4.10.0 Release notes - 9 January 2025

This section lists the changes in version 4.10.0. Every update of the Wazuh solution is cumulative and includes all enhancements and fixes from previous releases.

Highlights

This release delivers key improvements across several areas, including enhanced debugging, expanded integration capabilities, standardised logging, refined compliance checks, and an improved dashboard user experience.

Key features include the following:

  • Wazuh debug symbols generation: Debug symbols are now generated during builds for macOS, Linux, and Windows, with crash dump generation by default in installers. Adequate documentation is provided for users to disable the crash dump generation process.

  • Standardized logging for cloud integrations: A logger has been introduced to standardize logs for cloud integration modules, improving log management and consistency.

  • Microsoft Intune integration: Integration with Microsoft Intune allows Wazuh to retrieve audit logs from managed devices, process them using built-in decoders and rules, and generate actionable security alerts.

  • Vulnerability evaluation status: A new field has been introduced to indicate whether a vulnerability is under evaluation or disputed, assisting users in tracking vulnerabilities still awaiting analysis in the National Vulnerability Database (NVD).

  • Wazuh Dashboard UI improvements: Several key sections of the Wazuh dashboard have been redesigned to improve the user experience. Changes include updates to the Overview, Events, and Agent detail pages, along with the addition of an Agents management menu. Additionally, there are redesigns of the deploy new agent page, adjustments to the loading logo size, and fixes to the vulnerability inventory table for improved usability.

  • Reworked SCA policies: Numerous SCA policies have been reworked, including policies for Rocky Linux 8, Alma Linux 8, Amazon Linux 2023, Windows Server 2019, RedHat 9, Windows Server 2012 R2, Windows Server 2012 (no R2), Debian 10, Ubuntu 18, Amazon Linux 2, SUSE 15, macOS Ventura, and Windows 11 Enterprise..

What's new

This release includes new features or enhancements as the following:

Wazuh manager

  • #24333 Added self-recovery mechanism for rocksDB databases.

  • #25189 Improve logging for indexer connector monitoring class.

  • #23760 Added generation of debug symbols.

  • #27320 Improved Vulnerability Scanner performance by optimizing the PEP440 version matcher.

  • #27324 Improved Vulnerability Scanner performance by optimizing version matcher object creation.

  • #27321 Improved Vulnerability Scanner performance by optimizing global data handling.

Wazuh agent

  • #23760 Added generation of debug symbols.

  • #23998 Changed how the AWS module handles non-existent regions.

  • #2006 Changed macOS packages building tool.

  • #7498 Enhanced Wazuh macOS agent installation instructions.

  • #2826 Enhanced Windows agent signing procedure.

  • #23466 Enhanced security by implementing a mechanism to prevent unauthorized uninstallation of the Wazuh agent on Linux endpoints.

  • #24498 Enhanced integration with Microsoft Intune MDM to pull audit logs for security alert generation.

  • #26137 Updated rootcheck old signatures.

RESTful API

  • #24621 Created new endpoint for agent uninstall process.

Ruleset

  • #21794 Created SCA policy for Microsoft Windows Server 2012 (non-R2).

  • #21434 Reworked SCA policy for Microsoft Windows Server 2019.

  • #24667 Reworked SCA policy for Red Hat Enterprise Linux 9.

  • #24991 Reworked SCA policy for Microsoft Windows Server 2012 R2.

  • #24957 Reworked SCA policy for Ubuntu 18.04 LTS and fixed incorrect checks in Ubuntu 22.04 LTS.

  • #24969 Reworked SCA policy for Amazon Linux 2.

  • #24975 Reworked SCA policy for SUSE Linux Enterprise 15.

  • #24992 Reworked SCA policy for Apple macOS 13.0 Ventura.

  • #25710 Reworked SCA policy for Microsoft Windows 11 Enterprise.

Other

  • #25374 Updated the embedded Python version up to 3.10.15.

  • #25324 Upgraded certifi and removed unused packages.

  • #25893 Upgraded external cryptography library dependency version to 43.0.1.

  • #26252 Upgraded external starlette and uvicorn dependencies.

Wazuh dashboard

  • #6964 Added sample data for YARA.

  • #6963 Updated malware detection group values in data sources.

  • #6938 Changed the registration ID of the Settings application for compatibility with OpenSearch Dashboards 2.16.0.

  • #6964 Changed Malware detection dashboard visualizations.

  • #6945 Removed agent RBAC filters from dashboard queries.

  • #7001 Removed GET /elastic/statistics API endpoint.

  • #6968 Added a custom filter and visualization for vulnerability.under_evaluation field. #7044 #7046

  • #7032 Changed MITRE ATT&CK overview description.

  • #7041 Changed the agents summary in overview with no results to an agent deployment help message.

  • #7036 Changed malware feature description.

  • #7033 Changed the font size of the KPI subtitles and the features descriptions.

  • #7059 Changed the initial width of the default columns for each selected field.

  • #7038 Removed VirusTotal application in favor of Malware Detection.

  • #7058 Add vulnerabilities card to agent details page.

  • #7112 Added an Agents management menu and moved the sections: Endpoint Groups and Endpoint Summary which changed its name to Summary.

  • #7119 Added ability to filter from File Integrity Monitoring registry inventory.

  • #7119 Added new field columns and ability to select the visible fields in the File Integrity Monitoring Files and Registry tables.

  • #7081 Added filter by value to document details fields.

  • #7135 Added pinned agent mechanic to inventory data, stats, and configuration for consistent functionality.

  • #7057 Changed the warning icon in events view to an info icon.

  • #7034 Changed feature container margins to ensure consistent separation and uniform design.

  • #7089 Changed inventory, stats and configuration page to use tabs.

  • #7156 Added ability to edit the wazuh.updates.disabled configuration setting from the UI.

  • #7149 Changed styles in the register agent view for consistency of styles across views.

Resolved issues

This release resolves known issues as the following:

Wazuh manager

  • #24620 Added support for multiple Certificate Authorities files in the indexer connector.

  • #24529 Removed hardcoded cipher text size from the RSA decryption method.

  • #25094 Avoided infinite loop while updating the vulnerability detector content.

  • #26223 Fixed repeated OS vulnerability reports.

  • #25479 Fixed inconsistencies between reported context and vulnerability data.

  • #26073 Fixed concurrency issues in LRU caches.

  • #26232 Removed all CVEs related to a deleted agent from the indexer.

  • #26922 Prevented an infinite loop when indexing events in the Vulnerability Detector.

  • #26842 Fixed segmentation fault in DescriptionsHelper::vulnerabilityDescription.

  • #24034 Fixed vulnerability scanner re-scan triggers in cluster environment.

  • #23266 Updated CURL version to 8.10.0.

  • #27145 Fixed an issue where elements in the delayed list were not purged when changing nodes.

  • #27145 Added logic to avoid re-scanning disconnected agents.

Wazuh agent

  • #25452 Fixed macOS agent upgrade timeout.

  • #24531 Fixed macOS agent startup error by properly redirecting cat command errors in wazuh-control.

  • #24516 Fixed inconsistent package inventory size information in Syscollector across operating systems.

  • #24125 Fixed missing Python path locations for macOS in Data Provider.

  • #25429 Fixed permission error on Windows 11 agents after remote upgrade.

  • #24387 Fixed increase of the variable containing file size in FIM for Windows.

  • #25699 Fixed timeout issue when upgrading Windows agent via WPK.

  • #26748 Allowed unknown syslog identifiers in Logcollector's journald reader.

  • #26828 Prevented agent termination during package upgrades in containers by removing redundant kill commands.

  • #26861 Fixed handle leak in FIM's realtime mode on Windows.

  • #26900 Fixed errors on AIX 7.2 by adapting the blibpath variable.

  • #26944 Sanitized agent paths to prevent issues with parent folder references.

  • #26633 Fixed an issue in the DEB package that prevented the agent from restarting after an upgrade.

  • #26944 Improved file path handling in agent communications to avoid references to parent folders.

  • #27054 Set RPM package vendor to UNKNOWN_VALUE when the value is missing.

  • #27059 Updated Solaris package generation to use the correct wazuh-packages reference.

Ruleset

  • #22597 Fixed logical errors in Windows Server 2022 SCA checks.

  • #25224 Fixed incorrect regulatory compliance in several Windows rules.

  • #24733 Fixed incorrect checks in Ubuntu 22.04 LTS.

  • #25190 Removed a check with high CPU utilization in multiple SCA policies.

Wazuh dashboard

  • #7001 Fixed issue where read-only users could not access the Statistics application.

  • #7047 Fixed the filter being displayed cropped on screens of 575px to 767px in the vulnerability detection module.

  • #7029 Fixed no-agent alert appearing with a selected agent in the agent-welcome view.

  • #7042 Fixed security policy exception when it contained deprecated actions.

  • #7048 Fixed export of formatted CSV data with special characters from tables.

  • #7077 Fixed filter management to prevent hiding when adding multiple filters.

  • #7120 Fixed loading state of the agents status chart in the home overview.

  • #7075 Fixed border on cells in events that disappear when clicked.

  • #7116 Fixed the Mitre ATT&CK exception in the agent view, the redirections of ID, Tactics, Dashboard Icon and Event Icon in the drop-down menu, and the card not displaying information when the flyout was opened.

  • #7047 Fixed the filter displaying cropped on screens of 575px to 767px in vulnerability detection module.

  • #7119 Fixed ability to filter from files inventory details flyout of File Integrity Monitoring.

  • #7122 Removed processes state column in macOS agents.

  • #7160 Fixed invalid date filter applied on FIM details flyout.

  • #7156 Fixed the Check updates UI being displayed despite being configured as disabled.

  • #7151 Fixed filter by value in document details not working in Safari.

  • #7167 Fixed error message to prevent passing non-string values to the Wazuh logger.

  • #7177 Fixed the rendering of the data.vulnerability.reference field in the table and flyout.

  • #7072 Fixed column reordering feature.

  • #7161 Fixed endpoint group module name and indexer management order.

  • #440 Fixed incorrect or empty Wazuh API version displayed after upgrade.

Changelogs

The repository changelogs provide more details about the changes.

Product repositories

Auxiliary repositories