Wazuh v4.9.0 – Comprehensive Overview Of Latest Enhancements And Fixes

Its latest enhancements and fixes that fortify cybersecurity measures. This version introduces significant improvements across its Manager and Agent components, boosts performance in vulnerability scanners, and expands its integration capabilities.

Explore the detailed changes and new features that further elevate Wazuh’s robust security framework.

Added

• The manager now supports alert forwarding to Fluentd. (#17306)
• Added missing functionality for vulnerability scanner translations. (#23518)
• Improved performance for vulnerability scanner translations. (#23722)
• Enhanced vulnerability scanner logging to be more expressive. (#24536)
• Added the HAProxy helper to manage load balancer configuration and automatically balance agents. (#23513)
• Added a validation to avoid killing processes from external services. (#23222)
• Enabled ceritificates validation in the requests to the HAProxy helper using the default CA bundle. (#23996)

Fixed

• Fixed compilation issue for local installation. (#20505)
• Fixed malformed JSON error in wazuh-analysisd. (#16666)
• Fixed a warning when uninstalling the Wazuh manager if the VD feed is missing. (#24375)
• Ensured vulnerability detection scanner log messages end with a period. (#24393)

Changed

• Changed error messages about recv() messages from wazuh-db to debug logs. (#20285)
• Sanitized the integrations directory code. (#21195)

Agent

Added

• Added debug logging in FIM to detect invalid report change registry values. Thanks to Zafer Balkan (@zbalkan). (#21690)
• Added Amazon Linux 1 and 2023 support for the installation script. (#21287)
• Added Journald support in Logcollector. (#23137)
• Added support for Amazon Security Hub via AWS SQS. (#23203)

Fixed

• Fixed loading of whodata through timeouts and retries. (#21455)
• Avoided backup failures during WPK update by adding dependency checking for the tar package. (#21729)
• Fixed a crash in the agent due to a library incompatibility. (#22210)
• Fixed an error in the osquery integration on Windows that avoided loading osquery.conf. (#21728)
• Fixed a crash in the agent’s Rootcheck component when using <ignore>. (#22588)
• Fixed command wodle to support UTF-8 characters on windows agent. (#19146)
• Fixed Windows agent to delete wazuh-agent.state file when stopped. (#20425)
• Fixed Windows Agent 4.8.0 permission errors on Windows 11 after upgrade. (#20727)
• Fixed alerts are created when syscheck diff DB is full. (#16487)
• Fixed Wazuh deb uninstallation to remove non-config files. (#2195)
• Fixed improper Windows agent ACL on non-default installation directory. (#23273)
• Fixed socket configuration of an agent is displayed. (#17664)
• Fixed wazuh-modulesd printing child process not found error. (#18494)
• Fixed issue with an agent starting automatically without reason. (#23848)
• Fixed GET /syscheck to properly report size for files larger than 2GB. (#17415)
• Fixed error in packages generation centos 7. (#24412)
• Fixed Wazuh deb uninstallation to remove non-config files from the installation directory. (#2195)
• Fixed Azure auditLogs/signIns status parsing (thanks to @jmnis for the contribution). (#22392)
• Fixed how the S3 object keys with special characters are handled in the Custom Logs Buckets integration. (#22621)

For more information click here.