4.13.0 Release notes - 18 September 2025

This section lists the changes in version 4.13.0. Every update of the Wazuh solution is cumulative and includes all enhancements and fixes from previous releases.

Highlights

The 4.13.0 release improves deployment flexibility, enhances centralized data access, and strengthens platform resilience. Key highlights include the introduction of the IT Hygiene dashboard, which provides users with the ability to centrally view and query IT Hygiene data.

  • Global queries for IT Hygiene data: Wazuh now supports global queries for IT Hygiene data through a newly dedicated IT Hygiene dashboard

  • Reliability and performance improvements across the platform.

  • Multiple bug fixes in core components and the UI.

  • Updates based on recent security scans.

What's new

This release includes new features or enhancements as the following:

Wazuh manager

  • #29232 Improved reports functionality to avoid duplicated daily FIM reports.

  • #29363 Optimized agent query endpoints.

  • #29406 Implemented RBAC resource cache with TTL support.

  • #29514 Improved Wazuh-DB protocol to support large HTTP requests and remove pagination.

  • #29515 Added HTTP client implementation to wazuh-db.

  • #29458 Added hot ruleset reload support to Analysisd.

  • #29916 Enabled CVE re-indexing when documents change in Vulnerability Detector.

  • #29153 Separated control messages from remoted's connection handling.

  • #30504 Added sanity checks for hotfix values in Vulnerability Detector.

  • #27894 Added support for global queries of FIM and system inventory data.

  • #30851 Improved exception handling in the run_local SDK function.

  • #29135 Improved Authd connection management using epoll to handle concurrent agent registration requests more efficiently.

  • #31114 Added a single writer buffer manager instance for each indexer connector instance.

  • #31856 Disabled FIM Global Queries.

Wazuh agent

  • #29391 Added support for Rocky Linux and AlmaLinux in the upgrade module.

  • #29393 Added handling of CentOS 9 SCA files in package specs.

  • #29139 Added SCA support for Oracle Linux 10.

  • #30556 Added Rootcheck rule to detect root-owned files with world-writable permissions.

  • #29426 Improved agent synchronization to reduce redundant payload transfers.

  • #28688 Improved Syscollector to report only Python packages managed by dpkg.

  • #29399 Improved wazuh-db JSON handling performance.

  • #29930 Enhanced Azure module logging.

  • #29940 Improved restart behavior on macOS agents after upgrade.

  • #29443 Standardized service timeouts across components.

  • #30377 Added MS Graph token validation before performing requests.

  • #30763 Added support for UTF-8 characters in file paths in FIM.

  • #30637 Removed internal_key from query filters.

RESTful API

  • #29524 Added server UUID to the /manager/info endpoint.

  • #29589 Added /agents/summary endpoint.

  • #31459 Added ruleset reload endpoints.

Ruleset

  • #29269 Added SCA content for CentOS Stream 9.

  • #29653 Added IOCs and new rules to improve the 4.x ruleset.

  • #29139 Added SCA content for Oracle Linux 10.

  • #28790 Added rule to minimize Windows event flooding on the manager.

Other

  • #29610 Updated Python dependencies: setuptools, Jinja2, and PyJWT.

  • #28646 Upgraded embedded Python interpreter to 3.10.16.

  • #29735 Upgraded h11 to 0.16.0 and httpcore to 1.0.9.

  • #28564 Removed unused Azure Python dependencies.

Wazuh dashboard

  • #7368 Added It Hygiene application. #7461 #7476 #7475 #7513 #7582 #7588 #7692 #7717

  • #7368 Added hardware and system information to the agent overview.

  • #7379 Added persistence for selected columns and page size in data grid settings. #7513

  • #7373 Added the ability to manage the sample data from IT Hygiene and vulnerabilities. #7449 #7475 #7718

  • #7443 Added back button to Deploy Agent page that redirects to Endpoints Summary.

  • #7412 Added UUID field to the APIs table.

  • #7373 Moved /elastic/samplealerts API endpoints to /indexer/samplealerts.

  • #7430 Changed macOS agent startup command.

  • #7368 Removed Inventory data view from agent overview.

  • #7475 Removed vulnerability.pattern setting.

  • #7368 Removed GET /api/syscollector API endpoint.

  • #7368 Removed inventory data report and POST /reports/agents/{agentID}/inventory API endpoint.

  • #7483 Removed the enrollment.password field from the /utils/configuration endpoint response to prevent unauthorized agent registration by users with read-only API roles.

  • #7657 Changed the manager reset button to reload in Rules, Decoders, and CDB list. #7677

  • #7484 Reduced the number of API calls to retrieve agent summary information.

Resolved issues

This release resolves known issues as the following:

Wazuh manager

  • #29181 Fixed missing agent version handling in Vulnerability Detector.

  • #29624 Fixed race condition in agent status synchronization between worker and master.

  • #30534 Fixed agent-group assignment for missing agents with improved error handling.

  • #30818 Fixed missing OS info updates in global inventory after first scan.

  • #31048 Fixed wazuh-db failure during agent restarts by switching the restart query to HTTP.

  • #30627 Fixed DFM graceful shutdown.

  • #30718 Fixed inode field as string in FIM JSON messages to ensure schema consistency.

  • #30837 Fixed duplicate OS vulnerabilities detected after an OS version change.

Wazuh agent

  • #29312 Fixed incorrect event handling in the Custom logs bucket.

  • #29317 Fixed Azure blob download race condition.

  • #28962 Fixed false FIM reports and configuration upload issues.

  • #29502 Fixed incorrect IPv6 format reported by WindowsHelper.

  • #29561 Fixed hidden port detection and netstat fallback.

  • #29905 Replaced select() with sleep() in Logcollector to avoid Docker-related errors.

  • #30060 Fixed NetNTLMv2 exposure by filtering UNC paths and mapped drives in Windows agent.

  • #29820 Fixed Windows agent not starting after manual upgrade by deferring service start to post-install.

  • #30552 Fixed precision loss in the FIM inode field for values greater than 2^53.

  • #30614 Fixed expanded file list in the logcollector getconfig output.

  • #31187 Fixed authd.pass ACL permissions to match client.keys security level in the Windows agent installer.

RESTful API

  • #29166 Fixed version sorting in agent list endpoint.

  • #28962 Fixed false positive detection during configuration uploading.

Ruleset

  • #29221 Fixed bugs in Windows 11 Enterprise SCA policy.

  • #29040 Fixed multiple SCA check errors in RHEL 9/10 and Rocky Linux 8/9.

  • #28982 Fixed diff logic in rootcheck that caused false negatives.

  • #28711 Fixed incorrect SCA results for RHEL 8 and CentOS 7.

  • #30827 Fixed false positives in Ubuntu 24.04 benchmark.

Wazuh dashboard

  • #7368 Fixed a problem in Vulnerabilities > Dashboard and Inventory when there are no indices matching with the index pattern.

  • #7425 Fixed double backslash warning on xml editor.

  • #7422 Fixed the X-axis label in the Vulnerabilities by year of publication visualization.

  • #7501 Fixed a bug in Rule details flyout, where it didn't map all the compliances.

  • #7540 Fixed the Windows service name in Deploy new agent.

  • #7552 Fixed an issue where filter values could change on navigation or pin/unpin actions, causing unexpected search results.

  • #7544 Fixed an issue in the expanded table row where outdated information could appear when using the refresh button.

  • #7550 Fixed a bug causing format issues in CSV reports.

Changelogs

The repository changelogs provide more details about the changes.

Product repositories

Auxiliary repositories