Release Notes

Version5.1.0
Release date23 Nov 2022
ScopeMajor release with built-in NGINX integration support, security enhancements and other product features

Making sure to check out the Release Notes

New Features, Improvements and Enhancements

Details
NGINX integration support

A NGINX dynamic module (OMetaScan NGINX module) to integrate MetaDefender ICAP Server with your existing NGINX web server.

The feature settings can be also configured on MetaDefender ICAP Server side.

More details: NGINX Integration Module and NGINX Ingress Controller Integration

Integration with Huawei OceanStor Dorado All-Flash Storage & Huawei OceanStor Hybrid Flash Storage

Enhance the OceanStor integration:

  • Support Huawei OceanStor Dorado All-Flash Storage & Huawei OceanStor Hybrid Flash Storage.
  • New feature: move blocked files to quarantine path (Filemod Configuration)
  • User Name can be displayed on ICAP History for Filemod

More details: Huawei OceanStor

Password protected for the exported JSON configurationsThe exported JSON configuration file can be encrypted and protected with password.
Security enhancements

As a regular security practice, we upgraded 3rd party dependencies and development framework to prevent critical vulnerabilities:

  • Upgraded OpenSSL 3.0.7
  • Upgraded Qt framework 6
  • Upgraded other 3rd party libraries

Bug Fixes

Details
Product UI fixes
  • Only the fist page of LDAP user list was displayed.
Product stability improvement
  • Log override feature did not work on Windows.
  • Database vaccum failed on docker container environment.
Security fixes
  • Potential XSS/HTML injection on the product UI features.

Known Limitations

Details
Stability issues on Red Hat / CentOS with its kernel version 372

MetaDefender ICAP Server 5.1.0 might not be able to work properly with Red Hat /Cent OS with its kernel 372.

The vendor Red Hat has already fixed issues with latest kernel version 425

MetaDefender ICAP Server's NGINX web server will not start if using weak cipher suites for HTTPS

On MetaDefender ICAP Server 5.1.0 or newer, OpenSSL 1.x is replaced by OpenSSL 3.x within the product and other dependencies (NGINX) as a security improvement, and prevent known vulnerabilities found on OpenSSL 1.x

NGINX's OpenSSL 3.x on MetaDefender ICAP Server has the enforcement in place to reject all weak cipher suites. It only accepts "HIGH" encryption cipher suites https://www.openssl.org/docs/man1.1.1/man1/ciphers.html (MD5 and SHA1 hashing based will not be accepted as well).

As a result, if you already configured MetaDefender ICAP Server for HTTPS connection, but using a weak SSL cipher with your certificate, then MetaDefender ICAP Server will not be able to start due to NGINX's OpenSSL 3.x enforcement.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Archived Release Notes
On This Page
Release NotesNew Features, Improvements and EnhancementsBug FixesKnown Limitations