Nowa wersja FortiMail 7.6.3 przynosi szereg poprawek, które znacząco wpływają na bezpieczeństwo, stabilność i wygodę użytkowników. Naprawiono przypadki, w których wyjątki DLP nie działały poprawnie. To ważne szczególnie w środowiskach z precyzyjnie zdefiniowanymi politykami ochrony danych. Ponadto, zoptymalizowano synchronizację kalendarzy, co poprawia ogólną wydajność systemu. FortiMail 7.6.3 nie jest już podatny na CWE-613: Insufficient Session Expiration – to ważne z punktu widzenia zarządzania sesjami użytkowników. Po więcej szczegółów, zapraszam do dalszej części artykułu.
Rozwiązane problemy:
Antispam/antivirus
| Bug ID | Description |
|---|---|
| 1133812 | In some cases, the DLP exception rule does not work properly. |
| 1143785 | Removed or modified file extensions are not detected by the content filter. |
| 1119288 | For dictionary scans with regular expressions, valid patterns sometimes did not match UTF-8 encoded subject lines. |
Email delivery
| Bug ID | Description |
|---|---|
| 1097318 | Email with disposition 'Accept;Defer Disposition’ stays in the mail queue for a long time. |
System
| Bug ID | Description |
|---|---|
| 1137553 | Gratuitous ARP from the IP pool is not sent during HA failover. |
| 1141814 | Subject display issue for IBE mail using umlauts. |
| 1140302 | Quarantine notification, The email subject in Cyrillic characters of a quarantine notification cannot be displayed properly. |
| 1128095 | When uploading a safe list or block list via the REST API, it could fail with the error message Access Check Failed. |
| 1121575 | When a ZIP file is password-encrypted but the content profile does not have the password, sometimes FortiMail does not quarantine the file as expected, but instead submits it to FortiSandbox. This causes an error log on FortiSandbox: WARNING: Wrong password for file submission. |
| 1110089 | For email clients that use the RSA-OAEP key exchange algorithm, the recipient is not able to decrypt the email. Antispam logs show the error message DecrypterMediaIn: Decoded Data not valid. |
| 1104902 | High CPU usage during Thunderbird calendar synchronization. |
Logs and reports
| Bug ID | Description |
|---|---|
| 1138977 | No detailed syntax error in log „4.7.0 Too many errors; closing connection”. |
| 1122451 | IP addresses which users use when changing their credentials are not included in the relevant system event logs. |
| 1126312 | No logs when the admin moves email to quarantine. |
| 1122001 | System event logs should include the user preference configuration changes. |
Administrator GUI/webmail
| Bug ID | Description |
|---|---|
| 1144660 | MS365 API user list view search should be case insensitive. |
| 1146195 | In some cases, the quarantine report template preview does not work properly. |
| 1142787 | Fail to open quarantined email if the folder name contains Japanese. |
Common Vulnerabilities and Exposures
FortiMail 7.6.3 is no longer vulnerable to the following CVE/CWE-References.
Visit https://fortiguard.com/psirt for more information.
| Bug ID | Description |
|---|---|
| 985968 | CWE-613: Insufficient Session Expiration |
Notatki producenta: FortiMail 7.6.3
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
