All Versions
87
Latest Version
Avg Release Cycle
29 days
Latest Release
558 days ago
Changelog History
Page 2
Changelog History
Page 2
-
v4.2.7 Changes
May 30, 2022Manager
๐ Fixed
- ๐ Fixed a crash in Vuln Detector when scanning agents running on Windows (backport from 4.3.2). (#13617)
-
v4.2.6 Changes
March 29, 2022Manager
๐ Fixed
- ๐ Fixed an integer overflow hazard in
wazuh-remoted
that caused it to drop incoming data after receiving 231 messages. (#11974)
- ๐ Fixed an integer overflow hazard in
-
v4.2.5 Changes
November 15, 2021 -
v4.2.4 Changes
October 20, 2021Manager
๐ Fixed
- Prevented files belonging to deleted agents from remaining in the manager. (#9158)
- ๐ Fixed inaccurate agent group file cleanup in the database sync module. (#10432)
- Prevented the manager from corrupting the agent data integrity when the disk gets full. (#10479)
- ๐ Fixed a resource leak in Vulnerability Detector when scanning Windows agents. (#10559)
- ๐ Stop deleting agent related files in cluster process when an agent is removed from
client.keys
. (#9061)
-
v4.2.3 Changes
October 06, 2021Manager
๐ Fixed
- ๐ Fixed a bug in Remoted that might lead it to crash when retrieving an agent's group. (#10388)
-
v4.2.2 Changes
September 28, 2021Manager
๐ Changed
- Clean up the agent's inventory data on the manager if Syscollector is disabled. (#9133)
- Authd now refuses enrollment attempts if the agent already holds a valid key. (#9779)
๐ Fixed
- ๐ Fixed a false positive in Vulnerability Detector when packages have multiple conditions in the OVAL feed. (#9647)
- Prevented pending agents from keeping their state indefinitely in the manager. (#9042)
- ๐ Fixed Remoted to avoid agents in connected state with no group assignation. (#9088)
- ๐ Fixed a bug in Analysisd that ignored the value of the rule option
noalert
. (#9278) - ๐ Fixed Authd's startup to set up the PID file before loading keys. (#9378)
- ๐ Fixed a bug in Authd that delayed the agent timestamp update when removing agents. (#9295)
- ๐ Fixed a bug in Wazuh DB that held wrong agent timestamp data. (#9705)
- ๐ Fixed a bug in Remoted that kept deleted shared files in the multi-groups' merged.mg file. (#9942)
- ๐ Fixed a bug in Analysisd that overwrote its queue socket when launched in test mode. (#9987)
- ๐ Fixed a condition in the Windows Vulnerability Detector to prevent false positives when evaluating DU patches. (#10016)
- ๐ Fixed a memory leak when generating the Windows report in Vulnerability Detector. (#10214)
- ๐ Fixed a file descriptor leak in Analysisd when delivering an AR request to an agent. (#10194)
Agent
๐ Changed
- ๐ Optimized Syscollector scan performance. (#9907)
- ๐ง Reworked the Google Cloud Pub/Sub integration module to increase the number of processed events per second allowing multithreading. Added new
num_threads
option to module configuration. (#9927) - โฌ๏ธ Upgraded google-cloud-pubsub dependency to the latest stable version (2.7.1). (#9964)
- ๐ง Reimplemented the WPK installer rollback on Linux. (#9443)
- โก๏ธ Updated AWS WAF implementation to change
httpRequest.headers
field format. (#10217)
๐ Fixed
- ๐ง Prevented the manager from hashing the shared configuration too often. (#9710)
- ๐ Fixed a memory leak in Logcollector when re-subscribing to Windows Eventchannel. (#9310)
- ๐ Fixed a memory leak in the agent when enrolling for the first time if it had no previous key. (#9967)
- โ Removed CloudWatchLogs log stream limit when there are more than 50 log streams. (#9934)
- ๐ Fixed a problem in the Windows installer that causes the agent to be unable to get uninstalled or upgraded. (#9897)
- ๐ Fixed AWS WAF log parsing when there are multiple dicts in one line. (#9775)
- ๐ Fixed a bug in AWS CloudWatch Logs module that caused already processed logs to be collected and reprocessed. (#10024)
- ๐ Avoid duplicate alerts from case-insensitive 32-bit registry values in FIM configuration for Windows agents. (#8256)
- ๐ Fixed error with Wazuh path in Azure module. (#10250)
- ๐ Fixed a bug in the sources and WPK installer that made upgrade unable to detect the previous installation on CentOS 7. (#10210)
RESTful API
๐ Changed
- ๐ง Made SSL ciphers configurable and renamed SSL protocol option. (#10219)
๐ Fixed
- ๐ Fixed a bug with distributed API calls when the cluster is disabled. (#9984)
-
v4.2.1 Changes
September 03, 2021 -
v4.2.0 Changes
August 25, 2021โ Added
Core:
- Added support for bookmarks in Logcollector, allowing to follow the log file at the point where the agent stopped. (#3368)
- Improved support for multi-line logs with a variable number of lines in Logcollector. (#5652)
- Added an option to limit the number of files per second in FIM. (#6830)
- Added a statistics file to Logcollector. Such data is also available via API queries. (#7109)
- Allow statistical data queries to the agent. (#7239)
- Allowed quoting in commands to group arguments in the command wodle and SCA checks. (#7307)
- Let agents running on Solaris send their IP to the manager. (#7408)
- New option
<ip_update_interval>
to set how often the agent refresh its IP address. (#7444) - Added support for testing location information in Wazuh Logtest. (#7661)
- Added Vulnerability Detector reports to Wazuh DB to know which CVEโs affect an agent. (#7731)
- Introduced an option to enable or disable listening Authd TLS port. (#8755)
API:
- Added new endpoint to get agent stats from different components. (#7200)
- Added new endpoint to modify users' allow_run_as flag. (#7588)
- Added new endpoint to get vulnerabilities that affect an agent. (#7647)
- Added API configuration validator. (#7803)
- Added the capability to disable the max_request_per_minute API configuration option using 0 as value. (#8115)
Ruleset:
- Decoders
- Added support for UFW firewall to decoders. (#7100)
- Added Sophos firewall Decoders (#7289)
- Added Wazuh API Decoders (#7289)
- Added F5 BigIP Decoders. (#7289)
- Rules
- Added Sophos firewall Rules (#7289)
- Added Wazuh API Rules (#7289)
- Added Firewall Rules
- Added F5 BigIp Rules. (#7289)
- SCA
- Added CIS policy "Ensure XD/NX support is enabled" back for SCA. (#7316)
- Added Apple MacOS 10.14 SCA (#7035)
- Added Apple MacOS 10.15 SCA (#7036)
- Added Apple MacOS 11.11 SCA (#7037)
๐ Changed
Cluster:
- Improved the cluster nodes integrity calculation process. It only calculates the MD5 of the files that have been modified since the last integrity check. (#8175)
- Changed the synchronization of agent information between cluster nodes to complete the synchronization in a single task for each worker. (#8182)
- Changed cluster logs to show more useful information. (#8002)
Core:
- Wazuh daemons have been renamed to a unified standard. (#6912)
- Wazuh CLIs have been renamed to a unified standard. (#6903)
- Wazuh internal directories have been renamed to a unified standard. (#6920)
- Prevent a condition in FIM that may lead to a memory error. (#6759)
- Let FIM switch to real-time mode for directories where who-data is not available (Audit in immutable mode). (#6828)
- Changed the Active Response protocol to receive messages in JSON format that include the full alert. (#7317)
- Changed references to the product name in logs. (#7264)
- Syscollector now synchronizes its database with the manager, avoiding full data delivery on each scan. (#7379)
- Remoted now supports both TCP and UDP protocols simultaneously. (#7541)
- Improved the unit tests for the os_net library. (#7595)
- FIM now removes the audit rules when their corresponding symbolic links change their target. (#6999)
- Compilation from sources now downloads the external dependencies prebuilt. (#7797)
- Added the old implementation of Logtest as
wazuh-logtest-legacy
. (#7807) - Improved the performance of Analysisd when running on multi-core hosts. (#7974)
- Agents now report the manager when they stop. That allows the manager to log an alert and immediately set their state to "disconnected". (#8021)
- Wazuh building is now independent from the installation directory. (#7327)
- The embedded python interpreter is provided in a preinstalled, portable package. (#7327)
- Wazuh resources are now accessed by a relative path to the installation directory. (#7327)
- The error log that appeared when the agent cannot connect to SCA has been switched to warning. (#8201)
- The agent now validates the Audit connection configuration when enabling whodata for FIM on Linux. (#8921)
API:
- Removed ruleset version from
GET /cluster/{node_id}/info
andGET /manager/info
as it was deprecated. (#6904) - Changed the
POST /groups
endpoint to specify the group name in a JSON body instead of in a query parameter. (#6909) - Changed the
PUT /active-response
endpoint function to create messages with the new JSON format. (#7312) - New parameters added to
DELETE /agents
endpoint andolder_than
field removed from response. (#6366) - Changed login security controller to avoid errors in Restful API reference links. (#7909)
- Changed the PUT /agents/group/{group_id}/restart response format when there are no agents assigned to the group. (#8123)
- Agent keys used when adding agents are now obscured in the API log. (#8149)
- Improved all agent restart endpoints by removing active-response check. (#8457)
- Improved API requests processing time by applying cache to token RBAC permissions extraction. It will be invalidated if any resource related to the token is modified. (#8615)
- Increased to 100000 the maximum value accepted for
limit
API parameter, default value remains at 500. (#8841)
- Removed ruleset version from
Framework:
- Improved agent insertion algorithm when Authd is not available. (#8682)
Ruleset:
- The ruleset was normalized according to the Wazuh standard. (#6867)
- Rules
- Changed Ossec Rules. (#7260)
- Changed Cisco IOS Rules. (#7289)
- Changed ID from 51000 to 51003 in Dropbear Rules. (#7289)
- Changed 6 new rules for Sophos Rules. (#7289)
- Decoders
- Changed Active Response Decoders. (#7317)
- Changed Auditd Decoders. (#7289)
- Changed Checkpoint Smart1 Decoders. (#8676)
- Changed Cisco ASA Decoders. (#7289)
- Changed Cisco IOS Decoders. (#7289)
- Changed Kernel Decoders. (#7837)
- Changed OpenLDAP Decoders. (#7289)
- Changed Ossec Decoders. (#7260)
- Changed Sophos Decoders. (#7289)
- Changed PFsense Decoders. (#7289)
- Changed Panda PAPS Decoders. (#8676)
External dependencies:
๐ Fixed
Cluster:
- Fixed memory usage when creating cluster messages. (#6736)
- Fixed a bug when unpacking incomplete headers in cluster messages. (#8142)
- Changed error message to debug when iterating a file listed that is already deleted. (#8499)
- Fixed cluster timeout exceptions. (#8901)
- Fixed unhandled KeyError when an error command is received in any cluster node. (#8872)
- Fixed unhandled cluster error in send_string() communication protocol. (#8943)
Core:
- Fixed a bug in FIM when setting scan_time to "12am" or "12pm". (#6934)
- Fixed a bug in FIM that produced wrong alerts when the file limit was reached. (#6802)
- Fixed a bug in Analysisd that reserved the static decoder field name "command" but never used it. (#7105)
- Fixed evaluation of fields in the tag
<description>
of rules. (#7073) - Fixed bugs in FIM that caused symbolic links to not work correctly.ย (#6789)
- Fixed path validation in FIM configuration. (#7018)
- Fixed a bug in the "ignore" option on FIM where relative paths were not resolved. (#7018)
- Fixed a bug in FIM that wrongly detected that the file limit had been reached. (#7268)
- Fixed a bug in FIM that did not produce alerts when a domain user deleted a file. (#7265)
- Fixed Windows agent compilation with GCC 10. (#7359)
- Fixed a bug in FIM that caused to wrongly expand environment variables. (#7332)
- Fixed the inclusion of the rule description in archives when matched a rule that would not produce an alert. (#7476)
- Fixed a bug in the regex parser that did not accept empty strings. (#7495)
- Fixed a bug in FIM that did not report deleted files set with real-time in agents on Solaris. (#7414)
- Fixed a bug in Remoted that wrongly included the priority header in syslog when using TCP. (#7633)
- Fixed a stack overflow in the XML parser by limiting 1024 levels of recursion. (#7782)
- Prevented Vulnerability Detector from scanning all the agents in the master node that are connected to another worker. (#7795)
- Fixed an issue in the database sync module that left dangling agent group files. (#7858)
- Fixed memory leaks in the regex parser in Analysisd. (#7919)
- Fixed a typo in the initial value for the hotfix scan ID in the agents' database schema. (#7905)
- Fixed a segmentation fault in Vulnerability Detector when parsing an unsupported package version format. (#8003)
- Fixed false positives in FIM when the inode of multiple files change, due to file inode collisions in the engine database. (#7990)
- Fixed the error handling when wildcarded Redhat feeds are not found. (#6932)
- Fixed the
equals
comparator for OVAL feeds in Vulnerability Detector. (#7862) - Fixed a bug in FIM that made the Windows agent crash when synchronizing a Windows Registry value that starts with a colon (
:
). (#8098 #8143) - Fixed a starving hazard in Wazuh DB that might stall incoming requests during the database commitment. (#8151)
- Fixed a race condition in Remoted that might make it crash when closing RID files. (#8224)
- Fixed a descriptor leak in the agent when failed to connect to Authd. (#8789)
- Fixed a potential error when starting the manager due to a delay in the creation of Analysisd PID file. (#8828)
- Fixed an invalid memory access hazard in Vulnerability Detector. (#8551)
- Fixed an error in the FIM decoder at the manager when the agent reports a file with an empty ACE list. (#8571)
- Prevented the agent on macOS from getting corrupted after an operating system upgrade. (#8620)
- Fixed an error in the manager that could not check its configuration after a change by the API when Active response is disabled. (#8357)
- Fixed a problem in the manager that left remote counter and agent group files when removing an agent. (#8630)
- Fixed an error in the agent on Windows that could corrupt the internal FIM databas due to disabling the disk sync. (#8905)
- Fixed a crash in Logcollector on Windows when handling the position of the file. (#9364)
- Fixed a buffer underflow hazard in Remoted when handling input messages. Thanks to Johannes Segitz (@jsegitz). (#9285)
- Fixed a bug in the agent that tried to verify the WPK CA certificate even when verification was disabled. (#9547)
API:
- Fixed wrong API messages returned when getting agents' upgrade results. (#7587)
- Fixed wrong
user
string in API logs when receiving responses with status codes 308 or 404. (#7709) - Fixed API errors when cluster is disabled and node_type is worker. (#7867)
- Fixed redundant paths and duplicated tests in API integration test mapping script. (#7798)
- Fixed an API integration test case failing in test_rbac_white_all and added a test case for the enable/disable run_as endpoint.(8014)
- Fixed a thread race condition when adding or deleting agents without authd (8148)
- Fixed CORS in API configuration. (#8496)
- Fixed api.log to avoid unhandled exceptions on API timeouts. (#8887)
Ruleset:
- Fixed usb-storage-attached regex pattern to support blank spaces. (#7837)
- Fixed SCA checks for RHEL7 and CentOS 7. Thanks to J. Daniel Medeiros (@jdmedeiros). (#7645)
- Fixed the match criteria of the AWS WAF rules. (#8111)
- Fixed sample log in sudo decoders.
- Fixed Pix Decoders match regex. (#7485)
- Fixed regex in Syslog Rules. (#7289)
- Fixed category in PIX Rules. (#7289)
- Fixed authentication tag in group for MSauth Rules. (#7289)
- Fixed match on Nginx Rules. (#7122)
- Fixed sample log on Netscaler Rules. (#7783)
- Fixed match field for rules 80441 and 80442 in Amazon Rules. (#8111)
- Fixed sample logs in Owncloud Rules. (#7122)
- Fixed authentication tag in group for Win Security Rules. (#7289)
- Fixed sample log in Win Security Rules. (#7783)
- Fixed sample log in Win Application Rules. (#7783)
- Fixed mitre block in Paloalto Rules. (#7783)
Modules:
- Fixed an error when trying to use a non-default aws profile with CloudWatchLogs (#9331)
โ Removed
-
v4.1.5 Changes
April 22, 2021๐ Fixed
- Core:
- Fixed a bug in Vulnerability Detector that made Modulesd crash while updating the NVD feed due to a missing CPE entry. (4cbd1e8)
- Core:
-
v4.1.4 Changes
March 25, 2021๐ Fixed
- Cluster:
- Fixed workers reconnection after restarting master node. Updated
asyncio.Task.all_tasks
method removed in Python 3.9. (#8017)
- Fixed workers reconnection after restarting master node. Updated
- Cluster: