Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. If you like what you see, join us in person at the ninth annual Jamf Nation User Conference (JNUC) this October for three days of learning, laughter and IT love.

Jamf Process for Updating Patch Management Software Titles

Overview

This article explains the process used by Jamf to add third-party macOS software title updates to Jamf Pro.

For the list of software titles provided in Jamf Pro, see the Patch Management Software Titles Knowledge Base article.

Versions Affected

Jamf Pro 9.93 or later

Explanation

A software definition is a JSON file that is based on the application selected in Jamf Pro (navigate to Computers > Patch Management > New). The basic components of the JSON file are derived from the PLIST of the application. Available versions are displayed on the Definition tab of the software title.

If you do not find a particular version number of a software title listed on the Definition tab, the version will be reported as an "unknown version" in Jamf Pro.

Note: The bundle ID is used to provide information about the software title, not the application name.

How Software Title Updates are Added to Jamf Pro
Jamf uses a build script that runs every 2 hours to check for updates (see the following Websites Monitored for Updates table). By default, Jamf Pro looks for software title updates every 5 minutes. Typically, Jamf attempts to release software title updates within 48 hours of their discovery. Jamf is automating the process to reduce the time required to release updates.

The following describes the process used by Jamf to add third-party macOS software title updates to Jamf Pro when they are released by the vendor.

The Jamf Patch Management Curator, Reviewer, and Release Manager perform this process when an update is discovered:

  1. A ticket is created to track the progress of the update.
  2. The update is downloaded, installed, and run on virtual machines with different macOS versions: 10.9, 10.10, 10.11, 10.12, 10.13 (and occasionally on 10.8).
  3. The following default paths are verified:
    • Version number: /Path/to/Application/APP NAME/Contents/Info.Plist CFBundleShortVersionString
    • Application name: /Path/to/Application/APP NAME/Contents/Info.Plist CFBundleIdentifier
  4. The JSON file is modified to include the version number of the update and posted in the development environment. a.The Patch Management Curator compares the JSON file with the update to verify that the version number, dates, minimum operating system, App Name, and BundleID match. b. The latest version Jamf Pro is used to verify that patch notifications and patch reporting information reflects attributes that correspond with the update.
  5. The JSON file is posted in the staging environment. a. The JSON file is signed using a publicly trusted signing certificate with a 2048-bit key. When downloaded, Jamf Pro verifies both the integrity of the file as well as the identity of the signer. Jamf Pro explicitly requires patch management files to be signed by Jamf. b. The Reviewer repeats steps 4a-b.
  6. The JSON file is posted in the production environment. a. The JSON file is signed using a publicly trusted signing certificate with a 2048-bit key. When downloaded, Jamf Pro verifies both the integrity of the file as well as the identity of the signer. Jamf Pro explicitly requires patch management files to be signed by Jamf. b. The Release Manager verifies that all tests were completed successfully before the JSON file is added to Jamf Pro.

Websites Monitored for Updates

Third-Party Software Title Website Monitored by Jamf
Adobe AIR https://get.adobe.com/air/webservices/json/?platform_type=Macintosh&platform_dist=OSX&platform_arch=x86-32&platform_misc=&browser_arch=&browser_type=&eventname=airotherversions
Adobe Acrobat Pro DC ftp://ftp.adobe.com/pub/adobe/acrobat/mac/AcrobatDC/
Adobe Acrobat Reader DC ftp://ftp.adobe.com/pub/adobe/acrobat/mac/AcrobatDC/
Adobe Acrobat Reader/Pro ftp://ftp.adobe.com/pub/adobe/acrobat/mac/11.x/
Adobe After Effects Adobe Creative Cloud Updater
Adobe Bridge Adobe Creative Cloud Updater
Adobe Core Components CC Adobe Creative Cloud Updater
Adobe Dreamweaver CC Adobe Creative Cloud Updater
Adobe Flash Player https://get.adobe.com/flashplayer/webservices/json/?platform_type=Macintosh&platform_dist=&platform_arch=x86-64&platform_misc=&browser_arch=&browser_type=&browser_vers=&browser_dist=&eventname=flashplayerotherversions
Adobe Illustrator CC Adobe Creative Cloud Updater
Adobe InDesign CC Adobe Creative Cloud Updater
Adobe Lightroom CC Adobe Creative Cloud Updater
Adobe Lightroom Classic Adobe Creative Cloud Updater
Adobe Photoshop CC Adobe Creative Cloud Updater
Adobe Photoshop Lightroom CC Adobe Creative Cloud Updater
Adobe Prelude CC Adobe Creative Cloud Updater
Adobe Premiere Pro CC Adobe Creative Cloud Updater
Citrix Receiver https://www.citrix.com/downloads/citrix-receiver/mac/receiver-for-mac-latest.html
Firefox Extended Support Release (ESR) https://ftp.mozilla.org/pub/firefox/releases/
Google Chrome https://omahaproxy.appspot.com/all.json
Jamf Admin https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/?previousVersionUrl=
Jamf Composer https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/?previousVersionUrl=
Jamf Imaging https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/?previousVersionUrl=
Jamf Recon https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/?previousVersionUrl=
Jamf Remote https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/?previousVersionUrl=
Java SDK/JRE 7 http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
Java SDK/JRE 8 http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
Java SE Development Kit 9 http://www.oracle.com/technetwork/java/javase/downloads/jdk9-downloads-3848520.html
Java SE Runtime Environment JRE 9 http://www.oracle.com/technetwork/java/javase/downloads/jre9-downloads-3848532.html
MacOS https://itunes.apple.com/us/app/macos-high-sierra/id1246284741\?mt\=12\&l\=en-us\&ls\=1
McAfee Endpoint Security for Mac https://www.mcafee.com/apps/downloads/my-products/login.aspx?region=us
Microsoft: Excel (XCEL), OneNote (ONMC), Outlook (OPIM), PowerPoint (PPT3), Word (MSWD) https://officecdn.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/OfficeMac/0409XCEL15.xml
Microsoft Silverlight http://go.microsoft.com/fwlink/?LinkID=229322
Mozilla Firefox https://www.mozilla.org/en-US/firefox/new/?scene=2
OneDrive https://support.office.com/en-us/article/New-OneDrive-sync-client-release-notes-845dcf18-f921-435e-bf28-4e24b95e5fc0?ui=en-US&rs=en-US&ad=US#mac
Self Service https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/?previousVersionUrl=
Skype https://get.skype.com/go/getskype-macosx.dmg
Skype for Business https://www.microsoft.com/en-us/download/details.aspx?id=54108
Sophos Endpoint Protection https://community.sophos.com/kb/11846
Symantec Endpoint https://support.symantec.com/en_US/article.HOWTO124730.html
Sophos Antivirus for Mac http://downloads.sophos.com/readmes/savmosx_9_rneng.html

Note: For software titles provided in Jamf Pro that are not listed in this table, Jamf is in the process of automating the search for updates.

Additional Information

Web API Base URL: https://jamf-patch.jamfcloud.com/v1/
Path to the production API endpoints:
https://jamf-patch.jamfcloud.com/v1/software
https://jamf-patch.jamfcloud.com/v1/software/{ids}
https://jamf-patch.jamfcloud.com/v1/patch/{id}

Like Comment
Order by:
SOLVED Posted: by charles.hitch

Don't forget the JSS also has to be able to retrieve data from *.cloudfront.net. Since no naming convention is used or custom CNAME, your JSS will need to be able to access anything from cloudfront.net. Or you can up vote my feature request to get Jamf to use naming conventions or CNAME's https://www.jamf.com/jamf-nation/feature-requests/5775/utilize-naming-convention-for-cloud-resources

Like
SOLVED Posted: by ryanstayloradobe

@charles.hitch We have a problem of not being able to whitelist *.cloudfront.net without an appropriate subdomain or custom CNAME. It doesn't have an A record so our firewall thinks it's an invalid site when it tries to validate the domain. I up-voted your feature request and our TAM is addressing it with the Patch team.

Like
SOLVED Posted: by grahamrpugh

Your Reader DC/XI links are mixed up. Although since XI is now end-of-life, maybe you could just remove that?

Like
SOLVED Posted: by PCalomeni

Thanks, @grahamrpugh ! I switched those links. Jamf Pro will continue to report on Adobe Acrobat Reader/Pro XI, so we will be monitoring that website.

Like
SOLVED Posted: by michaelmcgaw

Have there been any updates to the list of websites that are monitored by Jamf for product update activity?

Like