Release notes

We are now introducing Rocky Linux 9.4 support as a replacement for CentOS 7 starting from this version.

We also provide a new Docker image based on official Rocky Linux repository. You can try it here: MetaDefender Core Rocky Linux image and Rocky Linux for non-root image.

MetaDefender Core provides a new feature that enables Administrators to schedule not only when executive report and processing history report are sent but also set recurring schedules for automated delivery.

This feature goes with abilities to specify email recipients, apply filters to tailor the data and define precise time range.

Administrators now can directly generate and download support packages right on web console.

Administrators can now configure rate limiting for various REST APIs directly through the web console.

For more details, refer to Request rate limit configuration and Request rate limit test scenarios.

Administrators now can configure and setup syslog via REST API.

Document:

• POST - Apply new syslog server configurationsAPI
• Remove syslog servers or clear all syslog configurationsAPI

MetaDefender Core introduces an ability for Administrators to download a summary list of users and groups present on the product.

You can find the Export button in User Management which generates a CSV file listing all the users and groups' information.

New chart and statistics to display how many percentages/files are reused by hash.

Provides an ability to hide sensitive data from logs, support package, which may contain information such as IPv4, IPv6, MAC address and file path.

For instruction, refer to How to Create Support Package? and try the new parameter -enable-redact .

MetaDefender Core supports CIS Level 1 for Ubuntu 22.04 and RHEL 9.

For more details, refer to CIS Level 1 Guidelines.

MetaDefender Core starts supporting remote PostgreSQL v16.

The product does not perform any version upgrade on customer's remote PostgreSQL.

Note: The bundled PostgreSQL version is v14.15 in this release.

For files scanned with Adaptive Sandbox, result display now provides more details as well as adding informative records in "Quarantine" feature.

• An ability to add description for users in the product.
• Optimized UI rendering to improve display speed especially when rendering an immensely long list of file types in Blocklist.
• Only display Unmanaged when My OPSWAT returns HTTP 404 and error "Instance not found".
• Display correct involved disks and its purposes of use in System Health.
• Display current number of finished files inside batch report.
• Enhanced certificate loading to ensure Webhook communication over TLS.
• Support "smaller than" operator for Blocklist and Allowlist by filename.
• Reused scan results in Processing History now are tagged with a specified label to help users identify easily.
• New changes in workflow setting "Exceptional verdicts": add "Cancelled" by default, and remove "Scan failed".
• Unchecked "Detect file type mismatch" setting of "MetaDefender Software Supply Chain" workflow rule.
• Enhanced retry mechanism to reconnect OLMS when receiving unregistered state.
• Added new option to display 200 items per page in Processing History.
• No longer trigger "Reuse processing result by hash" for files when all its type IDs are different.
• Improved performance for exporting or importing an enormous list of hashes.
• Retained deployment ID regardless of network interface card change, when the product is deployed on the same machine.
• Sum up and display hash time of all directly nested child files.
• Tracking first/last files received in batch and its timestamps.

• Enhancement for webhook use case including request receiving, webhook status storing and fetching, optimizing thread allocation.

• Upgraded bundle PostgreSQL to v14.15 for vulnerability fixes.
• Upgraded NGINX to v1.26.2 for vulnerability fixes.
• Upgraded 7z to v24.09 for vulnerability fixes.
• Upgraded Npgsql to v4.0.17 for vulnerability fixes.
• Applied patch to Qt for vulnerability fix.
• Hardened OS command validation for External Scanner setup.
• Improved login mechanism for SAML Single-SignOn.
• Hardened regex validation.

• Support tab switching and breadcrumb in detailed result UI.
• Populate tombstone flag to Archive Compression engine to enhance PST file sanitization.
• New setting for Country of Origin engine to immediately block all unsupported file types.

• Eliminated unused components/libraries from DockerFile.
• Gathered containerization information into support package.

• More detailed log messages for LDAP integration especially when not found a LDAP user.
• Added audit logs for Email Notification, Banner and Scan-from-link settings.

• New engine icons for Country of Origin, Adaptive Sandbox, and Threat Intelligence.
• Improved the login behavior to ensure that users can login even right after a successful product upgrade.
• Display extraction error code and details.
• Compression tab in workflow will be disabled when Deep CDR and Proactive DLP are both disabled. In addition, corresponding sections under Compression tab will be disabled depending on which engine is disabled.
• And many cosmestic UI changes.

• Addressed an issue that ignored filtering settings, causing Adaptive Sandbox to analyze sanitized or partially sanitized files that should not have been analyzed.
• Addressed an issue that caused detail view in Configuration History UI unresponsive after failed to import configuration.
• Addressed an issue that caused error "Invalid certificate responded" when using ForgeRock, KeyCloak, PingOne, and resulted in that user could not login to web console.
• Addressed an issue that was inproperly respecting "Fallback file type detection to current extension" setting for Proactive DLP.
• Addressed an issue that caused selected config file lost after clicking Enter at Password For Decryption textbox.
• Addressed an issue that was failing to extract encrypted archive file while integrated with Central Hub.
• Resolved an issue related to "Email Configuration" when using None as "Auth method" caused the setting to become misconfigured.
• Resolved an issue that might cause local user session repeatedly expired after its password was reset.
• Resolved an intermitten issue that caused file extension of downloaded file wrong.

This issue has been resolved in version 5.11.1.

This issue does not affect all cases when upgrading to version 5.11.0.

After applying the authentication method scram-sha-256 to enhance security for the bundled PostgreSQL, a database connection issue started occurring after the upgrade, in a specific circumstance.

• If the application was previously upgraded from version 5.5.1 or older to version 5.6.0 or newer, this issue will occur when users upgrade to version 5.11.0.

We prepare a Knowledge Base (KB) for troubleshooting the issue and bringing the system back online: How to Troubleshoot an Error related to Connection to Database Failing after an Upgrade to v5.11.0?

The issue will not occur in the following scenarios:

• Upgrading directly from version 5.5.1 or older to version 5.11.0.
• Upgrading from a fresh installation of version 5.6.0 or newer to version 5.11.0.

This issue has been resolved in version 5.10.1.

Since its introduction in version 5.8.0, this feature has helped improve overall performance and reduce significant load when processing similar files.

However, we have realized this feature might run slowly in high-load scenarios against large database sizes.

This issue occurs only in containerized environments.

If the config zip file includes non-empty required_engines setting, MetaDefender Core will reject the import.

Workaround:

1. Extract the config zip file.
2. Open the "export_settings.json" and set "required_engines" to an empty array.
3. Recompress the files into a new zip.
4. When executing the docker run command, set the following environment variables: MDCORE_HEALTH_CHECK, MDCORE_REQUIRED_ENGINES. For more details, please refer to Health check settings.

This issue has been resolved in version 5.6.0.

When modifying settings in Workflow Rule, the 'Revert to Default' button may sometimes disappear and become non-functional. This behavior was encountered in version 5.5.0.

We have observed that the Engine Update feature may not work properly in an environment protected by a [Palo Alto firewall](Palo Alto firewall). In the log file, you might find the error message 'SslHandshakeFailedError'.

If upgrading to the latest version of MetaDefender Core does not solve the issue, please consider setting up MetaDefender Update Downloader product. This product is responsible for downloading engines, and MetaDefender Core will retrieve and update its engines from there.

This issue has been resolved in version 5.5.1.

MetaDefender Core version 5.5.0 introduces significant changes to support UI accessibility. However, this leads to an inconvenient issue when displaying Workflow Rule on small or zoomed-in resolution screens. Some tabs at the bottom of the list may not be displayed properly.

Workaround: Try zooming out a little bit on the browser.

This issue has been resolved in MetaDefender Core version 5.5.0 and the Archive Extraction engine version 6.2.1.

• If you're using MetaDefender Core version 5.4.1, you can update the Archive Extraction engine to version 6.2.1 or newer without waiting for MetaDefender Core version 5.5.0 release.
• If you're using MetaDefender Core 5.4.0 or older, you can upgrade it to version 5.4.1 or newer, and update the Archive Extraction engine to version 6.2.1 or newer. If you are not able to upgrade MetaDefender Core, it is recommended to stick with the Archive Extraction engine version 6.0.2 until you are able to upgrade MetaDefender Core.

This issue has been resolved in version 5.4.1.

The FileType engine version 6.0.2 may generate malformed data, which can negatively impact MetaDefender Core version 5.4.0 or older when written to the PostgreSQL database:

• The Executive Report in Dashboard may become frozen and revert to zero.
• CPU usage may increase excessively.
• A significant decrease in file processing performance may occur.

If you experience similar issues, follow these troubleshooting steps to resolve the problem: Rectify malformed FileType data in PostgreSQL database

MetaDefender Core version 5.2.1 or later may not function correctly with Red Hat or CentOS operating systems that use kernel 372.13.

Red Hat is addressing the kernel issues. Please try upgrading to kernel version 372.26.

This issue was addressed in MetaDefender Core v5.11.1

In a containerized environment, MetaDefender Core version 5.2.0 or newer may work properly when:

• The Linux kernel version of the host machine is newer than 4.18.0 including 5.x.y and 6.x.y.
• The Docker base image is CentOS 7.
• The bundled PostgreSQL database is used (DB_TYPE=local).

Workarounds for older versions:

1. Switch to using a Docker base image RHEL 8 or Debian.
2. Switch to using a remote PostgreSQL database.

On MetaDefender Core version 5.2.0 and later, OpenSSL 1.x has been replaced by OpenSSL 3.x within the product and its dependencies, including PostgreSQL and NGINX, to enhance security and address known vulnerabilities in OpenSSL 1.x.

However, NGINX's implementation of OpenSSL 3.x in MetaDefender Core enforces strong encryption by rejecting all weak cipher suites. It only accepts "HIGH" encryption cipher suites as defined by OpenSSL https://www.openssl.org/docs/man1.1.1/man1/ciphers.html. This means ciphers based on MD5 and SHA1 hashing are no longer supported.

Consequently, if you previously configured MetaDefender Core for HTTPS connections using a weak SSL cipher with your certificate, the service will not start due to NGINX's OpenSSL 3.x security enforcement.

To prevent and remediate the issue before upgrading MetaDefender Core, please refer to the following resources: HTTPS Failure on MetaDefender Core 5.2.0 (or newer)