=========================================== = Changes between 9.2.21.22 and 9.2.22.23 = =========================================== Security enhancements: Issue BFP-19718 - CVE-2020-1971 Issue BFP-19600 - CVE-2020-13434, CVE-2020-13435, CVE-2018-20505, CVE-2019-19645 Issue BFP-19541 - CVE-2020-14281 Issue BFP-20207 - CVE-2021-23840 DAs addressed: Issue BFP-20058 - Web Reports 9.2.21 with scheduled activities crash at startup =========================================== = Changes between 9.2.20.25 and 9.2.21.22 = =========================================== Issue BFP-18340 - Removed Flash Player dependency from Web Reports Overview page =========================================== = Changes between 9.2.19.18 and 9.2.20.25 = =========================================== Security enhancements: Issue BFP-15059 - CVE-2010-4207, CVE-2010-4208, CVE-2010-4710, CVE-2012-5881, CVE-2012-5882, CVE-2012-5883 Issue BFP-16548 - CVE-2015-6908 Issue BFP-15060 - CVE-2019-11358 Issue BFP-15056 - CVE-2020-4095 Issue BFP-17234 - CVE-2017-12652, CVE-2010-1205 Issue BFP-15728 - CVE-2019-5435 Issue BFP-17216 - CVE-2020-11022, CVE-2020-11023 =========================================== = Changes between 9.2.18.19 and 9.2.19.18 = =========================================== Security enhancements: Issue BFP-14444 - CVE-2019-1547, CVE-2019-1563 =========================================== = Changes between 9.2.17.28 and 9.2.18.19 = =========================================== Security enhancements: Issue BFP-11784 - CVE-2018-16839, CVE-2018-16842, CVE-2018-16840 Issue BFP-11850 - CVE-2018-2005 Issue BFP-11914 - CVE-2019-4011 Issue BFP-11915 - CVE-2019-4058 Issue BFP-12325 - CVE-2019-3822, CVE-2019-3823, CVE-2018-16890 Issue BFP-12502 - CVE-2019-1559 =========================================== = Changes between 9.2.16.6 and 9.2.17.28 = =========================================== Security enhancements: Issue BFP-11529 - CVE-2012-5883 CVE-2012-6708 CVE-2015-9251 (APARS IJ09720 and IJ09102) Issue BFP-11785 - CVE-2018-5407 Issue BFP-376 - CVE-2017-1231 APARs addressed: Issue BFP-12022 - APAR IJ12782 - BIGFIX CLIENT DOES NOT RUN ON SOME WINDOWS CONFIGURATION NOT IN ENGLISH =========================================== = Changes between 9.2.15.15 and 9.2.16.6 = =========================================== Security enhancements: Issue BFP-10557 - CVE-2018-0732 Issue BFP-11851 - CVE-2018-0737 Issue BFP-11298 - CVE-2018-14618 Issue BFP-11786 - CVE-2018-1000301 APARs addressed: Issue BFP-11110 - APAR IJ09056 - BIGFIX CLIENT CAN SLOWING DOWN WHEN CPU CONTROL CLIENT SETTINGS ARE ACTIVE =========================================== = Changes between 9.2.14.10 and 9.2.15.15 = =========================================== Security enhancements: Issue BFP-10555 - CVE-2018-0739 Issue BFP-397 - CVE-2018-1474 Issue BFP-393 - CVE-2018-1476 Issue BFP-391 - CVE-2018-1478 Issue BFP-403 - CVE-2018-1480 Issue BFP-402 - CVE-2018-1481 Issue BFP-401 - CVE-2018-1484 Issue BFP-395 - CVE-2018-1485 APARs addressed: Issue BFP-10241 - APAR IJ05494 - ON AIX, THE CPUPACKAGE INSPECTOR MAY RETURN INCORRECT VALUES =========================================== = Changes between 9.2.13.7 and 9.2.14.10 = =========================================== Security enhancements: Issue 162641 - CVE-2018-1471 Issue 162645 - CVE-2018-1473 Issue 162651 - CVE-2018-1479 Issue 162652 - CVE-2018-1475 APARs addressed: Issue 164883 - APAR IJ02231 - CONSOLE ERROR IMPORTING A PACKAGE IN SOFTWARE DISTRIBUTION DASHBOARD Issue 162778 - APAR IJ02721 - UPLOADED CLIENTS FILES CAN BE OVERWRITTEN WITH AN OLDER VERSION OF THE SAME FILES IF DSA IS CONFIGURED Issue 161886 - APAR IJ03578 - BESCLIENT V9.2.0.375 SOLARIS 10-11 MISSING DEPENDENCIES =========================================== = Changes between 9.2.12.18 and 9.2.13.7 = =========================================== Security enhancements: Issue 154050 - CVE-2017-3735 Issue 154062 - CVE-2017-1000100 Issue 156914 - CVE-2017-1000254 =========================================== = Changes between 9.2.11.19 and 9.2.12.18 = =========================================== Security enhancements: Issue 141427 - CVE-2017-1218 Issue 141754 - CVE-2017-1220 Issue 141756 - CVE-2017-1222 Issue 141254 - CVE-2017-1225 Issue 149246 - CVE-2017-1521 Issue 141764 - CVE-2017-1226 Issue 141257 - CVE-2017-1228 Issue 141762 - CVE-2017-1230 Issue 141256 - CVE-2017-1232 APARs addressed: Issue 154274 - APAR IJ00274 - FILLDB PERFORMANCE DEGRADATION, DUE TO LONG TIME REPORT PARSING Other Bugs fixed: Issue 150129 - Setting from the obf file is not removed when a delete action from the console is received Issue 155376 - Webui-common gathering Enhancements to improve performance bottlenecks =========================================== = Changes between 9.2.10.25 and 9.2.11.19 = =========================================== Resigning of Mac Clients with new certificates Security enhancements: Issue 140742 - CVE-2016-9840 Issue 141763 - CVE-2017-1203 Issue 141767 - CVE-2017-1219 APARs addressed: Issue 141580 - APAR IV94874 - BESCLIENT DOES NOT STOP IN SOME SOLARIS ZONE ENVIRONMENTS Issue 145302 - APAR IV91151 - SUN SOLARIS 10/11 BES 9.5.3 GOES INTO MAINTENANCE MODE AFTER STOP Issue 146876 - APAR IV97175 - BIGFIX CLIENT ON MAC CANNOT BE INSTALLED BECAUSE THE SIGNING CERTIFICATE EXPIRED =========================================== = Changes between 9.2.9.36 and 9.2.10.25 = =========================================== IBM BigFix Platform 9.2.10 is a patch release with Security enhancements and APAR fixes. Security enhancements: Issue 138529 - CVE-2016-0729 Issue 138527 - CVE-2016-8617 Issue 138524 - CVE-2016-8624 Issue 138522 - CVE-2016-8621 Issue 139186 - CVE-2017-1227 APARs addressed: Issue 136121 - APAR IV87527 - DSA REPLICATION MAY FAIL ON TABLE SITE_LISTINGS IF THE SITE CONTENT LIST IS GREATER THAN 1MB Issue 139310 - APAR IV91140 - WITH AN HUGE UPLOAD ACTIVITY, THE FILLDB 'SCAN ALL' TASK DOES NOT RESPECT THE CONFIGURED EXECUTION INTERVAL Issue 139314 - APAR IV92549 - MISLEADING ERROR MESSAGE WHEN THE INSPECTOR EVALUATING THE RELEVANCE IS INTERRUPTED Issue 137365 - APAR IV93015 - BIGFIX DOMAIN ICONS IN WEBREPORTS HOME PAGE ARE NOT DISPLAYED USING INTERNET EXPLORER Issue 136985 - APAR IV93053 - THE EMAILS SENT FROM BIGFIX WEB REPORTS MIGHT CONTAIN GARBLED CHARACTERS IN THE SUBJECT Issue 139293 - APAR IV93392 - RELAY DIAGNOSTICS PAGE NOT WORKING PROPERLY WITH SOME BROWSERS Issue 139313 - APAR IV93421 - WEB REPORTS ROLE FILTER NOT APPLIED CORRECTLY Issue 140298 - APAR IV94229 - SYMBOLIC LINKS ARE DELETED DURING AIX UPGRADE =========================================== = Changes between 9.2.8.74 and 9.2.9.36 = =========================================== Update to OpenSSL 1.0.2j to address vulnerabilities in previous OpenSSL versions APARs addressed: Issue 72628 - APAR IV88507 - SOME OF THE JAPANESE PART ON THE CONSOLE CHANGED TO ENGLISH AFTER THE CUSTOMER UPGRADE TO 9.2.8. Issue 72707 - APAR IV88690 - THE REMIND MESSAGES ON THE TARGET CLIENT UI ARE NOT CORRECT IN JAPANESE LANGUAGE. Issue 72833 - APAR IV88976 - DEVICE TYPE IS REPORTING "DESKTOP" ON IBM SERVER BLADECENTER HS21 CHASSIS. Issue 72834 - APAR IV88992 - FILTERING ON SOURCE FIXLET'S SITE OF SOME ACTIONS IN WEBREPORTS DOES NOT WORK. Issue 72835 - APAR IV89217 - A MESSAGE ON THE CLIENT UI HAVE INCORRECT MEANING IN A JAPANESE ENVIRONMENT. Issue 131521 - APAR IV80816 - UNCLEAR ERROR MESSAGE IN AIR GAP TOOL Other Bugs fixed: Issue 131154 - event log inspectors generates an error Issue 131167 - add version and exit to admin tool cli tracing ... Issue 131169 - add serviceability tracing for some Requirement failure errors ... Issue 131420 - virtualizer of regapps statement crashes qna relevance debugger =========================================== = Changes between 9.2.7.53 and 9.2.8.74 = =========================================== Update to OpenSSL 1.0.1t to address vulnerabilities in previous OpenSSL versions APARs addressed: Issue 65820 - APAR IV83833 - PROPERTY "DEVICE TYPE" NOT REPORTING CORRECTLY Issue 67486 - APAR IV73105 - IEM SERVER ON LINUX PLATFORM DOES NOT WORK WHEN 1024+ FILE DESCRIPTORS ARE REQUIRED. Issue 68784 - APAR IV81076 - BES CLIENT IS NOT ABLE TO START ON POLISH WINDOWS 2003 SP2 OR LATER Issue 70039 - APAR IV80898 - ERROR PREPARING ITEMIZED DOWNLOAD REQUEST WHEN USING A PREFETCH BLOCK Issue 70624 - APAR IV83128 - FIXLET DEBUGGER INCONSISTENT RESULTS WHEN RUNNING SCRIPTS NOT HAVING FULL PATH Issue 70733 - APAR IV83416 - CLIENTS DO NOT INTIATE AUTOMATIC RELAY SELECTION AFTER THEY DETECT A POSSIBLE NETWORK EVENT Issue 70857 - APAR IV81823 - CLIENTS CONNECTED TO AN AUTHENTICATING RELAY THAT ATTEMPT TO USE DIRECT DOWNLOAD FAIL TO DOWNLOAD. Issue 70952 - APAR IV82622 - SOLARIS AGENT GENERATING MASSIVE AUDIT LOGS Issue 71153 - APAR IV83294 - EXCESSIVE OVERHEAD WITH BES REST API Issue 71289 - APAR IV82129 - CONSOLE PREFERENCE 'MARK AS OFFLINE AFTER' SETTING ISSUE Issue 71419 - APAR IV83326 - UNEXPECTED RESULTS FROM SQLITE DATABASE INSPECTOR Issue 71457 - APAR IV84286 - BES CLIENT DOESN'T START ACTION EXECUTION EVEN IF DOWNLOADS ARE AVAILABLE Issue 71616 - APAR IV83690 - BESCLIENT.EXE 9.2.7.53 CANNOT CHANGE ANY CPM 11 SP1 SETTING Issue 71707 - APAR IV83671 - UPLOADS TABLE NOT PROPERLY UPDATED ON DEPLOYMENT WITH A HUGE NUMBER OF UPLOADED FILES Issue 71710 - APAR IV85244 - USER AGENT NOT ALWAYS SET TO THE VALUE SPECIFIED WITH _GATHERSERVICE_FORWARDGET_USERAGENTOVERRIDE Issue 71921 - APAR IV84244 - INSPECTOR "DACLS OF SECURITY DESCRIPTORS" RETURNS NULL CHARACTERS IN OUTPUT AS ("%00") Issue 71982 - APAR IV84565 - NOT POSSIBLE TO LOGIN TO BES CONSOLE WITH LDAP USERS HAVING DISTINGUISHED NAMES GREATER THAN 255 CHARACTERS Issue 72197 - APAR IV85374 - CLIENT RECURSIVE DELETING HAS TO BE ABLE TO HANDLE A SYMLINK Issue 72298 - APAR IV85598 - NON MASTER OPERATORS WITHOUT CUSTOM CONTENT CREATION AUTHORITY ARE NOT ABLE TO CREATE MANUAL GROUPS. Other Bugs fixed: Issue 69719 - Admin inspector does not seem to behave as it should Issue 69796 - Align accountLockoutDurationSeconds with Windows recommendation Issue 70662 - Update Archive capabilities in 9.2 agents for 9.5 compatibility Issue 72123 - Cannot authenticate with SAML when Referrer check is enabled Issue 72157 - CentOS 7.2 - Perl error starting Relay Issue 72241 - Cancelling server installer "in need of reboot" causes installer to crash Issue 72279 - SAML: Authentication Certificate is invalid when added from file ========================================== = Changes between 9.2.6.94 and 9.2.7.53 = ========================================== IBM BigFix Platform 9.2.7 is a patch release focusing mainly on APAR fixes. It includes: * Support for the BigFix agent running on RHEL 7.1 - The 9.2.7 RHEL agent has been certified to run on RHEL 7.1 * Support for the BigFix relay running on Windows - The 9.2.7 Windows relay has been certified to run on Windows 10 * New Inspectors for Linux to enable SCAP 1.2 certification for RHEL * Update to OpenSSL 1.0.1q to address vulnerabilities in previous OpenSSL versions APARs addressed: Issue 67065 - APAR IV72600 - "PARAMETER MAY NOT ALREADY BE DEFINED" ERROR OCCURS WITH TEMPORAL DISTRIBUTION TURNED ON. Issue 69675 - APAR IV72913 - OVERVIEW REPORT HTTP 500 ERROR GENERATING PRINTABLE VERSION Issue 68593 - APAR IV75853 - REST API QUERY RELEVANCE NOT WORKING ON INTERNET EXPLORER Issue 68380 - APAR IV75991 - REMOVE FILTER IN WEB REPORTS FOR UNMANAGED ASSETS Issue 68904 - APAR IV76583 - ERROR ON CONSOLE CLICKING A FIXLET OR TASK. DIAGNOSTIC MESSAGE: NOSUCHSITE Issue 69362 - APAR IV77648 - RHEL (5) MACHINES' USERS ARE GETTING LOCKED OUT WHEN RESTARTED Issue 69251 - APAR IV77666 - "SOCKETS OF NETWORK" INSPECTOR UNABLE TO GET INFORMATION FOR BESCLIENT ON LINUX Issue 66950 - APAR IV78592 - CONSOLE SLOWNESS AND SERVER MEMORY PEAKS DUE TO CERTIFICATES ACCUMULATION Issue 66346 - APAR IV78593 - RPM INSPECTORS NOT SYNCRONIZED TO OPERATING SYSTEM ACTUAL STATUS Issue 69032 - APAR IV78973 - DSA REPLICATION FAILS ON DB2 WITH ERROR SQL0302N ( VALUE OUT OF RANGE ) Issue 69817 - APAR IV78981 - CONSOLE CRASHES CLOSING "MANAGED PROPERTIES" PANEL Issue 70157 - APAR IV79344 - BES ROOT SERVER MAY CRASH IF THE DIMENSION OF THE SERVER AUDIT LOG IS TOO BIG. Issue 70149 - APAR IV79356 - SINGLEACTION WITH SOURCEFIXLET THROWS A NOSUCHFIXLETACTION EXCEPTION Issue 69165 - APAR IV79418 - BIGFIX CLIENT WILL NOT STAY RUNNING ON SOME AIX 7.1 SERVERS Issue 69716 - APAR IV79422 - UNABLE TO IDENTIFY IN THE LOGS THE INCORRECT ADVERTISEMENT LIST Issue 70275 - APAR IV79431 - 9.2.6 - WINDOWS CLIENT DOES NOT START AUTOMATICALLY AFTER THE INSTALLATION Issue 70344 - APAR IV79787 - TLS 1.0/1.1 NOT DISABLED ON PORT 52315 BY ENHANCED SECURITY Issue 70116 - APAR IV79828 - ON WINDOWS INSTALLATIONS, DSA SERVERS DON'T REPLICATE SWD BINARY FILES Issue 70360 - APAR IV79925 - UPDATE OF WINDOWS CLIENTS TO 9.2.6 FAILS ON WIN COMPUTERS WITH 8DOT3NAME CREATION DISABLED. Issue 70635 - APAR IV80341 - EMPTY RESULT FOR "LOCKED" BUILT-IN PROPERTY CAUSES CONSOLE CRASH Issue 67456 - APAR IV80342 - WEB REPORT COMPUTERS PROPERTIES FILTER DOES NOT WORK PROPERLY IF NON-RELEVANT RESULTS' FEATURE DISABLED. ========================================== = Changes between 9.2.5.130 and 9.2.6.94 = ========================================== IBM BigFix Platform 9.2.6 is a patch release with new and changed features and with fixes for APARs and general bugs Features added or changed: * Platform rebranding to IBM BigFix - The Console, Installers, and Content have replaced the string "IBM Endpoint Manager" with "IBM BigFix" * WebUI enablement - Platform changes have been made to enable IBM BigFix WebUI 1.0 * SAML 2.0 authentication support for users in Web Reports and WebUI - Two-factor authentication like CAC/PIV is supported via a SAML Identity Provider - More information can be found at this URL: https://www.ibm.com/developerworks/community/wikis/home/wiki/Tivoli%20Endpoint%20Manager/page/SAML%20V2.0%20Authentication%20SupportInformation * Support for the BigFix agent running on Mac OS X 10.11 "El Capitan" - The agent has been updated to function with new the Mac OS X "El Capitan" security feature - SIP * BigFix server upgrade improvements - Users get better feedback in the UI on the progress and status of upgrade - For most customers, 9.2.6 upgrade will take less time than 9.2.5 and earlier upgrades - The upgrade is more resilient to data migration errors APARs addressed: Issue 60841 - APAR IV54436 - CUSTOM PROPERTY UPDATE IN THE IEM CONSOLE CAN CAUSE DUPLICATE COLUMNS IN SAVED REPORTS THAT USE THE PROPERTY Issue 65505 - APAR IV67264 - INABILITY TO EXTRACT INFORMATION FROM "METABASE" INSPECTOR FOR IIS 7.5, 8.0 Issue 65700 - APAR IV68002 - ON IEM CONSOLE, DURING FIXLET CREATION, ACTION SETTINGS LOCKS CANNOT BE SELECTED. Issue 67508 - APAR IV73263 - SOLARIS CLIENT DOES NOT AUTOMATICALLY START AFTER REBOOT Issue 67884 - APAR IV74168 - INCORRECT ACTION START TIME IN A LOCALIZED DEPLOYMENT Issue 67982 - APAR IV74665 - AGENT FAILS TO REGISTER DUE TO A MULTIBYTETOWIDECONVERTERROR ON LINUX SERVER/RELAY Issue 67963 - APAR IV74761 - ACTION PARAMETER QUERY HAS A LIMIT OF 1024 BYTES STRING Issue 68201 - APAR IV74762 - INCORRECT URI VALUE FOR LDAPDIRECTORY RESOURCE FIELD FROM LDAPDIRECTORIES REST API Issue 68207 - APAR IV74768 - ON LINUX, WEBREPORTS CRASH IF LANG VARIABLE IS NOT SET Issue 68138 - APAR IV74789 - DATABASE ERROR ON BES ADMINISTRATION TOOL DURING ENCRYPTION CONFIGURATION Issue 68083 - APAR IV74995 - AD/LDAP ACCOUNT LOCKED SPECIFYING A WRONG PASSWORD WHEN MULTIPLE AD/LDAP BACKUP SERVERS ARE CONFIGURED. Issue 68437 - APAR IV75260 - ERROR OCCURS RUNNING "READERS OF BES SITE" SESSION RELEVANCE QUERY Issue 68563 - APAR IV75576 - LDAP OPERATORS CANNOT BE ADDED IF A BACKUP LDAP SERVER IS UNREACHABLE Issue 68725 - APAR IV75779 - UPGRADE TO 9.2.5 FAILS RESIGNING SITES Issue 68662 - APAR IV76004 - WINDOWS CLIENT CAN NOT GET THE "START TYPE" OF SERVICES IN QNA VERSION 9.2.5.130 Issue 68786 - APAR IV76009 - LINUX IEM WEBREPORTS SHOW ALL THE STRINGS IN ENGLISH, EVEN IF INSTALLED ON A SYSTEM WITH DIFFERENT LANGUAGE Issue 68565 - APAR IV76085 - INVALID CONTENT GENERATES A FAILURE DURING UPGRADE TO IEM 9.2.5 Issue 66813 - APAR IV76841 - SOME RELAYS MAY BECOME UNRESPONSIVE AFTER DISABLING THE MLE REPORT ENCRYPTION Issue 69034 - APAR IV77986 - MISLEADING GERMAN TRANSLATION WHILE RUNNING AN ACTION Issue 69549 - APAR IV78020 - EXCEPTION INVALIDFILEATTRS LOGGED IN FILLDB LOG FILE Issue 69608 - APAR IV78213 - UPGRADE TO 9.2.5 FAILS WITH INVALIDTEXTENCODING EXCEPTION Issue 69698 - APAR IV78344 - DOWNLOADS FROM MICROSOFT, THROUG A PROXY, OVER HTTPS MAY FAIL Other Bugs fixed: Issue 46963 - "TakeFixletAction" with computer Ids (needed for QRader integration) Issue 68675 - coinitialize on console qna (fixes QNA regression in 9.2.5 Issue 69067 - files BESAdminDebugOut*.txt not easily readable Issue 68771 - for Win 10 LTBS, "unknown" returned for "product info string of operating system" Issue 68843 - Win10 version of file inspector returns wrong value Issue 69336 - Creation time inspector returns incorrect result for fixlet edited through RESTAPI Issue 69210 - Server UpgradeFixlet not relevant for MSSQL service version Security Vulnerabilities addressed by new version (1.0.1p) of OpenSSL: CVE-2015-1788 - Malformed ECParameters causes infinite loop CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent CVE-2015-1791 - Race condition handling NewSessionTicket CVE-2015-4000 - "Logjam" vulnerability (Use of weak Diffie-Hellman key exchange protocol) Known Issues in 9.2.6: Issue 69879 - If SAML has just been enabled or disabled, a malformed URL can be created when launching Web Reports from the Console Workaround: In the BFEnterprise database, go to the table dbo.AGGREGATEDBY and the Column WebReportsURL, then look through the rows for the malformed URL. Here is an example of such malformed URL: https://[http:/bigfixexample.ibm.com:52311]:8080/webreports The URL should be: https://bigfixexample.ibm.com:8080/webreports You need to remove the extraneous brackets, protocol identifier, and port number. Issue 69780 - If WebUI is enabled, _WebReports_HTTPRedirect_PortNumber default creates a conflict Workaround: Set _WebReports_HTTPRedirect_PortNumber to use something besides port 80 Issue 69007 - A user not defined as Web Reports users cannot login with SAML Action to take: In Web Reports, import the LDAP user to define it as a Web Reports user. (If the user has already tried to login into Web Reports and the browser only provides an option to reauthenticate, the user should quit the browser and clear the cache.) Issue 69642: TriggerClientUI function does not work when called directly on Mac OS El Capitan Workaorunds: Invoke it via TriggerClientUI.app/Contents/MacOS/TriggerClientUI . And Customers using Client Dashboard can access it via the icon tray option. Issue 69297 - Scripts can fail if they use Realm in RESTAPI HTTP Basic authentication and assume it is "IBM Endpoint Manager Server" Description of Issue: With Rebranding in 9.2.6, Realm in 9.2.6 HTTP Basic authentication in RESTAPI has changed from "IBM Endpoint Manager Server" to "IBM BigFix Server". Recommended action to take: Users with scripts should no longer depend on a hard-coded definition of Realm. Alternative action (not recommended): Change it to match the new value. Issue 69892 - If SAML is enabled, MO LDAP user can login through RESTAPI (should be disabled) Issue 69000 - When IBM AppScan scans a Linux WebReports instance some SQL0930N errors are logged in BESRelay.log Issue 69428 - Rebranding: Some references to TEM and Tivoli remain in Health Dashbiard tips ========================================== = Changes between 9.2.4.2 and 9.2.5.130 = ========================================== Features added: Feature: 67691 - Enable Windows agents support for Windows 10. (Previous agents (before 9.2.5) will not work correctly on Windows 10.) Feature: 67185 - Add an action summary dialog in the console (If the Advanced Deployment Option "requireConfirmAction" is set to "true", summarize action and ask for user confirmation.) Feature: 65939 - The Windows QnA.exe binary is now a command line application and is bundled with the agent installer. (The Fixlet Debugger does not change.) Feature: 67253 - Installers and fixlets now enforce the minimum supported Microsoft SQL Server (2008) on Windows. APARs addressed: Issue: 66854 APAR: IV71663 APAR Description: "REGAPPS" INSPECTOR MAY FAIL FOR INVALID FILE LOCATIONS Issue: 66694 APAR: IV71565 APAR Description: AGENT CRASH FROM INSPECTING AN INVALID SECURITY DESCRIPTOR Issue: 65418 APAR: IV71504 APAR Description: MAILBOX ACTIONS CAN SOMETIMES BE GATHERED MORE THAN ONCE AND POSSIBLY RECREATED Issue: 66800 APAR: IV71341 APAR Description: AGENTS FAIL TO EVALUATE CONTENT USING "DEBIANPACKAGE" INSPECTOR Issue: 66239 APAR: IV71100 APAR Description: CPU SPIKE WHEN FETCHING LARGE AMOUNTS OF AD GROUP DATA Issue: 66148 APAR: IV70671 APAR Description: THE BES CONSOLE IS UNRESPONSIVE AND HANGS FOR SOME MINUTES Issue: 66009 APAR: IV70596 APAR Description: RHEL 5 MACHINES FAILED RELEVANCE CHECK: SYMLINKS WAS MOVED FROM /USR/LIB TO /USR/LIB64 Issue: 66311 APAR: IV70507 APAR Description: FAILURE CAN OCCUR TRYING TO ADD AN LDAP SERVER WITH AN HUGE NUMBER OF USER AND GROUPS Issue: 66449 APAR: IV70426 APAR Description: NON MASTER OPERATORS WITHOUT EXPLICIT PERMISSION TO "CREATE ACTION" CANNOT USE "TAKE DEFAULT ACTION" Issue: 65702 APAR: IV70425 APAR Description: SIGNEDDATAVERIFICATIONFAILURE ON ATTRIBUTE 'LASTLOGINTIME' Issue: 63513 APAR: IV69850 APAR Description: COUNT OF CPUPACKAGE RETURNS TOTAL THREADS INSTEAD OF TOTAL SOCKETS (CPUS) FOR A SPARC T5 MACHINE Issue: 65904 APAR: IV69845 APAR Description: AGENT MAY CRASH USING THE "SERVICE" INSPECTOR Issue: 65921 APAR: IV69764 APAR Description: "KEEP USER INTERFACE TOPMOST" DOES NOT WORK ON ALL WINDOWS VERSIONS Issue: 65565 APAR: IV69552 APAR Description: IEM CLIENTS CAN LOSE AD INFORMATION IN THEIR CACHES Issue: 65974 APAR: IV68979 APAR Description: WEBREPORTS CRASHES IF REPORT GENERATION EXCEEDS MEMORY CAPACITY Issue: 65656 APAR: IV68691 APAR Description: RELEVANCE BASED ON COMPUTER GROUPS DISAPPEARS EDITING AN EXISTING ANALYSIS. Issue: 65831 APAR: IV68384 APAR Description: UNABLE TO REGISTER DEVICES DUE TO "_ENTERPRISE SERVER_CLIENTREGISTER_MAXCHILDRELAYCOUNT" Issue: 65247 APAR: IV68086 APAR Description: DYNAMIC DOWNLOADS FAIL FOR 9.1 (OR GREATER) AGENTS IN A 9.0 ENVIRONMENT Issue: 65792 APAR: IV68038 APAR Description: SIGNEDDATAVERIFICATIONFAILURE ON ATTRIBUTE 'GUID' WITH LINUX SERVER AND AD AS GENERIC LDAP SERVER Issue: 65747 APAR: IV67804 APAR Description: IEM SERVER INSTALLATION ON LINUX HANGS WHILE CHECKING AVAILABLE DISK SPACE Issue: 65535 APAR: IV67128 APAR Description: MISSING TRANSLATION OF "ALLOW CREATION OF NEW PUBLIC FILTERS REPORTS AND LABELS" WHEN CREATE ROLE IN WEB REPORT. Issue: 61221 APAR: IV65696 APAR Description: WEBREPORTS ""OPERATOR LIST" REPORT ALWAYS INDICATES THAT THE REPORT IS NOT UPDATED Issue: 53460 APAR: IV65248 APAR Description: BUTTON TEXT WRONGLY DISPLAYED WHEN CLIENT OS LANGUAGE IS SPANISH Issue: 64436 APAR: IV64317 APAR Description: ISSUE ADDING MULTIPLE FILES WITH THE SAME NAME TO THE SAME CUSTOM SITE Issue: 54915 APAR: IV62836 APAR Description: ACTIVATED AN ANALYSIS GLOBALLY WEB REPORTS BASED ON THAT ANALYSIS ARE BROKEN Issue: 65692 APAR: IV29630 APAR Description: TEM NOT PICKING UP CPU AND CORE COUNTS CORRECTLY Issue: 66864 APAR: IV71862 APAR Description: BESCOMPUTERREMOVER TOOL INCORRECTLY DELETE COMPUTER ENTRIES Issue: 67002 APAR: IV72032 APAR Description: IEM CONSOLE CANNOT CONNECT TO IEM SERVER ON LINUX DUE TO CODEPAGE MISMATCH ERROR Issue: 66861 APAR: IV72288 APAR Description: COMPLETION MESSAGE NEVER SHOWS UP IN CLIENT UI FOR A BASELINE Issue: 67226 APAR: IV72372 APAR Description: ADOBE'S NEW DC VERSIONING SCHEME CAUSES ERRORS WITH THE VERSION INSPECTOR Issue: 67138 APAR: IV72390 APAR Description: SESSION RELEVANCE RETURNS DUPLICATE OPERATOR SITE ENTRIES Issue: 67205 APAR: IV72497 APAR Description: ON LINUX SERVER, IF PROCESS MEMORY USAGE REACHES 10 GB BECOME UNRESPONSIVE Issue: 66981 APAR: IV72659 APAR Description: MISLEADING ERRORS IN WEBREPORTS LOG FILE Issue: 67068 APAR: IV72832 APAR Description: AGENT DOES NOT USE UPLOAD BANDWIDTH Issue: 62420 APAR: IV73269 APAR Description: MAC CLIENTUI REPEATEDLY CRASHING Issue: 67581 APAR: IV73297 APAR Description: IEM REST API INVOKED THROUGH WEB INTERFACE FAILS TO RETRIEVE PROPERTIES CONTAINING NON PRINTABLE CHARACTERS Issue: 67696 APAR: IV73480 APAR Description: TASK/EXTERNAL REST API FAILS TO RETRIEVE FIXLETS/TASKS SITE Issue: 67501 APAR: IV74064 APAR Description: PROBLEMS WITH AGENTS PERFORMING AUTOMATIC RELAY SELECTION AFTER SWITCHING BETWEEN WIRELESS NETWORKS Issue: 67726 APAR: IV74066 APAR Description: UNDER SPECIFIC CONDITION WEB REPORTS USER CREDENTIAL MAY BE LOGGED Security Vulnerabilities addressed: CVE-2015-2808 - Issue: 67133 - Bar Mitzvah Attack [Not preventing a vulnerability, but explicitly disabling RC4] CVE-2015-0204 - Issue: 66711 - FREAK Attack RSA silently downgrades to EXPORT_RSA CVE-2015-0286 - Issue: 66711 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0289 - Issue: 66711 - PKCS7 NULL pointer dereferences CVE-2011-4969 - Issue: 67307 - Vulnerable version of component jQuery found in Platform Issue: 63049 - Prevent clickjacking attacks Security Best Practice followed: Issue: 67325 - REST API should set HttpOnly on its cookies Other Bugs fixed: Issue: 67163 - XML parsing error when REST API returns non-printable chars Issue: 61481 - REST API sessions should timeout (tokens should expire) at 5 minutes Issue: 62534 - MemberActions are repeated after a failure, despite no retry configuration Issue: 65703 - After reboot agent with symlink to non "minimal" volume won't start Issue: 66613 - Linux installer does not work with db2username different from db2instancename Issue: 67233 - Misleading "Failed to convert database to a datasource" critical log message in stand-alone Web Reports installations Issue: 67630 - POSTing /BES/MultipleActionGroup with SourceFixletID should set source Issue: 67011 - The ""server manual upgrade"" fixlet contains ""__MIN_SERVER_UPGRADE_TAG__"" instead of a registration server version Issue: 67084 - Remove 10.5 and PPC references from Mac upgrade fixlet Issue: 66347 - _BESClient_Resource_AccelerateForPendingMessage logic is wrong Issue: 66926 - Correct links in the upgrade fixlets Issue: 66988 - Dynamic downloads fail for 9.1 (or greater) agents in a 9.0 environment; Actions are stuck in "Pending Download" Issue: 67210 - Add diagnostic information from libapt for failed inspection of "debianpackage" Issue: 67145 - "isinf" and "isnan" is already defined for c++0x platforms Issue: 66829 - The "Contents" link from the Console's "Help" menu points to a wrong version of docs (9.1) Issue: 66949 - Agent crash from inspecting an invalid security descriptor Issue: 62890 - Web Reports displays deleted comments in reports Issue: 66375 - AuditTrail cleaner enhancements for cleaning up expired hidden group actions and orphaned sub-actions ========================================== = Changes between 9.2.3.68 and 9.2.4.2 = ========================================== This patch release is for the Mac agent only. CHANGES: Client * Agents on OS X 10.10 crash with "FileItemError" (APAR: IV71643, issue: 65732) Installer * QnA binary is bundled with the agent installer (issue: 65705) ========================================== = Changes between 9.2.2.21 and 9.2.3.68 = ========================================== Features Added or Changed * Windows Server Components (Server, Console, Web Reports, FillDB, and BESAdmin) are now 64-bit Windows applications. - The new 64-bit memory addressing allows the IEM server components to access more than 4GB of memory. - This improves performance for larger IEM deployments and prevents "out of memory" failures in Web Reports and the Console. * BES Computer Remover functionality has been added into BESAdmin. - (The BES Computer Removal Tool will still continue to be released as a separate utility.) CHANGES: Security * None Server * BES_ACTION_DEFS has a missing condition for action ids in ACTION_DEFS and ACTION_FLAGS (APAR: IV67671, issue: 65794) * New property could reuse a deleted property id and thus display incorrect information (APAR: IV67143, issue: 65450) * After upgrade, local operators can only log in with their old password (APAR: IV69879, issue: 65930) Web Reports * SettingsDatabase.cpp's Error() has TooManyFormatArguments (issue:65471) Fixlet Debugger * CoInitialize relevance error when running statement through Action in Fixlet Debugger (APAR: IV67923, issue: 64458) Console * Certain shell scripts get errors in 9.2 (APAR: IV67723, issue: 65686) * English and Japanese Consoles return different values for "Fixlet Only" in "By Source Severity" (APAR: IV68093, issue: 64886) * Console not showing old actions or actions from other operators (issue: 65829) RESTAPI * /api/action/{id}/status doesn't return negative action result state (APAR: IV68524, issue: 65913) * Relevance query incorrectly returns a positive number (issue:64464) * POST /site/{external} should not overwrite Site Relevance (issue:66248) * External and custom site subscribe does not maintain Site Relevance (issue:66701) * Error message 'class TooManyFormatArguments incorrect for /fixlets/operator/x' (issue:66124) Airgap Tool * Airgaptool proxy error creating response file without any BigFix registry set (issue:66079) Session Inspectors * Site permissions session inspectors don't consider roles (issue:65542) Installer * Old ODBC driver used for SQL Server 2012 and SQL Server 2014 (issue:66146) * Check to see that needed .NET version is installed before Evaluation install (issue:66745) * Installer should not remove proxy settings in register key (issue:61010) * Update RHEL Server components fixlet can fail to update local client (issue:66735) Tools * BESClientRefresher -P option doesn't work properly (issue:66605) ========================================== = Changes between 9.2.1.48 and 9.2.2.21 = ========================================== http://www-01.ibm.com/support/docview.wss?uid=swg21696138 * Incorrect "Group membership" and "Relevance expression is false" site subscription relevance generation (APAR IV68955) * Baseline creation database error affecting the Linux server (APAR IV68735) * Web Reports LDAP role assignment issue after upgrade (APAR IV69132) * Console issue when using both four-eyes authentication and requiring reauthentication for every action (APAR IV64875) ========================================== = Changes between 9.2.0.363 and 9.2.1.48 = ========================================== 9.2.1 (9.2 patch 1) is a patch release to close security vulnerabilities and to fix a few general bugs. If you are running a 9.2 deployment, you need to upgrade in order to close the vulnerabilities and get the benefits of the bug fixes. CHANGES: Security * Updated version of OpenSSL used by Platform to 1.0.1j. * Eliminated use of SSL 3.0 protocol in order to close "POODLE" vulnerability. * Prevented use of XSS attacks on Relay. Client * Fixed issue with Last start time of application usage summary gives inconsistent results (issue #65360 APAR: IV66854). * Fixed issue with Client crashing when using the "wifi" inspector (issue #65466 APAR: IV66723). * Fixed issue with Client crashing on Pentium 3 machines (issue #62571, APAR: IV65194). Server * Fixed issue with Clients that are unintentionally subscribed to "Patch Support" reporting errors on executing actions (issue #65124 APAR: IV66106). * Fixed issue with LDAP search failing on a name containing ' (like O'Connor) (issue #64873 APAR: IV65509). * Fixed issue with Getting duplicate ActionSite object after using /resignInvalidSignatures (issue #62652 APAR: IV66399). * Fixed issue with COLLATE in Japanese Language and padding of strings (issue #64759 APAR: IV64986). * Fixed issue with authentication on Proxy failing when using Domain user (issue #65050 APAR: IV59779). * Fixed issue with Getting SignedDataVerificationFailure in LDAP environments upgraded from 9.0 with deleted duplicate users (issue #65389 APAR: IV58917). RESTAPI * Added the ability to configure the RESTAPI relevance timeout when querying Web Reports and to set the default to 10 minutes. (issue #65562). * Fixed issue with Custom site creation with property-based subscription not working (issue #65544 APAR: IV66873). * Fixed issue with API calls failing because of stale connections to DB (issue #59017). Web Reports * Fixed issue with with HTTP 500 error appearing while tyring to save a report in "Explore Data" (issue #65588). * Fixed issue with Web Reports taking 4 hrs to start up in large environments (issue #64880 APAR: IV65511). * Improved performance of handling LDAP queries and Computer Group stores (issue #64802 APAR: IV65178). * Fixed issue with sync error between Web Reports and Flash library (issue #62483 APAR: IV63664). * Fixed issue with Export to PDF not working on Windows if Flash content is on the page (issue #64322 APAR: IV64614). * Fixed issue with editing an existing activity changes the creator (issue #65098 APAR: IV65733). * Fixed issue with scheduled activities with deleted report source attempting to run an unrelated report (issue #65099 APAR: IV65735). * Fixed issue with Web Report's StoreStats memory values on Linux. (issue #64874 APAR: IV65508). * Fixed issue with some LDAP users provisioned in Web Reports not being able to login (issue #59142 APAR: IV56867). * Fixed issue with some LDAP users provisioned in Web Reports not being able to login (issue #59142 APAR: IV56867). * Fixed issue with Web Reports reporting problem with updating data because of ImproperFormatVariableName (issue #64465 APAR: IV65220). Console * Fixed issue with right-click remove option on BES Support deleting the BES Support site with no warnings (issue #65165 APAR: IV65937). Client Deploy Tool * Fixed issue with Client Deployment Tool presenting wrong information from cache and deployment log (issue #61358). * Fixed issue with Client Deploy tool not processing IP address ranges correctly (issue #63964). ===================================== = Changes between 9.1 and 9.2.0.363 = ===================================== Features Added * Granularity of Access Control - Ability to allow NMO roles/users to submit actions - Ability to allow NMO roles/users to restart a machine - Ability to allow NMO roles/users to shutdown a machine - Ability to allow NMO roles/users to lock/unlock an IEM agent - Ability to allow NMO roles/users to send refresh to multiple IEM agents * HTTP Proxy configuration simplification - Reduced the server and relay proxy configuration methods to one: Proxy can be configured specifying proxy host and port plus, if needed, user name and password. - Advanced configuration options such as: the ability to define the authentication method to be used at connection time, the possibility to decide if the proxy has to be used both for upstream and downstream communication and the capability to use a secure tunnel, are also provided. - Automatic migration of old configurations is performed under the covers during the upgrade to 9.2.0 phase. - Ability to interactively configure the proxy is also provided at install time, for the server, and using the client deployment tools, for the clients. * Improved relay resiliency - Relay recoverability from errors and data corruption has been added providing a configurable option to enable periodic checking and recovery of corrupted relay cache. When activated, this new mechanism is able to discover and recover corruption of downloaded files, gathered sites and mailboxes. * New Unix agent inspectors for CIS compliance checklist. - Linux: ability to gather info for services and process (SELinux) - AIX: ability to gather info for kernel modules, RPC, message catalogs and network tunables settings * Performance - Improved FillDB performance on Windows server * OS Support - Linux Server, Relay and Agent components can now be installed on RHEL 7 - MS Windows 2003 R2 is no longer supported for the IEM Server, Web Reports and Console - Windows Server and WebReports components can now be installed on 64-bit platforms only (MS Windows Server 2008 and higher) The IEM Server installer prevents deployment on 32-bit operating systems. The IEM Console installer will allow a manual installation on 32-bit platforms. Future Console installer releases will not support this mode of installation. ============================== = 124 bugs fixed, including: = ============================== a) APARs: * BESAdmin server upgrade fails due to "class invalidSQLTimeStampError" error (APAR: IV54707, issue: 61532) * BESAdmin HP fixlets don't become relevant (APAR: IV65253, issue: 63753) * Client Version 9 upgrade - Distance to BES relay not working (APAR: IV55875, issue: 59135) * Client handle security_identifier with a NULL SID (APAR: IV56574, issue: 62223) * Client CPU Usage Spikes on AIX LPARs (APAR: IV59238, issue: 59758) * Client Memory leak due to multiple 20KB memory chunks from x64environment (APAR: IV61901, issue: 63655) * Client Make client able to recover from mailbox id reset issues (APAR: IV62947, issue: 64051) * Client BESclient issues on Citrix XEN desktops (APAR: IV63049, issue: 60837) * Client BESClient service will not start. Error 1920 ( Client installer log ) (APAR: IV65194, issue: 62571) * ClientUI Wrong Offer is launched upon pressing "Click here to accept this offer" (APAR: IV61693, issue: 63555) * Console hard limit or warning when targeting by list (APAR: IV20837, issue: 49384) * Console Creating a custom filter for Actions using the Issued By field crashes the console in 9.0.835 (APAR: IV59003, issue: 62469) * Console Create Custom Copy of SCM fixlet, all MIME fields are lost (APAR: IV61257, issue: 62540) * Database FillDB backing up and SQLServer consuming 100% CPU following 9.1 upgrade (APAR: IV63044, issue: 63931) * Inspectors Windows systems don't give correct counts for >64 processors (APAR: IV55483, issue: 61875) * Installer v9.0.835.0 to v9.0.853.0 changes/over-writes the REST API credentials for TEM-SA (APAR: IV61989, issue: 63659) * Installer Child Components not stopped when baseline is stopped (APAR: IV64826, issue: 63198) * Installer IEM on RHEL does not work with DB2 10.5 FP4 (APAR: IV64899, issue: 64694) * Relay Non-Windows Relays Hang (APAR: IV60928, issue: 61158) * Relay File error "17FileNotFoundError" in RHEL relay log (APAR: IV62176, issue: 63498) * Relay ResistFailureInterval in IEM 9.0 (APAR: IV62367, issue: 62898) * REST API Creating an action though REST takes more than 20 seconds (APAR: IV54825, issue: 61409) * REST API XML: REST Respose encoding %1F (APAR: IV55011, issue: 61412) * REST API POST api/{site}/file/{file id} can be used to corrupt existing file ids (APAR: IV63520, issue: 64168) * Server Root Server Service will not stay running after re-install and recovery of database (APAR: IV12527, issue: 46922) * Server Proxy password is not obfuscated (APAR: IV53784, issue: 61152) * Server SHA2: updates to site level relevance aren't automatically copied over to subscription actions (APAR: IV53973, issue: 48922) * Server Diag Tool returns HTTP error 28 for BESMirrorGather (APAR: IV54258, issue: 58582) * Server FillDB discarding client reports after server upgrade (APAR: IV58144, issue: 62365) * Server Random "Access Denied" pop-up when submitting Action for target-list (APAR: IV59147, issue: 62382) * Server assign non default port for DSA connection (APAR: IV59643, issue: 62583) * Server server installation Failure on RHEL (APAR: IV63046, issue: 64110) * Server 9.1 upgrade error: rows in LONGQUESTIONRESULTS don't exist in QUESTIONRESULTS (APAR: IV63224, issue: 63304) * Server BES Root Server service crashed after upgraded to 9.1.1117 due to proxy settings (APAR: IV63867, issue: 64435) * Upgrade Relay installation into custom path fails (APAR: IV58682, issue: 62529) * Upgrade Make upgrade fixlets not use /var/tmp (APAR: IV62942, issue: 63887) * Web Reports Computer group names in multi-bytes language (e.g. Japanese) are corrupted in Web Reports (APAR: IV29950, issue: 52997) * Web Reports Web Report - Report List : Domain Label garbled (Japanese) (APAR: IV43435, issue: 57921) * Web Reports The exported CSV file shows garbage information on the office 2007 (APAR: IV50127, issue: 59318) * Web Reports custom site computer properties reported in Console but not in Web Reports (APAR: IV55625, issue: 61606) * Web Reports Action Time Issued conditions "is" and "is before" not returning correct results when run on Linux Web Reports server (APAR: IV55913, issue: 61712) * Web Reports "HTTP 500 Internal Server Error " in web reports (APAR: IV59040, issue: 62359) * Web Reports Change Passwords in Web Reporting missing from Administrators page (APAR: IV60486, issue: 63008) * Web Reports unable to generate chart for computer groups (APAR: IV60926, issue: 63136) b) Other Issues on previous Platform releases * Admin BESAdmin must use ICU (issue: 63167) * Admin Fix the BESAdmin's error about exceeding the limit for an advanced option's name (issue: 61735) * Admin Proxy - WIN setproxy cmd: it's not possible to put blank value once set new proxy method/protocol keys (issue: 62964) * Admin When a license is not updated, BESAdmin "Security" tab offers to unsubscribe from all the external sites (issue: 62081) * Client client memory leak 9.1.1117 (issue: 63726) * Client Client cannot point to relay defined by affiliation (issue: 63038) * Client actionscript move command shows success when directory doesn't exist (issue: 64162) * ClientUI JAWS: focus is not visible on list control or DHTML control (issue: 60993) * ClientUI JAWS: scrolling option is not provided when the font size is changed (issue: 60995) * ClientUI JAWS: List control headers are not being read by JAWS (issue: 59866) * Console "Computer Subscriptions" tab doesn't automatically refresh (issue: 64788) * Inspectors service "BESClient" not working on AIX (issue: 63847) * Inspectors Relative Significance Place calculations change between 8.2 and 9.x (issue: 64841) * Installer When installing from mounted r/o file system permissions check might be wrong (issue: 61525) * Installer Linux install with a response file initially fails to run db2setup, then Installer succeeds (issue: 63907 * Installer Typo in Linux Installerr ([1] Proceed installing also DB2) (issue: 63906) * Installer Add a current year to the Copyright on the Installation Guide window (issue: 55423) * Installer Windows Installerr should not remove proxy settings in regkey (issue: 61010) * Linux Admin BESAdmin.sh -findinvalidsignatures help does not need sitePvkPassword and sitePvkLocation (issue: 61662) * Linux Admin handle "x-bes-archive-allow-utf-8" masthead option in Linux admin tools (issue: 62054) * Linux Admin Fix the help message for Linux BESAdmin ('/' between a path and a file) (issue: 63670) * Linux Admin BESAdmin -status returns a not pertinent warning (issue: 62445) * Other Curl loops when failing to connect to a proxy configured for negotiation (issue: 64028) * REST API GET ComputerGroup fails when used with a NMO operator (issue: 59782) * REST API Root Server API Fails on Stale Connections to DB (issue: 59017) * REST API POST /api/site/{site}/files remove "IsClientFile" header (issue: 62954) * REST API POST to api/ldapdirectories with missing element crashes server (issue: 64646) * REST API Analysis activation and deactivation fails for NMOs (issue: 63162) * REST API XML: get site/master/content shows baseline as unknown (issue: 61965) * REST API Misc: GET /api/help/help and /api/help/login don't work (issue: 61948) * REST API /api/import doesn't return the id of an imported action (issue: 53290) * REST API Misc: DELETE api/task doesn't work (issue: 57692) * REST API Issuing "/action/" on a deleted action should not return the action (issue: 58581) * REST API GET /api/action/{action id}/status does not include action stop time (issue: 62957) * REST API RESTAPI resource links should use https rather than http (issue: 56197) * REST API Analysis Activation Request should return activation ID (issue: 63196) * REST API Incorrect chunking on /api/help (issue: 64269) * REST API Disallow analysis creation with improper ID (issue: 63322) * REST API windows auth password is exposed in the clear from remote db win auth install (issue: 64211) * Server qabes dsa replication problem (issue: 64609) * Server ProxyUser and ProxyPass not used for Kerberos when Proxy is populated (issue: 61829) * Server QABES consoles having problems (issue: 64707) * Server IEM Server Diagnostics should be reworked to eliminate BES Gather Service stuff (issue: 63362) * Server new password obfuscation BESRelay_Comm_KeyExchangePassword (issue: 63620) * Server password obfuscation and key _BESRelay_Comm_KeyExchangePassword (issue: 63603) * Server Server can only process 10 simultaneous REST API or Console data requests (issue: 64299) * Server Unexpected HTTP response 503 on Initial replication (issue: 56165) * Server server can't connect to database after turning on Enhanced Security (issue: 64097) * Server SHA2: Server service did not start correctly after it was auto-restarted by disabling the enhanced security mode (issue: 61065) * Server Proxy - LINUX installation doesn't connect internet with ntlm authenticationy (issue: 63027) * Server Initialization race in ReservedMap() (issue: 62099) * Server Proxy - HTTP code 502 - Server proxy exception list doesn't solve relay address correctly (issue: 63190) * Web Reports Several Web Reports access logs named by date kept in root server install directory (issue: 55822) * Web Reports Some reports stop working properly in complex environment (issue: 57604) * Web Reports CSRF vulnerability allows attacker to create/edit custom reports (issue: 64736)