FortiWeb 5.8.6
6.12.2017 – w tym dniu Fortinet wydaje najnowszą poprawkę dla swojego produktu FortiWeb oznaczoną numerem 5.8.6.
Najnowsza odsłona dodane parę nowości oraz poprawki w oprogramowaniu.
Nowości oraz poprawki w oprogramowaniu to:
Disk partitioning requirement
To support the latest features and enhancements, your FortiWeb needs to be re-partitioned when you upgrade
from any version prior to FortiWeb 5.5.
XML Protection
You can configure an XML Protection Policy so that FortiWeb will:
l Enforce customizable rules for acceptable XML content in HTTP requests, including limits for names, values,
depth, and other attributes
l Prevent forbidden XML entities from making requests
Optionally, upload XML schema files to describe the acceptable structure of an XML document that FortiWeb can
use to enforce XML Protection Policies.
XML Protection Policies are enforced by selecting them in an active Web Protection Profile.
FortiWeb-VM Pay-as-You-Go on KVM
A Pay-as-You-Go FortiWeb-VM platform now runs on KVM.
HTTP Content Routing is not supported when HTTP/2 is enabled
When FortiWeb is deployed in Reverse Proxy mode and HTTP/2 is enabled, HTTP Content Routing will not be
available. Conversely, when FortiWeb is deployed in Reverse Proxy Mode and HTTP Content Routing is enabled,
HTTP/2 will not be available.
HTTP content routing policies that match X509 certificate content
In 5.5 Patch 4, the HTTP content routing policy settings that match X509 certificate content were enhanced to
allow you to match values found in either the client certificate’s subject field or the extension field. When you
upgrade from an earlier release, the upgrade process deletes any HTTP content routing policies that match X509
Certificate content. You can re-create these policies using the enhanced settings.
Log feature after upgrade
The logging feature does not work after you downgrade your FortiWeb 5.5 or later appliance to an earlier version
and then upgrade back to the original version.
Software support for FortiWeb 400B and 1000B
FortiWeb 5.4 and later software is not supported on the 400B and 1000B platforms. Fortinet will continue to
provide bug fixes to these models with 5.3.X patch releases.
Traffic logs
Very frequent disk writing may cause abnormal disk wear and tear and performance decreases. Fortinet
recommends enabling traffic logs only when debugging problems. Disable traffic logs once FortiWeb is operating
normally.
Failure to disable traffic logging during normal use may cause premature hard disk failure.
Time required to display data analytics reports
Depending on how much data must be analyzed for a query, data analytics queries can take some time. You
should try filtering queries to include data from short periods of time.
Data analytics data set limitations
Due to the large amount of data that can be stored in the data analytics database, data analytics queries can
search only up to 1,000,000 records at a time. This will be enhanced in later versions of FortiWeb.
Rebuilding the log aggregation database
In some cases, if the log aggregation database is damaged, the Web UI does not display logs correctly on the Aggregated Attacks page. For example, duplicate logs may be displayed, or logs may be missing.
To correct these problems, use the following command to rebuild the database:
execute db rebuild
This operation does not delete any logs. For details, see the FortiWeb CLI Reference:
http://docs.fortinet.com/fortiweb/reference
Poprawione błędy i podatności:
Bug ID / Description
410725 There is an XSS vulnerability in FortiWeb’s Site Publish functionality that attackers can
use to perform an open redirect from a website’s login page.
456002 FortiWeb cannot send out an RST packet through a VLAN port in Offline Mode.
456269 When upgrading to a newer release, FortiWeb may remove local certificates.
457019 SAML authentication fails when users configure FortiAuthenticator as an IDP and
enable SAML request must be signed by SP.
457891 There are security risks in some cipher protocols and suites for the administrative
interface.
458319 Filtering logs based on Date/Time may not work properly.
458936 Filtering attack logs based on source IP may not work properly when the IP address
appears multiple times on a page.
462124 If ADOMs are configured, local and FTP backup attempts may fail
Pełna lista nowości oraz poprawek jest dostępna pod adresem:
—
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
