Impex release information
Information about the IMPEX release 5.4.0
Release Type: General
Release date: 2025-06-28
The IMPEX 5.4.0 release
This release contains fixes, improvements and some new functionality. Datalock administrators should note the new “host key” settings on the Data Lock Flow view where you can see and approve the remote destination SSH keys. The Device and File filter views in the ICC have been redesigned to be easier to use.
ICC changes
- The “Station Offline Mail” setting has been moved from “Server Settings” to the Configuration card. Apart from it being more logical that it is next to the “Malware Alerts” field it also makes sense to be able to send to different persons depending on which Station is offline.
- Device Filter view has been refactored to be easier to use
- File Filter view has been refactored to be easier to use. We also added the functionality to have file sets included in other sets. This makes it easier to build structured file filters.
USBProtect and Datalock changes
- Moved all application logging to go through the journal/rsyslog so that a full log disk partition does not impact the functionality of the system
- Some internal components had problems with pretty printed json which could result in incorrect AV definitions information. This affected ESET in some installations.
- Bumped limit on quarantined file size. Any files larger than 1GB gets truncated to 1GB. It used to be 200MB for USBProtect and 100MB for Datalock.
- One of the encrypted zip yara rules was incorrect, this has been fixed. The nested encrypted zip yara rule was however correct and also caught encrypted zip files without nesting.
USBProtect changes
- Provide a more informative error message when transferring CDROM content which contain symlinks to EXFAT/vfat. These file systems do not support symlinks. Switching the default formatting file system to NTFS makes it work.
- Added disk partition usage and CPU temperature to the station System Information view
- Always enable NFC service to make it possible to login even if the station is not locked. This makes it possible for registered users to skip the “identification” step if enabled. Also it enables future improvements like cached bitlocker and encrypted zip passwords per user.
USBProtect fixes
- GUI: add back missing certificate fingerprints in System info view. This has been missing since 5.0.0 due to a change in OpenSSL output
- Make sure DNS information is also shown in the System settings -> Network tab when using DHCP/automatic on the station
- Transfer from a smaller USB drive with MBR partition type to a larger drive that required a GPT table failed, this has been fixed so that the partition type is upgraded to GPT when needed
- When inserting USB drives with lots of files one used to have to wait until it got indexed before it was possible to click
formatorshred. Now one can press these buttons immediately when they show up. - Corrected the keyboard layout of the German keyboard
- When changing repo credentials, the station did not test them with proxy settings if set which made setting up a new repo server hard to debug
Datalock changes
- Added remote host SSH key handling to Flows. Now an admin can see which host keys Datalock has accepted for a remote server and if they change, manually accept the new host keys after inspection.
- Switched from iptables to nftables and turned off logging off blocked packets which filled the logs on some installation sites
REPO changes
Introduced a new tool that enables the creation of update packages tailored for secure and efficient transmission across data diodes
Documentation
Update the layout to enhance web display and user experience
Information
Operating system packages
General packages updates
Online Documentation
Further details and configuration guidance are available in the official documentation:
https://sysctl.se/impex/documentation/
SBOM
Each ISO and VHD release has a software bill of materials (SBOM), to make introspection of the release easy to integrate with a number of security tools.
Update Instructions
For networked Impex stations this release will be automatically installed as part of the regular update process. No manual steps are required from administrators or users. The system will apply the update seamlessly in the background, ensuring that the latest fixes are in place without any interruption to normal operations.
For standalone Impex stations, your organisation needs to download the update from portal.sysctl.se in accordance with the update instructions in chapter “USBProtect in offline mode” in the Impex USB Protect user manual.
Links
Sysctl portal
Documentation for offline patching
https://sysctl.se/impex/documentation/usb-protect-user-manual/#updates-and-patching
Sysctl rss/atom