Wazuh changelog

Changelog History

Page 7

• v3.11.0 Changes

  December 23, 2019

  ➕ Added

  • ➕ Add support to Windows agents for vulnerability detector. (#2787)
  • ➕ Add support to Debian 10 Buster for vulnerability detector (by @aderumier). (#4151)
  • 👉 Make the Wazuh service to start after the network systemd unit (by @VAdamec). (#1106)
  • ➕ Add process inventory support for Mac OS X agents. (#3322)
  • ➕ Add port inventory support for MAC OS X agents. (#3349)
  • 👉 Make Analysisd compile the CDB list upon start. (#3488)
  • 🆕 New rules option global_frequency to make frequency rules independent from the event source. (#3931)
  • ➕ Add a validation for avoiding agents to keep trying to connect to an invalid address indefinitely. (#3951)
  • ➕ Add the condition field of SCA checks to the agent databases. (#3631)
  • ⚠ Display a warning message when registering to an unverified manager. (#4207)
  • 👍 Allow JSON escaping for logs on Logcollector's output format. (#4273)
  • ➕ Add TCP keepalive support for Fluent Forwarder. (#4274)
  • ➕ Add the host's primary IP to Logcollector's output format. (#4380)

  🔄 Changed

  • 🌐 Now EventChannel alerts include the full message with the translation of coded fields. (#3320)
  • 🔄 Changed -G agent-auth description in help message. (#3856)
  • Unified the Makefile flags allowed values. (#4034)
  • Let Logcollector queue file rotation and keepalive messages. (#4222)
  • 🔄 Changed default paths for the OSQuery module in Windows agents. (#4148)
  • Fluent Forward now packs the content towards Fluentd into an object. (#4334)

  🛠 Fixed

  • 🛠 Fix frequency rules to be increased for the same agent by default. (#3931)
  • Fix protocol, system_name, data and extra_data static fields detection. (#3591)
  • 🛠 Fix overwriting agents by Authd when force option is less than 0. (#3527)
  • 🛠 Fix Syscheck nodiff option for substring paths. (#3015)
  • 🛠 Fix Logcollector wildcards to not detect directories as log files. (#3788)
  • 👉 Make Slack integration work with agentless alerts (by @dmitryax). (#3971)
  • 🛠 Fix bugs reported by Clang analyzer. (#3887)
  • 🛠 Fix compilation errors on OpenBSD platform. (#3105)
  • 🛠 Fix on-demand configuration labels section to obtain labels attributes. (#3490)
  • 🛠 Fixed race condition between wazuh-clusterd and wazuh-modulesd showing a 'No such file or directory' in cluster.log when synchronizing agent-info files in a cluster environment (#4007)
  • 🛠 Fixed 'ConnectionError object has no attribute code' error when package repository is not available (#3441)
  • 🛠 Fix the blocking of files monitored by Who-data in Windows agents. (#3872)
  • 🛠 Fix the processing of EventChannel logs with unexpected characters. (#3320)
  • 🌲 Active response Kaspersky script now logs the action request in active-responses.log (#2748)
  • 🛠 Fix service's installation path for CentOS 8. (#4060)
  • ➕ Add macOS Catalina to the list of detected versions. (#4061)
  • Prevent FIM from producing false negatives due to wrong checksum comparison. (#4066)
  • 🛠 Fix previous_output count for alerts when matching by group. (#4097)
  • 🛠 Fix event iteration when evaluating contextual rules. (#4106)
  • Fix the use of prefilter_cmd remotely by a new local option allow_remote_prefilter_cmd. (#4178 & 4194)
  • 🛠 Fix restarting agents by group using the API when some of them are in a worker node. (#4226)
  • 🛠 Fix error in Fluent Forwarder that requests an user and pass although the server does not need it. (#3910)
  • 🛠 Fix FTS data length bound mishandling in Analysisd. (#4278)
  • 🛠 Fix a memory leak in Modulesd and Agentd when Fluent Forward parses duplicate options. #4334)
  • 🛠 Fix an invalid memory read in Agentd when checking a remote configuration containing an invalid stanza inside <labels>. #4334)
  • 🛠 Fix error using force_reload and the eventchannel format in UNIX systems. #4294)

• v3.11.0-rc3

  October 18, 2019

• v3.11.0-rc2

  October 15, 2019

• v3.10.2 Changes

  September 23, 2019

  🛠 Fixed

  • 🛠 Fix error in Logcollector when reloading localfiles with timestamp wildcards. (#3995)

• v3.10.1 Changes

  September 19, 2019

  🛠 Fixed

  • 🛠 Fix error after removing a high volume of agents from a group using the Wazuh API. (#3907)
  • 🛠 Fix error in Remoted when reloading agent keys (busy resource). (#3988)
  • 🛠 Fix invalid read in Remoted counters. (#3989)

• v3.10.0 Changes

  September 16, 2019

  ➕ Added

  • ➕ Add framework function to obtain full summary of agents. (#3842)
  • SCA improvements. (#3286)
    • Refactor de SCA internal logic and policy syntax. (#3249)
    • Support to follow symbolic links. (#3228)
    • Add numerical comparator for SCA rules. (#3374)
    • Add SCA decoded events count to global stats. (#3623)
  • Extend duplicate file detection for LogCollector. (#3867)
  • ➕ Add HIPAA and NIST 800 53 compliance mapping as rule groups.(#3411 & #3420)
  • ➕ Add SCA compliance groups to rule groups in alerts. (#3427)
  • ➕ Add IPv6 loopback address to localhost list in DB output module (by @aquerubin). (#3140)
  • Accept ] and > as terminal prompt characters for Agentless. (#3209)

  🔄 Changed

  • 🔊 Modify logs for agent authentication issues by Remoted. (#3662)
  • 🌲 Make Syscollector logging messages more user-friendly. (#3397)
  • 0️⃣ Make SCA load by default all present policies at the default location. (#3607)
  • Increase IPSIZE definition for IPv6 compatibility (by @aquerubin). (#3259)
  • Replace local protocol definitions with Socket API definitions (by @aquerubin). (#3260)
  • 👌 Improved error message when some of required Wazuh daemons are down. Allow restarting cluster nodes except when ossec-execd is down. (#3496)
  • 👍 Allow existing aws_profile argument to work with vpcflowlogs in AWS wodle configuration. Thanks to Adam Williams (@awill1988). (#3729)

  🛠 Fixed

  • 🛠 Fix exception handling when using an invalid bucket in AWS wodle (#3652)
  • 🛠 Fix error message when an AWS bucket is empty (#3743)
  • 🛠 Fix error when getting profiles in custom AWS buckets (#3786)
  • 🛠 Fix SCA integrity check when switching between manager nodes. (#3884)
  • Fix alert email sending when no_full_log option is set in a rule. (#3174)
  • 🛠 Fix error in Windows who-data when handling the directories list. (#3883)
  • 🛠 Fix error in the hardware inventory collector for PowerPC architectures. (#3624)
  • 🛠 Fix the use of mutexes in the OS_Regex library. (#3533)
  • 🛠 Fix invalid read in the OS_Regex library. (#3815)
  • 🛠 Fix compilation error on FreeBSD 13 and macOS 10.14. (#3832)
  • 🛠 Fix typo in the license of the files. (#3779)
  • 🛠 Fix error in execd when upgrading agents remotely while auto-restarting. (#3437)
  • Prevent integrations from inheriting descriptors. (#3514)
  • ✅ Overwrite rules label fix and rules features tests. (#3414)
  • 🛠 Fix typo: replace readed with read. (#3328)
  • Introduce global mutex for Rootcheck decoder. (#3530)
  • 🛠 Fix errors reported by scan-build. (#3452 & #3785)
  • 🛠 Fix the handling of wm_exec() output.(#3486)
  • 🛠 Fix FIM duplicated entries in Windows. (#3504)
  • ✂ Remove socket deletion from epoll. (#3432)
  • 👍 Let the sources installer support NetBSD. (#3444)
  • 🛠 Fix error message from openssl v1.1.1. (#3413)
  • 🛠 Fix compilation issue for local installation. (#3339)
  • 🛠 Fix exception handling when /tmp have no permissions and tell the user the problem. (#3401)
  • 🛠 Fix who-data alerts when audit logs contain hex fields. (#3909)
  • ✂ Remove useless select() calls in Analysisd decoders. (#3964)

• v3.9.5 Changes

  August 08, 2019

  🛠 Fixed

  • Fixed a bug in the Framework that prevented Cluster and API from handling the file client.keys if it's mounted as a volume on Docker.
  • 🛠 Fixed a bug in Analysisd that printed the millisecond part of the alerts' timestamp without zero-padding. That prevented Elasticsearch 7 from indexing those alerts. (#3814)

• v3.9.4 Changes

  August 07, 2019

  🔄 Changed

  • 🏁 Prevent agent on Windows from including who-data on FIM events for child directories without who-data enabled, even if it's available. (#3601)
  • 🔧 Prevent Rootcheck configuration from including the <ignore> settings if they are empty. (#3634)
  • Wazuh DB will delete the agent DB-related files immediately when removing an agent. (#3691)

  🛠 Fixed

  • 🛠 Fixed bug in Remoted when correlating agents and their sockets in TCP mode. (#3602)
  • 🛠 Fix bug in the agent that truncated its IP address if it occupies 15 characters. (#3615)
  • Logcollector failed to overwrite duplicate <localfile> stanzas. (#3616)
  • 🆓 Analysisd could produce a double free if an Eventchannel message contains an invalid XML member. (#3626)
  • 🛠 Fixed defects in the code reported by Coverity. (#3627)
  • 🛠 Fixed bug in Analysisd when handling invalid JSON input strings. (#3648)
  • 🛠 Fix handling of SCA policies with duplicate ID in Wazuh DB. (#3668)
  • 🐳 Cluster could fail synchronizing some files located in Docker volumes. (#3669)
  • 🛠 Fix a handler leak in the FIM whodata engine for Windows. (#3690)
  • 🐳 The Docker listener module was storing and ignoring the output of the integration. (#3768)
  • 🛠 Fixed memory leaks in Syscollector for macOS agents. (#3795)
  • 🛠 Fix dangerous mutex initialization in Windows hosts. (#3805)

• v3.9.3 Changes

  July 08, 2019

  🔄 Changed

  • 🏁 Windows Eventchannel log collector will no longer report bookmarked events by default (those that happened while the agent was stopped). (#3485)
  • Remoted will discard agent-info data not in UTF-8 format. (#3581)

  🛠 Fixed

  • 🌲 Osquery integration did not follow the osquery results file (osqueryd.results.log) as of libc 2.28. (#3494)
  • ⚡️ Windows Eventchannnel log collector did not update the bookmarks so it reported old events repeatedly. (#3485)
  • The agent sent invalid info data in the heartbeat message if it failed to get the host IP address. (#3555)
  • 🔧 Modulesd produced a memory leak when being queried for its running configuration. (#3564)
  • Analysisd and Logtest crashed when trying rules having <different_geoip> and no <not_same_field> stanza. (#3587)
  • 📜 Vulnerability Detector failed to parse the Canonical's OVAL feed due to a syntax change. (#3563)
  • AWS Macie events produced erros in Elasticsearch. (#3608)
  • Rules with <list lookup="address_match_key" /> produced a false match if the CDB list file is missing. (#3609)
  • 🔧 Remote configuration was missing the <ignore> stanzas for Syscheck and Rootcheck when defined as sregex. (#3617)

• v3.9.2 Changes

  June 10, 2019

  ➕ Added

  • ➕ Added support for Ubuntu 12.04 to the SCA configuration template. (#3361)

  🔄 Changed

  • Prevent the agent from stopping if it fails to resolve the manager's hostname on startup. (#3405)
  • 🌲 Prevent Remoted from logging agent connection timeout as an error, now it's a debugging log. (#3426)

  🛠 Fixed

  • 🔧 A configuration request to Analysisd made it crash if the option <white_list> is empty. (#3383)
  • 🛠 Fixed error when uploading some configuration files through API in wazuh-docker environments. (#3335)
  • 🛠 Fixed error deleting temporary files during cluster synchronization. (#3379)
  • 🛠 Fixed bad permissions on agent-groups files synchronized via wazuh-clusterd. (#3438)
  • 🛠 Fixed bug in the database module that ignored agents registered with a network mask. (#3351)
  • 🛠 Fixed a memory bug in the CIS-CAT module. (#3406)
  • 🛠 Fixed a bug in the agent upgrade tool when checking the version number. (#3391)
  • 🛠 Fixed error checking in the Windows Eventchannel log collector. (#3393)
  • Prevent Analysisd from crashing at SCA decoder due to a race condition calling a thread-unsafe function. (#3466)
  • 🛠 Fix a file descriptor leak in Modulesd on timeout when running a subprocess. (#3470)
    • OpenSCAP.
    • CIS-CAT.
    • Command.
    • Azure.
    • SCA.
    • AWS.
    • Docker.
  • ⚡️ Prevent Modulesd from crashing at Vulnerability Detector when updating a RedHat feed. (3458)

• « First
• ‹ Prev
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• Next ›
• Last »