Wazuh Files

Manager

Added

• Added new compilation flags for the Vulnerability Detector module. (#26652)
• Added support for central components in ARM architectures. (#26083)
• Added functionality to navigate to CTI links related to specific CVE detections from states and alerts. (#28220)
• Added package condition field in indexed vulnerabilities. (#27603)
• Added standardized version metadata with VERSION.json file. (#28401)

Changed

• Converted server logs timestamp to UTC. (#28047)
• Removed error logs when the response is 409 for certain OpenSearch calls. (#28038)

Fixed

• Fixed inconsistent vulnerability severity categorization by correcting CVSS version prioritization. (#26720)
• Fixed a potential crash in Wazuh-DB by improving the PID parsing method. (#26769)
• Fixed concurrent mechanism on column family rocksDB. (#28185)
• Fixed unused variables in Analysisd. (#28503)
• Fixed analysisd startup failure caused by mixing static and dynamic rules with the same ID. (#29050)
• Fixed crash in Vulnerability Scanner when processing delayed events during agent re-scan. (#27834)
• Improved the signal handling during processes stop. (#26679)
• Improved cleanup logic for the content folder for the VD module. (#27750)
• Sanitized invalid size values from package data provider events. (#27806)
• Fixed crash when reading email alerts missing the email_to attribute. (#26704)
• Fixed offset errors by updating the DB only after processing events. (#29179)

Agent

Added

• FIM now supports whodata using an eBPF-based integration. (#27956)
• Added support for the riskDetections relationship in MS Graph. (#28416)
• Added standardized version metadata with VERSION.json file. (#28401)

Changed

• Added a time delay option in the MS Graph integration to prevent log loss. (#28389)
• Added a page size option to the MS Graph integration. (#28276)
• Implemented Journald rotation detection in Logcollector. (#28388)
• Deleted the restriction for the use of the AWS profile in the Amazon Security Lake integration. (#28149)
• Removed WARNING prefix in logs from the CloudWatchLogs AWS integration. (#27990)

Fixed

• Fixed a bug that could cause wazuh-modulesd to crash at startup. (#26647)
• Fixed incorrect UTF-8 character validation in FIM. Thanks to @zbalkan. (#26289)
• Improved URL validation in the Maltiverse integration. (#27100)
• Fixed an issue in Syscollector where package sizes were reported as negative. (#28005)
• Fixed an enrollment failure on Solaris 10 caused by unsupported socket timeout. (#29161)
• Fixed a memory issue in the wazuh-agentd argument parser. (#29214)
• Fixed WPK package upgrades for DEB when upgrading from version 4.3.11 or earlier. (#28928)

Ruleset

Added

• Created SCA content for Distribution Independent Linux. (#26837)
• Created SCA policy for Ubuntu 24.04 LTS. (#23194)
• Added SCA content for CentOS Stream 10. (#24495)
• Added SCA content for Windows Server 2025. (#26732)
• Added SCA content for Fedora 41. (#26736
• Added SCA content for RHEL 10. (#26934)
• Added SCA content for AlmaLinux 10. (#27952)

Changed

• Improved SCA rule for macOS 15. (#26982)
• Updated SCA Policy for Ubuntu 22.04 LTS to CIS Benchmark v2.0.0. (#22627)
• Fixed incorrect registry key in Windows Server 2022 SCA policy. (#17769)
• Fixed duplicated SCA check IDs for Windows Server 2025. (#29204)
• Fixed Ubuntu SCA checks to ensure nftables and iptables do not co-exist (#27913)
• Fixed errors in multiple checks in Rocky Linux 9 SCA checks (#28468)
• Fixed Ubuntu 24.04 SCA parsing error. (#28378)

Other

Changed

• Upgraded the curl dependency to 8.11.0. (#27614)
• Upgraded the cryptography library dependency to version 44.0.1. (#28298)
• Upgraded python-multipart to 0.0.20, starlette to 0.42.0 and Werkzeug to 3.1.3. (#27451)