Skip to content

@vikman90 vikman90 released this Apr 9, 2020 · 0 commits to master since this release

Fixed

  • Fixed a bug in Vulnerability Detector that made wazuh-modulesd crash when parsing the version of a package from a RHEL feed. (#4885)
Assets 2

@bah07 bah07 released this Apr 8, 2020 · 0 commits to master since this release

Changed

  • Updated MSU catalog on 31/03/2020. (#4819)

Fixed

  • Fixed compatibility with the Vulnerability Detector feeds for Ubuntu from Canonical, that are available in a compressed format. (#4834)
  • Added missing field ‘database’ to the FIM on-demand configuration report. (#4785)
  • Fixed a bug in Logcollector that made it forward a log to an external socket infinite times. (#4802)
  • Fixed a buffer overflow when receiving large messages from Syslog over TCP connections. (#4778)
  • Fixed a malfunction in the Integrator module when analyzing events without a certain field. (#4851)
Assets 2
  • v3.12.0
  • 2ccb1f4
  • Compare
    Choose a tag to compare
    Search for a tag
  • v3.12.0
  • 2ccb1f4
  • Compare
    Choose a tag to compare
    Search for a tag

@bah07 bah07 released this Mar 24, 2020

Added

  • Add synchronization capabilities for FIM. (#3319)
  • Add SQL database for the FIM module. Its storage can be switched between disk and memory. (#3319)
  • Add support for monitoring AWS S3 buckets in GovCloud regions. (#3953)
  • Add support for monitoring Cisco Umbrella S3 buckets. (#3890)
  • Add automatic reconnection with the Eventchannel service when it is restarted. (#3836)
  • Add a status validation when starting Wazuh. (#4237)
  • Add FIM module unit testing for Unix source code. (#4688)
  • Add multi-target support for unit testing. (#4564)
  • Add FIM module unit testing for Windows source code. (#4633)

Changed

  • Move the FIM logic engine to the agent. (#3319)
  • Make Logcollector continuously attempt to reconnect with the agent daemon. (#4435)
  • Make Windows agents to send the keep-alive independently. (#4077)
  • Do not enforce source IP checking by default in the registration process. (#4083)

Fixed

  • Avoid reopening the current socket when Logcollector fails to send a event. (#4696)
  • Prevent Logcollector from starving when has to reload files. (#4730)
  • Fix a small memory leak in clusterd. (#4465)
  • Fix a crash in the fluent forwarder when SSL is not enabled. (#4675)
  • Replace non-reentrant functions to avoid race condition hazards. (#4081)
  • Fixed the registration of more than one agent as any when forcing to use the source IP. (#2533)
  • Fix Windows upgrades in custom directories. (#2534)
  • Fix the format of the alert payload passed to the Slack integration. (#3978)
Assets 2

@vikman90 vikman90 released this Feb 25, 2020 · 1380 commits to master since this release

Changed

  • Remove chroot in Agentd to allow it resolve DNS at any time. (#4652)
Assets 2
Feb 21, 2020
Add errno to message

@vikman90 vikman90 released this Jan 28, 2020 · 1394 commits to master since this release

Fixed

  • Fixed a bug in the Windows agent that made Rootcheck report false positives about file size mismatch. (#4493)
Assets 2

@vikman90 vikman90 released this Jan 22, 2020 · 1403 commits to master since this release

Changed

  • Optimized memory usage in Vulnerability Detector when fetching the NVD feed. (#4427)

Fixed

  • Rootcheck scan produced a 100% CPU peak in Syscheckd because it applied <readall> option even when disabled. (#4415)
  • Fixed a handler leak in Rootcheck and SCA on Windows agents. (#4456)
  • Prevent Remoted from exiting when a client closes a connection prematurely. (#4390)
  • Fixed crash in Slack integration when handling an alert with no description. (#4426)
  • Fixed Makefile to allow running scan-build for Windows agents. (#4314)
  • Fixed a memory leak in Clusterd. (#4448)
Assets 2

@vikman90 vikman90 released this Jan 10, 2020 · 1431 commits to master since this release

Fixed

  • The Windows Eventchannel log decoder in Analysisd maxed out CPU usage due to an infinite loop. (#4412)
Assets 2

@vikman90 vikman90 released this Dec 23, 2019 · 1437 commits to master since this release

Added

  • Add support to Windows agents for vulnerability detector. (#2787)
  • Add support to Debian 10 Buster for vulnerability detector (by @aderumier). (#4151)
  • Make the Wazuh service to start after the network systemd unit (by @VAdamec). (#1106)
  • Add process inventory support for Mac OS X agents. (#3322)
  • Add port inventory support for MAC OS X agents. (#3349)
  • Make Analysisd compile the CDB list upon start. (#3488)
  • New rules option global_frequency to make frequency rules independent from the event source. (#3931)
  • Add a validation for avoiding agents to keep trying to connect to an invalid address indefinitely. (#3951)
  • Add the condition field of SCA checks to the agent databases. (#3631)
  • Display a warning message when registering to an unverified manager. (#4207)
  • Allow JSON escaping for logs on Logcollector's output format. (#4273)
  • Add TCP keepalive support for Fluent Forwarder. (#4274)
  • Add the host's primary IP to Logcollector's output format. (#4380)

Changed

  • Now EventChannel alerts include the full message with the translation of coded fields. (#3320)
  • Changed -G agent-auth description in help message. (#3856)
  • Unified the Makefile flags allowed values. (#4034)
  • Let Logcollector queue file rotation and keepalive messages. (#4222)
  • Changed default paths for the OSQuery module in Windows agents. (#4148)
  • Fluent Forward now packs the content towards Fluentd into an object. (#4334)

Fixed

  • Fix frequency rules to be increased for the same agent by default. (#3931)
  • Fix protocol, system_name, data and extra_data static fields detection. (#3591)
  • Fix overwriting agents by Authd when force option is less than 0. (#3527)
  • Fix Syscheck nodiff option for substring paths. (#3015)
  • Fix Logcollector wildcards to not detect directories as log files. (#3788)
  • Make Slack integration work with agentless alerts (by @dmitryax). (#3971)
  • Fix bugs reported by Clang analyzer. (#3887)
  • Fix compilation errors on OpenBSD platform. (#3105)
  • Fix on-demand configuration labels section to obtain labels attributes. (#3490)
  • Fixed race condition between wazuh-clusterd and wazuh-modulesd showing a 'No such file or directory' in cluster.log when synchronizing agent-info files in a cluster environment (#4007)
  • Fixed 'ConnectionError object has no attribute code' error when package repository is not available (#3441)
  • Fix the blocking of files monitored by Who-data in Windows agents. (#3872)
  • Fix the processing of EventChannel logs with unexpected characters. (#3320)
  • Active response Kaspersky script now logs the action request in active-responses.log (#2748)
  • Fix service's installation path for CentOS 8. (#4060)
  • Add macOS Catalina to the list of detected versions. (#4061)
  • Prevent FIM from producing false negatives due to wrong checksum comparison. (#4066)
  • Fix previous_output count for alerts when matching by group. (#4097)
  • Fix event iteration when evaluating contextual rules. (#4106)
  • Fix the use of prefilter_cmd remotely by a new local option allow_remote_prefilter_cmd. (#4178 & 4194)
  • Fix restarting agents by group using the API when some of them are in a worker node. (#4226)
  • Fix error in Fluent Forwarder that requests an user and pass although the server does not need it. (#3910)
  • Fix FTS data length bound mishandling in Analysisd. (#4278)
  • Fix a memory leak in Modulesd and Agentd when Fluent Forward parses duplicate options. #4334)
  • Fix an invalid memory read in Agentd when checking a remote configuration containing an invalid stanza inside <labels>. #4334)
  • Fix error using force_reload and the eventchannel format in UNIX systems. #4294)
Assets 2
Oct 18, 2019
Merge branch '3.12' into fix-syscheck-integritydb
You can’t perform that action at this time.