Broker VM - Release Notes - Cortex XDR - Cortex - Security Operations

Cortex XDR Release Notes

Product
Cortex XDR
Creation date
2023-10-31
Last date published
2024-02-25
Category
Release Notes
Abstract

Learn more about Cortex XDR Broker VM maintenance releases.

Cortex XDR includes a Broker VM version with each release, which contains new features and enhancements. There can be a number of additional Broker VM maintenance releases before the next Cortex XDR release that are compatible with the released version.

The table below lists the most recent Broker VM versions that are compatible with Cortex XDR starting from the Cortex XDR 3.1 release.

Broker VM Version

Cortex XDR Version

Release Date

22.0.35 (Current)

3.9

February 25, 2024

22.0.32

3.9

February 11, 2024

21.5.4

3.8

January 7, 2024

20.9.1

3.8

January 7, 2024

21.2.10

3.8

December 3, 2023

20.8.3

3.8

December 3, 2023

21.1.12

3.8

November 19, 2023

21.0.67

3.8

October 29, 2023

20.7.7

3.7

October 22, 2023

20.3.1

3.7

August 16, 2023

20.2.6

3.7

August 6, 2023

20.0.96

3.7

June 25, 2023

19.3.3

3.6

May 7, 2023

19.1.2

3.6

March 19, 2023

19.0.12

3.6

March 5, 2023

18.6.3

3.5

February 19, 2023

18.4.1

3.5

February 5, 2023

18.1.4

3.5

January 15, 2023

18.0.23

3.5

December 4, 2022

17.4.1

3.4

November 2, 2022

17.3

3.4

October 30, 2022

17.2.5

3.4

October 2, 2022

17.1.22

3.4

September 11, 2022

16.1.4

3.3

June 26, 2022

15.1.4

3.2

April 3, 2022

14.3.3

3.1

February 6, 2022

The following table describes the changes integrated on the Broker VM maintenance version 21.5.4 released on January 7, 2024 as part of the Cortex XDR 3.8 release.

Issue ID

Description

CRTX-98075, CRTX-99049

To ensure Cortex XDR is updated with the latest security updates, the latest Broker VM maintenance 21.5.4 release includes security updates to address the following vulnerabilities:

CRTX-98845

Cortex XDR has fixed the issue that prevented the brokers shell console running on the Azure portal Serial console.

CRTX-99878

The Broker VM Files and Folders applet now calculates correctly the total number of logs collected prior to the streaming procedure when the Storage Method is set to Replace in the Data Source Mapping settings. This issue has been resolved for the two scenarios reported, when a CSV file has a string in one of the records containing an escape character and also when any type of file contains an empty string inside the file.

CRTX-100362

Cortex XDR has resolved the issue, where, in certain scenarios, importing the Broker VM configurations with various applet settings failed.

CRTX-100761

Cortex XDR has fixed the Broker VM so that when the existing Default Gateway on a single interface deployment is changed, the Default Gateway no longer gets erased, and has to be  reconfigured.

The following table describes the changes integrated on the Broker VM maintenance version 20.9.1 released on January 7, 2024 as part of the Cortex XDR 3.8 release.

Issue ID

Description

CRTX-98075, CRTX-99049

To ensure Cortex XDR is updated with the latest security updates, the latest Broker VM maintenance 20.9.1 release includes security updates to address the following vulnerabilities:

CRTX-100362

Cortex XDR has resolved the issue, where, in certain scenarios, importing the Broker VM configurations with various applet settings failed.

The following table describes the changes integrated on the Broker VM maintenance version 21.2.10 released on December 3, 2023 as part of the Cortex XDR 3.8 release.

Issue ID

Description

CRTX-90670

Cortex XDR has fixed the log rotation logic for Broker VM applets to prevent log files from excessively consuming the container's volume capacity.

CRTX-91816

Cortex XDR has resolved the issue with a High Availability (HA) cluster, where incorrect statistics in the Clusters tab of the Broker VMs page for the MEMORY USAGE and DISK USAGE were displayed.

CRTX-97028

Security updates to address the following Squid Multiple 0-Day Vulnerabilities::

Important

For these changes to be implemented, restart your Local Agent Settings applet after your Broker VM is updated.

CRTX-97099

Cortex XDR has resolved the issue that removed static routes after a reboot on a Broker VM with multiple network interfaces.

Important

When configuring more than one network interface, ensure that only one Default Gateway is defined. The rest must be set to 0.0.0.0, which configures them as undefined.

CRTX-98248

The Broker VM Files and Folders Collector applet is now fixed so that it works correctly in tail mode for log formats CSV, PSV, and TSV.

The following table describes the changes integrated on the Broker VM maintenance version 20.8.3 released on December 3, 2023 as part of the Cortex XDR 3.8 release.

Issue ID

Description

CRTX-97028

Security updates to address the following Squid Multiple 0-Day Vulnerabilities::

Important

For these changes to be implemented, restart your Local Agent Settings applet after your Broker VM is updated.

CRTX-98248

The Broker VM Files and Folders Collector applet is now fixed so that it works correctly in tail mode for log formats CSV, PSV, and TSV.

The following table describes the changes integrated on the Broker VM maintenance version 21.1.12 released on November 19, 2023 as part of the Cortex XDR 3.8 release.

Issue ID

Description

CRTX-96374

Cortex XDR has resolved the issue which  prevented upgrading from broker version 20.7.7 to version 21.0.67 as no space remained on the device.

The Broker VM major 21.0.67 release was released as part of the initial release of Cortex XDR 3.8 on October 29, 2023. For more information on the changes integrated on this major release, see the Broker VM Version feature in the Cortex XDR 3.8 Release Notes.

The following table describes the changes integrated on the Broker VM maintenance version 20.7.7 released on October 22, 2023 as part of the Cortex XDR 3.7 release.

Issue ID

Description

CRTX-34105

Cortex XDR has solved the Domain Name System (DNS) resolution problem in the Broker VM when using custom DNS servers.

CRTX-91811

Cortex XDR has now increased the Test Connection timeout for the Database Collector applet.

CRTX-92102

Cortex XDR has resolved an infrastructure issue, which prevented the Broker VM Syslog applet service from activating, by extending the RabbitMQ start-up timeout.

CRTX-92238

For Broker VMs installed with a new Broker VM image using Ubuntu 20.x, Cortex XDR now enables a Docker engine to pull images through HTTP/HTTPS proxies.

CRTX-93216

Cortex XDR has now resolved the following issues when using a Database Collector applet with a MSSQL database connection:

  • Defining a timestamp string in the Retrieval Value field of the Database Query settings now works as expected.

  • A Test Connection error is no longer displayed for case sensitive databases.

CRTX-93955

Cortex XDR has now updated all of the Broker VM third party packages, which significantly reduced the overall Broker VM package size.

The following table describes the changes integrated on the Broker VM maintenance version 20.3.1 released on August 16, 2023 as part of the Cortex XDR 3.7 release.

Issue ID

Description

CRTX-90563

Cortex XDR has resolved an infrastructure issue which arbitrarily prevented Broker VM applets from becoming active.

The following table describes the changes integrated on the Broker VM maintenance version 20.2.6 released on August 6, 2023 as part of the Cortex XDR 3.7 release.

Issue ID

Description

CRTX-81010

Cortex XDR now updates the Agent Proxy configuration whenever the FQDN is modified.

CRTX-84513

Cortex XDR has resolved the issue where the Windows Event Collector (WEC) certificate download fails for certificates created with an invalid version. Cortex XDR provides clear indications in the user interface on how to resolve this problem.

CRTX-85221

The Cortex XDR Broker VM heartbeat logic is now less sensitive to network disruptions.

CRTX-86707

Cortex XDR has resolved the issue which prevented saving a secure TCP rule on a Syslog Collector data source in a Broker VM High Availability Cluster.

CRTX-87386

Cortex XDR updated the Broker VM host OS packages for Ubuntu 18.04.6 LTS based brokers.

The Broker VM major 20.0.96 release was released as part of the initial release of Cortex XDR 3.7. For more information on the changes integrated on this major release, see the Broker VM Version 20.0.96 feature in the Cortex XDR 3.7 Release Notes.

The following table describes the changes integrated on the Broker VM maintenance version 19.3.3 released on May 7, 2023 as part of the Cortex XDR 3.6 release.

Issue ID

Description

CRTX-78213

Cortex XDR has now fixed the Broker VM console from being flooded with log messages after performing certain console actions.

CRTX-78465

Cortex XDR now includes stabilization fixes for the Syslog Collector applet to ensure there are no issues with configuring multiple connections for the RAW format.

CRTX-78723

The Broker VM is now fixed so that in certain scenarios the Broker VM can now fetch content for content caching.

CRTX-79177

Cortex XDR has now fixed and stabilized the Broker VM to proxy communication for proxies that have special characters, such as %, in their credentials.

CRTX-80704

Cortex XDR now includes infrastructure adaptations to support Expanded Security Maintenance (ESM) for Ubuntu 18.04 as Ubuntu 18.03, which was the previous Broker VM Operating System, is now end-of-life (EOL).

The following table describes the changes integrated on the Broker VM maintenance version 19.1.2 released on March 19, 2023 as part of the Cortex XDR 3.6 release.

Issue ID

Description

CRTX-77356, CRTX-77827, and CRTX-77830

To ensure Cortex XDR is updated with the latest security updates, the latest Broker VM maintenance 19.1.2 release includes security updates to address the following OpenSSL vulnerabilities:

The Broker VM major 19.0.12 release was released as part of the initial release of Cortex XDR 3.6. For more information on the changes integrated on this major release, see the Broker VM Version 19.0.12 feature in the Cortex XDR 3.6 Release Notes.

The following table describes the changes integrated on the Broker VM maintenance version 18.6.3 released on February 19, 2023 as part of the Cortex XDR 3.5 release.

Issue ID

Description

CRTX-75047

To ensure Cortex XDR is updated with the latest security updates, the latest Broker VM maintenance 18.6.3 release includes Agent Proxy security updates to address the following OpenSSL vulnerabilities:

The following table describes the changes integrated on the Broker VM maintenance version 18.6.3 released on February 5, 2023 as part of the Cortex XDR 3.5 release.

Issue ID

Description

CRTX-74385

The Broker VM is now fixed to allow API-Key rotation by Cortex XDR in the context of logs collection via the Broker VM applets.

CRTX-74366

Cortex XDR has now improved the performance of the Agent's session establishment via the Broker VM.

The following table describes the changes integrated on the Broker VM maintenance version 18.1.4 released on January 15, 2023 as part of the Cortex XDR 3.5 release.

Issue ID

Description

CRTX-70402

The Broker VM Files and Folders applet is now fixed so that the applet no longer stops log collection when an unrecognized UTF-8 character is encountered during collection.

CRTX-69621

The Broker VM maintenance 18.1.4 release includes a number of security vulnerability fixes.

The Broker VM major 18.0.23 release was released as part of the initial release of Cortex XDR 3.5. For more information on the changes integrated on this major release, see the Broker VM Version 18.0.23 feature in the Cortex XDR 3.5 Release Notes.December 2022

The following table describes the changes integrated on the Broker VM maintenance version 17.4.1 released on November 2, 2022 as part of the Cortex XDR 3.4 release.

Issue ID

Description

CRTX-66367

To ensure Cortex XDR contains the latest security updates, the Broker VM patch 17.4.1 release includes Agent Proxy updates to remove OpenSSL 3.0 from our software for security assurance.

The following table describes the changes integrated on the Broker VM maintenance version 17.3 released on October 30, 2022 as part of the Cortex XDR 3.4 release.

Issue ID

Description

CRTX-64483

The Broker VM contains the following fixes:

  • The Broker VM agent content and installers cache can now work with a number of network interfaces simultaneously.

  • The Broker VM now enables assigning a different network interface to be used for accessing the Broker VM web interface through its IP address.

The following table describes the changes integrated on the Broker VM maintenance version 17.2.5 released on October 2, 2022 as part of the Cortex XDR 3.4 release.

Issue ID

Description

CRTX-63838

The Broker VM upgrade has been fixed so that it no longer fails when the auditd configuration file is missing. This issue occurred when upgrading a Broker VM, over Ubuntu 16, to a Broker VM 17.1.X release.

CRTX-64159

To prevent the Redis database append-only file (AOF), which contains the Broker VM configuration history, from growing too large, the Redis database hourly health check now verifies whether the AOF size is greater than 64 MB. If the size is larger than this threshold, the AOF is immediately rewritten to ensure the Redis database has maximum availability.

CRTX-64407

To fix the download request authentication between the Broker VM and tenant to give enough time to complete without failing when upgrading the Broker VM, the drift time has been increased from 5 minutes to 15 minutes. This also aligns to the other authentication flows that have a 15 minute drift time.

The following table describes the changes integrated on the Broker VM maintenance version 17.1.22 released on September 11, 2022 as part of the Cortex XDR 3.4 release.

Issue ID

Description

XSUP-14621

To ensure that the self-signed SSL/TLS certificates installed by Cortex XDR on the Broker VM UI don't expire after the default one year, Cortex XDR now checks the certificates daily and renews them if they are about to expire within the next 48 hours.

XSUP-14926

To improve Broker VM upgrade robustness, a bug in the migration of a database from the 16.x infrastructure to the 17.x infrastructure was resolved.

XSUP-15818

To ensure enough disk space on Azure Broker VMs, the Audit Log rotation bug was fixed.

CRTX-59905

To ease password management, you can now sync the Broker VM Admin user's passwords. With the FEATURE_FLAG_SSH_USERNAME_AND_PASSWORD feature flag on, Cortex XDR configures the SSH authentication password of the Admin user to be the same as their Web UI password.

CRTX-61614

To proactively improve the Broker upgrade success rate, Broker VM download robustness was increased. Package download flow was simplified as Broker <- MT <- GCS instead of the previous flow, Broker <- MT <- ST <- GCS.

The following table describes the changes integrated on the Broker VM maintenance version 16.1.4 released on June 26, 2022 as part of the Cortex XDR 3.3 release.

Issue ID

Description

CRTX-56361

To ensure the data collected from the Network Mapper applet of the Broker VM is collected in the correct dataset, Cortex XDR has now added Vendor and Product values to the logs coming from the Broker VM’s Network Mapper applet so that the data is stored in the panw_network_mapper_raw dataset, as opposed to the previous unknown_unknown_raw dataset.

CRTX-56988

To ensure Cortex XDR is updated with the latest security updates, the latest Broker VM maintenance 16.1.4 release includes Agent Proxy security updates to address CVE-2022-27778.

CRTX-57681

To prevent Broker VM agent content and installers cache performance issues for larger Cortex XDR Agent deployments, Cortex XDR now includes a Broker VM performance improvement, where the Broker VM leverages its internal database in a more optimized manner.