Update version to 4.0.0

- Update version strings across all files
- Add comprehensive CHANGELOG with breaking changes documentation
- Document AES encryption as new default (not backwards compatible with 3.8.0)
- Document SHA-256 FIM enabled by default
- Include all 17 PRs since 3.8.0 (4 security fixes, 13 improvements)

Files updated:
- Version files: src/VERSION, src/headers/defs.h, ossec-hids.spec
- Windows files: src/win32/help.txt, src/win32/ossec-installer.nsi
- Init scripts: src/init/ossec-{client,local,server}.sh
- Documentation: INSTALL, README.md, CONFIG, BUGS
- CHANGELOG.md with comprehensive release notes

Security fixes:
- UAF bugs (Issues #1817, #1818)
- XML recursion vulnerability (Issue #1953)
- Secure RNG implementation for agent keys

Improvements:
- FIM modernization with SHA-256 support
- Library updates (Lua 5.4.7, zlib 1.3.1, cJSON 1.7.18)
- Bug fixes and error handling improvements

Author: atomicturtle

BUGS

@@ -1,5 +1,4 @@
-OSSEC v3.8.0
-Copyright (C) 2019 Trend Micro Inc.
+OSSEC v4.0.0
 
 
 ** Reporting bugs **

CHANGELOG.md

@@ -1,3 +1,73 @@
+**OSSEC changelog (4.0.0) <support@atomicorp.com>**
+
+**Release Maintainers**
+
+Dan Parriott
+
+Scott R. Shinn (https://www.atomicorp.com)
+
+**Contributors on this release**
+
+- @atomicturtle
+
+**Release Notes**
+
+Major security and stability release addressing critical memory safety issues and modernizing cryptographic implementations. This release includes fixes for multiple heap use-after-free (UAF) vulnerabilities, uncontrolled recursion in XML parsing, and implementation of secure random number generation for agent key creation. Additionally, file integrity monitoring has been modernized with SHA-256 support, and several external dependencies have been updated to their latest stable versions.
+
+**Breaking Changes**
+
+> [!WARNING]
+> **AES Encryption Now Default for Agent Communication**
+> 
+> OSSEC 4.0.0 agents now use AES encryption by default for agent-server communication. This is **NOT backwards compatible** with OSSEC 3.8.0 and older servers.
+> 
+> **Migration Options:**
+> 
+> 1. **Upgrade servers first** (recommended): Update all OSSEC servers to 4.0.0 before upgrading agents
+> 2. **Use legacy Blowfish encryption on 4.0.0 agents**: Add to agent `ossec.conf`:
+>    ```xml
+>    <client>
+>      <crypto_method>blowfish</crypto_method>
+>    </client>
+>    ```
+
+**Configuration Changes**
+
+- **SHA-256 File Integrity Monitoring**: SHA-256 is now **enabled by default** for all monitored directories. No configuration changes are required.
+  
+- **To disable SHA-256** (if needed for compatibility):
+  ```xml
+  <syscheck>
+    <directories check_sha256sum="no">/etc</directories>
+  </syscheck>
+  ```
+
+**Security Fixes**
+
+- @atomicturtle - [PR 2178](https://github.com/ossec/ossec-hids/pull/2178) - Fix critical UAF bug in memory leak fix (Issue #1818)
+- @atomicturtle - [PR 2177](https://github.com/ossec/ossec-hids/pull/2177) - Fix Issue #1817: Heap UAF in OSSEC Alert decoder with leak-free Eventinfo refactor
+- @atomicturtle - [PR 2175](https://github.com/ossec/ossec-hids/pull/2175) - Fix uncontrolled recursion in os_xml _ReadElem (Issue #1953)
+- @atomicturtle - [PR 2167](https://github.com/ossec/ossec-hids/pull/2167) - Implement secure RNG for agent key generation using OpenSSL RAND_bytes
+
+**General**
+
+- @atomicturtle - [PR 2174](https://github.com/ossec/ossec-hids/pull/2174) - Fix help/version argument exit codes
+- @atomicturtle - [PR 2173](https://github.com/ossec/ossec-hids/pull/2173) - Fix for Issue #2056 in syscheck decoder
+- @atomicturtle - [PR 2171](https://github.com/ossec/ossec-hids/pull/2171) - Ignore ENOENT in OS_RemoveCounter to prevent benign error messages
+- @atomicturtle - [PR 2170](https://github.com/ossec/ossec-hids/pull/2170) - Improve error message in ossec-testrule for missing rule matches (Issue #2093)
+- @atomicturtle - [PR 2169](https://github.com/ossec/ossec-hids/pull/2169) - Clean up redundant NULL checks in report filter function (Issue #2133)
+- @atomicturtle - [PR 2168](https://github.com/ossec/ossec-hids/pull/2168) - Improve logcollector crash fix to check read function pointer (Issue #2156)
+- @atomicturtle - [PR 2166](https://github.com/ossec/ossec-hids/pull/2166) - FIM modernization: SHA-256 integration and safe buffer handling
+- @atomicturtle - [PR 2165](https://github.com/ossec/ossec-hids/pull/2165) - Update Lua to version 5.4.7
+- @atomicturtle - [PR 2164](https://github.com/ossec/ossec-hids/pull/2164) - Update zlib to version 1.3.1
+- @atomicturtle - [PR 2163](https://github.com/ossec/ossec-hids/pull/2163) - Update cJSON to version 1.7.18
+- @atomicturtle - [PR 2162](https://github.com/ossec/ossec-hids/pull/2162) - Build fixes for Windows
+- @atomicturtle - [PR 2147](https://github.com/ossec/ossec-hids/pull/2147) - Add RPM spec file
+- @atomicturtle - [PR 2146](https://github.com/ossec/ossec-hids/pull/2146) - Handle SSL EOF condition in agent-auth
+
+
+
+
 **OSSEC changelog (3.8.0) <scott@atomicorp.com>**
 
 **Release Maintainers**

CONFIG

@@ -1,4 +1,4 @@
-OSSEC v3.8.0
+OSSEC v4.0.0
 Copyright (C) 2019 Trend Micro Inc.
 
 

INSTALL

@@ -1,4 +1,4 @@
-OSSEC v3.8.0
+OSSEC v4.0.0
 Copyright (C) 2019 Trend Micro Inc.
 
 

README.md

@@ -1,4 +1,4 @@
-OSSEC v3.8.0 Copyright (C) 2019 Trend Micro Inc.
+OSSEC v4.0.0 
 
 # Information about OSSEC 
 

ossec-hids.spec

@@ -21,7 +21,7 @@
 Summary:     An Open Source Host-based Intrusion Detection System
 Name:        ossec-hids
 Epoch: 1
-Version:     3.8.0
+Version:     4.0.0
 Release: RELEASE-AUTO%{?dist}.art
 License:     GPL
 Group:       Applications/System
@@ -767,6 +767,9 @@ fi
 
 # Changes
 %changelog
+* Sat Feb 1 2026 Support <support@atomicorp.com> - 4.0.0-1
+- Update to 4.0.0
+
 * Tue Jan 7 2025 Support <support@atomicorp.com> - 3.8.0-1
 - Update to 3.8.0
 - Added ossec service files for agent/server

src/VERSION

@@ -1 +1 @@
-v3.8.0
+v4.0.0

src/headers/defs.h

@@ -39,7 +39,7 @@
 
 /* Some global names */
 #define __ossec_name    "OSSEC HIDS"
-#define __ossec_version "v3.8.0"
+#define __ossec_version "v4.0.0"
 #define __author        "OSSEC Foundation"
 #define __contact       "contact@ossec.net"
 #define __site          "https://www.ossec.net"

src/init/ossec-client.sh

@@ -11,7 +11,7 @@ DIR=`dirname $PWD`;
 
 ###  Do not modify below here ###
 NAME="OSSEC HIDS"
-VERSION="v3.8.0"
+VERSION="v4.0.0"
 DAEMONS="ossec-logcollector ossec-syscheckd ossec-agentd ossec-execd"
 
 [ -f /etc/ossec-init.conf ] && . /etc/ossec-init.conf

src/init/ossec-local.sh

@@ -19,7 +19,7 @@ if [ $? = 0 ]; then
 fi
 
 NAME="OSSEC HIDS"
-VERSION="v3.8.0"
+VERSION="v4.0.0"
 DAEMONS="ossec-monitord ossec-logcollector ossec-syscheckd ossec-analysisd ossec-maild ossec-execd ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
 
 ## Locking for the start/stop