Libraesva ESG v5.0: Release Notes

Libraesva ESG

Version 5.0.26 (Oct 17, 2022)

Security

  • Improves RBL detection sub-domains below 3rd level
  • Quicksand: improves www-links detection in PDF
  • Update bitdefender license

Bug fixes

  • Oulook add-in: remove reference to a deprecated API call

Changes in v5.0.25 (Sep 05, 2022)

Improvement

  • Add forward compatibility for Clamd configuration of ESG > 5.1
  • System upgrades: show estimate time in advance and use animated progress bars when upgrade is active

Bug fixes

  • Whitelist: fix javascript validation in some complex situation
  • Export no longer generate errors if executed by read-only or quarantine admins

Changes in v5.0.24 (Aug 08, 2022)

Security

  • ClamAV: upgrade to version 0.103.7

Bug fixes

  • Mail Logs Real-Time View: stop real-time view on logout to avoid DoS
  • System Upgrade: fixed prefetch of all packages before upgrade
  • Increased timeout for quarantine report generation
  • Associate delivery to the most recent MTA message id, to avoid issues on high-traffic instances
  • Automatically apply and reload Mail Scanner configuration when changing Mail Intercept configuration and Attachment Filters
  • ESG 4.x migration: reset cache after Adaptive Truste Engine import
  • DKIM Signing: fixed generation of DKIM keys

Changes in v5.0.23 (Jul 20, 2022)

Security

  • URLSand: handle URI with a protocol name containing special chars

Improvements

  • Show a custom "410 gone" page for all quarantine action URL no longer available on ESG 5.x
  • File replication: send email notification also when SSH connection repeatedly timeouts
  • TLS certificates: show expiration date of active certificates

Bug fixes

  • Mail log: strip invalid UTF-8 character from security report and spam report
  • Web UI: fixed removal of Passwordless Authorized Devices
  • make sure graymail plugin is restarted on database reload
  • Quarantine settings: immediately apply per domain customization of language
  • Local RBL: make sure statistics are updated only on primary node
  • ESG 4.x migration: reset file permissions after quarantine import
  • Domain admin: allow domain names up to 256 character
  • Backup/Restore: avoid errors if quarantine files changes during a hot backup
  • Prevent creation of new domain admin password (see upgrade to version 5.1)
  • Update documentation of Whitelist and Blacklist import

Changes in v5.0.22 (Jul 05, 2022)

Security

  • Defend against file extension evasion techniques targeting Windows machines

Improvements

  • Backup Tools: add User Messages to “configuration” backup

Bug fixes

  • Properly enable all the service after licence upload if the previous was expired
  • Import 4.9: apply dkim configuration after import
  • Content Filtering Rules: correctly apply modifier for “regex” filter expression
  • Search: fixed “not equel” operator on “Delivery status” field
  • Threat Remediation: permit multiple connector on the same domain with Zimbra mail server
  • Backup Tool: fixed restore of manually-uploaded certificates
  • Valid Recipient: properly check duplicate during text import

Changes in v5.0.21 (Jun 15, 2022)

Security

  • Update kernel to release 5.4

Improvements

  • Cluster: improved auto-recovery procedure for updates on message tables
  • Cluster: added popup to better explain Hard Reset behaviour
  • Quarantine Digest: speed up digest email retrieval
  • User Management: show Quarantine Action in user details popup

Bug fixes

  • Always use MTA configured double-bounce address for Dynamic Verification test
  • Quarantine Test: show all address and domain owned by the User
  • Quarantine Digest: always generate the report for all hours, even if the previous job is not completed
  • Quarantine Digest: skip users with invalid data
  • LDAP Import: honor user configuration for quarantine recipient (regression in 5.0)

Changes in v5.0.20 (May 23, 2022)

Security

  • Update operative system to upstream RHEL version 8.6

Improvements

  • Automatically reboot appliance after Time Zone changes
  • Adaptive Trust Engine: improved speed of Trust score algorithm
  • Sort domains alphabetically in the drop-down selections

Bug fixes

  • Fixed Delete action from View Body page
  • Email Continuity: fixed reply action
  • SMTP Auth SASL: removed un-supported CRAM-MD5 mechanism
  • Quarantine Retetion: restore cleanup of Database data according to its retention
  • Message Details: limit ATE graph history to database retention
  • Properly identification of First Time Sender for messages with multiple headers X-Envelope-From
  • Google Workspace: fixed login when user doesn’t exist yet

Changes in v5.0.19 (May 09, 2022)

Security

  • Quicksand: identify suspicious action write+execute without autoexec
  • SAVAPI: upgrade to version 4.15.7
  • ClamAV: upgrade to version 0.103.6

Improvements

  • MailScanner Engine: preload license options on batch start to reduce overhead
  • Reordered and randomized scheduled tasks to distribute and avoid spike of resource usage
  • License Count: cleanup BATV from accounted addresses

Bug fixes

  • Whaling: fix identification of whales for related (alias) domains
  • Backup Download: Increased timeout for very large backups
  • ESG4 migration: keep domain admin without credentials but quarantine report enabled
  • Per Domain Mailbox Use: fix domain license count
  • Quarantine Disk: fixed cleanup of duplicated data
  • Cluster Setup: prevent error on scheduled task start
  • Graymail: ignore messages without from header
  • Network Setting: allow DNS change on cloud appliance
  • Spam Engine: reduce cache timeout of result for messages with the same hash
  • Address Rewriting: properly save “Rewrite Header” options

Changes in v5.0.18 (Apr 19, 2022)

Improvements

  • Web UI: faster visualization of navigation tabs
  • Skip whaling check when scan mode is “virus only”
  • Message details: add warning for failed SPF beside whitelist result label
  • Relay: don’t use pop-ups to notify saved changes

Bug fixes

  • User Messages: preserve active tab when changing language or domain
  • URLSand: always executes HTML analysis, even when preliminary tests have found no A-tags
  • First setup: remove special chars from generated company short name

Changes in v5.0.17 (Apr 11, 2022)

Improvements

  • System memory: improve speed by avoiding swap area as far as possible
  • System upgrade: add user-friendly message when uploading invalid upgrade file
  • Web UI: enable sorting in Valid Recipients List, Whitelist, Blacklist, User Manager and Whaling.

Bug fixes

  • G Suite integration: continue import in case one or more user failed to import
  • M365 Authentication: add openid scope
  • Saved Search: restore delete funcionality
  • Whilist/Blacklist: display invalid email errors
  • TLS certificates: avoid permission error when generating CSR certificate
  • Cluster: disable job replicator on destroy
  • Quarantine digest: hide “send” button when there are no messages to notify via email
  • Database logger: prevent automatic stop during log rotation

Changes in v5.0.16 (Mar 29, 2022)

Improvements

  • add “System Upgrade” page to allow manual upgrade to next releases
  • improved message in error pages (e.g. 403)
  • improved message logging from ESG application

Bug fixes

  • Antispam settings: correctly show as customized domain
  • correctly log graylisted email when only some of multiple recipients cause the delay
  • fix missing logo when not using the default one
  • remote syslog: fix a duplicated configuration on apply
  • Restore description of SPF exceptions in the Web UI
  • fix TLS certificate file removal
  • FTP backup: remove double appliance name prefix from admin notices
  • licensing: allow setting aliases to username without explicit domain
  • ESG4 migration: avoid connection timeout when migrating huge appliances
  • ESG4 migration: restore letsencrypt renewal files from previous version if missing

Changes in v5.0.15 (Mar 14, 2022)

Security

  • protect backups from un-authorized access
  • add DNS lookup to esvalabs when IP is blacklisted for DoS attempt

Improvements

  • upgrade parser of PDF documents
  • Upgrade Letsencrypt certbot
  • Dashboard: cleaner cluster status box in dashboard
  • Halves memory usage of web server scripts
  • Graylist plugin: add inline documentation
  • IspMonitorController: up to 6x faster requests to remote server (also prevents timeouts)
  • ESG4 migration: reduce memory usage for xlarge appliances

Bug fix

  • Smarthost: use most specific configuration when mixing domain based smarthost and default smarthost
  • User text import: replace variable HOST URL with value configured in quarantine report
  • Quicksand: fix disarming of external resources in office documents
  • Policy quota: prevent duplicate names in webui
  • Logs rotation: use signals to restart database email writer daemon
  • Upgrade from ESG 4.8: fix a version conflict which may block the upgrade

Changes in v5.0.14 (Mar 07, 2022)

Features

  • Country Policies: configurable policies to allow/block web interface access from specific countries (see also Geo-Blocking)

Improvements

  • Backup/Restore: increase timeouts to accommodate huge backups
  • Valid recipient import: reword web interface to improve UX
  • SNMPd: inline help for available custom OID
  • Details: show quicksand result even when running in dry-run mode
  • LetsEncrypt: update certbot

Bug fix

  • Cluster file replica: removed a memory leak (may free up to 1GB RAM)
  • Details: show “not analyzed” status of quicksand and URLSand
  • Shutdown sequence: ensure all logging is stopped before storage unmount
  • Log to database email delivered via internal relay service (i.e. fix messages left in active state in the UI)
  • Improve UI when changing option “block email on attachment removed”
  • Viewmail: properly identify attachments filenames if defined in MIME Entity headers
  • Threat Remediation: always try the recall for all recipients, and log failure tentative
  • Disabled password-less login when domain authentication is configured to “No Access”
  • Message Detail: fixed report parsing for Deutsche language
  • Use native select in popup to show more field validation errors
  • SNMPd: prevent usage of reserved community name “public”
  • Release request: better feedback on MTA transport errors
  • Relay test: change user feedback on invalid email
  • Logwatch: remove some noisy unmatching logs

Changes in v5.0.13 (Feb 22, 2022)

Security

  • ClamAV: upgrade to version 0.103.5 LTS
  • Block aggressive bulk email even when Graymail plugin is disabled
  • (notice: unaffected to PwnKit security issue)

Improvements

  • Asynchronous system upgrade, which can now be easily and safely called from web-ui and system cron jobs
  • Asynchronous application of MTA settings to improve service stability and reliability
  • Periodical cleanup of unusual values in message score normalization
  • Increase “unusual correspondent” interval from 12h to 24h
  • Spam rule report: add column “Determined Spam %” to highlight the most influent rules
  • Add more logging to digest report generator to give more feedback on support tickets
  • Search: allow the user to search bounce messages and add more validation for email addresses
  • Local RBL: add engine documentation on the web UI
  • Mail Encryption reply: allow bigger reply messsage (up to 100M)
  • License usage: show mailbox count variation to MSP
  • ESG4 migration: import user customized MTA settings
  • User text import: improved quarantine report options
  • Search: results are displayed by “received date” instead of “analyzed on”
  • Reports: when displaying license usage count, consider all licensing model options
  • Search modal: improved UI, with autofocus and button reordered
  • Message details: add column “user / machine learning” to antispam report
  • Data Loss Prevention: cleanup UI and show report in a modal
  • First install: when network is available, wait for a full upgrade before starting webserver
  • Increase logging of verbosity for system jobs
  • HTTPd: increase server timeout for long running searches
  • HTTPd: reduce server authorization by moving to backend job sensible tasks
  • ESG4 migration: improve user feedback while importing data

Bug fixes

  • Dashboard: adjust count of delivered messages in mail flow
  • Log rejected messages due to MTA configuration errors
  • Log rejected messages to multiple recipients due to message size limit
  • Implemented edit feature in wildcard TLS certificates
  • Bulk release: make sure sent email are limited to addresses owned by the logged in user
  • URLSand rewrite: handle & character correctly in HTML text parts
  • Avoid email notification on slow storage when doing log rotation
  • License count: when deleting license avoid removal of quarantined messages
  • FTP backup: auto-delete backup after upload (either on success or failure)
  • Reboot: avoid multiple reboot when some error are generated by the shutdown process
  • Outlook addin: generate a unique ID per appliance, to avoid issue on hardware migration
  • Data loss prevention: schedule engine reload after “apply” action
  • Mail Encryption: show authentication problem on login
  • Backup restore: converted to a system service to avoid restore issues
  • LDAP: fix user/email address DN selection and properly display authentication errors
  • Summary Report: restore total percentages
  • Message datails: add all missing rules descriptions
  • Remember login target path when authenticating via M365 or G Suite
  • Quarantine: mark messages as “not available” when cleaning storage files
  • Search: prevent timeout when displaying multiple email with many recipients
  • Increase timeout for User import
  • Message Details ATE: ignore bounce messages
  • ESG4 migration: fix quarantine domain admin permission
  • ESG4 migration: avoid timeout on configuration import
  • ESG4 migration: cleanup duplicate whitelist and blacklist on import
  • ESG4 migration: import greylist database from ESG 4.x

Changes in v5.0.12 (Jan 10, 2022)

Security

  • Bitdefender server: update to version 3.0
  • Avira SAVAPI: update to version 4.15
  • ESG Bitdefender integration: drops high-privileges while scanning
  • ESG Savapi integration: drops high-privileges while scanning
  • Quicksand: increase the Office Document scan limits to intercept more threats

Improvements

  • ESG Bitdefender integration: nearly halves RAM usage during scanning
  • ESG Savapi integration: nearly halves RAM usage during scanning
  • Install license: replicate license installation in cluster setup

Bug fixes

  • MailIntercept: do not monitor for messages received from localhost
  • System preferences: fix a UI issue when using three-level timezones (e.g. America/North_Dakota/Center)
  • Report: add UI feedback when using “Per Domain Mailbox Use” with date ranges
  • System preferences: fix audit message for timezone changes
  • Social graph: fix a server error when searching by empty email address
  • Graymail: prevent duplicate record creation
  • PDF Report: display correct datetime interval
  • Custom spam policy: avoid errors when adding an policy with empty description
  • ESG4 migration: copy LetsEncrypt account information to authorize automatic renewal

Changes in v5.0.11 (Dec 28, 2021)

Security

  • Message detail page: stricter validation of message ownership of logged user
  • ClamAV SaneSecurity: changed enabled databases based on Libraesva security review
  • Passwordless: double check server-side secret on token verification
  • Disable httpd lua module (CVE-2021-44790)

Improvements

  • ISP Instance Monitor: integrate with ESG4 appliance and use faster queue length evaluation
  • Scheduled report: new email template with whitelabelling and explicit report type in subject
  • Release request: new email template with direct detail page link
  • User messages: allow signatures bigger than 64k
  • Message details: show delivery information of messages imported from ESG4
  • Add audit log in Account takeover protection
  • Disk expansion: warn about possible expansions left
  • ClamAV monitor: wait more time when doing service availability tests
  • Whitelabelling: remove Libraesva signatures from email notifications
  • Hypervisor Console: add “pause incoming mail” command as in web ui
  • WebUI: better vertical alignment of all forms

Bug fixes

  • Quarantine actions: avoid redirect to login when session is expired and passwordless cookie is available
  • Quarantine actions: quarantine administrators always have action “release” instead of “ask to release”
  • Dashboard: last messages honor the global settings, instead of using a fixed 20 results limit
  • Disk expansion: minimal increase is set to 1GB (to avoid almost null expansions)
  • LDAP: enable pagination only when server announce it in the banner
  • User text import: restore notification email, and document quarantine address selection
  • History import from ESG4: enable import of deliveries logs
  • Reports: evaluate all saved search filters on “per domain email usage” report
  • LetsEncrypt: when server verification fails due to network issues, do not retry validation on remote server
  • SocialGraph: show proper UI feedback when searching by empty email
  • Deferred message: show full deferred status as reported by the MTA

Changes in v5.0.10 (Dec 15, 2021)

Security

  • QuickSand: handle PDF files with random file preamble or filename containing “..”
  • SNMP: disable basic information access when SNMPd is enabled for one IP
  • Adaptive Trust Engine: fully handle UTF-8 to better identify first time senders

Improvements

  • Add UI feedback on Threat Remediation recall actions
  • LDAP: allow anonymous access to external sets when bind user is left empty
  • Integration: performance speedup (up to 10x)
  • UI: show delivery status as bounce when there’s at least one recipient with bounce
  • Quarantine Actions: show user-friendly 410 gone page for old quarantine link actions
  • CRM114: improve learning routine, and avoid useless “forget” actions
  • Enable Threat Analysis Portal registration (license dependent)

Bug fixes

  • Restore release permission for “Quarantine” Admin/Domain Admin
  • Mail Encryption portal: allow loading of images on reply
  • Replicate Bayes learn action in cluster environment
  • prevent cluster setup failure when letsencrypt directory is missing
  • Message details: delivery path interpolate hop without Geo-localization
  • Integration: avoid duplication errors when valid recipients are found on multiple sources
  • LDAP import: always set a page size when supported by remote server to avoid server import limiting results transparently
  • LDAP synchronization: correct loading email and users from Domino servers
  • LDAP on domino: properly filter email addresses based on domain
  • Avoid a configuration errors on engine which caused messages to became marked as other infected
  • Fix a race condition which caused some message to be left in “active” delivery status
  • Permission check against bounce messages for domain admin no longer generate UI errors
  • WebUI: align graphics for all modal

Changes in v5.0.9 (Dec 1, 2021)

Security

  • Adaptive Trust Engine: increase accuracy by normalizing header from
  • Quarantine action: restrict permissions on forwading

Improvements

  • ClamAV: halves RAM usage during signature reload
  • Quarantine action: properly blacklist from header when available
  • Quarantine action: improve feedback on release
  • LDAPS: allow using self-signed certificates on remote host
  • Integration: separate import of users and valid recipients for G Suite, Microsoft365 and LDAP, to better compute licensed mailbox
  • Message detail: add audit logging as in ESG 4
  • Wizard: add validation when using IP address instead of hostname
  • Bitdefender: use proper brand spelling

Bug fixes

  • Encryption: resolve issues with multipart/signed and multipart/encrypted MIME which caused some email to become plain/text
  • Quarantine action: add modal for “ask to release” when viewing email
  • URLSand: fix licensing hash on link generation
  • Database mail logger: avoid issues when importing reports with size above 4 kilobytes
  • Graymail: fix a database permission error which prevented newsletter identification
  • Backup: change audit log messages
  • Antispam engine: resolve accuracy issue when interpreting rare UTF-8 character (i.e. high level pages)
  • System Preferences: use system administrator email for system email (i.e. sent to root)
  • Threat Remediation: avoid failing when no mailbox was found
  • Relay domain: fix an error when enabling dynamic verification

Changes in v5.0.8 (Nov 18, 2021)

Security

  • update operative system to upstream RHEL version 8.5
  • reduce session TTL on server-side

Improvements

  • WebUI: spinners icons review
  • scanning engine maximum message size is kept in sync with MTA max message size
  • re-enable email encryption portal (license needed)
  • graceful reload of HTTPd configurations
  • email samples are sent to esvalabs.com to improve deliverability
  • faster mail queues length calculation on dashboard

Bug fixes

  • avoid CPU high utilization when reading messages in active queue
  • avoid memory exausted when generating Spam rules hit reports on large dataset
  • add backward compatibility with encrypted links generated by ESG 4.x
  • mail queue logger can handle remote server messages up to 8192 chars

Changes in v5.0.7 (Nov 02, 2021)

Improvements

  • Syslog: configuration isn’t replicated in cluster setup
  • Microsoft365/GSuite: faster import of users (at least 2x)
  • Allow readonly access to relay and user page when the license is expired
  • Whitelabelling: rollback to previous theme, should the generation fail
  • Allow cluster destroy should the license expires

Bug fixes

  • IMAP/POP3: prevent a 500 error on user login
  • Import 4.9: cleanup old configuration to avoid clamav engine failures
  • Whitelabelling: don’t reset theme on updates
  • Release requests: allow empty notification email
  • Release requests: remove loading browsere popup on successful release
  • Digest Report: fix selection of options in bulk actions
  • User preference: read default values for new user when creating on login
  • Email continuity: use new security policy system to validate user from addresses
  • ATE: prevent errors when from header is not set in a message

Changes in v5.0.6 (Nov 09, 2021)

Security

  • Hardened configuration for SSH daemon

Improvements

  • Chrony: if the offset is above 30 minutes, just set the current time
  • Check for update after network first configuration
  • Cluster: better status monitor for file replica
  • automatically reload mail scanner engine after configuration changes
  • added confirm modal for shutdown/reboot/suspend cluster actions

Bugfix

  • First run: wait for database initialization before scheduling reboot
  • Console: reset fallback address in issue file on first boot
  • restore release requests functionality
  • cluster setup: fixed file synchronization of TLS keys
  • compile smtp check override after migration from 4.9
  • When creating users inherit all configured default
  • Fix signature saving error on some configuration
  • Fix widget for color selection in system preferences
  • Restored SNMP OID for SMTP traffic
  • Remove errors on whitelist and blacklist insertions for users with multiple addresses in recipients
  • Remove errors on whitelist and blacklist insertions for safe-learn users
  • LDAP set of type other are correctly identified as such
  • prevent a page error when decrypting links generated by ESG 4.9

Changes in v5.0.5 (Oct 19, 2021)

Main Features

  • New modern web interface, with dynamic responsive dashboard and highly detailed scan result report
  • Message classification through new message badges: phishing, bulk, spoofing, BEC, malicious, etc…
  • Adaptive trust engine improvements: UI representation of historic data, improved AI
  • Advanced analysis result with Risk Confidence and Spam Confidence indicators
  • Unified Advanced search, a single place to search rejected and accepted messages
  • New Reports that can also be exported as PDF
  • Unified TLS management, allows certificate validation, rapid renewal and service assignment from a single page
  • LDAP sets can be managed in groups, to allow flexibility when merging user information from different tenants

Security

  • Abuser lockout: implement incremental lockout for recidive abuser
  • Adaptive Trust Engine: support BATV address and domain with more than 4 levels
  • Adaptive Trust Engine: separated history age for different relays
  • DKIM key: upgrade to 2048 bit
  • DNS: prevent DoS on SERVFAIL by adding a short term cache
  • Webapp: force HTTPS with TLS > 1.2
  • Mail transport agent: disable TLS 1.0 and 1.1 on strict/medium TLS mode
  • RBL: don’t disclose RBL name on rejection
  • User Manager: all domain admins are now multi domain admins (no longer restrict the username format)
  • User Manager: increase password security for Users, by using high-end caching algorithm for user passwords.

Improvements

  • AntiSpam settings: defaults for new users are explicitly configured and no longer inherited from the domain admin’s configurations
  • Appliance Sizing: automatic configuration of all resource-intensive services
  • Backup and Restore: new data importer from ESG 4
  • Backup and Restore: FTP backup supports TLS
  • Branding: new Libraesva logo and hypervisor themes
  • Cluster Setup: simplified setup wizard
  • Cluster: simplified monitoring and recovery UI
  • Console: add full ANSI-color support to hypervisor console
  • Console: interactive console with dynamic data
  • Crash auto-recovery: auto-repair services for most disk crash situation
  • DKIM: disabled signature for empty envelope from
  • Dashboard Threat Map: high level threat distribution like phishing, spoofing and whaling
  • Details page: quick summary for rejected email
  • Details page: threat or indicators identified by the internal engines
  • Disk expansion: support for 60 disk expansions
  • Licensing: new licensing system
  • MailIntercept: new dedicated configuration page
  • Machine Learning: new page with statistical records of CRM114 machine learning engine
  • Machine Learning: new page with statistical records of Bayes machine learning engine
  • Message Actions: all actions can be executed from all message views
  • Message details: add DSN and description to all SMTP reject listing, to distinguish temporary from permanent failures
  • Message details: new analytical representation of email path
  • Message details: new delivery status badges, which includes all statuses (e.g. recalled, released, …)
  • NTP: system clock synchronizations is always enabled and synchronized
  • Network: refactored network management with multiple interface and route configurations
  • Phishing Highlight: removed some options which are now managed directly by the ESG security team
  • Quarantine list: show scan results and delivery status
  • Quarantine settings: explicit configuration of default settings for new users (no longer inherit domain admin configuration)
  • Reboot/Shutdown: prompt feedback of the progress of the reboot
  • SASL: automatic realm initialization and asynchronous configuration
  • Sandboxes: URLSand and Quicksand configurations are on distinct pages
  • Scan result: Dictionary and DNSBL reporting has been improved
  • Scan result: new “Archive Encrypted” scan result
  • Scan result: new “QuickSand URI Disarmed” scan result
  • Scan result: “OFF” messages (not scanned because of exception rules) are displayed in message lists
  • Search page: searches with advanced filters can be saved to be used with report pages
  • Search page: can now search also among rejected messages
  • Social graph: refined interface and interactions
  • System preferences: increased the default value of records displayed in message lists
  • System preferences: new color palettes and new color picker
  • System resource: new dedicated page, with detailed resource statistics
  • TLS Certificates: TLS certificate can be shared in a cluster setup
  • White-labelling: logo automatic scaling from many raster formats
  • Wizard: brand new first-run wizard, with configuration loader from ESG 4.9

VM hardware improvements

  • Use EFI in all hypervisors which support it
  • Add Secure boot and security options in VMware 6.7+
  • Add IOMMU in VMware 6.7+
  • Use GPT partitioning which allows up to 60 disk expansions
  • Support for in-place operating system migration
  • Fully automated build-chain for many target hypervisors. Supported vSphere 6.0-6.5,
    vSphere 6.7+, Proxmox KVM, Hyper-V, Xen

Bug fixes

  • User Manager: Read-Only administrator can modify their own profile
  • Mail transport agent: default email max size lowered to 25 MB, to avoid delivery issues to M365 and GSuite
  • Licensing: atomically switch license without services restart

Breaking Changes

  • License file: license file for ESG 4.x isn’t valid on ESG 5.x. You should have received the updated license from your channel, if you haven’t please contact us.
  • Scheduled reports: not migrated from ESG 4.9, must be recreated manually
  • Quarantine link: links generated from ESG 4.9 are no longer valid. Messages can be released from WebUI after migration process for history and quarantine is completed.
  • Legacy end-user API (URL /esva-api/myemail.php) (new user API for mobile applications to be used instead. URL: /api/v1)
  • Administrative API (URL /esva-api/) for system configuration (available from ESG 5.1. URL: /api/v2)
  • Distributed setup: not available, will be released in a future release.