Availability of BigFix Compliance Analytics version 2.0 Patch 9

HCL BigFix is pleased to announce the release of BigFix Compliance Analytics version 2.0 Patch 9

Product: BigFix Compliance

Title: Availability of BigFix Compliance Analytics version 2.0 Patch 9

Published site: SCM Reporting 155

BigFix Compliance Analytics version 2.0 Patch 9 includes the following new features, enhancements, and fixes.

• Rails updated from 5.2.8.1 to 6.1.7.3
  CVE-2023-22797, CVE-2022-44566, CVE-2023-22795, CVE-2023-22794, CVE-2023-22796, CVE-2023-22792
• IBM WebSphere Application Server Liberty updated to 23.0.0.6 to address vulnerabilities:
  CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-2597.
• IBM SDK Java Technology Edition Version updated to 8.0.8.6 to address vulnerabilities:
  CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-2597.
• New HCL Branding for BigFix Compliance Analytics.
• Administrator Users can delete reports saved by other Users.
• SCA heap size recommendation increased from 4G to 8G.
• SCA Data Import log enhanced with messages about current memory available to Java Runtime:
  ->“Available memory for Java Runtime: X GB. To increase uncomment ‘-Xmx’ line in the - jvm.options and set in the range: 8g-12g, e.g., ‘-Xmx8g’.”
  ->“Low free memory: Y MB! Modify jvm.options and set -Xmx8g (or higher).”
  ->“Not enough JVM heap space: Modify jvm.options and set -Xmx8g (or higher).”
• Updated documentation to include steps and best practices for Uninstalling and reinstalling BigFix Compliance. https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCA_Setup_Guide/t_uninstalling_server_interactive_win.html
• Support for BigFix v11 TLS 1.3 enforcement option. Earlier SCA versions support only TLS 1.2 communication with BigFix Platform.
• Introduced database index maintenance job ( Full Database Index Reorganization) – created for fresh and upgraded installation. Database user used in SCA to successfully create a job must be a system admin or has the access of “SQLAgentUserRole” for msdb database to manage SQL Server agent jobs. Also SQL Server Agent must be configured and running.
• Added Fixlet ID and Relevant? column on “Subscribed Patches” report in SCA Patch computer drill down.
• Introduced “Remediations Required” report and adjusted counting to focus only on not superseded content.
• Disabled supersedence evaluation for Vulnerability reporting by default with option to restore previous behavior via options.cfg file: ‘pr.etl.supersedence.enabled’ setting. Actual behavior reported in Data Import log: “Using both Patch and Superseded Patches Meta-Data” / “Using only Patch Meta-Data”.
• KB0096824 SCA import gets stuck after enabling “Patches and Vulnerabilities”: step performance has been improved.
• KB0100313; KB0101052 Broken link for fixlet ID 1009: corrected link in fixlet updating log4j library.
• KB0097760: Manual computer group missing.
• BSU-13017 “Import Now" button is disabled after a scheduled Import : introduced protection mechanism to handle expectations when sending Notifications
• BSU-12799 – Raw Datasource Fixlet Results import steps got introduced Sequence number upper limit to prevent synchronization issues around fixlet relevance state.
• KB0106286/BSU-11019 Optimized Data Import Step: SCM::Computer Rollup : in some cases, step takes hours, time improved to minutes range.

Actions to take:

1. To take advantage of the fixes, upgrade BigFix Compliance Analytics to version 2.0.9.

For first time installation:

1. In the License Overview Dashboard in the BigFix console (BigFix Management domain), enable the SCM Reporting site.
2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.
3. Select the Fixlet named BigFix Compliance Server 2.0 - First-time Install Fixlet under the BigFix Compliance Install/Upgrade menu tree node.
4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.

For upgrade installation: Refer to the prescribed upgrade steps for the BigFix Compliance version that you are using.

IMPORTANT: Before you start any upgrade process, perform a server and database backup.

A. For BigFix Compliance Analytics versions 1.9.x, 1.10.x and 2.0.x:

1. Make sure that you completed the server and database backup.
2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.
3. Under the BigFix Compliance Install/Upgrade menu tree item, select the BigFix Compliance Server 2.0 - Upgrade Fixlet which automatically installs and upgrades to the new version.
4. Follow the Fixlet instructions and take the associated action to upgrade your BigFix Compliance deployment.
5. Update the data schema. To do this, log in to the BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data scheme is expected and it will take some time to complete. NOTE: Automatic upgrade installation only affects installations running under the LocalSystem account. Follow the Fixlet instructions to install the update manually if this fix cannot be applied.

B. For BigFix Compliance Analytics versions prior to 1.9:

1. Manually upgrade to version 1.10.1.48. The 1.10.1.48 installer can be found here http://software.bigfix.com/download/bfc/server/1.10/bfc-server-1.10.1.48.exe
2. After manually upgrading to version 1.10.1.48, use the BigFix Compliance Server 2.0 Upgrade Fixlet to upgrade to version 2.0 (See step A).

More information:

• BigFix Compliance Guides: https://help.hcltechsw.com/bigfix/10.0/compliance/analytics.html
• BigFix Forums - Release Announcements Channel: https://forum.bigfix.com/c/release-announcements/compliance

BigFix Compliance team
HCL BigFix