Releases: wazuh/wazuh
Releases ยท wazuh/wazuh
Wazuh v4.12.0
Manager
Added
- Added new compilation flags for the Vulnerability Detector module. (#26652)
- Added support for central components in ARM architectures. (#26083)
- Added functionality to navigate to CTI links related to specific CVE detections from states and alerts. (#28220)
- Added package condition field in indexed vulnerabilities. (#27603)
Changed
- Converted server logs timestamp to UTC. (#28047)
- Removed error logs when the response is 409 for certain OpenSearch calls. (#28038)
Fixed
- Fixed inconsistent vulnerability severity categorization by correcting CVSS version prioritization. (#26720)
- Fixed a potential crash in Wazuh-DB by improving the PID parsing method. (#26769)
- Fixed concurrent mechanism on column family rocksDB. (#28185)
- Fixed unused variables in Analysisd. (#28503)
- Fixed analysisd startup failure caused by mixing static and dynamic rules with the same ID. (#29050)
- Fixed crash in Vulnerability Scanner when processing delayed events during agent re-scan. (#27834)
- Improved the signal handling during processes stop. (#26679)
- Improved cleanup logic for the content folder for the VD module. (#27750)
- Sanitized invalid size values from package data provider events. (#27806)
- Fixed crash when reading email alerts missing the
email_toattribute. (#26704) - Fixed offset errors by updating the DB only after processing events. (#29179)
Agent
Added
- FIM now supports whodata using an eBPF-based integration. (#27956)
- Added support for the
riskDetectionsrelationship in MS Graph. (#28416)
Changed
- Added a time delay option in the MS Graph integration to prevent log loss. (#28389)
- Added a page size option to the MS Graph integration. (#28276)
- Implemented Journald rotation detection in Logcollector. (#28388)
- Deleted the restriction for the use of the AWS profile in the Amazon Security Lake integration. (#28149)
- Removed
WARNINGprefix in logs from the CloudWatchLogs AWS integration. (#27990)
Fixed
- Fixed a bug that could cause
wazuh-modulesdto crash at startup. (#26647) - Fixed incorrect UTF-8 character validation in FIM. Thanks to @zbalkan. (#26289)
- Improved URL validation in the Maltiverse integration. (#27100)
- Fixed an issue in Syscollector where package sizes were reported as negative. (#28005)
- Fixed an enrollment failure on Solaris 10 caused by unsupported socket timeout. (#29161)
- Fixed a memory issue in the
wazuh-agentdargument parser. (#29214) - Fixed WPK package upgrades for DEB when upgrading from version 4.3.11 or earlier. (#28928)
Ruleset
Added
- Added SCA content for Windows Server 2025. (#26732)
- Added SCA content for Fedora 41. (#26736)
- Create SCA policy for Distribution Independent Linux. (#26837)
- Create SCA policy for Ubuntu 24.04 LTS. (#23194)
Changed
- SCA rule Improvement for MacOS 15 SCA. (#26982)
Other
Changed
Contributors
zbalkan
Assets 2
Wazuh v4.11.2
Wazuh v4.11.1
Manager
Fixed
- Fixed the OS CPE build for package scans with data from Wazuh-DB. (#28294)
- Added delete by query logic when indexer is disabled. (#28292)
- Fixed heap buffer overflow in Analysisd rule parser. (#28396)
- Fixed unnecesary data copy during the curl calls. (#28429)
Agent
Fixed
- Improved agent connectivity. (#28339)
Changed
Wazuh v4.11.0
Manager
Fixed
- Enabled inventory synchronization in Vulnerability Detector when the Indexer module is disabled. (#26132)
Added
- Added CISA vulnerability content and prioritized over NVD in vulnerability scanner. (#27692)
Changed
- Improved delimiters on XML. (#27771)
- Improved FIM decoder. (#27893)
- Improved SCA and Syscheck decoders. (#27835)
- Improved CISCAT decoder detection messages. (#27914)
- Changed ms-graph page size. (#28195)
Agent
Fixed
- Fixed error in event processing on AWS Custom Logs Buckets module. (#27739)
Added
- Improved Syscollector hotfix coverage on Windows by integrating WMI and WUA APIs. (#26706)
- Extended Syscollector capabilities to detect installed .pkg packages. (#26782)
Changed
- Updated standard Python and NPM package location in Syscollector to align with common installation paths. (#26236)
RESTful API
Fixed
- Added the
security:revokeaction to thePUT /security/user/revokeendpoint. (#26255)
Wazuh v4.10.1
Wazuh v4.10.0
Manager
Fixed
- Added support for multiple Certificate Authorities files in the indexer connector. (#24620)
- Removed hardcoded cipher text size from the RSA decryption method. (#24529)
- Avoid infinite loop while updating the vulnerability detector content. (#25094)
- Fixed repeated OS vulnerability reports. (#26223)
- Fixed inconsistencies between reported context and vulnerability data. (#25479)
- Fixed concurrency issues in LRU caches (#26073)
- Removed all CVEs related to a deleted agent from the indexer. (#26232)
- Prevented an infinite loop when indexing events in the Vulnerability Detector. (#26922)
- Fixed vulnerability scanner re-scan triggers in cluster environment. (#24034)
- Fixed an issue where elements in the delayed list were not purged when changing nodes. (#27145)
- Added logic to avoid re-scanning disconnected agents. (#27145)
Changed
- Added self-recovery mechanism for rocksDB databases. (#24333)
- Improve logging for indexer connector monitoring class. (#25189)
- Added generation of debug symbols. (#23760)
- Updated CURL version to 8.10.0. (#23266)
- Improved Vulnerability Scanner performance by optimizing the PEP440 version matcher. (#27320)
- Improved Vulnerability Scanner performance by optimizing version matcher object creation. (#27324)
- Improved Vulnerability Scanner performance by optimizing global data handling. (#27321)
Agent
Fixed
- Fixed macOS agent upgrade timeout. (#25452)
- Fixed macOS agent startup error by properly redirecting cat command errors in wazuh-control. (#24531)
- Fixed inconsistent package inventory size information in Syscollector across operating systems (#24516)
- Fixed missing Python path locations for macOS in Data Provider. (#24125)
- Fixed permission error on Windows 11 agents after remote upgrade. (#25429)
- Fixed increase of the variable containing file size in FIM for Windows. (#24387)
- Fixed timeout issue when upgrading Windows agent via WPK. (#25699)
- Allowed unknown syslog identifiers in Logcollector's journald reader. (#26748)
- Prevented agent termination during package upgrades in containers by removing redundant kill commands. (#26828)
- Fixed handle leak in FIM's realtime mode on Windows. (#26861)
- Fixed errors on AIX 7.2 by adapting the blibpath variable. (#26900)
- Sanitized agent paths to prevent issues with parent folder references. (#26944)
- Fixed an issue in the DEB package that prevented the agent from restarting after an upgrade. (#26633)
- Improved file path handling in agent communications to avoid references to parent folders. (#26944)
- Set RPM package vendor to
UNKNOWN_VALUEwhen the value is missing. (#27054) - Updated Solaris package generation to use the correct
wazuh-packagesreference. (#27059)
Changed
- Added generation of debug symbols. (#23760)
- Changed how the AWS module handles non-existent regions. (#23998)
- Changed macOS packages building tool. (#2006)
- Enhance Wazuh macOS agent installation instructions (#7498)
- Enhance Windows agent signing procedure. (#2826)
- Enhance security by implementing a mechanism to prevent unauthorized uninstallation of Wazuh agent on Linux endpoints. (#23466)
- Enhance integration with Microsoft Intune MDM to pull audit logs for security alert generation. (#24498)
- Updated rootcheck old signatures. (#26137)
RESTful API
Added
- Created new endpoint for agent uninstall process. (#24621)
Other
Changed
- Updated the embedded Python version up to 3.10.15. (#25374)
- Upgraded
certifiand removed unused packages. (#25324) - Upgraded external
cryptographylibrary dependency version to 43.0.1. (#25893) - Upgraded external
starletteanduvicorndependencies. (#26252)
Ruleset
Added
- Create SCA Policy for Windows Server 2012 (non R2). (#21794)
Changed
- Rework SCA Policy for Windows Server 2019. (#21434)
- Rework SCA Policy for Red Hat Enterprise Linux 9. (#24667)
- Rework SCA Policy for Microsoft Windows Server 2012 R2. (#24991)
- Rework SCA Policy for Ubuntu Linux 18.04 LTS. Fix incorrect checks in Ubuntu 22.04 LTS. (#24957)
- Rework SCA Policy for Amazon Linux 2 SCA. (#24969)
- Rework SCA for SUSE Linux Enterprise 15 SCA. (#24975)
- Rework SCA Policy for Apple macOS 13.0 Ventura. (#24992)
- Rework SCA Policy for Microsoft Windows 11 Enterprise. (#25710)
Fixed
Wazuh v4.9.2
Wazuh v4.9.1
Manager
Fixed
- Fixed vulnerability detector issue where RPM upgrade wouldn't download new content. (#24909)
- Fixed uncaught exception at Keystore test tool. (#25667)
- Replaced
evalcalls withast.literal_eval. Thanks to @DanielFi. (#25705) - Fixed the cluster being disabled by default when loading configurations. (#26277)
- Added support ARM packages for wazuh-manager. (#25945)
Changed
- Improved provisioning method for wazuh-keystore to enhance security. (#24110)
Agent
Added
- Added support for macOS 15 "Sequoia" in Wazuh Agent. (#25652)
Fixed
- Fixed agent crash on Windows version 4.8.0. (#24910)
- Fixed data race conditions at FIM's
run_check. (#25209) - Fixed Windows agent crashes related to
syscollector.dll. (#24376) - Fixed errors related to 'libatomic.a' library on AIX 7.X. (#25445)
- Fixed errors in Windows Agent:
EvtFormatMessagereturned errors 15027 and 15033. (#24932) - Fixed FIM issue where it couldn't fetch group entries longer than 1024 bytes. (#25459)
- Fixed Wazuh Agent crash at
syscollector. (#25469) - Fixed a bug in the processed dates in the AWS module related to the AWS Config type. (#23528)
- Fixed an error in Custom Logs Buckets when parsing a CSV file that exceeds a certain size. (#24694)
- Fixed macOS syslog and ULS not configured out-of-the-box. (#26108)
RESTful API
Fixed
- Fixed requests logging to obtain the hash_auth_context from JWT tokens. (#25764)
- Enabled API to listen IPV4 and IPV6 stacks. (#25216)
Changed
- Changed the error status code thrown when basic services are down to 500. (#26103)
Contributors
DanielFi
Assets 2
Wazuh v4.9.0
Manager
Added
- The manager now supports alert forwarding to Fluentd. (#17306)
- Added missing functionality for vulnerability scanner translations. (#23518)
- Improved performance for vulnerability scanner translations. (#23722)
- Enhanced vulnerability scanner logging to be more expressive. (#24536)
- Added the HAProxy helper to manage load balancer configuration and automatically balance agents. (#23513)
- Added a validation to avoid killing processes from external services. (#23222)
- Enabled ceritificates validation in the requests to the HAProxy helper using the default CA bundle. (#23996)
Fixed
- Fixed compilation issue for local installation. (#20505)
- Fixed malformed JSON error in wazuh-analysisd. (#16666)
- Fixed a warning when uninstalling the Wazuh manager if the VD feed is missing. (#24375)
- Ensured vulnerability detection scanner log messages end with a period. (#24393)
Changed
- Changed error messages about
recv()messages from wazuh-db to debug logs. (#20285) - Sanitized the
integrationsdirectory code. (#21195)
Agent
Added
- Added debug logging in FIM to detect invalid report change registry values. Thanks to Zafer Balkan (@zbalkan). (#21690)
- Added Amazon Linux 1 and 2023 support for the installation script. (#21287)
- Added Journald support in Logcollector. (#23137)
- Added support for Amazon Security Hub via AWS SQS. (#23203)
Fixed
- Fixed loading of whodata through timeouts and retries. (#21455)
- Avoided backup failures during WPK update by adding dependency checking for the tar package. (#21729)
- Fixed a crash in the agent due to a library incompatibility. (#22210)
- Fixed an error in the osquery integration on Windows that avoided loading osquery.conf. (#21728)
- Fixed a crash in the agent's Rootcheck component when using
<ignore>. (#22588) - Fixed command wodle to support UTF-8 characters on windows agent. (#19146)
- Fixed Windows agent to delete wazuh-agent.state file when stopped. (#20425)
- Fixed Windows Agent 4.8.0 permission errors on Windows 11 after upgrade. (#20727)
- Fixed alerts are created when syscheck diff DB is full. (#16487)
- Fixed Wazuh deb uninstallation to remove non-config files. (#2195)
- Fixed improper Windows agent ACL on non-default installation directory. (#23273)
- Fixed socket configuration of an agent is displayed. (#17664)
- Fixed wazuh-modulesd printing child process not found error. (#18494)
- Fixed issue with an agent starting automatically without reason. (#23848)
- Fixed GET /syscheck to properly report size for files larger than 2GB. (#17415)
- Fixed error in packages generation centos 7. (#24412)
- Fixed Wazuh deb uninstallation to remove non-config files from the installation directory. (#2195)
- Fixed Azure auditLogs/signIns status parsing (thanks to @jmnis for the contribution). (#22392)
- Fixed how the S3 object keys with special characters are handled in the Custom Logs Buckets integration. (#22621)
Changed
- The directory /boot has been removed from the default FIM settings for AIX. (#19753)
- Refactored and modularized the Azure integration code. (#20624)
- Improved logging of errors in Azure and AWS modules. (#16314)
Removed
- Dropped support for Python 3.7 in cloud integrations. (#22583)
RESTful API
Added
- Added support in the Wazuh API to parse
journaldconfigurations from theossec.conffile. (#23094) - Added user-agent to the CTI service request. (#24360)
Changed
- Merged group files endpoints into one (
GET /groups/{group_id}/files/{filename}) that uses therawparameter to receive plain text data. (#21653) - Removed the hardcoded fields returned by the
GET /agents/outdatedendpoint and added the select parameter to the specification. (#22388) - Updated the regex used to validate CDB lists. (#22423)
- Changed the default value for empty fields in the
GET /agents/stats/distinctendpoint response. (#22413) - Changed the Wazuh API endpoint responses when receiving the
Expectheader. (#22380) - Enhanced Authorization header values decoding errors to avoid showing the stack trace and fail gracefully. (#22745)
- Updated the format of the fields that can be N/A in the API specification. (#22908)
- Updated the WAZUH API specification to conform with the current endpoint requests and responses. (#22954)
- Replaced the used aiohttp server with uvicorn. (#23199)
- Changed the
PUT /groups/{group_id}/configurationendpoint response error code when uploading an empty file. - Changed the
GET, PUT and DELETE /lists/files/{filename}endpoints response status code when an invalid file is used. - Changed the
PUT /manager/configurationendpoint response status code when uploading a file with invalid content-type.
- Changed the
Fixed
- Improved XML validation to match the Wazuh internal XML validator. (#20507)
- Fixed bug in
GET /groups. (#22428) - Fixed the
GET /agents/outdatedendpoint query. (#24946)
Removed
- Removed the
cacheconfiguration option from the Wazuh API. (#22416)
Ruleset
Changed
- The solved vulnerability rule has been clarified. (#19754)
Fixed
- Fixed audit decoders to parse the new heading field "node=". (#22178)
Other
Changed
- Upgraded external OpenSSL library dependency version to 3.0. (#20778)
- Migrated QA framework. (#17427)
- Improved WPKs. (#21152)
- Migrated and adapted Wazuh subsystem repositories as part of Wazuh packages redesign. (#23508)
- Upgraded external connexion library dependency version to 3.0.5 and its related interdependencies. (#22680)
Fixed
- Fixed a buffer overflow hazard in HMAC internal library. (#19794)
Contributors
zbalkan and jmnis
Assets 2
Wazuh v4.8.2
Manager
Fixed
- Fixed memory management in wazuh-remoted that might cause data corruption in incoming messages. (#25225)