SFOS 17.5 MR9 (doporučení)
Společnost Sophos vydala SFOS v17.5.9 MR9 pro Sophos XG Firewall . Zpočátku bude firmware k dispozici manuálním stažením z účtu MySophos. Firmware bude nejprve zpřístupněn prostřednictvím automatické aktualizace pro část zákazníků, a poté pro všechny.
Update jsme již otestovali a všem našim zákazníkům doporučujeme jeho instalaci.
Vyřešené problémy:
- NC-45755 [Authentication] Delayed/timeout for login when users authenticated remotely
- NC-46473 [Authentication] Constant login/logout of users
- NC-46591 [Authentication] Guest user registration is not working if username is not based on cell number
- NC-47038 [Authentication] Password complexity alert on dashboard remains after setting strong password
- NC-47933 [Authentication] Chromebook log files not rotating
- NC-49930 [Authentication] Access server service is restarting with coredump
- NC-49677 [Backup-Restore] tmp partition gets full with backup intended for Central synchronization
- NC-46118 [CSC] Not possible to edit business application rule
- NC-49648 [CSC] API Get BridgePair requests sometimes report incorrectly „No. of records Zero.“
- NC-47884 [Email] Mail notification stops working after migrating from CROS to SFOS
- NC-48092 [Email] IPReputation Service shows as stopped on dashboard when Email and WAF module not subscribed
- NC-50528 [Email] Patch Exim (CVE-2019-15846)
- NC-47512 [Firewall] IP-list in DNAT rule does not work if service object contains TCP & UDP port combination
- NC-48803 [Firewall] Virtual Host update is calling on every FQDN IP update even its not used in virtual host configuration
- NC-50222 [Firewall] Firewall rule position display is incorrect on rule deletion
- NC-51079 [Firewall] Invalid traffic config takes effect only after reboot – Garner flooded with firewall dropping events
- NC-51181 [Firewall] Invalid messagid(0) log being sent to garner from pktcapd
- NC-50191 [Firmware Management] Device rebooting continuously while boot with SFOS firmware version after migration from CROS
- NC-51607 [Firmware Management] Smaller devices in HA are not able to migrate to v18.0
- NC-47546 [HA] Delay in routing traffic during HA failover when interfaces without an IP address are configured
- NC-50786 [Interface Management] Webadmin Interface page with lots of devices stops loading after 7 minutes
- NC-46908 [IPS Engine] IPS double free or corruption (!prev): 0x000000000a9c69e0
- NC-45317 [IPsec] Overload protection for IPsec IKE daemon
- NC-46550 [L2TP] L2TP disconnects after rekey and doesn’t reconnect
- NC-44124 [Licensing] Registration page shows up in HA setup after upgrading to 17.5 to 17.5 MR1
- NC-33302 [Logging Framework] HttpProxy Dead-Epoll worker coredump
- NC-47183 [Logging Framework] Reports in Control Center shown with delay
- NC-48106 [Logging Framework] XG85 – /tmp partition fills up
- NC-50024 [Logging Framework] Improper input validation in email notification after failed login (Webadmin, SSH, …)
- NC-50127 [Logging Framework] Garner coredump in HA setup at handle_sync_input
- NC-50493 [Logging Framework] S2S IPsec logging in LogViewer is inconsistent
- NC-49273 [Reporting] Filtering on blocked user activities not working as expected
- NC-47823 [SecurityHeartbeat] heartbeatd libssl segfaults
- NC-48453 [SecurityHeartbeat] When heartbeat switch is toggled, in UI SAC switch is not updated
- NC-49791 [SecurityHeartbeat] Heartbeat status not behaving as expected when the client machine has multiple IPs
- NC-49852 [SFM-SCFM] SSH got exposed on XG after new firewall rule is pushed from SFM
- NC-43977 [UI Framework] Incorrect message shown after disabling/enabling any device access services in Central Firewall UI
- NC-30827 [WAF] Double quotes in site path rules breaks WAF when reverse authentication is used
- NC-49251 [WAF] Newly created duplicate WAF policy not taking precedence
- NC-49777 [WAF] Frontend realm and cookie secret not unique for default authentication profiles
- NC-49906 [WAF] Limited cross-site scripting in mod_proxy (CVE-2019-10092)
- NC-50172 [Web] Conform to Apple’s new certificate requirements (awarrenhttp)
- NC-47617 [Wireless] API – ‚update‘ operation does not work
- NC-47975 [Wireless] Remove/Disable simplified bridge does not work
- NC-48628 [Wireless] TX/RX UI values are mixed up for 2.4Ghz network
Více informací o aktualizaci naleznete na stránkách Sophos.