Skip to content

v2025.8
Compare
Choose a tag to compare
@np5 np5 released this 05 Aug 10:00
· 23 commits to main since this release
v2025.8
68edf93
This commit was signed with the committer’s verified signature.
np5 Éric Falconnier
SSH Key Fingerprint: caZLtfcZk5+yUY6p8/I/gvcBHQPFGI9xV3ySYnFYUuY
Verified
Learn about vigilant mode.

Why releases, what changed?

We have decided to bring much needed visibility to the development of Zentral. The recommendation so far has been to always deploy the main branch (= stable branch) and to read the CHANGELOG.md file to find out about the new features and the breaking changes. That has led us to the current state of things where our customers see that they are running v2022.2-944-ged013fc5 which is 944 😅commits after release v2022.2…
We are changing this today. We will release more often, and summarize the changes in the release notes published on GitHub (we will keep the more detailed list of changes in the CHANGELOG.md file). We will keep the same format YYYY.MM. In case a bug is found and a fix has to be released quickly, we will use patch releases YYY.MM.P. For example, 2025.8.1 would be a patch release for 2025.8. The recommendation for running Zentral stays about the same: always use the latest tagged version (latest patch release or if no patch release is available, latest minor release).

Summary of the changes since … v2022.2

There is a good reason to tag releases more often: It will be easier to write about the new features, fixes and breaking changes. Obviously, a lot has happened since v2022.2. About 950 commits! Here is our attempt at summarizing the main changes. For future releases, we will be able to go into more detail. Remember that the reference is the CHANGELOG.md file.

MDM

The MDM has seen a lot of development since 2022. DDM is fully supported. Some functionalities like rolling software updates can be automatically managed by Zentral. You can also send custom payloads, which make it easy to test the new Apple MDM features.

Santa

2024 saw the release of our voting system that enables end-users to request exceptions when running in allowlist mode. We have also improved the admin console workflows. Administrators can use usage aggregates to easily build their allowlists.
We will continue our efforts (10 years in November) to support all the Santa features that can be supported by third party sync servers. Last month, we released the support for the new and really powerful CEL rules for example.

Munki

Munki is a very important part of our vision for a MacOS client. Zentral can leverage it to run script based compliance checks. You can now import a mSCP benchmark via Terraform and see the metrics in Prometheus!
We have also improved the distribution of packages and client resources with the support of multiple Munki repositories that can be configured via API.

Core

Zentral is an event driven solution. We are consolidating all the events generated when a piece of configuration is changed with the Audit Events.
The probes and their associated actions can be configured via API too. That enables our SaaS customers to filter their events and trigger webhooks or slack notifications.
The events stores can be also configured via API. SaaS customers can now also ship their Santa events to their Splunk instances.
IdP integration plays an important role for device management. We have updated our integrations to support SCIM for real-time synchronization of group memberships.

GitOps

All of the above is configurable via our official Terraform provider. The first release was in July 2022. We have since added a lot of resources and the APIs to support them. Most of the day-to-day tasks are covered. You can use it to distribute MDM configuration profiles, Munki apps, update Santa rules, Osquery packs. You can also rotate your Splunk token, start a new event shipper, … all from your config-as-code repository and CI/CD system.

Breaking Changes

Please refer to the CHANGELOG.md file for a detailed list of the breaking changes. If you have a custom deployment of Zentral, please make sure to migrate to Redis or Valkey for the cache. Memcached is not supported anymore. The other breaking changes are the migration of the probes, actions and stores from the base.json configuration file into the Database, with APIs for their management. You need to plan carefully for this upgrade. Please contact us on the macadmins slack channel, and we will help you migrate without loss of functionality.

Assets 2
Loading