BigFix 10.0 Patch 6 is now available!

The BigFix Team is pleased to announce the release of version 10 Patch 6 (10.0.6.84) of BigFix Platform. The main features in this release are as follows:

• Security enhancements

• Defect Articles (DA) and defect fixes

• Added support for Raspberry PI OS 11 (Agent)​

• Performance improvements in the PlugIn Portal to reduce RunAction execution time: the Plugin Portal supports full BigFix scale for cloud and mobile devices and is now more efficient than ever! Memory requirements have been reduced by 89% per plugin, with an 18% improvement in the Run Actions execution time!

• Upgrade of the following libraries:
  OpenSSL to version 1.0.2zd
  zlib to version 1.2.12
  jquery to version 3.6.0
  jquery-ui to version 1.13.1

For details, see the technical specification section below.

Additional information about this release

The standalone BigFix tools are published under the 10.0 Utilities section in BigFix Enterprise Suite Download Center.
A Non-Functional Requirements checklist, covering both performance and security management of your BigFix deployment, is available at BigFix Performance & Capacity Planning Resources
​​​​​​​
References

• See the full technical changelist

.
​​​​​​​
Pre-Upgrade Considerations

• This release includes all the BigFix Platform components. It also includes the Plugin Portal that enables the Multicloud and Modern Client Management capabilities.
• The unixODBC RPM package is a prerequisite for the Server components on Linux systems (see Server Requirements). This applies to version 10.0.2 and later.
• Upgrade paths to BigFix 10 begin with v9.5.10 or later. For details, see Upgrade paths (Windows) and Upgrade paths (Linux).
• For detailed information on the specific changes to minimum supported versions of operating systems and databases for BigFix 10, see Detailed system requirements.
• Before getting started with the upgrade process, stop any active application that is connected to the BigFix database (such as Web Reports, WebUI, BigFix Inventory, or BigFix Compliance).

Useful links

• BigFix downloads and release information
• BigFix 10 documentation
• Upgrade Windows considerations
• Upgrade Linux considerations
• Detailed system requirements

Upgrade Fixlets are available in BES Support version 1466 (or later).

​​​​​​​– The BigFix Platform Team

Where is the link to the release information listing CVEs by affected BigFix component?

It used to be this type of detail was provided with BigFix release announcements. I believe it was in a separate KB article that also included the CVSS of the CVE.

That detail was valuable because the cost of patching vulnerabilities varies depending on the component. A vulnerability on the server-side means patching just a handful of endpoints, while a vulnerability for clients means patching hundreds or thousands of computers. A big change like that could mean coordination between multiple teams, additional testing, and a cumbersome change control process. Furthermore, a BigFix vulnerability might affect a component on Windows but not Linux. Customers would want to know that before prioritizing patching activities. Understanding these details is valuable, and I would like to see that communicated in future release announcements.

Do the Plugin Portal performance improvements have dependency on the Platform itself being upgraded first? Can we take advantage of them by upgrading the Plugin Portal & plugins alone?

Just received this notice:

A new Security Bulletin Security Bulletin: HCL BigFix Platform is affected by multiple vulnerabilities around Web Transport Security (TLS), security-related HTTP headers, Privilege Escalation, OpenSSL and zlib for the BigFix Platform product has been published.

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116

It is not documented, but you can upgrade only the Plugin Portal + Plugins; the fixlet’s relevances only require server and client > 10.0; that performance improvement is in the Plugin Portal code.

If the previous installed Plugin Portal version is <= 10.0.3, I suggest to careful read the fixlet description and decide if disabling the additional site filtering

This topic was automatically closed after 30 days. New replies are no longer allowed.