github wazuh/wazuh v4.4.0-alpha2
Wazuh v4.4.0 alpha 2
on GitHub

latest releases: v4.8.0-rc2, v4.8.0-rc1, v4.7.4...
pre-release17 months ago

Manager

Added

  • Added new unit tests for cluster python module and increased coverage to 99%. (#9995)
  • Added file size limitation on cluster integrity sync. (#11190)
  • Added unittests for CLIs script files. (#13424)
  • Added support for SUSE in Vulnerability Detector. (#9962)
  • Added support for Ubuntu Jammy in Vulnerability Detector. (#13263)
  • Added a software limit to limit the number of EPS that a manager can process. (#13608)
  • Added a new wazuh-clusterd task for agent-groups info synchronization. (#11753)
  • Added unit tests for functions in charge of getting ruleset sync status. (#14950)
  • Added auto-vacuum mechanism in wazuh-db. (#14950)

Changed

  • wazuh-logtest now shows warnings about ruleset issues. (#10822)
  • Modulesd memory is now managed by jemalloc, this helps reduce memory fragmentation. (#12206)
  • The manager now refuses multiple connections from the same agent. (#11702)
  • Updated the Vulnerability Detector configuration reporting to include MSU and skip JSON Red Hat feed. (#12117)
  • Improved the shared configuration file handling performance. (#12352)
  • The agent group data is now natively handled by Wazuh DB. (#11753)
  • Improved security at cluster zip filenames creation. (#10710)
  • Refactor of the core/common.py module. (#12390)
  • Refactor format_data_into_dictionary method of WazuhDBQuerySyscheck class. (#12497)
  • Limit the maximum zip size that can be created while synchronizing cluster Integrity. (#11124)
  • Refactored the functions in charge of synchronizing files in the cluster. (#13065)
  • Changed MD5 hash function to BLAKE2 for cluster file comparison. (#13079)
  • Renamed wazuh-logtest and wazuh-clusterd scripts to follow the same scheme as the other scripts (spaces symbolized with _ instead of -). (#12926)
  • The agent key polling module has been ported to wazuh-authd. (#10865)
  • Added the update field in the CPE Helper for Vulnerability Detector. (#13741)
  • Prevented agents with the same ID from connecting to the manager simultaneously. (#11702)
  • wazuh-analysisd, wazuh-remoted and wazuh-db metrics have been extended. (#13713)
  • Minimized and optimized wazuh-clusterd number of messages from workers to master related to agent-info and agent-groups tasks. (#11753)
  • Improved performance of the agent_groups CLI when listing agents belonging to a group. (#14244
  • Changed wazuh-clusterd binary behaviour to kill any existing cluster processes when executed. (#14475)
  • Changed wazuh-clusterd tasks to wait asynchronously for responses coming from wazuh-db. (#14791)
  • Use zlib for zip compression in cluster synchronization. (#11190)
  • Added mechanism to dynamically adjust zip size limit in Integrity sync. (#12241)

Fixed

  • Fixed wazuh-dbd halt procedure. (#10873)
  • Fixed compilation warnings in the manager. (#12098)
  • Fixed a bug in the manager that did not send shared folders correctly to agents belonging to multiple groups. (#12516)
  • Fixed the Active Response decoders to support back the top entries for source IP in reports. (#12834)
  • Fixed the feed update interval option of Vulnerability Detector for the JSON Red Hat feed. (#13338)
  • Fixed several code flaws in the python framework. (#12127)
    • Fixed code flaw regarding the use of XML package. (#10635)
    • Fixed code flaw regarding permissions at group directories. (#10636)
    • Fixed code flaw regarding temporary directory names. (#10544)
    • Fixed code flaw regarding try, except and pass block in wazuh-clusterd. (#11951)
  • Fixed framework datetime transformations to UTC. (#10782)
  • Fixed a cluster error when Master-Worker tasks where not properly stopped after an exception occurred in one or both parts. (#11866)
  • Fixed cluster logger issue printing 'NoneType: None' in error logs. (#12831)
  • Fixed unhandled cluster error when reading a malformed configuration. (#13419)
  • Fixed framework unit test failures when they are run by the root user. (#13368)
  • Fixed a memory leak in analysisd when parsing a disabled Active Response. (#13405)
  • Fixed Syscollector delta message handling. (#13590)
  • Prevented wazuh-db from deleting queue/diff when cleaning databases. (#13892)
  • Fixed multiple data race conditions in Remoted reported by ThreadSanitizer. (#14981)
  • Fixed aarch64 OS collection in Remoted to allow WPK upgrades. (#15151)
  • Fixed a race condition in Remoted that was blocking agent connections. (#15165)
  • Fixed Virustotal integration to support non UTF-8 characters. (#13531)
  • Fixed a bug masking as Timeout any error that might occur while waiting to receive files in the cluster. (#14922)

Removed

  • Removed the unused internal option wazuh_db.sock_queue_size. (#12409)
  • Removed all the unused exceptions from the exceptions.py file. (#10940)
  • Removed unused execute method from core/utils.py. (#10740)
  • Removed unused set_user_name function in framework. (#13119)
  • Unused internal calls to wazuh-db have been deprecated. (#12370)
  • Debian Stretch support in Vulnerability Detector has been deprecated. (#14542)

Agent

Added

  • Added support of CPU frequency data provided by Syscollector on Raspberry Pi. (#11756)
  • Added support for IPv6 address collection in the agent. (#11450)
  • Added the process startup time data provided by Syscollector on macOS. (#11833)
  • Added support of package retrieval in Syscollector for OpenSUSE Tumbleweed and Fedora 34. (#11571)
  • Added the process startup time data provided by Syscollector on macOS. Thanks to @LubinLew. (#11640)
  • Added support for package data provided by Syscollector on Solaris. (#11796)
  • Added support for delta events in Syscollector when data gets changed. (#10843)
  • Added support for pre-installed Windows packages in Syscollector. (#12035)
  • Added support for IPv6 on agent-manager connection and enrollment. (#11268)
  • Added support for CIS-CAT Pro v3 and v4 to the CIS-CAT integration module. Thanks to @hustliyilin. (#12582)
  • Added support for the use of the Azure integration module in Linux agents. (#10870)
  • Added new error messages when using invalid credentials with the Azure integration. (#11852)
  • Added reparse option to CloudWatchLogs and Google Cloud Storage integrations. (#12515)
  • Wazuh Agent can now be built and run on Alpine Linux. (#14726)
  • Added native Shuffle integration. (#15054)

Changed

  • Improved the free RAM data provided by Syscollector. (#11587)
  • The Windows installer (MSI) now provides signed DLL files. (#12752)
  • Changed the group ownership of the Modulesd process to root. (#12748)
  • Some parts of Agentd and Execd have got refactored. (#12750)
  • Handled new exception in the external integration modules. (#10478)
  • Optimized the number of calls to DB maintenance tasks performed by the AWS integration. (#11828)
  • Improved the reparse performance by removing unnecessary queries from external integrations. (#12404)
  • Updated and expanded Azure module logging functionality to use the ossec.log file. (#12478)
  • Improved the error management of the Google Cloud integration. (#12647)
  • Deprecated logging tag in GCloud integration. It now uses wazuh_modules debug value to set the verbosity level. (#12769)
  • The last_dates.json file of the Azure module has been deprecated in favour of a new ORM and database. (12849)
  • Improved the error handling in AWS integration's decompress_file method. (#12929)
  • Use zlib for zip compression in cluster synchronization. (#11190)
  • The exception handling on Wazuh Agent for Windows has been changed to DWARF2. (#11354)
  • The root CA certificate for WPK upgrade has been updated. (#14696)
  • Agents on macOS now report the OS name as "macOS" instead of "Mac OS X". (#14822)
  • The Systemd service stopping policy has been updated. (#14816)
  • Changed how the AWS module handles ThrottlingException adding default values for connection retries in case no config file is set.(#14793)

Fixed

  • Fixed collection of maximum user data length. Thanks to @LubinLew. (#7687)
  • Fixed missing fields in Syscollector on Windows 10. (#10772)
  • Fixed the process startup time data provided by Syscollector on Linux. Thanks to @LubinLew. (#11227)
  • Fixed network data reporting by Syscollector related to tunnel or VPN interfaces. (#11837)
  • Skipped V9FS file system at Rootcheck to prevent false positives on WSL. (#12066)
  • Fixed double file handle closing in Logcollector on Windows. (#9067)
  • Fixed a bug in Syscollector that may prevent the agent from stopping when the manager connection is lost. (#11949)
  • Fixed internal exception handling issues on Solaris 10. (#12148)
  • Fixed duplicate error message IDs in the log. (#12300)
  • Fixed compilation warnings in the agent. (#12691)
  • Fixed the skip_on_error parameter of the AWS integration module, which was set to True by default. (#1247)
  • Fixed AWS DB maintenance with Load Balancer Buckets. (#12381)
  • Fixed AWS integration's test_config_format_created_date unit test. (#12650)
  • Fixed created_date field for LB and Umbrella integrations. (#12630)
  • Fixed AWS integration database maintenance error managament. (#13185)
  • The default delay at GitHub integration has been increased to 30 seconds. (#13674)
  • Logcollector has been fixed to allow locations containing colons (:). (#14706)
  • Fixed system architecture reporting in Logcollector on Apple Silicon devices. (#13835)
  • The C++ standard library and the GCC runtime library is included with Wazuh. (#14190)
  • Fixed missing inventory cleaning message in Syscollector. (#13877)
  • Fixed WPK upgrade issue on Windows agents due to process locking. (#15322)
  • Fixed FIM injection vulnerabilty when using prefilter_cmd option. (#13044)
  • Fixed the parse of ALB logs splitting client_port, target_port and target_port_list in separated ip and port for each key. (14525)
  • Fixed a bug that prevent processing Macie logs with problematic ipGeolocation values. (15335)
  • Fixed GCP integration module error messages. (#15584)

Removed

  • Deprecated Azure and AWS credentials in the configuration authentication option. (#14543)

RESTful API

Added

  • Added new API integration tests for a Wazuh environment without a cluster configuration. (#10620)
  • Added wazuh-modulesd tags to GET /manager/logs and GET /cluster/{node_id}/logs endpoints. (#11731)
  • Added python decorator to soft deprecate API endpoints adding deprecation headers to their responses. (#12438)
  • Added new exception to inform that /proc directory is not found or permissions to see its status are not granted. (#12486)
  • Added new field and filter to GET /agents response to retrieve agent groups configuration synchronization status. (#12362)
  • Added agent groups configuration synchronization status to GET /agents/summary/status endpoint. (12498)
  • Added JSON log handling. (#11171)
  • Added integration tests for IPv6 agent's registration. (#12029)
  • Enable ordering by Agents count in /groups endpoints. (#12887)
  • Added hash to API logs to identify users logged in with authorization context. (#12092)
  • Added new limits section to the upload_wazuh_configuration section in the Wazuh API configuration. (#14119)
  • Added logic to API logger to renew its streams if needed on every request. (#14295)
  • Added GET /manager/daemons/stats and GET /cluster/{node_id}/daemons/stats API endpoints. (#14401)
  • Added GET /agents/{agent_id}/daemons/stats API endpoint. (#14464)
  • Added the possibility to get the configuration of the wazuh-db component in active configuration endpoints. (#14471)
  • Added distinct and select parameters to GET /sca/{agent_id} and GET /sca/{agent_id}/checks/{policy_id} endpoints. (#15084)
  • Added new endpoint to run vulnerability detector on-demand scans (PUT /vulnerability). (#15290)

Changed

  • Improved GET /cluster/healthcheck endpoint and cluster_control -i more CLI call in loaded cluster environments. (#11341)
  • Removed never_connected agent status limitation when trying to assign agents to groups. (#12595)
  • Changed API version and upgrade_version filters to work with different version formats. (#12551)
  • Renamed GET /agents/{agent_id}/group/is_sync endpoint to GET /agents/group/is_sync and added new agents_list parameter. (#9413)
  • Added POST /security/user/authenticate endpoint and marked GET /security/user/authenticate endpoint as deprecated. (#10397)
  • Adapted framework code to agent-group changes to use the new wazuh-db commands. (#12526)
  • Updated default timeout for GET /mitre/software to avoid timing out in slow environments after the MITRE DB update to v11.2. (#13791)
  • Changed API settings related to remote commands. The remote_commands section will be hold within upload_wazuh_configuration. (#14119)
  • Improved API unauthorized responses to be more accurate. (#14233)
  • Updated framework functions that communicate with the request socket to use remote instead. (#14259)
  • Improved parameter validation for API endpoints that require component and configuration parameters. (#14766)
  • Improved GET /sca/{agent_id}/checks/{policy_id} API endpoint performance. (#15017)
  • Improved exception handling when trying to connect to Wazuh sockets. (#15334)
  • Modified _group_names and _group_names_or_all regexes to avoid invalid group names. (#15671)

Fixed

  • Fixed copy functions used for the backup files and upload endpoints to prevent incorrent metadata. (#12302)
  • Fixed a bug regarding ids not being sorted with cluster disabled in Active Response and Agent endpoints. (#11010)
  • Fixed a bug where null values from wazuh-db where returned in API responses. (#10736)
  • Connections through WazuhQueue will be closed gracefully in all situations. (#12063)
  • Fixed exception handling when trying to get the active configuration of a valid but not configured component. (#12450)
  • Fixed api.yaml path suggested as remediation at exception.py (#12700)
  • Fixed /tmp access error in containers of API integration tests environment. (#12768)
  • The API will return an exception when the user asks for agent inventory information and there is no database for it (never connected agents). (#13096)
  • Improved regex used for the q parameter on API requests with special characters and brackets. (#13171) (#13386)
  • Removed board_serial from syscollector integration tests expected responses. (#12592)
  • Removed cmd field from expected responses of syscollector integration tests. (#12557)
  • Reduced maximum number of groups per agent to 128 and adjusted group name validation. (#12611)
  • Reduced amount of memory required to read CDB lists using the API. (#14204)
  • Fixed a bug where the cluster health check endpoint and CLI would add an extra active agent to the master node. (#14237)
  • Fixed bug that prevent updating the configuration when using various <ossec_conf> blocks from the API (#15311)
  • Fixed vulnerability API integration tests' healthcheck. (#15194)

Removed

  • Removed null remediations from failed API responses. (#12053)
  • Deprecated GET /agents/{agent_id}/group/is_sync endpoint. (#12365)
  • Deprecated GET /manager/stats/analysisd, GET /manager/stats/remoted, GET /cluster/{node_id}stats/analysisd, and GET /cluster/{node_id}stats/remoted API endpoints. (#14230)

Ruleset

Fixed

  • Fixed OpenWRT decoder fixed to parse UFW logs. (#11613)

Other

Added

  • Added unit tests to the component in Analysisd that extracts the IP address from events. (#12733)
  • Added python-json-logger dependency. (#12518)

Changed

  • Prevented the Ruleset test suite from restarting the manager. (#10773)
  • The pthread's rwlock has been replaced with a FIFO-queueing read-write lock. (#14839)

Fixed

  • Fixed Makefile to detect CPU archivecture on Gentoo Linux. (#14165)
Check out latest releases or
releases around wazuh/wazuh v4.4.0-alpha2

Don't miss a new wazuh release

NewReleases is sending notifications on new releases.

Get notifications