September 2025 Monthly Release
For help upgrading to the latest version, contact your Cloudhouse Representative. The following table describes each component available to upgrade within this release of Cloudhouse Guardian (Guardian). For more information on the known issues currently present within Guardian, see Known Issues.
Tip: To access a more simplified view of the changes included within this release, see September 2025 Changelog.pdf.
| Last Updated | Release Date | Guardian Platform | Guardian Web | Linux Agent | Windows Agent |
|---|---|---|---|---|---|
| 6th October 2025 | 25th September 2025 | V4 |
V3.59.2 |
V5.47.0 | V5.21.2 |
Guardian Web Application V3.59.2
Here's what's included in V3.59.2 of the Guardian web application as part of the September 2025 monthly release.
New Features
The following new features are included within this release of the Guardian web application.
Manual Change Reconciliation
The Change Report tab (Reports > Change Report) has been improved to allow for manual approval for any changes that have occurred within your Cloudhouse Guardian instance, giving you more control over configuration changes. With this enhancement, users can filter changes by type, approval status, or node group, then selectively approve or unapprove them, add comments, and associate them with external change request IDs. Approved changes are tagged and can be exported in a PDF and CSV report. This allows for more deliberate change management, especially in dynamic environments where frequent updates occur. To enable this feature on your appliance, contact your Cloudhouse Representative.
Other Enhancements
The following additional enhancements are included within this release of the Guardian web application.
Filter Changes
When filtering within a Change Report (Reports > Change Reports), either in the Nodes text box in the Options drop-down, or the Filter Changestext box, you can prefix a term with a minus sign (-) to exclude specific changes or sections of changes from the Change Report tab. For example, entering -.log will remove changes relating to .log in the Change Report.
Export Only Displays Changed Attributes
When exporting a Change Report (Reports > Change Reports), only attributes that have been changed are displayed in the PDF or CSV file. Previously, all attributes would be exported and displayed, regardless if they had been changed. Now, exported reports are more concise , helping you identify relevant changes quickly.
Fixed Issues
The following issues have been fixed within this release of the Guardian web application.
| GWB-6275 – Incorrect Text Styling in Custom Scripts Drop-Down with New Monitored Skin Enabled | |
|---|---|
| Affects Versions: V3 (onwards) | Fix Version: V3.59.0 |
| Problem: |
If the new Monitored skin was enabled and you edited a node group’s scan options, the Custom Scripts drop-down body and header text was incorrectly displaying in italics. Tip: For more information on scan options, see Scan Options. |
| Solution: |
We have updated the Guardian web application to correctly format the Custom Scripts drop-down text. Regardless of whether the new Monitored skin is enabled, the drop-down now displays with the appropriate styling, ensuring a consistent appearance. Tip: To enable the new Monitored skin, contact your Cloudhouse Representative. |
| GWB-6315 – Scheduled Change Report Failure After Upgrade | |
|---|---|
| Affects Versions: V3.58.3 | Fix Version: V3.59.0 |
| Problem: |
The long-standing 'Report - Change Report [DEPRECATED]' scheduled job broke after upgrading from V3.56.0 of Guardian to V3.58.3, causing report jobs to fail and stack in the queue. Tip: Clients using 'Report - Change Report [DEPRECATED]' are advised to transition to the newer Scheduled Change Report – Job Type, which offers improved granularity and is actively supported. |
| Solution: |
The issue was caused by a missing variable error introduced during the upgrade. The deprecated report referenced a non-existent variable, which broke execution. We have updated the code in Guardian to check for the existence of variables before use, preventing the error from occurring in scheduled reports. Now, the 'Report - Change Report [DEPRECATED]' scheduled job works as expected. |
| GWB-6292 – Inconsistent Rule Name Formatting Between API and CSV Export | |
|---|---|
| Affects Versions: V3.58.3 | Fix Version: V3.59.0 |
| Problem: |
When retrieving CIS benchmark rule names via the Tip: For more information on how to export a benchmark report as a CSV file, see Export a Report. |
| Solution: |
The CSV export logic has been updated to include the rule number in the Rule Name field, ensuring consistency with the API output. This change applies to both the UI-generated CSV and the REST endpoint response, enabling reliable matching between benchmark results and external systems that depend on rule identifiers. |
Linux Agent V5.47.0
Here's what's included in V5.47.0 of the Linux Agent as part of the September 2025 monthly release.
New Features
There are no new features included within this release of the Linux Agent.
Other Enhancements
The following additional enhancements are included within this release of the Guardian web application.
Optimized AWS Node Detection in Connection Manager
The Connection Manager now batches node detection requests during AWS scans, improving performance and reducing delays. Previously, individual DetectNode calls were throttled, causing long wait times and excessive logging. With the new batching approach, multiple nodes are processed together, resulting in faster detection and more efficient use of resources.
Note: For more information on the Linux Connection Manager, see Linux Connection Manager.
Fixed Issues
No issues have been fixed in this release of the Linux Agent.
Windows Agent V5.22.0
Here's what's included in V5.22.0 of the Windows Agent as part of the September 2025 monthly release.
Note: V5.22.0 of the Windows Agent was released on 6th October 2025.
New Features
There are no new features included within this release of the Windows Agent.
Other Enhancements
The following additional enhancements are included within this release of the Guardian web application.
Enhanced Configuration Handling During Reinstall/Upgrade
The Windows Agent installer now prompts users to confirm whether they want to reuse existing configuration values for the API key and target URL during reinstallation or upgrade. Previously, these values were automatically reused and treated as fixed, limiting flexibility when migrating Agents or updating environments. Now, you can choose to retain or update these settings, allowing smoother transitions while preserving existing values by default. For more information, see Windows Agent.
Fixed Issues
The following issues have been fixed in this release of the Windows Agent.
| GWA-490 – Uninstall Does Not Delete All Files | |
|---|---|
| Affects Versions: V5 (onwards) | Fix Version: V5.22.0 |
| Problem: |
When uninstalling Guardian with files still open or locked by other programs, some files and directories, including the configuration YAML, may not be removed. This can result in old configuration data being reused during reinstallation, potentially leading to unexpected behavior. |
| Solution: |
The uninstall process now checks for leftover files in the installation directory. If any are found, the following warning is displayed: 'Uninstaller was unable to completely remove the install dir "C::\\Program Files\Cloudhouse Guardian". A system restart or manual deletion of the directory may be required to finish the uninstallation'. Restart the application to finish the uninstallation. If uninstallation is still not complete, manually delete the directory from the File Explorer. |
| GWA-492 – Installer May Ignore New API Key and Target URL | |
|---|---|
| Affects Versions: V5 (onwards) | Fix Version: V5.22.0 |
| Problem: |
During installation, if a This happens because:
As a result, the installer skips registration and reuses outdated configuration settings, potentially causing unexpected behavior. |
| Solution: |
To prevent this, the installer now performs a validation check during initial setup. If a 'The selected Configuration Directory contains an existing config file. Please select an empty directory or delete the existing config.yaml file.' This warning ensures users cannot proceed with installation unless they choose a clean directory or manually remove the existing configuration file. By including this step, the installer avoids unintended reuse of outdated configuration data and guides users toward a clean setup process. |
| GWA-493 – Registry Scan Error on Domain Controllers | |
|---|---|
| Affects Versions: V5 (onwards) | Fix Version: V5.22.0 |
| Problem: |
When scanning certain registry keys, some users encountered an error during registry scans on Domain Controllers using the agent running as Local System. The following error message was displayed:
|
| Solution: |
The scan process has been updated to better handle unsupported registry value types. Instead of throwing an error, these values are now logged as |