github ossec/ossec-hids 4.0.0
# OSSEC 4.0.0 Release Notes
on GitHub

10 hours ago

Release Maintainers

Contributors on this release

Release Notes

Major security and stability release addressing critical memory safety issues and modernizing cryptographic implementations. This release includes fixes for multiple heap use-after-free (UAF) vulnerabilities, uncontrolled recursion in XML parsing, and implementation of secure random number generation for agent key creation. Additionally, file integrity monitoring has been modernized with SHA-256 support, and several external dependencies have been updated to their latest stable versions.

⚠️ Breaking Changes

Warning

AES Encryption Now Default for Agent Communication

OSSEC 4.0.0 agents now use AES encryption by default for agent-server communication. This is NOT backwards compatible with OSSEC 3.8.0 and older servers.

Migration Options:

  1. Upgrade servers first (recommended): Update all OSSEC servers to 4.0.0 before upgrading agents.
  2. Use legacy Blowfish encryption on 4.0.0 agents: Add the following to your agent's ossec.conf: 
    <client>
  <crypto_method>blowfish</crypto_method>
</client>

Configuration Changes

  • SHA-256 File Integrity Monitoring: SHA-256 is now enabled by default for all monitored directories. No configuration changes are required for new installs.
  • To disable SHA-256 (if needed for compatibility): 
    <syscheck>
  <directories check_sha256sum="no">/etc</directories>
</syscheck>

🔒 Security Fixes

  • Critical Memory Safety: Fix critical UAF bug in memory leak fix (Issue #1818) - PR 2178
  • Heap UAF: Fix Issue #1817: Heap UAF in OSSEC Alert decoder with leak-free Eventinfo refactor - PR 2177
  • Recursion Fix: Fix uncontrolled recursion in os_xml _ReadElem (Issue #1953) - PR 2175
  • Secure RNG: Implement secure RNG for agent key generation using OpenSSL RAND_bytes - PR 2167

General Fixes & Improvements

  • FIM Modernization: SHA-256 integration and safe buffer handling - PR 2166
  • Lua Update: Update Lua to version 5.4.7 - PR 2165
  • zlib Update: Update zlib to version 1.3.1 - PR 2164
  • cJSON Update: Update cJSON to version 1.7.18 - PR 2163
  • Windows Builds: Build fixes for Windows - PR 2162
  • Packaging: Add RPM spec file - PR 2147
  • Agent Auth: Handle SSL EOF condition in agent-auth - PR 2146
  • Performance: Ignore ENOENT in OS_RemoveCounter to prevent benign error messages - PR 2171
  • Stability: Improve logcollector crash fix to check read function pointer (Issue #2156) - PR 2168
  • Testing: Improve error message in ossec-testrule for missing rule matches (Issue #2093) - PR 2170
  • CLI: Fix help/version argument exit codes - PR 2174
  • Bugfix: Fix for Issue #2056 in syscheck decoder - PR 2173
  • Code Quality: Clean up redundant NULL checks in report filter function (Issue #2133) - PR 2169
Check out latest releases or
releases around ossec/ossec-hids 4.0.0

Don't miss a new ossec-hids release

NewReleases is sending notifications on new releases.

Get notifications