4.12.0 Release notes - 7 May 2025

This section lists the changes in version 4.12.0. Every update of the Wazuh solution is cumulative and includes all enhancements and fixes from previous releases.

Highlights

Wazuh 4.12.0 introduces functional improvements that expand the platform’s capabilities and compatibility. This release supports ARM architecture in central components, allowing Wazuh to run on a wider range of hardware. It also enhances threat intelligence by adding CTI references to the CVE data, providing better context for vulnerabilities. Additionally, it introduces eBPF support for the File Integrity Monitoring (FIM) module, enabling more efficient and modern monitoring on Linux endpoints.

Breaking changes

  • OpenSearch 2.19.1 and Apache Lucene upgrade: Wazuh 4.12.0 upgrades to OpenSearch 2.19.1 and updates the Apache Lucene version. This change affects compatibility with previous versions. As a result, downgrades are not supported. Once you upgrade the Wazuh indexer to version 4.12.0, you cannot revert to an earlier version.

What's new

This release includes new features or enhancements as the following:

Wazuh manager

  • #26652 Added new compilation flags for the Vulnerability Detection module.

  • #26083 Added support for central components in ARM architectures.

  • #28220 Added functionality to navigate to CTI links related to specific CVE detections from states and alerts.

  • #27614 Updated curl dependency to 8.11.0.

  • #28298 Upgraded cryptography package to version 44.0.1.

  • #28047 Converted server logs timestamp to UTC.

  • #28149 Removed restriction for aws_profile in Security Lake.

  • #28038 Removed error logs when the response is 409 for certain OpenSearch calls.

  • #27451 Upgraded packages: python-multipart to 0.0.20, starlette to 0.42.0, and Werkzeug to 3.1.3.

  • #27990 Removed warning about events in cloudwatchlogs.

  • #27603 Added package condition field in indexed vulnerabilities.

Wazuh agent

  • #27956 Added eBPF-based integration to support whodata in FIM.

  • #28416 Added support for the riskDetections relationship in MS Graph.

  • #28389 Added time delay option in MS Graph integration to prevent log loss.

  • #28276 Added page size option to MS Graph integration.

  • #28388 Implemented Journald rotation detection in Logcollector.

Ruleset

  • #26732 Added SCA content for Windows Server 2025.

  • #26736 Added SCA content for Fedora 41.

  • #26837 Created SCA policy for Distribution Independent Linux.

  • #23194 Created SCA policy for Ubuntu 24.04 LTS.

  • #26982 Improved SCA rule for macOS 15.

Wazuh dashboard

  • #7182 Added setting to limit the number of rows in CSV reports.

  • #7306 Added vulnerability.scanner.reference field containing the CTI reference of the vulnerability.

  • #7192 Refined queue usage visualizations in Statistics.

  • #7390 Removed revision number from About page.

Resolved issues

This release resolves known issues as the following:

Wazuh manager

  • #26720 Fixed inconsistent vulnerability severity categorization by correcting CVSS version prioritization.

  • #26769 Fixed a potential crash in Wazuh-DB by improving the PID parsing method.

  • #28185 Fixed concurrent mechanism on column family RocksDB.

  • #28503 Fixed unused variables in Analysisd.

  • #29050 Fixed Analysisd startup failure caused by mixing static and dynamic rules with the same ID.

  • #27834 Fixed crash in Vulnerability Scanner when processing delayed events during agent re-scan.

  • #26679 Improved signal handling during process stop.

  • #27750 Improved cleanup logic for the content folder in the VD module.

  • #27806 Sanitized invalid size values from package data provider events.

  • #26704 Fixed crash when reading email alerts missing the email_to attribute.

  • #29179 Fixed offset errors by updating the DB only after processing events.

Wazuh agent

  • #26647 Fixed a bug that could cause wazuh-modulesd to crash at startup.

  • #26289 Fixed incorrect UTF-8 character validation in FIM. Thanks to @zbalkan.

  • #27100 Improved URL validation in Maltiverse integration.

  • #28005 Fixed issue in Syscollector where package sizes were reported as negative.

  • #29161 Fixed enrollment failure on Solaris 10 caused by unsupported socket timeout.

  • #29214 Fixed memory issue in the wazuh-agentd argument parser.

  • #28928 Fixed WPK package upgrades for DEB when upgrading from version 4.3.11 or earlier.

Wazuh dashboard

  • #7185 Fixed issue where adding the same filter twice wouldn't display it in the search bar.

  • #7171 Fixed rendering of rows in CDB list table when they start with quotes.

  • #7206 Fixed width of long fields in the document detail flyout.

  • #7267 Fixed logging of UI logs due to an undefined logger property.

  • #7278 Fixed TOP-5-SO filter management in Endpoints > Summary.

  • #7304 Fixed CSV export not filtering by time range.

  • #7336 Fixed agent view not displaying the latest agent state.

  • #7377 Fixed saved queries not appearing in the search bar.

  • #7401 Fixed monitoring cronjob infinite retries in case of a request exception.

  • #7399 Fixed double scroll bar in Discover.

Changelogs

The repository changelogs provide more details about the changes.

Product repositories

Auxiliary repositories