BigFix 10.0 Patch 4 is now available!

The BigFix Team is pleased to announce the release of version 10 Patch 4 (10.0.4.32) of the BigFix Platform!

The main features in this release are as follows:

AWS IAM Role Support: You can now take advantage of AWS IAM roles to perform cloud instance discovery and management. This adds further flexibility and reduces overhead in the management of AWS credentials as cloud endpoint access permissions may now be leveraged either through IAM users or through IAM roles. For details, see Installing cloud plugins

Multi-project service accounts support for Google Cloud: You can now take advantage of multi-project service accounts support for Google Cloud to more easily discover the cloud instances associated to different Google Cloud projects managed by a single service account. For details, see Installing cloud plugins

Simplified action targeting to correlated endpoints: You can now create computer groups based on properties retrieved on endpoints both by the BigFix Agent and the Plugin Portal. This enables creating groups for cloud endpoints based on the properties associated to the cloud instances which you can then use to target actions to be run by the BigFix Agent. For details, see Server Based Computers Groups

Reduce network traffic by limiting PeerNest UDP messages on specific subnets: When using the PeerNest feature, you can now reduce the network traffic associated to PeerNest UDP messages exchanged by the endpoints connected to the same subnet. This can be useful in situations where you have a number of BigFix Clients running in a VPN infrastructure. For details, see Working with PeerNest

Native Support for PowerShell: Along with BigFix Action Script, UNIX Shell Script and AppleScript you can now also leverage PowerShell as Action Script Type natively. For details, Action Script Tab and PowerShell

Simplify BigFix Agent deployments with improved CDT UI: The User Interface of the Client Deployment Tool (CDT) has been enhanced to simplify user input with multiple client settings and credentials. This will speed up the BigFix Agent deployment in scenarios where you have multiple targets and the targets have different credentials or you need to specify multiple custom client settings. For details, see Deploying clients from the console

Enhanced visibility of licensing information: The BigFix License Overview Dashboard has been improved to provide better visibility of the licensing information associated to with BigFix deployment. You can now have better insights on the status of the different entitlements as well as get a better understanding of the BigFix offerings your endpoints are subscribed to. For details, see License Overview Dashboard

Support 5x more endpoints through a single Plugin Portal instance: You can now leverage the new version of the Plugin Portal to handle up to 50K endpoints per instance. This in turn will reduce your total cost of ownership in scenarios where you have to manage a high number of cloud or MCM endpoints. For more details, see the Plugin Portal

Other Enhancements

Added support for:

  • BigFix Relay on Tiny Core 11

Upgraded the following libraries:

  • libcurl to version 7.77.0
  • OpenLDAP to version 2.4.58
  • SQLite to version 3.35.5

Fixed DAs and defects. For details, see the technical specification section below.

​​​​​​​Additional information about this release

The standalone BigFix tools are published under the 10.0 Utilities section in BigFix Enterprise Suite Download Center
​​​​​​​
References

See the full technical changelist
​​​​​​​
Pre-Upgrade Considerations

  • This release includes all the BigFix Platform components. It also includes the Plugin Portal that enables the Multicloud and Modern Client Management capabilities.
  • When upgrading the Plugin Portal from versions older than 10.0.4, the Plugin Portal represented endpoints might get unsubscribed from certain Custom Sites. See here for more details.
  • The unixODBC RPM package is a prerequisite for the Server components on Linux systems (see Server Requirements). This applies to version 10.0.2 and later.
  • Upgrade paths to BigFix 10 begin with v9.5.10 or later. For details, see Upgrade paths (Windows) and Upgrade paths (Linux).
  • For detailed information on the specific changes to minimum supported versions of operating systems and databases for BigFix 10, see Detailed system requirements.
  • Before getting started with the upgrade process, stop any active application that is connected to the BigFix database (such as Web Reports, WebUI, BigFix Inventory, or BigFix Compliance).

Useful links

Upgrade Fixlets are available in BES Support version 1456 (or later).

Known Issues

BigFix Server 10.0.4 may crash if it is configured to go through a proxy. For more details, including recommendations and workarounds, please see https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0093209

​​​​​​​– The BigFix Platform Team

12 Likes

Hey @Aram, I found an issue with clause 5 of the applicability relevance in Fixlet ID 4992: BigFix - Updated Platform Server Components version 10.0.4 Now Available!

It ends with this test, which is kind of self-defeating. Perhaps you meant to test for less than rather than equality.

... AND (version of registration server = "10.0.4.32"))

2 Likes

Thank you for the feedback! We will confirm, but I believe the relevance clause you refer to above is written properly. The check in question applies to situations when the Root Server has been updated, but other components such as the Console, Web Reports, or WebUI have not.

Well, that’s embarrassing… The BES Administration tool was running on my root server, causing that clause to be false. Never mind, as the comedienne once said.

2 Likes

In the notes for this version it mentions security vulnerabilities and library upgrades:
The ​​​​​​​libcurl library was upgraded to Version 7.77.0.
The OpenLDAP library was upgraded to Version 2.4.58.
The SQlite library was upgraded to Version 3.35.5.

Are there CVE numbers related to the security vulnerabilities? I am looking for those to check their severity, since we look at the severity to determine how soon we need to install the update.

2 Likes

In the description for Patch 4 it mentions that it updates libcurl to version 7.77.0
Searching online I found a CVE-2021-22901 that is for libcurl 7.75 and 7.76 and is rated High.
https://nvd.nist.gov/vuln/detail/CVE-2021-22901

Is there any documentation that addresses if BigFix is affected by CVE-2021-22901 and that Patch 4 resolves this issue?

Hello, BigFix Platform v10 is not affected by the CVE-2021-22901 vulnerability as it doesn’t use libcURL7.75 or 7.76 in any of its versions. Hence nothing that 10.0.4 had to address to solve it: libcURL was proactively upgraded.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.