wazuh

SIEM & Threat Detection

Free open‑source platform for threat detection, prevention, and response across on‑premises, virtualized, containerized, and cloud environments

Track releases GitHub Website

C++ Latest v4.14.5 · 1mo ago Security brief →

Features

Intrusion detection via agent scanning and server signature analysis
Log data collection, rule‑based analysis, and secure forwarding to a central manager
File integrity monitoring for changes in content, permissions, ownership, and attributes
Vulnerability detection by correlating software inventory with CVE databases
Configuration assessment against security policies and compliance standards

Recent releases

View all 4 releases →

v4.14.5 Security relevant 1mo

Security fixes

DAPI callable resolution restriction
Buffer overflow in analysisd regex match
Path traversal in authd via agent group name

Full changelog

Manager

Fixed

Fixed DAPI callable resolution to restrict invocations to exposed resources only. (#34889)
Fixed uncontrolled memory allocation in cluster caused by crafted packet length. (#35173) (#35412)
Fixed rate limit bypass for the /events endpoint. (#35077)
Fixed buffer overflow in analysisd regex match processing. (#35106)
Fixed path traversal in authd via agent group name validation. (#35230)
Fixed size_t underflow in remoted ReadSecMSG causing potential heap overflow. (#35193)
Fixed RBAC bypass in DAPI allowing privilege escalation. (#35307)
Fixed analysisd plugin decoder argument alignment. (#35176)

Agent

Fixed

Fixed rootcheck false positive for /dev/.blkid.tab. (#34734)
Fixed ORDER_REVERSAL deadlocks in FIM. (#34735)
Fixed Roundcube decoder regex to prevent srcip truncation in "Failed login ... in session" logs. (#34793)
Fixed macOS Ventura SCA policy incorrectly passing pmset checks. (#34693)
Fixed Office365 integration pagination by trimming HTTP header values. (#34673)
Fixed FIM false positives caused by double readdir check. (#34880)
Fixed audit log cache overflow for events with many records in logcollector. (#35285)
Fixed daily marker for GuardDuty log collector. (#35110)
Fixed rootcheck not generating findings. (#35297)
Fixed heap buffer overflow in syscheck Registry Wildcard Expansion. (#35287)

Changed

Changed RHEL init script with SUSE variant on SLES 11. (#34563)
Changed service check from WMI to sc.exe. (#34543)
Changed windows syscollector to include command arguments. (#34727)

RESTful API

Fixed

Fixed allow_higher_versions validation in API upload_configuration. (#34905)
Fixed nested JSON depth limit in API request processing. (#35224)
Fixed upload size limit config mismatch. (#35141)

Ruleset

Fixed

Fixed bug in CIS SCA checks 35675 and 35689 for Ubuntu 24.04. (#35088)
Fixed Dovecot decoders to correctly extract rip and lip fields. (#35089)

Other

Changed

Updated dependencies cryptography to 46.0.5, Werkzeug to 3.1.6, pip to 26.0.1 and wheel to 0.46.3. (#34907)
Updated embedded Python to 3.10.20 and dependencies pyjwt, pyasn1. (#35135)
Updated dependencies cryptography, requests. (#35331)

View release on GitHub

v4.14.4 Security relevant 2mo

Security fixes

Fixed heap-based null WRITE Buffer Underflows

View release on GitHub

v4.14.3 Security relevant 3mo

Security fixes

Buffer overflow fixes in SCA decoder
Memory leak fix in CIS-CAT decoder

Notable features

Added hostname and architecture metadata to Windows keep-alive messages

View release on GitHub

v4.14.2 Bug fix 4mo

Fixed Azure Log Analytics bookmark overwriting, API certificate discrepancies, and asynchronous ruleset reload performance issues to improve reliability and response times.

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.