The IMPEX 3.6 release

This release brings a long requested feature to the Impex Control Center (ICC); now it is possible to add personalized user accounts to the ICC through the ICC GUI. These can be normal admin accounts, super accounts with Django Admin access and read only accounts. The read only accounts can view everything but change nothing. This is an feature that allow organizations to have more people accessing the central Impex management server, and even have people that only needs to read scanrecords or logs or check on configuration and setup.

For the IMPEX USB Gen2 stations, this release enables customers to use the built-in NFC reader for unlocking the IMPEX station and identifying users automatically during usage of the IMPEX USB station.

This release also adds support for another encrypted USB-drive solution; the Kingston DataVault Privacy 3.0 drive.

ICC changes

  • Added NFC and station lock/unlocking fields to identities, station and configuration views

  • PDF report file limit was increased from 200 to 1000 files. This is approximately 128 pages and takes ~10 seconds to generate.

  • Station view was slightly re-organized

  • User view where one can add, change and delete ICC users. Please note that any prior users created through the django admin interface will not show up here and we strongly recommend customers to create new ICC users through the ICC GUI

  • Icons have been added to Anti Virus Engine status views

  • In the ICC there is now a possibility to add a NFC card (e.g. ID card, company card, Yubikey with NFC support) to a name in the list of identities (previously called “contact list”). That name will be associated with the card when used for identification at an Impex station. That name will also be stored in the scan records. This is a usability feature that makes the Impex station easy to access, while normally being locked for people that are not enrolled and have their NFC token stored in the ICC.

ICC fixes

  • There was a scan import regression in 3.5.0 that could be triggered if the station uploading a scan was not upgraded to 3.5.0. This had the effect that there was no file listing for a scan operation. This has been fixed and the code will re-try the import if the uploaded scan report is older than 12 hours so anyone affected by this will recover.

  • In rare cases the station view page would not contain the reported Anti Virus Engine version and signature status. This was a race condition in the GUI code that is now fixed

Station changes

  • Added lock/unlock functionality using NFC cards. Mapped identity is then used as a “logged in” user and gets pre-filled in the identification step

  • Support for encrypted USB drive Kingston DataVault Privacy 3.0 was added. Inserting one will trigger a password prompt, just like with Bitlocker drives. Please note the implementation has certain limitations that is due to the fact that the underlying support from Kingston only supports a single encrypted drive at a time. This restriction makes it impossible to do transfers between two DataVault drives at the moment.

  • Password input errors and other notifications from the backend will now pop up a new window, making it clearer that a password was entered incorrectly for example

  • The System information view was updated to also include whether or not it has been configured to use DHCP or static IP

Station fixes

  • The screensaver timer was not always reset when switching between views, this has been fixed

Security

  • Django was upgraded to 3.2.19 which fixes “CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field”. The ICC was not affected by this bug but SYSCTL policy is to always upgrade to the latest security patches release.

Documentation

  • ICC documentation was updated to consistently call the network scanner product Impex Data Lock

  • ICC Documentation was updated to reflect the renaming of Contacts to Identities

  • A chapter about the new feature ICC Users was added to the ICC Documentation

Operating system packages

  • As usual this new release also brings upstream operating system updates and fixes.

Atom (RSS-like) feed

The feed include sysctl news and release information

https://sysctl.se/feed.xml