Learn more about Cortex XSIAM Broker VM maintenance releases.
Cortex XSIAM includes a Broker VM version with each release, which contains new features and enhancements. There can be a number of additional Broker VM maintenance releases before the next Cortex XSIAM release that are compatible with the released version.
The table below lists the most recent Broker VM versions that are compatible with Cortex XSIAM starting from the Cortex XSIAM 1.1 release.
Broker VM Version | Cortex XSIAM Version | Release Date |
---|---|---|
24.100.4 (Current) | 2.3 | August 25, 2024 |
24.5.1 | 2.3 | July 21, 2024 |
24.4.7 | 2.3 | July 14, 2024 |
24.2.8 | 2.3 | June 30, 2024 |
23.100.2 | 2.2 | June 2, 2024 |
23.0.35 | 2.2 | May 5, 2024 |
23.0.33 | 2.2 | April 14, 2024 |
22.0.35 | 2.1 | February 25, 2024 |
22.0.32 | 2.1 | February 11, 2024 |
21.5.4 | 2.0 | January 7, 2024 |
20.9.1 | 2.0 | January 7, 2024 |
21.2.10 | 2.0 | December 3, 2023 |
20.8.3 | 2.0 | December 3, 2023 |
21.1.12 | 2.0 | November 19, 2023 |
21.0.67 | 2.0 | October 29, 2023 |
20.7.7 | 1.5 | October 22, 2023 |
20.3.1 | 1.5 | August 16, 2023 |
20.2.6 | 1.5 | August 6, 2023 |
20.0.96 | 1.5 | June 25, 2023 |
19.3.3 | 1.4 | May 7, 2023 |
19.1.2 | 1.4 | March 19, 2023 |
19.0.12 | 1.4 | March 5, 2023 |
18.6.3 | 1.3 | February 19, 2023 |
18.4.1 | 1.3 | February 5, 2023 |
18.1.4 | 1.3 | January 15, 2023 |
18.0.23 | 1.3 | December 4, 2022 |
17.4.1 | 1.2 | November 2, 2022 |
17.3 | 1.2 | October 30, 2022 |
17.2.5 | 1.2 | October 2, 2022 |
17.1.22 | 1.2 | September 11, 2022 |
16.1.4 | 1.1 | June 26, 2022 |
The following table describes the changes integrated on the Broker VM maintenance version 23.100.2 released on June 2, 2024 as part of the Cortex XSIAM 2.2 release.
Issue ID | Description |
---|---|
CRTX-113645 | When deployed in a cluster, the Broker VM with disk utilization over 85% are now considered unhealthy. |
CRTX-114190 | When deployed in a cluster, the Broker VM’s memory, CPU, and disk utilization now impact the Broker VM Health-Check responses towards the load balancer. |
CRTX-114273 | Cortex XSIAM has resolved the issue with the Database Collector applet causing unjustified Broker VM cluster failovers. |
The Broker VM major 23.0.35 release was released as part of the release of Cortex XSIAM 2.2 on May 5, 2024 after the initial release on April 14, 2024.
The Broker VM 23.0.33 release was released as part of the initial release of Cortex XSIAM 2.2 on April 14, 2024.
The following table describes the changes integrated on the Broker VM maintenance version 22.0.35 released on February 25, 2024 as part of the Cortex XSIAM 2.1 release.
Issue ID | Description |
---|---|
CRTX-114273 | Cortex XSIAM has resolved the issue with the Database Collector applet |
The Broker VM major 22.0.32 release was released as part of the initial release of Cortex XSIAM 2.1 on February 11, 2024.
The following table describes the changes integrated on the Broker VM maintenance version 21.5.4 released on January 7, 2024 as part of the Cortex XSIAM 2.0 release.
Issue ID | Description |
---|---|
CRTX-98075, CRTX-99049 | To ensure Cortex XSIAM is updated with the latest security updates, the latest Broker VM maintenance 21.5.4 release includes security updates to address the following vulnerabilities: |
CRTX-98845 | Cortex XSIAM has fixed the issue that prevented the brokers shell console running on the Azure portal Serial console. |
CRTX-99878 | The Broker VM Files and Folders applet now calculates correctly the total number of logs collected prior to the streaming procedure when the Storage Method is set to Replace in the Data Source Mapping settings. This issue has been resolved for the two scenarios reported, when a CSV file has a string in one of the records containing an escape character and also when any type of file contains an empty string inside the file. |
CRTX-100362 | Cortex XSIAM has resolved the issue, where, in certain scenarios, importing the Broker VM configurations with various applet settings failed. |
CRTX-100761 | Cortex XSIAM has fixed the Broker VM so that when the existing Default Gateway on a single interface deployment is changed, the Default Gateway no longer gets erased, and has to be reconfigured. |
The following table describes the changes integrated on the Broker VM maintenance version 20.9.1 released on January 7, 2024 as part of the Cortex XSIAM 2.0 release.
Issue ID | Description |
---|---|
CRTX-98075, CRTX-99049 | To ensure Cortex XSIAM is updated with the latest security updates, the latest Broker VM maintenance 20.9.1 release includes security updates to address the following vulnerabilities: |
CRTX-100362 | Cortex XSIAM has resolved the issue, where, in certain scenarios, importing the Broker VM configurations with various applet settings failed. |
The following table describes the changes integrated on the Broker VM maintenance version 21.2.10 released on December 3, 2023 as part of the Cortex XSIAM 2.0 release.
Issue ID | Description |
---|---|
CRTX-90670 | Cortex XSIAM has fixed the log rotation logic for Broker VM applets to prevent log files from excessively consuming the container's volume capacity. |
CRTX-91816 | Cortex XSIAM has resolved the issue with a High Availability (HA) cluster, where incorrect statistics in the Clusters tab of the Broker VMs page for the MEMORY USAGE and DISK USAGE were displayed. |
CRTX-97028 | Security updates to address the following Squid Multiple 0-Day Vulnerabilities:: ImportantFor these changes to be implemented, restart your Local Agent Settings applet after your Broker VM is updated. |
CRTX-97099 | Cortex XSIAM has resolved the issue that removed static routes after a reboot on a Broker VM with multiple network interfaces. ImportantWhen configuring more than one network interface, ensure that only one Default Gateway is defined. The rest must be set to |
CRTX-98248 | The Broker VM Files and Folders Collector applet is now fixed so that it works correctly in tail mode for log formats CSV, PSV, and TSV. |
The following table describes the changes integrated on the Broker VM maintenance version 20.8.3 released on December 3, 2023 as part of the Cortex XSIAM 2.0 release.
Issue ID | Description |
---|---|
CRTX-97028 | Security updates to address the following Squid Multiple 0-Day Vulnerabilities:: ImportantFor these changes to be implemented, restart your Local Agent Settings applet after your Broker VM is updated. |
CRTX-98248 | The Broker VM Files and Folders Collector applet is now fixed so that it works correctly in tail mode for log formats CSV, PSV, and TSV. |
The following table describes the changes integrated on the Broker VM maintenance version 21.1.12 released on November 19, 2023 as part of the Cortex XSIAM 2.0 release.
Issue ID | Description |
---|---|
CRTX-96374 | Cortex XSIAM has resolved the issue which prevented upgrading from broker version 20.7.7 to version 21.0.67 as no space remained on the device. |
The Broker VM major 21.0.67 release was released as part of the initial release of Cortex XSIAM 2.0 on October 29, 2023.
The following table describes the changes integrated on the Broker VM maintenance version 20.7.7 released on October 22, 2023 as part of the Cortex XSIAM 1.5 release.
Issue ID | Description |
---|---|
CRTX-34105 | Cortex XSIAM has solved the Domain Name System (DNS) resolution problem in the Broker VM when using custom DNS servers. |
CRTX-91811 | Cortex XSIAM has now increased the Test Connection timeout for the Database Collector applet. |
CRTX-92102 | Cortex XSIAM has resolved an infrastructure issue, which prevented the Broker VM Syslog applet service from activating, by extending the RabbitMQ start-up timeout. |
CRTX-92238 | For Broker VMs installed with a new Broker VM image using Ubuntu 20.x, Cortex XSIAM now enables a Docker engine to pull images through HTTP/HTTPS proxies. |
CRTX-93216 | Cortex XSIAM has now resolved the following issues when using a Database Collector applet with a MSSQL database connection:
|
CRTX-93955 | Cortex XSIAM has now updated all of the Broker VM third party packages, which significantly reduced the overall Broker VM package size. |
The following table describes the changes integrated on the Broker VM maintenance version 20.3.1 released on August 16, 2023 as part of the Cortex XSIAM 1.5 release.
Issue ID | Description |
---|---|
CRTX-90563 | Cortex XSIAM has resolved an infrastructure issue which arbitrarily prevented Broker VM applets from becoming active. |
The following table describes the changes integrated on the Broker VM maintenance version 20.2.6 released on August 6, 2023 as part of the Cortex XSIAM 1.5 release.
Issue ID | Description |
---|---|
CRTX-81010 | Cortex XSIAM now updates the Agent Proxy configuration whenever the FQDN is modified. |
CRTX-84513 | Cortex XSIAM has resolved the issue where the Windows Event Collector (WEC) certificate download fails for certificates created with an invalid version. Cortex XSIAM provides clear indications in the user interface on how to resolve this problem. |
CRTX-85221 | The Cortex XSIAM Broker VM heartbeat logic is now less sensitive to network disruptions. |
CRTX-86707 | Cortex XSIAM has resolved the issue which prevented saving a secure TCP rule on a Syslog Collector data source in a Broker VM High Availability Cluster. |
CRTX-87386 | Cortex XSIAM updated the Broker VM host OS packages for Ubuntu 18.04.6 LTS based brokers. |
The Broker VM major 20.0.96 release was released as part of the initial release of Cortex XSIAM 1.5.
The following table describes the changes integrated on the Broker VM maintenance version 19.3.3 released on May 7, 2023 as part of the Cortex XSIAM 1.4 release.
Issue ID | Description |
---|---|
CRTX-78213 | Cortex XSIAM has now fixed the Broker VM console from being flooded with log messages after performing certain console actions. |
CRTX-78465 | Cortex XSIAM now includes stabilization fixes for the Syslog Collector applet to ensure there are no issues with configuring multiple connections for the RAW format. |
CRTX-78723 | The Broker VM is now fixed so that in certain scenarios the Broker VM can now fetch content for content caching. |
CRTX-79177 | Cortex XSIAM has now fixed and stabilized the Broker VM to proxy communication for proxies that have special characters, such as %, in their credentials. |
CRTX-80704 | Cortex XSIAM now includes infrastructure adaptations to support Expanded Security Maintenance (ESM) for Ubuntu 18.04 as Ubuntu 18.03, which was the previous Broker VM Operating System, is now end-of-life (EOL). |
The following table describes the changes integrated on the Broker VM maintenance version 19.1.2 released on March 19, 2023 as part of the Cortex XSIAM 1.4 release.
Issue ID | Description |
---|---|
CRTX-77356, CRTX-77827, and CRTX-77830 | To ensure Cortex XSIAM is updated with the latest security updates, the latest Broker VM maintenance 19.1.2 release includes security updates to address the following OpenSSL vulnerabilities: |
The Broker VM major 19.0.12 release was released as part of the initial release of Cortex XSIAM 1.4.
The following table describes the changes integrated on the Broker VM maintenance version 18.6.3 released on February 19, 2023 as part of the Cortex XSIAM 1.3 release.
Issue ID | Description |
---|---|
CRTX-75047 | To ensure Cortex XSIAM is updated with the latest security updates, the latest Broker VM maintenance 18.6.3 release includes Agent Proxy security updates to address the following OpenSSL vulnerabilities: |
The following table describes the changes integrated on the Broker VM maintenance version 18.6.3 released on February 5, 2023 as part of the Cortex XSIAM 1.3 release.
Issue ID | Description |
---|---|
CRTX-74385 | The Broker VM is now fixed to allow API-Key rotation by Cortex XSIAM in the context of logs collection via the Broker VM applets. |
CRTX-74366 | Cortex XSIAM has now improved the performance of the Agent's session establishment via the Broker VM. |
The following table describes the changes integrated on the Broker VM maintenance version 18.1.4 released on January 15, 2023 as part of the Cortex XSIAM 1.3 release.
Issue ID | Description |
---|---|
CRTX-70402 | The Broker VM Files and Folders applet is now fixed so that the applet no longer stops log collection when an unrecognized UTF-8 character is encountered during collection. |
CRTX-69621 | The Broker VM maintenance 18.1.4 release includes a number of security vulnerability fixes. |
The Broker VM major 18.0.23 release was released as part of the initial release of Cortex XSIAM 1.3.
The following table describes the changes integrated on the Broker VM maintenance version 17.4.1 released on November 2, 2022 as part of the Cortex XSIAM 1.2 release.
Issue ID | Description |
---|---|
CRTX-66367 | To ensure Cortex XSIAM contains the latest security updates, the Broker VM patch 17.4.1 release includes Agent Proxy updates to remove OpenSSL 3.0 from our software for security assurance. |
The following table describes the changes integrated on the Broker VM maintenance version 17.3 released on October 30, 2022 as part of the Cortex XSIAM 1.2 release.
Issue ID | Description |
---|---|
CRTX-64483 | The Broker VM contains the following fixes:
|
The following table describes the changes integrated on the Broker VM maintenance version 17.2.5 released on October 2, 2022 as part of the Cortex XSIAM 1.2 release.
Issue ID | Description |
---|---|
CRTX-63838 | The Broker VM upgrade has been fixed so that it no longer fails when the |
CRTX-64159 | To prevent the Redis database append-only file (AOF), which contains the Broker VM configuration history, from growing too large, the Redis database hourly health check now verifies whether the AOF size is greater than 64 MB. If the size is larger than this threshold, the AOF is immediately rewritten to ensure the Redis database has maximum availability. |
CRTX-64407 | To fix the download request authentication between the Broker VM and tenant to give enough time to complete without failing when upgrading the Broker VM, the drift time has been increased from 5 minutes to 15 minutes. This also aligns to the other authentication flows that have a 15 minute drift time. |
The following table describes the changes integrated on the Broker VM maintenance version 17.1.22 released on September 11, 2022 as part of the Cortex XSIAM 1.2 release.
Issue ID | Description |
---|---|
XSUP-14621 | To ensure that the self-signed SSL/TLS certificates installed by Cortex XSIAM on the Broker VM UI don't expire after the default one year, Cortex XSIAM now checks the certificates daily and renews them if they are about to expire within the next 48 hours. |
XSUP-14926 | To improve Broker VM upgrade robustness, a bug in the migration of a database from the 16.x infrastructure to the 17.x infrastructure was resolved. |
XSUP-15818 | To ensure enough disk space on Azure Broker VMs, the Audit Log rotation bug was fixed. |
CRTX-59905 | To ease password management, you can now sync the Broker VM Admin user's passwords. With the FEATURE_FLAG_SSH_USERNAME_AND_PASSWORD feature flag on, Cortex XSIAM configures the SSH authentication password of the Admin user to be the same as their Web UI password. |
CRTX-61614 | To proactively improve the Broker upgrade success rate, Broker VM download robustness was increased. Package download flow was simplified as Broker <- MT <- GCS instead of the previous flow, Broker <- MT <- ST <- GCS. |
The following table describes the changes integrated on the Broker VM maintenance version 16.1.4 released on June 26, 2022 as part of the Cortex XSIAM 1.1 release.
Issue ID | Description |
---|---|
CRTX-56361 | To ensure the data collected from the Network Mapper applet of the Broker VM is collected in the correct dataset, Cortex XSIAM has now added Vendor and Product values to the logs coming from the Broker VM’s Network Mapper applet so that the data is stored in the |
CRTX-56988 | To ensure Cortex XSIAM is updated with the latest security updates, the latest Broker VM maintenance 16.1.4 release includes Agent Proxy security updates to address CVE-2022-27778. |
CRTX-57681 | To prevent Broker VM agent content and installers cache performance issues for larger Cortex XDR Agent deployments, Cortex XSIAM now includes a Broker VM performance improvement, where the Broker VM leverages its internal database in a more optimized manner. |