BigFix WebUI and Insights new release available (January 2021)

HCL Software is pleased to announce a new update to BigFix WebUI and BigFix Insights. These releases introduce a range of enhancements, including new features, functionality, and improved security.

BigFix WebUI and Insights General Release - Features

  • New Device view with improved flexibility and user experience!

    The new Device page has been designed to greatly improve flexibility and user experience.

    The view on the Device page can now be customized by BigFix operators, allowing them to select and display the device properties of their interest among all the ones available in BigFix, both out-of-the-box and custom ones, including the ones coming from analyses. The view can be visually adjusted (column width and position) and is persistent for the operator.
    In addition to the existing filtering options, it is now possible to filter devices by any property that is present in the view, including custom properties and properties coming from analyses.

    The view also provides largely increased data density, and adapts to different screen resolutions to maximize real estate utilization.

  • Greatly simplified installation of BigFix Agents residing on AWS or Azure VMs via cloud-native APIs!

    You can now install the BigFix Agent in AWS and Azure environments much more quickly and easily by leveraging the cloud provider services and APIs directly from WebUI. You no longer need to provide Client credentials or deploy and configure the Client Deploy Tool (CDT).
    Note: this feature requires BigFix Platform version 10.0.2 or later.

Inline Reporting:

  • Additional export options:
    • You can now export in PDF to capture the Summary Charts

Patch application:

  • Added support for the following:
    • RHEL 5/6/7/8 Extended Support Updates
    • CentOS 8
    • Ubuntu 20.04
    • Oracle Linux 8

Patch Policies application:

  • Support for custom content

    • Custom content can now be added to a policy
  • Skip locked constraints when deploying policy

    • Operators with console ā€œCan Lockā€ permissions now have the option to deploy a policy to a locked device without having to first unlock the device
  • Added support for the following:

    • RHEL 5/6/7/8 Extended Support Updates
    • CentOS 8
    • Ubuntu 14.04/16.04/18.04/20.04
    • Oracle Linux 8

BigFix Insights:

Other modifications

  • Security Updates for WebUI:

    • CVE-2020-15366
    • CVE-2020-8244
    • CVE-2020-7751
    • CVE-2020-11023
    • WS-2020-0201
  • Resolved Defect Articles:

    • KB0082201: WebUI stuck in Loading Device Group
    • KB0084143: WebUI login stuck in the cachecheck page for NMOs when their permissions are modified
    • KB0084285: WebUI initialization failing
    • KB0084730: WebUI doesnā€™t work on Linux RedHat 6
    • KB0084852: Improve description of WebUI in DSA environment scenario
    • KB0084966: WebUI might not start when installed with BigFix v10 on DB2
    • KB0085195: Performance degradation in BigFix v10 environment while running WebUI
    • KB0085404: Unable to deploy baseline action as an offer
    • KB0085960: WebUI Patch page showing no entries for NMOs
    • KB0086393: Deploying using ā€œTarget by Groupā€ is allowed only for NMOs having unrestricted targeting permissions

How to update

Published WebUI Site Versions

WebUI Site Name Version
WebUI API 7
Application Administration 18
Patch Policies 18
Common 60
WebUI Content App 8
Custom 29
WebUI Data Sync 12
WebUI Framework 14
Insights 5
MDM 4
Patch 29
WebUI Permissions and Preferences 8
Profile Management 13
Query 20
Software Distribution 32
WebUI Reports 3
WebUI Take Action 13

WebUI Documentation link:

https://help.hcltechsw.com/bigfix/10.0/webui/index.html

BigFix Insights Documentation link:

https://help.hcltechsw.com/bigfix/10.0/insights/index.html

The BigFix WebUI & Insights Teams

6 Likes

We are running into major issues since this version was released. Our root is 9.5.16.90 and WebUI is a different server. We had WebUI auto-update enabled and never had issues until now. We use SAML. Support case opened. CS0200956

Issue: most of the WebUI appears to work fine, but when loading Patch Policies, we get an error:

{ā€œdataā€:{ā€œerrorā€:ā€œConversion failed when converting date and/or time from character string.ā€},ā€œstatusā€:500,ā€œconfigā€:{ā€œmethodā€:ā€œGETā€,ā€œtransformRequestā€:[null],ā€œtransformResponseā€:[null],ā€œjsonpCallbackParamā€:ā€œcallbackā€,ā€œurlā€:ā€œ/autopatch/api/policy/39/previewdelta/countā€,ā€œparamsā€:{ā€œforceCacheRefreshā€:false},ā€œheadersā€:{ā€œAcceptā€:ā€œapplication/json, text/plain, /ā€,ā€œX-XSRF-TOKENā€:ā€œ-------ā€}},ā€œstatusTextā€:ā€œInternal Server Errorā€,ā€œxhrStatusā€:ā€œcompleteā€,ā€œresourceā€:{}}

We think it has something to do with the new feature where custom content can be included in a policy. We donā€™t know if the issue started just because of the update, or because one of our operators was attempting to use/edit the custom content feature.

We also had the issue with it stuck in initializing prior to this, but re-pushed the db connection fixlet and restarted and that fixed that issue. This issue still persists. If we restart WebUI service, patch policies at least load for about 5 min. and then the error above comes back. Weā€™ve not tried to edit a policy in that time window yet.

2 Likes

Providing some updates as I got WebUI Patch Policy loading at the moment. Support was able to identify this error message in autopatch.log:

SELECT CUSTOM_FIXLETS.Name AS ā€œNameā€, CUSTOM_FIXLETS.SiteID AS ā€œSiteIDā€, CUSTOM_FIXLETS.ContentID AS ā€œContentIDā€, CUSTOM_FIXLETS.LastModificationTime AS ā€œModificationTimeā€ FROM CUSTOM_FIXLETS LEFT OUTER JOIN SITES ON SITES.ID=CUSTOM_FIXLETS.SiteID LEFT OUTER JOIN CUSTOM_FIXLET_FIELDS AS SUPERSEDENCECHECK ON SUPERSEDENCECHECK.SiteID=CUSTOM_FIXLETS.SiteID AND SUPERSEDENCECHECK.ContentID=CUSTOM_FIXLETS.ContentID AND (SUPERSEDENCECHECK.Name IN (ā€˜x-fixlet-supersededā€™, ā€˜x-fixlet-superseded-dateā€™)) LEFT OUTER JOIN CONTENT_VISIBILITY AS GLOBALHIDDENPATCHCHECK ON GLOBALHIDDENPATCHCHECK.SiteID=CUSTOM_FIXLETS.SiteID AND GLOBALHIDDENPATCHCHECK.ContentID=CUSTOM_FIXLETS.ContentID AND (GLOBALHIDDENPATCHCHECK.IsVisible = 0) LEFT OUTER JOIN CONTENT_VISIBILITY_USER AS LOCALHIDDENPATCHCHECK ON LOCALHIDDENPATCHCHECK.SiteID=CUSTOM_FIXLETS.SiteID AND LOCALHIDDENPATCHCHECK.ContentID=CUSTOM_FIXLETS.ContentID AND (LOCALHIDDENPATCHCHECK.UserID = 103) AND (LOCALHIDDENPATCHCHECK.IsVisible = 0) WHERE (CUSTOM_FIXLETS.IsDeleted IN (0)) AND (SITES.IsDeleted IN (0)) AND (CUSTOM_FIXLETS.IsTask IN (0)) AND (CUSTOM_FIXLETS.Category IN (ā€˜undefinedā€™)) AND (CUSTOM_FIXLETS.Source IN (ā€˜undefinedā€™)) AND (SITES.Name IN (ā€˜undefinedā€™)) AND (CUSTOM_FIXLETS.SourceReleaseDate>=ā€˜Invalid dateā€™ AND CUSTOM_FIXLETS.SourceReleaseDate<=ā€˜Invalid dateā€™) AND (SUPERSEDENCECHECK.Name IS NULL ) AND (GLOBALHIDDENPATCHCHECK.IsVisible IS NULL ) AND (LOCALHIDDENPATCHCHECK.IsVisible IS NULL ) AND (CUSTOM_FIXLETS.DefaultAction IS NOT NULL )

Specifically, it includes:

CUSTOM_FIXLETS.SourceReleaseDate>=ā€˜Invalid dateā€™ AND CUSTOM_FIXLETS.SourceReleaseDate<=ā€˜Invalid dateā€™

This feels like someone was trying to include custom fixlets (new feature) and somehow the dates were invalid (possibly input validation issue for the app team?)

WARNING: Below was done by me without input from support team. Re-apply at your own risk :wink:

I used SQL Mgmt studio and ran this query:

SELECT TOP (10) *
FROM [BFEnterprise].[webui].[apPOLICY]
WHERE [webui].[apPOLICY].[inclusion] LIKE ā€˜%custom":true%ā€™

custom":true is a part of the JSON that would indicate custom fixlet content is included in the policy.

From there I was able to ID the policyID then ran an UPDATE query to remove the entire custom_content object from the JSON.

UPDATE webui.apPOLICY
SET inclusion = ā€˜<json_without_custom_content_object>ā€™
WHERE policyID=<number_identified_from_select_query>;

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.