Table of Contents
Main features of version 5.5
- Semantic AI engine: A new local Small Language Model (SLM)-based engine that classifies emails
by meaning, not just structure. This enhances detection of sophisticated, well-written phishing
or social engineering emails, even when traditional red flags are absent. - Enhanced message scan indicators: message indicators now include both positive and negative
signals and are integrated with the new "AI classifier engine" enabling more accurate and
insightful threat assessments-making and response speed. - API configuration for domain admins: Domain-level settings can now be managed directly via API,
allowing greater automation and remote management for MSPs or multi-domain environments. - AI dashboard widget: A new interactive widget displays real-time AI-driven threat classification
activity, including drill-down views that help visualize detection trends and model classification - Custom semantic categories: Each domain can now define up to eight context-aware threat categories.
This allows admins to tailor the classification system to business-specific risks (e.g. invoice
fraud) for sharper alerting and reporting.
Version 5.5.5 (Jul 22, 2025)
Features
- Cofense: automatically recall messages reported via triage
- Dashboard: new dashboard widgets "User Actions," "Most targeted recipients" and "Appliance status"
- Integration: added “SIEM HTTP event forwarder” for message journaling to SIEM
- Report: new report type "Most Targeted Recipients"
Improvements
- Dashboard: increase "top X" widgets to 25 entries
- Dashboard: incoming queue widget "warning" level is now dependent from the appliance sizing
- Message details: highlight messages that are learned as good/bad due to user feedback
- Message results: added new result “Recipient Verification Deferred” to highlight verification servers temporary issues
- Syslog: added support for RFC5242 format
- Syslog: added support for static token that can be used by a SIEM to identify messages from ESG
- Threat Analysis Portal: improved portal access and the registration procedure
- TLS check: improved notification of invalid and expired certificates
Bug fixes
- Integration: fixed many texts in advanced logging
- Menu: changed "Account Takeover Protection" menu labels
- Message listing: fixed UI for message result "invalid sender (DNS)"
- Policy quota: fixed reliability of notifications and added a 1-hour rate-limit for each tracker
- Reports: show “bounce message” in table results
- Search: properly show the "view body" button for user roles
- Syslog: added more validation constraints to avoid issues when configuring TCP+TLS
API
- OpenAPI:: implemented deprecations for v2 in OpenAPI documentation
Version 5.5.4 (Jul 7, 2025)
Improvements
- Attachment filter: preserve inlined HTML in attached forwarded email when a “HTML deny” rule exists
- DLP: renamed all occurrence of MCP/Message Content Protection with DLP/Data Loss Prevention
- Integration: validation issues for users, groups or email are shown when executing web tests
- Job status: adaptive UI refresh, which reduces the HTTPs server loads and lets the session expire
- Message details: improved “view full DLP report” modal
- Message details: track attachments from attached forwarded email
- User management: allow admins to bind primary address as secondary addresses of other users
- Search: added “Marked as Good” and “Marked as Bad” conditions
- Social graph: improved visualization of detailed information
Bug fixes
- AI Classifier: increased timeout for long-running analysis
- Dashboard: fixed reject count in “totals”/”cluster status” widget
- Google Workspace: fixed the import of the first user email where is not the primary address
- LDAP: fixed the import of the first user email where is not the primary address
- Microsoft 365: remove the duplicated primary address shown while testing groups
- Outlook add-in: notify the user when Two-Factor Authentication (OTP) is required
- Reports: fixed alignment and width of graph in generated PDF
- Social graph: fixed ATE score visualization
API
- ADD: added
dlp
/highDlp
/dlpDictionary
/dlpWelcomelisted
/dlpBlocklisted
/dlpScore
/dlpReport
properties toGET /message
- FIXED: avoid access denied error on
/valid-recipient
for administrator roles - DEPRECATED: properties
mcp
/highMcp
/mcpDictionary
/mcpWelcomelisted
/mcpBlocklisted
/mcpScore
/mcpReport
fromGET /message
Version 5.5.3 (Jun 23, 2025)
Improvements
- Dashboard: adaptive UI refresh, which reduces the HTTPs server loads and lets the session expire
- Dashboard: data ranges have more "last X hours" ranges and no longer allow week or month ranges
- Dashboard: show explicit warning when the license is expired
- Dashboard: greatly optimize the database performance of the "analyzed message", "email flow", "threat maps", "cluster status", "AI classification", "message distribution", "top sender" and "top recipient" widget
- Licensing: show previous license information when the license is expired
- Microsoft Azure: triggers a post-deployment storage optimization procedure after every storage expansion
- Microsoft Azure: upgrade agent version to 2.13
- Search: added "last 6 hours", "last 12 hours" and "last 48 hours" filters
- Web UI: temporary disable form on submission to avoid multiple actions caused by double-clicks
Bug fixes
- Email Continuity: fixed mail compose editor when logged in as user with role "basic user"
- License accounting: excludes released messages from accounted deliveries
- Message details: fixed spam confidence when spam reports contains multiple rules with the same name
- Syslog: fixed logging to syslog of some Web-UI failed login attempt
Version 5.5.2 (Jun 12, 2025)
Security
- Notification to sender: notifications are sent only for outgoing messages
Improvements
- Microsoft Azure: added post-deployment storage optimization procedure
- Microsoft 365: added “hybrid” label in test page for users that are hybrid and not fully migrated
- Microsoft 365: fixed import of user with duplicated additional addresses
- ESG AI: fine-tuned engine parallelism when load average is high
Bug fixes
- File type: updated blocked audio and video label descriptions
- Message details: show when failed DMARC results are ignored since a message is sent by trusted sender
- Microsoft Azure: fixed firewall rule for Microsoft management IP
- Outlook add-in: fixed release action when a reason is required
- Search: fixed export of saved search results
- User management: fixed user export for domain admin
- User management: permit to “reset to default” customized user defaults
Version 5.5.1 (May, 26 2025)
Security
- Whaling protection: ignore outgoing email from SPF validated Google Workspace tenants
Improvements
- Microsoft 365/Google Workspace: convert local users as functional, when a Google user is converted to group
- Microsoft 365/Google Workspace: when a local user is converted to functional (e.g, shared mailbox,
groups), all emails assigned from previous group membership are removed
Bug fixes
- Google Workspace: fixed creation of functional users when group emails aren't assigned as user aliases
- Google Workspace: fixed an exception when searching by address
- Greylisting: avoid duplicated entries for auto welcomelisted senders
- HTTP: avoid server name canonicalization for redirect when using self-signed certificates
- Outlook addin: fixed report as bad action
- Quarantine digest: null users and null functional users roles are ignored when generating reports
API
- ADD: added
/network/dns-forwarder
to configure DNS forwarder - ADD: added
/network/static-host-lookup
to configure Static Host Lookup - ADD: added
/sender-dependent-relay
to configure sender dependent relay
Version 5.5.0 (May 12, 2025)
Security
- WAF: improved application firewall blocks for API access
- URLSand: improved "base URL" disarming
- URLSand: improve scheme parsing for HTTP/HTTPS
Improvements
- Mailer: added "%org-name%" header to all ESG generated emails and reports
- Mail scanner: fine tuned configuration to avoid cpu saturation
- Message details: show multiple SPF, DKIM and DMARC authentication results with extended information
- View mail: show CC header in the header section
- User management: user export will include email address and domain admin permissions
- User role: allow customization of "can view" capability for "clean" result category
Bug fixes
- Message details: show when welcomelist are ignored due to DKIM or DMARC failures
- Message details: don't store "cid:" links and http local anchors
- Search: apply custom permissions for message results to custom administrator roles
- System preferences: removed empty section "System notification" in cloud appliances
- Rebranding: replaced "Antispam Service" with "Email Security"
- Saved search: disambiguate duplicate names
API
- ADD: added
/machine-learning/ai-classifier
to configure AI Classification engine - ADD: property
aiClassifier
to/message/{id}
- ADD: property
hostname
to/integration/pop3
- ADD: added
/trusted-network
to configure trusted networks - ADD: property
headers.spfValid
toGET /message/{id}
- ADD: added
headers.authenticationResults
toGET /message/{id}
- IMPROVED
/message/{id}/fetch
returns410/Gone
when a message is removed or has been rotated - IMPROVED: property
headers.dkimValid
inGET /message/{id}
will honor alignment to sender domain - IMPROVED: properties
headers.spfResult
/headers.spfIdentity
fromGET /message/{id}
- FIXED: removed
POST
/PATCH
/PUT
action on non-editable/quarantine/release-request-entry
- FIXED: removed
/graph
since it's included in/report
output - FIXED: allow
/report
to domain administrator and user roles - FIXED: filter
sender
/recipient
inGET /restricted-sender
- FIXED: filter
sender
/recipient
inGET /attachment-filter/file-name-rule
,
GET /attachment-filter/file-type-rule
,GET /attachment-filter/password-protected-archive-rule
andGET /attachment-filter/scan-archive-rule
- FIXED: avoid duplicate entries with the same
domain
unique property for/relay
- DEPRECATED: properties
headers.spfResult
/headers.spfIdentity
fromGET /message/{id}
Breaking changes
There are no breaking changes in this release.
Version 5.4
All upgrades from previous versions are included. See the full release notes of Libraesva ESG version 5.4.