Libraesva ESG v5.5: Release Notes

Libraesva ESG

Main features of version 5.5

  • Semantic AI engine: A new local Small Language Model (SLM)-based engine that classifies emails
    by meaning, not just structure. This enhances detection of sophisticated, well-written phishing
    or social engineering emails, even when traditional red flags are absent.
  • Enhanced message scan indicators: message indicators now include both positive and negative
    signals and are integrated with the new "AI classifier engine" enabling more accurate and
    insightful threat assessments-making and response speed.
  • API configuration for domain admins: Domain-level settings can now be managed directly via API,
    allowing greater automation and remote management for MSPs or multi-domain environments.
  • AI dashboard widget: A new interactive widget displays real-time AI-driven threat classification
    activity, including drill-down views that help visualize detection trends and model classification
  • Custom semantic categories: Each domain can now define up to eight context-aware threat categories.
    This allows admins to tailor the classification system to business-specific risks (e.g. invoice
    fraud) for sharper alerting and reporting.

Version 5.5.5 (Jul 22, 2025)

Features

  • Cofense: automatically recall messages reported via triage
  • Dashboard: new dashboard widgets "User Actions," "Most targeted recipients" and "Appliance status"
  • Integration: added “SIEM HTTP event forwarder” for message journaling to SIEM
  • Report: new report type "Most Targeted Recipients"

Improvements

  • Dashboard: increase "top X" widgets to 25 entries
  • Dashboard: incoming queue widget "warning" level is now dependent from the appliance sizing
  • Message details: highlight messages that are learned as good/bad due to user feedback
  • Message results: added new result “Recipient Verification Deferred” to highlight verification servers temporary issues
  • Syslog: added support for RFC5242 format
  • Syslog: added support for static token that can be used by a SIEM to identify messages from ESG
  • Threat Analysis Portal: improved portal access and the registration procedure
  • TLS check: improved notification of invalid and expired certificates

Bug fixes

  • Integration: fixed many texts in advanced logging
  • Menu: changed "Account Takeover Protection" menu labels
  • Message listing: fixed UI for message result "invalid sender (DNS)"
  • Policy quota: fixed reliability of notifications and added a 1-hour rate-limit for each tracker
  • Reports: show “bounce message” in table results
  • Search: properly show the "view body" button for user roles
  • Syslog: added more validation constraints to avoid issues when configuring TCP+TLS

API

  • OpenAPI:: implemented deprecations for v2 in OpenAPI documentation

Version 5.5.4 (Jul 7, 2025)

Improvements

  • Attachment filter: preserve inlined HTML in attached forwarded email when a “HTML deny” rule exists
  • DLP: renamed all occurrence of MCP/Message Content Protection with DLP/Data Loss Prevention
  • Integration: validation issues for users, groups or email are shown when executing web tests
  • Job status: adaptive UI refresh, which reduces the HTTPs server loads and lets the session expire
  • Message details: improved “view full DLP report” modal
  • Message details: track attachments from attached forwarded email
  • User management: allow admins to bind primary address as secondary addresses of other users
  • Search: added “Marked as Good” and “Marked as Bad” conditions
  • Social graph: improved visualization of detailed information

Bug fixes

  • AI Classifier: increased timeout for long-running analysis
  • Dashboard: fixed reject count in “totals”/”cluster status” widget
  • Google Workspace: fixed the import of the first user email where is not the primary address
  • LDAP: fixed the import of the first user email where is not the primary address
  • Microsoft 365: remove the duplicated primary address shown while testing groups
  • Outlook add-in: notify the user when Two-Factor Authentication (OTP) is required
  • Reports: fixed alignment and width of graph in generated PDF
  • Social graph: fixed ATE score visualization

API

  • ADD: added dlp/highDlp/dlpDictionary/dlpWelcomelisted/dlpBlocklisted/dlpScore/dlpReport properties to GET /message
  • FIXED: avoid access denied error on /valid-recipient for administrator roles
  • DEPRECATED: properties mcp/highMcp/mcpDictionary/mcpWelcomelisted/mcpBlocklisted/mcpScore/mcpReport from GET /message

Version 5.5.3 (Jun 23, 2025)

Improvements

  • Dashboard: adaptive UI refresh, which reduces the HTTPs server loads and lets the session expire
  • Dashboard: data ranges have more "last X hours" ranges and no longer allow week or month ranges
  • Dashboard: show explicit warning when the license is expired
  • Dashboard: greatly optimize the database performance of the "analyzed message", "email flow", "threat maps", "cluster status", "AI classification", "message distribution", "top sender" and "top recipient" widget
  • Licensing: show previous license information when the license is expired
  • Microsoft Azure: triggers a post-deployment storage optimization procedure after every storage expansion
  • Microsoft Azure: upgrade agent version to 2.13
  • Search: added "last 6 hours", "last 12 hours" and "last 48 hours" filters
  • Web UI: temporary disable form on submission to avoid multiple actions caused by double-clicks

Bug fixes

  • Email Continuity: fixed mail compose editor when logged in as user with role "basic user"
  • License accounting: excludes released messages from accounted deliveries
  • Message details: fixed spam confidence when spam reports contains multiple rules with the same name
  • Syslog: fixed logging to syslog of some Web-UI failed login attempt

Version 5.5.2 (Jun 12, 2025)

Security

  • Notification to sender: notifications are sent only for outgoing messages

Improvements

  • Microsoft Azure: added post-deployment storage optimization procedure
  • Microsoft 365: added “hybrid” label in test page for users that are hybrid and not fully migrated
  • Microsoft 365: fixed import of user with duplicated additional addresses
  • ESG AI: fine-tuned engine parallelism when load average is high

Bug fixes

  • File type: updated blocked audio and video label descriptions
  • Message details: show when failed DMARC results are ignored since a message is sent by trusted sender
  • Microsoft Azure: fixed firewall rule for Microsoft management IP
  • Outlook add-in: fixed release action when a reason is required
  • Search: fixed export of saved search results
  • User management: fixed user export for domain admin
  • User management: permit to “reset to default” customized user defaults

Version 5.5.1 (May, 26 2025)

Security

  • Whaling protection: ignore outgoing email from SPF validated Google Workspace tenants

Improvements

  • Microsoft 365/Google Workspace: convert local users as functional, when a Google user is converted to group
  • Microsoft 365/Google Workspace: when a local user is converted to functional (e.g, shared mailbox,
    groups), all emails assigned from previous group membership are removed

Bug fixes

  • Google Workspace: fixed creation of functional users when group emails aren't assigned as user aliases
  • Google Workspace: fixed an exception when searching by address
  • Greylisting: avoid duplicated entries for auto welcomelisted senders
  • HTTP: avoid server name canonicalization for redirect when using self-signed certificates
  • Outlook addin: fixed report as bad action
  • Quarantine digest: null users and null functional users roles are ignored when generating reports

API

  • ADD: added /network/dns-forwarder to configure DNS forwarder
  • ADD: added /network/static-host-lookup to configure Static Host Lookup
  • ADD: added /sender-dependent-relay to configure sender dependent relay

Version 5.5.0 (May 12, 2025)

Security

  • WAF: improved application firewall blocks for API access
  • URLSand: improved "base URL" disarming
  • URLSand: improve scheme parsing for HTTP/HTTPS

Improvements

  • Mailer: added "%org-name%" header to all ESG generated emails and reports
  • Mail scanner: fine tuned configuration to avoid cpu saturation
  • Message details: show multiple SPF, DKIM and DMARC authentication results with extended information
  • View mail: show CC header in the header section
  • User management: user export will include email address and domain admin permissions
  • User role: allow customization of "can view" capability for "clean" result category

Bug fixes

  • Message details: show when welcomelist are ignored due to DKIM or DMARC failures
  • Message details: don't store "cid:" links and http local anchors
  • Search: apply custom permissions for message results to custom administrator roles
  • System preferences: removed empty section "System notification" in cloud appliances
  • Rebranding: replaced "Antispam Service" with "Email Security"
  • Saved search: disambiguate duplicate names

API

  • ADD: added /machine-learning/ai-classifier to configure AI Classification engine
  • ADD: property aiClassifier to /message/{id}
  • ADD: property hostname to /integration/pop3
  • ADD: added /trusted-network to configure trusted networks
  • ADD: property headers.spfValid to GET /message/{id}
  • ADD: added headers.authenticationResults to GET /message/{id}
  • IMPROVED /message/{id}/fetch returns 410/Gone when a message is removed or has been rotated
  • IMPROVED: property headers.dkimValid in GET /message/{id} will honor alignment to sender domain
  • IMPROVED: properties headers.spfResult/headers.spfIdentity from GET /message/{id}
  • FIXED: removed POST/PATCH/PUT action on non-editable /quarantine/release-request-entry
  • FIXED: removed /graph since it's included in /report output
  • FIXED: allow /report to domain administrator and user roles
  • FIXED: filter sender/recipient in GET /restricted-sender
  • FIXED: filter sender/recipient in GET /attachment-filter/file-name-rule,
    GET /attachment-filter/file-type-rule, GET /attachment-filter/password-protected-archive-rule
    and GET /attachment-filter/scan-archive-rule
  • FIXED: avoid duplicate entries with the same domain unique property for /relay
  • DEPRECATED: properties headers.spfResult/headers.spfIdentity from GET /message/{id}

Breaking changes

There are no breaking changes in this release.

Version 5.4

All upgrades from previous versions are included. See the full release notes of Libraesva ESG version 5.4.