4.5.3 Release notes - 10 October 2023

This section lists the changes in version 4.5.3. Every update of the ThreatLockDown solution is cumulative and includes all enhancements and fixes from previous releases.

What's new

This version includes new features or improvements, such as the following:

Manager

  • #18783 Vulnerability Detector now fetches the SUSE feeds in Gzip compressed format.

Agent

  • #19205 Support for macOS 14 (Sonoma).

RESTful API

  • #18509 Added support for the $ symbol in query values.

  • #18346 Added support for the @ symbol in query values.

  • #18493 Added support for nested queries in the q API parameter.

  • #18432 Updated force flag message in the agent_upgrade CLI.

Security updates

This release fixes the following vulnerabilities:

Agent

CVE

Reference

Description

CVE-2023-42463

#19069

Fixed a stack overflow hazard in wazuh-logcollector that could allow a local privilege escalation. Found by Keith Yeo (@kyeojy).

Resolved issues

This release resolves known issues as the following:

Manager

Reference

Description

#18737

Fixed a bug that might cause wazuh-analysisd to crash if it receives a status API query during startup.

#18976

Fixed a bug that might cause wazuh-maild to crash when handling large alerts.

#19217

Addressed an issue in Vulnerability Detector when fetching the Suse Linux Enterprise 15 feeds.

Agent

Reference

Description

#18773

Fixed a bug in the memory handle at the agent's data provider helper.

#18903

Fixed a data mismatch in the OS name between the global and agents' databases.

#19286

Fixed wrong Windows agent binaries metadata.

#19397

Fixed error during the Windows agent upgrade.

RESTful API

Reference

Description

#18362

Removed undesired characters when listing rule group names in GET /rules/groups.

#18434

Fixed an error when using the query condition=all in GET /sca/{agent_id}/checks/{policy_id}.

#18733

Fixed an error in the API log mechanism where sometimes the requests would not be printed in the log file.

ThreatLockDown dashboard

Reference

Description

#5925

Fixed the command for agent installation on SUSE to use zypper.

ThreatLockDown Kibana plugin for Kibana 7.10.2

Reference

Description

#5925

Fixed the command for agent installation on SUSE to use zypper.

ThreatLockDown Kibana plugin for Kibana 7.16.x and 7.17.x

Reference

Description

#5925

Fixed the command for agent installation on SUSE to use zypper.

Packages

Reference

Description

#2397

Changed GRUB options in build OVA process.

#2453

Fixed an issue with the ThreatLockDown dashboard port check despite the -p|--port installation assistant option being specified.

#2461

Fixed an issue when passwords changed. Now the internal_users.yml file gets updated.

#2492

Fixed missing removal of ThreatLockDown indexer remaining files upon rollback.

Changelogs

More details about these changes are provided in the changelog of each component: