Release Notes

Besides the existing scanning capacity with MetaDefender Core, now MetaDefender Cloud integration is supported for file processing.

By sending files from network traffic to MetaDefender Cloud via the internet content adaptation protocol (ICAP), organizations can reduce on-premises resource requirements and system maintenance.

Under the existing server profile functionality, users now can select MetaDefender Cloud option.

MetaDefender Cloud's valid API key is required, both paid and free API key are accepted, however, free API key should be advised for functionality evaluation purpose only, should not be used on production environment.

Users are supported to configure all applicable settings with MetaDefender Cloud integration on the same screen.

Those MeDefender Cloud server profiles can be set for every MetaDefender ICAP Server's processing workflow, along with MetaDefender Core server profiles.

A new mechanism for high availability capacity i.e. in case of a data center outage, customers can now direct traffic to an alternative server group for scanning. This ensures that MetaDefender ICAP Server instances in the functioning data center can continue scanning files without interruption.

Customers also have the option to divert traffic to MetaDefender Cloud for processing (which is supported in this new release) if applicable.

Under Workflow Management > Scan > Backup Servers, customers can configure various options, including enabling or disabling ICAP requests, specifying scan targets and timeouts, and defining backup servers.

Upgraded 3rd party libraries for vulnerabilities:

• Zlib 1.3.1
• PostgreSQL 12.18
• LibXML2 2.12.5
• Xerces-c 3.2.5
• OpenSSL 3.2.1

Retired to remove the legacy unused utility tool SQLite in the product installation folder for vulnerability concern.

• JSON/SOAP base64 decoding feature enhancements: (1) Supported messages containing base64 encoded data URL https://datatracker.ietf.org/doc/html/rfc2397 (2) Performed all base64 decoding and encoding within MetaDefender ICAP Server (instead of offloading to MetaDefender Core) for overall optimized performance.
• Enhanced PostgreSQL vacuum scheduling to prevent overusing disk space needed for PostgreSQL database growth.
• Supported to configure PostgreSQL database name via the ignition file.

• Other minor UI updates
• Continuous improvements for UI accessibility for WCAG 2.0 and 2.1 level A, AA compliance.

UI (frontend) issue which can workround via using REST API.

Having no impact on existing SAML directory when upgrading to MetaDefender ICAP Server 5.5.0.

The issue will be addressed on MetaDefender ICAP Server 5.5.1or newer.

MetaDefender ICAP Server 5.1.0 or newer might not be able to work properly with Red Hat /Cent OS with its kernel 372.

The vendor Red Hat has already fixed issues with latest kernel version 425

On MetaDefender ICAP Server 5.1.0 or newer, OpenSSL 1.x is replaced by OpenSSL 3.x within the product and other dependencies (NGINX) as a security improvement, and prevent known vulnerabilities found on OpenSSL 1.x

NGINX's OpenSSL 3.x on MetaDefender ICAP Server has the enforcement in place to reject all weak cipher suites. It only accepts "HIGH" encryption cipher suites https://www.openssl.org/docs/man1.1.1/man1/ciphers.html (MD5 and SHA1 hashing based will not be accepted as well).

As a result, if you already configured MetaDefender ICAP Server for HTTPS connection, but using a weak SSL cipher with your certificate, then MetaDefender ICAP Server will not be able to start due to NGINX's OpenSSL 3.x enforcement.

MetaDefender ICAP Server v5.1.0 on Debian OS must execute 2 bellows command to connect with MetaDefender Core via TLS enable.

sudo mkdir -p /etc/pki/tls/certs/

sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt

This issue has already fixed since MetaDefender ICAP Server v5.1.1