Skip to content

Wazuh v3.11.0
Compare
Choose a tag to compare
@vikman90 vikman90 released this 23 Dec 16:06
· 21585 commits to master since this release
v3.11.0
1c92d17

Added

  • Add support to Windows agents for vulnerability detector. (#2787)
  • Add support to Debian 10 Buster for vulnerability detector (by @aderumier). (#4151)
  • Make the Wazuh service to start after the network systemd unit (by @VAdamec). (#1106)
  • Add process inventory support for Mac OS X agents. (#3322)
  • Add port inventory support for MAC OS X agents. (#3349)
  • Make Analysisd compile the CDB list upon start. (#3488)
  • New rules option global_frequency to make frequency rules independent from the event source. (#3931)
  • Add a validation for avoiding agents to keep trying to connect to an invalid address indefinitely. (#3951)
  • Add the condition field of SCA checks to the agent databases. (#3631)
  • Display a warning message when registering to an unverified manager. (#4207)
  • Allow JSON escaping for logs on Logcollector's output format. (#4273)
  • Add TCP keepalive support for Fluent Forwarder. (#4274)
  • Add the host's primary IP to Logcollector's output format. (#4380)

Changed

  • Now EventChannel alerts include the full message with the translation of coded fields. (#3320)
  • Changed -G agent-auth description in help message. (#3856)
  • Unified the Makefile flags allowed values. (#4034)
  • Let Logcollector queue file rotation and keepalive messages. (#4222)
  • Changed default paths for the OSQuery module in Windows agents. (#4148)
  • Fluent Forward now packs the content towards Fluentd into an object. (#4334)

Fixed

  • Fix frequency rules to be increased for the same agent by default. (#3931)
  • Fix protocol, system_name, data and extra_data static fields detection. (#3591)
  • Fix overwriting agents by Authd when force option is less than 0. (#3527)
  • Fix Syscheck nodiff option for substring paths. (#3015)
  • Fix Logcollector wildcards to not detect directories as log files. (#3788)
  • Make Slack integration work with agentless alerts (by @dmitryax). (#3971)
  • Fix bugs reported by Clang analyzer. (#3887)
  • Fix compilation errors on OpenBSD platform. (#3105)
  • Fix on-demand configuration labels section to obtain labels attributes. (#3490)
  • Fixed race condition between wazuh-clusterd and wazuh-modulesd showing a 'No such file or directory' in cluster.log when synchronizing agent-info files in a cluster environment (#4007)
  • Fixed 'ConnectionError object has no attribute code' error when package repository is not available (#3441)
  • Fix the blocking of files monitored by Who-data in Windows agents. (#3872)
  • Fix the processing of EventChannel logs with unexpected characters. (#3320)
  • Active response Kaspersky script now logs the action request in active-responses.log (#2748)
  • Fix service's installation path for CentOS 8. (#4060)
  • Add macOS Catalina to the list of detected versions. (#4061)
  • Prevent FIM from producing false negatives due to wrong checksum comparison. (#4066)
  • Fix previous_output count for alerts when matching by group. (#4097)
  • Fix event iteration when evaluating contextual rules. (#4106)
  • Fix the use of prefilter_cmd remotely by a new local option allow_remote_prefilter_cmd. (#4178 & 4194)
  • Fix restarting agents by group using the API when some of them are in a worker node. (#4226)
  • Fix error in Fluent Forwarder that requests an user and pass although the server does not need it. (#3910)
  • Fix FTS data length bound mishandling in Analysisd. (#4278)
  • Fix a memory leak in Modulesd and Agentd when Fluent Forward parses duplicate options. #4334)
  • Fix an invalid memory read in Agentd when checking a remote configuration containing an invalid stanza inside <labels>. #4334)
  • Fix error using force_reload and the eventchannel format in UNIX systems. #4294)
Assets 2