Question regarding upgrade from Wazuh v4.14.1 to v4.14.2

26 views
Skip to first unread message

Robby Hunters

unread,
Jan 21, 2026, 12:24:22 AM (yesterday) Jan 21
to Wazuh | Mailing List

Hi Wazuh Team,

I would like to ask for guidance regarding an upgrade of Wazuh from version 4.14.1 to 4.14.2.

Currently, my environment is using:

  • Wazuh central components (Manager, Indexer, Dashboard)

  • Wazuh central agents

Before performing the upgrade, I would like to confirm:

  1. Are there any known issues or risks when upgrading from v4.14.1 to v4.14.2?

  2. Is this upgrade considered safe / backward-compatible, or should it be treated as a sensitive upgrade?

  3. Are there any configurations that need to be rechecked or reconfigured after the upgrade
    (for example: custom rules, decoders, SCA policies, FIM configuration, ILM, index templates, or dashboard objects)?

  4. Are there any specific precautions or best practices you recommend before starting the upgrade
    (such as backups, service order, or validation steps)?

  5. Do Wazuh agents require any action or restart after the central components are upgraded?

At the moment, the system is running stably on v4.14.1, so I want to ensure the upgrade process does not introduce unexpected issues.

Thank you in advance for your support.

Best regards,
Robby

Message has been deleted

hasitha.u...@wazuh.com

unread,
Jan 21, 2026, 2:02:41 AM (yesterday) Jan 21
to Wazuh | Mailing List
Hi Robby,

Wazuh Upgrade from 4.14.1 to 4.14.2 - Key Points:

  1. Upgrade Process: You can safely upgrade from version 4.14.1 to 4.14.2 by following the official Wazuh upgrade guide.
  2. Release Information: Check the release notes to see what changes and fixes are included in version 4.14.2.
    Downgrading to version 4.11 and earlier is not possible. Since version 4.12.0, Wazuh uses a newer version of Apache Lucene.
    Apache Lucene does not support downgrades, meaning once you upgrade to Wazuh 4.12.0 or later, you cannot roll back to 4.11 or earlier versions without a fresh installation of the indexer.

  3. Custom Configuration: Your custom decoders (/var/ossec/etc/decoders) and custom rules (/var/ossec/etc/rules) will remain intact during the upgrade process, so no need to worry about losing them.

    FIM settings are primarily in /var/ossec/etc/ossec.conf (e.g., block), which is preserved and not overwritten. Basically, custom SCA policies are placed in /var/ossec/etc/ path. Those are not going to overwrite. The default SCA policy directory(/var/ossec/ruleset/sca) can be overwritten.

  4. Pre-Upgrade Steps:
    • Follow the component-specific preparation steps outlined in the upgrade guide
    • Back up your dashboard objects as mentioned in the guide
    • When upgrading the Wazuh manager, remember to update both the Wazuh Filebeat module and the alert template (detailed in the Wazuh manager upgrade section)
  5. Important Warning: To prevent data loss, create an index snapshot before starting the upgrade. Refer to the OpenSearch documentation for detailed instructions.
  6. Agent Restart: You do not need to restart agents after upgrading the central components.

If you follow the upgrade guide carefully, the process should complete successfully. Feel free to reach out if you need any further assistance!

Robby Hunters

unread,
Jan 21, 2026, 3:47:05 AM (yesterday) Jan 21
to Wazuh | Mailing List

Hi Hashita,

Thanks for the info.

Just to confirm, if I take a full VM snapshot of the Wazuh server, is that already enough as a rollback option?
Or do you still recommend taking an OpenSearch snapshot as well?

Thanks,

Robby

Reply all
Reply to author
Forward
0 new messages