Manager

Added

• The manager now supports alert forwarding to Fluentd. (#17306)
• Added missing functionality for vulnerability scanner translations. (#23518)
• Improved performance for vulnerability scanner translations. (#23722)
• Enhanced vulnerability scanner logging to be more expressive. (#24536)
• Added the HAProxy helper to manage load balancer configuration and automatically balance agents. (#23513)
• Added a validation to avoid killing processes from external services. (#23222)
• Enabled ceritificates validation in the requests to the HAProxy helper using the default CA bundle. (#23996)

Fixed

• Fixed compilation issue for local installation. (#20505)
• Fixed malformed JSON error in wazuh-analysisd. (#16666)
• Fixed a warning when uninstalling the Wazuh manager if the VD feed is missing. (#24375)
• Ensured vulnerability detection scanner log messages end with a period. (#24393)

Changed

• Changed error messages about recv() messages from wazuh-db to debug logs. (#20285)
• Sanitized the integrations directory code. (#21195)
• Modified multiple cluster commands to be asynchronous. (#22640)

Agent

Added

• Added debug logging in FIM to detect invalid report change registry values. Thanks to Zafer Balkan (@zbalkan). (#21690)
• Added Amazon Linux 1 and 2023 support for the installation script. (#21287)
• Added Journald support in Logcollector. (#23137)
• Added support for Amazon Security Hub via AWS SQS. (#23203)

Fixed

• Fixed loading of whodata through timeouts and retries. (#21455)
• Avoided backup failures during WPK update by adding dependency checking for the tar package. (#21729)
• Fixed a crash in the agent due to a library incompatibility. (#22210)
• Fixed an error in the osquery integration on Windows that avoided loading osquery.conf. (#21728)
• Fixed a crash in the agent's Rootcheck component when using <ignore>. (#22588)
• Fixed command wodle to support UTF-8 characters on windows agent. (#19146)
• Fixed Windows agent to delete wazuh-agent.state file when stopped. (#20425)
• Fixed Windows Agent 4.8.0 permission errors on Windows 11 after upgrade. (#20727)
• Fixed alerts are created when syscheck diff DB is full. (#16487)
• Fixed Wazuh deb uninstallation to remove non-config files. (#2195)
• Fixed improper Windows agent ACL on non-default installation directory. (#23273)
• Fixed socket configuration of an agent is displayed. (#17664)
• Fixed wazuh-modulesd printing child process not found error. (#18494)
• Fixed issue with an agent starting automatically without reason. (#23848)
• Fixed GET /syscheck to properly report size for files larger than 2GB. (#17415)
• Fixed error in packages generation centos 7. (#24412)
• Fixed Wazuh deb uninstallation to remove non-config files from the installation directory. (#2195)
• Fixed Azure auditLogs/signIns status parsing (thanks to @Jmnis for the contribution). (#22392)
• Fixed how the S3 object keys with special characters are handled in the Custom Logs Buckets integration. (#22621)

Changed

• The directory /boot has been removed from the default FIM settings for AIX. (#19753)
• Refactored and modularized the Azure integration code. (#20624)
• Improved logging of errors in Azure and AWS modules. (#16314)

Removed

• Dropped support for Python 3.7 in cloud integrations. (#22583)

RESTful API

Added

• Added support in the Wazuh API to parse journald configurations from the ossec.conf file. (#23094)
• Added user-agent to the CTI service request. (#24360)

Changed

• Merged group files endpoints into one (GET /groups/{group_id}/files/{filename}) that uses the raw parameter to receive plain text data. (#21653)
• Removed the hardcoded fields returned by the GET /agents/outdated endpoint and added the select parameter to the specification. (#22388)
• Updated the regex used to validate CDB lists. (#22423)
• Changed the default value for empty fields in the GET /agents/stats/distinct endpoint response. (#22413)
• Changed the Wazuh API endpoint responses when receiving the Expect header. (#22380)
• Enhanced Authorization header values decoding errors to avoid showing the stack trace and fail gracefully. (#22745)
• Updated the format of the fields that can be N/A in the API specification. (#22908)
• Updated the WAZUH API specification to conform with the current endpoint requests and responses. (#22954)
• Replaced the used aiohttp server with uvicorn. (#23199)
  • Changed the PUT /groups/{group_id}/configuration endpoint response error code when uploading an empty file.
  • Changed the GET, PUT and DELETE /lists/files/{filename} endpoints response status code when an invalid file is used.
  • Changed the PUT /manager/configuration endpoint response status code when uploading a file with invalid content-type.

Fixed

• Improved XML validation to match the Wazuh internal XML validator. (#20507)
• Fixed bug in GET /groups. (#22428)
• Fixed the GET /agents/outdated endpoint query. (#24946)

Removed

• Removed the cache configuration option from the Wazuh API. (#22416)

Ruleset

Changed

• The solved vulnerability rule has been clarified. (#19754)

Fixed

• Fixed audit decoders to parse the new heading field "node=". (#22178)

Other

Changed

• Upgraded external OpenSSL library dependency version to 3.0. (#20778)
• Migrated QA framework. (#17427)
• Improved WPKs. (#21152)
• Migrated and adapted Wazuh subsystem repositories as part of Wazuh packages redesign. (#23508)
• Upgraded external connexion library dependency version to 3.0.5 and its related interdependencies. (#22680)

Fixed

• Fixed a buffer overflow hazard in HMAC internal library. (#19794)