HCL BigFix is pleased to announce the release of BigFix Compliance Analytics version 2.0 Patch 7
4-November-2022 Update: Some impacts have been seen by customers which are under investigation by the BigFix team. Please follow this link to stay up to date on the work there. (LINK)
Product: BigFix Compliance
Title: Availability of BigFix Compliance Analytics version 2.0 Patch 7
Published site: SCM Reporting, version 150
BigFix Compliance Analytics version 2.0 Patch 7 includes the following new features, enhancements, and fixes.
Rails updated from 5.2.6.2 to 5.2.8.2
IBM WebSphere Application Server Liberty updated to 22.0.0.8 to address vulnerabilities: CVE-2021-39031, CVE-2022-22475, CVE-2022-22476
IBM SDK Java Technology Edition Version updated to 8.0.7.11 to address vulnerabilities: CVE-2022-21340, CVE-2021-35550, CVE-2021-35603, CVE-2021-35559, CVE-2021-35560, CVE-2021-41035.
Default Self-Signed certificate issued to/by HCL.
Import Server-Based groups by defining computer groups on BigFix Compliance side with specifying server-based groups as Data Source Group.
“/session” page now has attribute "autocomplete=off" to prevent browsers from caching credentials.
SupersededEval table now checks in LONGQUESTIONRESULTS
Fixed duplicate CVE ID in the "Most addressed vulnerabilities" list of Vulnerabilities Overview dashboard.
Fixed Display indicator when compliance percentage is between 0% and 1%
Updated Fixlet 1010 from SCM Reporting Fixlet site to disable weak cipher suites
Updated Fixlet 1009 from SCM Reporting Fixlet site to deploy log4j library of version 2.18.0
Actions to take:
To take advantage of the fixes, upgrade BigFix Compliance Analytics to version 2.0.7.
For first time installation:
In the License Overview Dashboard in the BigFix console (BigFix Management domain), enable the SCM Reporting site.
In the Security Configuration domain in the console, open the Configuration Management navigation tree.
Select the Fixlet named BigFix Compliance Server 2.0 - First-time Install Fixlet under the BigFix Compliance Install/Upgrade menu tree node.
Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.
For upgrade installation: Refer to the prescribed upgrade steps for the BigFix Compliance version that you are using.
IMPORTANT: Before you start any upgrade process, perform a server and database backup.
A. For BigFix Compliance Analytics versions 1.9.x, 1.10.x and 2.0.x:
Make sure that you completed the server and database backup.
In the Security Configuration domain in the console, open the Configuration Management navigation tree.
Under the BigFix Compliance Install/Upgrade menu tree item, select the BigFix Compliance Server 2.0 - Upgrade Fixlet which automatically installs and upgrades to the new version.
Follow the Fixlet instructions and take the associated action to upgrade your BigFix Compliance deployment.
Update the data schema. To do this, log in to the BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data scheme is expected and it will take some time to complete. NOTE: Automatic upgrade installation only affects installations running under the LocalSystem account. Follow the Fixlet instructions to install the update manually if this fix cannot be applied.
B. For BigFix Compliance Analytics versions prior to 1.9:
Manually upgrade to version 1.10.1.48. The 1.10.1.48 installer can be found here http://software.bigfix.com/download/bfc/server/1.10/bfc-server-1.10.1.48.exe
After manually upgrading to version 1.10.1.48, use the BigFix Compliance Server 2.0 Upgrade Fixlet to upgrade to version 2.0 (See step A).
More information:
BigFix Compliance Guides: https://help.hcltechsw.com/bigfix/10.0/compliance/analytics.html
BigFix Forums - Release Announcements Channel: https://forum.bigfix.com/c/release-announcements/compliance
BigFix Compliance team
HCL BigFix