4.7.0 Release notes - 27 November 2023

This section lists the changes in version 4.7.0. Every update of the Wazuh solution is cumulative and includes all enhancements and fixes from previous releases.

What's new

This version includes new features or improvements, such as the following:


  • #18026 Added native Maltiverse integration. Wazuh now leverages the Maltiverse API to enrich alerts. This enhancement supplements alert details with threat intelligence data following the Elastic Common Schema (ECS) standard. Acknowledgments to David Gil (@dgilm).

  • #16090 Added an option to customize the Slack integration.

  • #16008 An unnecessary sanity check related to Syscollector has been removed from wazuh-db.

  • #18570 Added support for Amazon Linux 2023 in Vulnerability Detector.

  • #20367 The manager now rejects agents with a higher version by default.


  • #17951 Added support for Custom AWS Logs in Buckets via AWS SQS. This enhancement improves visibility and troubleshooting in AWS environments.

  • #15582 Added geolocation for aws.data.client_ip field. The new GeoIP feature enables tracking of geographical locations of AWS ALB client IP addresses. This addition enhances visibility into network traffic and security monitoring. Acknowledgements to Arran Rhodes @rh0dy.

  • #15699 Added package inventory support for Alpine Linux in Syscollector.

  • #16117 Added package inventory support for MacPorts package manager in Syscollector. This enhancement improves compatibility with macOS.

  • #17982 Added package inventory support for Python PYPI and Node.js in Syscollector.

  • #15000 Added process information to the open ports inventory in Syscollector. This addition enhances ports inventory capabilities for better management and tracking on Linux systems.

  • #17966 The shared modules code has been sanitized according to the convention.

  • #18006 The package inventory internal messages have been modified to honor the schema compliance.

  • #20360 Added clarification to the agent connection log. The agent must connect to a manager of the same or higher version.

Wazuh dashboard

  • #5680 Added the Status detail column in the Agents table.

  • #5738 The agent registration wizard now effectively manages special characters in passwords.

  • #5636 Changed the Network ports table columns for Linux agents.

  • #5707 Changed Timelion-type displays in the Management > Statistics section to line-type displays.

  • #5747 Removed views in JSON and XML formats from the Management settings.


  • #19726 Added new status_code field to GET /agents response.

  • #20126 Deprecated the following API endpoints.

    • PUT /vulnerability

    • GET /vulnerability/{agent_id}

    • GET /vulnerability/{agent_id}/last_scan

    • GET /vulnerability/{agent_id}/summary/{field}


  • #2568 Updated links to wazuh-dashboard-plugins repository.

  • #2555 Added firewall validation to the installation assistant.

Resolved issues

This release resolves known issues as the following:





Fixed an unexpected cluster error when a worker gets restarted.


Fixed an issue that let the manager validate wrong XML configurations.


Fixed default value for multiarch field in syscollector packages.


Fixed WPK rollback rebooting the host in Windows agent.





Fixed detection of osquery 5.4.0+ running outside the integration.


Fixed vendor data in package inventory for Brew packages on macOS.


Improved reliability of the signature verification mechanism.





Addressed error handling for non-utf-8 encoded file readings.


Resolved an issue in the WazuhException class that disrupted the API executor subprocess.


Corrected an empty value problem in the API specification key.





Fixed the signature of the internal function OSHash_GetIndex().

Wazuh dashboard




Fixed problem with new or missing columns in the Agents table.


Fixed the color of the agent name in the groups section in dark mode.


Fixed the propagation event so that the flyout data, in the decoders, does not change when the button is pressed.


Fixed the tooltips of the tables in the Security section, and removed unnecessary requests.





Fixed wrong condition when generating the RPM Wazuh indexer package with an existent base file.


More details about these changes are provided in the changelog of each component: