Release notes

MetaDefender Storage Security v4.4.2 Release Date: May 14, 2026 Version supported until November 14, 2027
Maintenance Release (v4.4.2) SFTP scan reliability. Fixed an issue where SFTP scans could fail with repeated connection errors against servers that limit concurrent sessions. Windows upgrade from v3.6.1 and v4.4.0. Fixed a crash during the MongoDB migration step that blocked Windows upgrades to the latest version. Offline toolkit package. Fixed the offline installer so air-gapped deployments include all required components and the platform service starts as expected. Maintenance Release (v4.4.1) NGINX security update. Updated NGINX to 1.31.0, which patches CVE-2026-42945. Previous MDSS versions are not affected by this CVE; the update ships as a precaution. RTP validation for circular remediations. Real-time scans now reject workflows whose move or copy remediation targets the same storage unit being scanned, preventing the retry loop seen previously. Additional S3 region. Added the New Zealand (ap-southeast-6) region to the AWS S3 and S3-compatible storage selectors. Reduced error log noise. Cleaned up spurious error log entries from background job cleanups and certain file-download failure paths.
Highlights New Storage Integration: Scality RING - Added native integration for Scality RING S3-compatible object storage, with full coverage for multiscanning, CDR, DLP, file tagging, and remediation actions. Azure Blob storage autodiscovery. Azure Blob accounts can now automatically discover and onboard new containers as they are created. Container selection can be fully automatic or scoped to a manual subset, and the feature can be toggled per account. Access Control (ABAC Phase I). New Settings → Access Control tab showing default roles and their permissions. Real-Time Processing start date. Added an optional "Pick files modified since" date picker to the RTP scan modal, so older files (e.g., OneDrive uploads that retain their original `LastModified`) can be included in the scan. Scan size visibility. Individual scan reports and active scans now show `Total Files Size` and `Processed Files Size`, and `Total Files Count` is back in the report view. Users included in config export/import. Configuration export can now optionally include MDSS users (local and SSO), with matching users reconciled on import.
Improvements Scan reliability and gRPC performance. Reused gRPC channels across NFS/SFTP discovery, object operations, and telemetry to prevent port exhaustion; added watchdog timeouts and retries to prevent stuck scans and stuck remediations; fixed timing edge cases that could mark instant scans complete prematurely; and added parallel consumers on non-priority RPC queues for better authentication throughput. Logging and diagnostics. Added a separate error/warning log file with its own rotation, persisted PostgreSQL/Redis/RabbitMQ logs across container restarts, identified the specific MD Core instance in API key failure logs, and clarified the support package export error around `LOGS_PER_SERVICE`. Cancel on-demand scans from Reports. On-demand scans can now be cancelled directly from the Reports tab, matching the existing RTP cancel behavior. Persistent service scaling. Extra service instances can now be configured in `customer.env` and survive upgrades. Discovery throttling for Discovery-Only scans. Added configurable queue-depth-aware throttling so Discovery-Only workflows back off when downstream queues are saturated and resume once they drain. Scan reliability guardrails. Scans no longer get stuck on slow storage or remediation, and instant scans now wait for discovery to actually finish before reporting completion. Workflow display in scan details and reports. Active scan details now show only the currently running workflow, while reports keep the full workflow history with a clearer "current vs. previously used" layout. Adaptive Analysis status accuracy. Adaptive Analysis and Sandbox now show "Skipped" (not "Failed") when MD Core skipped the file, and clean verdicts display a green badge. Adding storage no longer auto-starts a full RTP scan. New storage units are created without an automatic RTP scan, so the Reports view stays clean until you explicitly start one. Delete RTP scans from Reports. RTP scans (including partition scans) can now be deleted from the Reports page, not just cleaned, with support for bulk and mixed-type deletion. Timestamps and cleaner messages on RTP errors. Expanded error details now show when each error occurred and present a friendlier message without raw stack traces. Upgrade reliability. Fixed Windows upgrades silently overwriting `customer.env`, and restored RTP partition scans that stopped working after upgrading to 4.3.0. Stability at scale. Reduced Garnet memory usage on Windows and fixed a service crash triggered by a large number of scans in the database. Integration fixes. Resolved a SharePoint Online issue where slow Graph subscription creation prevented RTP from starting, and blocked the same GCP bucket from being added twice through different credential types (ADC vs. keys). Dependency upgrades. Upgraded RabbitMQ to 4.2.4, Redis to 8.6.0, and Garnet to 1.0.99.

RTP behavior during upgrade.This applies when upgrading from any version older than v4.3.1. Customers already on v4.3.1 or later are not affected.

Active RTP scans are paused during the upgrade and resume automatically once it completes. Files added or modified during the upgrade window can be picked up by running an RTP report cleanup afterward with RTP Handling with Comprehensive Detection enabled. On NAS storage units this cleanup reprocesses all files and may take some time depending on volume.

Last updated on

Was this page helpful?