This is good news, meaning your thinking on the matter goes in the right direction. It’s not too much of a problem to use a workaround (adding to local rules), as long as there is hope for a real fix, even if it is in a long time.
I will manually add an exception:
$ cat /var/ossec/etc/rules/local_rules.xml
<!-- Local rules -->
<rule id="100011" level="0">
$ systemctl restart wazuh-manager
This will keep it quiet until
enough runs on the infrastructure and reverts the change. When that happens, if the fix has not been released yet, the same exception will have to be manually added again because messages will be sent again. This will be ok unless it takes too long. But in any case there is no risk to forget about this CVE which is, IMHO, the most important quality of this workaround.
Maybe there is a simpler way to handle this use case?