What is new in BigFix 11 Platform
BigFix Platform 11 delivers three major changes in the security area by adding support for OpenSSL3, SHA-384 and TLS 1.3. This releases also delivers new features, an updated list of supported platforms, and several upgraded libraries.
- Version 11
-
- OpenSSL v3
- BigFix Platform 11 uses OpenSSL v3 in all its components to ensure
maximum protection of network traffic. More in detail, the version
of the library is 3.1.1. Aside from the general benefits in the
security area, the presence of OpenSSL v3 has the two following
major consequences:
- Any HTTPS communication in which at least one of the two parties is represented by a BigFix Platform 11 component must use TLS 1.2 as minimum protocol version.
- SHA1 is no longer used as hashing signature algorithm to validate TLS communication as well as all BigFix content and actions (SHA1 is still supported as hashing for file downloads).
For more details, see BigFix Platform V11 Overview Page.
- SHA-384 support
- BigFix 11 uses a stronger hash based on SHA-384 as cryptographic
digest algorithm for all digital signatures to validate TLS
communication and all BigFix content and actions at every step. This
change does not affect the hash used to verify downloaded files
which can still be SHA-1 or SHA-256.
SHA-256 hash signatures are still supported but you have also the option of enforcing usage of SHA-384 only to comply with specific security requirements.
For more details, see BigFix Platform V11 Overview Page.
- TLS 1.3 support
- BigFix Platform now supports TLS 1.3 for HTTPS communications among
the BigFix components, maintains the support of TLS 1.2 and no
longer supports TLS versions lower than 1.2.
By default, BigFix Platform 11 supports both TLS 1.2 and TLS 1.3, while – due to the upgrade to OpenSSL v3 – it does no longer support TLS 1.1 or below.
For more details, see BigFix Platform V11 Overview Page.
- Relay Drive Space Protection From Downloads
- BigFix Platform adds now the capability to prevent the BigFix Relay
ActiveDownloads folder from filling up, by using a new setting
named
_BESRelay_Download_ActiveDownloadsMaxSizeMB, which represents the maximum size, specified in MB, that the folder can reach.For details, see Managing Downloads.
- Perl Regular Expressions for non-Windows platforms support
- The Perl Compatible Regular Expressions (PCRE) syntaxes, introduced
with BigFix Platform 10.0.8 and available on the Windows client, are
now also supported on several non-Windows platforms such as Debian,
Mac, Raspbian, Red Hat, SUSE, Solaris Intel and Ubuntu.
For details, see regular expression.
- Plugin Portal - Optimized devices data serialization
- Plugin Portal optimization in terms of memory usage of the plugin portal machine as well as in the evaluation time of fixlet and analysis, with this leading to an increased responsiveness in returning data and executing actions on discovered devices.
- New set of REST APIs
- BigFix Platform 11.0 now supports a new set of Rest APIs that enable
exploiters such as the BigFix WebUI to access the Download status of
the actions. These Rest APIs allow also to re-submit failed
downloads.
For details, see Action.
- Added support for BigFix Console
- The BigFix Console Version 11.0 adds support for:
- Windows 11 23H2
- Added support for BigFix Relay
- The BigFix Relay Version 11.0 adds support for:
- AIX 7.3
- Raspbian 11
- Tiny Core 13
- Tiny Core 14
- Windows 11 23H2
- Added support for BigFix Agent
- The BigFix Agent Version 11.0 adds support for:
- Debian 12 x86-64
- MacOS 14 ARM/x86 64-bit
- OpenSUSE Leap 15.4 x86-64
- OpenSUSE Leap 15.5 x86-64
- Windows 11 23H2
- Added support for new database level
-
- Microsoft SQL Server 2022 support
- Microsoft SQL Server 2022 deployed in a docker container
For details, see Installing a server with remote database deployed in a docker container and Database requirements.
- Note also that, on BigFix Platform 11.0:
-
- The minimum supported SQL Server version is 2014 as Microsoft SQL Server 2012 is no longer supported.
- DB2 is a prerequisite for the installation of the BigFix Server on Red Hat Linux. DB2 is not distributed with BigFix 11. For existing BigFix 9 and 10 customers with a DB2 entitlement, the entitlement remains. For new customers on BigFix 11, a DB2 license must be acquired. The BigFix team is considering adding, in the near term, the possibility to utilize Microsoft SQL Server for BigFix deployments on Linux.
For information about database requirements, see Installation requirements for DB2 database products and Database requirements for information about the DB2 versions supported by BigFix.
- Operating systems support matrix has been updated
- In particular, for some platforms the minimum operating system version supported has changed. To see which operating system versions are supported, refer to the V11 system requirements page available at: BigFix Support Matrix.
- Several libraries are upgraded to a newer version:
-
Library V11 Library Version jQuery Version 3.6.4 libcURL Version 8.1.2 Microsoft Visual C++ Redistributable library Version 2019 OpenSSL Version 3.1.1 OpenLDAP Version 2.6.4 SQLite Version 3.41.2 zlib Version 1.2.13 AWS SDK Version 1.44.165 Azure SDK Version 1.0.0 (with azidentity v1.2.0) GCP SDK Version 0.105.0 VMWare SDK Version 0.30.0