4.7.1 Release notes - 20 December 2023

This section lists the changes in version 4.7.1. Every update of the ThreatLockDown solution is cumulative and includes all enhancements and fixes from previous releases.

What's new

This release includes new features or enhancements as the following:

Agent

#20616 Improved WPK upgrade scripts to ensure safe execution and backup generation.

Other

#20149 Upgraded external certifi library dependency version to 2023.07.22.
#20149 Upgraded external requests library dependency version to 2.31.0.
#18800 Upgraded embedded Python version to 3.9.18.

Packages

#2559 Updated ThreatLockDown assistant help text for offline download option.
#2627 Updated error message for CentOS GPG key import failure.
#2624 Added macOS 14 Sonoma SCA files.

Resolved issues

This release resolves known issues as the following:

Manager

Reference	Description
#20178	Fixed a thread lock bug that slowed down `wazuh-db` performance.
#20386	Fixed a bug in Vulnerability detector that skipped vulnerabilities for Windows 11 21H2.
#5941	The installer now updates the `merged.mg` file permissions on upgrade.
#19993	Fixed an insecure request warning in the Shuffle integration.
#19888	Fixed a bug that corrupted cluster logs when rotated.
#20580	Fixed a bug causing the Canonical feed parser to fail in Vulnerability Detector.

Agent

Reference	Description
#20332	Fixed a bug that prevented the local IP address from appearing in the port inventory from macOS agents.
#20180	Fixed the default Logcollector settings on macOS to collect logs out-of-the-box.
#20169	Fixed a bug in the FIM decoder at `wazuh-analysisd` that ignored Windows Registry events from agents earlier than 4.6.0.
#20250	Fixed multiple bugs in the Syscollector decoder at `wazuh-analysisd` that did not sanitize the input data properly.
#20284	Added the `pyarrow_hotfix` dependency to fix the pyarrow `CVE-2023-47248` vulnerability in the AWS integration.
#20598	Fixed a bug that allowed two simultaneous updates to occur through WPK.

RESTful API

Reference	Description
#18423	Fixed inconsistencies in the behavior of the `q` parameter of some endpoints.
#18495	Fixed a bug in the `q` parameter of the `GET /groups/{group_id}/agents` endpoint.
#19533	Fixed bug in the regular expression used to reject non ASCII characters in some endpoints.

ThreatLockDown dashboard

Reference	Description
#6076	Fixed problem when using non latin characters in the username.
#6104	Fixed UI crash on retrieving log collection configuration for macos agent.
#6105	Fixed incorrect validation of the agent name on the Deploy new agent window.
#6184	Fixed missing columns in the agent table of Groups.

Packages

Reference	Description
#2561	Fixed `network.host` fetching in Password tool. A commented line like `#network.host: "XXX.XXX.XXX.XXX"` is now ignored.
#2493	Fixed issue where Intel64 macos packages failed to install on ARM-based machines.
#2611	Fixed file permissions issue in `merged.mg` files when updating a manager using packages update.

Changelogs

More details about these changes are provided in the changelog of each component: