Availability of BigFix Compliance Analytics version 2.0 Patch 12

Release Announcements Compliance (Release Announcements)
1

HCL BigFix is pleased to announce the release of BigFix Compliance Analytics version 2.0 Patch 12

Product: BigFix Compliance

Title: Availability of BigFix Compliance Analytics version 2.0 Patch 12

Published site: SCM Reporting 158

BigFix Compliance Analytics version 2.0 Patch 12 includes enhancements and fixes.

Highlights of this release:

  • Upgrade Rails to 6.1.7.8
  • Update JRE Version to 8.0.8.30
  • Update IBM WebSphere Application Server Liberty version to 24.0.0.8.

Following are the Fixed Jira Tickets in this release.

  • IBM SDK Java Technology Edition Version updated to 8.0.8.30 to address vulnerabilities: CVE-2024-21147, CVE-2024-21140, CVE-2024-21144, CVE-2024-27267
  • IBM WebSphere Liberty Package Version updated to 24.0.0.8 to address vulnerabilities: CVE-2024-22354, CVE-2024-22353, CVE-2024-27268, CVE-2024-22353, CVE-2023-50314, CVE-2023-51775, CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131
  • [BSU-15745] Vulnerabilities in SCA reported by federal customer (Security Assessment Team)
  • [KB0116355 / BSU-16355] Compliance Report PDF Export issue
  • [BSU-16101] Update fixlet # 1005 - Download NVD CVE Data Files to include relevance for Win2022
  • [BSU-15898] Bigfix Compliance RESTAPI Documentation Lacking details on scoped_historical methods
  • Fixed the computer group listing issue in Firefox.
  • Added Support for KEV Content Pack in SCA.
  • Added note to track deleted Exceptions in SCA.

Actions to take:

  1. Upgrade BigFix Compliance Analytics to version 2.0.12 to take advantage of the fixes.

For first-time installation:

  1. In the License Overview Dashboard in the BigFix console (BigFix Management domain), enable the SCM Reporting site.
  2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.
  3. Select the Fixlet named BigFix Compliance Server 2.0 - First-time Install Fixlet under the BigFix Compliance Install/Upgrade menu tree node.
  4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.

For upgrade installation: Refer to the prescribed upgrade steps for the BigFix Compliance version that you are using.

IMPORTANT: Before you start any upgrade process, perform a server and database backup.

A. For BigFix Compliance Analytics versions 1.9.x, 1.10.x and 2.0.x:

  1. Make sure that you complete the server and database backup.
  2. It is recommended to stop the BigFix Compliance Server or at least disable scheduled Data Imports to ensure that Data Import is not in progress during the upgrade.
  3. In the Security Configuration domain in the console, open the Configuration Management navigation tree.
  4. Under the BigFix Compliance Install/Upgrade menu tree item, select the BigFix Compliance Server 2.0 - Upgrade Fixlet which automatically installs and upgrades to the new version.
  5. Follow the Fixlet instructions and take the associated action to upgrade your BigFix Compliance deployment.
  6. Update the data schema. To do this, log in to the BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data scheme is expected and it will take some time to complete. NOTE: Automatic upgrade installation only affects installations running under the LocalSystem account. Follow the Fixlet instructions to install the update manually if this fix cannot be applied.

B. For BigFix Compliance Analytics versions before 1.9:

  1. Manually upgrade to version 1.10.1.48. The 1.10.1.48 installer can be found here http://software.bigfix.com/download/bfc/server/1.10/bfc-server-1.10.1.48.exe
  2. After manually upgrading to version 1.10.1.48, use the BigFix Compliance Server 2.0 Upgrade Fixlet to upgrade to version 2.0 (See step A).

More information:

BigFix Compliance team
HCL BigFix

1 Like