BigFix Inventory: Application Update 10.0.7.0.1 published 2022-01-11

GJablonska · January 11, 2022, 6:05pm

Product:
BigFix Inventory application update 10.0.7.0.1

Published site version:
BigFix Inventory v10 - version 149.

Features:
New optional fixlet to automatically update Log4j library from version 2.x to version 2.17.1 in VM Manager Tool. It is applicable to BigFix Inventory 10.0.3 or later.

Note that BigFix Inventory 10.0.7.0 (with Log4j 2.15.0) is not impacted by specific Log4j vulnerabilities (CVE-2021-45046 and CVE-2021-45105). However, version 10.0.7.0.1 provides an optional action which you can use to keep the Log4j library up to date.

For more information refer to the support article: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486

Actions needed:
To update the Log4j library in VM Manager Tool, run the Update the Log4j library in VM Manager Tool to version 2.17.1 - (10.0.7.0.1) fixlet from the BigFix console.

For more information about how to install, maintain, and use BigFix Inventory application, refer to the user documentation: https://help.hcltechsw.com/bigfix/10.0/inventory/welcome/BigFix_Inventory_welcome.html

– The BigFix Inventory Team

ageorgiev · January 12, 2022, 9:59am

This is great, it certainly helps! Just one question - Compliance already released a version of the tool without Log4j altogether, are there future plans to go in that direction on Inventory side as well?

GJablonska · January 12, 2022, 12:02pm

In case of BigFix Inventory application server (as in recent case of Compliance Analytics application server) the dependency on Log4j library was removed already in past. In case of two BigFix Inventory specific components that have this dependency no short term plans to move to alternate solution, it is under consideration for the future.

system · February 10, 2022, 6:05pm

This topic was automatically closed after 30 days. New replies are no longer allowed.