Skip to content

@vikman90 vikman90 released this Jan 14, 2021 · 1851 commits to master since this release

Added

  • API:
    • Added missing secure headers for API responses. (#7138)
    • Added new config option to disable uploading configurations containing remote commands. (#7134)
    • Added new config option to choose the SSL ciphers. Default value TLSv1.2. (#7164)

Changed

  • API:
    • Deprecated endpoints to restore and update API configuration file. (#7132)
    • Default expiration time of the JWT token set to 15 minutes. (#7167)

Fixed

  • API:
    • Fixed spec regexes for paths used in /manager/files and /cluster/{node_id}/files endpoints. (#7131)
  • Framework:
    • Fixed a bug with add_manual(agents) function when authd is disabled. (#7135)
  • Core:
    • Fixed the purge of the Redhat vulnerabilities database before updating it. (#7133)
Assets 2
Jan 7, 2021
Bump revision to 40104
Dec 31, 2020

@vikman90 vikman90 released this Nov 30, 2020 · 1864 commits to master since this release

Fixed

  • API:
    • Fixed a problem with certain API calls exceeding timeout in highly loaded cluster environments. (#6753)
Assets 2

@vikman90 vikman90 released this Nov 24, 2020 · 1868 commits to master since this release

Added

  • Core:
    • Added macOS Big Sur version detection in the agent. (#6603)

Changed

  • API:
    • GET /agents/summary/os, GET /agents/summary/status and GET /overview/agents will no longer consider 000 as an agent. (#6574)
    • Increased to 64 the maximum number of characters that can be used in security users, roles, rules, and policies names. (#6657)

Fixed

  • API:
    • Fixed an error with POST /security/roles/{role_id}/rules when removing role-rule relationships with admin resources. (#6594)
    • Fixed a timeout error with GET /manager/configuration/validation when using it in a slow environment. (#6530)
  • Framework:
    • Fixed an error with some distributed requests when the cluster configuration is empty. (#6612)
    • Fixed special characters in default policies. (#6575)
  • Core:
    • Fixed a bug in Remoted that limited the maximum agent number to MAX_AGENTS-3 instead of MAX_AGENTS-2. (#4560)
    • Fixed an error in the network library when handling disconnected sockets. (#6444)
    • Fixed an error in FIM when handling temporary files and registry keys exceeding the path size limit. (#6538)
    • Fixed a bug in FIM that stopped monitoring folders pointed by a symbolic link. (#6613)
    • Fixed a race condition in FIM that could cause Syscheckd to stop unexpectedly. (#6696)
Assets 2

@vikman90 vikman90 released this Nov 11, 2020 · 1902 commits to master since this release

Changed

Framework

  • Update Python's cryptography library to version 3.2.1 (#6442)

Fixed

API

  • Added missing agent:group resource to RBAC's catalog. (6427)
  • Changed limit parameter behaviour in GET sca/{agent_id}/checks/{policy_id} endpoint and fixed some loss of information when paginating wdb. (#6464)
  • Fixed an error with GET /security/users/me when logged in with run_as. (#6506)

Framework

  • Fixed zip files compression and handling in cluster integrity synchronization. (#6367)

Core

  • Fixed version matching when assigning feed in Vulnerability Detector. (#6505)
  • Prevent unprivileged users from accessing the Wazuh Agent folder in Windows. (#3593)
  • Fix a bug that may lead the agent to crash when reading an invalid Logcollector configuration. (#6463)
Assets 2

@chemamartinez chemamartinez released this Oct 23, 2020 · 91 commits to 4.0 since this release

Added

  • Added enrollment capability. Agents are now able to request a key from the manager if current key is missing or wrong. (#5609)
  • Migrated the agent-info data to Wazuh DB. (#5541)
  • Wazuh API:
    • Embedded Wazuh API with Wazuh Manager, there is no need to install Wazuh API. (9860823)
    • Migrated Wazuh API server from nodejs to python. (#2640)
    • Added asynchronous aiohttp server for the Wazuh API. (#4474)
    • New Wazuh API is approximately 5 times faster on average. (#5834)
    • Added OpenAPI based Wazuh API specification. (#2413)
    • Improved Wazuh API reference documentation based on OpenAPI spec using redoc. (#4967)
    • Added new yaml Wazuh API configuration file. (#2570)
    • Added new endpoints to manage API configuration and deprecated configure_api.sh. (#2570)
    • Added RBAC support to Wazuh API. (#3287)
    • Added new endpoints for Wazuh API security management. (#3410)
    • Added SQLAlchemy ORM based database for RBAC. (#3375)
    • Added new JWT authentication method. (7080ac3)
    • Wazuh API up and running by default in all nodes for a clustered environment.
    • Added new and improved error handling. (#2843 (#5345)
    • Added tavern and docker based Wazuh API integration tests. (#3612)
    • Added new and unified Wazuh API responses structure. (3421015)
    • Added new endpoints for Wazuh API users management. (#3280)
    • Added new endpoint to restart agents which belong to a node. (#5381)
    • Added and improved q filter in several endpoints. (#5431)
    • Tested and improved Wazuh API security. (#5318)
      • Added DDOS blocking system. (#5318)
      • Added brute force attack blocking system. (#5318)
      • Added content-type validation. (#5318)
  • Vulnerability Detector:
    • Redhat vulnerabilities are now fetched from OVAL benchmarks. (#5352)
    • Debian vulnerable packages are now fetched from the Security Tracker. (#5304)
    • The Debian Security Tracker feed can be loaded from a custom location. (#5449)
    • The package vendor is used to discard vulnerabilities. (#5330)
    • Allow compressed feeds for offline updates. (#5745)
    • The manager now updates the MSU feed automatically. (#5678)
    • CVEs with no affected version defined in all the feeds are now reported. (#5284)
    • CVEs vulnerable for the vendor and missing in the NVD are now reported. (#5305)
  • File Integrity Monitoring:
    • Added options to limit disk usage using report changes option in the FIM module. (#5157)
  • Added and updated framework unit tests to increase coverage. (#3287)
  • Added improved support for monitoring paths from environment variables. (#4961)
  • Added base64_log format to the log builder for Logcollector. (#5273)

Changed

  • Changed the default manager-agent connection protocol to TCP. (#5696)
  • Disable perpetual connection attempts to modules. (#5622)
  • Unified the behaviour of Wazuh daemons when reconnecting with unix sockets. (#4510)
  • Changed multiple Wazuh API endpoints. (#2640) (#2413)
  • Refactored framework module in SDK and core. (#5263)
  • Refactored FIM Windows events handling. (#5144)
  • Changed framework to access global.db using wazuh-db. (#6095)
  • Changed agent-info synchronization task in Wazuh cluster. (#5585)
  • Use the proper algorithm name for SHA-256 inside Prelude output. Thanks to François Poirotte (@fpoirotte). (#5004)
  • Elastic Stack configuration files have been adapted to Wazuh v4.x. (#5796)
  • Explicitly use Bash for the Pagerduty integration. Thanks to Chris Kruger (@montdidier). (#4641)

Fixed

  • Vulnerability Detector:
    • Vulnerabilities of Windows Server 2019 which not affect Windows 10 were not being reported. (#5524)
    • Vulnerabilities patched by a Microsoft update with no supersedence were not being reported. (#5524)
    • Vulnerabilities patched by more than one Microsoft update were not being evaluated against all the patches. (#5717)
    • Duplicated alerts in Windows 10. (#5600)
    • Syscollector now discards hotfixes that are not fully installed. (#5792)
    • Syscollector now collects hotfixes that were not being parsed. (#5792)
    • Update Windows databases when run_on_start is disabled. (#5335)
    • Fixed the NVD version comparator to remove undesired suffixes. (#5362)
    • Fixed not escaped single quote in vuln detector SQL query. (#5570)
    • Unified alerts title. (#5826)
    • Fixed potential error in the GZlib when uncompressing NVD feeds. (#5989)
  • File Integrity Monitoring:
    • Fixed an error with last scan time in Syscheck API endpoints. (a9acd3a)
    • Fixed support for monitoring directories which contain commas. (#4961)
    • Fixed a bug where configuring a directory to be monitored as real-time and whodata resulted in real-time prevailing. (#4961)
    • Fixed using an incorrect mutex while deleting inotify watches. (#5126)
    • Fixed a bug which could cause multiple FIM threads to request the same temporary file. (#5213)
    • Fixed a bug where deleting a file permanently in Windows would not trigger an alert. (#5144)
    • Fixed a typo in the file monitoring options log entry. (#5591)
    • Fixed an error where monitoring a drive in Windows under scheduled or real-time mode would generate alerts from the recycle bin. (#4771)
    • When monitoring a drive in Windows in the format U:, it will monitor U:\ instead of the agent's working directory. (#5259)
    • Fixed a bug where monitoring a drive in Windows with recursion_level set to 0 would trigger alerts from files inside its subdirectories. (#5235)
  • Fixed an Azure wodle dependency error. The package azure-storage-blob>12.0.0 does not include a component used. (#6109)
  • Fixed bugs reported by GCC 10.1.0. (#5119)
  • Fixed compilation errors with USE_PRELUDE enabled. Thanks to François Poirotte (@fpoirotte). (#5003)
  • Fixed default gateway data gathering in Syscollector on Linux 2.6. (#5548)
  • Fixed the Eventchannel collector to keep working when the Eventlog service is restarted. (#5496)
  • Fixed the OpenSCAP script to work over Python 3. (#5317)
  • Fixed the launcher.sh generation in macOS source installation. (#5922)

Removed

  • Removed Wazuh API cache endpoints. (#3042)
  • Removed Wazuh API rootcheck endpoints. (#5246)
  • Deprecated Debian Jessie and Wheezy for Vulnerability Detector (EOL). (#5660)
  • Removed references to manage_agents in the installation process. (#5840)
  • Removed compatibility with deprecated configuration at Vulnerability Detector. (#5879)
Assets 2

@vikman90 vikman90 released this Sep 22, 2020 · 4986 commits to master since this release

Fixed

  • Updated the default NVD feed URL from 1.0 to 1.1 in Vulnerability Detector. (#6056)
Assets 2