Upgrading ACC Agent installs is necessary to get bug and security fixes for Ruby/RubyGems/OpenSSL Table of Contents IntroductionManifest versions agent-client-collector 3.5.3agent-client-collector 4.0.0agent-client-collector 4.1.1 The RubyGems, and their versions agent-client-collector 3.5.3agent-client-collector 4.0.0agent-client-collector 4.1.1 Introduction Unlike MID Servers, when the Agent Client Collector Framework app in the instance is upgraded, the Agent installs remain on the version they were installed with. The checks, and the ACC Plugins containing the scripts their commands use do get upgraded, and pushed to all the Agents, but the Agent's binaries don't get upgraded. The Self-Upgrade feature isn't designed for mass deployments of upgrades. Customers are expected to use their own provisioning/automation tools to reinstall or upgrade the Agent software on computers. Tech support has realised that some customers have been (mis)led to believe they don't need to upgrade agent installs, or have decided it's too much trouble to bother with. This KB aims to convince (frighten) customers into doing this every time the ACC-F app in the instance is upgraded. The reason they should be maintained is that there are a lot of 3rd party helper applications and libraries in an Agent install. Like any software, these may have bugs and occasionally security vulnerabilities that need patching. Some may affect the Check commands used by ACC features. ServiceNow's release testing is also generally done with Agent installs that match the version of the app in the instance. And higher level apps will be tested with the latest Framework version and installs. This is not intended to be a comprehensive list of changes, but just to highlight the kind of changes that are done between versions, using ACC-F 3.5.3 as a baseline, and the changes in 4.0.0, and then 4.1.1 installers. A couple of noteworthy upgrades are in bold, which your security scanners may already have made you aware of. The unused RubyGems stripped out of v4.1 was also a proactive security measure to avoid having code that may in future turn out to have vulnerabilities. Manifest versions C:\Program Files\ServiceNow\agent-client-collector\version-manifest.txt Upgraded in Green agent-client-collector 3.5.3 Component Installed Version Version GUID Overridden From -----------------------------------------------------------------------------------------------------------------------------------cacerts 2018-01-17 sha256:defe310a0184a12e4b1b3d147f1d77395dd7a09e3428373d019bef5d542ceba3 config_guess master git:84f04b02a7e2fc8eaa9d52deee5f6d57b06fe447 libffi 3.4.4 sha256:d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676 libyaml 0.2.5 sha256:c642ae9b75fee120b2d96c712538bd2cf283228d2337df2cf2988e3c02678ef4 openssl 1.0.2zg sha256:09f8372eaede77ec8e6945e2d2d8eeb1b91662980cf23fe95f627b377162296c preparation 1.0.0 rb-readline-gem 0.5.5 ruby 3.2.2 sha256:96c57558871a6748de5bc9f274e93f4b5aad06cd8f37befa0e8d94e7b8a423bc rubygems 3.5.3 sensu-gem 3.5.3 0.26.1 shebang-cleanup 0.0.3 version-manifest 0.0.1 zlib 1.2.13 sha256:b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30 agent-client-collector 4.0.0 Component Installed Version Version GUID Overridden From -----------------------------------------------------------------------------------------------------------------------------------cacerts 2018-01-17 sha256:defe310a0184a12e4b1b3d147f1d77395dd7a09e3428373d019bef5d542ceba3 config_guess master git:84f04b02a7e2fc8eaa9d52deee5f6d57b06fe447 libffi 3.4.4 sha256:d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676 libyaml 0.2.5 sha256:c642ae9b75fee120b2d96c712538bd2cf283228d2337df2cf2988e3c02678ef4 openssl 1.0.2zg sha256:09f8372eaede77ec8e6945e2d2d8eeb1b91662980cf23fe95f627b377162296c preparation 1.0.0 rb-readline-gem 0.5.5 ruby 3.3.2 sha256:3be1d100ebf2a0ce60c2cd8d22cd9db4d64b3e04a1943be2c4ff7b520f2bcb5b rubygems 4.0.0 sensu-gem 4.0.0 0.26.1 shebang-cleanup 0.0.3 version-manifest 0.0.1 zlib 1.2.13 sha256:b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30 agent-client-collector 4.1.1 Component Installed Version Version GUID Overridden From -----------------------------------------------------------------------------------------------------------------------------------cacerts 2018-01-17 sha256:defe310a0184a12e4b1b3d147f1d77395dd7a09e3428373d019bef5d542ceba3 config_guess master git:84f04b02a7e2fc8eaa9d52deee5f6d57b06fe447 libffi 3.4.4 sha256:d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676 libyaml 0.2.5 sha256:c642ae9b75fee120b2d96c712538bd2cf283228d2337df2cf2988e3c02678ef4 openssl 3.3.2 sha256:2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281 preparation 1.0.0 rb-readline-gem 0.5.5 ruby 3.3.2 sha256:3be1d100ebf2a0ce60c2cd8d22cd9db4d64b3e04a1943be2c4ff7b520f2bcb5b rubygems 4.1.1 sensu-gem 4.1.1 0.26.1 shebang-cleanup 0.0.3 version-manifest 0.0.1 zlib 1.2.13 sha256:b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30 The RubyGems, and their versions agent-client-collector 3.5.3 C:\Program Files\ServiceNow\agent-client-collector\embedded\lib\ruby\gems\3.2.0\gems Key:Removed in 4.0.0 activesupport-7.0.8addressable-2.8.6amq-protocol-2.0.1bundler-2.3.3bundler-2.4.10bunny-2.6.4carrot-top-0.0.7concurrent-ruby-1.2.3debug-1.7.1domain_name-0.6.20240107erb-4.0.2ffi-1.16.3ffi-compiler-1.3.2ffi-win32-extensions-1.0.4http-5.2.0http-cookie-1.0.5http-form_data-2.3.0i18n-1.14.4inifile-3.0.0irb-1.6.2json-2.3.0json-2.7.2jsonpath-1.1.5kubeclient-4.11.0llhttp-ffi-0.5.0matrix-0.4.2mime-types-3.5.2mime-types-data-3.2024.0305minitest-5.16.3mixlib-cli-1.7.0multi_json-1.15.0net-ftp-0.2.0net-imap-0.3.4net-pop-0.1.2net-smtp-0.3.3netrc-0.11.0power_assert-2.0.3prime-0.1.2public_suffix-5.0.5racc-1.6.2rake-13.0.6rake-13.2.1rb-readline-0.5.5rbs-2.8.2rdoc-6.5.0recursive-open-struct-1.1.3rest-client-2.0.2-x64-mingw32rexml-3.2.5rss-0.2.9rubygems-update-3.3.3ruby_dig-0.0.2sensu-plugin-4.0.0sensu-plugins-kubernetes-5.0.2sensu-plugins-logs-4.1.1sensu-plugins-rabbitmq-8.1.0sensu-sn-readfile-1.1.3stomp-1.4.7sys-filesystem-1.3.4sys-proctable-1.3.0test-unit-3.5.7typeprof-0.21.3tzinfo-2.0.6win32-security-0.5.0 agent-client-collector 4.0.0 Key:Upgraded in 4.0.0 Removed in 4.1.1 C:\Program Files\ServiceNow\agent-client-collector\embedded\lib\ruby\gems\3.3.0\gems\ activesupport-7.0.8addressable-2.8.7amq-protocol-2.0.1bundler-2.5.9bunny-2.6.4carrot-top-0.0.7concurrent-ruby-1.3.3debug-1.9.1domain_name-0.6.20240107erb-4.0.3ffi-1.17.0ffi-compiler-1.3.2ffi-win32-extensions-1.0.4http-5.2.0http-cookie-1.0.6http-form_data-2.3.0i18n-1.14.5inifile-3.0.0irb-1.13.1json-2.7.1jsonpath-1.1.5kubeclient-4.12.0llhttp-ffi-0.5.0matrix-0.4.2mime-types-3.5.2mime-types-data-3.2024.0702minitest-5.20.0mixlib-cli-1.7.0multi_json-1.15.0net-ftp-0.3.4net-imap-0.4.9.1net-pop-0.1.2net-smtp-0.4.0.1netrc-0.11.0power_assert-2.0.3prime-0.1.2public_suffix-6.0.0racc-1.7.3rake-13.1.0rb-readline-0.5.5rbs-3.4.0rdoc-6.6.3.1recursive-open-struct-1.2.2rest-client-2.0.2-x64-mingw32rexml-3.2.8rss-0.3.0ruby_dig-0.0.2sensu-plugin-4.0.0sensu-plugins-kubernetes-5.0.2sensu-plugins-rabbitmq-8.1.0sensu-sn-readfile-1.1.3stomp-1.4.7strscan-3.1.0syntax_suggest-2.0.0sys-filesystem-1.3.4sys-proctable-1.3.0test-unit-3.6.1typeprof-0.21.9tzinfo-2.0.6win32-security-0.5.0 agent-client-collector 4.1.1 Key:Upgraded in 4.1.1 C:\Program Files\ServiceNow\agent-client-collector\embedded\lib\ruby\gems\3.3.0\gems\ addressable-2.8.6bundler-2.5.9debug-1.9.1erb-4.0.3ffi-1.17.0ffi-compiler-1.3.2ffi-win32-extensions-1.0.4irb-1.13.1json-2.7.1llhttp-ffi-0.5.0matrix-0.4.2minitest-5.20.0mixlib-cli-1.7.0net-ftp-0.3.4net-imap-0.4.9.1net-pop-0.1.2net-smtp-0.4.0.1power_assert-2.0.3prime-0.1.2public_suffix-5.1.1racc-1.7.3rake-13.1.0rb-readline-0.5.5rbs-3.4.0rdoc-6.6.3.1rexml-3.3.7rss-0.3.0sensu-plugin-4.0.0sensu-sn-readfile-1.1.3syntax_suggest-2.0.0test-unit-3.6.1typeprof-0.21.9win32-security-0.5.0