Release notes

Version	5.15.1
Release date	30 July 2025
Scope	This minor version provides two new OS support, advanced log configuration on web console, executive report improvements, processing efficiency improvements and several bug fixes.

Making sure to check out the Known Limitations

New Features, Improvements and Enhancements

New Operating System Support: Ubuntu 24.04

This release introduces support for Ubuntu 24.04 across most engines. The majority of engines are now compatible and operational on this new operating system. MetaDefender Core now also supports CIS Level 2 system hardening benchmarks on this OS. For more details, refer to CIS Level 2 Guidelines.

Few engines still require additional time for full compatibility with Ubuntu 24.04:

Adaptive Sandbox
File-based Vulnerability Assessment
Reputation
YARA

Further updates will be provided in future releases.

New Operating System Support: Windows Server 2025

This release of MetaDefender Core also introduces official support for Windows Server 2025, expanding platform compatibility for our suite.

Few engines still require additional time for full compatibility with Windows Server 2025:

Adaptive Sandbox
File-based Vulnerability Assessment
Reputation
YARA

Further updates will be provided in future releases.

Support Advanced Log Configurations on Web Console

Starting with MetaDefender Core version 5.15.1, the following advanced log configurations including local time zone, Common Event Format, product logs and syslog settings are supported.

Most settings, except for the product file path, do not require a service restart to take effect.

The product now offers three means of log configurations:

Through MetaDefender Core web console (Advanced Log Configurations).
Using REST API endpoints (PUT - Update log configurationAPI).
Enrolling and managing with My OPSWAT Central Management.

Processing History Export as CSV Supports More Filters

Added support for additional filters in the CSV export functionality for processing history. Users can now apply the following filters for CSV export:

Result
User
Status
Request Type (Batch, File, Object)

REST API Enhancements

Introduced a new field, post_processing.sanitization_details.status, to the response JSON when retrieving processing results. This field indicates the status of the sanitization process with the following possible values:

Queued: The file is currently waiting in the MetaDefender Core's queue before being sent to the Deep CDR engine.
Processing: The file has been sent to the Deep CDR engine and is currently being processed.
Finished: The Deep CDR process has completed, with additional states available for further inspection.

Impacted REST API endpoints:

Further Enhancements

1) Optimized PostgreSQL Query Performance: Enhanced the PostgreSQL query to improve performance when handling a large number of batches, resulting in faster data retrieval and processing.

2) Enhanced Connection Persistence to My OPSWAT Central Management: Improved handling of connection persistence for MetaDefender Core to My OPSWAT Central Management (MOCM) in specific edge cases, enhancing user experience by avoiding the need for re-enrollment. Key scenarios addressed include:

When the machine loses internet connectivity to MOCM and the service is subsequently restarted.
When the system's root certificates are corrupted or invalid and are later updated or restored.

3) A tool for Admin to remove an existing PIN code or set a new one. More details at PIN Code Reset Tool.

4) Audit Log covers activities related to API PUT - Update list of custom response headersAPI.

5) Extended the option "Fallback file type detection to current extension" to Adaptive Sandbox.

6) No longer processing zero-byte files with Adaptive Sandbox.

7) Enhanced engineprocess's thread pool mechanism to achieve immediate response post-termination and improved thread reusability. This increases the total number of tasks handled over time. Nevertheless, at the cost of performance boost, it could increase the load on the service if clients frequently request scan results.

Security Enhancements

Upgraded libraries for vulnerability fixes:

Libxml2 v2.14.5
7z v25.0
OpenLDAP v2.6.10
Redis++ v1.3.14

Bug Fixes

Resolved an issue that caused slowdowns in warehouse updates for the Executive Report and high CPU consumption when the service received a large volume of requests in a short period.
Resolved an issue that caused Executive Report data to freeze following a sudden shutdown of the service.
Resolved an issue that caused unnecessary retry attempts when Adaptive Sandbox returned a SKIPPED result.
Resolved an issue where slots in the queue for Batch processing were not released and temporary files were not cleaned up when the client connection was closed, resulting in improper transmission of error responses.
Resolved a potential issue that could cause the service to crash due to incompatibility between a library with Qt6.

Known Limitations

	Details
The 'Proxy server requires password' setting cannot be disabled once it has been enabled	This issue has been resolved in version 5.14.2. In version 5.14.1, there was an issue that prevented disabling the `Proxy server requires password` setting once it has been enabled. As a workaround, you can export the current settings, locate and remove the username and password fields under the relevant proxy configuration, and then import the modified configuration.
Database connection failure occurred in a specific circumstance after upgrading to version 5.11.0	This issue has been resolved in version 5.11.1. This issue does not affect all cases when upgrading to version 5.11.0. After applying the authentication method `scram-sha-256` to enhance security for the bundled PostgreSQL, a database connection issue started occurring after the upgrade, in a specific circumstance. If the application was previously upgraded from version 5.5.1 or older to version 5.6.0 or newer, this issue will occur when users upgrade to version 5.11.0. We prepare a Knowledge Base (KB) for troubleshooting the issue and bringing the system back online: How to Troubleshoot an Error related to Connection to Database Failing after an Upgrade to v5.11.0? The issue will not occur in the following scenarios: Upgrading directly from version 5.5.1 or older to version 5.11.0. Upgrading from a fresh installation of version 5.6.0 or newer to version 5.11.0.
Archive compression may fail with very large archive files that contain a large number of subfiles	This issue has been addressed in MetaDefender Core v5.14.0. MetaDefender Core has a limitation when compressing very large archive files that contain a high number of subfiles. In our test scenario, it failed when processing an archive with 300,000 or more subfiles.
Reuse processing result by hash might be slow in high-load situations	This issue has been resolved in version 5.10.1. Since its introduction in version 5.8.0, this feature has helped improve overall performance and reduce significant load when processing similar files. However, we have realized this feature might run slowly in high-load scenarios against large database sizes.
Temporary files in the resource folder may not be properly cleaned up if the Archive Extraction engine crashes	Starting from MetaDefender Core version 5.10.1, if the Archive Extraction engine crashes, temporary files from specific extraction transactions may not be properly cleaned up. However, this issue is relatively rare.
Reject importing non-empty required_engines setting in containerized environments	This issue occurs only in containerized environments. If the config zip file includes non-empty required_engines setting, MetaDefender Core will reject the import. Workaround: Extract the config zip file. Open the "`export_settings.json`" and set "`required_engines`" to an empty array. Recompress the files into a new zip. When executing the docker run command, set the following environment variables: `MDCORE_HEALTH_CHECK`, `MDCORE_REQUIRED_ENGINES`. For more details, please refer to Health check settings.
The Engine Update feature may not work as expected in certain environments	We have observed that the Engine Update feature may not work properly in an environment protected by a Palo Alto firewall. In the log file, you might find the error message '`SslHandshakeFailedError`'. If upgrading to the latest version of MetaDefender Core does not solve the issue, please consider setting up MetaDefender Update Downloader product. This product is responsible for downloading engines, and MetaDefender Core will retrieve and update its engines from there.
Performance degradation when processing large archive files	This issue has been resolved in MetaDefender Core version 5.5.0 and the Archive Extraction engine version 6.2.1. If you're using MetaDefender Core version 5.4.1, you can update the Archive Extraction engine to version 6.2.1 or newer without waiting for MetaDefender Core version 5.5.0 release. If you're using MetaDefender Core 5.4.0 or older, you can upgrade it to version 5.4.1 or newer, and update the Archive Extraction engine to version 6.2.1 or newer. If you are not able to upgrade MetaDefender Core, it is recommended to stick with the Archive Extraction engine version 6.0.2 until you are able to upgrade MetaDefender Core.
Stability issues on Red Hat / CentOS systems with kernel version 372.13	MetaDefender Core version 5.2.1 or later may not function correctly with Red Hat or CentOS operating systems that use kernel 372.13. Red Hat is addressing the kernel issues. Please try upgrading to kernel version 372.26.
PostgreSQL and MetaDefender Core services cannot initialize in certain containerized environments	This issue was addressed in MetaDefender Core v5.11.1 In a containerized environment, MetaDefender Core version 5.2.0 or newer may work properly when: The Linux kernel version of the host machine is newer than 4.18.0 including 5.x.y and 6.x.y. The Docker base image is CentOS 7. The bundled PostgreSQL database is used (`DB_TYPE=local`). Workarounds for older versions: Switch to using a Docker base image RHEL 8 or Debian. Switch to using a remote PostgreSQL database.
MetaDefender Core's NGINX web server will not start if weak cipher suites are used for HTTPS	On MetaDefender Core version 5.2.0 and later, OpenSSL 1.x has been replaced by OpenSSL 3.x within the product and its dependencies, including PostgreSQL and NGINX, to enhance security and address known vulnerabilities in OpenSSL 1.x. However, NGINX's implementation of OpenSSL 3.x in MetaDefender Core enforces strong encryption by rejecting all weak cipher suites. It only accepts "HIGH" encryption cipher suites as defined by OpenSSL https://www.openssl.org/docs/man1.1.1/man1/ciphers.html. This means ciphers based on MD5 and SHA1 hashing are no longer supported. Consequently, if you previously configured MetaDefender Core for HTTPS connections using a weak SSL cipher with your certificate, the service will not start due to NGINX's OpenSSL 3.x security enforcement. To prevent and remediate the issue before upgrading MetaDefender Core, please refer to the following resources: HTTPS Failure on MetaDefender Core 5.2.0 (or newer)

Last updated on

Was this page helpful?