Release Notes

Version

5.2.1

Release date

31Aug 2023

Scope

Focused on My OPSWAT integration (basic level), product enhancement and other product bug fixes.

Before you upgrade MetaDefender ICAP Server to v5.2.0 or newer from version older than v5.2.0

New Features, Improvements and Enhancements


Details

Integration with My OPSWAT portal

Get ready for My OPSWAT integration where MetaDefender ICAP Server can connect and be managed in My OPSWAT product inventory.

Stay tuned for My OPSWAT further updates (end of September) to get hold of this integration on My OPSWAT.

Host-name based search for the processing history page

Allow users filtering the processing history by host name.

Learn more at Enable/disable hidden column

Health check API based on MetaDefender Core workflow

Support new configurable health check rule based on MetaDefender Core workflow, see details at Health Check API Configuration

Other functionality updates

  • Support Deep CDR analysis mode (only when enabled on MetaDefender Core).

  • Like IP addresss, now server domain is also supported for webhook_callback setting, see details at Configuration file

  • Synchronize to display according scan verdict from MetaDefender Core.

Oher UI updates

Some minor cosmetic UI updates for the processing history page.

Bug Fixes


Details

PostgreSQL data missed in the support package on Windows

PostgreSQL data did not export correctly on Windows when generating the support package.

SYSTEM user directory was mistakenly removed

Unable connect to Central Management v7 due to SYSTEM user directory was removed.

Known Limitations


Details

Stability issues on Red Hat / CentOS with its kernel version 372

MetaDefender ICAP Server 5.1.0 or newer might not be able to work properly with Red Hat /Cent OS with its kernel 372.

The vendor Red Hat has already fixed issues with latest kernel version 425

MetaDefender ICAP Server's NGINX web server will not start if using weak cipher suites for HTTPS

On MetaDefender ICAP Server 5.1.0 or newer, OpenSSL 1.x is replaced by OpenSSL 3.x within the product and other dependencies (NGINX) as a security improvement, and prevent known vulnerabilities found on OpenSSL 1.x

NGINX's OpenSSL 3.x on MetaDefender ICAP Server has the enforcement in place to reject all weak cipher suites. It only accepts "HIGH" encryption cipher suites https://www.openssl.org/docs/man1.1.1/man1/ciphers.html (MD5 and SHA1 hashing based will not be accepted as well).

As a result, if you already configured MetaDefender ICAP Server for HTTPS connection, but using a weak SSL cipher with your certificate, then MetaDefender ICAP Server will not be able to start due to NGINX's OpenSSL 3.x enforcement.

no_proxy configuration

From MD ICAP Server 5.1.0, no_proxy setting must support CIDR for IP address, refer to No Proxy configuration

Connect with MD Core with TLS on Debian OS

MetaDefender ICAP Server v5.1.0 on Debian OS must execute 2 bellows command to connect with MetaDefender Core via TLS enable.

sudo mkdir -p /etc/pki/tls/certs/

sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt

This issue has already fixed since MetaDefender ICAP Server v5.1.1

TLS 1.3 does not support on Windows Server 2012

Tls 1.3 will not work on Windows Server 2012 due to limitation of Schannel https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-