Archived Release Notes

Version 5.8.0

Enhancement and new features:

  • New OS support: Rocky Linux 9

  • Support user login for nested AD groups

  • Email notification: notification about license

  • Security enhancements: Upgraded third-party libraries for vulnerability fixes

  • Support secure TCP syslog

  • Usability enhancements/changes:

    • Support Active Directory Domain Controller
    • Download the User list under User Management
    • Support custom scope and keys for OIDC mapping (prior support mapping was from given keys only)
    • Support the flag to disable revocation server checking in case TLS is enabled on Windows in offline or environment which is protected by firewall/proxy (the flag: global/curlsslopt_revoke_best_effort)
    • Add more options for decoding base64 content encoded (e.g: data is not base64 data), Block/Scan without Decoding or Allow request without scan) - Default option will be Blocked.

  • Bug Fixes:

    • ICAP parser did not allow custom http method on MD ICAP v5.7.0
    • Fixed crash issues in cases: Unenroll to OCM incase very highloading and Receive many empty files when data tricking enable
    • Addressed various UI cosmetics issues and minor bugs

Version 5.7.0

Enhancement and new features:

  • Continuous support for My OPSWAT and Central Management v8 integration: Dashboard and processing history

  • Enhance processing of base64 encoded data which is embedded in common data format (SOAP/JSON/Form URLEncoded ):

    • Beside SOAP/JSON format, MD ICAP Server v5.7.0 has already supported extracted and scanned base64 data which is embedded in FORM URL Encoded
    • Able to select the node/path to specific the file name for Base64 data, this will help trace back the scan data at MD Core side more easier
    • Support configure to select scan all base64 data in array at once (use "*"), instead of configure each node one by one

  • Upgrade Bundle PostgreSQL to v16.x (need check this document carefully before upgrade: https://www.opswat.com/docs/mdicap/installation/upgrade-to-version-5-7-0)

  • Override some values of processing history and configurable the metadata send to MD Core

  • Security enhancements: Upgraded third-party libraries for vulnerability fixes (Curl, Qt, Npgsql, PostgreSQL, Angular)

  • Usability enhancements/changes:

    • Enhance the license management to align with new update of On-Premises License Management Server (OLMS).
    • Added smaller options to Data Retention settings
    • Support 2 new service paths for Globalscape's EFT integration
    • Support new content encoding: zstandard - zstd

Version 5.6.0

Enhancement and new features:

  • Continuous support for My OPSWAT and Central Management v8 integration:

    • Workflow Rules
    • Inventory (Server profiles and block pages configuration)
    • Global Settings
    • Data Retention

  • PostgreSQL 15 remote support

  • Security enhancements:

    • Upgraded third-party libraries for vulnerability fixes (OpenLDAP, Libxml2, PostgreSQL)
    • Front-end enhancements:
      • Hardened the Strict Transport Security header (HSTS)
      • Disabled auto-fill password on login page

  • Docker enhancements: Introduced new settings for the On-Premises License Management Server (OLMS) proxy

  • Discontinued support for Windows Server 2012 and Debian 9

  • Login banner: Added the ability to display a custom notice during the login process

Fixed issues:

  • Product stability improvements:
    • Resolved a memory leak issue in version 5.5.1 when activated by OLMS.
    • Fixed an issue that prevented connection to remote PostgreSQL v14 on Windows.
    • Fixed an issue where the same internal PostgreSQL username was generated for MetaDefender Core when using the same remote PostgreSQL server.
    • Fixed an issue causing the loss of processing history during upgrades on newer versions of Kubernetes (K8S)

Version 5.5.1

Enhancement and new features:

  • MetaDefender ICAP Server now supports users to control proxy setting for the product via UI setting, and also proxy authentication is supported

  • Provide a way to filter requests based on request URL

  • Security enhancements:

    • Strengthen the product security to use strongest cipher AES_256_GCM to encrypt sensitive data on PostgreSQL database.
    • Increase minimum password length enforcement to 30 characters.

  • Logging improvements:

    • New configuration to collect system resource information on server where MetaDefender ICAP Server resides for Splunk integration, instead of using Splunk Universal Forwarder.

  • Performance improvements:

    • Improved system resources utilization better.
    • Enhanced scan result polling mechanism against MetaDefender Core.

Fixed issues:

  • Fixes on product stability issues:
    • “Scan Server Became Unreachable” setting mistakenly became unchecked after upgrading from MetaDefender ICAP Server version 5.2.0 to 5.5.0.
    • Failed to create SAML user directory.
    • Failed to connect and setup email server when using system proxy configuration (via environmental variable).
    • Base64 decoding could be incorrect when data length is not a multiply of 4
    • Correct decoding for malformed base64 data whose length is not multiple of 4.

Version 5.5.0

Enhancement and new features:

  • Processing files with MetaDefender Cloud
  • New high availability option for Server Profile
  • Security improvements: Upgraded 3rd party libraries for vulnerabilities (Zlib, PostgreSQL, LibXML, Xerces-c, OpenSSL)
  • Logging improvements: More comprehensive logs for Splunk application integration

Fixed issues:

  • Failed to integrate with AD FS OpenID Connect due to missing user_endpoint URL.

Version 5.4.0

Enhancement and new features:

  • Block page various enhancements
  • Continuous NGINX integration enhancement
  • UI Update

Fixed issues:

  • Unable export processing history to CSV file
  • Some UI cosmetics and minor bugs are addressed.

Version 5.3.0

Enhancement and new features:

  • Support SOAP/JSON message with Base64 embedded data
  • Support new OS Version: Ubuntu 22.04, Red Hat/Cent OS 9
  • provides a new UI accessibility mode to support accessibility view (disabled by default)
  • Upgraded 3rd party libraries for vulnerabilities (NGINX, Curl, Angular, Zlib)

Fixed issues:

  • Encountered when multiple AD servers are added, and the first AD server failed to authenticate user
  • Some UI cosmetics and minor bugs are addressed.

Version 5.2.1

Enhancement and new features:

  • Integration with My OPSWAT portal

  • Host-name based search for the processing history page

  • Health check API based on MetaDefender Core workflow

  • Other functionality updates

    • Support Deep CDR analysis mode (only when enabled on MetaDefender Core)
    • Like IP addresss, now server domain is also supported for webhook_callback setting
    • Synchronize to display according scan verdict from MetaDefender Core.

  • Oher UI updates: Some minor cosmetic UI updates for the processing history page.

Enhancement and new features:

  • PostgreSQL data missed in the support package on Windows
  • SYSTEM user directory was mistakenly removed

Version 5.2.0

Enhancement and new features:

  • New Database Management System (PostgreSQL) to replace SQLite

  • Support to handle Proactive DLP-processed files

  • Security enhancements

    • Upgrade 3rd party dependencies: Curl 8.1.2 (formerly 8.0.1)
    • Set default TLS version 1.3

  • Support setting to allow traffic if MetaDefender Core is down

  • Single Sign On - Azure ODIC enhancement: Use logged-in user information from ID token (in JWT format) from authorization endpoint instead of UserInfo endpoint.

  • Options-TTL for OPTIONS method: A new option to enable/disable Options-TTL header in response for OPTIONS command (supported to integrate with Oracle ZFS)

  • Licensing with On-prem License Management Server (OLMS): New licensing management model for MetaDefender ICAP to allow On-prem license management server (to be released) to manage the product's license status including activation, deactivation.

  • Correct display ICAP duration on UI display

Fixed issues:

  • Webhook callback: if respond body from Metadefender Core contain character "< >" then MD ICAP Server will not receive the callback
  • Enhancement on ICAP connection with MetaDefender Core: Keep number of sockets steadily while working with MetaDefender Core to allow running out sockets on system.

Version 5.1.1

Enhancement and new features:

  • Security hardening: As a regular security practice, we upgraded 3rd party dependencies and development framework to prevent critical vulnerabilities (Upgraded OpenSSL 3.0.8, Upgraded Curl on Linux 7.88.0, Upgraded Protobuf 3.21.11)

  • Add more setting option about Session policies in Setting > Security

    • Toggle (switch on / off) for duplicate sessions enablement.
    • Toggle (switch on / off) for cross IP sessions enablement.

  • Add health check API

  • Allow search by the user in User Management

Fixed issues:

  • MetaDefender ICAP Server v5.1.0 can not connect to MetaDefender Core when enabling TLS secure connection. on Debian OS
  • Product stability improvement
    • Improve search users result with special character input (e.g: "+").
    • Import/export feature.

Version 5.1.0

Enhancement and new features:

  • Support NGINX integration: A NGINX dynamic module (OMetaScan NGINX module) to integrate MetaDefender ICAP Server with your existing NGINX web server.
  • Enhance the OceanStor integration :
  • Support Huawei OceanStor Dorado All-Flash Storage & Huawei OceanStor Hybrid Flash Storage
  • New feature: move blocked files to quarantine path
  • User Name can be displayed on ICAP History for Filemod
  • The exported JSON configuration file can be encrypted and protected with password.
  • As a regular security practice, we upgraded 3rd party dependencies and development framework to prevent critical vulnerabilities

Fixed issues:

  • fix product UI: Only the fist page of LDAP user list was displayed.
  • Log override feature did not work on Windows.
  • Database vaccum failed on docker container environment.
  • Potential XSS/HTML injection on the product UI features.

Version 5.0.0

Enhancement and new features:

  • A brand-new UI for the management console, which was designed with the focus on the quality and thoughtfulness of the user experience. The new administrative console UI provides an advanced set of MetaDefender ICAP Server features.
  • Applicable to local users, support to recover user credentials via a new forgot-password feature
  • Import/export config feature improvement (Support for the email configuration setting and Resolved misleading error message under certain circumstance)

Version 4.13.0

Enhancement and new features:

  • Docker container support for Linux base environment (CentOS / RedHat, Ubuntu / Debian)
  • Helm chart and configuration support on Kubernetes environment
  • Supports authentication using SSO with widen integration coverage for most of Identity Providers (IDP) via SAML 2.0 and OpenID Connect 1.0 standard support.
  • 3rd party vulnerabilities check and remediation.
  • Fixed UI display corresponding the setting.

Fixed issues:

  • Prevented Cross-Site Scripting (XSS) attack vulnerability via the blocked page response. Details: CVE-2022-40778
  • Under high load circumstance with the local scan mode, temporary files could not be cleaned up properly due to being locked by MetaDefender Core.
  • Lookout time and number of failed logins before lookout
  • Minor UI fixes

Version 4.12.2

Enhancement and new features:

  • Update the range input of Idle timeout and absolute session
  • Add flag "notify_modified_ custom_header"

Fixed issues:

  • Fixed issue of QTcpServer become unresponsive when client which are connected to it ungracefully close the socket repeatedly
  • Fixed crash issue when webhook mode is used

Version 4.12.1

Enhancement and new features:

  • Session timeout setting
  • Custom ICAP request header

Fixed issues:

  • Security vulnerability: Fixed some security vulnerabilities on the product.

Version 4.12.0

Enhancement and new features:

  • Official support new OS version (CentOS: 8.x; Red Hat Enterprise Linux 8.x; Debian 10.x, 11.x; Ubuntu 18.04, 20.04)

  • Password policy options for the admin UI

  • Security enhancement

    • Supported TLS 1.3 for HTTPS connection
    • Enhanced HTTPS with new appended secured headers for the product management console UI: Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options.
    • Upgrade OpenSSL to 1.0.2u for potential vulnerabilities on Windows.
    • New configuration supported for toggling on certificate's name against host verification.

  • Log enhancement

    • Added client IP address info to mdicapsvr.log scan entries.
    • Write to separate file feature coming with log rotation is enabled by default on Windows.

  • Startup time improvement: MetaDefender ICAP Server startup is now faster even when its database size is big.

Fixed issues:

  • MetaDefender ICAP Server was not working if Nginx installation folder in configured custom path start with "n" character
  • MetaDefender Core API key on Core URI configuration was lost when adding MetaDefender Core during ICAP server configuration wizard.

Version 4.11.1

Enhancement and new features:

  • Import/Export configurations
  • UI enhancements
    • In Server Profiles, added warning message when putting a new MetaDefender Core URL address without workflow rule selected.
    • Message polished for unexpected result while adding additional MetaDefender Core server in Server Profiles

Fixed issues:

  • In-use HTTPS/ICAPS certificate was removed
  • Handling credentials information in log
  • New user directory failed to create under certain circumstance
  • UI issues fixed
    • Activating wrong license key exposed with misleading error message
    • Only applicable while browsing MetaDefender ICAP server management console in OPSWAT Central Management UI: Server profile data could not be displayed randomly

Version 4.11.0

Enhancement and new features:

  • Webhook callback mode (BETA)
  • Data querying and searching speed improvement
  • JSON scan result response back to ICAP client
  • New setting for max number of connections accepted by ICAP server
  • New setting for unique URI assigned for each ICAP service (REQMOD, RESPMOD)

Version 4.10.1

Enhancement and new features:

  • Upgrade nginx to version 1.20.1
  • Calculate the DURATION more accuracy and add IDLE DURATION

Fixed issues:

  • Intermediate certificate stripped out issue
  • Missing data in temp file when generate support package

Version 4.10.0

Enhancement and new features:

  • Database Defragmentation and Optimization

    • When your scan database grows big, it might cause performance degradation (e.g. timeout on client requests). Now MetaDefender ICAP Server administrators can be notified on the UI (also warning logs), and you are supported to perform database defragmentation and optimization including multiple stages to vacuum and defrag your database without loss of actual scan data.
    • As a result, your database file size could be reduced which helps boost processing performance tremendously over usage time.

  • New search UI and Improved search performance on MetaDefender ICAP processing history page.

Version 4.9.0

Enhancement and new features:

  • Local scan support
  • Upgrading MetaDefender ICAP on Windows (Wizard UI)

Fixed issues:

  • MetaDefender ICAP service failed with IP version 6 interface disabled
  • UI issue when OPSWAT Central Management denied the access

Version 4.8.1

Enhancement and new features:

  • Nginx web server component upgrade
  • IPv6 supported for OPSWAT Central Management v7 integration

Fixed issues:

  • Error while configuring MetaDefender Core server profile
  • Upgrade ICAP server failed with ICAPS setting missing
  • The sanitized data could not be sent back to ICAP client
  • Bad request occurred with > 4GB file streaming with Dell EMC Isilon OneFS integration
  • CONTINUE status is not changed with big file size processing on Windows

Version 4.8.0

Enhancement and new features:

  • FILEMOD method support
  • Nginx log rotation option
  • Out-of-box ICAP over TLS
  • TLS configuration on the UI

Version 4.7.6

Enhancement and new features:

  • Configurable forced ISTag update frequency

Version 4.7.5

Enhancement and new features:

  • Improved handling of encoded filenames

Version 4.7.4

Enhancement and new features:

  • Verbose logging of processing events
  • Tuning for better file upload support

Version 4.7.3

Enhancement and new features:

  • Export ICAP History to CSV
  • Placeholder for first violation

Fixed issues:

  • Multi-part requests blocked
  • Server profile details hidden

Version 4.7.2

Fixed issues:

  • Upgrade failure in version 4.7.1

Version 4.7.1

Enhancement and new features:

  • Support for product sets and groups in Central Management

Version 4.7.0

Enhancement and new features:

  • ICAP Server data trickling

Fixed issues:

  • Config wizard loading for ever

Version 4.6.1

Fixed issues:

  • There were some broken links in the user guide page F5 BIG IP SSL configuration
  • Product schema is invalid error when adding ICAP Server to Central Management

Version 4.6.0

Enhancement and new features:

  • Permissive parsing to accept space in header names
  • Support additional placeholder tokens in the block page
  • Rules to support filtering by the ICAP client (proxy)

Version 4.5.0

Enhancement and new features:

  • Added support for ICAP preview functionality
  • Permissive parsing now accepts HTTP requests/responses without HTTP version
  • Syslog messages can be configured to use the server's local timezone
  • Added an option to enforce an enhanced password policy to local user directories
  • Number of all and displayed requests are shown in the ICAP history
  • Improved history loading and service starting time

Fixed issues:

  • Content-Length header was missing from blocked responses
  • Fixed some minor issues on the default block page

Version 4.4.0

Enhancement and new features:

  • Added additional pages to wizard for easier setup of the product
  • Added a more advanced filtering to the history pages next to the basic search
  • Welcome wizard now allows creating user with the name "admin"
  • Added a bypass option for general Core errors
  • Added an option for requests with not supported encoding or decoding error to be scanned as it is

Fixed issues:

  • Decreased severity of " An error occurred during writing response" log message from warning to debug
  • Security rules could disappear after service restart if a server profile was deleted which was used in an already deleted security rule
  • Updated texts and URLs in the default block page's footnote

Version 4.3.1

Fixed issues:

  • Improved temporary directory creation as it could fail on Windows when there were 256 directories present at the same time

Version 4.3.0

Important features:

  • Introduced welcome wizard
  • Batch scanning functionality of MetaDefender Core is used when handling multipart requests

Enhancement and new features:

  • Added wildcard (globbing) support for Host and Client IP matching in Security rules
  • Added support for Layer 7 load balanced Core
  • Added an option for skipping scanning parts in a multipart request where the Content-Disposition header does not contain a filename parameter

Fixed issues:

  • Windows event log source was changed to "Metadefender ICAP Server" from the incorrect "Metadefender ICAP"
  • Support package didn't remove every temporary file when cleaning up

Version 4.2.3

Fixed issues:

  • Results were missing from the ICAP history

Version 4.2.2

New features:

  • Parallelized processing of multipart requests

Fixed issues:

  • Central Management connectivity fix

Version 4.2.1

New features:

  • Re-interpreted, fresh look and feel
  • Central Management connectivity

Version 4.2.0

New features:

  • Support deflate encoding / compression
  • Configurable timeout for request scans
  • Do not send oversized requests to Core
  • Display IPs that are counted for license
  • Search for keywords in ICAP history URIs
  • Display blocked requests on the chart

Fixed issues:

  • Read-only users can't view inventory

Version 4.1.1

Fixed issues:

  • Option to capture traffic of bad requests
  • Option to use more permissive parsing

Version 4.1.0

New features:

  • Core load balancing and high availability
  • Option to override blocking oversized files
  • Detailed error messages in block page
  • Detailed error messages in ICAP history

Version 4.0.3

Fixed issues:

  • License option for unlimited number of clients

Version 4.0.2

Fixed issues:

  • Blocking page is not configurable

Version 4.0.1

Fixed issues:

  • Upgrade clears all data

Version 4.0.0

New features:

  • Standalone product offering
  • Support for multiple Linux distributions
  • Web based user interface for management, configuration and monitoring
  • Role based user management with multiple admin users and Active Directory integration
  • Multiple ICAP security policies with filters and advanced scan configuration
  • Different policy filter settings based on source client, destination host, or any other header
  • Multi-part (MIME) sanitization
  • Support for base64, brotli and gzip encoding
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Ometascan NGINX module Release Notes
On This Page
Archived Release NotesVersion 5.8.0Version 5.7.0Version 5.6.0Version 5.5.1Version 5.5.0Version 5.4.0Version 5.3.0Version 5.2.1Version 5.2.0Version 5.1.1Version 5.1.0Version 5.0.0Version 4.12.2Version 4.12.1Version 4.12.0Version 4.11.1Version 4.11.0Version 4.10.1Version 4.10.0Version 4.9.0Version 4.8.1Version 4.8.0Version 4.7.6Version 4.7.5Version 4.7.4Version 4.7.3Version 4.7.2Version 4.7.1Version 4.7.0Version 4.6.1Version 4.6.0Version 4.5.0Version 4.4.0Version 4.3.1Version 4.3.0Version 4.2.3Version 4.2.2Version 4.2.1Version 4.2.0Version 4.1.1Version 4.1.0Version 4.0.3Version 4.0.2Version 4.0.1Version 4.0.0