Release history

OSSEC releases

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Back to tool Latest release

All releases

2 shown

Review required

4.1.0 New feature 7d

Auth Dependencies

SMTP TLS + IPv6 + large‑file support + crash fixes

Open

4.0.0 Security relevant 4mo

Breaking changes

AES encryption is now default for agent-server communication, breaking compatibility with OSSEC 3.8 and earlier agents.

Security fixes

Critical UAF bug in memory leak fix (Issue #1818)
Heap UAF in OSSEC Alert decoder (Issue #1817)
Uncontrolled recursion in os_xml _ReadElem (Issue #1953)

Notable features

SHA-256 file integrity monitoring enabled by default for all monitored directories.
Secure random number generation for agent key generation using OpenSSL RAND_bytes.
Major dependency updates including Lua 5.4.7, zlib 1.3.1, and cJSON 1.7.18.

View release on GitHub

Beta — feedback welcome: [email protected]