Skip to content

Wazuh v4.0.4
Compare
Choose a tag to compare
@vikman90 vikman90 released this 14 Jan 17:50
· 15260 commits to master since this release
v4.0.4
e79fcc4
This commit was signed with the committer’s verified signature. The key has expired.
vikman90 Victor M. Fernandez-Castro
GPG key ID: 79FB91CF9B36A0A6
Expired
Learn about vigilant mode.

Added

  • API:
    • Added missing secure headers for API responses. (#7138)
    • Added new config option to disable uploading configurations containing remote commands. (#7134)
    • Added new config option to choose the SSL ciphers. Default value TLSv1.2. (#7164)

Changed

  • API:
    • Deprecated endpoints to restore and update API configuration file. (#7132)
    • Default expiration time of the JWT token set to 15 minutes. (#7167)

Fixed

  • API:
    • Fixed a path traversal flaw (CVE-2021-26814) affecting 4.0.0 to 4.0.3 at /manager/files and /cluster/{node_id}/files endpoints. (#7131)
  • Framework:
    • Fixed a bug with add_manual(agents) function when authd is disabled. (#7135)
  • Core:
    • Fixed the purge of the Redhat vulnerabilities database before updating it. (#7133)
Assets 2