Articles in this section

See more

JetPatch Release Notes 4.2.8

Version: 4.2.8.199 + Connector 4.2.8.24 (March 20, 2025)

Latest UR available on our 4.2.8 Live Repo
Review our pre- and post-upgrade best practices.

  • UR1 (build 202) - March 27, 2025
  • UR2 (build 211) + Connector 4.2.8.26 - April 7, 2025 
  • UR3 (build 223 + Connector 4.2.8.28) - April 23, 2025
  • UR4 (build 228 + Connector 4.2.8.29) - April 29, 2025
  • UR5 (build 235) - May 13, 2025
  • UR6 (build 254 + Connector 4.2.8.210) - June 8, 2025
  • UR7 (build 258) - June 29, 2025
  • UR8 (build 263) - August 10, 2025
  • UR9 (build 268) - September 16, 2025
  • UR10 (build 273) - October 13, 2025
  • UR11 (build 274) - October 22, 2025
  • UR12 (build 276) - November 05, 2025
  • UR13 (build 277 + Connector 4.2.8.213) - November 09, 2025
  • UR14 (build 278) - November 13, 2025 
  • UR15 (build 278 + Connector 4.2.8.214) - November 19, 2025
  • UR16 (build 281 + Connector 4.2.8.215) - December 30, 2025
  • UR17 (build 285 + Connector 4.2.8.216) - January 20, 2026

Extended Platform Support

Note: New OS support requires the latest 4.2.8 connector.

  • Windows Server 2025: Support for Patches and Agents (UR11)
  • Ubuntu 24.04 LTS: Support for Patches and Agents
  • Amazon Linux 2023: Support for Patches and Agents
  • SUSE 15.6: Support for Patches and Agents
  • AIX 7.3: Support for Patches
  • macOS 14 Sonoma (Intel Only): Support for Connector and Tasks only (Support Patches for Intel and ARM will be in 5.6)

Major New Features

Patch Management Without WSUS (Windows)

  • WSUS-less: Windows endpoints retrieve patches directly from Microsoft Update.
  • Eliminates the need for a WSUS server and integrates with existing JetPatch workflows.
  • Note 1: Requires the 4.2.8 connector.
  • Note 2: This also works in hybrid mode (meaning that some endpoints are pointed to WSUS and some are pointed to the Microsoft cloud).
  • Additional Details: WSUS vs. Microsoft Cloud
    • JetPatch fully supports receiving updates either via WSUS (including Primary and Replica servers) or direct/proxy communication with the Microsoft Cloud. Both approaches provide the same features and patch governance capabilities within the JetPatch console.
    • Decision Criteria: The primary question is whether any requirements prevent direct or proxy communication with the Microsoft Cloud, which would necessitate using a WSUS Primary (and possibly Replicas).
    • Hybrid Model: If some endpoints are allowed to connect to the Microsoft Cloud while others are not, those restricted endpoints can still be serviced through WSUS. This allows each segment of the environment to be configured according to its connectivity requirements.
    • For more information on how to configure Windows machines to work without WSUS, see the article.

Task Scheduler

Users can create scheduled tasks for existing Smart Groups. Relevant use case (separate recurring reboot time from recurring remediation plan time).

  • Access under a new Schedulers section.
  • “+NEW” button opens a pop-up to define a Task Scheduler

Resource Duplication on Multiple Pages

You can now duplicate resources on the following additional pages:

  • Patches > Patch Bundle > Manage Patch Bundles
  • Agents > Managed Agents > Policy
  • Rules > Maintenance Rule
  • System > Smart Groups > Management
  • System > Workflows
  • Users > Roles & Permissions

Connector Log Rotation

  • Note: Applies automatically upon upgrade to Connector version 4.2.8
  • Connector logs now support automatic rotation and cleanup to manage storage efficiently.
  • When the log directory exceeds 450 MB, the connector automatically deletes the oldest logs hourly.
  • The individual log file size remains capped at 1 MB.

UI/UX Enhancements

Support Menu: "Chat with us"

Opens JetPatch Support Bot in a new browser tab.

Users Section

  • Users tab migrated to new “Users” screens:

    • Directories

Management

Roles & Permissions

Smart Groups (System > Smart Groups > Create Smart Group)

  • Filter improvements: Include/Exclude options are now available (similar to Patches Catalog).

    Compliance Flag & Info

    • Compliance status (ON/OFF) is displayed in the header.
    • Number links to “Compliance Rules” screen, filtered by "Enable."

    Endpoint Readiness

    • Added “Last time 100% ready” column displaying date/time of full readiness.
    • Also modified to support WSUSLess and Hybrid mode

Bug Fixes & Other Improvements

Added

  • All Resources & Activities: Added confirmation dialog for Enable/Disable/Re-run actions (UR1)

  • Endpoint Management: Added tag filter for easier sorting (UR2)

  • Automatic Remediation Plan (RP) Rule: Added "Status" filter (UR2)

  • System > Scripts & Tasks: Added built-in task for WSUS-less prerequisites script (UR2)

  • Endpoint > Manage Tags: Added ability to unassign tags directly and from multiple endpoints (UR3)

  • Scripts > Linux: Added script to register endpoints with local Linux repository (UR3)

  • Policy > Accounts: Added rule support for Mac endpoints discovered via vCenter (UR3)

  • Scripts > Linux: Added built-in task to disable IPv6 and auto-reboot supported Linux systems (RHEL, Oracle, AlmaLinux, Rocky) (UR4)

  • System > Maintenance Schedule > API: Added support for creating/deleting Maintenance Schedule via API and handling bulk entries (UR5)

  • Connector > Core URL Configuration: Introduced PowerShell script to enable 'modify_csclient_core_url' on Windows (UR6)

  • New Refresh Options: Added Refresh buttons to relevant pages (UR2)

  • Migration 5.0: Fixed automatic connection failure with incorrect standaloneServiceUrl (UR3)

  • System > Tasks & Scripts > Tasks: Fixed issue where task parameters were not being saved (UR3)

Fixed

  • System > Smart Groups > Assignment: Fixed assignment table sometimes appearing empty (UR1)

  • Agents > Managed Agents: Fixed icon change after creating a rule (UR1)

  • Help > What’s New: Correctly redirects to 4.2.8 Release Notes (UR1)

  • Agents & Tools > Managed Agents: Fixed bug preventing creation of built-in service after new files introduced (UR1)

  • System > Windows 2016 (WSUS-less): Fixed Microsoft Update enablement issue (UR2)

  • Connector > Mac: Fixed upgrade exceptions and command execution errors (UR2, UR3)

  • System > vCenter Discovery: Resolved some OSes detected as “unknown” (UR2)

  • System > Scripts: Fixed Windows WSUS-less script executing on WSUS-configured machines (UR3)

  • Endpoints > Activities: Fixed start date filtering returning incorrect results (UR3)

  • Plans > Bulk RP Actions: Fixed "Archive All Canceled Plans" not archiving policy-canceled plans (UR4)

  • Endpoints > Management: Fixed patching status not reported for AIX 7.x endpoints (UR4)

  • Connector > Amazon Linux: Fixed deployment failure on Amazon Linux 2023 due to missing status file (UR4)

  • Endpoint > OS Detection: Fixed incorrect identification of Amazon Linux 2023 endpoints (UR4)

  • UI > Endpoint Merge: Resolved duplicate servers during Azure VM merge (UR5)

  • UI > Settings > Discovery Sources: Fixed re-adding ARM (Azure) Discovery Sources after removal (UR5)

  • System > Maintenance Schedule: Restored 50+ character limit; fixed time field overwrite issue (UR6)

  • System > WSUS Sync: Enhanced logic to recover replicas stuck in SYNC_FAILED (UR6)

  • System > Initialization: Aligned config options to reduce manager startup time post-upgrade (UR6)

  • Endpoint Readiness > Stability Improvement: Resolved NullPointerException during readiness event processing (UR6)

  • WSUS-less: Improved logic to skip WSUS sync approval on WSUS-less endpoints during RP execution (UR6)

  • Endpoint Readiness > UI Improvement: Adjusted 'Endpoint Readiness' column sizing and value truncation (UR6)

  • System > Maintenance Schedule: Pagination implemented, removing 20-entry display limit (UR6)

  • Connector > Installation: Resolved Ubuntu 22.04 installation failures (UR6)

  • UI > Servers: Fixed bug preventing service creation in GWT, resolving missing management tool details and configuration tabs (UR6)

  • Patches > Catalog: Fixed empty Release Date for WSUS-less EPs (UR6)

  • System > WSUS Updates: Resolved NullPointerException preventing WSUS update processing (UR6)

  • Windows > WUA Connectivity: Updated check_WUA_search.ps1 for simplified pass/fail testing and error surfacing (UR6)

  • Ubuntu > Patch Installation: Fixed install_patch_ubuntu.sh for Ubuntu 22.04+ (UR7)

  • Hybrid Windows System > WSUS Approval: Enhanced wsus-sync-approval-status.ps1 for hybrid WSUS/WSUS-less mode (UR7)

  • Patches > Catalog: Restored Ubuntu patch coverage using USN mailing list parsing after API failures (UR8)

  • Connector Deployment > Linux: Fixed deployment issue for sudo user via UI; default temp directory now /var/jetpatch-temp with cleanup (UR9)

  • System > Smart Groups: Screen displayed for JetAgent product type; “Support Patch Activities” flag unchecked/uneditable (UR9)

  • Patch Catalog > Windows updates missing due to product name length limitation; backend updated for multiple product references per patch (UR10)

  • Windows Updates Scan > Product field corrected from string to array; Category reverted to string (UR10)

  • Smart Groups > Multiple TAG-based filters now return correct results; logic updated for Tag and Tag (text) conditions (UR10)

  • Platform: Fixed Ubuntu 24 patching issue due to incorrect .sources handling (UR12)

  • Connector Deployment > Linux: Fixed sudo-based connector deployments on systems using the "wheel" group (UR12)

  • WSUS Sync Approval: Resolved inconsistent patch approval status updates requiring manual WSUS sync.  Requires WSUS get updates full sync after upgrade. (UR13)

  • Connector (Windows): Corrected standaloneServiceUrl Issue blocking auto-connection after 5.0 migration. (UR14)

  • Tasks: Synced backend-saved task parameters with UI display. (UR14)

  • Connector (Windows): Re-signed driver (UR15)

  • System > Smart Groups: Fixed issue where exclusion by Tag / Tag Text did not return accurate endpoints and saved empty filters (UR16)

  • Connector (Windows): Fixed registry handle leak causing performance degradation in Windows environments (UR16)

  • Connector Deployment > Linux: Fixed SSH authentication failure with private keys on Red Hat Enterprise Linux 9 (RHEL 9)–based systems by avoiding deprecated ssh-rsa and supporting rsa-sha2 algorithms (UR16)

  • Remediation Plan > View: Fixed typo in the 'Emergency Remediation Plan' label in the UI (UR16)

  • System > Maintenance Schedule > Assignment: Fixed issue where endpoints matching a Smart Group filter were not assigned the Maintenance Rule name and the affected endpoint count was not updated correctly (UR17)

  • Connector > Fixed registry handle leak in vlinkprocess64.exe causing excessive handle growth and performance degradation (UR17)

  • System > Smart Groups > Assignment: Fixed issue where endpoints could be assigned to Smart Groups containing exclude filters, instead of restricting assignment to include-only Tag-based Smart Groups (UR17)

  • System > Smart Groups > Assignment: Fixed issue where exclude tags were incorrectly applied to endpoints during Smart Group assignment (UR17)

Enhanced

  • Connector Deployment > Linux: Changed default temporary directory from /tmp to /var/jetpatch-temp, to align with NIST guidance on protecting temporary files.

  • WSUS Sync Approval persists after Tomcat restart

  • WSUS: Enhanced run-sync API call for updating groups and endpoints assigned to a WSUS replica (UR1)

  • Remediation Plans > Bulk RP Actions: Improved performance executing "Cancel All Completed Plans" on large batches (UR5)

  • Performance note - If you notice slow application load time (>20 mins) after a Tomcat restart, verify that the following properties are set in intigua.properties.  If not, add them and restart tomcat again (service tomcat restart)

    • system.task-executor.queue-size = 200
system.shards.size = 200
system.task-executor.pool-size.max = 100

Known Issues

  • Inconsistent Trial Notification about the number of remaining days.
  • WSUS-Less does not have 3rd party.
  • WSUS-Less does not pre-download approved patches (i.e., a maintenance schedule must be used for download and installation, similar to Linux).  
  • Endpoint > Management > Filter by Tags > Manage Tags: No visual indication of assigned tags with Select All; use Platform Configuration > Servers > Manage Tags workaround

 

Related articles

Comments

0 comments

Please sign in to leave a comment.