Release notes

New Features, Improvements and Enhancements

Integration with BeyondTrust Password Safe for AD Directory

MetaDefender Core now supports integration with BeyondTrust's Password Safe, enabling secure, automated AD password retrieval of rotated Active Directory (AD) service account passwords.

This integration allows organizations to eliminate static AD bind passwords, and it supports configuration, status monitoring, and seamless login with AD users whose credentials are managed by Password Safe.

More details at Integrate Active Directory with BeyondTrust Password Safe.

PDF Report Restructuring & Threat Indicator Integration

Delivering a major upgrade to MetaDefender Core’s PDF reporting. The processing result PDF report has been completely restructured for clarity and consistency, featuring a new and improved layout. Threat Indicators and IOCs from Adaptive Sandbox analysis are now included directly in the report for deeper visibility into potential threats.

Enhanced SBOM PDF Report for Better Security Insights

The SBOM PDF report has been enhanced to display vulnerability severity statistics, highlight blocked licenses, and list problematic files and libraries at the top. These improvements help users quickly identify and address the security and compliance issues in their software bill of materials.

Customizable Frequency for License Expiry Email Notifications

Users can configure how often they receive email notifications about license expiration and related events, helping to reduce alert fatigue and avoid multiple reminders in a single day.

A new setting allows administrators to set the notification frequency from 1 to 48 hours, with a default of every 4 hours.

Resetting User Passwords Without SMTP Configuration

Admins can reset user passwords even when no SMTP or email server is configured, addressing a key need for secure environments where email infrastructure is restricted.

With a new option, MetaDefender Core allows administrators to generate a temporary password and securely share it with users through alternative channels. The feature clearly instructs admins on next steps, and the temporary password will expire in 3 days, requiring a change upon first login.

My OPSWAT Central Management Integration: Certificate Management

MetaDefender Core is able to automatically synchronize certificates with My OPSWAT Central Management (MOCM), supporting both Standalone and Shared DB modes, and prevents accidental deletion or modification of synchronized certificates.

Certificates on MOCM

Admins can view the origin of each certificate, and both locally added and MOCM-synced certificates are fully supported in workflows and secure connection settings.

Additionally, the system now allows certificates to be added by content as well as by file path, making certificate management more flexible and user-friendly.

Further Enhancements

1) “InSights Threat Intelligence” has been renamed to “Threat Intelligence” across the MetaDefender Core platform. This name change applies to the following screens Workflow, Health Check, Modules, Processing Result, Export result, and Executive Report.

2) Display Total Extracted File Size for Archives: Begin to track and display the total extracted file size for archives, giving users a clear view of how much data is unpacked during file analysis.

3) YARA Processing Time is Visible in Executive Reports: The Executive Report and PDF export now display YARA processing time, providing transparency into how long YARA scans take during file analysis.

4) Real-Time Scan Queue Updates via readyz API: The readyz API provides real-time updates on the scan queue data, improving visibility for high-throughput environments like MetaDefender ICAP Server. Previously, queue size information was refreshed every 5 seconds, which might be inaccurate under heavy load.

5) Parallel deployment of scanner packages to Metascan SDK has been improved, helping reduce deployment times.

6) Support proxy server entries with or without the http:// or https:// prefix. Admins can enter proxy addresses as plain hostnames, IP addresses, or with either HTTP or HTTPS schemes, and all formats will be accepted and handled correctly by the backend.

7) Support displaying multiple items from an object list in a single row under Workflow Rule, ensuring that up to three fields can be neatly aligned on one line. Prepared for future enhancements of engines.

8) Scan processing continues even if the client-identity JSON cannot be parsed, addressing rare but disruptive edge cases. Instead of halting the scan and returning an error, the system logs a warning and proceeds. The log level is also downgraded from ERROR to WARNING, making it clear that the issue is non-critical.

[WARNING] Failed to parse client-identity's JSON, dataId='aa4ceafda8e242fca99eea4971472251', 

..., jsonError.errorString()='...' [msgid: 7451]

9) Improved Error Visibility for CLI Extraction: displays extraction errors for files processed with the CLI Extraction feature. Previously, these error messages were hidden or hard to find, but now they are classified and surfaced as "General Unextractable Errors" when appropriate.

Security Enhancements

Upgraded libraries for vulnerability fixes:

• Protobuf v32.1
• OpenSSL v3.5.4

Permissions have been tightened so only users with the appropriate right can access and view the data of "Config History".

Adjusted Webhook worker countAPI boundary:

• Setting the webhook worker count to a very high value would prevent MetaDefender Core from starting, causing it to hang.
• The worker count is now limited to a maximum of 100, and any higher values from previous versions are automatically adjusted during upgrade to ensure stable operation.

Logging Enhancements

Milliseconds are now included in CEF log timestamps, with a setting to maintain backward compatibility.

Sep 04 15:56:56.123 SE Asia Standard Time ... CEF:0|OPSWAT|MSCW|5.16.1|core.config|Request change logger configs|3|OMSrequest=... OMSmsgid=6274

Bug Fixes

• Fixed an issue where error messages weren’t shown correctly after a password reset if users entered the wrong password on the login page.
• Fixed an issue that allowed users to save configuration changes in Deep CDR file type handling modal even when required fields were left empty.
• Fixed an issue where users couldn’t save workflow configuration changes after removing a row in Deep CDR file type handling section.
• Fixed an issue where HTML in workflow names could be injected into certificate expiration notification emails, affecting how the email was displayed.
• Fixed an issue where MetaDefender Core would crash when changing the database password on Windows and restarting itself, resulting in a crash dump and missing logs END.
• Fixed an issue where the blocked-leaves APIs did not consistently include YARA rule information in their JSON responses when a file was blocked due to a matched YARA rule.
• Fixed an issue where users could not navigate to the last page in processing history when filtering by "Object" request type, due to a database query error.
• Fixed an issue where audit log data retention was not working properly, causing old audit log entries to be removed much more slowly than expected.
• Fixed an issue where upgrading MetaDefender Core on Ubuntu 24 could cause the service to lose connection with Postgres due to a specific system warning.
• Fixed an issue where audit logs and syslog entries only displayed user ID instead of username when a local user was deleted.

Known Limitations