🔧 Bug Fixes
> Resolved issue with missing password characters
🧩 Data Collection & Responses
> Office 365 Management plugin have been updated
> SCOPNet NAC plugin have been updated
> TR7 ASP plugin have been updated
> Added support for IAS XML format plugin
> Support for IIS JSON log plugin has been added
🔄 Updates & Enhancements
> Added support for sending incidents to other systems
> Adjusted maximum row count for XLS exports
> Added dynamic enum key validation checks
> Separated workers for SMB and SFTP operations
> Updated and refined InfluxDB configuration and logging
> Improved SFTP queue management
> Updated the link for the notification center
> Security improvements have been made in the elasticsearch.service
> Added source based raw message
🛡️ Security Enhancements
Summary
This release includes critical security enhancements aimed at
improving the reliability and security of the system. Specific
vulnerabilities and issues related to connection leaks, third-party
dependencies, and security concerns have been addressed to bolster
system integrity and protect against potential exploits.
Affected Version
Solution
Vulnerability Details
> ZK Connection Leak:A connection leak issue in the Action Rule Worker
has been resolved, improving system stability and resource management.
> Log4j Vulnerability:Including Elasticsearch SQL jar files and the
Zamane client, have been updated to remove the Log4j dependency,
addressing widely known vulnerabilities that could lead to remote code
execution or other serious risks. Additionally, the Node.js dependency
has been removed, further reducing the system’s exposure to potential
exploits and improving overall security posture.
> ZDI-CAN-25336:A critical security issue was resolved, addressing
a vulnerability related to two-factor authentication (2FA)
brute-force attempts.
Mitigating Factors
Customers are strongly advised to upgrade to 6.4.32 or later to
ensure that these vulnerabilities are properly addressed
Acknowledgement
Logsign appreciates the efforts of security researchers and the
community in helping to identify these issues. Special thanks to
Abdessamad Lahlali and Smile Thanapattheerakul from Trend Micro Zero
Day Initiative for responsibly disclosing the 2FA vulnerability.