4.14.3 Release notes - 11 February 2026

This section lists the changes in version 4.14.3. Every update of the Wazuh solution is cumulative and includes all enhancements and fixes from previous releases.

What's new

This release includes new features or enhancements as the following:

Wazuh agent

  • #33831 Added hostname and architecture metadata to Windows keep-alive messages.

RESTful API

  • #33702 Improved authentication performance by caching generated key pairs and clearing the cache when key files change.

Ruleset

  • #33492 Added a CIS SCA policy for macOS 26 Tahoe.

Other

  • #33569 Updated the werkzeug dependency to version 3.1.4.

  • #33927 Updated the urllib3 dependency to version 2.6.3.

Wazuh dashboard

  • #8025 Added the ability to remove agents from Agents management > Summary.

  • #8026 Set run_as to true by default in the wazuh.yml file.

  • #8026 Added an API selector warning when run_as is set to false in the wazuh.yml file.

  • #7958 Upgraded the js-yaml dependency to version 4.1.1.

  • #8008 Upgraded the swagger-client dependency to version 3.36.0.

Resolved issues

This release resolves known issues as the following:

Wazuh manager

  • #33464 Escaped document IDs when necessary before sending documents to the indexer.

  • #33551 Extended timestamp conversion helpers to support additional input formats and normalize ISO 8601 strings.

  • #33705 Restricted cluster file transfer write paths.

  • #33910 Hardened cluster deserialization by restricting callable decoding to Wazuh modules and improving error handling.

  • #33803 Added query size checks to Syscollector delta sync SQL generation to prevent buffer overflows.

  • #33756 Replaced unsafe sprintf calls in the SCA decoder to prevent buffer overflows.

  • #33739 Fixed a memory leak in the CIS-CAT decoder when database operations fail.

  • #34184 Fixed ruleset hot reload on workers by awaiting the send_reload_ruleset_msg call.

Wazuh agent

  • #33495 Fixed UTF-16 casting when updating report_changes.

  • #33665 Improved Active Response key handling in wazuh-execd.

  • #33704 Added bounds checking to Logcollector max-size configuration serialization.

  • #33926 Hardened Logcollector multiline backup handling by using full-buffer copies.

  • #33708 Fixed label formatting edge cases in keep-alive notify messages.

  • #33922 Fixed incorrect permissions on router and socket UNIX sockets.

  • #33583 Fixed a false positive in vulnerability detection for Oracle Linux 8.

  • #34115 Extended Windows network path restrictions to block extended-length UNC paths.

  • #34162 Fixed a crash in network path detection on Windows.

  • #34064 Fixed agent reload failure on Linux systems with systemd version 219 or lower.

RESTful API

  • #33683 Improved configuration upload validation by reliably parsing and comparing Wazuh XML configurations.

  • #33807 Fixed protected settings checks when multiple <ossec_config> blocks are present.

Ruleset

  • #34141 Fixed SCA policy execution on Windows Server 2019 by using the correct PowerShell path.

Wazuh dashboard

  • #8018 Fixed a TypeError when using the exists or does not exist operators on the vulnerability.under_evaluation filter.

  • #8032 Fixed the editing of XML content in Server management > Settings on Edit configuration.

Changelogs

The repository changelogs provide more details about the changes.

Product repositories

Auxiliary repositories