4.7.2 Release notes - 10 January 2024

This section lists the changes in version 4.7.2. Every update of the ThreatLockDown solution is cumulative and includes all enhancements and fixes from previous releases.

What's new

This release includes new features or enhancements as the following:

ThreatLockDown manager

  • #21142 Added minimum time constraint of 1 hour for downloading the Vulnerability Detector feed.

ThreatLockDown agent

  • #20638 Added request timeouts for the external and cloud integrations. This prevents indefinite waiting for a response.

Ruleset

  • #17565 Added new SCA policy for Debian 12 systems.

Other

  • #20798 Upgraded external aiohttp library dependency to version 3.9.1 to address a security vulnerability.

ThreatLockDown dashboard

  • #6191 Added Hostname and Board Serial information to Agents > Inventory data.

  • #6208 Added contextual information to the deploy agent steps.

Packages

  • #2670 Removed installed dependencies that were part of the ThreatLockDown installation assistant. This ensures a clean post-installation state.

  • #2677 Removed gnupg package as RPM dependency in the ThreatLockDown installation assistant.

  • #2693 Added Debian12 SCA files.

Resolved issues

This release resolves known issues as the following:

ThreatLockDown manager

Reference

Description

#21011

wazuh-remoted now logs the warning regarding invalid message size from agents in hex format.

#20658

Fixed a bug within the Windows Eventchannel decoder to ensure proper handling of Unicode characters.

#20735

Fixed data validation for decoding Windows Eventchannel XML input strings.

ThreatLockDown agent

Reference

Description

#20656

Implemented validation for the format of the IP address parameter in the host_deny active response.

#20594

Fixed a bug in the Windows agent that might lead it to crash when gathering forwarded Windows events.

#20447

Fixed issue with the profile prefix in parsing AWS configuration profiles.

#20660

Fixed parsing and validation for the AWS regions argument, expanding the AWS regions list accordingly.

Ruleset

Reference

Description

#20663

Updated AWS Macie rules to show relevant fields in alert details.

ThreatLockDown dashboard

Reference

Description

#6185

Fixed Agents preview page load when there are no registered agents.

#6206, #6213

Changed the endpoint to get ThreatLockDown server auth configuration to manager/configuration/auth/auth.

#6224

Fixed error navigating back to agent in some scenarios.

Packages

Reference

Description

#2667

Fixed warning message when generating certificates.

Changelogs

More details about these changes are provided in the changelog of each component: