Support-Portal
· Maintenance Release

SFOS 16.05.5 MR5

Beschreibung

Bemerkungen

Das Update ist von allen SFOS 16.05 Installationen aus verfügbar.

Das Update ist für alle SFOS Versionen über das MySophos Portal verfügbar.

Betroffene Produktgruppen

Bugfixes

  • NC-14549: [API] Unable to delete a web policy
  • NC-16612: [API] Can not configure second WAN link on any physical interface
  • NC-17948: [API] Getting different autogenerated password for same guest user in HA (Primary and Auxiliary device)
  • NC-17955: [API] Unable to ping facebook.com from ping tool in the diagnostics page
  • NC-18595: [API] Issues with char encoding using Sophos API
  • NC-16205: [Authentication] First user login not registered with firewall
  • NC-17493: [Authentication] Radius authentication doesn't work for Webadmin login
  • NC-17767: [Authentication] AD users cannot login to userportal with samAccount name plus domain information in login
  • NC-18282: [Authentication] Client based SSO doesn't work
  • NC-18630: [Authentication] AD users email addresses will be cut if the email address contains more than 64 characters
  • NC-18940: [Authentication] access_server crash when multiple users log in at the same time
  • NC-18733: [Base System, License] UTM9 to SF – Eval to full license migration fails in one of two possible user flows
  • NC-13297: [Base System] Appliance certificate is invalid after import .xml file.
  • NC-16623: [Base System] Firmware install message shows "undefined" string instead of firmware display version on GUI
  • NC-16660: [Base System] CCL details XML information not displaying for Sandbox Events on System Service > Log Settings
  • NC-17339: [Base System] Hotspot with voucher and full customization can't be created
  • NC-17393: [Base System] Eval registration from a SG appliance results in multiple registration requests
  • NC-17545: [Base System] Interface names are not correct for 4-Port 10G module with CR200iNG-XP/CR300iNG-XP appliances
  • NC-17753: [Base System] User not displayed in correct format in log-viewer in case of email sandbox
  • NC-18497 : [Base System] XG Home subscription - RAM in some corner cases gets Limited to 4GB than 6GB
  • NC-18830: [Base System] Appliance certificate's issuer CA not present resulting in not able to download SSL client from user portal
  • NC-3719: [Base System] VPN IPSec connection name length increase from 50 to 100
  • NC-8998: [Base System] During memtest from SFLoader, units don't reboot by pressing ESC button
  • NC-18485: [CR-to-CN_Migration] Migration failed from CR 10.6.5-050 to SF 16.05.3-MR3
  • NC-17334: [Certificates] Certificate Authority can not be deleted in specific scenario
  • NC-13570: [Clientless Access(HTTP/HTTPS)] Clientless Web Access: Site access issue with 'Restrict Web Application ON' in policy
  • NC-18639: [DDNS] IP not getting updated in case of NATed IP address using Sophos DDNS
  • NC-15754: [Date/Time Zone] Time Zone changes for Russia
  • NC-13855: [Firewall] CCL link not displaying for device access from group level and device level
  • NC-16484: [Firewall] Kernel Panic on 'IPSET -L' when host have more than 600 IPs
  • NC-16819: [Firewall] Device becomes inaccessible after deleting Business Policy rule
  • NC-17042: [Firewall] "Log Firewall Traffic" is unchecked in firewall rule but visible in log viewer
  • NC-17420: [Firewall] Unable to set proxy port as 80
  • NC-18425: [Firewall] In WAN to LAN rule firewall drop and reject doesn't work for HTTP and HTTPS traffic<br />
  • NC-18618: [Firewall] Update of custom zone shows error "Record does not exist" on zone page when "Any" interface not bound with zone
  • NC-18844: [Firewall] Local ACL exception rule export-import fails
  • NC-18880: [Firewall] Existing iptables traffic redirection chains not removed when web proxy listening port is updated
  • NC-18709: [HA] All timers disabled in primary appliance (HA A-A )
  • NC-17806: [Hotspot] Voucher creation fails if the description includes ' or " sign
  • NC-17878: [Hotspot] Remove TLS v1.0 and DES/3DES/RC4 cipher algorithm from Hotspot login page
  • NC-16862: [IPS] Default CA blank because of company name more than chars(50)
  • NC-17561: [IPS] AWS Upload consumes 100% CPU and goes down only when IPS is disabled
  • NC-18617: [IPS] IPS restarting (sometimes) while enabling ATP or on ATP policy change
  • NC-18208: [License] License does not update in Auxiliary appliance in case of standalone in HA Active-Passive mode
  • NC-18521: [License] Unable to increase virtual cores after license upgrade
  • NC-11596: [Mail Proxy] Vulnerability fix for CVE-2011-1473
  • NC-17072: [Mail Proxy] SMTP DOS max Recipients exceeds limit
  • NC-17311 : [Mail Proxy] File filter is not working if file name is very large (i.e. 1k)
  • NC-17738: [Mail Proxy] SPX encrypted PDF doesn't render properly in case of very long sender address
  • NC-17875: [Mail Proxy] SMTP service doesn't in MTA mode after switching back and forth between MTA and Legacy Mode multiple times
  • NC-18353: [Mail Proxy] Image file within compressed files not being allowed with white listing
  • NC-18493: [Mail Proxy] SMTP service (MTA mode) doesn't deliver mails when receiving and forwarding n/w are on different IP family (ipv4/ipv6)
  • NC-18548: [Mail Proxy] Sender notification not send when DPP action set as accept with SPX and SPX type as specified by recipient
  • NC-18869: [Mail Proxy] SF failing PCI compliance on port 25 due to MTA mode responding to RC4 ciphers
  • NC-18958: [Mail Proxy] System files are accessible to authenticated non-admin users
  • NC-17781: [Network Services] Static Mac-IP binding
  • NC-18696: [Network Services] 4G dongle(D-Link DWM-222) not detected
  • NC-12852: [Networking] DHCP Relay flood customer network
  • NC-18828: [RED] RED15 tunnel disconnect and data traffic is higher before disconnect
  • NC-17846: [Reporting] Not able to get reports in case of long email sender (>256)
  • NC-18769: [Reporting] Records for more than 256 character for sender/receiver should be properly displayed in PDF export
  • NC-17978: [SSLVPN] Unable to delete bridge interface when bridge host is used in SSL VPN Site to Site
  • NC-18424: [SSLVPN] SSLVPN Client fails to connect if certificate character has "ã" in the certificate attributes
  • NC-18885: [SSLVPN] Openvpn Denial of Service due to Exhaustion of Packet-ID counter (CVE-2017-7479)
  • NC-18265: [Sandstorm] SFM CCL: XML API changes missing for Sandstorm activity in System > Profiles > Device Access
  • NC-17391: [SupportAccess] SupportAccess: UMA sometimes sends "ApuPort 0" in WebadminResponse
  • NC-11775: [VPN] Import for selective configuration with "include dependent entity" failed
  • NC-18039: [VPN] IPSec services is restarting continuously
  • NC-17862: [WAF] Remote users accessing the site for the web server forwarded with WAF intermittently lose access to the site
  • NC-18923: [WAF] Segfault for HTTP1.0 requests when cookie rewriting is enabled
  • NC-18395: [Web] Not getting website category in custom message for unauthenticated blocks
  • NC-18620: [Wireless] Unable to change the encryption to TKIP or TKIP&AES, settings are reverted back to AES after saving
  • NC-18623: [Wireless] Wireless clients not able to authenticate after patches applied from NC-13982
  • NC-18628: [Wireless] Unable to change channel_width for an AP(5GHz) from cli
  • NC-18698: [Wireless] Internal AP in "W" models are broadcasting the incorrect case for country code
  • NC-18750: [Wireless] SSIDs are suddenly not broadcasted and connections are getting dropped
  • NC-18792: [Wireless] LocalWiFi - failed to configure IP address on Bridge to LAN interface if configuration is done immediately
  • NC-18960: [Wireless] Wireless network stops broadcasting on in-built Wifi Appliance models