Micromdm Versions Save

Mobile Device Management server

v1.12.1

1 week ago

This release includes one fix.

Thanks to our contributors: @iann0036

  • Fix error comparison in builtin stores (#975)

Note: this release was made because v1.12.0 was tagged on a commit not on the main branch. Please use this release instead.

v1.12.0

1 month ago

This release includes new features and fixes.

Thanks to our contributors: @grahamgilbert, @jamesez, @jessepeterson, @korylprince

  • Add -log-time flag to include timestamps in log messages (#890)
  • Add -device-signature-skew flag to allow configuring clock skew when verifying device signatures (#887)
  • Tidy code for Go 1.20 and update Go version for Docker and CI (#902)
  • Add support for inspecting the MDM command queue (#895)
    • See the docs for how to use!
  • Fix HTTP status codes being swallowed by -http-debug flag (#906)
  • Remove unused tools package
  • Fix pkg signature checks on non-macOS platforms (#930, #962)
  • Add go:generate for command_queued protobuf
  • Switch to smallstep/pkcs7 for PKCS7 library (#944)
  • Remove PayloadScope=System from enrollment profile (See #766)
  • Allow disabling default HTTP to HTTPS redirect (#967)
  • Project dependency updates (#881, #888, #899, #900, #918, #933, #946, #948, #954, #958, #960, #961, #965, #966)

v1.11.0

10 months ago

This release includes new features and fixes.

Thanks to our contributors: @williamtheaker, @korylprince, @krmzbbr

  • Add Dependabot updating (#857)
  • Add SoftwareUpdateSettings to Settings command (#771, #856)
  • Add tools script install_vpp_application to install VPP apps (#865)
    • Note MicroMDM doesn't support VPP/A&B itself.
  • Fix bug that prevented errors being logged on the Checkin and Connect endpoints (#871)
  • Add support for submitting "raw" plist MDM commands! (#864)
    • See the docs for how to use!
  • Add NanoMDM-compatible Declarative Device Management (DDM) "proxy" support. (#882)
    • Use the -dm switch to extract and forward the Declarative Management protocol Endpoints to a specialized HTTP server. Such as KMFDDM.
    • Check out the older blog post about DDM for more info.
    • KMFDDM v0.2.0 required for MicroMDM support. Use the -micromdm switch KMFDDM.
  • Project dependency updates (#858, #859, #860, #861, #867, #869, #873, #872, #874, #875, #879)

v1.10.1

1 year ago

Patch release. Thanks to our contributors: @korylprince

  • Fix certificate check for DEP and OTA enrollment attempts (#854, #855)

v1.10.0

1 year ago

This release includes new features and fixes.

Thanks to our contributors for this release: @networkpanic, @meta-github, @korylprince, @ayush5harma, @discentem, @hrgbcxd, @petitout

  • Add support for Priority in ScheduleOSUpdate command (#803)
  • Added RefreshCellularPlans support (#809)
  • Add LOM commands (#839)
  • Fix RotateFileVaultKey panics (#801)
  • Fix for DEP client library to be thread safe (#850)
  • Add ability to sign apps when they're uploaded: mdmctl apply app -sign-identity (#785)
  • mdmctl: don't send a request body for GET requests (#821)
  • Updated schedule_os_update script to support more parameters. (#828)
  • Switch to using cfgprofiles for enrollment profile generation (#827)
  • Documentation & CLI usage improvements (#799, #811, #817, #819, #823)

v1.9.0

2 years ago

This release includes new features and fixes.

  • Add new fields for the ScheduleOSUpdate command (#793)
  • Use HTTPS for retrieving Apple certificates (#792)
  • Add CLI help for mdmctl config switch (#791)
  • Update builder to Go 1.17 (#783)
  • Replace gogo/protobuf with Google protobuf (#773)
  • Add GHCR container workflow. Add ARM build. (#745)
  • New in-memory-only command queue (#736)
  • Bootstrap token support (#781, #782)
  • Fix potential DEP sync data loss (#779)
  • Support logging proxy IP headers X-Forwarded-For, X-Real-IP. Enable with -http-proxy-headers switch (#744)
  • Allow MDM check-in messages to return data (#764)
  • Added support for SetRecoveryLock and VerifyRecoveryLock (#757)
  • Fix SetFirmwarePassword and VerifyFirmwarePassword parameters (#743)
  • Command UUID can now be passed in as as a request parameter (#754)
  • Update to SCEP v2, switch to Mozilla PKCS7, interface cleanup (#737, #772, #778)
  • Fix panic when using DEP mdmctl commands with no DEP tokens configured (#750)
  • Spruce up built-in landing page including better accessibility (#721, #751)
  • Documentation & CLI usage improvements (#729, #730, #748, #749)

Thanks to our contributors for this release: @discentem, @korylprince, @williamtheaker, @bpmcneilly, @daemonsy, @tomaswallentinus, @ivanhata, @networkpanic, @HernanPaez

v1.9.0-beta

2 years ago

MicroMDM v1.9.0-beta pre-release. See the changelog for details about this release.

Focus areas for testing are primarily SCEP issuance (i.e. enrollment), normal MDM command/delivery. As always backup your database before testing, just in case.

v1.8.0

3 years ago

This release includes fixes and new features.

  • Fix embedded manifest of InstallEnterpriseApplication (#669)
  • Added Activation Lock Bypass support code (#677)
  • Fix DEP device serialization so that ProfileStatus of device now works (#682)
  • mdmctl can now have a base server URL (#683)
  • Fix an asymptomatic queue marshaling bug (#690)
  • Add ability to unassign DEP devices via API (#687)
  • A device's command queue is now cleared during enrollment (#692)
  • APNS is now proxy aware (#698)
  • Add -validate-scep-issuer and -validate-scep-expiration flags to only validate the SCEP certificate was issued by the MicrMDM SCEP CA, and optionally to validate that the certificate hasn't expired (#700)
  • Add -udid-cert-auth-warn-only flag that disables the UDID-certificate authentication mechanism. Can be used to help remediate expiring device identity certificates (#643)
  • Fix for multiple InstallApplications in Blueprints (#549, #704)
  • More secure argument passing in API scripts (#709)
  • TimeZone setting support in Settings command (#719)
  • Support tls-alpn-01 for Let's Encrypt certificates (#720)
  • Update MDM Vendor CSR signing to SHA-2 and use new Apple intermediate cert (#723, #725)
  • Avoid unnecessary command queue save/disk write (#711)
  • Documentation updates

Thanks to our contributors for this release: @MobileDan, @meta-github, @grahamgilbert, @tperfitt, @williamtheaker, @slawoslawo, @choehn-signogy, @natewalck, @korylprince

v1.7.1

3 years ago

This is a release of 1.7.0 with a few additional commits.

https://github.com/micromdm/micromdm/compare/v1.7.0-alpha...v1.7.1

Reliability, scalability, security, and usability improvements:

  • Add device DEP status to API response (#617)
  • CLI improvements (#618, #620, #621)
  • Support new values for AccountConfiguration (#627)
  • Fix issue where DEP watcher would stop permanently for transient network issues (#582, #632)
  • Workaround issue where a newly added DEP token would not be used after a restart (#546, #633)
  • Fix bug with applying an empty blueprint (#615, #634)
  • Add -no-command-history flag to disable saving of command history (#640). This works around a race-condition/scalability issue with device records (#556).
  • Add dynamic SCEP challenges (#642). Require dynamic SCEP challenges for certificate issuance with -use-dynamic-challenge and (only recommended for testing) generate them in enrollment profiles with -gen-dynamic-challenge.
  • Add MDM commands to enable and disable remote desktop (#651)
  • SCEP payload key names were corrected (#652)

Thanks to our contributors for this release: @grahamgilbert, @n8felton, @tomaswallentinus @netproteus

v1.7.0-alpha

4 years ago

Reliability, scalability, security, and usability improvements:

  • Add device DEP status to API response (#617)
  • CLI improvements (#618, #620, #621)
  • Support new values for AccountConfiguration (#627)
  • Fix issue where DEP watcher would stop permanently for transient network issues (#582, #632)
  • Workaround issue where a newly added DEP token would not be used after a restart (#546, #633)
  • Fix bug with applying an empty blueprint (#615, #634)
  • Add -no-command-history flag to disable saving of command history (#640). This works around a race-condition/scalability issue with device records (#556).
  • Add dynamic SCEP challenges (#642). Require dynamic SCEP challenges for certificate issuance with -use-dynamic-challenge and (only recommended for testing) generate them in enrollment profiles with -gen-dynamic-challenge.
  • Add MDM commands to enable and disable remote desktop (#651)
  • SCEP payload key names were corrected (#652)

Thanks to our contributors for this release: @grahamgilbert, @n8felton, @tomaswallentinus