Libraesva ESG v5.6: Release Notes

Giorgio Premi Libraesva ESG

Main features of version 5.6

  • ATP Automatic Quota Engine: a new quota engine that analyzes historical email patterns
    to assign appropriate quotas to all users.
  • Second Sight: users can request AI-powered detailed security reports for any email message
    directly from their inbox.
  • Enhanced Whale Protection: automated whale import from Microsoft 365 and Google Workspace
    by security group or job title, with automatic synchronization and multi-email protection.
  • Firewall Protection: a new configuration view to inspect and edit firewall rules, block
    IoC networks at firewall level with automatic IoC distribution.
  • SMTP Auth: added options to restrict login to specific networks and to enforce the envelope-from
    to be equal to the username
  • MTA Advanced: added support for Microsoft LoadBalancer by exposing a GUID URI
  • User manager: add new “Cleanup old email imports” to remove from users the secondary addresses
    that are no longer reachable via integration imports
  • Report: export now supports CSV, XML and JSON formats

Version 5.6.0 (May 25, 2026)

Security

  • ATE: enable “first time sender” identification for bounce messages
  • MTA: use SHA256 for TLS fingerprint
  • Mandatory password change: access to UI is now blocked until the password is successfully updated
  • SMTP Auth: enforce password strength and use a password meter in UI as a hint
  • TLS security: hardened medium level security so that only A-grade algorithm and higher tier ciphers are used
  • TLS: increase security of DH algorithm when using certificate with 4096-bit keys
  • URLSand: broaden the applicability of link rewrite in href tags when protocol is not available
  • User manager: prevent using well-known compromised passwords
  • Whaling: allow user-based configuration so that multiple email addresses are automatically integrated in the security analysis

Improvements

  • Antispam settings: improved max message size input using MiB units
  • ATP tracking: added tracker cleanup from web UI
  • Auditing: show impersonator user for API user requests
  • Backup: add an option to skip notification of successful remote backup
  • CSV Export: improved formatting by adding heading fields
  • Dashboard: improved graph styles and color schemes
  • Email Continuity: compose now allows attaching files
  • Email Continuity: improved user experience and error handling
  • Engine rules report: includes quality feedback like cohesion, effectiveness and discrepancy
  • Integration: test page now shows all groups for a user when it’s searched by a specific email address
  • Integration: test page now shows the group member list instead of the generic counter
  • LibraCyber PSAT: added a new integration to automatically allow user campaigns
  • License manager: allow fine-grained license management since the permission to edit generic configuration is no longer required
  • License overuse: when in overuse allows more controls to License Managers
  • MSSP instance monitor: added datacenter location for monitored libraesva appliances
  • MSSP monitor: show datacenter information for ESG cloud appliances
  • Message details: add a sender IP information widget that includes RBL listing and reverse DNS
  • Message details: the targeted whale is shown whenever a message is identified as Whaling attack
  • OTP mandatory: integrate mandatory OTP change with mandatory password change
  • OTP: use SVG instead of PNG for QR Codes
  • PhishBrain: ignores whaling rules for active and running campaigns
  • Phishing Highlight: now the feature is applied only on inbound messages
  • Quarantine report: faster email generation
  • Rebranding: allow customization of web favicon
  • Report: allow multiple recipients and custom filename in scheduled reports
  • Report: new email layout that allows customization of the attached PDF report name
  • Report: refined reports library with sharper HTML results and better PDF generations
  • Report: the engine rules hit reports now include cohesion, effectiveness and discrepancy rates
  • Report: do not deliver a scheduled report when there’s no data
  • SIEM Event Forwarder: support for multiple custom headers
  • SNMP: support multiple network configurations
  • SNMP: update sysLocation/sysContact values
  • SPF: add new message results SpfHeloFail, SpfHeloSoftFail, SpfFromFail, and SpfFromSoftFail
  • Search: additional filters are now automatically collapsed on result show to improve readability
  • Submit as: improved UI for submitting good and bad samples
  • Threat remediation: faster API calls for Zimbra servers
  • Threat remediation: allow “Quarantine” built-in roles to recall messages
  • UI: new and sharper icon theme
  • URLSand exception: import action is now asynchronous
  • User defaults: added option for mandatory password change
  • User management: added an option to force users to change their password at first login
  • User management: allow bulk update to update all users
  • User manager: add UI meters to show the password strength
  • User manager: bulk updates can now be applied to all users
  • Welcomelist/Blocklist: add full support for CIDR matchers for “From” direction
  • Web UI: add “search by comment” in many administrative pages
  • Web UI: improved overall icon quality
  • Web UI: removed reload actions for configuration that aren’t inherently dynamic
  • Web UI: upgrade branding logo and text for LibraCyber

API

  • ADD: added /audit to list and search audit logs
  • ADD: added /dkim-key to configure DKIM keys
  • ADD: added /domain-authentication-override for DKIM/MARC authentication override
  • ADD: added /integration/second-sight to configure Second Sight
  • ADD: added /message/{id}/second-sight to request a Second Sight for the message
  • ADD: added mainRole property to GET /profile/GET /user/{id}/GET /user-role/{id}
  • ADD: added passwordChangeMandatory property to /user
  • ADD: added whaleGroup/whaleJobTitleRegex properties to /integration/google-connector-config
  • ADD: added whaleGroup/whaleJobTitleRegex properties to /integration/ldap
  • ADD: added whaleGroup/whaleJobTitleRegex properties to /integration/microsoft365-connector-config
  • ADD: filter /integration/google-connector-config by organizationId
  • ADD: filter /integration/ldap by tenantGroup
  • ADD: filter /integration/ldap-tenant-group by name
  • ADD: filter /integration/microsoft365-connector-config by tenant
  • ADD: filter /integration/pop3 by hostname
  • ADD: filter /quarantine/release-request-entry by user
  • ADD: filter /welcomelist /blocklist by from and to
  • ADD: filter /trusted-network by network
  • ADD: filter /user by externalId and username
  • ADD: added /network/country-policy-config to configure Country Policies
  • ADD: added /network/static-route to configure Static Route
  • ADD: added /license entrypoint to show license information
  • ADD: added /license/upload entrypoint to update license
  • IMPROVED: on blocked almost-successful /login add two properties password_change_required
    and mandatory_otp to hint for mandatory user profile update actions
  • IMPROVED: requests to http://.../api now return 404 response instead of 301 to https://.../api

Breaking changes

  1. TLS policy. Custom policies based on fingerprint must now use SHA256 algorithm instead of MD5.-
  2. APIv1. Removed API v1, so now all requests will return 410 GONE as a standard response. Entrypoints
    /api/v1/, /api/v1/version and /api/v1/api-specifications.json are preserved for smoother migration
  3. MSSP Panel. Dropped support for managing remote appliances at version 4.x or below

Version 5.5

All upgrades from previous versions are included. See the full release notes of Libraesva ESG version 5.5.

Popular searches:GDPR, ESG 5 migration guide, "How to configure Libraesva ESG for Microsoft 365"