The BigFix Team is pleased to announce the release of version 9.5.76 of BigFix Server Automation.
The main reasons to upgrade to this release are as follows:
Server Automation
Features:
SA Console : Enhance Server Automation email notifications to provide improved visibility and integration with the BigFix Console at the Plan Engine.
SA Rest API : Enhance Server Automation email notifications to provide improved visibility at the Plan Engine using SA REST API.
SA REST API : Enhancements for Enabling AIX LPAR Provisioning from Cloud Environments.
Defect Articles:
KB0128424 : Server Automation REST API does not allow specifying/customizing TLS Cipher Lists.
KB0129384:Plan Engine unable to send email
Security enhancements
CVE-2025-56200/CVE-2025-12758:Validation bypass vulnerability, upgrade to validator-13.15.22
CVE-2025-64718:js-yaml parser vulnerability, upgrade to js-yaml - 4.1.1
CVE-2025-15284: INC-2025-027:Security Alert:High: affecting qs : Query string parser library
CVE-2026-25639:INC-2026-028:HIGH: affecting axios ( npm )
CVE-2026-26996: High vulnerablity: RC build Whitesource scanning(Minimatch)
CVE-2026-27904: High vulnerablity (Minimatch)
CVE-2026-1188:Upgrade IBM Semeru Open Runtime from 8.0.372.0 to 8.0.482.0 (Security Update – Jan 2026)
CVE-2026-33228 affecting flatted (npm)
CVE-2026-27601:SA REST Node: High: affecting underscore(npm)
Additional information about this release
Published site and components version:
Server Automation - Site Version: 100
SA Rest API version: 9.5.76
Useful links
BigFix Server Automation Documentation:
– HCL BigFix – Lifecycle Team