Release 3.4

Information about the IMPEX release 3.4

Release date: 2023-03-08

The IMPEX 3.4 release

This release contains a major milestone for the IMPEX product line. With this release we support offline upgrades of OS and SYSCTL packages as well as offline antivirus engine definition/signature updates. This means IMPEX now easily can be used in air gapped environments (isolated networks or stand-alone machines) without having the potential issues with outdated virus engine signatures or outdated software packages. To provide protection against manipulated software, the offline packages are signed twice, the underlying RPMs and definition/signatures used are signed as usual and then the entire offline package for software and engine updates is signed by SYSCTLs offline packaging server, guaranteeing a smooth and safe offline upgrade process. Thus only trusted software changes will be accepted by the IMPEX infrastructure components.

Since the previous release of IMPEX, version 3.3.0, on the 24th of February 2023 we made a special fix release to update the ClamAV antivirus engine. There were some ClamAV vulnerabilities published in late February. SYSCTL decided that the vendor provided sandbox could be strenghtened, so we made some hardening to that one as well as updating the software to a new version. More information on that release can be found here https://sysctl.se/release/impex/2023/02/24/clamav-update.html

Minor corrections and fixes were done for all components, including IMPEX Data Lock.

ICC changes

  • A logged in user can now change password directly in the ICC GUI instead of having to go through the administrative interface
  • Registration of new stations was changed, there are now settings for rate limiting, blocking IP addresses and turn on or off allowing new registrations of stations. These can be found in the Server Settings view in the ICC GUI.
  • There is a new screensaver timeout setting in the configuration cards that controls if and when the screen should dim out on the stations.
  • All views now have a direct link to their respective documentation chapters

Station changes

  • Screensaver functionality was added to the station and can be turned on via the Configuration card for the station on the ICC. When active, the screensaver will remove the jumping USB drives and dim the screen. Touching it enables the normal index screen again. This should be good news for those customers who thought the screen lit up the room too much or that the moving USB drives distracted

  • Support for offline upgrades was added. This means one can have totally air gapped IMPEX USB scanners but still have up to date Anti Virus Engine Signatures and Operating System updates for them

  • Enabling a new Anti Virus Engine will immediately trigger a download of its signature definitions. In previous releases one had to wait for the next scheduled update time to trigger, which could be hours. This mainly affects new installations where support or customer staff want to immediately test the installation.
  • The station will test and rewrite the repository settings immediately if this was changed on the ICC on the configuration card for the station. Prior this was only made once per night. This change improves the installation and change phase for SYSCTL support technicians and customers.

Security

  • ICC dependent framework Django was bumped to the latest security release 3.2.18, ICC was not vulnerable to the issue fixed but SYSCTL policy is to always pull in security fixes

Documentation

  • Added documentation on the new registration settings pane in the ICC Server Settings view
  • Added documentation for the new screensaver timeout setting
  • Changed to using high resolution images in the online manuals

Known issues

  • XFS file system created by very new mkfs.xfs utilities can not be read by IMPEX stations due to the tools using new XFS features not supported by the XFS implementation used by IMPEX