Release Notes
| Version | 5.7.0 |
|---|---|
| Release date | 09 Jan 2025 |
| Scope | Focused on new functionalities, enhancements and bug fixes |
Making sure to check out the Release Notes and documentation:
New Features, Improvements and Enhancements
| Details | ||
|---|---|---|
| Continuous support for My OPSWAT and Central Management v8 integration | Dashboard and processing history of Metadefender ICAP Server can be viewed on My OPSWAT and on Central Management v8 from this version (v5.7.0)
| |
| Enhance processing of base64 encoded data which is embedded in common data format (SOAP/JSON/Form URLEncoded ) |
More detail, refer to Content encoded (SOAP/JSON/Form URLEncoded)
| |
| Upgrade Bundle PostgreSQL to v16.x | MetaDefender ICAP Server now bundle the PostgreSQL database v16.x. With this upgrade, the MetaDefender ICAP Server can support remote PostgreSQL from v12.x to v17.x Important: The product does not upgrade the customer's remote PostgreSQL version. Refer to Upgrade to MetaDefender ICAP Server v5.7.0 or newer | |
| Override some values of processing history and configurable the metadata send to MD Core | The Client IP (represented by X-CLIENT-IP header) and UserName (represented by UserName header) on processing history can be overridden by any header value The Metadata of each scan can be used to trace back the source of requests, Metadefender ICAP Server is supporting to select one of multiple header value as a metadata for scan request.
| |
| Security enhancements | Upgraded third-party libraries for vulnerability fixes:
Front-end enhancements:
| |
| Usability enhancements/changes |
| |
| Discontinued support for Windows Server 2012 and Debian 9 |
MetaDefender ICAP Server version 5.7.0 will no longer support these OS versions. We recommend that customers migrate their systems to newer and supported versions of Windows Server. For a list of currently supported Windows OS versions, refer to Operating Systems. |
Bug Fixes
| Details | |
|---|---|
| Minor fixes | Addressed various UI cosmetics issues and minor bugs. |
Known Limitations
| Details | |
|---|---|
| Proxy configuration | HTTPS proxy configuration is currently not supported. |
| SAML directory (SSO integration) limitation | In MetaDefender ICAP Server v5.5.0, users cannot create a new SAML directory via the web UI.
|
| Stability issues on Red Hat/CentOS with kernel version 372 | MetaDefender ICAP Server 5.1.0 or newer may encounter stability issues on Red Hat /Cent OS systems running kernel version 372. Solution: Red Hat has addressed this issues in the latest kernel version 425 |
| MetaDefender ICAP Server's NGINX web server fails to start with weak cipher suites for HTTPS | In MetaDefender ICAP Server v5.1.0 or newer, OpenSSL 1.x has been replaced with OpenSSL 3.x within the product and other dependencies to enhance security and address vulnerabilities. NGINX's OpenSSL 3.x on MetaDefender ICAP Server has the enforcement in place to reject all weak cipher suites. The web server only accepts "HIGH" encryption cipher suites https://www.openssl.org/docs/man1.1.1/man1/ciphers.html (MD5 and SHA1 hashing based are also not accepted). As a result, if you already configured MetaDefender ICAP Server for HTTPS using a weak SSL cipher with your certificate, the server will not start due to NGINX's OpenSSL 3.x enforcement. |
| no_proxy configuration | Starting with MetaDefender ICAP Server v5.1.0, the no_proxy setting must support CIDR for IP addresses.
For more details, refer to No Proxy configuration |
| Connect to MetaDefender Core with TLS on Debian OS | MetaDefender ICAP Server v5.1.0 on Debian OS must execute the two following commands to enable TLS when connecting to MetaDefender Core.
Resolution: This issue is fixed in MetaDefender ICAP Server v5.1.1 |
| TLS 1.3 is not supported on Windows Server 2012 | TLS 1.3 is not supported on Windows Server 2012 due to limitations with Schannel SSP. Reference |
