Producent oprogramowania Fortinet udostępnił aktualizacje dla FortiWeb o numerze wersji 6.3.11. Dzięki nowej aktualizacji, zostały zoptymalizowane procesy i skorygowano problemy wcześniejszej wersji. Po aktualizacji został naprawiony problem dotyczący błędnego wyświetlania licencji w interfejsie GUI, oraz błędne działanie serwera zasad. W wersji 6.3.11 poprawiano przeglądanie topologii HA, gdyż we wcześniejszych wersjach powodowało to wylogowania z GUI. Nowa wersja poprawiła problem z działaniem FortiView oraz błąd dotyczący wysokiego zużycia procesora gdy sygnatury FortiGuard były aktualizowane. Po więcej informacji zapraszam do dalszej części artykułu.
Wspierane modele:
- FortiWeb 100D
- FortiWeb 400C
- FortiWeb 400D
- FortiWeb 400E
- FortiWeb 600D
- FortiWeb 600E
- FortiWeb 1000D
- FortiWeb 1000E
- FortiWeb 2000E
- FortiWeb 3000D/3000DFsx
- FortiWeb 3000E
- FortiWeb 3010E
- FortiWeb 4000D
- FortiWeb 4000E
- FortiWeb 100E
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 0709059 | Fail to get attack log with REST API because the fwbcgi daemon crashes when calling REST API. |
| 0703732/0695891 | Proxyd process crashes sometimes because of the huge body post with 100- continue |
| 0703412 | “No available license” is displayed but actually there is a valid license. Before executing commands at the first time, the system should wait several minutes for the license verification to complete. |
| 0703289 0701696 0690522 0651138 |
Server policies may not work due to memory fragmentation after running for a long time. |
| 0693933 0693926 |
Memory usage is unexpectedly high due to memory leakage. |
| 0689637 0691174 0699524 0687070 0699317 |
Update process takes up lots of memory due to memory leakage. |
| 0701357 | The url-update action is wrongly triggered when deleting the url. |
| 0700856 | Asserting session number fails after an offline session allocation failure |
| 0699317 | RAM usage will creep up to the high 90s after upgrading to 6.3.10. |
| 0698308 | Proxyd is hung one 2000E with Offline mode due to amf3 parsing error. |
| 0698151 | AWS Ondemand instance shuts down after upgrade. |
| 0697621 | In HTTP2-HTTP1 scenario, if there’s no content-length and transfer-encoding headers in the response, the HTTP2 client might not know when to close the connection, which causes file download interruption. |
| 0697413 | If there are multiple transfer-encoding parameters in the response, the packet may not be recognized by the client after the chunk decoding. |
| 0696776 | Need to support Client IP Exception for SQL Attacks |
| 0696420 | Predefined Sensitive Data Logging rules do not obscure credit card numbers. |
| 0694535 | Applying a filter in attack logs does not hide entry details. |
| 0694404 | Viewing HA Topology causes GUI logout. |
| 0693822 | The expired CRL is not automatically renewed. |
| 0692477 | The saved attack log filters do work when they are applied. |
| 0692122 | Need necessary debug messages for report generating. |
| 0691292 | “Permission Denied” error is displayed in some parts of GUI when remote users with access override log in. |
| 0690838 | When SNAT policy is configed, cat /proc/arpsnat/arpsnat_pool will lead to system reboot |
| 0690197 | Internal Server Error prompts while updating signature exception via attack log |
| 0687431 | Issue with system alert threshold: log disk utilization |
| 0690197 | It takes long to show the results in FortiView tab. |
| 0690197 | On FortiWeb low end platforms, high CPU spikes occur due to some problems of the Restful API calls. |
| 0690197 | Incorrect default value of max-frame-size and max-message-size when creating WebSocket rules in CLI. |
| 0690197 | CSRF protection is enabled automatically with the Site Publish policy in use, which may cause a 500 error to appear on the client’s browser. |
| 0652755 | CPU usage reaches 100% after FortiGuard Signature Updates. This is caused by the duplicate connection event logs. |
Znane problemy:
| Bug ID | Description |
|---|---|
| 0693896 | Administrator idle timeout does not work for REST API login. |
| 0691930 | When email address parsing mode is set to relaxed, gateway mode also loosens LDAP recipient verification and allows non-existing hosts. |
| 0689306 | No DSNs are sent after the email in queue reaches the maximum time. |
| 0687908 | Error when accessing quarantine using SSO with a proxy address not matching mail attribute. |
| 0687568 | Gmail using a “+” plus symbol for an alias causes issues with IBE account creation |
| 0684230 | Unexpected quotation marks appear in the block lists when exporting the configuration |
| 0668902 | The dnscached process may cache incorrect query results under heavy traffic. |
| 0656002 | In some cases, LDAP authentication does not work for newly configured domains. |
| 0597351 | For Diffie-Hellman key exchange, FortiMail uses self-generated parameters, which are different from the predefined finite field groups in RFC 7919. |
| 0578585 | Oversized meta data is sent to FortiSandbox. |
| 0560358 | The mailfilterd process causes high CPU usage. |
| 0556301 | The mailfilterd process causes high CPU usage when recipient verification over SMTPS is enabled. |
| 673811 | DSN should have the hostname instead of the client IP address in EHLO. |
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie