Release Notes
7.40.0
Search this version
Release Notes
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
Release Notes
Copy Markdown
Open in ChatGPT
Open in Claude
OPSWAT Central Management v.7 and My OPSWAT On-Premises (My OPSWAT Central Management v.8) will reach End of Life on January 31, 2027. We encourage you to upgrade to My OPSWAT Central Management v.10 before January 31, 2027, to ensure continued support and access to the latest features.
More details can be found here.
| 7.40.0 OPSWAT Central Management release June 24, 2025 | OPSWAT Central Management V7 (OCMv7), the newest version of the series, streamlines the product central configuration and adds OPSWAT Client management to further enhance the security stance of organizations to protect against risky devices. |
|---|---|
| Built-in MetaDefender Endpoint version | |
| Windows Persistent Endpoint 7.6.2606.1009 | Detailed release notes for MetaDefender Endpoint are here. |
| Windows On-demand Endpoint 7.3.2606.479 | |
| macOS Persistent Endpoint 10.4.2606.225 | |
| macOS On-demand Endpoint 10.5.2606.177 | |
| Enhancement | |
| Processing history | Enhance internal communication to decrease history sync-up time. Data retention is now fixed to 30 days and configurable via properties file |
| Security Updates | |
| Apache Log4j | Upgraded Apache Log4j to version 2.25.4 to address CVE-2026-34477 (TLS hostname verification bypass), CVE-2026-34478 (Syslog log injection), and CVE-2026-34480 (XmlLayout invalid XML output |
| Apache MINA | Upgraded Apache MINA from 2.1.10 to 2.1.12 to address CVE-2026-41409, CVE-2026-41635, CVE-2026-42778, and CVE-2026-42779 — multiple deserialization RCE vulnerabilities allowing unsafe class resolution and arbitrary code execution |
| mchange-commons-java | Excluded vulnerable c3p0 and mchange-commons-java 0.2.15 from quartz mem-scheduler to address CVE-2026-27727 (CVSS 9.8) — a JNDI-based remote code execution vulnerability that bypasses JDK hardening |
| nginx | Upgraded nginx to address CVE-2026-42945 |
| Apache Commons FileUpload | Upgraded commons-fileupload from 1.5 to 1.6 to address CVE-2025-48976 |
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Last updated on
Was this page helpful?
Next to read:
MetaDefender Endpointnull
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message