Już jest ! Nowa wersja FortiWeb oznaczona numerem 5.9.0 została wydana. Produkt przeznaczony do ochrony aplikacji webowych zawiera wiele poprawek i udoskonaleń. Zachęcamy do zapoznania się z listą oraz aktualizacja oprogramowania.
Poprawki / błędy:
Bug ID Description
412449 Admin login attempts may prompt for admin authentication credentials from an untrusted host even when all admin accounts have trusted hosts configured.
453666 Trusted IPs may not correctly bypass a malformed HTTP request check in an HTTP Protocol Constraints policy.
461530 Proxyd may crash when FortiWeb performs client certificate verification.
464331 FortiWeb continues sending LDAP queries after a user has been locked out for exceeding the maximum number of login attempts.
466361 If there is a timezone conflict, FortiWeb may have an issue downloading traffic logs for a time period that you specify.
466384 When a request fails, FortiWeb incorrectly sends a TCP RST packet to the client.
466844 If the HTTP header is Content-type: multipart/related, FortiWeb may not forward the whole package from the server to the client.
468904 When filtering a signature search by CVE identifier, you cannot enter more than four digits.
468909 PHP Easter Egg URLs are not detected.
469355 In a test environment with FortiTester, FortiWeb’s proxyd crashes every minute when a request triggers a period block action in a CSRF or Start Page rule.
470600 The CLI command diagnose debug disable closes the debug output, but does not clear all debug settings.
470604 The HTTP RPS of 150 pservers is lower than six pservers when FortiWeb is in True Transparent Proxy mode.
471100 FortiWeb may not be able to communicate with a client when you specify an hamgmt-interface-gateway.
472509 After restarting FortiWeb AWS On Demand, the serial number may be lost.
473947 FortiWeb does not check the SSL hardware status when there is an SSL error that causes the connection to close.
473966 Signatures may not correctly match on FortiWeb AWS.
476393 Proxyd may crash when FortiWeb performs CSS decoding.
476653 This bug applies only to FortiWeb 100D platforms: HTTPSD may crash when you attempt to log in from the web UI.
478009 If a client request uses the HTTP CONNECT method type, FortiWeb may hold the request and not send the request to the server.
478303 Proxyd may crash when FortiWeb can’t connect to the OCSP server.
479650 When upgrading from 5.8.X, social security card detection may not work properly.
Bug ID Description
436376 If there is a hexadecimal code %3d in the parameter name or cookie name, attack logs may display the corresponding character = incorrectly.
468660 The following issue applies to only FortiWeb 2000E appliances:
During autonegotiation, the LEDs for:
l The management port and ports 1–4 are green at 100M and yellow at 1000M.
l Ports 5–8 are yellow at 1000M.
l Ports 9–10 are yellow at 10000M.
469093 This bug applies to only FortiWeb-VM on KVM: HTTPSD may crash when updating from version 5.8.5.
469369 This bug applies to only FortiWeb-VM on AWS: If you have a High Availability deployment with instances that use EC2-Classic, the failover time may take too long.
469371 This bug applies to only FortiWeb-VM on AWS:
In a High Availability deployment, if a Host A (standby) and Host B (primary) switch so that Host A becomes the primary appliance, and later switch back, the elastic IP for Host A no longer binds. This is because FortiWeb doesn’t support multiple elastic IPs to one interface address.
471903 In a signature rule, if the Action for the Information Disclosure option is set to Alert & Erase, the attack log message ID that FortiWeb generates in response to a rule violation will contain the erased information.
473184 When you delete a large number of rules, an error may occur if the requested URL’s length exceeds the server’s capacity limit.
475874 If FortiWeb loses the connection with FortiSandbox, sandboxd may crash due to an out of memory error.
478579 This bug applies to only FortiWeb-VM on XenServer:
In a High Availability deployment, if the primary and standby appliances switch roles,
Bezpieczeństwo w biznesie