Manager

Added

• The manager now supports alert forwarding to Fluentd. (#17306)
• Added missing functionality for vulnerability scanner translations. (#23518)
• Improved performance for vulnerability scanner translations. (#23722)
• Enhanced vulnerability scanner logging to be more expressive. (#24536)
• The manager now supports alert forwarding to Fluentd. (#17306)
• Added the HAProxy helper to manage load balancer configuration and automatically balance agents. (#23513)

Fixed

• Fixed compilation issue for local installation. (#20505)
• Fixed malformed JSON error in wazuh-analysisd. (#16666)
• Fixed a warning when uninstalling the Wazuh manager if the VD feed is missing. (#24375)
• Ensured vulnerability detection scanner log messages end with a period. (#24393)

Changed

• Changed error messages about recv() messages from wazuh-db to debug logs. (#20285)

Agent

Added

• Added debug logging in FIM to detect invalid report change registry values. Thanks to Zafer Balkan (@zbalkan). (#21690)
• Added Amazon Linux 1 and 2023 support for the installation script. (#21287)
• Added Journald support in Logcollector. (#23137)
• Added support for Amazon Security Hub via AWS SQS. (#23203)

Fixed

• Fixed loading of whodata through timeouts and retries. (#21455)
• Avoided backup failures during WPK update by adding dependency checking for the tar package. (#21729)
• Fixed using memmove instead of memcpy to avoid unwanted behavior. (#21595)
• Fixed a crash in the agent due to a library incompatibility. (#22210)
• Fixed an error in the osquery integration on Windows that avoided loading osquery.conf. (#21728)
• Fixed a crash in the agent's Rootcheck component when using <ignore>. (#22588)
• Fixed command wodle to support UTF-8 characters on windows agent. (#19146)
• Fixed Windows agent to delete wazuh-agent.state file when stopped. (#20425)
• Fixed Windows Agent 4.8.0 permission errors on Windows 11 after upgrade. (#20727)
• Fixed Syscollector not checking if there's a scan in progress before starting a new one. (#22440)
• Fixed alerts are created when syscheck diff DB is full. (#16487)
• Fixed Wazuh deb uninstallation to remove non-config files. (#2195)
• Fixed improper Windows agent ACL on non-default installation directory. (#23273)
• Fixed socket configuration of an agent is displayed. (#17664)
• Fixed wazuh-modulesd printing child process not found error. (#18494)
• Fixed issue with an agent starting automatically without reason. (#23848)
• Fixed GET /syscheck to properly report size for files larger than 2GB. (#17415)
• Fixed error in packages generation centos 7. (#24412)
• Fixed Wazuh deb uninstallation to remove non-config files from the installation directory. (#2195)
• Fixed Azure auditLogs/signIns status parsing (thanks to @Jmnis for the contribution). (#22392)

Changed

• The directory /boot has been removed from the default FIM settings for AIX. (#19753)

RESTful API

Changed

• Replaced the used aiohttp server with uvicorn. (#23199)
• Changed the PUT /groups/{group_id}/configuration endpoint response error code when uploading an empty file. (#23199)
• Changed the GET, PUT and DELETE /lists/files/{filename} endpoints response status code when an invalid file is used. (#23199)
• Changed the PUT /manager/configuration endpoint response status code when uploading a file with invalid content-type. (#23199)

Ruleset

Changed

• The solved vulnerability rule has been clarified. (#19754)

Fixed

• Fixed audit decoders to parse the new heading field "node=". (#22178)

Other

Changed

• Upgraded external OpenSSL library dependency version to 3.0. (#20778)
• Migrated QA framework. (#17427)
• Improved WPKs. (#21152)
• Migrated and adapted Wazuh subsystem repositories as part of Wazuh packages redesign. ((#23508))
• Upgraded external connexion library dependency version to 3.0.5 and its related interdependencies. (#23199)

Fixed

• Fixed a buffer overflow hazard in HMAC internal library. (#19794)