4.11.0 Release notes - 20 February 2025

This section lists the changes in version 4.11.0. Every update of the Wazuh solution is cumulative and includes all enhancements and fixes from previous releases.

Highlights

The 4.11 release introduces significant improvements in vulnerability detection, system inventory accuracy, and virtual machine base OS updates. The focus is on enhancing security insights, ensuring up-to-date system compatibility, and improving detection mechanisms for installed software. Key updates include the enhancement of the vulnerability detection process for CNA (CVE Numbering Authority), updates to AMI and OVA base operating systems, and improvements to Syscollector's software detection capabilities.

Key features include the following:

  • Vulnerability detection CNA enhancement: The vulnerability scanner now prioritizes CISA-sourced vulnerability data over the NVD, ensuring more accurate and detailed vulnerability assessments. This enhancement reduces false positives and improves alignment with official security sources.

  • AMI and OVA base OS update: The base OS for AMI and OVA has been updated to Amazon Linux 2023 (AL2023) due to security vulnerabilities in Amazon Linux 2 (AL2) and its approaching end of life.

  • Syscollector's software detection improvement: Syscollector now provides enhanced detection of installed software. Improvements include better package identification in macOS, expanded detection of pip and npm installations, and integration with Windows WMI to capture system updates more accurately.

What's new

This release includes new features or enhancements as the following:

Wazuh manager

  • #27771 Improved delimiters on XML.

  • #27893 Improved FIM decoder.

  • #27835 Improved SCA and Syscheck decoders.

  • #27914 Improved CISCAT decoder detection messages.

  • #27692 Added CISA vulnerability content and prioritized it over NVD in the vulnerability scanner.

  • #28195 Changed ms-graph page size.

Wazuh agent

  • #26706 Improved Syscollector hotfix coverage on Windows by integrating WMI and WUA APIs.

  • #26782 Extended Syscollector capabilities to detect installed .pkg packages.

  • #26236 Updated standard Python and NPM package location in Syscollector to align with common installation paths.

Wazuh dashboard

  • #7193 Refined the layout of the agent details view.

  • #7195 Changed the width of the command column, relocate argvs column and change the width of the rest of the columns in the table processes.

  • #7245 Removed unused node_build field in the package manifest of the wazuh plugin.

Resolved issues

This release resolves known issues as the following:

Wazuh manager

  • #26132 Enabled inventory synchronization in Vulnerability Detector when the Indexer module is disabled.

Wazuh agent

  • #27739 Fixed error in event processing on AWS Custom Logs Buckets module.

RESTful API

  • #26255 Added the security:revoke action to the PUT /security/user/revoke endpoint.

Wazuh dashboard

  • #7251 Fixed documentation URL related to the usage of the authentication password in agent deployment.

  • #7255 Fixed a problem with duplicated requests to get the list of valid index patterns in the menu.

Changelogs

The repository changelogs provide more details about the changes.

Product repositories

Auxiliary repositories