vikman90
released this
Added
- API:
Changed
- API:
Fixed
Assets
2
vikman90
released this
Fixed
- API:
- Fixed a problem with certain API calls exceeding timeout in highly loaded cluster environments. (#6753)
Assets
2
vikman90
released this
Added
- Core:
- Added macOS Big Sur version detection in the agent. (#6603)
Changed
- API:
Fixed
- API:
- Framework:
- Core:
- Fixed a bug in Remoted that limited the maximum agent number to
MAX_AGENTS-3
instead ofMAX_AGENTS-2
. (#4560) - Fixed an error in the network library when handling disconnected sockets. (#6444)
- Fixed an error in FIM when handling temporary files and registry keys exceeding the path size limit. (#6538)
- Fixed a bug in FIM that stopped monitoring folders pointed by a symbolic link. (#6613)
- Fixed a race condition in FIM that could cause Syscheckd to stop unexpectedly. (#6696)
- Fixed a bug in Remoted that limited the maximum agent number to
Assets
2
vikman90
released this
Changed
Framework
- Update Python's cryptography library to version 3.2.1 (#6442)
Fixed
API
- Added missing agent:group resource to RBAC's catalog. (6427)
- Changed
limit
parameter behaviour inGET sca/{agent_id}/checks/{policy_id}
endpoint and fixed some loss of information when paginatingwdb
. (#6464) - Fixed an error with
GET /security/users/me
when logged in withrun_as
. (#6506)
Framework
- Fixed zip files compression and handling in cluster integrity synchronization. (#6367)
Core
Assets
2
chemamartinez
released this
Added
- Added enrollment capability. Agents are now able to request a key from the manager if current key is missing or wrong. (#5609)
- Migrated the agent-info data to Wazuh DB. (#5541)
- Wazuh API:
- Embedded Wazuh API with Wazuh Manager, there is no need to install Wazuh API. (9860823)
- Migrated Wazuh API server from nodejs to python. (#2640)
- Added asynchronous aiohttp server for the Wazuh API. (#4474)
- New Wazuh API is approximately 5 times faster on average. (#5834)
- Added OpenAPI based Wazuh API specification. (#2413)
- Improved Wazuh API reference documentation based on OpenAPI spec using redoc. (#4967)
- Added new yaml Wazuh API configuration file. (#2570)
- Added new endpoints to manage API configuration and deprecated configure_api.sh. (#2570)
- Added RBAC support to Wazuh API. (#3287)
- Added new endpoints for Wazuh API security management. (#3410)
- Added SQLAlchemy ORM based database for RBAC. (#3375)
- Added new JWT authentication method. (7080ac3)
- Wazuh API up and running by default in all nodes for a clustered environment.
- Added new and improved error handling. (#2843 (#5345)
- Added tavern and docker based Wazuh API integration tests. (#3612)
- Added new and unified Wazuh API responses structure. (3421015)
- Added new endpoints for Wazuh API users management. (#3280)
- Added new endpoint to restart agents which belong to a node. (#5381)
- Added and improved q filter in several endpoints. (#5431)
- Tested and improved Wazuh API security. (#5318)
- Vulnerability Detector:
- Redhat vulnerabilities are now fetched from OVAL benchmarks. (#5352)
- Debian vulnerable packages are now fetched from the Security Tracker. (#5304)
- The Debian Security Tracker feed can be loaded from a custom location. (#5449)
- The package vendor is used to discard vulnerabilities. (#5330)
- Allow compressed feeds for offline updates. (#5745)
- The manager now updates the MSU feed automatically. (#5678)
- CVEs with no affected version defined in all the feeds are now reported. (#5284)
- CVEs vulnerable for the vendor and missing in the NVD are now reported. (#5305)
- File Integrity Monitoring:
- Added options to limit disk usage using report changes option in the FIM module. (#5157)
- Added and updated framework unit tests to increase coverage. (#3287)
- Added improved support for monitoring paths from environment variables. (#4961)
- Added
base64_log
format to the log builder for Logcollector. (#5273)
Changed
- Changed the default manager-agent connection protocol to TCP. (#5696)
- Disable perpetual connection attempts to modules. (#5622)
- Unified the behaviour of Wazuh daemons when reconnecting with unix sockets. (#4510)
- Changed multiple Wazuh API endpoints. (#2640) (#2413)
- Refactored framework module in SDK and core. (#5263)
- Refactored FIM Windows events handling. (#5144)
- Changed framework to access global.db using wazuh-db. (#6095)
- Changed agent-info synchronization task in Wazuh cluster. (#5585)
- Use the proper algorithm name for SHA-256 inside Prelude output. Thanks to François Poirotte (@fpoirotte). (#5004)
- Elastic Stack configuration files have been adapted to Wazuh v4.x. (#5796)
- Explicitly use Bash for the Pagerduty integration. Thanks to Chris Kruger (@montdidier). (#4641)
Fixed
- Vulnerability Detector:
- Vulnerabilities of Windows Server 2019 which not affect Windows 10 were not being reported. (#5524)
- Vulnerabilities patched by a Microsoft update with no supersedence were not being reported. (#5524)
- Vulnerabilities patched by more than one Microsoft update were not being evaluated against all the patches. (#5717)
- Duplicated alerts in Windows 10. (#5600)
- Syscollector now discards hotfixes that are not fully installed. (#5792)
- Syscollector now collects hotfixes that were not being parsed. (#5792)
- Update Windows databases when
run_on_start
is disabled. (#5335) - Fixed the NVD version comparator to remove undesired suffixes. (#5362)
- Fixed not escaped single quote in vuln detector SQL query. (#5570)
- Unified alerts title. (#5826)
- Fixed potential error in the GZlib when uncompressing NVD feeds. (#5989)
- File Integrity Monitoring:
- Fixed an error with last scan time in Syscheck API endpoints. (a9acd3a)
- Fixed support for monitoring directories which contain commas. (#4961)
- Fixed a bug where configuring a directory to be monitored as real-time and whodata resulted in real-time prevailing. (#4961)
- Fixed using an incorrect mutex while deleting inotify watches. (#5126)
- Fixed a bug which could cause multiple FIM threads to request the same temporary file. (#5213)
- Fixed a bug where deleting a file permanently in Windows would not trigger an alert. (#5144)
- Fixed a typo in the file monitoring options log entry. (#5591)
- Fixed an error where monitoring a drive in Windows under scheduled or real-time mode would generate alerts from the recycle bin. (#4771)
- When monitoring a drive in Windows in the format
U:
, it will monitorU:\
instead of the agent's working directory. (#5259) - Fixed a bug where monitoring a drive in Windows with
recursion_level
set to 0 would trigger alerts from files inside its subdirectories. (#5235)
- Fixed an Azure wodle dependency error. The package azure-storage-blob>12.0.0 does not include a component used. (#6109)
- Fixed bugs reported by GCC 10.1.0. (#5119)
- Fixed compilation errors with
USE_PRELUDE
enabled. Thanks to François Poirotte (@fpoirotte). (#5003) - Fixed default gateway data gathering in Syscollector on Linux 2.6. (#5548)
- Fixed the Eventchannel collector to keep working when the Eventlog service is restarted. (#5496)
- Fixed the OpenSCAP script to work over Python 3. (#5317)
- Fixed the launcher.sh generation in macOS source installation. (#5922)
Removed
- Removed Wazuh API cache endpoints. (#3042)
- Removed Wazuh API rootcheck endpoints. (#5246)
- Deprecated Debian Jessie and Wheezy for Vulnerability Detector (EOL). (#5660)
- Removed references to
manage_agents
in the installation process. (#5840) - Removed compatibility with deprecated configuration at Vulnerability Detector. (#5879)
Assets
2
vikman90
released this
Fixed
- Updated the default NVD feed URL from 1.0 to 1.1 in Vulnerability Detector. (#6056)
Assets
2
PreviousNext