(imported topic written by jeremylam)
We’ve just published an update for the Mobile Device Management site. This release was in response to a publicly disclosed Ruby on Rails framework critical security vulnerability, described here in the Ruby on Rails site:
The iOS Management Extender, Trusted Service Provider (TSP) and Self-Service Portal (SSP) use the Ruby on Rails framework and are affected by this security vulnerability. All deployed management components should be updated.
Fixed Issues:
Updated iOS Extender, Trusted Service Provider (TSP) and Self-Service Portal (SSP) to resolve a Ruby on Rails critical security vulnerability.
Required Actions:
Update deployed iOS Management Extender components using Fixlet 94: Upgrade Management Extender for Enrollment and Apple iOS
Update deployed Trusted Service Provider (TSP) components using Fixlet 200: Upgrade Trusted Service Provider
Update deployed Self-Service Portal (SSP) components using Fixlet 184: Upgrade Self Service Portal