« Changelog History


Wazuh v3.9.0 Release Notes

Release Date: 2019-05-02 // about 5 years ago

  • ➕ Added

    • 🔒 New module to perform Security Configuration Assessment scans. (#2598)
    • New Logcollector features. (#2929)
      • Let Logcollector filter files by content. (#2796)
      • Added a pattern exclusion option to Logcollector. (#2797)
      • Let Logcollector filter files by date. (#2799)
      • Let logcollector support wildcards on Windows. (#2898)
    • Fluent forwarder for agents. (#2828)
    • 🏁 Collect network and port inventory for Windows XP/Server 2003. (#2464)
    • Included inventory fields as dynamic fields in events to use them in rules. (#2441)
    • Added an option startup_healthcheck in FIM so that the the who-data health-check is optional. (#2323)
    • The real agent IP is reported by the agent and shown in alerts and the App interface. (#2577)
    • ➕ Added support for organizations in AWS wodle. (#2627)
    • Added support for hot added symbolic links in Whodata. (#2466)
    • ➕ Added -t option to wazuh-clusterd binary (#2691).
    • Added options same_field and not_same_field in rules to correlate dynamic fields between events. (#2689)
    • ➕ Added optional daemons start by default. (#2769)
    • 🏁 Make the Windows installer to choose the appropriate ossec.conf file based on the System version. (#2773)
    • ➕ Added writer thread preference for Logcollector. (#2783)
    • ➕ Added database deletion from Wazuh-DB for removed agents. (#3123)

    🔄 Changed

    • 🐎 Introduced a network buffer in Remoted to cache incomplete messages from agents. This improves the performance by preventing Remoted from waiting for complete messages. (#2528)
    • 👌 Improved alerts about disconnected agents: they will contain the data about the disconnected agent, although the alert is actually produced by the manager. (#2379)
    • 👍 PagerDuty integration plain text alert support (by @spartantri). (#2403)
    • 👌 Improved Remoted start-up logging messages. (#2460)
    • Let agent_auth warn when it receives extra input arguments. (#2489)
    • ⚡️ Update the who-data related SELinux rules for Audit 3.0. This lets who-data work on Fedora 29. (#2419)
    • 🔄 Changed data source for network interface's MAC address in Syscollector so that it will be able to get bonded interfaces' MAC. (#2550)
    • ✅ Migrated unit tests from Check to TAP (Test Anything Protocol). (#2572)
    • Now labels starting with _ are reserved for internal use. (#2577)
    • Now AWS wodle fetches aws.requestParameters.disableApiTermination with an unified format (#2614)
    • 👌 Improved overall performance in cluster (#2575)
    • Some improvements has been made in the vulnerability-detector module. (#2603)
    • 🔨 Refactor of decoded fields from the Windows eventchannel decoder. (#2684)
    • 🗄 Deprecate global option <queue_size> for Analysisd. (#2729)
    • 🏁 Excluded noisy events from Windows Eventchannel. (#2763)
    • 🖨 Replaced printf functions in agent-authd. (#2830)
    • Replaced strtoul() using NULL arguments with atol() in wodles config files. (#2801)
    • ➕ Added a more descriptive message for SSL error when agent-auth fails. (#2941)
    • 🔄 Changed the starting Analysisd messages about loaded rules from info to debug level. (#2881)
    • Re-structured messages for FIM module. (#2926)
    • 🔄 Changed diff output in Syscheck for Windows. (#2969)
    • Replaced OSSEC e-mail subject with Wazuh in ossec-maild. (#2975)
    • ➕ Added keepalive in TCP to manage broken connections in ossec-remoted. (#3069)
    • 🔄 Change default restart interval for Docker listener module to one minute. (#2679)

    🛠 Fixed

    • 🛠 Fixed error in Syscollector for Windows older than Vista when gathering the hardware inventory. (#2326)
    • 🛠 Fixed an error in the OSQuery configuration validation. (#2446)
    • Prevent Integrator, Syslog Client and Mail forwarded from getting stuck while reading alerts.json. (#2498)
    • 🛠 Fixed a bug that could make an Agent running on Windows XP close unexpectedly while receiving a WPK file. (#2486)
    • Fixed ossec-control script in Solaris. (#2495)
    • 🛠 Fixed a compilation error when building Wazuh in static linking mode with the Audit library enabled. (#2523)
    • 🛠 Fixed a memory hazard in Analysisd on log pre-decoding for short logs (less than 5 bytes). (#2391)
    • 🛠 Fixed defects reported by Cppcheck. (#2521)
      • Double free in GeoIP data handling with IPv6.
      • Buffer overlay when getting OS information.
      • Check for successful memory allocation in Syscollector.
    • 🛠 Fix out-of-memory error in Remoted when upgrading an agent with a big data chunk. (#2594)
    • Re-registered agent are reassigned to correct groups when the multigroup is empty. (#2440)
    • Wazuh manager starts regardless of the contents of local_decoder.xml. (#2465)
    • Let Remoted wait for download module availability. (#2517)
    • 🛠 Fix duplicate field names at some events for Windows eventchannel. (#2500)
    • ✂ Delete empty fields from Windows Eventchannel alerts. (#2492)
    • 🛠 Fixed memory leak and crash in Vulnerability Detector. (#2620)
    • Prevent Analysisd from crashing when receiving an invalid Syscollector event. (#2621)
    • 🛠 Fix a bug in the database synchronization module that left broken references of removed agents to groups. (#2628)
    • 🛠 Fixed restart service in AIX. (#2674)
    • Prevent Execd from becoming defunct when Active Response disabled. (#2692)
    • 🛠 Fix error in Syscollector when unable to read the CPU frequency on agents. (#2740)
    • 🛠 Fix Windows escape format affecting non-format messages. (#2725)
    • Avoid a segfault in mail daemon due to the XML tags order in the ossec.conf. (#2711)
    • ⚡️ Prevent the key updating thread from starving in Remoted. (#2761)
    • 🛠 Fixed error logging on Windows agent. (#2791)
    • Let CIS-CAT decoder reuse the Wazuh DB connection socket. (#2800)
    • 🛠 Fixed issue with agent-auth options without argument. (#2808)
    • 🛠 Fixed control of the frequency counter in alerts. (#2854)
    • Ignore invalid files for agent groups. (#2895)
    • 🛠 Fixed invalid behaviour when moving files in Whodata mode. (#2888)
    • 🛠 Fixed deadlock in Remoted when updating the keyentries structure. (#2956)
    • 🛠 Fixed error in Whodata when one of the file permissions cannot be extracted. (#2940)
    • 🛠 Fixed System32 and SysWOW64 event processing in Whodata. (#2935)
    • 🛠 Fixed Syscheck hang when monitoring system directories. (#3059)
    • 🛠 Fixed the package inventory for MAC OS X. (#3035)
    • 🏁 Translated the Audit Policy fields from IDs for Windows events. (#2950)
    • 🛠 Fixed broken pipe error when Wazuh-manager closes TCP connection. (#2965)
    • 🛠 Fixed whodata mode on drives other than the main one. (#2989)
    • 🛠 Fixed bug occurred in the database while removing an agent. (#2997)
    • 🛠 Fixed duplicated alerts for Red Hat feed in vulnerability-detector. (#3000)
    • 🛠 Fixed bug when processing symbolic links in Whodata. (#3025)
    • 🛠 Fixed option for ignoring paths in rootcheck. (#3058)
    • 👍 Allow Wazuh service on MacOSX to be available without restart. (#3119)
    • ⬆️ Ensure internal_options.conf file is overwritten on Windows upgrades. (#3153)
    • 🛠 Fixed the reading of the setting attempts of the Docker module. (#3067)
    • 🛠 Fix a memory leak in Docker listener module. (#2679)