3.9.4 Release notes - 7 August 2019

This section shows the most relevant improvements and fixes in version 3.9.4. More details about these changes are provided in each component changelog:

ThreatLockDown agent

  • Fixed a bug in FIM that made it apply a wrong configuration. This occurred when defining different options for nested directories.

  • Fixed a bug in Logcollector that made it apply a wrong configuration. This happened when defining multiple stanzas for the same file with different options.

  • Fixed a bug in the agent that could make it truncate its IP address within the control message.

  • Fixed a bug in the Windows agent that produced a resource leak when monitoring directories in who-data mode.

ThreatLockDown manager

  • Fixed a bug in Analysisd that could potentially make it crash while handling JSON objects due to a race condition.

  • Fixed a bug in ThreatLockDown DB that could make it crash when closing database files due to a double free.

  • Fixed a bug in Remoted that made it send data to an agent that has just disconnected in TCP mode.

  • Prevent SCA from producing inconsistencies in the database on the manager side when policy IDs are duplicated.

  • Fixed a race condition hazard between Clusterd and Remoted while synchronizing agent-related files.

  • ThreatLockDown DB did not remove a database file until was committed. Now, the database will be closed immediately.

ThreatLockDown Apps

  • Allowed filtering by clicking a column in rules/decoders tables.

  • Allowed open file in rules table clicking on the file column.

  • Improved Kibana app performance.

  • Removed path filter from custom rules and decoders.

  • Now path column in rules and decoders is shown.

  • Removed SCA overview dashboard.

  • Disabled last custom column removal.

  • Agents messages across sections have been unified.

  • Fixed check stored APIs.

  • Improved wz-table performance.

  • Fixed inconsistent data between visualizations and tables in Overview Security Events.

  • Timezone applied in cluster status.

  • Fixed Overview Security Events report when wazuh.monitoring is disabled.

  • Now duplicated visualization toast errors are handled.

  • Fixed not properly updated breadcrumb in ruleset section.

  • Implicit filters can't be destroyed now.

  • Fixed windows agent dashboard that didn't show failure logon access.

  • Scrollbars in file viewers have been fixed on Firefox.

  • Fixed agent search filters lost when refreshing.

  • Number of agents is now properly updated.

  • Alerts of level 12 are now displayed on the Security Events table.