v4.8.0-beta3
版本发布时间: 2024-03-01 21:11:27
wazuh/wazuh最新发布版本:v4.9.0-rc1(2024-08-21 19:52:07)
Manager
Added
- Added new query "rollback" to wazuh-db. (#16058)
- Transition to Wazuh Keystore for Indexer Configuration. (#21670)
Changed
- Vulnerability Detection refactor. (#21201)
- Improved wazuh-db detection of deleted database files. (#18476)
- Added timeout and retry parameters to the VirusTotal integration. (#16893)
- Extended wazuh-analysisd EPS metrics with events dropped by overload and remaining credits in the previous cycle. (#18988)
- Updated API and framework packages installation commands to use pip instead of direct invocation of setuptools. (#18466)
- Upgraded docker-compose V1 to V2 in API Integration test scripts. (#17750)
- Refactored how cluster status dates are treated in the cluster. (#17015)
- The log message about file rotation and signature from wazuh-monitord has been updated. (#21602)
Fixed
- Updated cluster connection cleanup to remove temporary files when the connection between a worker and a master is broken. (#17886)
Agent
Added
- Added snap package manager support to Syscollector. (#15740)
- Added event size validation for the external integrations. (#17932)
- Added new unit tests for the AWS integration. (#17623)
- Added mapping geolocation for AWS WAF integration. (#20649)
- Added a validation to reject unsupported regions when using the inspector service. (#21530)
- Added additional information on some AWS integration errors. (#21561)
Changed
- Disabled host's IP query by Logcollector when ip_update_interval=0. (#18574)
- The MS Graph integration module now supports multiple tenants. (#19064)
- FIM now buffers the Linux audit events for who-data to prevent side effects in other components. (#16200)
- The sub-process execution implementation has been improved. (#19720)
- Refactored and modularized the AWS integration code. (#17623)
- Replace the usage of fopen with wfopen to avoid processing invalid characters on Windows. (#21791)
- Prevent macOS agent to start automatically after installation. (#21637)
Fixed
- Fixed process path retrieval in Syscollector on Windows XP. (#16839)
- Fixed detection of the OS version on Alpine Linux. (#16056)
- Fixed Solaris 10 name not showing in the Dashboard. (#18642)
- Fixed macOS Ventura compilation from sources. (#21932)
RESTful API
Added
- Added new
GET /manager/version/checkendpoint to obtain information about new releases of Wazuh. (#19952) - Introduced an
autooption for the ssl_protocol setting in the API configuration. This enables automatic negotiation of the TLS certificate to be used. (#20420)
Fixed
- Fixed a warning from SQLAlchemy involving detached Roles instances in RBAC. (#20527)
Removed
- Removed
PUT /vulnerability,GET /vulnerability/{agent_id},GET /vulnerability/{agent_id}/last_scanandGET /vulnerability/{agent_id}/summary/{field}API endpoints as they were deprecated in version 4.7.0. Use the Wazuh indexer REST API instead. (#20119) - Removed the
compilation_datefield fromGET /cluster/{node_id}/infoandGET /manager/infoendpoints. (#21572)
Ruleset
Added
- Added new SCA policy for Amazon Linux 2023. (#17780)
- Added new SCA policy for Rocky Linux 8. (#17784)
- Added rules to detect IcedID attacks. (#19528)
Changed
- SCA policy for Ubuntu Linux 18.04 rework. (#18721)
- SCA policy for Ubuntu Linux 22.04 rework. (#17515)
- SCA policy for Red Hat Enterprise Linux 7 rework. (#18440)
- SCA policy for Red Hat Enterprise Linux 8 rework. (#17770)
- SCA policy for Red Hat Enterprise Linux 9 rework. (#17412)
- SCA policy for CentOS 7 rework. (#17624)
- SCA policy for CentOS 8 rework. (#18439)
- SCA policy for Debian 8 rework. (#18010)
- SCA policy for Debian 10 rework. (#17922)
- SCA policy for Amazon Linux 2 rework. (#18695)
- SCA policy for SUSE Linux Enterprise 15 rework. (#18985)
- SCA policy for macOS 13.0 Ventura rework. (#19037)
- SCA policy for Microsoft Windows 10 Enterprise rework. (#19515)
- SCA policy for Microsoft Windows 11 Enterprise rework. (#20044)
- Update MITRE DB to v13.1. (#17518)
Other
Added
- Added external lua library dependency version 5.3.6. (#21710)
Changed
- Upgraded external aiohttp library dependency version to 3.8.5. (#20003)
- Upgraded external cryptography library dependency version to 41.0.7. (#21055)
- Upgraded external numpy library dependency version to 1.26.0. (#20003)
- Upgraded external grpcio library dependency version to 1.58.0. (#20003)
- Upgraded external pyarrow library dependency version to 14.0.1. (#20003)
- Upgraded external urllib3 library dependency version to 1.26.18. (#20630)
- Upgraded external SQLAlchemy library dependency version to 2.0.23. (#20741)
- Upgraded external Jinja2 library dependency version to 3.1.3. (#21684)
- Upgraded embedded Python version to 3.10.13. (#20003)
- Upgraded external curl library dependency version to 8.5.0. (#21710)
- Upgraded external pcre2 library dependency version to 10.42. (#21710)
- Upgraded external libarchive library dependency version to 3.7.2. (#21710)
- Upgraded external rpm library dependency version to 4.18.2. (#21710)
- Upgraded external sqlite library dependency version to 3.45.0. (#21710)
- Upgraded external zlib library dependency version to 1.3.1. (#21710)