Rebuild 1.444.0

General Remarks

This version contains major updates including new file support, additional content management and reporting changes. For some users, these may introduce breaking changes; as such they are documented here with notes on backwards compatibility.

Components / Services Released

• Glasswall Rebuild - Windows - libglasswall.classic.dll - v1.444.0
• Glasswall Rebuild - Linux - libglasswall.classic.so - v1.444.0
• Glasswall Rebuild - STOP OS - libglasswall.classic.so - v1.320.0
• Archive Manager - libglasswall.archive.manager.so - v0.49
• Glasswall Command Line Tool - glasswallCLI - v0.15

New Features

SVG Filetype Support

SVG files are now supported with the following content management flags:

• scripts
• foreignObjects
• hyperlinks

Note: Support for embedded .svg files within office will be rolled out in a future release. Entity injection is removed as an auto corrected remediation.

WebP Filetype Support

WebP files are now supported with a metadata content management flag.

Updates to analysis reports to group items allowed by policy

There is now an option for explicitly reporting allowed content in the analysis reports. Set layout_format to v2 in the policy xml to apply these changes. To retain backwards compatibility with existing parsers, set this flag to v1. This is documented with examples in the CLI README.

Addition of remedy IDs to analysis reports

Remediations can now be reported with IDs in the analysis reports. Set generate_remedy_id to true to apply these changes. To retain backwards compatibility with existing parsers, set this flag to false. This is documented with examples in the CLI README.

Introduction of policy setting to remove connections.xml in XLSX

Connections.xml for XLSX is now moved under content management policy. Set this flag to 'allow' to retain existing functionality. The connections element defines how to get at an external data source and information for specific constructs in a worksheet, such as OLAP formulas, QueryTables, or PivotTables, and is used to retrieve or refresh data based on default events or the user's explicit request.

Fixes & Improvements

Bug Fixes

• XSLX/OOXML Metadata in custom.xml is now removed when metadata is set to sanitise
• Content management hardening
• PDF manage rate improvements
• PNG manage rate improvements
• GIF manage rate improvements
• TIFF manage rate improvements
• MP3 manage rate improvements
• Large file handling improvements
• PPTX End of stream error fixes
• DOCX End of stream error fixes
• XLSX End of stream error fixes
• PDF Crashing with a stack smash error fix
• Mach-O file segmentation fault fix

Other Fixes

• XLS processing speed improvement

Known Issues or Limitations

General

• In Export Mode, The UTF-8 encoding has not been applied to all extracted text, which means that some exported text is not UTF-8 compliant.- Intermittent error that causes some non-conforming DOC file to be managed on Linux.
• Exporting large numbers of non-conforming PDFs causes crashes.
• Images sometimes removed or truncated from inline image data in PDF.
• Remedy items reported when reprocessing PDF with JBIG compression.
• Slide animations cleared as embedded objects.

CLI Issues

• When using "useSubfolders=1" and there are files with the same filename in different folders analysis reports for the second or later files will go to the nonConformingDirNam folder.

STOP OS Specific issues in CLI

• The "useSubfolders=1" option does not navigate the folder structure so all the submitted files must be in one directory.

  When generating analysis reports for files with Unicode characters in the filename the reports always end up in the nonConformingDirNam folder regardless of the result. This does not impact the regenerated files.