============================================== = Changes between 5.1 and 6.0 = ============================================== BES Console * Added new baselines tab. * Added new computer groups tab. * New ability to create "custom sites". * "Dashboards" menu item added. * Multiple sites can be added and removed simultaneously in Manage Sites dialog. * Added debug dialog using CTRL-ALT-SHIFT-D for troubleshooting. * Most dialogs are now resizable. * Most dialogs are now "non-modal" allowing users to use the console window underneath the dialogs. * Fixed an issue where the AD tree was case-sensitive. * NAV bar re-worked and bug with multiple Tasks listings for each site fixed. * Added %-complete column in action lists. * Refreshes in console no longer "build up" when showing the "Updated Content" dialog, which sometimes caused database problems when consoles were left open for long periods of time. * Non-master BES Console operators can now see Unmanaged Assets if they own the "scan point" and have the appropriate permissions (set in BES Admin) allowing them to see only a subset of unmanaged devices. * Unmanaged Assets can now be deleted by right-clicking on them. * Unmanaged Assets now have an editable field that allows for labeling the asset (i.e., "Main building router", "First floor printer", etc.) * "Find" now supported for Unmanaged Assets. * Customizable right-click menu ability added for computers. * Added "uncheck all" button to "Edit Column Settings" in the BES Console for managing the columns of retrieved properties displayed for computers. BES Server * MSDE version included in BES Server installed updated to "standard" MSDE 2000 SP4 version. * BES Server installer now supports installing with remote database option (instead of requiring complicated instructions). * FillDB should now be case-insensitive on usernames (helping to fix various inconsistent management rights issues). * SQL Server user privileges now uses role-based privileges instead of granting each user explicit permissions (this change only applies to underlying SQL Server permissions). * Fixed issue where besadmindebuglog.txt might write out 'sa' password during certain troubleshooting events that used the debug log. * Default private key size now 2048-bits for extra-enhanced security. * BES Server upgrade to BES 6.0 will remove unnecessary rows from database -- potentially saving significant BES Console memory usage for deployments with lots of actions. * BES Admin will now not allow users to switch from master to non-master operators thereby preventing multiple issues. BES Web Reports * Changed cache loading page to display better information. * Added databasename to load cache status. * Change filtering to be easier. * New look and feel. * Fully customized report abilities added. * BES Web Reports can now create a user with an arbitrary filter to view computers allowing for you to create non-administrator users with restricted views without requiring a BES Console user have the same view. BES Client * New BES Client cache for downloads to avoid re-downloading files unnecessarily (default cache size is 20 MB). * New BES Client utility cache for common "utility downloads" such as qchain.exe, runquiet.exe, etc. * Now launches separate application to show message and restart information to user (for security and portability reasons). * New option to show custom icon in the message and restart information to user. * New file system and registry inspectors to support 64-bit Windows operating systems * Changed inspector library files into two parts: core.dll and inspect.dll. * Updated openssl to latest version for enhanced security. * Bug fixed in broadcast address inspector to now return subnet broadcast address. * All activity is no longer suspended during relay selection (time slicing with other activities implemented). * Application usage inspectors added so the BES Client can track applications. * Enhanced "network connection aware" abilities to make the BES Client retry faster to connect when a new connection appears. * When the BES Client exits, it now logs the reason for exit. * Bandwidth throttling policies now take effect immediately on switching BES Relays. * New inspector to find the compute number of processor cores for multi-core processor * New enhanced date inspectors to help with date parsing. * DMI inspectors no longer shipping in Windows BES Client due to lack of use and potential problems with 16-bit applications. * New conditional downloading abilities in actions. * Fixed issue where an inbound gather or download UDP notification might cause the BES Client to restart evaluation from the beginning, which could lead to significantly longer evaluation times for all Fixlets/actions. * Enhanced CPU balancing (should reduce CPU spikes further with a slight cost to performance). * Fixed several problems with download retry counting and resetting. * BES Client now keeps first log file overflow file, rather than last, which will help with (rare) "lost log file" issues during troubleshooting. * Gather failures no longer cause the BES Client to pause for long periods of time. * Fixed bug that gave inconsistent results for computers with more than 50 IP addresses (new limit is 6400). * BES Client now reports "WinVista" instead of "Win2003" for Windows Vista OSes. * Every report will now contain the computer name (to prevent all properties from being "". * Non-fixlets going false are now logged 'Not Relevant' rather than 'Fixed'. * New advanced BES Client settings (with defaults): - _BESClient_Comm_CommandPollEnable = 0 - _BESClient_Comm_CommandPollIntervalSeconds = 9000 - _BESClient_Resource_InterruptSeconds = 60 - _BESClient_Download_UtilityCacheLimitMB = 10 - _BESClient_Download_DownloadsCacheLimitMB = 20 _ _BESClient_RegistrationManager_RegisterWith51Relays = 0 - _BESClient_ActionManager_LocaleEnable = 1 - _BESClient_ActionManager_RemindTakeActionsNow = 0 - _BESClient_ActionManager_TaskbarIcon = 0 * Action language significantly enhanced to include: - if, elseif, else, endif - parameter - createfile until - prefetch - custom site subscribe - custome site unsubscribe - action uses wow64 redirection - action launch preference low-priority - action launch preference normal-priority - regset64 - regdelete64 - script64 - utility - runhidden - waithidden * Many new inspectors BES Relays * BES Gather service removed and functionality was incoporated into the BES Relay service. * Extensive reworking of BES Relay internals for robustness and portability. * Relays now gather new versions of sites before telling clients that the new version is available (as opposed to telling the clients about the new site and then gathering site), which should increasive client responsiveness by a few minutes in some cases. ============================================== = Changes between BES 6.0.5.13 and 6.0.7.8. = ============================================== General - Fixed a bug where upgrades sometimes did not correctly display updated HTML style in the console. - Fixed a bug where new 6.0 installs were not geting database reindexing jobs created successfully. BES Client - Modified BES Client to eliminate a rare situation where the BES Client could potentially fail to send in reports. - Fixed a bug where the Windows "pending login" status was not correctly cleared. - Fixed a bug where the BES Client would not recognize action parameters attached to multiple action groups. - Improved quote and whitespace handling in delete action commands. - Fixed a bug with relevance substitution in the "download now" action command. BES Console - Fixed a bug where 6.0 console might not correctly propagate pre-6.0 start/end actions causing old multiple-action policies to refuse to run. - Fixed a bug where analysis summaries would sometimes show garbage summary counts for data that was being sorted using the version number sort logic (which includes strings like "1.0"). - Improved console handling of an error situation that caused signature errors when operators were promoted to administrators or vice-versa. - Fixed a bug where incorrect relevance for run to completion success criteria would sometimes cause "run to completion" actions to run twice even though they ran to completion the first time. - Fixed a bug where the relevance tab text in Create/Edit Fixlet dialog was inaccurate when editing a baseline. - Modified console behavior for multiple action groups while the action group is still running. Status now reports 'running' whereas previously the console would report 'pending restart'. - Fixed a bug where the computer settings dialog would incorrectly show the literal string "" in message title. The dialog now substitutes in the organization name correctly. - Fixed a bug where actions with a restart would cause the entire post-action tab of the Take Action dialog to be uneditable, instead of just the PostActionBehavior part. BES Relay - Modified BES Relay installer to save non-default settings (throttling, cache size, etc) properly during upgrade. BES Server - FillDB no longer retries documents that throw "ParsingFailure" exceptions to avoid infinitely retrying in very rare situations. Web Reports - Fixed a bug where filtering by analysis properties did not work as expected. - Improved CSV output for analysis computers report. - Fixed a bug where property names containing the "/" character caused reports not to load. ============================================== = Changes between BES 6.0.7.8 and 6.0.12.5 = ============================================== BES Client - Fixed a bug where reading the contents of an empty file sometimes caused an error. - Client change to decrease number of open files required during gather operation. - Clients can now be configured to support basic proxy authentication for clients that need direct Internet access through a proxy. - Fixed client bug that would cause the client to crash for deployments with 400-500 BES Console users. BES Console - Fixed an uncommon certificate issue when reading custom site revocation lists. - Fixed a bug where non-bigfix action scripts with run-to-completion relevance would always fail. - Console debug log now includes messages with a level of 'CRITICAL' (previously only included messages with a level of 'DEBUG'). - Fixed post-action message title and text weren't getting serialized correctly, leading to them not getting saved in the cache or presets, and not getting imported/exported correctly. This resulted in presets containing in the post-action message title. - Fixed console bug where deleting a property with content-editing windows open containing dropdowns that refer to the deleted property could lead to exceptions. - Fixed display issue where fixlet html body UI action sections could sometimes have an undesired blue block in the first action. - Fixed issue where baseline relevance was not being copied into multiple action groups created from that baseline. - Fixed issue where .bes files for multiple action groups with only a single action in them were being imported as single acitons (which would strip the baseline-level relevance). - Fixed bug where action presets that set a constraint with a "whose" clause wouldn't properly work. - Fixed reverse compatibility issue where 5.1 clients would sometimes not run Restart action that was part of a multiple action group because the console generated the action incorrectly. - Fixed issue with custom site subscribe actions and unsubscribe actions had incorrect relevance. - Fixed rare 'operand type clash' database error in console. - Fixed problem where actions would not run in certain cases if targeted by properties with multiple results. - Fixed and issue where deleting a custom analyses that was made in BES 5.1 could delete reserved/external properties. - Added an advanced deployment option "minimumConsoleRequirements". - Fixed console bug where presets would always add the current day to the day of week constraint. - Fixed console bug where incorrect error dialog when switching presets. - Fixed console bug where exporting external analyses sometimes didn't export the analysis properties. - Fixed console bug where importing a multiple action group would duplicate all of the member actions. BES Server - Improved gathering file-access robustness. - FillDB now discards documents if it encounters an unexpected exception type during parsing, rather than retrying them indefinitely (which would fill up the FillDB log). - Application Tracking will now display results for longer than 7 days. - Increased speed of upgrade installer for very large deployments. - Server installer changed to add web reports url in registry. - Fixed server installer bug in which uninstalling the server could sometimes remove the SQL agent service. Web Reports - Fixed web reports issue where unmanaged asset reports contained a creation time column which wouldn't work correctly. - Changed web reports "hidden fixlet report" to show hidden tasks, analyses, and baselines, and hid the corresponding types from the other reports. - Changed the web reports overview page to only show non-hidden fixlets. - Switched the Web reports "create filter" interface to split onto two separate pages to avoid confusion. - Fixed minor web reports analysis bug that caused analysis results to sometimes not appear. - Fixed web reports custom report issue where reports with more than 1 space were not dealt with properly. - Fixed bug where XML inspectors for custom reports wouldn't work correctly. - Web reports changed to not show custom actions if filtering by a fixlet. - Web reports debug log no longer includes passwords. - Web Reports HTTPS fixed to properly support certificate chains. - Web reports changed to discard fixlet results for which there is no valid fixlet (in order to save memory). - Added web reports options to support user isolation. - Fixed a web reports thread-safety issue that could potentially cause crashes, especially when two people loaded a report at the same time. - Fixed web reports caching issue where actionsite fixlet results were not being restored from the file cache correctly. ============================================== = Changes between BES 6.0.12.5 and 6.0.15.7 = ============================================== BES Client - Added Windows Vista support to allow message/restart dialogs to operate properly with the new user context model introduced in Vista. - Fixed issue where application usage statistics would not be properly stored if the process exited during a computer restart event (affects application tracking and power usage monitoring). - BES Client Compliance API now supports asking for immediate action evaluation. - Fixed issue where client could reset the 'force action countdown' timer if the computer restarts manually. - Fixed issue where client would allow "remind combo box" to contain values larger than interval until next action execution deadline. - Fixed issue where 6.0 clients were incorrectly tracking action state for baselines that were gathered in 5.1 immediately before the upgrade. - Fixed issue where processor inspector would sometimes miscount cores for multi-core processors. - Client "extract" command should now preserve modification times of files in compressed packages. - Fixed issue where client would leave small temp files left in __BESData folder if "command polling" was enabled on client. - BES Clients should now notice when a relay gets installed locally and change their relay selection policy appropriately. - Fixed rare memory corruption bug in client when a Fixlet site is removed. - Updated all components to use OpenSSL 0.9.8d (from 0.9.8a) to help fix security issues in previous OpenSSL version that could lead to security compromise. BES Server - Changed the way BESAdmin loads database information to use less memory when deleting BES users. - Fixed a small pontential memory leak with the BES Server download components. - Changed default download inactivity timeout from 30 to 300 to help avoid BES Server download failure/retry. - Fixed a potential registration looping problem that could cause the BES Root Server to stop responding to clients. - Fixed rare potential rate limiting issue for UDP download messages to make sure that fewer than 100 UDP messages go out per second. - Fixed rare issue where failed downloads were reported as successes. - Updated all components to use OpenSSL 0.9.8d (from 0.9.8a) to help fix critical security issues in previous OpenSSL version that could lead to security compromise. BES Console - Fixed issue with custom sites where Fixlets created by non-master operators would not work for other operators. - Improved performance of dashboards by decreasing iteration time. - Made change to common BES Console query to reduce (small) unnecessary database traffic. - Fixed minor latent console crash bug. - Fixed issue where console dialogs could potentially crash when pressing escape in edit controls. - Updated all components to use OpenSSL 0.9.8d (from 0.9.8a) to help fix security issues in previous OpenSSL version that could lead to security compromise. BES Web Reports - Web reports fix to reduce memory usage on large analysis computer reports. - Fixed potential issue where "Top 10 Overview" list could have incorrect counts/percentages. - Updated all components to use OpenSSL 0.9.8d (from 0.9.8a) to help fix critical security issues in previous OpenSSL version that could lead to security compromise. BES Relay - Updated all components to use OpenSSL 0.9.8d (from 0.9.8a) to help fix critical security issues in previous OpenSSL version that could lead to security compromise. ============================================== = Changes between BES 6.0.15.7 and 6.0.20.9 = ============================================== BES Client - Fixed an issue where the “download now” command would fail if __Download folder didn't exist. - Fixed an issue that was causing signature errors when a non-master operator propagates a fixlet from a wizard. - Optimized the amount of client disk access for registry and compliance request file existence tests when compliance registry keys are not configured. - Changed the Client Compliance API to no longer check that the client process is running before submitting request in order to support Windows Vista. - Fixed an issue where Itanium and Pentium Pro processors were not being detected correctly. - Added 'ia64 of operating system' inspector. - Fixed an issue where taking a default action for a single action should use any action settings supplied in the fixlet. BES Server - Fixed an issue where a BES 6.0.15 root server was sending notification UDP messages to clients whose registration was expired. - Added a timeout on posting results to parent relays to deal with issues caused by improperly closing connections (added setting BESRelay_PostResults_PostTimeoutSeconds which defaults to 10 minutes). - Made a modification to reduce BESAdmin memory usage while propagating. - Provided a new _BESGather_Comm_AllowFileURLMoniker setting (defaults to false) which can be set to "true" to allow "File://" URL requests to work on this machine. - Fixed a BESAdmin issue that could lead to cache consistency errors. - Fixed an issue that could cause propagation to slow down as site versions get large. BES Console - Added support for IE7 in the BES Console. - Made several memory usage optimizations to the BES Console and Web Reports by using more memory-efficient data structures, compression, and related enhancements. Expected 20%-50% reduced memory usage. - Fixed an issue where the Take Action Dialog was slow to open. - Added option to enforce a database query timeout during actionsite refreshes so that shared database locks aren't held for an unnecessarily long time by slow console users. - Fixed an issue related to the importation of Multiple Action Groups. - Made a modification to the database connection string so that the database can distinguish between different versions of the BES Console. This can be used to prevent old consoles from connecting to the database. - Fixed an issue where baseline components that didn't have their "include in relevance" flag set were having their relevance put into the action anyway. - Fixed an issue that was causing invalid signature errors for external fixlets with custom action settings. - Optimized certain queries to reduce database CPU load. - Fixed an issue where Multiple Action Groups taken through TakeDefaultActions were getting incorrect success criteria. - Fixed an issue to remove the Take Action Dialog post-action locking when there is a restart command in the action script. - Fixed an issue where sorting by applicable computer count in analysis list control used wrong sort values. - Changed the Take Action Dialog to make it easy to read long property names in drop boxes. Combo box should now resize when the Take Action Dialog is resized. - Provided a warning to users if they try to create an action with infinite applications and an applicability relevance of "true". - Fixed an issue where 'results of ' would sometimes return incomplete results. BES Web Reports - Fixed an issue where installing a fresh standalone copy of Web Reports was causing an error. - Web Reports filtering performance improved. BES Relay - Changed minimum RelaySelect_IntervalSeconds from 0 to 10 minutes to prevent continual registrations. BES API - Fixed an issue where creating actions through BESAPI.XMLImporter wasn't setting "action issue date" parameter. ============================================== = Changes between BES 6.0.20.9 and 6.0.21.5 = ============================================== BES Server / BES Relay: - Fixed an issue where a rare timing event would cause gathering to hang until restarted (affects BES Relay and BES RootServer). BES Web Reports: - Fixed an issue where web reports pages were artificially throttled to serve up no more than 100kb/s. - Fixed an issue where filtering by automatic groups in web reports wasn't returning any results. BES Console: - Fixed an issue where setting custom fixlet cve id or sans id was broken. ============================================== = Changes between BES 6.0.21.5 and 6.0.28.4 = ============================================== Security (fixed a number of security-related issues found during formal security audit and code review): - Added better validation of PKCS7 signatures to prevent critical issue with malformed signatures from crashing or running unauthorized code (affects all BigFix components: server, relay, agent, console). BES Relay - Fixed issue #15615 - Fixed rare buffer overflow that caused the BES Relay service to crash - Fixed issue #18168 - Fixed the relay's download notification mechanism to prevent download ping suppression in cases where it was needed Web Reports - Fixed issue #15516 - Fixed rare issue that would cause Web Reports 6.0.21.5 process to hang - Fixed issue #16469 - Fixed an issue where normal Web Reports users could not change their password if their username contained any capital letters - Fixed issue #14764 - Fixed an issue where Web Reports might crash when attempting to reset a database connection - Fixed issue #14069 - Fixed an issue where trying to sort by column in some analyses throws an exception - Fixed issue #14071 - Fixed an issue where a Read-only Web Reports user could create public and private external stored reports