Libraesva ESG v5.4: Release Notes

Giorgio Premi Libraesva ESG

Main features of version 5.4

  • Fine-Grained Roles and Permissions: role administrators can define customized roles with precise control over configuration and message permissions.
  • New Domain Administrator Access Levels: domain administrators can now have "user management" or "full administration" capabilities.
  • Anti-Spoofing for Welcomelist and Blocklist: sender domain authentication results for SPF, DKIM, and DMARC are now used to refine selection of Welcomelist and Blocklist entries.
  • User profile: new page for personal information, with support for quarantine digest configuration, password change, and 2FA setup.
  • Message metadata: compress and encrypt metadata stored in the database (e.g., headers).
  • Valid recipient list: on delete, optionally remove or detach the recipient from all users.
  • Avira antivirus: new detailed engine status page with per-domain configurations.
  • Bitdefender antivirus: new detailed engine status page with per-domain configurations.
  • ClamAV antivirus: new detailed engine status page.

Version 5.4.3 (Feb, 19 2025)

Security

  • TLS Encryption: removed TLS1 and TLS1.1 from “Medium” policy

Improvements

  • Check firewall: improved detection of firewall inspection on TCP DNS queries
  • Cluster status: more compact UI when workers are configured
  • Cluster worker setup: faster service reload on main node after setup
  • Custom spam policies: added a new custom spam policy field “Rule match
  • Dashboard: better UI when more than four workers are configured
  • Distributed setup: suspend cluster also on workers when primary cluster is suspended
  • License accounted: added button “Add valid recipient” when accounting is email based
  • Queue cleaner: improved search parameters and added preview before removal
  • Report: added export in csv format
  • System upgrades: improved UI feedback after upgrade or in case of failures
  • System upgrades: support version upgrade for distributed setups
  • System upgrades: synchronize time of nodes before upgrade

Bug fixes

  • Custom score: avoid server error when value is exactly “'0'
  • License accounted: added button “Right to be forgotten” when accounting is email based
  • MSSP instance monitor: fixed license upload to managed appliances
  • NTP: fixed conditional reloading on apply settings
  • Smarthost relay: fixed relay to port 465 (SMTPS)
  • System logs: fixed conditional reloading on apply settings
  • User management: fix bulk update of OTP mandatory option
  • User manager: avoid server validation errors when changing custom scores
  • View mail: properly show correct filename of attachments (regression of 5.4.2)

API

  • ADD: manage LDAP tenant groups via /integration/ldap-tenant-group
  • ADD: added hostname/type/bindUsername/fallbackHostname property to GET /integration/ldap
  • ADD: added hostname/type/bindUsername/fallbackHostname/bindPassword property to POST /integration/ldap

Version 5.4.2 (Feb 3, 2025)

Improvements

  • Apply settings: apply scheduled pending changes for timed out jobs
  • Integration: added email notification of stale users/valid recipients
  • HTTPS: support all DNS names defined in a multiple CN (SAN) certificate
  • NTP: added alternate ntp server
  • MSSP Monitor: permit to configure a custom port for monitor
  • Quarantine digest: exclude delivered messages from reports
  • User messages: added UI hint for specific variables of mail intercept and mail encryption
  • View mail: show a fallback name for message/rfc822 attachments
  • User management: allow bulk update of functional users

Bug fixes

  • Backup: changed label “Status” with “Completed” to avoid ambiguities
  • Cluster worker: prevent add/delete relay from worker nodes
  • Digest report: don’t prepend appliance name to subject
  • HTTPS: use strict host validation when using externally generated certificates
  • Mail intercept: fixed variable substitution in default Italian template
  • Mail logs: fixed database logging of scanned messages with too many attachments
  • NTP: track apply settings after server address change
  • Relay delivery test: dynamic verification uses relay server when verification server is not set
  • Right to be forgotten: fixed job execution
  • User management: fixed user role bulk update
  • Welcomelist/Blocklist: fixed domain admin import

Version 5.4.1 (Jan 20, 2025)

Security

  • Cluster setup: use ED25519 instead of RSA

Improvements

  • Auditing: improved account takeover configuration logging message.
  • FTP backup: storage messages are exported as incremental daily backup
  • FTP backup: allow custom filename format for remote backup
  • User messages: added import/export feature
  • Web portal: added configuration to completely disable access to the API

Bug fixes

  • Auditing: prevent audit log of unchanged configurations
  • Change network: avoid double reconfiguration of static hosts
  • Change network: fixed configuration of network interface without gateway
  • Antispam custom rules: fixed validation of custom regular expressions
  • Dictionary: fixed detection of words in Arabic language
  • First run: preserve manual configuration of secondary network interfaces
  • FTP backup: restrict validation for server configuration
  • FTP backup: greatly reduce local storage requirements for FTP backup
  • Integration: fixed a bug that blocked import after the rollback of an invalid user
  • Licensing: fixed the computation of overuse days
  • Local RBL: fixed reload of new allowed/blocked IPs
  • Mail queues: restored detail button for outgoing messages
  • Mail logs: cut spurious sender/recipient addresses greater than 254 chars to fit in database records
  • Attachment filters: fixed generation of attachment warnings for removal
  • Menu: fixed relay search for Domain Admin with domain features
  • Release requests: fixed creation and notification of message release requests
  • Report to labs: fixed action for main role user and network
  • Summary report: clarified that deferred messages are not included
  • User actions: fixed message actions for users with role networks
  • User default config: fixed view and editing permissions for domain administrators
  • User role: fixed setting of "Not allowed" for email continuity permissions
  • User role: fixed setting of "User preferences only" to Domain Administrator main role

Version 5.4.0 (Dec 23, 2024)

Security

  • Blocklist: ignore explicitly welcome listed recipient when looking for blocklists
  • TLS Certificate: allow uploading certificate using EC (Elliptic Curve) algorithms
  • Welcomelist: disable welcome lists when sender's is spoofed based on SPF/DKIM/DMARC
  • Welcomelist: only activate welcome list behaviour if all recipients are explicitly welcomelisted
  • Whaling: improved identification of legitimate delivery using SPF/DKIM/DMARC

Improvements

  • CSV import: handle BOM in uploaded files.
  • Email continuity: enable or disable the feature based on roles and capabilities.
  • Email forward: by default, disable email forwarding when user permissions don't include "release".
  • External warning exception: added creation date (retro-compatibility provided by audit log).
  • Firewall check: moved page under "Admin area > status".
  • Integration: functional and normal users can now have different default permissions.
  • LDAP Integration: allow passwords up to 254 chars.
  • Login test: deny access to "login test" page for quarantine and read-only administrators.
  • Mail intercept exception: added creation date (retro-compatibility provided by audit log).
  • Mail scanner: added support for Microsoft BATV address format (e.g., msprvs1).
  • Mail templates: use username as fallback for empty full names.
  • Quarantine report: automatically add "message preview" link if the user has login capability.
  • Relay: renamed "group tag" column to "comment" and extended it to 1024 characters.
  • Roles: added "Role Appliance Manager" for changing appliance configurations.
  • Roles: added "Role License Manager" for modifying license information.
  • TLS Certificate: support uploading of externally generated certificates without CSR.
  • User manager: removed obsolete "User can change spam settings" option.
  • User messages: allow usage of almost all variables in all contexts.
  • Web UI: added "multi delete" and "Save and new" on many pages.
  • Web portal: allow creating custom users with disabled login for tracking licensing and reports.
  • Welcomelist/Blocklist: added creation date (retro-compatibility provided by audit log).
  • Welcomelist/Blocklist: support BATV tag removal before lookup.

Bug fixes

  • Auditing: ensured logged "old raw" data reflects the persistent original data.
  • Message details: renamed "SPF Error" result to "SPF Failed" for clarity.
  • Search: limit export to 10k records to avoid long execution times.
  • User messages: fixed mail signature replacements when backslashes are used.

API

  • ADD: added POST /appliance/apply-settings to apply configuration changes.
  • ADD: added POST /message/{id}/report-as-good and POST /message/{id}/report-as-bad
  • ADD: property comment to /relay/{id}
  • FIXED: GET /licensing/accounted-email won’t list automatically discounted licenses
  • DEPRECATED: properties aviraEnabled/bitdefenderEnabled/clamavEnabled o /antispam and /antispam/{id} pages always return false.
  • DEPRECATED: property grouptTag of /relay/{id}, use comment instead

Breaking changes

  • Licensing: appliances exceeding the licensing quota may experience limited editing functionality. Please ensure your accounting information is up to date before proceeding with the update.

Version 5.3

All upgrades from previous versions are included. See the full release notes of Libraesva ESG version 5.3.

Popular searches:GDPR, ESG 5 migration guide, "How to configure Libraesva ESG for Microsoft 365"