Release Notes
| Version | 5.2.0 |
|---|---|
| Release date | 12 Jul 2023 |
| Scope | Focused on bug fixes, enhancements and new functionalities |
Making sure to check out the Release Notes and documentation:
New Features, Improvements and Enhancements
| Details | |
|---|---|
| New Database Management System (PostgreSQL) to replace SQLite |
|
| Support to handle Proactive DLP-processed files | Besides sanitized files, now MetaDefender ICAP Server can handle Proactive DLP-processed files returned from MetaDefender Core. |
| Security enhancements |
|
| Allow traffic if MetaDefender Core is down | If enabled, whenever MetaDefender Core is unreachable, all ICAP requests will be marked as ALLOWED
|
| Single Sign On - Azure ODIC enhancement | Use logged-in user information from ID token (in JWT format) from authorization endpoint instead of UserInfo endpoint. |
| Options-TTL for OPTIONS method | A new option to enable/disable Options-TTL header in response for OPTIONS command (supported to integrate with Oracle ZFS) |
| Licensing with On-prem License Management Server (OLMS) | New licensing management model for MetaDefender ICAP to allow On-prem license management server (to be released) to manage the product's license status including activation, deactivation. |
| Minor UI enhancement | Correct display ICAP duration |
Bug Fixes
| Details | |
|---|---|
| Webhook does not receive callback in special condition | if respond body from Metadefender Core contain character "< >" then MD ICAP Server will not receive the callback |
| Enhancement on ICAP connection with MetaDefender Core | Keep number of sockets steadily while working with MetaDefender Core to allow running out sockets on system. |
Known Limitations
| Details | |
|---|---|
| Stability issues on Red Hat / CentOS with its kernel version 372 | MetaDefender ICAP Server 5.1.0 or newer might not be able to work properly with Red Hat /Cent OS with its kernel 372. The vendor Red Hat has already fixed issues with latest kernel version 425 |
| MetaDefender ICAP Server's NGINX web server will not start if using weak cipher suites for HTTPS | On MetaDefender ICAP Server 5.1.0 or newer, OpenSSL 1.x is replaced by OpenSSL 3.x within the product and other dependencies (NGINX) as a security improvement, and prevent known vulnerabilities found on OpenSSL 1.x NGINX's OpenSSL 3.x on MetaDefender ICAP Server has the enforcement in place to reject all weak cipher suites. It only accepts "HIGH" encryption cipher suites https://www.openssl.org/docs/man1.1.1/man1/ciphers.html (MD5 and SHA1 hashing based will not be accepted as well). As a result, if you already configured MetaDefender ICAP Server for HTTPS connection, but using a weak SSL cipher with your certificate, then MetaDefender ICAP Server will not be able to start due to NGINX's OpenSSL 3.x enforcement. |
| no_proxy configuration | From MD ICAP Server 5.1.0, no_proxy setting must support CIDR for IP address, refer to No Proxy configuration |
| Connect with MD Core with TLS on Debian OS | MetaDefender ICAP Server v5.1.0 on Debian OS must execute 2 bellows command to connect with MetaDefender Core via TLS enable. sudo mkdir -p /etc/pki/tls/certs/ sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt This issue has already fixed since MetaDefender ICAP Server v5.1.1 |
| TLS 1.3 does not support on Windows Server 2012 | Tls 1.3 will not work on Windows Server 2012 due to limitation of Schannel https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp- |