixed RBAC issue where users with reduced permissions could not see the "Activate" button (UR12)

• Platform Configuration > Logs & Alerts > Tagging Events: Fixed issue where Azure AD user was not shown as initiator for tagging operations (UR13)

• Smart Groups (Patching): Fixed duplicate/unexpected random tag filters after UR11 upgrade (UR14)

• Patches > Catalog: Fixed patch bundle showing no patches until filter is reapplied (UR16)

• System > Maintenance Schedule: Fixed Next Maintenance not shown for past Start Date in recurring schedules (UR16)

• Endpoint > Tagging: Fixed WSUS sync assigning incorrect Smart Group tags to VMware servers (UR16)

• Endpoint > Readiness: Fixed orphaned endpoint records, NPEs, and improved WSUS sync with DB normalization (UR17)

• Reports > Compliance: Fixed PDF download failure for Remediation Plan Compliance Report in rare “Canceled by Policy” cases (UR18)

Enhanced

• Remediation Plan > Compliance Report: Improved page performance for large environments (UR7)

• Remediation Plans: Reduced evaluation job time by skipping evaluation when no pre-patching activities are required (UR15)

• Remediation Plans: Reduced execution time by combining ITSM approval and WSUS sync steps when itsm.approval.mode=auto (UR15)

• Remediation Plans > Performance: Improved RP load performance for Read-Only users with limited Smart Group scope and static batch/script performance for WSUS update summaries (UR11, UR15)

• WSUS Group Management: Improved two-way sync performance (UR11)

• Logs: Reduced excessive warnings to prevent vmanage logs from rotating within an hour (UR7)

Security

• Security Fix: Resolved Tomcat vulnerabilities (CVE-2024-50379 & CVE-2024-52316) (UR5)

Known Issues

• Endpoint Readiness: Sorting on wsusAutomaticUpdates triggers a red error pop-up; sorting results remain accurate. Planned fix in 4.2.8

• Remediation Plan > RP Action Details: Clicking the "Endpoints" link filters only by RP-ID, ignoring Patch Status, which may cause an incorrect endpoint count. Planned fix in 4.2.8

• Endpoints > Management > Manage Tags: Tag deletion is blocked if the tag is only assigned to endpoints (regression from "Used By" logic).
  Workaround: Use Platform Configuration > Servers > Manage Tags. Planned fix in 4.2.8

• Endpoint > Management > Filter by Tags > Manage Tags: No visual indication of selected tags during multi-select endpoint selection, preventing bulk unassignment.
  Workaround: Use Platform Configuration > Servers > Manage Tags. Multi-select fix planned for 4.2.8; “Select All” fix planned for 4.3.1

• Trial Notification: Inconsistent display of remaining trial days. Planned fix in 4.3