Added
- Core:
- Allow negation of expressions in rules. (#6258)
- Support for PCRE2 regular expressions in rules and decoders. (#6480)
- Added new ruleset test module. Allow testing and verification of rules and decoders using Wazuh User Interface. (#5337)
- Added new upgrade module. WPK upgrade feature has been moved to this module, which offers support for cluster architecture and simultaneous upgrades. (#5387)
- Added new task module. This module stores and manages all the tasks that are executed in the agents or managers. (#5386)
- Let the time interval to detect that an agent got disconnected configurable. Deprecate parameter
DISCON_TIME
. (#6396) - Added support to macOS in Vulnerability Detector. (#6532)
- Added the capability to perform FIM on values in the Windows Registry. (#6735)
- API:
- Added endpoints to query and manage Rootcheck data. (#6496)
- Added new endpoint to check status of tasks. (#6029)
- Added new endpoints to run the logtest tool and delete a logtest session. (#5984)
- Added debug2 mode for API log and improved debug mode. (#6822)
- Added missing secure headers for API responses. (#7024)
- Added new config option to disable uploading configurations containing remote commands. (#7016)
- AWS Module:
- Added support for AWS load balancers (Application Load Balancer, Classic Load Balancer and Network Load Balancer). (#6034)
- Framework:
Changed
- Core:
- Removed the limit of agents that a manager can support. (#6097)
- Moved CA configuration section to verify WPK signatures from
active-response
section toagent-upgrade
section. (#5929) - The tool ossec-logtest has been renamed to wazuh-logtest, and it uses a new testing service integrated in Analysisd. (#6103)
- Changed error message to debug when multiple daemons attempt to remove an agent simultaneously (#6185)
- Changed error message to warning when the agent fails to reach a module. (#5817)
- API:
- Framework:
- Refactored framework to work with new upgrade module. (#5537)
- Refactored agent upgrade CLI to work with new ugprade module. It distributes petitions in a clustered environment. (#5675)
- Changed rule and decoder details structure to support PCRE2. (#6318)
- Changed access to agent's status. (#6326)
- Improved AWS Config integration to avoid performance issues by removing alert fields with variables such as Instance ID in its name. (#6537)
Fixed
- Core:
- Fixed error in Analysisd when getting the ossec group ID. (#6688)
- Prevented FIM from reporting configuration error when setting patterns that match no files. (#6187)
- Fixed the array parsing when building JSON alerts. (#6687)
- Added Firefox ESR to the CPE helper to distinguish it from Firefox when looking for vulnerabilities. (#6610)
- Fixed the evaluation of packages from external sources with the official vendor feeds in Vulnerability Detector. (#6611)
- Fixed the handling of duplicated tags in the Vulnerability Detector configuration. (#6683)
- Fixed the validation of hotfixes gathered by Syscollector. (#6706)
- Fixed the reading of the Linux OS version when
/etc/os-release
doesn't provide it. (#6674) - Fixed a false positive when comparing the minor target of CentOS packages in Vulnerability Detector. (#6709)
- Fixed a zombie process leak in Modulesd when using commands without a timeout. (#6719)
- Fixed a race condition in Remoted that might create agent-group files with wrong permissions. (#6833)
- Fixed a warning log in Wazuh DB when upgrading the global database. (#6697)
- Fixed a bug in FIM on Windows that caused false positive due to changes in the host timezone or the daylight saving time when monitoring files in a FAT32 filesystem. (#6801)
- Fixed the purge of the Redhat vulnerabilities database before updating it. (#7050)
- Fixed a condition race hazard in Authd that may prevent the daemon from updating client.keys after adding an agent. (#7271)
- API:
- Fixed an error with
/groups/{group_id}/config
endpoints (GET and PUT) when using complexlocalfile
configurations. (#6276)
- Fixed an error with
- Framework: