All Versions
87
Latest Version
Avg Release Cycle
29 days
Latest Release
57 days ago

Changelog History
Page 1

  • v4.3.9 Changes

    October 13, 2022

    Agent

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed remote policy detection in SCA. (#15007)
    • ๐Ÿ›  Fixed agent upgrade module settings parser to set a default CA file. (#15023)

    โœ‚ Removed

    • โœ‚ Removed obsolete Windows Audit SCA policy file. (#14497)

    Other

    ๐Ÿ”„ Changed

    • โšก๏ธ Updated external protobuf python dependency to 3.19.6. (#15067)
  • v4.3.8 Changes

    September 19, 2022

    Manager

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed wrong field assignation in Audit decoders (thanks to @pyama86). (#14752)
    • ๐Ÿ‘ท Prevented wazuh-remoted from cleaning the multigroup folder in worker nodes. (#14825)
    • ๐Ÿ›  Fixed rule skipping in wazuh-analysisd when the option if_sid is invalid. (#14772)

    Agent

    ๐Ÿ”„ Changed

    • โšก๏ธ Updated root CA certificate in agents to validate WPK upgrades. (#14842)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed a path traversal flaw in Active Response affecting agents from v3.6.1 to v4.3.7 (reported by @guragainroshan0). (#14801)
  • v4.3.7 Changes

    August 24, 2022

    Manager

    โž• Added

    • โž• Added cluster command to obtain custom ruleset files and their hash. (#14540)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed a bug in Analysisd that may make it crash when decoding regexes with more than 14 or-ed subpatterns. (#13956)
    • ๐Ÿ›  Fixed a crash hazard in Vulnerability Detector when parsing OVAL feeds. (#14366)
    • ๐Ÿ›  Fixed busy-looping in wazuh-maild when monitoring alerts.json. (#14436)
    • ๐Ÿ›  Fixed a segmentation fault in wazuh-maild when parsing alerts exceeding the nesting limit. (#14417)

    Agent

    ๐Ÿ”„ Changed

    • ๐Ÿ‘Œ Improved Office365 integration module logs. (#13958)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed a code defect in the GitHub integration module reported by Coverity. (#14368)
    • ๐Ÿ›  Fixed an undefined behavior in the agent unit tests. (#14518)

    RESTful API

    โž• Added

    • โž• Added endpoint GET /cluster/ruleset/synchronization to check ruleset synchronization status in a cluster. (#14551)

    ๐Ÿ”„ Changed

    • ๐Ÿ‘Œ Improved performance for MITRE API endpoints. (#14208)

    Ruleset

    โž• Added

    • โž• Added SCA Policy for CIS Microsoft Windows 11 Enterprise Benchmark v1.0.0. (#13806)
    • โž• Added SCA Policy for CIS Microsoft Windows 10 Enterprise Release 21H2 Benchmark v1.12.0. (#13879)
    • โž• Added SCA policy for Red Hat Enterprise Linux 9 (RHEL9). (#13843)
    • โž• Added SCA policy for CIS Microsoft Windows Server 2022 Benchmark 1.0.0. (#13899)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed rule regular expression bug on Ubuntu 20.04 Linux SCA policy control ID 19137. (#14513)
    • ๐Ÿ›  Fixed AWS Amazon Linux SCA policy. Fixed bug when wazuh-agent tries to run the policy. (#14483)
    • ๐Ÿ›  Fixed AWS Amazon Linux 2 SCA policy. Limit journalctl to kernel events and only since boot. (#13950)
    • โž• Added missing SCA files during Wazuh-manager installation. (#14482)
    • ๐Ÿ›  Fixed OS detection in Ubuntu 20.04 LTS SCA policy. (#14678)
  • v4.3.6 Changes

    July 20, 2022
    • โž• Added support for Ubuntu 22 (Jammy) in Vulnerability Detector. (#14085)
    • โž• Addded support for Red Hat 9 in Vulnerability Detector. (#14117)

    ๐Ÿ”„ Changed

    • ๐Ÿ‘Œ Improved the shared configuration file handling performance in wazuh-remoted. (#14111)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed potential memory leaks in Vulnerability Detector when parsing OVAL with no criteria. (#14098)
    • ๐Ÿ›  Fixed a bug in Vulnerability Detector that skipped Windows 8.1 and Windows 8 agents. (#13957)
    • ๐Ÿ›  Fixed a bug in wazuh-db that stored duplicate Syscollector package data. (#14061)

    Agent

    ๐Ÿ”„ Changed

    • โšก๏ธ Updated macOS codename list in Syscollector. (#13837)
    • ๐Ÿ‘Œ Improved GitHub and Office365 integrations log messages. (#14093)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed agent shutdown when syncing Syscollector data. (#13941)
    • ๐Ÿ›  Fixed a bug in the agent installer that misdetected the wazuh username. (#14207)
    • ๐Ÿ›  Fixed macOS vendor data retrieval in Syscollector. (#14100)
    • ๐Ÿ›  Fixed a bug in the Syscollector data sync when the agent gets disconnected. (#14106)
    • ๐Ÿ›  Fixed a crash in the Windows agent caused by the Syscollector SMBIOS parser for Windows agents. (#13980)

    RESTful API

    ๐Ÿ›  Fixed

    • ๐Ÿ‘ป Return an exception when the user asks for agent inventory information where there is no database for it, such as never_connected agents. (#14152)

    Ruleset

    โž• Added

    • โž• Added Ubuntu Linux 22.04 SCA Policy. (#13893)
    • โž• Added Apple macOS 12.0 Monterey SCA Policy. (#13905)

    Other

    ๐Ÿ”„ Changed

    • ๐ŸŒฒ Disabled filebeat logging metrics. (#14121)
  • v4.3.5 Changes

    June 29, 2022

    Manager

    ๐Ÿ”„ Changed

    • ๐Ÿ‘Œ Improved the Vulnerability Detector's log when the agent's OS data is unavailable. (#13915)

    ๐Ÿ›  Fixed

    • โฌ†๏ธ The upgrade module's response message has been fixed not to include null values. (#13662)
    • ๐Ÿ›  Fixed a string truncation warning log in wazuh-authd when enabling password authentication. (#13863)
    • ๐Ÿ›  Fixed a memory leak in wazuh-analysisd when overwriting a rule multiple times. (#13587)
    • Prevented wazuh-agentd and client-auth from performing enrollment if the agent fails to validate the manager's certificate. (#13907)
    • ๐Ÿ›  Fixed manager's compilation when enabling GeoIP support. (#13694)
    • ๐Ÿ›  Fixed a crash in wazuh-modulesd when getting stopped while downloading a Vulnerability Detector feed. (#13883)

    Agent

    ๐Ÿ”„ Changed

    • ๐Ÿ“ฆ Extended package data support in Syscollector for modern RPM agents. (#13749)
    • ๐Ÿ‘Œ Improved verbosity of the GitHub module logs. (#13898)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed agent auto-restart on shared configuration changes when running on containerized environments. (#13606)
    • ๐Ÿ›  Fixed an issue when attempting to run the DockerListener integration using Python 3.6 and having the Docker service stopped. (#13880)

    RESTful API

    ๐Ÿ›  Fixed

    • โšก๏ธ Updated tag parameter of GET /manager/logs and GET /cluster/{node_id}/logs endpoints to accept any string. (#13867)

    Ruleset

    ๐Ÿ›  Fixed

    • โœ… Solved Eventchannel testing and improved reporting capabilities of the runtest tool. (#13597)
    • ๐Ÿง Modified Amazon Linux 2 SCA policy to resolve a typo on control 1.1.22 and EMPTY_LINE conditions. (#13781)
    • ๐Ÿง Modified Amazon Linux 2 SCA policy to resolve the rule and condition on control 1.5.2. (#13950)

    โœ‚ Removed

    • โœ‚ Removed deprecated MITRE tags in rules. (#13567)

    Other

    ๐Ÿ”„ Changed

    • Fixed test_agent_PUT_endpoints.tavern.yaml API integration test failure in numbered branches. (#13811)
    • โฌ†๏ธ Upgraded external click and clickclick python dependencies to 8.1.3 and 20.10.2 respectively. ([13790]([https://github.com/wazuh/wazuh/pull/13790))
  • v4.3.4 Changes

    June 09, 2022

    Manager

    ๐Ÿ”„ Changed

    • Integratord now tries to read alerts indefinitely, instead of performing 3 attempts. (#13437)
    • โž• Adds a timeout for remote queries made by the Office 365, GitHub, and Agent Update modules. (#13626)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed bug in agent_groups CLI when removing agent groups. (#13621)
    • ๐Ÿ›  Fixed linux compilation errors with GCC 12. (#13459)
    • ๐Ÿ›  Fixed a crash in wazuh-analysisd when overwriting a rule with a configured active response. (#13604)
    • ๐Ÿ›  Fixed a crash in wazuh-db when it cannot open a database file. (#13666)
    • ๐Ÿ›  Fixed the vulnerability feed parsing mechanism, now truncates excessively long values (This problem was detected during Ubuntu Bionic feed update). (#13566)
    • ๐Ÿ›  Fixed a crash in wazuh-maild when parsing an alert with no full log and containing arrays of non-strings. #13679)

    RESTful API

    ๐Ÿ›  Fixed

    • โšก๏ธ Updated default timeouts for GET /mitre/software and GET /mitre/techniques to avoid timing out in slow environments. (#13550)

    Ruleset

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed the prematch criteria of sshd-disconnect decoder. (#13560)
  • v4.3.3 Changes

    May 31, 2022

    Manager

    ๐Ÿ›  Fixed

    • ๐Ÿš€ Avoid creating duplicated client tags during deployment. (#13651)

    Agent

    ๐Ÿ›  Fixed

    • ๐Ÿ”ง Prevented Agentd from resetting its configuration on client block re-definition. (#13642)
  • v4.3.2 Changes

    May 30, 2022

    Manager

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed a crash in Vuln Detector when scanning agents running on Windows. (#13616)
  • v4.3.1 Changes

    May 18, 2022

    Manager

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed a crash when overwrite rules are triggered. (#13439)
    • ๐Ÿ›  Fixed a memory leak when loading overwrite rules. (#13439)
    • ๐Ÿ›  Fixed the use of relationship labels in overwrite rules. (#13439)
    • ๐Ÿ›  Fixed regex used to transform into datetime in the logtest framework function. (#13430)

    RESTful API

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed API response when using sort in Agent upgrade related endpoints. (#13178)

    Ruleset

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed rule 92656, added field condition win.eventdata.logonType equals 10 to avoid false positives. (#13409)
  • v4.3.0 Changes

    May 05, 2022

    Manager

    โž• Added

    • โž• Added support for Arch Linux OS in Vulnerability Detector. Thanks to Aviel Warschawski (@avielw). (#8178)
    • โž• Added a log message in the cluster.log file to notify that wazuh-clusterd has been stopped. (#8749)
    • โž• Added message with the PID of wazuh-clusterd process when launched in foreground mode. (#9077)
    • โž• Added time calculation when extra information is requested to the cluster_control binary. (#10492)
    • โž• Added a context variable to indicate origin module in socket communication messages. (#9209)
    • โž• Added unit tests for framework/core files to increase coverage. (#9733)
    • โž• Added a verbose mode in the wazuh-logtest tool. (#9204)
    • โž• Added Vulnerability Detector support for Amazon Linux. (#8830)
    • Introduced new option <force> to set the behavior when Authd finds conflicts on agent enrollment requests. (#10693)
    • โž• Added saniziters to the unit tests execution. (#9099)
    • Vulnerability Detector introduces vulnerability inventory. (#8237)
      • The manager will only deliver alerts when new vulnerabilities are detected in agents or when they stop applying.
    • โž• Added a mechanism to ensure the worker synchronization permissions is reset after a fixed period of time. (#11031)
    • Included mechanism to create and handle PID files for each child process of the API and cluster. (#11799)
    • โž• Added support for Windows 11 in Vulnerability Detector. (#12446)

    ๐Ÿ”„ Changed

    • ๐Ÿ”„ Changed the internal handling of agent keys in Remoted and Remoted to speed up key reloading. (#8083)
    • ๐Ÿ‘ The option <server> of the Syslog output now supports hostname resolution. (#7885)
    • The product's UNIX user and group have been renamed to "wazuh". (#7763)
    • The MITRE database has been redesigned to provide full and searchable data. (#7865)
    • The static fields related to FIM have been ported to dynamic fields in Analysisd. (7358)
    • ๐Ÿ”„ Changed all randomly generated IDs used for cluster tasks. Now, uuid4 is used to ensure IDs are not repeated. (8351)
    • ๐Ÿ‘Œ Improved sendsync error log to provide more details of the used parameters. (#8873)
    • ๐Ÿ”„ Changed walk_dir function to be iterative instead of recursive. (#9708)
    • ๐Ÿ”จ Refactored Integrity sync behavior so that new synchronizations do not start until extra-valid files are processed. (#10183)
    • ๐Ÿ”„ Changed cluster synchronization, now the content of the etc/shared folder is synchronized. (#10101)
    • ๐Ÿ”„ Changed all XML file loads. Now, defusedxml library is used to avoid possible XML-based attacks. (8351)
    • ๐Ÿ”„ Changed configuration validation from execq socket to com socket. (#8535)
    • โšก๏ธ Updated utils unittest to improve process_array function coverage. (#8392)
    • ๐Ÿ”„ Changed request_slice calculation to improve efficiency when accessing wazuh-db data. (#8885)
    • ๐Ÿ‘Œ Improved the retrieval of information from wazuh-db so it reaches the optimum size in a single iteration. (#9273)
    • โšก๏ธ Optimized the way framework uses context cached functions and added a note on context_cached docstring. (#9234)
    • ๐Ÿ‘Œ Improved framework regexes to be more specific and less vulnerable. (#9332)
    • Unified framework exceptions for non-active agents. (#9423)
    • ๐Ÿ”„ Changed RBAC policies to case insensitive. (#9433)
    • ๐Ÿ”จ Refactored framework stats module into SDK and core components to comply with Wazuh framework code standards. (#9548)
    • โฌ†๏ธ Changed the size of the agents chunks sent to the upgrade socket to make the upgrade endpoints faster. (#10309)
    • ๐Ÿ”จ Refactored rootcheck and syscheck SDK code to make it clearer. (#9408)
    • ๐Ÿ”Š Adapted Azure-logs module to use Microsoft Graph API instead of Active Directory Graph API. (#9738)
    • Analysisd now reconnects to Active Response if Remoted or Execd get restarted. (#8060)
    • ๐Ÿ‘ Agent key polling now supports cluster environments. (#10335)
    • ๐Ÿ‘ Extended support of Vulnerability Detector for Debian 11 (Bullseye). (#10357)
    • ๐Ÿ‘Œ Improved Remoted performance with an agent TCP connection sending queue. (#10326)
    • ๐Ÿ”€ Agent DB synchronization has been boosted by caching the last data checksum in Wazuh DB. (#9093)
    • โœ… Logtest now scans new ruleset files when loading a new session. (#8892)
    • CVE alerts by Vulnerability Detector now include the time of detection, severity, and score. (#8237)
    • ๐Ÿ›  Fixed manager startup when <database_output> is enabled. (#10849)
    • ๐Ÿ‘Œ Improved cluster performance using multiprocessing.
      • Changed the cluster local_integrity task to run in a separate process to improve overall performance. (#10767)
      • The cluster communication with the database for agent information synchronization runs in a parallel separate process. (#10807)
      • The cluster processing of the extra-valid files in the master node is carried out in a parallel separate process. (#10920)
      • The cluster's file compression task in the master node is carried out in a parallel separate process. (#11328)
      • Now the processing of Integrity files in worker nodes is carried out in a parallel separate process (#11364)
      • Use cluster and API single processing when the wazuh user doesn't have permissions to access /dev/shm. (#11386)
    • ๐Ÿ“‡ Changed the Ubuntu OVAL feed URL to security-metadata.canonical.com. (#12491)
    • Let Analysisd warn about missing rule dependencies instead of rejecting the ruleset. (#12652)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed a memory defect in Remoted when closing connection handles. (#8223)
    • ๐Ÿ›  Fixed a timing problem in the manager that might prevent Analysisd from sending Active responses to agents. (#7625)
    • ๐Ÿ›  Fixed a bug in Analysisd that did not apply field lookup in rules that overwrite other ones. (#8210)
    • Prevented the manager from leaving dangling agent database files. (#8902)
    • Corrected remediation message for error code 6004. (#8254)
    • ๐Ÿ›  Fixed a bug when deleting non-existing users or roles in the security SDK. (#8157)
    • ๐Ÿ›  Fixed a bug with agent.conf file permissions when creating an agent group. (#8418)
    • ๐Ÿ›  Fixed wrong exceptions with wdb pagination mechanism. (#8422)
    • ๐Ÿ›  Fixed error when loading some rules with the \ character. (#8747)
    • ๐Ÿ”„ Changed WazuhDBQuery class to properly close socket connections and prevent file descriptor leaks. (#9216)
    • ๐Ÿ›  Fixed error in the api configuration when using the agent_upgrade script. (#10320)
    • ๐Ÿ– Handle JSONDecodeError in Distributed API class methods. (#10341)
    • ๐Ÿ›  Fixed an issue with duplicated logs in Azure-logs module and applied several improvements to it. (#9738)
    • ๐Ÿ›  Fixed the query parameter validation to allow usage of special chars in Azure module. (#10680)
    • ๐Ÿ›  Fix a bug running wazuh-clusterd process when it was already running. (#8394)
    • ๐Ÿ‘ Allow cluster to send and receive messages with size higher than request_chunk. (#8732)
    • ๐Ÿ›  Fixed a bug that caused wazuh-clusterd process to not delete its pidfile when running in foreground mode and it is stopped. (#9077)
    • ๐Ÿ›  Fixed race condition due to lack of atomicity in the cluster synchronization mechanism. (#10376)
    • ๐Ÿ›  Fixed bug when displaying the dates of the cluster tasks that have not finished yet. Now n/a is displayed in these cases. (#10492)
    • ๐Ÿ›  Fixed missing field value_type in FIM alerts. (#9196)
    • ๐Ÿ›  Fixed a typo in the SSH Integrity Check script for Agentless. (#9292)
    • ๐Ÿ›  Fixed multiple race conditions in Remoted. (#10421)
    • ๐Ÿšš The manager's agent database has been fixed to prevent dangling entries from removed agents. (#10390)
    • ๐Ÿ›  Fixed the alerts generated by FIM when a lookup operation on an SID fails. (#9765)
    • ๐Ÿ›  Fixed a bug that caused cluster agent-groups files to be synchronized multiple times unnecessarily. (#10866)
    • ๐Ÿ›  Fixed an issue in Wazuh DB that compiled the SQL statements multiple times unnecessarily. (#10922)
    • ๐Ÿ›  Fixed a crash in Analysisd when setting Active Response with agent_id = 0. (#10948)
    • ๐Ÿ›  Fixed an uninitialized Blowfish encryption structure warning. (#11161)
    • ๐Ÿ›  Fixed a memory overrun hazard in Vulnerability Detector. (#11262)
    • ๐Ÿ›  Fixed a bug when using a limit parameter higher than the total number of objects in the wazuh-db queries. (#11282)
    • Prevented a false positive for MySQL in Vulnerability Detector. (#11440)
    • ๐Ÿ›  Fixed segmentation fault in Analysisd when setting the number of queues to zero. (#11448)
    • ๐Ÿ›  Fixed false positives in Vulnerability Detector when scanning OVAl for Ubuntu Xenial and Bionic. (#11440)
    • ๐Ÿ›  Fixed an argument injection hazard in the Pagerduty integration script. Reported by Jose Maria Zaragoza (@JoseMariaZ). (#11835)
    • ๐Ÿ›  Fixed memory leaks in the feed parser at Vulnerability Detector. (#11863)
      • Architecture data member from the RHEL 5 feed.
      • RHSA items containing no CVEs.
      • Unused RHSA data member when parsing Debian feeds.
    • ๐Ÿšฆ Prevented Authd from exiting due to a pipe signal if Wazuh DB gets closed. (#12368)
    • ๐Ÿ›  Fixed a buffer handling bug in Remoted that left the syslog TCP server stuck. (#12415)
    • ๐Ÿ›  Fixed a memory leak in Vulnerability Detector when discarding kernel packages. (#12644)
    • ๐Ÿ›  Fixed a memory leak at wazuh-logtest-legacy when matching a level-0 rule. (#12655)
    • ๐Ÿ›  Fixed a bug in the Vulnerability Detector CPE helper that may lead to produce false positives about Firefox ESR. (#13067)

    โœ‚ Removed

    • ๐Ÿ—„ The data reporting for Rootcheck scans in the agent_control tool has been deprecated. (#8399)
    • โœ‚ Removed old framework functions used to calculate agent status. (#8846)

    Agent

    โž• Added

    • โž• Added an option to allow the agent to refresh the connection to the manager. (#8016)
    • ๐Ÿ”Š Introduced a new module to collect audit logs from GitHub. (#8532)
    • ๐Ÿ FIM now expands wildcarded paths in the configuration on Windows agents. (8461)
    • FIM reloads wildcarded paths on full scans. (8754)
    • โž• Added new path_suffix option to AWS module configuration. (#8306)
    • โž• Added new discard_regex option to AWS module configuration. (8331)
    • โž• Added support for the S3 Server Access bucket type in AWS module. (#8482)
    • โž• Added support for Google Cloud Storage buckets using a new GCP module called gcp-bucket. (#9119)
    • โž• Added support for VPC endpoints in AWS module. (#9420)
    • โž• Added support for GCS access logs in the GCP module. (#9279)
    • โž• Added an iam role session duration parameter to AWS module. (#10198)
    • โž• Added support for variables in SCA policies. (#8826)
    • ๐Ÿ‘ FIM now fills an audit rule file to support who-data although Audit is in immutable mode. (#7721)
    • ๐Ÿ”Š Introduced an integration to collect audit logs from Office365. (#8957)
    • โž• Added a new field DisplayVersion to Syscollector to help Vulnerability Detector match vulnerabilities for Windows. (#10168)
    • โž• Added support for macOS agent upgrade via WPK. (#10148)
    • โž• Added Logcollector support for macOS logs (Unified Logging System). (#8632)

    ๐Ÿ”„ Changed

    • The agent now reports the version of the running AIX operating system to the manager. (#8381)
    • ๐Ÿ‘Œ Improved the reliability of the user ID parsing in FIM who-data mode on Linux. (#8604)
    • ๐Ÿ”Š Extended support of Logcollector for MySQL 4.7 logs. Thanks to @YoyaYOSHIDA. (#5047)
    • Agents running on FreeBSD and OpenBSD now report their IP address. (#9887)
    • โฌ‡๏ธ Reduced verbosity of FIM debugging logs. (#8202)
    • The agent's IP resolution frequency has been limited to prevent high CPU load. (#9992)
    • โšก๏ธ Syscollector has been optimized to use lees memory. (#10236)
    • โž• Added support of ZscalerOS system information in the agent. (#10337)
    • ๐Ÿš‘ Syscollector has been extended to collect missing Microsoft product hotfixes. (#10259)
    • โšก๏ธ Updated the osquery integration to find the new osqueryd location as of version 5.0. (#10396)
    • The internal FIM data handling has been simplified to find files by their path instead of their inode. (#9123)
    • ๐Ÿ Reimplemented the WPK installer rollback on Windows. (#9764)
    • ๐Ÿ Active responses for Windows agents now support native fields from Eventchannel. (#10208)
    • ๐Ÿ”Š Error logs by Logcollector when a file is missing have been changed to info logs. (#10651)
    • ๐Ÿ The agent MSI installer for Windows now detects the platform version to install the default configuration. (#8724)
    • ๐Ÿ”Š Agent logs for inability to resolve the manager hostname now have info level. (#3659)
    • โž• Added ID number to connection enrollment logs. (#11276)
    • ๐Ÿ”Š Standardized the use of the only_logs_after parameter in the external integration modules. (#10838)
    • โšก๏ธ Updated DockerListener integration shebang to python3 for Wazuh agents. (#12150)
    • โšก๏ธ Updated the Windows installer ico and png assets to the new logo. (#12779)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed a bug in FIM that did not allow monitoring new directories in real-time mode if the limit was reached at some point. (#8784)
    • ๐Ÿ›  Fixed a bug in FIM that threw an error when a query to the internal database returned no data. (#8941)
    • ๐Ÿ›  Fixed an error where the IP address was being returned along with the port for Amazon NLB service.(#8362)
    • ๐Ÿ›  Fixed AWS module to properly handle the exception raised when processing a folder without logs. (#8372
    • ๐Ÿ›  Fixed a bug with AWS module when pagination is needed in the bucket. (#8433)
    • ๐Ÿ›  Fixed an error with the ipGeoLocation field in AWS Macie logs. (#8672)
    • ๐Ÿ”„ Changed an incorrect debug message in the GCloud integration module. (#10333)
    • ๐Ÿ›  Data race conditions have been fixed in FIM. (#7848)
    • ๐Ÿ›  Fixed wrong command line display in the Syscollector process report on Windows. (#10011)
    • Prevented Modulesd from freezing if Analysisd or Agentd get stopped before it. (#10249)
    • ๐Ÿ›  Fixed wrong keepalive message from the agent when file merged.mg is missing. (#10405)
    • ๐Ÿ›  Fixed missing logs from the Windows agent when it's getting stopped. (#10381)
    • ๐Ÿ›  Fixed missing packages reporting in Syscollector for macOS due to empty architecture data. (#10524)
    • ๐Ÿ›  Fixed FIM on Linux to parse audit rules with multiple keys for who-data. (#7506)
    • ๐Ÿ›  Fixed Windows 11 version collection in the agent. (#10639)
    • ๐Ÿ›  Fixed missing Eventchannel location in Logcollector configuration reporting. (#10602)
    • โšก๏ธ Updated CloudWatch Logs integration to avoid crashing when AWS raises Throttling errors. (#10794)
    • ๐Ÿ›  Fixed AWS modules' log file filtering when there are logs with and without a prefix mixed in a bucket. (#10718)
    • ๐Ÿ›  Fixed a bug on the installation script that made upgrades not to update the code of the external integration modules. (#10884)
    • ๐Ÿ›  Fixed issue with AWS integration module trying to parse manually created folders as if they were files. (#10921)
    • ๐Ÿ›  Fixed installation errors in OS with no subversion. (#11086)
    • ๐Ÿ›  Fixed a typo in an error log about enrollment SSL certificate. (#11115)
    • ๐Ÿ›  Fixed unit tests for Windows agent when built on MinGW 10. (#11121)
    • ๐Ÿ›  Fixed Windows agent compilation warnings. (#10942)
    • ๐Ÿ›  Fixed the OS version reported by the agent on OpenSUSE Tumbleweed. (#11207)
    • ๐Ÿง Prevented Syscollector from truncating the open port inode numbers on Linux. (#11329)
    • ๐Ÿ›  Fixed agent auto-restart on configuration changes when started via wazuh-control on a Systemd based Linux OS. (#11365)
    • ๐Ÿ›  Fixed a bug in the AWS module resulting in unnecessary API calls when trying to obtain the different Account IDs for the bucket. (#10952)
    • ๐Ÿ›  Fixed Azure integration's configuration parsing to allow omitting optional parameters. (#11278)
    • ๐Ÿ›  Fixed Azure Storage credentials validation bug. (#11296)
    • ๐Ÿ›  Fixed the read of the hostname in the installation process for openSUSE. (#11455)
    • ๐Ÿ›  Fixed the graceful shutdown when agent loses connection. (#11425)
    • ๐Ÿ›  Fixed error "Unable to set server IP address" on the Windows agent. (#11736)
    • ๐Ÿ›  Fixed reparse option in the AWS VPCFlow and Config integrations. (#11608)
    • โœ‚ Removed unnecessary calls to the AWS API made by the VPCFlow and Config integration modules. (#11644)
    • ๐Ÿ›  Fixed how the AWS Config module parses the dates used to request logs from AWS. (#12324)
    • ๐Ÿ”Š Let Logcollector audit format parse logs with a custom name_format. (#12676)
    • ๐Ÿ›  Fixed Agent bootstrap issue that might lead to startup timeout when it cannot resolve a manager hostname. (#12704)
    • ๐Ÿ›  Fixed a bug in the agent's leaky bucket throughput regulator that could leave it stuck if the time is advanced on Windows. (#13088)

    โœ‚ Removed

    • โœ‚ Removed oscap module files as it was already deprecated since v4.0.0. (#10900)

    RESTful API

    โž• Added

    • โž• Added new PUT /agents/reconnect endpoint to force agents reconnection to the manager. (#7988)
    • โž• Added select parameter to the GET /security/users, GET /security/roles, GET /security/rules and GET /security/policies endpoints. (#6761)
    • โž• Added type and status filters to GET /vulnerability/{agent_id} endpoint. (#8100)
    • โž• Added an option to configure SSL ciphers. (#7490)
    • โž• Added an option to configure the maximum response time of the API. (#8919)
    • โž• Added new DELETE /rootcheck/{agent_id} endpoint. (#8945)
    • Added new GET /vulnerability/{agent_id}/last_scan endpoint to check the latest vulnerability scan of an agent. (#9028)
    • โž• Added new cvss and severity fields and filters to GET /vulnerability/{agent_id} endpoint. (#9028)
    • โž• Added an option to configure the maximum allowed API upload size. (#9100)
    • โž• Added new unit and integration tests for API models. (#9142)
    • โž• Added message with the PID of wazuh-apid process when launched in foreground mode. (#9077)
    • โž• Added external id, source and url to the MITRE endpoints responses. (#9144)
    • โž• Added custom healthchecks for legacy agents in API integration tests, improving maintainability. (#9297)
    • โž• Added new unit tests for the API python module to increase coverage. (#9914)
    • โž• Added docker logs separately in API integration tests environment to get cleaner reports. (#10238)
    • โž• Added new disconnection_time field to GET /agents response. (#10437)
    • โž• Added new filters to agents upgrade endpoints. (#10457)
    • โž• Added new API endpoints to access all the MITRE information. (#8288)
    • ๐Ÿ‘‰ Show agent-info permissions flag when using cluster_control and in the GET /cluster/healthcheck API endpoint. (#10947)
    • ๐Ÿ’พ Save agents' ossec.log if an API integration test fails. (#11931)
    • โž• Added POST /security/user/authenticate/run_as endpoint to API bruteforce blocking system. (#12085)
    • โž• Added new API endpoint to obtain summaries of agent vulnerabilities' inventory items. (#12638)
    • โšก๏ธ Added fields external_references, condition, title, published and updated to GET /vulnerability/{agent_id} API endpoint. (#12727)
    • โž• Added the possibility to include strings in brackets in values of the q parameter. (#13262)

    ๐Ÿ”„ Changed

    • ๐Ÿ”ง Renamed SSL protocol configuration parameter. (#7490)
    • โšก๏ธ Reviewed and updated API spec examples and JSON body examples. (#8827)
    • ๐Ÿ‘Œ Improved the performance of several API endpoints. This is specially appreciable in environments with a big number of agents.
      • Improved PUT /agents/group endpoint. (#8937)
      • Improved PUT /agents/restart endpoint. (#8938)
      • Improved DELETE /agents endpoint. (#8950)
      • Improved PUT /rootcheck endpoint. (#8959)
      • Improved PUT /syscheck endpoint. (#8966)
      • Improved DELETE /groups endpoint and changed API response to be more consistent. (#9046)
    • ๐Ÿ”„ Changed DELETE /rootcheck endpoint to DELETE /experimental/rootcheck. (#8945)
    • โฌ‡๏ธ Reduced the time it takes for wazuh-apid process to check its configuration when using the -t parameter. (#9012)
    • ๐Ÿ›  Fixed malfunction in the sort parameter of syscollector endpoints. (#9019)
    • ๐Ÿ‘Œ Improved API integration tests stability when failing in entrypoint. (#9113)
    • โœ… Made SCA API integration tests dynamic to validate responses coming from any agent version. (#9228)
    • ๐Ÿ”จ Refactored and standardized all the date fields in the API responses to use ISO8601. (#9227)
    • โœ‚ Removed Server header from API HTTP responses. (#9263)
    • ๐Ÿ‘Œ Improved JWT implementation by replacing HS256 signing algorithm with RS256. (#9371)
    • โœ‚ Removed limit of agents to upgrade using the API upgrade endpoints. (#10009)
    • ๐Ÿ”„ Changed Windows agents FIM responses to return permissions as JSON. (#10158)
    • Adapted API endpoints to changes in wazuh-authd daemon force parameter. (#10389)
    • Deprecated use_only_authd API configuration option and related functionality. wazuh-authd will always be required for creating and removing agents. (#10512)
    • ๐Ÿ‘Œ Improved API validators and related unit tests. (#10745)
    • ๐Ÿ‘Œ Improved specific module healthchecks in API integration tests environment. (#10905)
    • ๐Ÿ”„ Changed thread pool executors for process pool executors to improve API availability. (#10916)
    • ๐Ÿ”„ Changed HTTPS options to use files instead of relative paths. (#11410)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed inconsistency in RBAC resources for group:create, decoders:update, and rules:update actions. (#8196)
    • ๐Ÿ›  Fixed the handling of an API error message occurring when Wazuh is started with a wrong ossec.conf. Now the execution continues and raises a warning. (8378)
    • ๐Ÿ›  Fixed a bug with sort parameter that caused a wrong response when sorting by several fields.(#8548)
    • ๐Ÿ›  Fixed the description of force_time parameter in the API spec reference. (#8597)
    • ๐Ÿ›  Fixed API incorrect path in remediation message when maximum number of requests per minute is reached. (#8537)
    • ๐Ÿ›  Fixed agents' healthcheck error in the API integration test environment. (#9071)
    • ๐Ÿ›  Fixed a bug with wazuh-apid process handling of pidfiles when running in foreground mode. (#9077)
    • ๐Ÿ›  Fixed a bug with RBAC group_id matching. (#9192)
    • โœ‚ Removed temporal development keys and values from GET /cluster/healthcheck response. (#9147)
    • ๐Ÿ›  Fixed several errors when filtering by dates. (#9227)
    • ๐Ÿ›  Fixed limit in some endpoints like PUT /agents/group/{group_id}/restart and added a pagination method. (#9262)
    • ๐Ÿ›  Fixed bug with the search parameter resulting in invalid results. (#9320)
    • ๐Ÿ›  Fixed wrong values of external_id field in MITRE resources. (#9368)
    • ๐Ÿ›  Fixed how the API integration testing environment checks that wazuh-apid daemon is running before starting the tests. (#9399)
    • โž• Add healthcheck to verify that logcollector stats are ready before starting the API integration test. (#9777)
    • ๐Ÿ›  Fixed API integration test healthcheck used in the vulnerability test cases. (#10159)
    • ๐Ÿ›  Fixed an error with PUT /agents/node/{node_id}/restart endpoint when no agents are present in selected node. (#10179)
    • ๐Ÿ›  Fixed RBAC experimental API integration tests expecting a 1760 code in implicit requests. (#10322)
    • ๐Ÿ›  Fixed cluster race condition that caused API integration test to randomly fail. (#10289)
    • ๐Ÿ›  Fixed PUT /agents/node/{node_id}/restart endpoint to exclude exception codes properly. (#10619)
    • ๐Ÿ›  Fixed PUT /agents/group/{group_id}/restart endpoint to exclude exception codes properly. (#10666)
    • ๐Ÿ›  Fixed agent endpoints q parameter to allow more operators when filtering by groups. (#10656)
    • ๐Ÿ›  Fixed API integration tests related to rule, decoder and task endpoints. (#10830)
    • ๐Ÿ‘Œ Improved exceptions handling when starting the Wazuh API service. (#11411)
    • ๐Ÿ›  Fixed race condition while creating RBAC database. (#11598)
    • ๐Ÿ›  Fixed API integration tests failures caused by race conditions. (#12102)

    โœ‚ Removed

    • โœ‚ Removed select parameter from GET /agents/stats/distinct endpoint. (#8599)
    • โœ‚ Removed GET /mitre endpoint. (#8099)
    • ๐Ÿ”ง Deprecated the option to set log path in the configuration. (#11410)

    Ruleset

    โž• Added

    • โž• Added Carbanak detection rules. (#11306)
    • โž• Added Cisco FTD rules and decoders. (#11309)
    • โž• Added decoders for AWS EKS service. (#11284)
    • โž• Added F5 BIG IP ruleset. (#11394)
    • โž• Added GCP VPC Storage, Firewall and Flow rules. (#11191)
    • โž• Added Gitlab v12 ruleset. (#11323)
    • โž• Added Microsoft Exchange Server rules and decoders. (#11289)
    • โž• Added Microsoft Windows persistence by using registry keys detection. (#11390)
    • โž• Added Oracle Database 12c rules and decoders. (#11274)
    • โž• Added rules for Carbanak step 1.A - User Execution: Malicious File. (#8476)
    • โž• Added rules for Carbanak step 2.A - Local Discovery. (#11212)
    • โž• Added rules for Carbanak step 2.B - Screen Capture. (#9075)
    • โž• Added rules for Carbanak step 5.B - Lateral Movement via SSH. (#9097)
    • โž• Added rules for Carbanak step 9.A - User Monitoring. (#11342)
    • โž• Added rules for Cloudflare WAF. (#11373)
    • โž• Added ruleset for ESET Remote console. (#11013)
    • โž• Added ruleset for GITHUB audit logs. (#8532)
    • โž• Added ruleset for Palo Alto v8.X - v10.X. (#11137)
    • โž• Added SCA policy for Amazon Linux 1. (#11431)
    • โž• Added SCA policy for Amazon Linux 2. (#11480)
    • โž• Added SCA policy for apple macOS 10.14 Mojave. (#7035)
    • โž• Added SCA policy for apple macOS 10.15 Catalina. (#7036)
    • โž• Added SCA policy for macOS Big Sur. (#11454)
    • โž• Added SCA policy for Microsoft IIS 10. (#11250)
    • โž• Added SCA policy for Microsoft SQL 2016. (#11249)
    • โž• Added SCA policy for Mongo Database 3.6. (#11247)
    • โž• Added SCA policy for NGINX. (#11248)
    • โž• Added SCA policy for Oracle Database 19c. (#11245)
    • โž• Added SCA policy for PostgreSQL 13. (#11154)
    • โž• Added SCA policy for SUSE Linux Enterprise Server 15. (#11223)
    • โž• Added SCA policy for Ubuntu 14. (#11432)
    • โž• Added SCA policy for Ubuntu 16. (#11452)
    • โž• Added SCA policy for Ubuntu 18. (#11453)
    • โž• Added SCA policy for Ubuntu 20. (#11430)
    • โž• Added SCA policy for. Solaris 11.4. (#11286)
    • โž• Added Sophos UTM Firewall ruleset. (#11122)
    • โž• Added Wazuh-api ruleset. (#11357)

    ๐Ÿ”„ Changed

    • โšก๏ธ Updated audit rules. (#11016)
    • โšก๏ธ Updated AWS s3 ruleset. (#11177)
    • โšก๏ธ Updated Exim 4 decoder and rules to latest format. (#11344)
    • โšก๏ธ Updated MITRE DB with latest MITRE JSON specification. (#8738)
    • Updated multiple rules to remove alert_by_email option. (#11255)
    • โšก๏ธ Updated NextCloud ruleset. (#11795)
    • โšก๏ธ Updated ProFTPD decoder. (#11232)
    • โšก๏ธ Updated RedHat Enterprise Linux 8 SCA up to version 1.0.1. (#11242)
    • โšก๏ธ Updated rules and decoders for FortiNet products. (#11100)
    • โšก๏ธ Updated SCA policy for CentOS 7. (#11429)
    • โšก๏ธ Updated SCA policy for CentOS 8. (#8751)
    • โšก๏ธ Updated SonicWall rules decoder. (#11263)
    • โšก๏ธ Updated SSHD ruleset. (#11388)
    • ๐Ÿšš From file 0580-win-security_rules.xml, rules with id 60198 and 60199 are moved to file 0585-win-application_rules.xml, with rule ids 61071 and 61072 respectively. (#8552)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed bad character on rules 60908 and 60884 - win-application rules. (#11117)
    • ๐Ÿ›  Fixed Microsoft logs rules. (#11369)
    • ๐Ÿ›  Fixed PHP rules for MITRE and groups. (#11405)
    • ๐Ÿ›  Fixed rules id for Microsoft Windows Powershell. (#11214)

    Other

    ๐Ÿ”„ Changed

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed error detection in the CURL helper library. (#9168)
    • ๐Ÿ›  Fixed external BerkeleyDB library support for GCC 11. (#10899)
    • ๐Ÿ›  Fixed an installation error due to missing OS minor version on CentOS Stream. (#11086)
    • ๐Ÿ›  Fixed an installation error due to missing command hostname on OpenSUSE Tumbleweed. (#11455)