Archived Release Notes

Version 4.12.2

Enhancement and new features:

• Update the range input of Idle timeout and absolute session
• Add flag "notify_modified_ custom_header"

Fixed issues:

• Fixed issue of QTcpServer become unresponsive when client which are connected to it ungracefully close the socket repeatedly
• Fixed crash issue when webhook mode is used

Version 4.12.1

Enhancement and new features:

• Session timeout setting
• Custom ICAP request header

Fixed issues:

• Security vulnerability: Fixed some security vulnerabilities on the product.

Version 4.12.0

Enhancement and new features:

• Official support new OS version (CentOS: 8.x; Red Hat Enterprise Linux 8.x; Debian 10.x, 11.x; Ubuntu 18.04, 20.04)

• Password policy options for the admin UI

• Security enhancement

  • Supported TLS 1.3 for HTTPS connection
  • Enhanced HTTPS with new appended secured headers for the product management console UI: Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options.
  • Upgrade OpenSSL to 1.0.2u for potential vulnerabilities on Windows.
  • New configuration supported for toggling on certificate's name against host verification.

• Log enhancement

  • Added client IP address info to mdicapsvr.log scan entries.
  • Write to separate file feature coming with log rotation is enabled by default on Windows.

• Startup time improvement: MetaDefender ICAP Server startup is now faster even when its database size is big.

Fixed issues:

• MetaDefender ICAP Server was not working if Nginx installation folder in configured custom path start with "n" character
• MetaDefender Core API key on Core URI configuration was lost when adding MetaDefender Core during ICAP server configuration wizard.

Version 4.11.1

Enhancement and new features:

• Import/Export configurations
• UI enhancements
  • In Server Profiles, added warning message when putting a new MetaDefender Core URL address without workflow rule selected.
  • Message polished for unexpected result while adding additional MetaDefender Core server in Server Profiles

Fixed issues:

• In-use HTTPS/ICAPS certificate was removed
• Handling credentials information in log
• New user directory failed to create under certain circumstance
• UI issues fixed
  • Activating wrong license key exposed with misleading error message
  • Only applicable while browsing MetaDefender ICAP server management console in OPSWAT Central Management UI: Server profile data could not be displayed randomly

Version 4.11.0

Enhancement and new features:

• Webhook callback mode (BETA)
• Data querying and searching speed improvement
• JSON scan result response back to ICAP client
• New setting for max number of connections accepted by ICAP server
• New setting for unique URI assigned for each ICAP service (REQMOD, RESPMOD)

Version 4.10.1

Enhancement and new features:

• Upgrade nginx to version 1.20.1
• Calculate the DURATION more accuracy and add IDLE DURATION

Fixed issues:

• Intermediate certificate stripped out issue
• Missing data in temp file when generate support package

Version 4.10.0

Enhancement and new features:

• Database Defragmentation and Optimization

  • When your scan database grows big, it might cause performance degradation (e.g. timeout on client requests). Now MetaDefender ICAP Server administrators can be notified on the UI (also warning logs), and you are supported to perform database defragmentation and optimization including multiple stages to vacuum and defrag your database without loss of actual scan data.
  • As a result, your database file size could be reduced which helps boost processing performance tremendously over usage time.

• New search UI and Improved search performance on MetaDefender ICAP processing history page.

Version 4.9.0

Enhancement and new features:

• Local scan support
• Upgrading MetaDefender ICAP on Windows (Wizard UI)

Fixed issues:

• MetaDefender ICAP service failed with IP version 6 interface disabled
• UI issue when OPSWAT Central Management denied the access

Version 4.8.1

Enhancement and new features:

• Nginx web server component upgrade
• IPv6 supported for OPSWAT Central Management v7 integration

Fixed issues:

• Error while configuring MetaDefender Core server profile
• Upgrade ICAP server failed with ICAPS setting missing
• The sanitized data could not be sent back to ICAP client
• Bad request occurred with > 4GB file streaming with Dell EMC Isilon OneFS integration
• CONTINUE status is not changed with big file size processing on Windows

Version 4.8.0

Enhancement and new features:

• FILEMOD method support
• Nginx log rotation option
• Out-of-box ICAP over TLS
• TLS configuration on the UI

Version 4.7.6

Enhancement and new features:

• Configurable forced ISTag update frequency

Version 4.7.5

Enhancement and new features:

• Improved handling of encoded filenames

Version 4.7.4

Enhancement and new features:

• Verbose logging of processing events
• Tuning for better file upload support

Version 4.7.3

Enhancement and new features:

• Export ICAP History to CSV
• Placeholder for first violation

Fixed issues:

• Multi-part requests blocked
• Server profile details hidden

Version 4.7.2

Fixed issues:

• Upgrade failure in version 4.7.1

Version 4.7.1

Enhancement and new features:

• Support for product sets and groups in Central Management

Version 4.7.0

Enhancement and new features:

• ICAP Server data trickling

Fixed issues:

• Config wizard loading for ever

Version 4.6.1

Fixed issues:

• There were some broken links in the user guide page F5 BIG IP SSL configuration
• Product schema is invalid error when adding ICAP Server to Central Management

Version 4.6.0

Enhancement and new features:

• Permissive parsing to accept space in header names
• Support additional placeholder tokens in the block page
• Rules to support filtering by the ICAP client (proxy)

Version 4.5.0

Enhancement and new features:

• Added support for ICAP preview functionality
• Permissive parsing now accepts HTTP requests/responses without HTTP version
• Syslog messages can be configured to use the server's local timezone
• Added an option to enforce an enhanced password policy to local user directories
• Number of all and displayed requests are shown in the ICAP history
• Improved history loading and service starting time

Fixed issues:

• Content-Length header was missing from blocked responses
• Fixed some minor issues on the default block page

Version 4.4.0

Enhancement and new features:

• Added additional pages to wizard for easier setup of the product
• Added a more advanced filtering to the history pages next to the basic search
• Welcome wizard now allows creating user with the name "admin"
• Added a bypass option for general Core errors
• Added an option for requests with not supported encoding or decoding error to be scanned as it is

Fixed issues:

• Decreased severity of " An error occurred during writing response" log message from warning to debug
• Security rules could disappear after service restart if a server profile was deleted which was used in an already deleted security rule
• Updated texts and URLs in the default block page's footnote

Version 4.3.1

Fixed issues:

• Improved temporary directory creation as it could fail on Windows when there were 256 directories present at the same time

Version 4.3.0

Important features:

• Introduced welcome wizard
• Batch scanning functionality of MetaDefender Core is used when handling multipart requests

Enhancement and new features:

• Added wildcard (globbing) support for Host and Client IP matching in Security rules
• Added support for Layer 7 load balanced Core
• Added an option for skipping scanning parts in a multipart request where the Content-Disposition header does not contain a filename parameter

Fixed issues:

• Windows event log source was changed to "Metadefender ICAP Server" from the incorrect "Metadefender ICAP"
• Support package didn't remove every temporary file when cleaning up

Version 4.2.3

Fixed issues:

• Results were missing from the ICAP history

Version 4.2.2

New features:

• Parallelized processing of multipart requests

Fixed issues:

• Central Management connectivity fix

Version 4.2.1

New features:

• Re-interpreted, fresh look and feel
• Central Management connectivity

Version 4.2.0

New features:

• Support deflate encoding / compression
• Configurable timeout for request scans
• Do not send oversized requests to Core
• Display IPs that are counted for license
• Search for keywords in ICAP history URIs
• Display blocked requests on the chart

Fixed issues:

• Read-only users can't view inventory

Version 4.1.1

Fixed issues:

• Option to capture traffic of bad requests
• Option to use more permissive parsing

Version 4.1.0

New features:

• Core load balancing and high availability
• Option to override blocking oversized files
• Detailed error messages in block page
• Detailed error messages in ICAP history

Version 4.0.3

Fixed issues:

• License option for unlimited number of clients

Version 4.0.2

Fixed issues:

• Blocking page is not configurable

Version 4.0.1

Fixed issues:

• Upgrade clears all data

Version 4.0.0

New features:

• Standalone product offering
• Support for multiple Linux distributions
• Web based user interface for management, configuration and monitoring
• Role based user management with multiple admin users and Active Directory integration
• Multiple ICAP security policies with filters and advanced scan configuration
• Different policy filter settings based on source client, destination host, or any other header
• Multi-part (MIME) sanitization
• Support for base64, brotli and gzip encoding