4.14.1 Release notes - 12 November 2025
This section lists the changes in version 4.14.1. Every update of the Wazuh solution is cumulative and includes all enhancements and fixes from previous releases.
What's new
This release includes new features or enhancements as the following:
Wazuh manager
#32009 Added IAM role support for VPC flow logs in the AWS wodle.
#32514 Added support for static and temporary AWS credentials in the Amazon Security Lake subscriber.
#32401 Optimized wazuh-db startup by executing agent schema creation in a single transaction.
#32463 Improved vulnerabilities index upgrade with hash-based mapping validation, automatic safe reindex, and backup cleanup.
#32069 Improved C++ logging mechanism to avoid unnecessary heap allocations.
#32521 Improved IndexerConnector error handling and response parsing to provide structured logging of 4xx/5xx errors.
#32525 Reduced default verbosity of wazuh-authd when handling invalid connections.
#32697 Remoted now reads internal options at process startup.
Wazuh agent
Ruleset
#31449 Reworked SCA policy for Microsoft Windows 10 Enterprise.
Other
Wazuh dashboard
#7804 Upgraded the
axiosdependency to version 1.12.2.#7841 Improved column order in IT Hygiene > Network > Traffic view to follow a logical source-to-destination flow.
#7639 Improved integrity monitoring settings terminology by clarifying file and registry labels, and updating component names for better user understanding.
Resolved issues
This release resolves known issues as the following:
Wazuh manager
#32045 Fixed manager vulnerability scan not triggering due to incorrect Syscollector event provider topic name.
#32787 Fixed IndexerConnector abuse control to prevent data loss on failed syncs.
#32107 Fixed user tag handling by adding
useras an alias for thedstuserstatic field.#32057 Fixed JSON validation issues in Analysisd and SCA components.
#32829 Fixed a bug in Vulnerability Scanner where the database offset was updated even in error cases.
Wazuh agent
#32383 Fixed indefinite waiting in FIM whodata health check.
#31241 Fixed graceful shutdown in FIM.
#32049 Verified the SHA256 of commands on every execution.
#32528 Fixed duplicate
<ca_store>configuration block during RPM package upgrades.#31144 Fixed a bug that prevented overwriting
<registry_limit>or<file_limit>options from remote configuration.#29853 Fixed a bug in Logcollector that prevented following symlinks when resolving wildcarded files.
#31222 Unified detection logs for wildcarded files in Logcollector.
#32027 Fixed a bug in FIM that did not recognize Registry keys unless they were UTF-8.
#32731 Fixed a bug in Logcollector that ignored all files with
<age>filter on Windows.#32812 Reverted IT Hygiene package vendor format on Debian to include name and email again.
#32785 Fixed a bug in IT Hygiene that reported duplicated Edge browser extensions.
#32838 Fixed reload of the
<labels>block via remote configuration.#32836 Fixed Windows installer to deploy SCA policies for Windows 2022 instead of Windows Server 2025.
Ruleset
#31349 Fixed bug in Windows SCA.
#31102 Fixed mistaken alert.
#31886 Fixed SCA checks in Oracle Linux 9.
#32509 Fixed bugs in Windows Server 2016 SCA.
#32523 Fixed bugs in PAM decoder.
#32480 Fixed macOS Sequoia SCA scans that produced errors.
#32802 Fixed Windows Server 2016 SCA policy configuration issue.
Wazuh dashboard
#7689 Fixed navigation issue in the MITRE ATT&CK framework details flyout.
#7710 Fixed event count evolution visualization in the Endpoint Details view to use the server API context filter.
#7783 Fixed sorting by agent count in Top 5 Groups visualization in Endpoints summary.
#7803 Fixed System Inventory displaying incorrect agent data after switching agents in the Endpoint Details view.
#7838 Replaced the Microsoft Graph API module icon with the official Microsoft Graph API logo for better specificity.
Changelogs
The repository changelogs provide more details about the changes.