Wazuh Versions Save

Manager

Added

• Introduced native Maltiverse integration. (#18026)
• Added a file detailing the dependencies for the Wazuh RESTful API and wodles tests. (#16513)
• Added unit tests for the Syscollector legacy decoder. (#15985)
• Added unit tests for the manage_agents tool. (#15999)
• Added an option to customize the Slack integration. (#16090)
• Added support for Amazon Linux 2023 in Vulnerability Detector. (#17617)

Changed

• An unnecessary sanity check related to Syscollector has been removed from wazuh-db. (#16008)

Fixed

• Fixed an unexpected error by the Cluster when a worker gets restarted. (#16683)
• Fixed an issue that let the manager validate wrong XML configurations. (#16681)

Deleted

• Delete unused framework RBAC migration folder. (#17225)

Agent

Added

• Added support for Custom Logs in Buckets via AWS SQS. (#17951)
• Added geolocation for aws.data.client_ip field. Thanks to @rh0dy. (16198)
• Added package inventory support for Alpine Linux in Syscollector. (#15699)
• Added package inventory support for MacPorts in Syscollector. (#15877)
• Added package inventory support for PYPI and node in Syscollector. (#17982)
• Added related process information to the open ports inventory in Syscollector. (#15000)
• Fixed vendor data in package inventory for Brew packages on macOS. (#16089)

Changed

• The shared modules' code has been sanitized according to the convention. (#17966)
• The package inventory internal messages have been modified to honor the schema compliance. (#18006)
• The agent's leaky bucket throughput limit has been extended to 100.000 EPS. (#16346)

Fixed

• Fixed detection of osquery 5.4.0+ running outside the integration. (#17006)

RESTful API

Fixed

• Addressed error handling for non-utf-8 encoded file readings. (#16489)
• Resolved an issue in the WazuhException class that disrupted the API executor subprocess. (#16914)
• Corrected an empty value problem in the API specification key. (#16918)

Other

Fixed

• Fixed the signature of the internal function OSHash_GetIndex(). (#17040)

Manager

Changed

• Vulnerability Detector now fetches the SUSE feeds in Gzip compressed format. (#18783)

Fixed

• Fixed a bug that might cause wazuh-analysisd to crash if it receives a status API query during startup. (#18737)
• Fixed a bug that might cause wazuh-maild to crash when handling large alerts. (#18976)
• Fixed an issue in Vulnerability Detector fetching the SLES 15 feed. (#19217)

Agent

Changed

• Updated the agent to report the name of macOS 14 (Sonoma). (#19041)

Fixed

• Fixed a bug in the memory handle at the agent's data provider helper. (#18773)
• Fixed a data mismatch in the OS name between the global and agents' databases. (#18903)
• Fixed an array limit check in wazuh-logcollector. (#19069)
• Fixed wrong Windows agent binaries metadata. (#19286)
• Fixed error during the windows agent upgrade. (#19397)

RESTful API

Added

• Added support for the $ symbol in query values. (#18509)
• Added support for the @ symbol in query values. (#18346)
• Added support for nested queries in the q API parameter. (#18493)

Changed

• Updated force flag message in the agent_upgrade CLI. (#18432)

Fixed

• Removed undesired characters when listing rule group names in GET /rules/groups. (#18362)
• Fixed an error when using the query condition=all in GET /sca/{agent_id}/checks/{policy_id}. (#18434)
• Fixed an error in the API log mechanism where sometimes the requests would not be printed in the log file. (#18733)

Manager

Changed

• wazuh-remoted now allows connection overtaking if the older agent did not respond for a while. (#18085)
• The manager stops restricting the possible package formats in the inventory, to increase compatibility. (#18437)
• wazuh-remoted now prints the connection family when an unknown client gets connected. (#18468)
• The manager stops blocking updates by WPK to macOS agents on ARM64, allowing custom updates. (#18545)
• Vulnerability Detector now fetches the Debian feeds in BZ2 compressed format. (#18770)

Fixed

• Fixed a bug in wazuh-csyslogd that causes it to consume 100% of CPU while expecting new alerts. (#18472)

Manager

Changed

• wazuh-remoted now allows connection overtaking if the older agent did not respond for a while. (#18085)
• The manager stops restricting the possible package formats in the inventory, to increase compatibility. (#18437)
• wazuh-remoted now prints the connection family when an unknown client gets connected. (#18468)
• The manager stops blocking updates by WPK to macOS agents on ARM64, allowing custom updates. (#18545)

Fixed

• Fixed a bug in wazuh-csyslogd that causes it to consume 100% of CPU while expecting new alerts. (#18472)

Manager

Changed

• Vulnerability Detector now fetches the RHEL 5 feed URL from feed.wazuh.com by default. (#18142)
• The Vulnerability Detector CPE helper has been updated. (#16846)

Fixed

• Fixed a race condition in some RBAC unit tests by clearing the SQLAlchemy mappers. (#17866)
• Fixed a bug in wazuh-analysisd that could exceed the maximum number of fields when loading a rule. (#17490)
• Fixed a race condition in wazuh-analysisd FTS list. (#17126)
• Fixed a crash in Analysisd when parsing an invalid decoder. (#17143)
• Fixed a segmentation fault in wazuh-modulesd due to duplicate Vulnerability Detector configuration. (#17701)
• Fixed Vulnerability Detector configuration for unsupported SUSE systems. (#16978)

Agent

Added

• Added the discard_regex functionality to Inspector and CloudWatchLogs AWS integrations. (#17748)
• Added new validations for the AWS integration arguments. (#17673)
• Added native agent support for Apple silicon. (#2224)

Changed

• The agent for Windows now loads its shared libraries after running the verification. (#16607)

Fixed

• Fixed InvalidRange error in Azure Storage integration when trying to get data from an empty blob. (#17524)
• Fixed a memory corruption hazard in the FIM Windows Registry scan. (#17586)
• Fixed an error in Syscollector reading the CPU frequency on Apple M1. (#17179)
• Fixed agent WPK upgrade for Windows that might leave the previous version in the Registry. (#16659)
• Fixed agent WPK upgrade for Windows to get the correct path of the Windows folder. (#17176)

RESTful API

Fixed

• Fixed PUT /agents/upgrade_custom endpoint to validate that the file extension is .wpk. (#17632)
• Fixed errors in API endpoints to get labels and reports active configuration from managers. (#17660)

Ruleset

Changed

• The SCA SCA policy for Ubuntu Linux 20.04 (CIS v2.0.0) has been remade. (#17794)

Fixed

• Fixed CredSSP encryption enforcement at Windows Benchmarks for SCA. (#17941)
• Fixed an inverse logic in MS Windows Server 2022 Benchmark for SCA. (#17940)
• Fixed a false positive in Windows Eventchannel rule due to substring false positive. (#17779)
• Fixed missing whitespaces in SCA policies for Windows. (#17813)
• Fixed the description of a Fortigate rule. (#17798)

Removed

• Removed check 1.1.5 from Windows 10 SCA policy. (#17812)

Other

Changed

• The CURL library has been updated to v7.88.1. (#16990)

Manager

Changed

• Vulnerability Detector now fetches the RHEL 5 feed URL from feed.wazuh.com by default. (#18142)
• The Vulnerability Detector CPE helper has been updated. (#16846)

Fixed

• Fixed a race condition in some RBAC unit tests by clearing the SQLAlchemy mappers. (#17866)
• Fixed a bug in wazuh-analysisd that could exceed the maximum number of fields when loading a rule. (#17490)
• Fixed a race condition in wazuh-analysisd FTS list. (#17126)
• Fixed a crash in Analysisd when parsing an invalid decoder. (#17143)
• Fixed a segmentation fault in wazuh-modulesd due to duplicate Vulnerability Detector configuration. (#17701)
• Fixed Vulnerability Detector configuration for unsupported SUSE systems. (#16978)

Agent

Added

• Added the discard_regex functionality to Inspector and CloudWatchLogs AWS integrations. (#17748)
• Added new validations for the AWS integration arguments. (#17673)
• Added native agent support for Apple silicon. (#2224)

Changed

• The agent for Windows now loads its shared libraries after running the verification. (#16607)

Fixed

• Fixed InvalidRange error in Azure Storage integration when trying to get data from an empty blob. (#17524)
• Fixed a memory corruption hazard in the FIM Windows Registry scan. (#17586)
• Fixed an error in Syscollector reading the CPU frequency on Apple M1. (#17179)
• Fixed agent WPK upgrade for Windows that might leave the previous version in the Registry. (#16659)
• Fixed agent WPK upgrade for Windows to get the correct path of the Windows folder. (#17176)

RESTful API

Fixed

• Fixed PUT /agents/upgrade_custom endpoint to validate that the file extension is .wpk. (#17632)
• Fixed errors in API endpoints to get labels and reports active configuration from managers. (#17660)

Ruleset

Changed

• The SCA SCA policy for Ubuntu Linux 20.04 (CIS v2.0.0) has been remade. (#17794)

Fixed

• Fixed CredSSP encryption enforcement at Windows Benchmarks for SCA. (#17941)
• Fixed an inverse logic in MS Windows Server 2022 Benchmark for SCA. (#17940)
• Fixed a false positive in Windows Eventchannel rule due to substring false positive. (#17779)
• Fixed missing whitespaces in SCA policies for Windows. (#17813)
• Fixed the description of a Fortigate rule. (#17798)

Removed

• Removed check 1.1.5 from Windows 10 SCA policy. (#17812)

Other

Changed

• The CURL library has been updated to v7.88.1. (#16990)

Manager

Changed

• Vulnerability Detector now fetches the RHEL 5 feed URL from feed.wazuh.com by default. (#18142)
• The Vulnerability Detector CPE helper has been updated. (#16846)

Fixed

• Fixed a race condition in some RBAC unit tests by clearing the SQLAlchemy mappers. (#17866)
• Fixed a bug in wazuh-analysisd that could exceed the maximum number of fields when loading a rule. (#17490)
• Fixed a race condition in wazuh-analysisd FTS list. (#17126)
• Fixed a crash in Analysisd when parsing an invalid decoder. (#17143)
• Fixed a segmentation fault in wazuh-modulesd due to duplicate Vulnerability Detector configuration. (#17701)
• Fixed Vulnerability Detector configuration for unsupported SUSE systems. (#16978)

Agent

Added

• Added the discard_regex functionality to Inspector and CloudWatchLogs AWS integrations. (#17748)
• Added new validations for the AWS integration arguments. (#17673)
• Added native agent support for Apple silicon. (#2224)

Changed

• The agent for Windows now loads its shared libraries after running the verification. (#16607)

Fixed

• Fixed InvalidRange error in Azure Storage integration when trying to get data from an empty blob. (#17524)
• Fixed a memory corruption hazard in the FIM Windows Registry scan. (#17586)
• Fixed an error in Syscollector reading the CPU frequency on Apple M1. (#17179)
• Fixed agent WPK upgrade for Windows that might leave the previous version in the Registry. (#16659)
• Fixed agent WPK upgrade for Windows to get the correct path of the Windows folder. (#17176)

RESTful API

Fixed

• Fixed PUT /agents/upgrade_custom endpoint to validate that the file extension is .wpk. (#17632)
• Fixed errors in API endpoints to get labels and reports active configuration from managers. (#17660)

Ruleset

Changed

• The SCA SCA policy for Ubuntu Linux 20.04 (CIS v2.0.0) has been remade. (#17794)

Fixed

• Fixed CredSSP encryption enforcement at Windows Benchmarks for SCA. (#17941)
• Fixed an inverse logic in MS Windows Server 2022 Benchmark for SCA. (#17940)
• Fixed a false positive in Windows Eventchannel rule due to substring false positive. (#17779)
• Fixed missing whitespaces in SCA policies for Windows. (#17813)
• Fixed the description of a Fortigate rule. (#17798)

Removed

• Removed check 1.1.5 from Windows 10 SCA policy. (#17812)

Other

Changed

• The CURL library has been updated to v7.88.1. (#16990)

Manager

Changed

• Vulnerability Detector now fetches the NVD feed from https://feed.wazuh.com, based on the NVD API 2.0. (#17954)
  • The option <update_from_year> has been deprecated.

Fixed

• Fixed an error in the installation commands of the API and Framework modules when performing upgrades from sources. (#17656)
• Fixed embedded Python interpreter to remove old Wazuh packages from it. (#18123)

RESTful API

Changed

• Changed API integration tests to include Nginx LB logs when tests failed. (#17703)

Fixed

• Fixed error in the Nginx LB entry point of the API integration tests. (#17703)

Manager

Changed

• Vulnerability Detector now fetches the RHEL 5 feed URL from feed.wazuh.com by default. (#18142)
• The Vulnerability Detector CPE helper has been updated. (#16846)

Fixed

• Fixed a race condition in some RBAC unit tests by clearing the SQLAlchemy mappers. (#17866)
• Fixed a bug in wazuh-analysisd that could exceed the maximum number of fields when loading a rule. (#17490)
• Fixed a race condition in wazuh-analysisd FTS list. (#17126)
• Fixed a crash in Analysisd when parsing an invalid decoder. (#17143)
• Fixed a segmentation fault in wazuh-modulesd due to duplicate Vulnerability Detector configuration. (#17701)
• Fixed Vulnerability Detector configuration for unsupported SUSE systems. (#16978)

Agent

Added

• Added the discard_regex functionality to Inspector and CloudWatchLogs AWS integrations. (#17748)
• Added new validations for the AWS integration arguments. (#17673)
• Added native agent support for Apple silicon. (#2224)

Changed

• The agent for Windows now loads its shared libraries after running the verification. (#16607)

Fixed

• Fixed InvalidRange error in Azure Storage integration when trying to get data from an empty blob. (#17524)
• Fixed a memory corruption hazard in the FIM Windows Registry scan. (#17586)
• Fixed an error in Syscollector reading the CPU frequency on Apple M1. (#17179)
• Fixed agent WPK upgrade for Windows that might leave the previous version in the Registry. (#16659)
• Fixed agent WPK upgrade for Windows to get the correct path of the Windows folder. (#17176)

RESTful API

Fixed

• Fixed PUT /agents/upgrade_custom endpoint to validate that the file extension is .wpk. (#17632)
• Fixed errors in API endpoints to get labels and reports active configuration from managers. (#17660)

Ruleset

Changed

• The SCA SCA policy for Ubuntu Linux 20.04 (CIS v2.0.0) has been remade. (#17794)

Fixed

• Fixed CredSSP encryption enforcement at Windows Benchmarks for SCA. (#17941)
• Fixed an inverse logic in MS Windows Server 2022 Benchmark for SCA. (#17940)
• Fixed a false positive in Windows Eventchannel rule due to substring false positive. (#17779)
• Fixed missing whitespaces in SCA policies for Windows. (#17813)
• Fixed the description of a Fortigate rule. (#17798)

Removed

• Removed check 1.1.5 from Windows 10 SCA policy. (#17812)

Other

Changed

• The CURL library has been updated to v7.88.1. (#16990)

Manager

Changed

• Vulnerability Detector now fetches the NVD feed from https://feed.wazuh.com, based on the NVD API 2.0. (#17954)
  • The option <update_from_year> has been deprecated.

Fixed

• Fixed an error in the installation commands of the API and Framework modules when performing upgrades from sources. (#17656)

RESTful API

Changed

• Changed API integration tests to include Nginx LB logs when tests failed. (#17703)

Fixed

• Fixed error in the Nginx LB entrypoint of the API integration tests. (#17703)