From 94de2ffe3852c70faf50c99f2375a01023b20d54 Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Mon, 19 May 2025 14:29:25 -0300
Subject: [PATCH 1/4] Bump 4.14.0 version

---
 CHANGELOG.md                                  | 20 +++++++++++++++++++
 VERSION.json                                  |  2 +-
 .../wazuh-dashboard/dashboard-deploy.yaml     |  2 +-
 .../wazuh-indexer/cluster/indexer-sts.yaml    |  2 +-
 wazuh/wazuh_managers/wazuh-master-sts.yaml    |  2 +-
 wazuh/wazuh_managers/wazuh-worker-sts.yaml    |  2 +-
 6 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4d4db1d..34c9b86 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,24 @@
 
 All notable changes to this project will be documented in this file.
 
+## [4.14.0]
+
+### Added
+
+- None
+
+### Changed
+
+- None
+
+### Fixed
+
+- None
+
+### Deleted
+
+- None
+
 ## [4.13.0]
 
 ### Added
@@ -36,6 +54,8 @@ All notable changes to this project will be documented in this file.
 
 ### Deleted
 
+- None
+
 ## [4.12.1]
 
 ### Added
diff --git a/VERSION.json b/VERSION.json
index dfee93c..af2b5c0 100644
--- a/VERSION.json
+++ b/VERSION.json
@@ -1,4 +1,4 @@
 {
-    "version": "4.13.0",
+    "version": "4.14.0",
     "stage": "alpha0"
 }
diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
index a0e5524..7fb9445 100644
--- a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
+++ b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
@@ -32,7 +32,7 @@ spec:
             secretName: dashboard-certs
       containers:
         - name: wazuh-dashboard
-          image: 'wazuh/wazuh-dashboard:4.13.0'
+          image: 'wazuh/wazuh-dashboard:4.14.0'
           resources:
             limits:
               cpu: 500m
diff --git a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
index 18aa099..266e30f 100644
--- a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
+++ b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
@@ -59,7 +59,7 @@ spec:
             privileged: true
       containers:
         - name: wazuh-indexer
-          image: 'wazuh/wazuh-indexer:4.13.0'
+          image: 'wazuh/wazuh-indexer:4.14.0'
           resources:
             limits:
               cpu: 500m
diff --git a/wazuh/wazuh_managers/wazuh-master-sts.yaml b/wazuh/wazuh_managers/wazuh-master-sts.yaml
index 6adc1eb..24bf4e2 100644
--- a/wazuh/wazuh_managers/wazuh-master-sts.yaml
+++ b/wazuh/wazuh_managers/wazuh-master-sts.yaml
@@ -41,7 +41,7 @@ spec:
         fsGroup: 101
       containers:
         - name: wazuh-manager
-          image: 'wazuh/wazuh-manager:4.13.0'
+          image: 'wazuh/wazuh-manager:4.14.0'
           resources:
             limits:
               cpu: 400m
diff --git a/wazuh/wazuh_managers/wazuh-worker-sts.yaml b/wazuh/wazuh_managers/wazuh-worker-sts.yaml
index 304a282..870a4d6 100644
--- a/wazuh/wazuh_managers/wazuh-worker-sts.yaml
+++ b/wazuh/wazuh_managers/wazuh-worker-sts.yaml
@@ -48,7 +48,7 @@ spec:
         fsGroup: 101
       containers:
         - name: wazuh-manager
-          image: 'wazuh/wazuh-manager:4.13.0'
+          image: 'wazuh/wazuh-manager:4.14.0'
           resources:
             limits:
               cpu: 400m

From 7d9b7ed9da42445352e799c59aa3c52360023ab2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Anguita=20L=C3=B3pez?= <canguita99@gmail.com>
Date: Thu, 29 May 2025 14:05:50 +0200
Subject: [PATCH 2/4] delete 4.12.2 section from changelog

---
 CHANGELOG.md | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 34c9b86..a172e9a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -38,24 +38,6 @@ All notable changes to this project will be documented in this file.
 
 - Remove 'stable' branch ocurrencies ([#1014](https://github.com/wazuh/wazuh-kubernetes/pull/1014))
 
-## [4.12.2]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-### Fixed
-
-- None
-
-### Deleted
-
-- None
-
 ## [4.12.1]
 
 ### Added

From 4e9ffe5755b31659e231b302f2e21ae689316719 Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Tue, 5 Aug 2025 15:24:47 -0300
Subject: [PATCH 3/4] Add new config path and new permission for conf ans certs
 files

---
 .../wazuh-indexer/cluster/indexer-sts.yaml    | 20 ++++++++++++-------
 .../wazuh-indexer/indexer_conf/opensearch.yml | 12 +++++------
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
index 266e30f..9899a22 100644
--- a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
+++ b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
@@ -24,14 +24,18 @@ spec:
         app: wazuh-indexer
       name: wazuh-indexer
     spec:
+      securityContext:
+        fsGroup: 1000
       # Set the wazuh-indexer volume permissions so the wazuh-indexer user can use it
       volumes:
         - name: indexer-certs
           secret:
             secretName: indexer-certs
+            defaultMode: 0600
         - name: indexer-conf
           configMap:
             name: indexer-conf
+            defaultMode: 0600
       initContainers:
         - name: volume-mount-hack
           image: busybox
@@ -84,37 +88,39 @@ spec:
             - name: DISABLE_INSTALL_DEMO_CONFIG
               value: 'true'
           securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
             capabilities:
               add: ["SYS_CHROOT"]
           volumeMounts:
             - name: wazuh-indexer
               mountPath: /var/lib/wazuh-indexer
             - name: indexer-certs
-              mountPath: /usr/share/wazuh-indexer/certs/node-key.pem
+              mountPath: /usr/share/wazuh-indexer/config/certs/node-key.pem
               subPath: node-key.pem
               readOnly: true
             - name: indexer-certs
-              mountPath: /usr/share/wazuh-indexer/certs/node.pem
+              mountPath: /usr/share/wazuh-indexer/config/certs/node.pem
               subPath: node.pem
               readOnly: true
             - name: indexer-certs
-              mountPath: /usr/share/wazuh-indexer/certs/root-ca.pem
+              mountPath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
               subPath: root-ca.pem
               readOnly: true
             - name: indexer-certs
-              mountPath: /usr/share/wazuh-indexer/certs/admin.pem
+              mountPath: /usr/share/wazuh-indexer/config/certs/admin.pem
               subPath: admin.pem
               readOnly: true
             - name: indexer-certs
-              mountPath: /usr/share/wazuh-indexer/certs/admin-key.pem
+              mountPath: /usr/share/wazuh-indexer/config/certs/admin-key.pem
               subPath: admin-key.pem
               readOnly: true
             - name: indexer-conf
-              mountPath: /usr/share/wazuh-indexer/opensearch.yml
+              mountPath: /usr/share/wazuh-indexer/config/opensearch.yml
               subPath: opensearch.yml
               readOnly: true
             - name: indexer-conf
-              mountPath: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+              mountPath: /usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
               subPath: internal_users.yml
               readOnly: true
           ports:
diff --git a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
index 1a708a5..a11dba7 100644
--- a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
+++ b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
@@ -8,12 +8,12 @@ cluster.initial_master_nodes:
 node.max_local_storage_nodes: "3"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/node.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/node-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/node.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/node-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false

From 6ac698862564074f170ef75d8b3da3ecb9048421 Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Tue, 5 Aug 2025 15:28:19 -0300
Subject: [PATCH 4/4] Add changeog

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 19cd3e5..f8946f3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,7 +14,7 @@ All notable changes to this project will be documented in this file.
 
 ### Fixed
 
-- None
+- Add new config path and new permission for conf and certs files ([#1152](https://github.com/wazuh/wazuh-kubernetes/pull/1152))
 
 ### Deleted