BigFix Compliance: Availability of BigFix Compliance Analytics version 2.0 Patch 8

Product: BigFix Compliance

Title: Availability of BigFix Compliance Analytics version 2.0 Patch 8

Published site: SCM Reporting, version 152

Details:

BigFix Compliance Analytics version 2.0 Patch 8 is an Emergency Release to address an anomaly that occurred in BigFix Compliance Analytics version 2.0 Patch 7(Ref: SCA v2.0.7 Impact Notice 2022-11-4) which has been removed from the BigFix content repository.

For the customers that have previously installed BigFix Compliance Analytics version 2.0 Patch 7, please contact BigFix Support team to apply a Hotfix released earlier, before installing BigFix Compliance Analytics version 2.0 Patch 8.

The customers that are on BigFix Compliance Analytics version 2.0 Patch 6 or an earlier level can upgrade directly to BigFix Compliance Analytics version 2.0 Patch 8.

BigFix Compliance Analytics version 2.0 Patch 8 includes all the features, enhancements, and fixes that were included in BigFix Compliance Analytics version 2.0 Patch 7 as follows:

  • Rails updated from 5.2.6.2 to 5.2.8.2
  • IBM WebSphere Application Server Liberty updated to 22.0.0.8 to address vulnerabilities: CVE-2021-39031, CVE-2022-22475, CVE-2022-22476
  • IBM SDK Java Technology Edition Version updated to 8.0.7.11 to address vulnerabilities: CVE-2022-21340, CVE-2021-35550, CVE-2021-35603, CVE-2021-35559, CVE-2021-35560, CVE-2021-41035
  • Default Self-Signed certificate issued to/by HCL.
  • Import Server-Based groups by defining computer groups on BigFix Compliance side with specifying server-based groups as Data Source Group.
  • /session page now has attribute “autocomplete=off” to prevent browsers from caching credentials.
  • SupersededEval table now checks in LONGQUESTIONRESULTS
  • Fixed duplicate CVE ID in the “Most addressed vulnerabilities” list of Vulnerabilities Overview dashboard.
  • Fixed Display indicator when compliance percentage is between 0% and 1%
  • Updated Fixlet 1010 from SCM Reporting Fixlet site to disable weak cipher suites
  • Updated Fixlet 1009 from SCM Reporting Fixlet site to deploy log4j library of version 2.18.0

Actions to take:

  1. To take advantage of the fixes, upgrade BigFix Compliance Analytics to version 2.0.8.

For first time installation:

  1. In the License Overview Dashboard in the BigFix console (BigFix Management domain), enable the SCM Reporting site.
  2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.
  3. Select the Fixlet named BigFix Compliance Server 2.0 - First-time Install Fixlet under the BigFix Compliance Install/Upgrade menu tree node.
  4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.

For upgrade installation: Refer to the prescribed upgrade steps for the BigFix Compliance version that you are using.

IMPORTANT: Before you start any upgrade process, perform a server and database backup.

A. For BigFix Compliance Analytics versions 1.9.x, 1.10.x and 2.0.x:

  1. Make sure that you completed the server and database backup.
  2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.
  3. Under the BigFix Compliance Install/Upgrade menu tree item, select the BigFix Compliance Server 2.0 - Upgrade Fixlet which automatically installs and upgrades to the new version.
  4. Follow the Fixlet instructions and take the associated action to upgrade your BigFix Compliance deployment.
  5. Update the data schema. To do this, log in to the BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data scheme is expected and it will take some time to complete. NOTE: Automatic upgrade installation only affects installations running under the LocalSystem account. Follow the Fixlet instructions to install the update manually if this fix cannot be applied.

B. For BigFix Compliance Analytics versions prior to 1.9:

  1. Manually upgrade to version 1.10.1.48. The 1.10.1.48 installer can be found here http://software.bigfix.com/download/bfc/server/1.10/bfc-server-1.10.1.48.exe
  2. After manually upgrading to version 1.10.1.48, use the BigFix Compliance Server 2.0 Upgrade Fixlet to upgrade to version 2.0 (See step A).

More information:

BigFix Compliance team
HCL BigFix

Hi (@SJPutman) Steve,
Does the “BigFix Compliance Server 2.0 - upgrade” check for version 2.0.7 and/or the hotfix to prevent from issuing upgrade action?

Also there is no note in the upgrade task about applying the hotfix before taking action.

How can customer obtain the hotfix? Do they need to open a case with Compliance support team or BigFix support team?

Hello -

I have no exposure to the content of the packages. Please contact your Support team.

Thanks, Steve

I didn’t get a Update Schema after upgrading to this version. Is one not applicable for this upgrade? Upgraded from 2.0.7.