Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    7.4.0
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.5

    Resolved Issues

    Resolved Issues

    The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

    Antispam/Antivirus

    Bug ID

    Description

    867667

    SPF check is not performed before trusted MTA, when "Received" chain is broken.

    876426

    In some cases, SPF check may not work properly.

    882498

    Attachments with passwords containing a dot (.) cannot be decrypted.

    890410

    DKIM results are not recorded in the Authentication-Results header.

    896458

    Microsoft OneNote files are detected as plain/text instead of application/octet-stream by the content filter.

    859815

    In some cases, impersonation exemption may be ignored.

    904712

    Regex validator error regarding case sensitivity.

    867221

    Personal safelist is ignored if the safelisted sender typed the same naming schema of the internal user while sending the mail.

    921181

    Some phishing URLs cannot be parsed.

    902812

    Personal quarantine mail cannot be released when the mail subject is encoded.

    917444

    Multiple DMARC reports are incorrectly generated for all domains.

    923787

    In some cases, random hyperlinks may be generated after the content profile scan.

    923805

    URLs are sent to FortiSandbox despite the category is not selected in the URL filter profile.

    888653

    IPv6 IP policies are not matched when the message size is above 10MB.

    Mail Delivery

    Bug ID

    Description

    880743

    Some email may become expired in Microsoft 365 view.

    925041

    In some cases, some outgoing email are stuck in the queue.

    System

    Bug ID

    Description

    906766

    After upgrading to v7.2.3 release, the block/safe lists become invisible and uneditable.

    909330

    Timezone is not updated with the daylight saving time (DST) change.

    911143

    SMTP daemon restarts when there is an virus DB update going on.

    883012

    In HA mode, changes to the block list and safelist via webmail on the secondary unit does not take effect.

    876817

    In HA mode, some email may not be viewable or released in the centralized monitor.

    880226

    In HA mode, local mail user password change via webmail on the secondary unit does not take effect.

    880313

    Insert disclaimer action does not work for DMARC None check.

    873052

    Unable to add secondary account through API.

    900005

    Deleting email from system quarantine won't free up disk space.

    893587

    Domain admins cannot release multiple messages from the history log.

    901891

    Associated domain user data is not backed up with CLI command "execute formatmaildisk-backup".

    860445

    Unable to release email from the folders under system quarantine.

    918867

    Abnormal memory consumption increase when creating AV file signatures.

    903260

    A system reboot is required for DMARC report settings to take effect.

    921653

    The /var/spool folder is not cleaned up properly and thus causes high mail disk usage and SMTP connection rejection.

    821855

    FortiMail 3K HA running 7.0.3 won't accept configuration changes via GUI or CLI.

    Log and Report

    Bug ID

    Description

    910217

    Scheduled scan in Microsoft 365 View is not logged.

    795420

    More granular AV/AS log fields to improve search efficiency on FortiAnalyzer.

    876785

    When a new mail statistics report is created with a specific sender domain, the report may keep loading when editing.

    Admin GUI/Webmail

    Bug ID

    Description

    911598

    "Show Remote Content" does not show inline images for email in domain quarantine.

    912126

    Font viewed in webmail Sent folder is different from the font used when composing email.

    904873

    Fail to open attachments of secondary accounts.

    890913

    Domain admins cannot view release logs under release log search.

    876756

    The administrator list cannot be sorted by status (enabled or disabled).

    871670

    When admin web access is disabled, new IBE user registration page displays incorrectly.

    924193

    Characters in the system quarantine list may not be displayed properly.

    Common Vulnerabilities and Exposures

    FortiMail 7.4.0 is no longer vulnerable to the following CVE/CWE-References.

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    Description

    CVE-2022-29901:Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)

    Resolved by kernel upgrade.

    Previous
    Next

    Resolved Issues

    Resolved Issues

    The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

    Antispam/Antivirus

    Bug ID

    Description

    867667

    SPF check is not performed before trusted MTA, when "Received" chain is broken.

    876426

    In some cases, SPF check may not work properly.

    882498

    Attachments with passwords containing a dot (.) cannot be decrypted.

    890410

    DKIM results are not recorded in the Authentication-Results header.

    896458

    Microsoft OneNote files are detected as plain/text instead of application/octet-stream by the content filter.

    859815

    In some cases, impersonation exemption may be ignored.

    904712

    Regex validator error regarding case sensitivity.

    867221

    Personal safelist is ignored if the safelisted sender typed the same naming schema of the internal user while sending the mail.

    921181

    Some phishing URLs cannot be parsed.

    902812

    Personal quarantine mail cannot be released when the mail subject is encoded.

    917444

    Multiple DMARC reports are incorrectly generated for all domains.

    923787

    In some cases, random hyperlinks may be generated after the content profile scan.

    923805

    URLs are sent to FortiSandbox despite the category is not selected in the URL filter profile.

    888653

    IPv6 IP policies are not matched when the message size is above 10MB.

    Mail Delivery

    Bug ID

    Description

    880743

    Some email may become expired in Microsoft 365 view.

    925041

    In some cases, some outgoing email are stuck in the queue.

    System

    Bug ID

    Description

    906766

    After upgrading to v7.2.3 release, the block/safe lists become invisible and uneditable.

    909330

    Timezone is not updated with the daylight saving time (DST) change.

    911143

    SMTP daemon restarts when there is an virus DB update going on.

    883012

    In HA mode, changes to the block list and safelist via webmail on the secondary unit does not take effect.

    876817

    In HA mode, some email may not be viewable or released in the centralized monitor.

    880226

    In HA mode, local mail user password change via webmail on the secondary unit does not take effect.

    880313

    Insert disclaimer action does not work for DMARC None check.

    873052

    Unable to add secondary account through API.

    900005

    Deleting email from system quarantine won't free up disk space.

    893587

    Domain admins cannot release multiple messages from the history log.

    901891

    Associated domain user data is not backed up with CLI command "execute formatmaildisk-backup".

    860445

    Unable to release email from the folders under system quarantine.

    918867

    Abnormal memory consumption increase when creating AV file signatures.

    903260

    A system reboot is required for DMARC report settings to take effect.

    921653

    The /var/spool folder is not cleaned up properly and thus causes high mail disk usage and SMTP connection rejection.

    821855

    FortiMail 3K HA running 7.0.3 won't accept configuration changes via GUI or CLI.

    Log and Report

    Bug ID

    Description

    910217

    Scheduled scan in Microsoft 365 View is not logged.

    795420

    More granular AV/AS log fields to improve search efficiency on FortiAnalyzer.

    876785

    When a new mail statistics report is created with a specific sender domain, the report may keep loading when editing.

    Admin GUI/Webmail

    Bug ID

    Description

    911598

    "Show Remote Content" does not show inline images for email in domain quarantine.

    912126

    Font viewed in webmail Sent folder is different from the font used when composing email.

    904873

    Fail to open attachments of secondary accounts.

    890913

    Domain admins cannot view release logs under release log search.

    876756

    The administrator list cannot be sorted by status (enabled or disabled).

    871670

    When admin web access is disabled, new IBE user registration page displays incorrectly.

    924193

    Characters in the system quarantine list may not be displayed properly.

    Common Vulnerabilities and Exposures

    FortiMail 7.4.0 is no longer vulnerable to the following CVE/CWE-References.

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    Description

    CVE-2022-29901:Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)

    Resolved by kernel upgrade.

    Previous
    Next