4.7.1 Release notes - 20 December 2023

This section lists the changes in version 4.7.1. Every update of the ThreatLockDown solution is cumulative and includes all enhancements and fixes from previous releases.

What's new

This release includes new features or enhancements as the following:

Agent

  • #20616 Improved WPK upgrade scripts to ensure safe execution and backup generation.

Other

  • #20149 Upgraded external certifi library dependency version to 2023.07.22.

  • #20149 Upgraded external requests library dependency version to 2.31.0.

  • #18800 Upgraded embedded Python version to 3.9.18.

Packages

  • #2559 Updated ThreatLockDown assistant help text for offline download option.

  • #2627 Updated error message for CentOS GPG key import failure.

  • #2624 Added macOS 14 Sonoma SCA files.

Resolved issues

This release resolves known issues as the following:

Manager

Reference

Description

#20178

Fixed a thread lock bug that slowed down wazuh-db performance.

#20386

Fixed a bug in Vulnerability detector that skipped vulnerabilities for Windows 11 21H2.

#5941

The installer now updates the merged.mg file permissions on upgrade.

#19993

Fixed an insecure request warning in the Shuffle integration.

#19888

Fixed a bug that corrupted cluster logs when rotated.

#20580

Fixed a bug causing the Canonical feed parser to fail in Vulnerability Detector.

Agent

Reference

Description

#20332

Fixed a bug that prevented the local IP address from appearing in the port inventory from macOS agents.

#20180

Fixed the default Logcollector settings on macOS to collect logs out-of-the-box.

#20169

Fixed a bug in the FIM decoder at wazuh-analysisd that ignored Windows Registry events from agents earlier than 4.6.0.

#20250

Fixed multiple bugs in the Syscollector decoder at wazuh-analysisd that did not sanitize the input data properly.

#20284

Added the pyarrow_hotfix dependency to fix the pyarrow CVE-2023-47248 vulnerability in the AWS integration.

#20598

Fixed a bug that allowed two simultaneous updates to occur through WPK.

RESTful API

Reference

Description

#18423

Fixed inconsistencies in the behavior of the q parameter of some endpoints.

#18495

Fixed a bug in the q parameter of the GET /groups/{group_id}/agents endpoint.

#19533

Fixed bug in the regular expression used to reject non ASCII characters in some endpoints.

ThreatLockDown dashboard

Reference

Description

#6076

Fixed problem when using non latin characters in the username.

#6104

Fixed UI crash on retrieving log collection configuration for macos agent.

#6105

Fixed incorrect validation of the agent name on the Deploy new agent window.

#6184

Fixed missing columns in the agent table of Groups.

Packages

Reference

Description

#2561

Fixed network.host fetching in Password tool. A commented line like #network.host: "XXX.XXX.XXX.XXX" is now ignored.

#2493

Fixed issue where Intel64 macos packages failed to install on ARM-based machines.

#2611

Fixed file permissions issue in merged.mg files when updating a manager using packages update.

Changelogs

More details about these changes are provided in the changelog of each component: