Skip to main content

File Inspection Engine changelog

The changelog contains references to our internal ticketing system. We use the Keep a Changelog format.

v3.0.0

November 2025

Added

  • Added a new --without-malicious-threat-data option to allow the application to run without downloading the malicious threat data. If enabled, files will be classified based purely on static analysis. This is a distinct option from paranoid mode, which can still be used to separately download suspicious threat data. [FIE-324]

  • False positive rate is now displayed in the /status endpoint for all enabled classifications. [FIE-308]

Updated

  • Updated to the latest Red Hat Universal Base Image (UBI9).

v2.1.0

October 2025

Changed

  • Spectra Core updated to version 5.4.0 [FIE-311]
    • Improved malware detection with updated machine learning models and new classification technologies.
    • Expanded support for new file formats and enhanced unpacking capabilities.
    • Increased coverage of malicious and suspicious activity patterns with new behavior indicators.
    • Updated certificate reputation baselines.
    • Added more YARA threat detection rules.

v2.0.0

September 2025

Added

  • A single FIE instance can now run multiple Spectra Core instances with configurable routing for different file sizes. The Spectra Core instances can be used for processing regular and large files, and by setting a size threshold, you can direct files to their respective instance. [FIE-273]

Changed

  • Redefined the timeout limit to terminate and restart an entire Spectra Core instance, regardless of whether it is processing a single or multiple files.
  • Updated /status API endpoint to return the number of currently running Spectra Core instances.
  • Updated logs to differentiate between the main FIE process and the one of the Spectra Core instances.
  • Raised the allowed maximum file upload size to match the file size threshold for analysis by large Spectra Core instances. [FIE-314]

v1.5.2

August 2025

Fixed

  • Fixed high and medium security vulnerabilities. [FIE-287, FIE-295, FIE-296]

v1.5.1

August 2025

Fixed

  • Fixed high and medium security vulnerabilities. [FIE-276, FIE-282, FIE-283]

v1.5.0

July 2025

Added

  • Added hash lookup endpoints that enable users to check file classification either by using a file to calculate its hash or by directly providing a specific hash. [FIE-249]

Changed

  • Logs for processed files now show information on the number of unpacked children, recorded in the analyzed_files field. [FIE-255]

Fixed

  • Fixed high and medium security vulnerabilities. [FIE-268, FIE-269, FIE-271, FIE-274]

v1.4.2

July 2025

Fixed

  • Fixed high and medium security vulnerabilities. [FIE-261, FIE-262]

v1.4.1

July 2025

Fixed

  • Fixed high and medium security vulnerabilities. [FIE-259, FIE-260]

v1.4.0

June 2025

Changed

  • Spectra Core updated to version 5.3.1 [FIE-248]
    • Updates to the malware classification machine learning models and classification databases
    • Expanded unpacking and identification capabilities with support for additional certificate, private key, and file system formats
    • New behavior indicators
    • Updated certificate whitelist
    • More YARA threat detection rules
  • Capped the max_string value at 32768 to prevent out-of-memory issues caused by files containing excessively large strings. [FIE-251]

v1.3.0

March 2025

Added

  • The readiness endpoint now checks if the application is too busy to process samples or if used memory rises above the configured threshold. [FIE-212]

Changed

  • Spectra Core updated to version 5.3.0 [FIE-214]
  • The active_concurrency field, logged when calling the /scan endpoint, is now formatted as: active_concurrency={value}/{limit}. Even if the limit is set to 0 (unlimited), the system will still track the number of active concurrent requests. The field will always reflect the actual number of concurrent requests, regardless of the limit setting. [FIE-231]

Fixed

  • Fixed multiple high security vulnerabilities. [FIE-236, FIE-237]

v1.2.1

March 2025

Changed

  • Improved accuracy of the error message in the /scan endpoint response. The response now contains the message "Analysis not accepted due to high processing load" if FIE cannot accept new samples due to too many unpacked samples being processed at the same time. [FIE-208]
  • Logging cleaned up. [FIE-208]

Fixed

  • Fixed multiple high security vulnerabilities. [FIE-210, FIE-211]

v1.2.0

February 2025

Added

  • When the decompression ratio is reached, the response will contain an "Exceeds decompression ratio." message in the errors field in the /scan endpoint. [FIE-150]
  • A warning is logged when a boolean command line parameter isn't passed correctly [FIE-38]. Reminder:
    • Correct ✅:
      • --example-parameter=true
      • --example-parameter (implied true)
      • --example-parameter=false
    • Incorrect ❌:
      • --example-parameter true
      • --example-parameter false
  • The File Inspection Engine now includes /livez and /readyz endpoints for liveness and readiness checks, respectively, ensuring compatibility with container orchestration tools like Kubernetes. [FIE-34]

Changed

  • FIE now returns the "429 Too Many Requests" HTTP status when Spectra Core is busy, and not only in case the RL_CONCURRENCY_LIMIT value has been exceeded. In practice, this means that you can see the 429 response when only a few files are being analyzed (if one or more such files is highly complex, i.e. contains many child files). [FIE-140]
  • Spectra Core updated to version 5.2.3. [FIE-199]
  • The response format for the /scan endpoint has been changed [FIE-150]:
    • An errors array has been added to the response to replace the deprecated message field.
    • analysis_information has been added as an optional section with analysis metadata. This section also contains a partial_unpacking boolean (true when a file hasn't been fully unpacked/extracted.

Deprecated

  • In the /scan endpoint, the message field is deprecated; use errors instead. The message field contains all errors from the errors array combined into one string (separated by semicolons). [FIE-150]

Removed

  • Command line options, and their corresponding environment variables [FIE-144]:
    • --cloud-threat-data / RL_CLOUD_THREAT_DATA
    • --tmp-dir / RL_TMP_DIR
    • --core-dir / RL_CORE_DIR
    • --core-config-dir / RL_CORE_CONFIG_DIR

Fixed

  • Inconsistent handling of invalid configuration values. Now, if a value is not within the allowed range, it is automatically set to the default. [FIE-193]

v1.1.1

January 2025

Fixed

  • Fixed multiple security vulnerabilities [FIE-170, FIE-172]

v1.1.0

January 2025

Added

  • Spectra Core updated to version 5.2.1. [FIE-77]
  • Configurable maximum allowable decompression factor for files. [FIE-133]
  • Added logic to retry failed updates with the threat-data command. All attempts are logged, and the command exits with an error code if retries are exhausted. [FIE-42]
  • File Inspection Engine now logs configuration parameters at application start. [FIE-21]

Changed

  • The /version endpoint was replaced with /status, and now also returns application configuration and the license expiration date. [FIE-21]

Fixed

  • Typo in error messages related to misconfigured Cloud account. [FIE-57]
  • Fixed security vulnerabilities. [FIE-46] [FIE-148]

Deprecated

  • The /version endpoint, while still available, is considered deprecated. [FIE-21]

v1.0.2

November 2024

Added

  • Implemented configurable concurrency rate limiting for HTTP requests, with a default limit of 20. [FIE-41]
  • Improved logging. [FIE-96]
  • Stop the application if tmpfs reaches 100% usage. [FIE-112]

Fixed

  • Fixed high security vulnerabilities. [FIE-54, FIE-55]
  • Fixed a medium security vulnerability. [FIE-86]

v1.0.1

November 2024

  • Fixed a high security vulnerability. [FIE-76]

v1.0.0

November 2024

General Availability

This is the first public release of the product, moving from Alpha to General Availability.

Added

  • Users can now configure the depth of file unpacking at container startup. [FIE-32]
  • Configurable timeout option added to limit the maximum scan time in Docker. If the scan exceeds this limit, the application returns an error message. [FIE-29]

Updated

  • Updated to the latest Red Hat Universal Base Image (UBI8) to address vulnerabilities.
  • Integrated the latest release of the ReversingLabs static analysis engine to improve scanning capabilities.

Fixed

  • Corrected processing behavior for empty files. [FIE-35]
  • Removed certain error messages that appeared at startup without providing actionable information.
  • Resolved multiple STIG (Security Technical Implementation Guides) requirements to enhance system security and compliance.