Learn more about Cortex XDR Broker VM maintenance releases.
Cortex XDR includes a Broker VM version with each release, which contains new features and enhancements. There can be a number of additional Broker VM maintenance releases before the next Cortex XDR release that are compatible with the released version.
The table below lists the most recent Broker VM versions that are compatible with Cortex XDR starting from the Cortex XDR 3.1 release.
Broker VM Version | Cortex XDR Version | Release Date |
|---|---|---|
23.0.33 (Current) | 3.10 | April 14, 2024 |
22.0.35 | 3.9 | February 25, 2024 |
22.0.32 | 3.9 | February 11, 2024 |
21.5.4 | 3.8 | January 7, 2024 |
20.9.1 | 3.8 | January 7, 2024 |
21.2.10 | 3.8 | December 3, 2023 |
20.8.3 | 3.8 | December 3, 2023 |
21.1.12 | 3.8 | November 19, 2023 |
21.0.67 | 3.8 | October 29, 2023 |
20.7.7 | 3.7 | October 22, 2023 |
20.3.1 | 3.7 | August 16, 2023 |
20.2.6 | 3.7 | August 6, 2023 |
20.0.96 | 3.7 | June 25, 2023 |
19.3.3 | 3.6 | May 7, 2023 |
19.1.2 | 3.6 | March 19, 2023 |
19.0.12 | 3.6 | March 5, 2023 |
18.6.3 | 3.5 | February 19, 2023 |
18.4.1 | 3.5 | February 5, 2023 |
18.1.4 | 3.5 | January 15, 2023 |
18.0.23 | 3.5 | December 4, 2022 |
17.4.1 | 3.4 | November 2, 2022 |
17.3 | 3.4 | October 30, 2022 |
17.2.5 | 3.4 | October 2, 2022 |
17.1.22 | 3.4 | September 11, 2022 |
16.1.4 | 3.3 | June 26, 2022 |
15.1.4 | 3.2 | April 3, 2022 |
14.3.3 | 3.1 | February 6, 2022 |
The following table describes the changes integrated on the Broker VM maintenance version 22.0.35 released on February 25, 2024 as part of the Cortex XDR 3.9 release.
Issue ID | Description |
|---|---|
CRTX-105304 | Cortex XDR has resolved the issue with the Database Collector applet when collecting data for a very long iteration, which in some cases caused duplicate data. |
The Broker VM major 22.0.32 release was released as part of the initial release of Cortex XDR 3.9 on February 11, 2024. For more information on the changes integrated on this major release, see the Broker VM Version feature in the Cortex XDR 3.9 Release Notes.
The following table describes the changes integrated on the Broker VM maintenance version 21.5.4 released on January 7, 2024 as part of the Cortex XDR 3.8 release.
Issue ID | Description |
|---|---|
CRTX-98075, CRTX-99049 | To ensure Cortex XDR is updated with the latest security updates, the latest Broker VM maintenance 21.5.4 release includes security updates to address the following vulnerabilities: |
CRTX-98845 | Cortex XDR has fixed the issue that prevented the brokers shell console running on the Azure portal Serial console. |
CRTX-99878 | The Broker VM Files and Folders applet now calculates correctly the total number of logs collected prior to the streaming procedure when the Storage Method is set to Replace in the Data Source Mapping settings. This issue has been resolved for the two scenarios reported, when a CSV file has a string in one of the records containing an escape character and also when any type of file contains an empty string inside the file. |
CRTX-100362 | Cortex XDR has resolved the issue, where, in certain scenarios, importing the Broker VM configurations with various applet settings failed. |
CRTX-100761 | Cortex XDR has fixed the Broker VM so that when the existing Default Gateway on a single interface deployment is changed, the Default Gateway no longer gets erased, and has to be reconfigured. |
The following table describes the changes integrated on the Broker VM maintenance version 20.9.1 released on January 7, 2024 as part of the Cortex XDR 3.8 release.
Issue ID | Description |
|---|---|
CRTX-98075, CRTX-99049 | To ensure Cortex XDR is updated with the latest security updates, the latest Broker VM maintenance 20.9.1 release includes security updates to address the following vulnerabilities: |
CRTX-100362 | Cortex XDR has resolved the issue, where, in certain scenarios, importing the Broker VM configurations with various applet settings failed. |
The following table describes the changes integrated on the Broker VM maintenance version 21.2.10 released on December 3, 2023 as part of the Cortex XDR 3.8 release.
Issue ID | Description |
|---|---|
CRTX-90670 | Cortex XDR has fixed the log rotation logic for Broker VM applets to prevent log files from excessively consuming the container's volume capacity. |
CRTX-91816 | Cortex XDR has resolved the issue with a High Availability (HA) cluster, where incorrect statistics in the Clusters tab of the Broker VMs page for the MEMORY USAGE and DISK USAGE were displayed. |
CRTX-97028 | Security updates to address the following Squid Multiple 0-Day Vulnerabilities:: ImportantFor these changes to be implemented, restart your Local Agent Settings applet after your Broker VM is updated. |
CRTX-97099 | Cortex XDR has resolved the issue that removed static routes after a reboot on a Broker VM with multiple network interfaces. ImportantWhen configuring more than one network interface, ensure that only one Default Gateway is defined. The rest must be set to |
CRTX-98248 | The Broker VM Files and Folders Collector applet is now fixed so that it works correctly in tail mode for log formats CSV, PSV, and TSV. |
The following table describes the changes integrated on the Broker VM maintenance version 20.8.3 released on December 3, 2023 as part of the Cortex XDR 3.8 release.
Issue ID | Description |
|---|---|
CRTX-97028 | Security updates to address the following Squid Multiple 0-Day Vulnerabilities:: ImportantFor these changes to be implemented, restart your Local Agent Settings applet after your Broker VM is updated. |
CRTX-98248 | The Broker VM Files and Folders Collector applet is now fixed so that it works correctly in tail mode for log formats CSV, PSV, and TSV. |
The following table describes the changes integrated on the Broker VM maintenance version 21.1.12 released on November 19, 2023 as part of the Cortex XDR 3.8 release.
Issue ID | Description |
|---|---|
CRTX-96374 | Cortex XDR has resolved the issue which prevented upgrading from broker version 20.7.7 to version 21.0.67 as no space remained on the device. |
The Broker VM major 21.0.67 release was released as part of the initial release of Cortex XDR 3.8 on October 29, 2023. For more information on the changes integrated on this major release, see the Broker VM Version feature in the Cortex XDR 3.8 Release Notes.
The following table describes the changes integrated on the Broker VM maintenance version 20.7.7 released on October 22, 2023 as part of the Cortex XDR 3.7 release.
Issue ID | Description |
|---|---|
CRTX-34105 | Cortex XDR has solved the Domain Name System (DNS) resolution problem in the Broker VM when using custom DNS servers. |
CRTX-91811 | Cortex XDR has now increased the Test Connection timeout for the Database Collector applet. |
CRTX-92102 | Cortex XDR has resolved an infrastructure issue, which prevented the Broker VM Syslog applet service from activating, by extending the RabbitMQ start-up timeout. |
CRTX-92238 | For Broker VMs installed with a new Broker VM image using Ubuntu 20.x, Cortex XDR now enables a Docker engine to pull images through HTTP/HTTPS proxies. |
CRTX-93216 | Cortex XDR has now resolved the following issues when using a Database Collector applet with a MSSQL database connection:
|
CRTX-93955 | Cortex XDR has now updated all of the Broker VM third party packages, which significantly reduced the overall Broker VM package size. |
The following table describes the changes integrated on the Broker VM maintenance version 20.3.1 released on August 16, 2023 as part of the Cortex XDR 3.7 release.
Issue ID | Description |
|---|---|
CRTX-90563 | Cortex XDR has resolved an infrastructure issue which arbitrarily prevented Broker VM applets from becoming active. |
The following table describes the changes integrated on the Broker VM maintenance version 20.2.6 released on August 6, 2023 as part of the Cortex XDR 3.7 release.
Issue ID | Description |
|---|---|
CRTX-81010 | Cortex XDR now updates the Agent Proxy configuration whenever the FQDN is modified. |
CRTX-84513 | Cortex XDR has resolved the issue where the Windows Event Collector (WEC) certificate download fails for certificates created with an invalid version. Cortex XDR provides clear indications in the user interface on how to resolve this problem. |
CRTX-85221 | The Cortex XDR Broker VM heartbeat logic is now less sensitive to network disruptions. |
CRTX-86707 | Cortex XDR has resolved the issue which prevented saving a secure TCP rule on a Syslog Collector data source in a Broker VM High Availability Cluster. |
CRTX-87386 | Cortex XDR updated the Broker VM host OS packages for Ubuntu 18.04.6 LTS based brokers. |
The Broker VM major 20.0.96 release was released as part of the initial release of Cortex XDR 3.7. For more information on the changes integrated on this major release, see the Broker VM Version 20.0.96 feature in the Cortex XDR 3.7 Release Notes.
The following table describes the changes integrated on the Broker VM maintenance version 19.3.3 released on May 7, 2023 as part of the Cortex XDR 3.6 release.
Issue ID | Description |
|---|---|
CRTX-78213 | Cortex XDR has now fixed the Broker VM console from being flooded with log messages after performing certain console actions. |
CRTX-78465 | Cortex XDR now includes stabilization fixes for the Syslog Collector applet to ensure there are no issues with configuring multiple connections for the RAW format. |
CRTX-78723 | The Broker VM is now fixed so that in certain scenarios the Broker VM can now fetch content for content caching. |
CRTX-79177 | Cortex XDR has now fixed and stabilized the Broker VM to proxy communication for proxies that have special characters, such as %, in their credentials. |
CRTX-80704 | Cortex XDR now includes infrastructure adaptations to support Expanded Security Maintenance (ESM) for Ubuntu 18.04 as Ubuntu 18.03, which was the previous Broker VM Operating System, is now end-of-life (EOL). |
The following table describes the changes integrated on the Broker VM maintenance version 19.1.2 released on March 19, 2023 as part of the Cortex XDR 3.6 release.
Issue ID | Description |
|---|---|
CRTX-77356, CRTX-77827, and CRTX-77830 | To ensure Cortex XDR is updated with the latest security updates, the latest Broker VM maintenance 19.1.2 release includes security updates to address the following OpenSSL vulnerabilities: |
The Broker VM major 19.0.12 release was released as part of the initial release of Cortex XDR 3.6. For more information on the changes integrated on this major release, see the Broker VM Version 19.0.12 feature in the Cortex XDR 3.6 Release Notes.
The following table describes the changes integrated on the Broker VM maintenance version 18.6.3 released on February 19, 2023 as part of the Cortex XDR 3.5 release.
Issue ID | Description |
|---|---|
CRTX-75047 | To ensure Cortex XDR is updated with the latest security updates, the latest Broker VM maintenance 18.6.3 release includes Agent Proxy security updates to address the following OpenSSL vulnerabilities: |
The following table describes the changes integrated on the Broker VM maintenance version 18.6.3 released on February 5, 2023 as part of the Cortex XDR 3.5 release.
Issue ID | Description |
|---|---|
CRTX-74385 | The Broker VM is now fixed to allow API-Key rotation by Cortex XDR in the context of logs collection via the Broker VM applets. |
CRTX-74366 | Cortex XDR has now improved the performance of the Agent's session establishment via the Broker VM. |
The following table describes the changes integrated on the Broker VM maintenance version 18.1.4 released on January 15, 2023 as part of the Cortex XDR 3.5 release.
Issue ID | Description |
|---|---|
CRTX-70402 | The Broker VM Files and Folders applet is now fixed so that the applet no longer stops log collection when an unrecognized UTF-8 character is encountered during collection. |
CRTX-69621 | The Broker VM maintenance 18.1.4 release includes a number of security vulnerability fixes. |
The Broker VM major 18.0.23 release was released as part of the initial release of Cortex XDR 3.5. For more information on the changes integrated on this major release, see the Broker VM Version 18.0.23 feature in the Cortex XDR 3.5 Release Notes.December 2022
The following table describes the changes integrated on the Broker VM maintenance version 17.4.1 released on November 2, 2022 as part of the Cortex XDR 3.4 release.
Issue ID | Description |
|---|---|
CRTX-66367 | To ensure Cortex XDR contains the latest security updates, the Broker VM patch 17.4.1 release includes Agent Proxy updates to remove OpenSSL 3.0 from our software for security assurance. |
The following table describes the changes integrated on the Broker VM maintenance version 17.3 released on October 30, 2022 as part of the Cortex XDR 3.4 release.
Issue ID | Description |
|---|---|
CRTX-64483 | The Broker VM contains the following fixes:
|
The following table describes the changes integrated on the Broker VM maintenance version 17.2.5 released on October 2, 2022 as part of the Cortex XDR 3.4 release.
Issue ID | Description |
|---|---|
CRTX-63838 | The Broker VM upgrade has been fixed so that it no longer fails when the |
CRTX-64159 | To prevent the Redis database append-only file (AOF), which contains the Broker VM configuration history, from growing too large, the Redis database hourly health check now verifies whether the AOF size is greater than 64 MB. If the size is larger than this threshold, the AOF is immediately rewritten to ensure the Redis database has maximum availability. |
CRTX-64407 | To fix the download request authentication between the Broker VM and tenant to give enough time to complete without failing when upgrading the Broker VM, the drift time has been increased from 5 minutes to 15 minutes. This also aligns to the other authentication flows that have a 15 minute drift time. |
The following table describes the changes integrated on the Broker VM maintenance version 17.1.22 released on September 11, 2022 as part of the Cortex XDR 3.4 release.
Issue ID | Description |
|---|---|
XSUP-14621 | To ensure that the self-signed SSL/TLS certificates installed by Cortex XDR on the Broker VM UI don't expire after the default one year, Cortex XDR now checks the certificates daily and renews them if they are about to expire within the next 48 hours. |
XSUP-14926 | To improve Broker VM upgrade robustness, a bug in the migration of a database from the 16.x infrastructure to the 17.x infrastructure was resolved. |
XSUP-15818 | To ensure enough disk space on Azure Broker VMs, the Audit Log rotation bug was fixed. |
CRTX-59905 | To ease password management, you can now sync the Broker VM Admin user's passwords. With the FEATURE_FLAG_SSH_USERNAME_AND_PASSWORD feature flag on, Cortex XDR configures the SSH authentication password of the Admin user to be the same as their Web UI password. |
CRTX-61614 | To proactively improve the Broker upgrade success rate, Broker VM download robustness was increased. Package download flow was simplified as Broker <- MT <- GCS instead of the previous flow, Broker <- MT <- ST <- GCS. |
The following table describes the changes integrated on the Broker VM maintenance version 16.1.4 released on June 26, 2022 as part of the Cortex XDR 3.3 release.
Issue ID | Description |
|---|---|
CRTX-56361 | To ensure the data collected from the Network Mapper applet of the Broker VM is collected in the correct dataset, Cortex XDR has now added Vendor and Product values to the logs coming from the Broker VM’s Network Mapper applet so that the data is stored in the |
CRTX-56988 | To ensure Cortex XDR is updated with the latest security updates, the latest Broker VM maintenance 16.1.4 release includes Agent Proxy security updates to address CVE-2022-27778. |
CRTX-57681 | To prevent Broker VM agent content and installers cache performance issues for larger Cortex XDR Agent deployments, Cortex XDR now includes a Broker VM performance improvement, where the Broker VM leverages its internal database in a more optimized manner. |