Manager
Added
- Added Analysisd ability to do a hot ruleset reload. (#29458)
- Added support for hot ruleset reload via API. (#29954)
- Added support for global queries of FIM and system inventory data. (#27894)
Fixed
- Fixed missing agent version handling in Vulnerability Detector. (#29181)
- Fixed race condition in agent status synchronization between worker and master. (#29624)
Changed
- Improved reports functionality to avoid duplicated daily FIM reports. (#29232)
- Optimized agent query endpoints. (#29363)
- Implemented RBAC resource cache with TTL support. (#29406)
- Improved Wazuh-DB protocol to support large HTTP requests and remove pagination. (#29514)
- Added HTTP client implementation to wazuh-db. (#29515)
- Separated control messages from the connection handling in remoted. (29153)
- Added capability to re-index CVEs if documents have changed in Vulnerability detector. (#29916)
Agent
Added
- Added support for Rocky Linux and AlmaLinux in the agent upgrade module. (#29391)
- Added handling of CentOS 9 SCA files in package specs. (#29393)
- Added SCA support for Oracle Linux 10. (#29139)
Fixed
- Fixed incorrect handling of events in the Custom logs bucket. (#29312)
- Fixed download Azure's blob race condition. (29317)
- Fixed FIM reports false files. (#28962)
- Fixed IPv6 address format reported by WindowsHelper. (#29502)
- Fixed hidden port detection and netstat availability handling. (#29561)
- Replaced
select()withsleep()in Logcollector to prevent errors during Docker deployment. (#29905) - Fixed NetNTLMv2 exposure by filtering UNC paths and mapped drives in Windows agent. (#30060)
Changed
- Improved agent synchronization to reduce redundant payload transfers. (#29426)
- Improved Syscollector to report only Python packages managed by
dpkg. (#28688) - Improved
wazuh-dbJSON handling performance by updating external dependencies. (#29399) - Improved Azure module logging capabilities. (#29930)
- Improved restart on macOS agents after an upgrade. (#29940)
- Standarized different services timeouts. (#29443)
RESTful API
Added
- Added the server uuid to the /manager/info endpoint. (#29524)
- Added support for hot ruleset reload in the related API endpoints. (#29954)
Fixed
- Fixed false positive in configuration uploading. (#28962)
- Fixed sorting by version in agent list endpoint. (#29166)
Ruleset
Added
- Added SCA content for CentOS Stream 9. (#29269)
- Added IOCs and rules for Wazuh 4.x ruleset improvement. (#29653)
- Added SCA content for Oracle Linux 10. (#29139)
- Added rule to minimize event flooding from Windows events on the Wazuh manager. (#28790)
Changed
- Fixed bugs in Microsoft Windows 11 Enterprise SCA policy. (#5648)
- Fixed multiple checks in RHEL 9, RHEL 10, Rocky Linux 8 and Rocky Linux 9 SCA policies. (#29040)
- Fixed diff causing false negatives in rootcheck. (#28982)
- Fixed multiple RHEL 8 and CentOS 7 SCA checks generating incorrect results. (#28711)