The BigFix team is pleased to announce the release of version 9.5 Patch 16 (18.104.22.168) of the BigFix Platform.
The main features in this release are as follows:
- Security enhancements
- DAs and defect fixes
- Added support for BigFix Relay for:
- Red Hat Enterprise Linux Version 8 x86 64-bit on Intel
- New feature Enhanced security of TLS connections with support of Diffie-Hellman (DHE) and ephemeral Elliptic Curve Diffie-Hellman (ECDHE):
- BigFix Platform 9.5.16 HTTPS servers now allow ephemeral Diffie-Hellman (DHE) and ephemeral elliptic curve Diffie-Hellman (ECDHE) for key exchange while keep leveraging on RSA for authentication. With this feature, new, random asymmetric keys are chosen for each TLS connection that are never written to persistent storage. When the TLS connection terminates, keys are securely erased, ensuring in this way that, if an RSA private key is ever divulged, that key cannot be used to decrypt any secret exchanged during TLS sessions.
Upgraded the following external libraries:
- The Codejock library was upgraded to Version 19.2.0.
- The YUI library was upgraded to Version 2.9.0.
- The Curl library was upgraded to Version 7.69.1.
Additional information about this release
- All BigFix Platform components are being released in this patch.
- Ensure to STOP the WebUI and any other active application connecting to the BigFix database BEFORE starting the upgrade.
- A manual Server upgrade is required if you upgrade from a version earlier than 9.5.5.
- A problem with the version of curl used in BigFix Platform 9.5.16 and 10.0.1 might cause a high number of sockets in TIME_WAIT state on the BigFix Web Reports machine. This can lead to issues with network communication between the BigFix Platform Components, especially if the Web Reports service is co-located on the Root Server. For more details, including recommendations and workarounds, please see this article.
BigFix downloads and release information
Upgrade instructions in HCL Help Center
Upgrade Fixlets are available in BES Support version 1437 (or later).