BigFix Inventory: Application Update published 2022-01-11

BigFix Inventory application update

Published site version:
BigFix Inventory v10 - version 149.

New optional fixlet to automatically update Log4j library from version 2.x to version 2.17.1 in VM Manager Tool. It is applicable to BigFix Inventory 10.0.3 or later.

Note that BigFix Inventory (with Log4j 2.15.0) is not impacted by specific Log4j vulnerabilities (CVE-2021-45046 and CVE-2021-45105). However, version provides an optional action which you can use to keep the Log4j library up to date.

For more information refer to the support article:

Actions needed:
To update the Log4j library in VM Manager Tool, run the Update the Log4j library in VM Manager Tool to version 2.17.1 - ( fixlet from the BigFix console.

For more information about how to install, maintain, and use BigFix Inventory application, refer to the user documentation:

– The BigFix Inventory Team


This is great, it certainly helps! Just one question - Compliance already released a version of the tool without Log4j altogether, are there future plans to go in that direction on Inventory side as well?

In case of BigFix Inventory application server (as in recent case of Compliance Analytics application server) the dependency on Log4j library was removed already in past. In case of two BigFix Inventory specific components that have this dependency no short term plans to move to alternate solution, it is under consideration for the future.


This topic was automatically closed after 30 days. New replies are no longer allowed.