Release Notes
Version | 5.5.0 |
---|---|
Release date | 28 Mar 2024 |
Scope | Focused on new functionalities, enhancements and bug fixes |
Making sure to check out the Release Notes and documentation:
New Features, Improvements and Enhancements
Details | |
---|---|
Processing files with MetaDefender Cloud | Besides the existing scanning capacity with MetaDefender Core, now MetaDefender Cloud integration is supported for file processing. By sending files from network traffic to MetaDefender Cloud via the internet content adaptation protocol (ICAP), organizations can reduce on-premises resource requirements and system maintenance. Under the existing server profile functionality, users now can select MetaDefender Cloud option. MetaDefender Cloud's valid API key is required, both paid and free API key are accepted, however, free API key should be advised for functionality evaluation purpose only, should not be used on production environment. Users are supported to configure all applicable settings with MetaDefender Cloud integration on the same screen. Those MeDefender Cloud server profiles can be set for every MetaDefender ICAP Server's processing workflow, along with MetaDefender Core server profiles. |
New high availability option for Server Profile | A new mechanism for high availability capacity i.e. in case of a data center outage, customers can now direct traffic to an alternative server group for scanning. This ensures that MetaDefender ICAP Server instances in the functioning data center can continue scanning files without interruption. Customers also have the option to divert traffic to MetaDefender Cloud for processing (which is supported in this new release) if applicable. Under Workflow Management > Scan > Backup Servers, customers can configure various options, including enabling or disabling ICAP requests, specifying scan targets and timeouts, and defining backup servers. |
Security improvements | Upgraded 3rd party libraries for vulnerabilities:
Retired to remove the legacy unused utility tool SQLite in the product installation folder for vulnerability concern. |
Usability enhancements / changes |
|
Logging improvements | More comprehensive logs for Splunk application integration. |
UI Update |
|
Bug Fixes
Details | |
---|---|
Integration with Active Directory Federation Services (AD FS) - OpenID Connect | Failed to integrate with AD FS OpenID Connect due to missing user_endpoint URL. |
Some minor issues | Some UI cosmetics and minor bugs are addressed. |
Known Limitations
Details | |
---|---|
Unable to create new SAML directory (SSO integration) on MetaDefender ICAP Server 5.5.0 via Web UI | UI (frontend) issue which can workround via using REST API. Having no impact on existing SAML directory when upgrading to MetaDefender ICAP Server 5.5.0. The issue will be addressed on MetaDefender ICAP Server 5.5.1or newer. |
Stability issues on Red Hat / CentOS with its kernel version 372 | MetaDefender ICAP Server 5.1.0 or newer might not be able to work properly with Red Hat /Cent OS with its kernel 372. The vendor Red Hat has already fixed issues with latest kernel version 425 |
MetaDefender ICAP Server's NGINX web server will not start if using weak cipher suites for HTTPS | On MetaDefender ICAP Server 5.1.0 or newer, OpenSSL 1.x is replaced by OpenSSL 3.x within the product and other dependencies (NGINX) as a security improvement, and prevent known vulnerabilities found on OpenSSL 1.x NGINX's OpenSSL 3.x on MetaDefender ICAP Server has the enforcement in place to reject all weak cipher suites. It only accepts "HIGH" encryption cipher suites https://www.openssl.org/docs/man1.1.1/man1/ciphers.html (MD5 and SHA1 hashing based will not be accepted as well). As a result, if you already configured MetaDefender ICAP Server for HTTPS connection, but using a weak SSL cipher with your certificate, then MetaDefender ICAP Server will not be able to start due to NGINX's OpenSSL 3.x enforcement. |
no_proxy configuration | From MD ICAP Server 5.1.0, no_proxy setting must support CIDR for IP address, refer to No Proxy configuration |
Connect with MD Core with TLS on Debian OS | MetaDefender ICAP Server v5.1.0 on Debian OS must execute 2 bellows command to connect with MetaDefender Core via TLS enable. sudo mkdir -p /etc/pki/tls/certs/ sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt This issue has already fixed since MetaDefender ICAP Server v5.1.1 |
TLS 1.3 does not support on Windows Server 2012 | Tls 1.3 will not work on Windows Server 2012 due to limitation of Schannel https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp- |