Wazuh v4.13.0 released

By SecBurg
19. Sep 2025
Wazuh screenshot
Wazuh, is an open-source security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads.
The latest version 4.13.0 adds a lot of new features and improvements:
Wazuh v4.13.0 Latest

Manager
Added

    Added Analysisd ability to do a hot ruleset reload. (#29458)
    Added support for global queries of FIM and system inventory data. (#27894)
    Added sanity checks for hotfix values in Vulnerability Detector. (#30504)

Fixed

    Fixed missing agent version handling in Vulnerability Detector. (#29181)
    Fixed race condition in agent status synchronization between worker and master. (#29624)
    Fixed agent-group assignment for missing agents with improved error handling. (#30534)
    Fixed missing OS info updates in global inventory after first scan. (#30818)
    Fixed wazuh-db failure during agent restarts by updating the restart query to use HTTP. (#31048)
    Fixed DFM graceful shutdown. (#30627)
    Fixed inode field as string in FIM JSON messages to ensure schema consistency. (#30718)
    Fixed duplicate OS vulnerabilities detected due to inventory after OS version change. (#30837)

Changed

    Improved reports functionality to avoid duplicated daily FIM reports. (#29232)
    Optimized agent query endpoints. (#29363)
    Implemented RBAC resource cache with TTL support. (#29406)
    Improved Wazuh-DB protocol to support large HTTP requests and remove pagination. (#29514)
    Added HTTP client implementation to wazuh-db. (#29515)
    Separated control messages from the connection handling in remoted. (29153)
    Added capability to re-index CVEs if documents have changed in Vulnerability detector. (#29916)
    Improved exception handling in run_local SDK funcition. (#30851)
    Improved Authd connection management using epoll for better handling of concurrent agent registration requests. (#29135)
    Added single writer buffer manager instance for each indexer connector instances. (#31114)
    Disabled FIM Global Queries. (#31856))

Agent
Added

    Added support for Rocky Linux and AlmaLinux in the agent upgrade module. (#29391)
    Added handling of CentOS 9 SCA files in package specs. (#29393)
    Added SCA support for Oracle Linux 10. (#29139)
    Added Rootcheck rule to detect root-owned files with world-writable permissions. (#30556)
    Added Ms-Graph token validation before performing requests. (#30377)
    Added support for UTF-8 characters in file paths for FIM. (#30763)

Fixed

    Fixed incorrect handling of events in the Custom logs bucket. (#29312)
    Fixed download Azure's blob race condition. (29317)
    Fixed FIM reports false files. (#28962)
    Fixed IPv6 address format reported by WindowsHelper. (#29502)
    Fixed hidden port detection and netstat availability handling. (#29561)
    Replaced select() with sleep() in Logcollector to prevent errors during Docker deployment. (#29905)
    Fixed NetNTLMv2 exposure by filtering UNC paths and mapped drives in Windows agent. (#30060)
    Fixed Windows agent not starting after manual upgrade by deferring service start to post-install. (#29820)
    Fixed the loss of precision of the FIM inode field at values higher than 2ˆ53. (#30552)
    Fixed expanded file list in logcollector getconfig output. (#30614)
    Fixed authd.pass ACL permissions to match client.keys security level in Windows agent installer. (#31187)

Changed

    Improved agent synchronization to reduce redundant payload transfers. (#29426)
    Improved Syscollector to report only Python packages managed by dpkg. (#28688)
    Improved wazuh-db JSON handling performance by updating external dependencies. (#29399)
    Improved Azure module logging capabilities. (#29930)
    Improved restart on macOS agents after an upgrade. (#29940)
    Standarized different services timeouts. (#29443)
    Removed internal_key from queries filters. (#30637)

RESTful API
Added

    Added the server uuid to the /manager/info endpoint. (#29524)
    Added /agents/summary endpoint. (#29589)
    Added ruleset reload endpoints. (#31459)

Fixed

    Fixed false positive in configuration uploading. (#28962)
    Fixed sorting by version in agent list endpoint. (#29166)

Ruleset
Added

    Added SCA content for CentOS Stream 9. (#29269)
    Added IOCs and rules for Wazuh 4.x ruleset improvement. (#29653)
    Added SCA content for Oracle Linux 10. (#29139)
    Added rule to minimize event flooding from Windows events on the Wazuh manager. (#28790)

Changed

    Fixed bugs in Microsoft Windows 11 Enterprise SCA policy. (#5648)
    Fixed multiple checks in RHEL 9, RHEL 10, Rocky Linux 8 and Rocky Linux 9 SCA policies. (#29040)
    Fixed diff causing false negatives in rootcheck. (#28982)
    Fixed multiple RHEL 8 and CentOS 7 SCA checks generating incorrect results. (#28711)
    Fixed false positives in Benchmark Ubuntu 24.04. (#30827)

Other
Changed

    Updated Python dependencies: setuptools, Jinja2, and PyJWT. (#29610)
    Upgraded Python embedded interpreter to 3.10.16. (#28646)
    Upgraded h11 to 0.16.0 and httpcore to 1.0.9. (#29735)
    Removed unused Python Azure dependencies. (#28564)
Read the installation guide if you want to try it out.
Tools
News