4.12.0 Release notes - 7 May 2025
This section lists the changes in version 4.12.0. Every update of the Wazuh solution is cumulative and includes all enhancements and fixes from previous releases.
Highlights
Wazuh 4.12.0 introduces functional improvements that expand the platform’s capabilities and compatibility. This release supports ARM architecture in central components, allowing Wazuh to run on a wider range of hardware. It also enhances threat intelligence by adding CTI references to the CVE data, providing better context for vulnerabilities. Additionally, it introduces eBPF support for the File Integrity Monitoring (FIM) module, enabling more efficient and modern monitoring on Linux endpoints.
ARM architecture support in central components: The Wazuh manager, indexer, and dashboard now support ARM-based systems, offering greater deployment flexibility.
CTI links to CVE information: Vulnerability Detection module now includes CTI references within the CVE details, offering enriched context and threat intelligence to aid in vulnerability assessment.
Improved file integrity monitoring with eBPF support: The file integrity monitoring module now supports eBPF on Linux, improving who-data monitoring and system visibility.
New SCA policy for Distribution Independent Linux endpoints: A new Security Configuration Assessment (SCA) policy is now available for Wazuh Linux agents.
Breaking changes
OpenSearch 2.19.1 and Apache Lucene upgrade: Wazuh 4.12.0 upgrades to OpenSearch 2.19.1 and updates the Apache Lucene version. This change affects compatibility with previous versions. As a result, downgrades are not supported. Once you upgrade the Wazuh indexer to version 4.12.0, you cannot revert to an earlier version.
What's new
This release includes new features or enhancements as the following:
Wazuh manager
#26652 Added new compilation flags for the Vulnerability Detection module.
#26083 Added support for central components in ARM architectures.
#28220 Added functionality to navigate to CTI links related to specific CVE detections from states and alerts.
#27614 Updated
curl
dependency to8.11.0
.#28298 Upgraded
cryptography
package to version44.0.1
.#28047 Converted server logs timestamp to UTC.
#28149 Removed restriction for
aws_profile
in Security Lake.#28038 Removed error logs when the response is
409
for certain OpenSearch calls.#27451 Upgraded packages:
python-multipart
to0.0.20
,starlette
to0.42.0
, andWerkzeug
to3.1.3
.#27990 Removed warning about events in
cloudwatchlogs
.#27603 Added package condition field in indexed vulnerabilities.
Wazuh agent
#27956 Added eBPF-based integration to support whodata in FIM.
#28416 Added support for the
riskDetections
relationship in MS Graph.#28389 Added time delay option in MS Graph integration to prevent log loss.
#28276 Added page size option to MS Graph integration.
#28388 Implemented Journald rotation detection in Logcollector.
Ruleset
Wazuh dashboard
Resolved issues
This release resolves known issues as the following:
Wazuh manager
#26720 Fixed inconsistent vulnerability severity categorization by correcting CVSS version prioritization.
#26769 Fixed a potential crash in Wazuh-DB by improving the PID parsing method.
#28185 Fixed concurrent mechanism on column family
RocksDB
.#28503 Fixed unused variables in Analysisd.
#29050 Fixed Analysisd startup failure caused by mixing static and dynamic rules with the same ID.
#27834 Fixed crash in Vulnerability Scanner when processing delayed events during agent re-scan.
#26679 Improved signal handling during process stop.
#27750 Improved cleanup logic for the content folder in the VD module.
#27806 Sanitized invalid size values from package data provider events.
#26704 Fixed crash when reading email alerts missing the
email_to
attribute.#29179 Fixed offset errors by updating the DB only after processing events.
Wazuh agent
#26647 Fixed a bug that could cause wazuh-modulesd to crash at startup.
#26289 Fixed incorrect UTF-8 character validation in FIM. Thanks to @zbalkan.
#27100 Improved URL validation in Maltiverse integration.
#28005 Fixed issue in Syscollector where package sizes were reported as negative.
#29161 Fixed enrollment failure on Solaris 10 caused by unsupported socket timeout.
#29214 Fixed memory issue in the wazuh-agentd argument parser.
#28928 Fixed WPK package upgrades for DEB when upgrading from version 4.3.11 or earlier.
Wazuh dashboard
#7185 Fixed issue where adding the same filter twice wouldn't display it in the search bar.
#7171 Fixed rendering of rows in CDB list table when they start with quotes.
#7206 Fixed width of long fields in the document detail flyout.
#7267 Fixed logging of UI logs due to an undefined logger property.
#7278 Fixed TOP-5-SO filter management in Endpoints > Summary.
#7304 Fixed CSV export not filtering by time range.
#7336 Fixed agent view not displaying the latest agent state.
#7377 Fixed saved queries not appearing in the search bar.
#7401 Fixed monitoring cronjob infinite retries in case of a request exception.
#7399 Fixed double scroll bar in Discover.
Changelogs
The repository changelogs provide more details about the changes.