Version 4.2.8.199 + Connector 4.2.8.24
Released: March 20, 2025
- Latest UR available on our 4.2.8 Live Repo
- Review our pre- and post-upgrade best practices.
| Update Rollup | Release Date | Components |
| UR1 (build 202) | March 27, 2025 | — |
| UR2 (build 211) | April 7, 2025 | Connector 4.2.8.26 |
| UR3 (build 223) | April 23, 2025 | Connector 4.2.8.28 |
| UR4 (build 228) | April 29, 2025 | Connector 4.2.8.29 |
| UR5 (build 235) | May 13, 2025 | — |
| UR6 (build 254) | June 8, 2025 | Connector 4.2.8.210 |
| UR7 (build 258) | June 29, 2025 | — |
| UR8 (build 263) | August 10, 2025 | — |
| UR9 (build 268) | September 16, 2025 | — |
| UR10 (build 273) | October 13, 2025 | — |
| UR11 (build 274) | October 22, 2025 | — |
| UR12 (build 276) | November 5, 2025 | Connector 4.2.8.213 |
| UR13 (build 277) | November 9, 2025 | — |
| UR14 (build 278) | November 13, 2025 | Tomcat 9.0.112 |
| UR15 (build 278) | November 19, 2025 | Connector 4.2.8.214 |
| UR16 (build 281) | December 30, 2025 | Connector 4.2.8.215, Tomcat 9.0.113 |
| UR17 (build 285) | January 20, 2026 | Connector 4.2.8.216 |
| UR18 (build 288) | February 16, 2026 | Connector 4.2.8.218, Tomcat 9.0.115 |
| UR19 (build 293) | April 1, 2026 | — |
| UR20 (build 304) | April 23, 2026 | Connector 4.2.8.220, Tomcat 9.0.117 |
Extended Platform Support
| Note: New OS support requires the latest 4.2.8 connector. |
| Operating System | Support Scope | UR |
| Windows Server 2025 | Patches and Agents | UR11 |
| Ubuntu 24.04 LTS | Patches and Agents | — |
| Amazon Linux 2023 | Patches and Agents | — |
| SUSE 15.6 | Patches and Agents | — |
| AIX 7.3 | Patches only | — |
| macOS 14 Sonoma (Intel Only) | Connector and Tasks only. Patch support for Intel and ARM coming in version 5.6. | — |
Major New Features
Patch Management Without WSUS (WSUS-Less)
Windows endpoints can now retrieve patches directly from Microsoft Update, eliminating the need for a WSUS server while integrating with existing JetPatch workflows.
|
Notes: • Requires the 4.2.8 connector. • Supports hybrid mode: some endpoints can point to WSUS while others connect directly to Microsoft cloud. |
| Topic | Details |
| Full Support | JetPatch supports both WSUS (Primary and Replica) and direct/proxy Microsoft Cloud updates, with the same features and patch governance in both modes. |
| Decision Criteria | Use WSUS if any requirements prevent direct or proxy communication with the Microsoft Cloud. |
| Hybrid Model | Endpoints that cannot connect to the Microsoft Cloud can be serviced through WSUS, while others connect directly. Each segment is configured according to its connectivity requirements. |
For configuration details, see the WSUS-Less configuration article.
Task Scheduler
Users can now create scheduled tasks for existing Smart Groups, with a regular execution cycle.
- Accessible under the new Schedulers section in the main menu.
- Click +New to define a Task Scheduler with name, Smart Group, task, and frequency settings.
- Relevant use case: separate recurring reboot time from recurring Remediation Plan time.
Resource Duplication on Multiple Pages
You can now duplicate resources on the following additional pages:
- Patches > Patch Bundle > Manage Patch Bundles
- Agents > Managed Agents > Policy
- Rules > Maintenance Rule
- System > Smart Groups > Management
- System > Workflows
- Users > Roles & Permissions
Connector Log Rotation
| Note: Applies automatically upon upgrade to Connector version 4.2.8. |
- When the log directory exceeds 450 MB, the connector automatically deletes the oldest logs hourly.
- Individual log file size remains capped at 1 MB.
UI/UX Enhancements
Support Menu: "Chat with us."
Opens JetPatch Support Bot in a new browser tab.
Users Section
-
Users tab migrated to new “Users” screens:
Directories
Management
Roles & Permissions
Smart Groups (System > Smart Groups > Create Smart Group)
-
Filter improvements: Include/Exclude options are now available (similar to Patches Catalog).
Compliance Flag & Info
- Compliance status (ON/OFF) is displayed in the header.
- Number links to “Compliance Rules” screen, filtered by "Enable."
Endpoint Readiness
- Added “Last time 100% ready” column displaying date/time of full readiness.
- Also modified to support WSUSLess and Hybrid mode
Bug Fixes & Other Improvements
Added
| Area | Description | UR |
| All Resources & Activities | Added confirmation dialog for Enable/Disable/Re-run actions. | UR1 |
| Endpoint Management | Added tag filter for easier sorting. | UR2 |
| Automatic RP Rule | Added Status filter. | UR2 |
| System > Scripts & Tasks | Added built-in task for WSUS-less prerequisites script. | UR2 |
| Endpoint > Manage Tags | Added ability to unassign tags directly and from multiple endpoints. | UR3 |
| Scripts > Linux | Added script to register endpoints with local Linux repository. | UR3 |
| Policy > Accounts | Added rule support for Mac endpoints discovered via vCenter. | UR3 |
| Scripts > Linux | Added built-in task to disable IPv6 and auto-reboot supported Linux systems (RHEL, Oracle, AlmaLinux, Rocky). | UR4 |
| System > Maintenance Schedule API | Added support for creating/deleting Maintenance Schedule via API and handling bulk entries. | UR5 |
| Connector > Core URL Configuration | Introduced PowerShell script to enable modify_csclient_core_url on Windows. | UR6 |
| All Pages | Added Refresh buttons to relevant pages. | UR2 |
| System > Activities | Added Time range filters (From Date / To Date) under More Filters. | UR18 |
Fixed
| Area | Description | UR |
| System > Smart Groups > Assignment | Fixed assignment table sometimes appearing empty. | UR1 |
| Agents > Managed Agents | Fixed icon change after creating a rule. | UR1 |
| Help > What's New | Correctly redirects to 4.2.8 Release Notes. | UR1 |
| Agents & Tools > Managed Agents | Fixed bug preventing creation of built-in service after new files were introduced. | UR1 |
| Windows 2016 (WSUS-less) | Fixed Microsoft Update enablement issue. | UR2 |
| Connector > Mac | Fixed upgrade exceptions and command execution errors. | UR2, UR3 |
| System > vCenter Discovery | Resolved some OSes detected as "unknown". | UR2 |
| System > Scripts | Fixed Windows WSUS-less script executing on WSUS-configured machines. | UR3 |
| Endpoints > Activities | Fixed start date filtering returning incorrect results. | UR3 |
| Plans > Bulk RP Actions | Fixed "Archive All Canceled Plans" not archiving policy-canceled plans. | UR4 |
| Endpoints > Management | Fixed patching status not reported for AIX 7.x endpoints. | UR4 |
| Connector > Amazon Linux | Fixed deployment failure on Amazon Linux 2023 due to missing status file. | UR4 |
| Endpoint > OS Detection | Fixed incorrect identification of Amazon Linux 2023 endpoints. | UR4 |
| UI > Endpoint Merge | Resolved duplicate servers during Azure VM merge. | UR5 |
| UI > Settings > Discovery Sources | Fixed re-adding ARM (Azure) Discovery Sources after removal. | UR5 |
| System > Maintenance Schedule | Restored 50+ character limit; fixed time field overwrite issue. | UR6 |
| System > WSUS Sync | Enhanced logic to recover replicas stuck in SYNC_FAILED. | UR6 |
| System > Initialization | Aligned config options to reduce manager startup time post-upgrade. | UR6 |
| Endpoint Readiness | Resolved NullPointerException during readiness event processing. | UR6 |
| WSUS-less | Improved logic to skip WSUS sync approval on WSUS-less endpoints during RP execution. | UR6 |
| Endpoint Readiness > UI | Adjusted Endpoint Readiness column sizing and value truncation. | UR6 |
| System > Maintenance Schedule | Pagination implemented, removing 20-entry display limit. | UR6 |
| Connector > Installation | Resolved Ubuntu 22.04 installation failures. | UR6 |
| UI > Servers | Fixed bug preventing service creation in GWT, resolving missing management tool details and configuration tabs. | UR6 |
| Patches > Catalog | Fixed empty Release Date for WSUS-less endpoints. | UR6 |
| System > WSUS Updates | Resolved NullPointerException preventing WSUS update processing. | UR6 |
| Windows > WUA Connectivity | Updated check_WUA_search.ps1 for simplified pass/fail testing and error surfacing. | UR6 |
| Ubuntu > Patch Installation | Fixed install_patch_ubuntu.sh for Ubuntu 22.04+. | UR7 |
| Hybrid Windows > WSUS Approval | Enhanced wsus-sync-approval-status.ps1 for hybrid WSUS/WSUS-less mode. | UR7 |
| Patches > Catalog | Restored Ubuntu patch coverage using USN mailing list parsing after API failures. | UR8 |
| Connector Deployment > Linux | Fixed deployment issue for sudo user via UI; default temp directory now /var/jetpatch-temp with cleanup. | UR9 |
| System > Smart Groups | Screen displayed for JetAgent product type; Support Patch Activities flag unchecked/uneditable. | UR9 |
| Patch Catalog > Windows | Fixed updates missing due to product name length limitation; backend updated for multiple product references per patch. | UR10 |
| Windows Updates Scan | Product field corrected from string to array; Category reverted to string. | UR10 |
| Smart Groups | Multiple TAG-based filters now return correct results; logic updated for Tag and Tag (text) conditions. | UR10 |
| Platform | Fixed Ubuntu 24 patching issue due to incorrect .sources handling. | UR12 |
| Connector Deployment > Linux | Fixed sudo-based connector deployments on systems using the "wheel" group. | UR12 |
| WSUS Sync Approval | Resolved inconsistent patch approval status updates requiring manual WSUS sync. Requires WSUS get updates full sync after upgrade. | UR13 |
| Connector (Windows) | Corrected standaloneServiceUrl issue blocking auto-connection after 5.0 migration. | UR14 |
| Tasks | Synced backend-saved task parameters with UI display. | UR14 |
| Connector (Windows) | Re-signed driver. | UR15 |
| System > Smart Groups | Fixed issue where exclusion by Tag/Tag Text did not return accurate endpoints and saved empty filters. | UR16 |
| Connector (Windows) | Fixed registry handle leak causing performance degradation. | UR16 |
| Connector Deployment > Linux | Fixed SSH authentication failure with private keys on RHEL 9 by avoiding deprecated ssh-rsa and supporting rsa-sha2 algorithms. | UR16 |
| Remediation Plan > View | Fixed typo in the Emergency Remediation Plan label. | UR16 |
| System > Maintenance Schedule > Assignment | Fixed issue where endpoints matching a Smart Group with a CIDR filter were not assigned the Maintenance Rule name and the affected endpoint count was not updated correctly. | UR17 |
| Connector | Fixed registry handle leak in vlinkprocess64.exe causing excessive handle growth and performance degradation. | UR17 |
| System > Smart Groups > Assignment | Fixed issue where endpoints could be assigned to Smart Groups containing exclude filters instead of restricting to include-only Tag-based groups. | UR17 |
| System > Smart Groups > Assignment | Fixed issue where Exclude tag filters caused Smart Group assignment to select an incorrect set of machines. | UR17 |
| Connector > Registry | Fixed internal handle leaks. | UR18 |
| Connector > Windows Driver Signing | Re-certified and re-signed intigua_driver64.sys ahead of signature expiration. | UR18 |
| System > Maintenance Schedule > Assignment | Fixed issue where the Next Slot End field was blank for valid recurring maintenance schedules with defined recurrence, start time, and end time. | UR19 |
| Connector > Host Identification | Fixed issue where Linux endpoints reported 'localhost' as hostname and Gateway IP as their own address due to incomplete FQDN configuration. | UR20 |
| System > Discovery > Tags | Fixed issue where cloud discovery deletions removed endpoint records and their assigned tags. Connected endpoints are now preserved. | UR20 |
| System > Entra ID > Activities | Fixed issue where Entra ID group name was displayed instead of the actual username in task details and activity logs. Introduced dedicated Entra ID user entities with automatic creation on first login and name synchronization. | UR20 |
| Connector > Ubuntu Scripts | Restored Ubuntu Pro / ESM repository support in readiness, scan, and install scripts. Added ESM support for Ubuntu 24 (Noble). | UR20 |
| Connector > Linux Deployment | Fixed connector deployment failure on Linux endpoints where the SSH user's home directory does not exist. | UR20 |
Enhanced
| Area | Description | UR |
| Connector Deployment > Linux | Changed default temporary directory from /tmp to /var/jetpatch-temp, to align with NIST guidance on protecting temporary files. | — |
| WSUS Sync Approval | WSUS Sync Approval now persists after Tomcat restart. | — |
| WSUS | Enhanced run-sync API call for updating groups and endpoints assigned to a WSUS replica. | UR1 |
| Remediation Plans > Bulk RP Actions | Improved performance executing "Cancel All Completed Plans" on large batches. | UR5 |
| Performance | Improved response times and resolved performance issues. | UR3 |
Known Issues
- Inconsistent trial notification about the number of remaining days.
- WSUS-Less does not support third-party patches.
- WSUS-Less does not pre-download approved patches. A maintenance schedule must be used for download and installation (similar to Linux).
- Endpoints → Management → Filter by Tags → Manage Tags: No visual indication of assigned tags with Select All. Workaround: use Platform Configuration → Servers → Manage Tags.
|
Performance Note: If you notice slow application load time (>20 minutes) after a Tomcat restart, verify that the following properties are set in intigua.properties. If not, add them and restart Tomcat: system.task-executor.queue-size = 200 system.shards.size = 200 system.task-executor.pool-size.max = 100 Then run: service tomcat restart |
Comments
0 comments
Please sign in to leave a comment.