LATEST VERSION: 1.4 - RELEASE NOTES
ClamAV Add-on for PCF v1.4

Release Notes

Page last updated:

This topic contains release notes for ClamAV Add-on for PCF.

v1.4.39

Release Date: December 10, 2018

Features

Changes in this release:

The following information about scans is written to /var/vcap/sys/log/clamav/clamdscan.log

  • When a scan starts, a “Starting scheduled scan” message is output to the file.
  • When a scan ends, a “Scan Summary” message is output to the file.

For more information, see Monitoring ClamAV Logs.

Known Issues

There are no known issues for this release.

v1.4.38

Release Date: October 29, 2018

Features

Changes in this release:

  • The bundled ClamAV open source distribution is now v0.100.2. This new version of ClamAV includes the following security fixes:

    • CVE-2018-15378: A vulnerability in ClamAV’s MEW unpacking feature in v0.100.1 and earlier could allow a denial-of-service (DoS) condition.
    • CVE-2018-14680: An issue in mspack/chmd.c in libmspack before 0.7alpha prevented it rejecting blank CHM filenames.
    • CVE-2018-14681: Bad KWAJ file header extensions could cause a one- or two-byte overwrite.
    • CVE-2018-14682: An off-by-one error in the TOLOWER() macro for CHM decompression. Additionally, version 0.100.2 reverted 0.100.1’s patch for CVE-2018-14679 and applied this newer fix instead.

For the ClamAV v0.100.2 release notes, see the ClamAV blog.

1.4.36

Release Date: October 12, 2018

Features

New feature in this release:

Known Issues

There are no known issues for this release.

v1.4.34

Release Date: September 4, 2018

Features

New feature in this release:

  • The ability to specify a schedule for scan start times for daily scans

Known Issues

There are no known issues for this release.

v1.4.29

Release Date: July 30, 2018

Features

Changes in this release:

  • The bundled ClamAV open source distribution is now v0.100.1. This new version of ClamAV includes the following security fixes:

    • CVE-2017-16932: parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
    • CVE-2018-0360: ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file.
    • CVE-2018-0361: ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.

For the ClamAV v0.100.1 release notes, see the ClamAV blog.

Known Issues

There are no known issues for this release.

v1.4.28

Release Date: June 28, 2018

Features

New features and changes in this release:

  • Upgraded the bundled ClamAV open source distribution to v0.100.
  • Added support for Canonical Ubuntu 16.04 (Xenial) stemcells.
  • Removed developer acceptance tests from the bosh release package.
  • Added support for cgroup configuration of hard CPU limit.

Fixed issues in this release:

This release fixes the following issue:

  • Fixed an issue with the shell script interpreter directive (“shebang”) that was specified in the job template for scheduled-scan. Previous releases used the interpreter directive /bin/sh, which prevented proper cgroup restriction. This has been corrected to /bin/bash.

Known issues in this release:

  • There are no known issues in this release.

v1.4.5

Release Date: March 26, 2018

Features

New features and changes in this release:

  • Upgrades the bundled ClamAV open source distribution to v0.99.4, which includes:

    Security fixes

    • CVE-2012-6706
    • CVE-2017-6419
    • CVE-2017-11423
    • CVE-2018-1000085
    • CVE-2018-0202
    Compatibility fixes
    • GCC 6
    • C++11

  • Updates Golang to v1.10 for Linux builds

Known Issues

There are no known issues for this release.

v1.4.1

Release Date: February 5, 2018

Features

New features and changes in this release:

  • Upgrades the bundled ClamAV open source distribution to v0.99.3, which includes:

    Security fixes
    • CVE-2017-12374
    • CVE-2017-12375
    • CVE-2017-12376
    • CVE-2017-12377
    • CVE-2017-12378
    • CVE-2017-12379
    • CVE-2017-12380

Known Issues

There are no known issues for this release.

View Release Notes for Another Version

To view the release notes for another product version, select the version from the drop-down list at the top of this page.

Create a pull request or raise an issue on the source for this page in GitHub