Wazuh v4.14.6 released
By SecBurg
Wazuh is an open-source security platform that delivers combined XDR and SIEM functionality to safeguard endpoints and cloud workloads.
The newest version 4.14.6 is another security hardening and bugfix release:
Manager
Removed
Removed unused SSL/TLS transport option from cluster. (#35648)
Fixed
Improved message decompression handling in remoted. (#35773)
Improved agent name validation to reject names starting with dot. (#35833)
Fixed segfault in vulnerability scanner module shutdown when disabled. (#36011)
Fixed string buffer handling in version comparison function. (#36059)
Improved cluster file synchronization security. (#36060)
Improved cluster file synchronization error handling on invalid task identifiers. (#36129)
Improved cluster merged file parameter validation to prevent directory escape. (#36204)
Improved tmp_file path validation in cluster DAPI. (#36246)
Improved cluster non-merged file path validation during worker file processing. (#36296)
Improved cluster node name format validation in the hello handler. (#36460)
Fixed missing agent.host.ip in inventory documents when agent IP is empty. (#35475)
Fixed stale agent synced status after hot reload on cluster worker nodes. (#6726)
Agent
Fixed
Fixed agent registration not running on reinstall after apt-get remove. (#35727)
Fixed MS-Graph integration handling for relationships containing /. (#35431)
Fixed macOS syscollector to skip package receipts whose payload is no longer installed. (#35380)
Fixed missing eBPF create, modify and delete events on Ubuntu 24/26 and improved FIM whodata healthcheck. (#35838)
Hardened FIM database path lookups by migrating to parameterized SQL queries. (#36399)
RESTful API
Fixed
Escaped control characters in API usernames in access logs. (#35866)
Added input validation in cluster result handling and authentication. (#35757)
Fixed current user resolution in the update-user endpoint to enforce admin protection. (#35442)
Ruleset
Fixed
Updated rootcheck trojan signatures to avoid false positives on modern distributions (Debian 13, Ubuntu 26, Arch Linux). (#35927)
Other
Changed
Updated cryptography, urllib3 and python-multipart Python dependencies. (#35982)
Updated eBPF libraries: libbpf to 1.7.0 and bpftool to 7.7.0. (#36467)
Fixed
Fixed wazuh-manager startup failure on RHEL 10 by dropping the libcrypt dependency from embedded Python. (#36782)
Read the installation guide if you want to try it out.