Wazuh v4.14.3 released

By SecBurg

Wazuh is an open-source security solution offering integrated XDR and SIEM capabilities to protect endpoints and cloud-based workloads.

The latest version 4.14.3 is again mainly a maintenance and bugfix release:

Wazuh v4.14.3 Latest

Manager

Fixed

Scaped document ID when necessary before sending document to indexer. (#33464)
Extended timestamp conversion helpers to support additional input formats and normalize ISO8601 strings. (#33551)
Restricted cluster file transfer write paths. (#33705)
Hardened cluster deserialization by restricting callable decoding to Wazuh modules and improving error handling. (#33910)
Added query size checks for syscollector delta sync SQL generation to prevent buffer overflows. (#33803)
Replaced unsafe sprintf calls in the SCA decoder to prevent buffer overflows. (#33756)
Fixed a memory leak in the CIS-CAT decoder when database operations fail. (#33739)
Fixed ruleset hot reload on workers by awaiting send_reload_ruleset_msg. (#34184)

Agent

Added

Added hostname and architecture metadata to Windows keep-alive messages. (#33831)

Fixed

Fixed UTF-16 casting when updating report_changes. (#33495)
Improved Active Response key handling in wazuh-execd. (#33665)
Added bounds checking to Logcollector max-size configuration serialization. (#33704)
Hardened Logcollector multiline backup handling to use full-buffer copies. (#33926)
Fixed label formatting edge cases in keep-alive notify messages. (#33708)
Fixed a false positive in vulnerability detection for Oracle Linux 8. (#33583)
Extended Windows network path restrictions to block extended-length UNC paths. (#34115)
Fixed crash in network path detection on Windows. (#34162)
Fixed Agent reload failure on Linux systems with systemd version 219 or lower. (#34064)

RESTful API

Changed

Improved authentication performance by caching generated keypairs and clearing the cache when key files change. (#33702)

Fixed

Improved configuration upload validation by parsing and comparing Wazuh XML configurations more reliably. (#33683)
Fixed protected settings checks when multiple <ossec_config> blocks are present. (#33807)

Ruleset

Added

Added a CIS SCA policy for macOS 26 Tahoe. (#33492)

Fixed

Fixed SCA policy execution on Windows Server 2019 by using the correct PowerShell path. (#34141)

Other

Changed

Updated the werkzeug dependency to 3.1.4. (#33569)
Updated the urllib3 dependency to 2.6.3. (#33927)

Read the installation guide if you want to try it out.