Release Notes

Version5.4.0
Release date26 Dec 2023
ScopeFocused on new functionalities, enhancements and bug fixes

Making sure to check out the Release Notes and documentation:

  1. PostgreSQL Database Deployment Options
  2. Installation
  3. Upgrade to MetaDefender ICAP Server 5.2.0 or newer

New Features, Improvements and Enhancements

Details
Block page various enhancements
  • Fully customized for your own custom block page, by inputing the raw HTML content.

  • Introduce new inventory for block pages

  • Each custom block page can be assigned to a designated workflow, additional custom placeholders can be also added.

  • Support to define URL redirect (optional with placeholders) for block page configuration under workflow.

See more details at Block Page Customization and Configuration

Continuous NGINX integration enhancement
  • With the new release of Ometascan NGINX module version 1.2.0 Ometascan NGINX module Release Notes, the module now supports chunked transfer-encoding, beside the traditional already-supported content-length header approach.

  • New option to bypass blocking bad requests when applicable NGINX Integration Module (using ometascan_allow_bad_request_traffic option)
UI Update
  • Continuous improvements for UI accessibility for WCAG 2.0 and 2.1 level A, AA compliance.
  • Other minor UI updates

Bug Fixes

Details
Unable export processing history to CSV fileMetaDefender ICAP Server could hang up and unexpectedly restart when exporting the processing history to CSV file.
Some minor issuesSome UI cosmetics and minor bugs are addressed.

Known Limitations

Details
Stability issues on Red Hat / CentOS with its kernel version 372

MetaDefender ICAP Server 5.1.0 or newer might not be able to work properly with Red Hat /Cent OS with its kernel 372.

The vendor Red Hat has already fixed issues with latest kernel version 425

MetaDefender ICAP Server's NGINX web server will not start if using weak cipher suites for HTTPS

On MetaDefender ICAP Server 5.1.0 or newer, OpenSSL 1.x is replaced by OpenSSL 3.x within the product and other dependencies (NGINX) as a security improvement, and prevent known vulnerabilities found on OpenSSL 1.x

NGINX's OpenSSL 3.x on MetaDefender ICAP Server has the enforcement in place to reject all weak cipher suites. It only accepts "HIGH" encryption cipher suites https://www.openssl.org/docs/man1.1.1/man1/ciphers.html (MD5 and SHA1 hashing based will not be accepted as well).

As a result, if you already configured MetaDefender ICAP Server for HTTPS connection, but using a weak SSL cipher with your certificate, then MetaDefender ICAP Server will not be able to start due to NGINX's OpenSSL 3.x enforcement.

no_proxy configurationFrom MD ICAP Server 5.1.0, no_proxy setting must support CIDR for IP address, refer to No Proxy configuration
Connect with MD Core with TLS on Debian OS

MetaDefender ICAP Server v5.1.0 on Debian OS must execute 2 bellows command to connect with MetaDefender Core via TLS enable.

sudo mkdir -p /etc/pki/tls/certs/

sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt

This issue has already fixed since MetaDefender ICAP Server v5.1.1

TLS 1.3 does not support on Windows Server 2012Tls 1.3 will not work on Windows Server 2012 due to limitation of Schannel https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Archived Release Notes
On This Page
Release NotesNew Features, Improvements and EnhancementsBug FixesKnown Limitations