Release Notes

Support some latest Unix based OS versions:

• Ubuntu 22.04
• Red Hat/Cent OS 9

MetaDefender ICAP Server provides a new UI accessibility mode to support accessibility view (disabled by default).

Upgraded 3rd party libraries for vulnerabilities:

• NGINX 1.22.1
• Curl 8.4.0
• Angular CLI 14.0
• Zlib 1.2.13 (Windows only)

• "Permissive passive" mode under the Global settings section is now enabled by default.
• New scan verdict filtration for SBOM related result.

• Encountered when multiple AD servers are added, and the first AD server failed to authenticate user.

• Some UI cosmetics and minor bugs are addressed.

MetaDefender ICAP Server 5.1.0 or newer might not be able to work properly with Red Hat /Cent OS with its kernel 372.

The vendor Red Hat has already fixed issues with latest kernel version 425

On MetaDefender ICAP Server 5.1.0 or newer, OpenSSL 1.x is replaced by OpenSSL 3.x within the product and other dependencies (NGINX) as a security improvement, and prevent known vulnerabilities found on OpenSSL 1.x

NGINX's OpenSSL 3.x on MetaDefender ICAP Server has the enforcement in place to reject all weak cipher suites. It only accepts "HIGH" encryption cipher suites https://www.openssl.org/docs/man1.1.1/man1/ciphers.html (MD5 and SHA1 hashing based will not be accepted as well).

As a result, if you already configured MetaDefender ICAP Server for HTTPS connection, but using a weak SSL cipher with your certificate, then MetaDefender ICAP Server will not be able to start due to NGINX's OpenSSL 3.x enforcement.

MetaDefender ICAP Server v5.1.0 on Debian OS must execute 2 bellows command to connect with MetaDefender Core via TLS enable.

sudo mkdir -p /etc/pki/tls/certs/

sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt

This issue has already fixed since MetaDefender ICAP Server v5.1.1