Maintenance Releases - Release Notes - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Release Notes

Product
Cortex XSIAM
Creation date
2024-05-06
Last date published
2024-09-05
Category
Release Notes
Abstract

Learn more about current maintenance releases of the Cortex XSIAM Broker VM and XDR Collectors.

Cortex XSIAM includes a number of features that are updated with every Cortex XSIAM Release. The Cortex XSIAM Broker VM and XDR Collectors are released with their own version number, and can include additional changes that are integrated in a separate maintenance release. For more information about previous maintenance releases, see Previous Maintenance Releases.

The Broker VM major 24.5.1 release was released as part of the release of Cortex XSIAM 2.3 on July 21, 2024 after the initial release on June 30, 2024.

The following table describes the changes integrated on the Broker VM maintenance version 24.100.4 released on August 25, 2024 as part of the Cortex XSIAM 2.3 release.

Issue ID

Description

CRTX-113178

To ensure Cortex XSIAM is updated with the latest security updates, the latest Broker VM maintenance 24.100.4 release includes security updates to address the CVE-2024-25111 vulnerability.

CRTX-122344

The broker is now updated so that ssh-rsa and ssh-dss cryptographic algorithms are now deprecated and no longer allowed during SSH negotiation.

CRTX-122621

Cortex XSIAM has resolved the issue, where, in some cases, after upgrading the Broker VM, the old RabbitMQ container was not shutdown and prevented the new RabbitMQ container with the same name from being started.

CRTX-122884

Cortex XSIAM has resolved the issue where the Agent Proxy through Squid is using both IPv4 and IPv6 DNS connections and failed on IPv6 addresses. Since docker containers on the broker are not configured with an IPv6 gateway, Squid now does not use IPv6 only IPv4.

CRTX-124528, CRTX-122695

The Syslog Collector applet configured to a RabbitMQ port on a Broker VM now contains the following fixes:

  • The ports are no longer exposed to an external network and these connections are denied.

  • A new sbin script to increase the time interval has been added for cases where RabbitMQ needs more time to handle the indexing and this in turn allows an increased start period for the indexing to complete. This ensures the Syslog Collector applet will no longer be in a constant “activating” state.

CRTX-124529

Cortex XSIAM has resolved the issue with the broker’s agent (443) and health (8080) APIs that were not responding with a HTTP Strict Transport Security (HSTS) header.

The Broker VM 24.4.7 release was released as part of the release of Cortex XSIAM 2.3 on July 14, 2024 after the initial release on June 30, 2024.

The Broker VM 24.2.8 release was released as part of the release of Cortex XSIAM 2.3 on June 30, 2024.

The XDR Collectors major release for Windows 1.4.2.1373 and Linux 1.4.2.1302 was released as part of the release of Cortex XSIAM 2.3 on July 22, 2024.

The XDR Collectors release for Windows 1.4.1.1100 and Linux 1.4.1.1089 was released as part of the initial release of Cortex XSIAM 2.3 on June 30, 2024.