BigFix WebUI new release available (December 2023)

Release Announcements WebUI (Release Announcements)
1

The HCL BigFix team announces a new release of BigFix WebUI.
This release comes with an update to WebUI applications, and delivers the following functionality:

  • Added Amazon Linux 2023 and Windows Server 2012 ESU to Patch and Patch Policies applications.
  • Support Microsoft SQL Server 2022 for BigFix Insights database

The WebUI release addresses the following Security Vulnerabilities:

  • (CVE-2023-44487) htttp/2 protocol
  • (CVE-2023-40178) node-saml
  • (CVE-2020-8244) bl
  • (CVE-2023-38552, CVE-2023-39333, CVE-2023-45143) node.js
  • (CVE-2022-25883) semver

This release addresses the following Defect Articles:

  • KB0106802 - WebUI does not show complete content of relevance
  • KB0107152 - Cannot install Plugin Portal and Cloud Plugins from WebUI
  • KB0107838 - & character in computer group not escaped in autopatch mag
  • KB0100642 - Using openquery for remote queries
  • KB0108309 - HTML tags in IVR vuln description
  • KB0108022 - collation issue in merge statements
  • KB0108575 - Change handleApplicabilityFilter to use async
  • KB0108357 - Win 3rd party app fixlets sometimes not included in patch policy

How to update

WebUI will update automatically by default, unless configured otherwise.
Please note that updates for BigFix Insights must be done manually via the Application Updates page on WebUI. For more information, please see https://help.hcltechsw.com/bigfix/11.0/webui/WebUI/Admin_Guide/c_manage_application_updates.html.

Published WebUI Site Versions

WebUI Site Name Site Version
Application Administration 34
Common 85
Custom 44
Patch 43
Patch Policies 39
Profile Management 27
Query 37
Software Distribution 48
WebUI API 20
WebUI CMEP 14
WebUI Content App 22
WebUI Data Sync23 27
WebUI Extensions 7
WebUI Framework 28
WebUI Insights 23
WebUI IVR 13
WebUI Permissions and Preferences 21
WebUI Reports 18
WebUI SCM 12
WebUI Take Action 31

WebUI Documentation link:
https://help.hcltechsw.com/bigfix/11.0/webui/index.html

1 Like
3

With this WebUI release, the following setting:
_WebUIAppEnv_MSSQL_CXN_ENCRYPT=1
has been added to force encryption of the connection between WebUI and a remote MS-SQL database.
Encryption requires that both parties have ciphers compatible with at least TLS v1.
If MS-SQL is installed on a very old operating system, it is possible that the OS does not have the correct ciphers, communication will fail, and WebUI will stop working.

If this happens, BigFix recommends that you upgrade your db operating system to a newer version.
As a temporary measure, WebUI functionality can be restored by modifying the setting:
_WebUIAppEnv_MSSQL_CXN_ENCRYPT=0
thus reverting the connection to be unencrypted.

4 Likes
4

This topic was automatically closed after 30 days. New replies are no longer allowed.