Release Notes

Version

5.1.0

Release date

23 Nov 2022

Scope

Major release with built-in NGINX integration support, security enhancements and other product features

Before you upgrade MetaDefender ICAP Server:

Making sure to check out the Release Notes

New Features, Improvements and Enhancements


Details

NGINX integration support

A NGINX dynamic module (OMetaScan NGINX module) to integrate MetaDefender ICAP Server with your existing NGINX web server.

The feature settings can be also configured on MetaDefender ICAP Server side.

More details: NGINX Integration Module and NGINX Ingress Controller Integration

Integration with Huawei OceanStor Dorado All-Flash Storage & Huawei OceanStor Hybrid Flash Storage

Enhance the OceanStor integration:

  • Support Huawei OceanStor Dorado All-Flash Storage & Huawei OceanStor Hybrid Flash Storage.

  • New feature: move blocked files to quarantine path (Filemod Configuration)

  • User Name can be displayed on ICAP History for Filemod

More details: Huawei OceanStor

Password protected for the exported JSON configurations

The exported JSON configuration file can be encrypted and protected with password.

Security enhancements

As a regular security practice, we upgraded 3rd party dependencies and development framework to prevent critical vulnerabilities:

  • Upgraded OpenSSL 3.0.7

  • Upgraded Qt framework 6

  • Upgraded other 3rd party libraries

Bug Fixes


Details

Product UI fixes

  • Only the fist page of LDAP user list was displayed.

Product stability improvement

  • Log override feature did not work on Windows.

  • Database vaccum failed on docker container environment.

Security fixes

  • Potential XSS/HTML injection on the product UI features.

Known Limitations


Details

Stability issues on Red Hat / CentOS with its kernel version 372

MetaDefender ICAP Server 5.1.0 might not be able to work properly with Red Hat /Cent OS with its kernel 372.

The vendor Red Hat has already fixed issues with latest kernel version 425

MetaDefender ICAP Server's NGINX web server will not start if using weak cipher suites for HTTPS

On MetaDefender ICAP Server 5.1.0 or newer, OpenSSL 1.x is replaced by OpenSSL 3.x within the product and other dependencies (NGINX) as a security improvement, and prevent known vulnerabilities found on OpenSSL 1.x

NGINX's OpenSSL 3.x on MetaDefender ICAP Server has the enforcement in place to reject all weak cipher suites. It only accepts "HIGH" encryption cipher suites https://www.openssl.org/docs/man1.1.1/man1/ciphers.html (MD5 and SHA1 hashing based will not be accepted as well).

As a result, if you already configured MetaDefender ICAP Server for HTTPS connection, but using a weak SSL cipher with your certificate, then MetaDefender ICAP Server will not be able to start due to NGINX's OpenSSL 3.x enforcement.