============================================= = Changes between 8.2.1456.0 and 8.2.1472.0 = ============================================= 8.2.1472 (8.2 patch 12) is a patch release to close security vulnerabilities. If you are running a 8.2 deployment, you need to upgrade in order to close the vulnerabilities. CHANGES: Security * Updated version of OpenSSL used by Platform to 0.9.8zg * Updated version of jQuery to 1.8.2 * Eliminated use of RC4 cipher to eliminate "Bar Mitzvah" vulnerability. * Changed use of frames to eliminate clickjacking vulnerability =========================================== = Changes between 8.2.1445 and 8.2.1456.0 = =========================================== 8.2.1456 (8.2 patch 11) is a patch release to close security vulnerabilities that affects server components. If you are running a 8.2 deployment, you need to upgrade in order to close the vulnerabilities. CHANGES: Security * Updated version of OpenSSL used by Platform to 0.9.8zc * Eliminated use of SSL 3.0 protocol in order to close "POODLE" vulnerability. ========================================= = Changes between 8.2.1409 and 8.2.1445 = ========================================= 8.2.1445 (8.2 patch 10) is an emergency patch release to close a critical security vulnerability that affects server components. If you are running a 8.2 deployment, you need to upgrade immediately in order to close the vulnerability. CHANGES: Security * Fixed security vulnerability in Web Reports and Server API. Web Reports * Fixed issue where WebReports does a full refresh on background exception (issue #55760, APAR: IV45904) (Agents, relays, servers, and consoles are not exposed to this vulnerability and are not being patched) ============================================= = Changes between 8.2.1400 and 8.2.1409 = ============================================= Agent * Fixed issue where an agent starting with logged on users with non-ASCII names caused an error message regarding ClientUI files (issue: 57581, APAR: IV42742) Console * Fixed issue causing Console error message: "SignedDataVerificationFailure in ROLES.inheritedUsers" (issue: 55156, APAR: IV37450) Database * Fixed issue introduced in 8.2.1400 that caused database index reorganization jobs to fail (issue: 58140, APAR: IV44094) Server * Fixed issue that caused gathers to fail when multiple files exist with the same name in different folders within a site (issue: 55068) ============================================= = Changes between 8.2.1372.0 and 8.2.1400.0 = ============================================= Agent * Fixed a crash when attempting to escalate privileges while enumerating processes (issue #54724, APAR: IV38546) * Fixed a bug that prevented automatic group memberships from being updated correctly (issue #56281, APAR: IV33933) * Fixed a crash caused by the "archive now" action script command (issue #57175, APAR: IV42307) Console * Fixed a bug preventing non-master operators from creating custom copies of multiple fixlets (issue #50198, APAR: IV39330) * Fixed a UI freeze when modifying actions (issue #53979, APAR: IV39342) * Improved operator list performance when there are many operators (issue #55752) * Improved action list performance, especially when sorting by the "% Complete" column (issue #57107) Relay * Fixed a bug that prevented relays from deleting malformed reports (issue #57283) Server/Console * Improved performance when dealing with large numbers of action results, especially for non-master operators (issue #57274) Web Reports * Fixed a bug causing passwords to be written to the debug log if they were included in the URL of the request (issue #57183) ============================================== = Changes between 8.2.1364 and 8.2.1372 ============================================== Server/Web Reports * Upgraded OpenSSL 0.9.8y to remediate the Lucky Thirteen OpenSSL * Vulnerability Web Reports * Closed a cross-site scripting (XSS) vulnerability (bug #55120) Agent * Fixed a Mac OS X agent crash issue related to enabling FIPS mode (bug * #55688) ========================================= = Changes between 8.2.1322 and 8.2.1364 = ========================================= Client * Added ability to retry HashMismatch downloads (bug #50525) * Fixed an issue related to a Mac Active Directory conflict after upgrade to client version 8.2.1320 (bug #52193) (APAR IV29265) * Fixed a 60 second delay in running the client UI from a desktop shortcut on Win7 or Server 2008R2 (bug #52459) * Fixed an issue related to cleaning up the Active Directory cache after leaving a domain (bug #43274) * Fixed an issue related to failed manual installation attempts on the Mac client (installer gives installation successful message) (bug #51435) (APAR IV27572) * Fixed an issue where the Mac client on Mac OS X 10.6 and above does not properly install as root (bug #52265) * Fixed a permissions issue related to running the Mac client UI (bug #54276) * (APAR IV33257) * Fixed a memory leak in the Mac client (bug #54589, #54806) * Fixed an issue related to the Endpoint Manager Support Center icon disappearing from the menu bar after clicking on the 'OK' button (bug #49074) Relay * Fixed an issue where relays can leak manymirror directories if gathering is interrupted (bug #51844) (APAR IV32364) Server * Fixed an issue related to the account lockout feature in 8.2.1310 (bug #51652) (APAR IV27211) * Fixed an issue related to ForceRefresh being sent to non-targeted clients (bug #52359) * Fixed an issue related to frequent updates to relays.dat affecting client responsiveness (bug #52787, #53101) (APAR IV31305) * Fixed an issue related to server performance after rotating the server signing key (bug #53384) (APAR IV32825) * Fixed an issue related to inconsistent file list versions causing files to be discarded (bug #54080) Console * Fixed an issue related to accessibility of Take Action Dialog (TAD) buttons in Japanese on 1024x768 screens (bug #54813) (APAR IV33269) Session Inspectors * Added "success criteria of " inspector (bug #51317) ========================================= = Changes between 8.2.1312 and 8.2.1322 = ========================================= Client * Fixed a memory leak issue in the 8.2.1310 Mac agent (bug #51629) ========================================= = Changes between 8.2.1310 and 8.2.1312 = ========================================= Server * Fixed an issue where activated analyses were deactivated upon upgrade to 8.2.1310 (bug #51362) (APAR IV26997) ========================================= = Changes between 8.2.1175 and 8.2.1310 = ========================================= Client * Added client support for Mac OS X Mountain Lion * Introduced Mac client installer changes (new installer method for OSX 10.6 and higher) * Added limited support for Windows 8 and 2012 (no changes for Metro UI in this release) * Added limited support for Solaris 11 (no support for IPV6, no support for Client UI) * Fixed an issue with the security descriptor inspector (bug #26895) * Prevent Client UI from popping up or stealing focus from applications in fullscreen mode (bug #28443) * Fixed an issue with the application usage inspectors on Mac (bug #34282 [APAR IV20231]; bug 49181 [APAR IV20232]) * Fixed issues with the logged on and user inspectors on Mac (bug #40186, bug #40460, bug #44244) * Fixed an issue with the handling of non PreWin2K compatibilty for Active Directory user information on Mac (bug #40833) * Fixed an issue with the AIX agent cpu limiting algorithm around fractional cpu allocations (bug #41342) * Fixed an issue with baseline syncing when newlines or tabs are present in relevance (bug #43038, bug #43159 [APAR IV21658]) * Fixed an issue where a corrupted action database could lead to a client crash (bug #49240) * Fixed an issue where clients could evaluate deleted analyses (bug #49396 [APAR IV21236]) * Fixed an issue with the core count inspector on Solaris (bug #49542) * Added a setting to enable faster responses to the post action restart command (bug #50020) * Added a configuration setting for prefetch plugin timeouts (bug #50707) Console/Web Reports * Fixed an issue that could cause excessive memory usage when disk caching is disabled (bug #49115 [APAR IV19810]) Server/Relay * Fixed an issue where using the BESAdmin tool from the command line could create a duplicate LDAP operator (bug #48682) * Fixed an issue where the server_audit.log was not properly updated when running the BESAdmin tool from the command line (bug #48683) * Fixed an issue where Console search using Korean characters did not work properly (bug #48780 [APAR IV19079]) * Added a configuration setting to limit the number of simultaneous relay to relay notifications (bug #48959 [APAR IV18047]) * Add a configuration setting _BESGather_Download_BroadcastPings to control the sending of download and gather pings (bug #49434) * Fixed an issue with the DeleteAction() API method not working properly (bug #49219) * Made a change to ensure no modification of inherited roles if the server is unable to connect to any LDAP server * Fixed a server deadlock issue (bug #49780, bug #50106 [APAR IV23001]) * Fixed a 8.1->8.2 database upgrade issue on servers with case sensitive collation (bug #50188) Localization * Localized installer strings in CHT, KOR, PTB (bug #46292) * Fixed an issue with the Client UI Offer tab no being displayed in Japanese (bug #47774 [APAR IV16010]) SSL Changes * Added support for patched SSL and Cryptography libraries bug #49023) --> http://www-01.ibm.com/support/docview.wss?uid=swg21607116 ========================================= = Changes between 8.2.1093 and 8.2.1175 = ========================================= Client * Fixed an issue Mac OSX IPV6 doesn't work when kernel is running in 64 bit mode (bug #40630) * Fixed an issue where "default web browser" inspector returns error on Windows clients (bug #46641) * Fixled an issue where TEM Client could stop action execution (bug #46690) * Fixed an issue related to the Mac agent using relay affiliation. (bug #47466 [APAR IV15351]) * Fixed an agent crash bug (bug #47530 [APAR IV16780]) * Fixed an issue where Site Level Relevance would not be re-evaluated on startup (bug #47859) * Fixed several issues related to the ClientUI (bugs #48212, #46592 [APAR IV12375], #47095, #48299 [APAR IV16683]) * Fixed an issue causing high CPU Usage for WinXP Clients (bug #46020 [APAR IV12839]) * Added missing portable inspectors for Mac/Unix (bug #46745) * Fixed a potential conflict with Avecto Privilege Guard and BESClientUI (bug #46849 [APAR IV12877]) * Fixed an issue related to high CPU usage on XP systems using the German Locale, with the BES Inventory and License site - Application tracking (bug #47020 [APAR IV15805]) * Fixed an issue where CentOS 6 - OS reported back as "Linux Red Hat 4.4.4-13" instead of CentOS 6. (bug #47204) * Fixed an issue where Mac QnA lost its shell-based line editing commands (bug #47541) * Fixed an issue where individual device notifications not being received by management extenders (bug #45626) * Fixed an issue where the CPU property could return incorrect information in some cases (bug #46304 [APAR IV10820]) Console/Server/Relay * Added support for converting pre-8.2 console users to LDAP console users including all content and permissions (bug #44017) * Added more detailed client event log messaging (bug #11739) * Enabled audit logging for user creation through group membership (bug #46016) * Fixed an issue related to LDAP: Members of "global" groups can't log in when using global catalog (bug #45000) * Fixed an issue where Analysis status on the "Details" tab says: "Deactivated at by Unknown Operator" (bug #45395) * Fixed an issue where applicable computer count includes deleted computers after console restart (bug #46059) * Fixed an issue related to master operator user management permissions when using approvers (bug #46390) * Fixed an issue where Consoles failed to recover from minor connection hiccups to domain controller (bug #46569) * Fixed an issue related to permissions in the ImportXML function (bug #46753) * Fixed an issue where on upgrade from 8.1 to 8.2 console operators could experience error messages from the local console upon first connection attempt (bug #46794 [APAR IV11946]) * Fixed an issue where a user with effective MO permission cannot create properties through XML import (bug #46884) * Fixed a performance issue related to slow Fixlet results queries (bug #46892) * Fixed an issue related to Console TLE on login when actionsite directory doesn't exist on server (bug #47249) * Fixed an issue where NMOs cannot store shared dashboard variables (bug #47270 [APAR IV13216]) * Fixed an issue related to an unexpected error when trying to copy automatic computer groups (bug #47320) * Fixed an issue where "Failed to Remove User: Unexpected server error" would occur when trying to delete users created before 8.2 (bug #47405 [APAR IV14561]) * Fixed several operator permissions issues (bugs #47483, #47589, #47591, #47630, #47646, #47649, #47761, #43812) * Fixed an issue where the count on "Computer Assignments" tab is confusing (bug #47718) * Fixed an issue where the "Grant read permission" stays unchecked after a custom site owner (NMO) enabled it and saved changes. (bug #47762) * Fixed an issue where the "Unexpected Error" dialog could continuously pop up when the operator document of a removed user is open in the Console (bug #47786) * Fixed an issue where a NMO is unable to create a fixlet in a Custom Site (bug #48094) * Enabled searching LDAP with either 'starts with' or 'contains' to enhance performance (bug #48368) * Fixed an issue where clicking on 'Send Refresh' too often could drive up CPU (bug #8352) * Enabled refresh of inherited roles immediately when role group assignments change (bug #44420) * Added number of assigned resources to the role document (bug #44421) * Fixed an issue where upgrading from 7.0.1 could leave indexes in the wrong state, affecting performance (bug #44450) * Fixed an issue where "Master Operator" and "Show Other Operator's Actions" properties are being displayed in different order for operators and roles (bug #44999) * Added source LDAP server information to the user list and document (bug #45028) * Added name of AD group information for role membership inheritance in roles document (bug #45121) * Simplified upgrade experience by not requiring the site admin key for upgrades from 8.2 (bug #45129) * Added "Assignment Type" information to the Users list (bug #45152) * Fixed a potential database deadlock issue. (bug #45701, #46259 [APAR IV11812]) * Fixed an issue which resulted in an unexpected error when entering the wrong password for action approval (bug #46325) * Fixed an issue related to deleting content associated with a deleted NMO (bug #46354) * Added additional permission change information to the server_audit.log (bug #46471) * Fixed inconsistencies in the operator document (bug #46502, #46503) * Added header property inspectors to actions (bug #47137) * Fixed an issue related to processing file downloads (bug #47151) * Fixed an issue related to IE 10 compatibility (bug #47775) * Fixed a potential server memory leak issue (bug #48618 [APAR IV17748]) * Fixed an issue where "Source Role" does not display all roles assigned to a user (bug #48410) * Improved hide/unhide content performance (bug #47327) * Fixed an issue related to validating logins containing backslash characters (bug #47019 [APAR IV12601]) * Fixed an issue where components no action selected in a baseline cannot be synced (bug #47407 [APAR IV13926]) * Fixed an issue related to escaping HTML characters in role names in the user document (bug #48365) * Fixed an issue related to relay site gathering (bug #48691) Localization Changes * Localization and translation fixes for several languages/components Web Reports * Added account lockout settings for Web Reports (bug #21192) * Fixed an issue related to a login error in Web Reports when an AD user has '/' in OU path (bug #45748) * Fixed an "Unknown Operator" error issue in Web Reports (bug #46921) * Fixed a potential crash issue in Web Reports (bug #47309 [APAR IV15356]) * Fixed an issue where the Computer Groups column was not being properly displayed (bug #46920 [APAR IV17548]) * Fixed an issue where Web Reports displays incorrect number of Administrable Computers for users with a Master Operator role (bug #47910) * Fixed an issue related to errors viewing the "Action List" report when it contains an action created by a deleted user (bug #46367 [APAR IV13798]) BESAdmin * BESAdmin /preinstall shouldn't show a message box on silent upgrades (bug #45906) * Added a BESAdmin comand line option to convert local console users to LDAP users (bug #47604) ========================================= = Changes between 8.2.1079 and 8.2.1093 = ========================================= Client * Fixed an issue where relay selection could fail from ICMP loss on Windows 7 in rare situation. (45113) * Fixed an issue with Windows 2000 leaking handles (46475). * Fixed a race condition that would cause Clients to miss UDP messages if they were currently busy processing a previous request. (46527) * Fixed an issue with offers in the Client UI where the action links where not being displayed. (46629) * Fixed an issue with the Mac OS Lion (10.7) agent leaking memory when using the inspector. This does not affect the commonly used or inspectors. (46457) * Fixed an issue where the Mac Lion (10.7) Client UI could crash for Active Directory users. (46655) * Fixed an issue with the OS property reporting RedHat Enterprise Linux 4 for certain flavors of RedHat Enterprise Linux 6 Workstation. (46521) * Fixed an issue with the Solaris and AIX agent installs when using symbolic links for the installation directories. (46586 & 46625) Console * Fixed an issue with the CreateCustomSite call in the Wizard API where it would fail when reusing a sitename that was previously deleted. (46649) Server and Relay * Fixed an issue with the Server and Relays that would cause them to crash if Dynamic Bandwidth Throttling was enabled. (46590) * Fixed an issue where deleting a master operator would result in the error message "class X509VerifyError<10>" if the master operator had assigned non-master operators to be the owner of a custom site. (44940) * Fixed an issue with the AIX relays where you could not assign one AIX relay to be the child of another AIX relay. (46593) ========================================= = Changes between 8.2.1078 and 8.2.1079 = ========================================= Server/Relay * Server / Relay crash caused by enabling dynamic bandwidth throttling (#46590) ========================================= = Changes between 8.1.617 and 8.2.1078 = ========================================= Provisioning and Authentication Changes * Added AD/LDAP provisioning and authentication of Console users * Added Role-based user permission management for Console users * Added the ability to create users in the Console * Added the ability to set password policies for Console users * Added the ability to reset passwords for Console users Localization * Added localization support for Brazilian Portuguese, Korean, Traditional Chinese Server * Added log rolling for FillDB logs * Fixed an issue which prevented users from taking actions from baselines imported through the ServerAPI (issue #39080) * Fixed an issue which could result in a database error when attempting to create a replicated database with case-sensitive collation (issue #38972) * Fixed an issue where deleted custom content was not removed from the database (issue #39094) * Enhanced process of adding/removing relays to automatically propagate updated information to clients (issue #4905) * Fixed an issue where FillDB was not properly discarding unneeded action results (issue #40592) Console * Added the ability to create custom copies of single actions * Added more robust handling of server communication errors * Updated detail tabs to include issuer, issue date, last editor and last edit date information * Updated user documents updated to show operator ownership/read/write permissions on sites * Updated Computers list to display non-universal analysis properties * Updated Offer UI to show individual component names within a multiple action group * Enabled folder structure in external sites * Updated the computer document view to show a Fixlets and Tasks tab * Fixed an issue which prevented copy/paste key combinations from being used in the preview action script view (issue #20888) * Fixed an issue where the GatherDB process could fail to get site gathers when URLMon is disabled (issue #40537) Web Reports * Updated Explore Computer columns filter as you type to include analysis names * Added URL, source IP, username and authentication status to Web Reports log * Implemented an API to create wake-on-lan requests * Fixed an issue where assets were being displayed twice in the Single Unmanaged Asset report (issue #24142) * Updated Web Reports to support filtering lists of computer groups (issue #37134) * Fixed an issue where read-only users could not delete their own reports (issue #41014) * Fixed an issue where content in operator sites may not show up if refreshes are disabled (issue #40962) Client * Added client support for the following platforms: o AIX 7.1 (PowerPC) o Mac OS X 10.7 (Intel) o RHEL 6 (x86/x64) o RHEL 5 on s390x (zLinux) o RHEL 6 on s390x (zLinux) o SUSE 10 on s390x (zLinux) o SUSE 11 on s390x (zLinux) o Windows Embedded 7 (x86) * New Client Inspectors: o Added inspector to return last time an agent received a UDP message o Added 'architecture of ' inspector o Added 'sha1 of ' inspector o Added Active Directory domain inspector o Added application usage inspectors for virtual applications on Windows (App-V) o Added power mode inspector for Mac OS o Added build target inspector o Added processor count inspectors for non-Windows agents o Added AIX OSLevel inspector o Added AIX APAR inspectors o Added AIX RPM inspectors o Added Linux GRUB inspectors o Added inetadm inspector for Solaris 10 * New Action Commands: o Added 'override' syntax which provides new option to wait until all sub-processes complete before returning from a wait or run command * Updated the 'extract' command to support extracting to a destination directory * Performance improvements for multiple action groups on command-polling agents * Added support for power savings mode on Linux/Unix * Fixed an issue where the RPM inspector could encounter deadlocks with the RPM database (issue #17073) * Modified AIX fileset inspector to prevent collisions (issue #18899) * Fixed an issue where the prefetch sha1 command was not properly cpu throttled (issue #23297) * Fixed an issue where Core 2 Duo processors were being reported as Pentium 3 (issue #25386) * Modified CPU family name inspector on Mac OS to return more detailed information for Intel based systems (issue #26987) * Updated firewall inspectors to be compatible with Windows 7 (issue #30214) * Fixed an issue where disabling power history may cause other power event messages to be ignored (issue #34065) * Fixed an issue where power history may exceed default 14 day history window (issue #36532) * Fixed an issue where terminating an agent running a sub-action could lead to unexpected behavior (issue #39970) * Fixed an issue where the move command could fail in certain situations without retry (issue #40177) * Fixed an issue where Unix swap inspectors were returning invalid results on certain systems (issue #40560) * Fixed an issue where the HP-UX CPU inspector incorrectly reports PA-RISC on IA64 systems (issue #40564) * Fixed a performance issue related to the 'AD user of domain users' inspector (issue #40603) * Fixed an issue where the xml document inspector could not read files from the system folder on x64 Windows systems (issue #40840) * Fixed an issue where the SuSE agent could fail to start because of a missing dependency (issue #21249) * Fixed an issue where the client could exceed its CPU usage in the first few minutes immediately after installation (issue #26076) Relay * Added relay support for the following platforms: o AIX 5.3 (PowerPC) o AIX 6.1 (PowerPC) o AIX 7.1 (PowerPC) o RHEL 6 (x86/x64) o SUSE 11 (x86/x64) * Fixed an issue where the Relay could crash when set to use SSL without a valid SSL certificate (issue #17089) Client UI * Added ability to 'Accept All' on multiple offers * Added 'Dismiss' option * Added ability to use client-side relevance substitution in offers * Modified behavior to prevent Client UI from taking focus from active full-screen applications (issue #28443) * Modified progress entries in Client UI to show a single progress bar for multiple action groups and baselines (issue #25081) Installers * Fixed an issue where the installer would prevent Web Reports from being installed stand-alone on a Relay computer (issue #37460) * Fixed an issue preventing installation of the 8.1 client after running besremove.exe to remove a client at version 7.2.4.60 (issue #40571)