4.5.1 Release notes - 24 August 2023

This section lists the changes in version 4.5.1. Every update of the ThreatLockDown solution is cumulative and includes all enhancements and fixes from previous releases.

Highlights

  • Native support for Mac computers with Apple silicon. This release provides an ARM-ready ThreatLockDown agent for macOS package.

Breaking changes

This release includes some breaking changes, such as the following:

Agent

  • #17748 Added the discard_regex functionality to Inspector and CloudWatchLogs AWS integrations.

    • With this change, execution stops without warning if you don't use the field parameter when mandatory.

What's new

This version includes new features or improvements, such as the following:

Manager

  • #18142 Vulnerability Detector now fetches the RHEL 5 feed URL from https://feed.wazuh.com by default.

  • #16846 The Vulnerability Detector CPE helper has been updated.

Agent

  • #2224 Added native agent support for Apple silicon.

  • #17673 Added new validations for the AWS integration arguments.

  • #16607 The agent for Windows now loads its shared libraries after running the verification.

Ruleset

  • #17794 The SCA policy for Ubuntu Linux 20.04 (CIS v2.0.0) has been remade.

  • #17812 Removed check 1.1.5 from Windows 10 SCA policy.

Other

  • #16990 The CURL library has been updated to v7.88.1.

ThreatLockDown dashboard

  • #5478 Added Apple Silicon architecture button to the register Agent wizard.

  • #5497 Removed the agent name in the agent info ribbon.

  • #5539 Changed method to perform redirection on agent table buttons.

  • #5538 Changed Windows agent service name in the deploy agent wizard.

  • #5687 Changed the requests to get the agent labels from the managers.

ThreatLockDown Kibana plugin for Kibana 7.10.2, 7.16.x, and 7.17.x

  • #5478 Added Apple Silicon architecture button to the register Agent wizard.

  • #5497 Removed the agent name in the agent info ribbon.

  • #5539 Changed method to perform redirection on agent table buttons.

  • #5538 Changed Windows agent service name in the deploy agent wizard.

  • #5687 Changed the requests to get the agent labels from the managers.

Resolved issues

This release resolves known issues as the following:

Manager

Reference

Description

#17866

Fixed a race condition in some RBAC unit tests by clearing the SQLAlchemy mappers.

#17490

Fixed a bug in wazuh-analysisd that could exceed the maximum number of fields when loading a rule.

#17126

Fixed a race condition in wazuh-analysisd FTS list.

#17143

Fixed a crash in Analysisd when parsing an invalid decoder.

#17701

Fixed a segmentation fault in wazuh-modulesd due to duplicate Vulnerability Detector configuration.

#16978

Fixed Vulnerability Detector configuration for unsupported SUSE systems.

Agent

Reference

Description

#17524

Fixed InvalidRange error in Azure Storage integration when trying to get data from an empty blob.

#17586

Fixed a memory corruption hazard in the FIM Windows Registry scan.

#17179

Fixed an error in Syscollector reading the CPU frequency on Apple M1.

#16659

Fixed agent WPK upgrade for Windows that might leave the previous version in the Registry.

#17176

Fixed agent WPK upgrade for Windows to get the correct path of the Windows folder.

RESTful API

Reference

Description

#17632

Fixed PUT /agents/upgrade_custom endpoint to validate that the file extension is .wpk.

#17660

Fixed errors in API endpoints to get labels and reports active configuration from managers.

Ruleset

Reference

Description

#17941

Fixed CredSSP encryption enforcement at Windows Benchmarks for SCA.

#17940

Fixed an inverse logic in MS Windows Server 2022 Benchmark for SCA.

#17779

Fixed a false positive in Windows Eventchannel rule due to substring false positive.

#17813

Fixed missing whitespaces in SCA policies for Windows.

#17798

Fixed the description of a Fortigate rule.

ThreatLockDown dashboard

Reference

Description

#5471

Fixed the rendering of tables that contain IPs and agent overview.

#5490

Fixed the agents active coverage stat as NaN in Details panel of Agents section.

#5687

Fixed a broken documentation link to agent labels.

#5714

Fixed the PDF report filters applied to tables.

#5766

Fixed outdated year in the PDF report footer.

ThreatLockDown Kibana plugin for Kibana 7.10.2, 7.16.x, and 7.17.x

Reference

Description

#5471

Fixed the rendering of tables that contain IPs and agent overview.

#5490

Fixed the agents active coverage stat as NaN in Details panel of Agents section.

#5687

Fixed a broken documentation link to agent labels.

#5714

Fixed the PDF report filters applied to tables.

#5766

Fixed outdated year in the PDF report footer.

Changelogs

More details about these changes are provided in the changelog of each component: