Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.3
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    7.6.3
    8.0.0
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.5

    Resolved issues

    Resolved issues

    The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

    Antispam/antivirus

    Bug ID

    Description

    1133812

    In some cases, the DLP exception rule does not work properly.

    1143785

    Removed or modified file extensions are not detected by the content filter.

    1119288

    For dictionary scans with regular expressions, valid patterns sometimes did not match UTF-8 encoded subject lines.

    Email delivery

    Bug ID

    Description

    1097318

    Email with disposition 'Accept;Defer Disposition' stays in the mail queue for a long time.

    System

    Bug ID

    Description

    1137553

    Gratuitous ARP from the IP pool is not sent during HA failover.

    1141814

    Subject display issue for IBE mail using umlauts.

    1140302

    Quarantine notification, The email subject in Cyrillic characters of a quarantine notification cannot be displayed properly.

    1128095

    When uploading a safe list or block list via the REST API, it could fail with the error message Access Check Failed.

    1121575

    When a ZIP file is password-encrypted but the content profile does not have the password, sometimes FortiMail does not quarantine the file as expected, but instead submits it to FortiSandbox. This causes an error log on FortiSandbox: WARNING: Wrong password for file submission.

    1110089

    For email clients that use the RSA-OAEP key exchange algorithm, the recipient is not able to decrypt the email. Antispam logs show the error message DecrypterMediaIn: Decoded Data not valid.

    1104902

    High CPU usage during Thunderbird calendar synchronization.

    Logs and reports

    Bug ID

    Description

    1138977

    No detailed syntax error in log "4.7.0 Too many errors; closing connection".

    1122451

    IP addresses which users use when changing their credentials are not included in the relevant system event logs.

    1126312

    No logs when the admin moves email to quarantine.

    1122001

    System event logs should include the user preference configuration changes.

    Administrator GUI/webmail

    Bug ID

    Description

    1144660

    MS365 API user list view search should be case insensitive.

    1146195

    In some cases, the quarantine report template preview does not work properly.

    1142787

    Fail to open quarantined email if the folder name contains Japanese.

    Common Vulnerabilities and Exposures

    FortiMail 7.6.3 is no longer vulnerable to the following CVE/CWE-References.

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    Description
    985968

    CWE-613: Insufficient Session Expiration

    1147094

    CVE-2025-32756: Stack-based Buffer Overflow (CWE-121)
    Previous
    Next

    Resolved issues

    Resolved issues

    The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

    Antispam/antivirus

    Bug ID

    Description

    1133812

    In some cases, the DLP exception rule does not work properly.

    1143785

    Removed or modified file extensions are not detected by the content filter.

    1119288

    For dictionary scans with regular expressions, valid patterns sometimes did not match UTF-8 encoded subject lines.

    Email delivery

    Bug ID

    Description

    1097318

    Email with disposition 'Accept;Defer Disposition' stays in the mail queue for a long time.

    System

    Bug ID

    Description

    1137553

    Gratuitous ARP from the IP pool is not sent during HA failover.

    1141814

    Subject display issue for IBE mail using umlauts.

    1140302

    Quarantine notification, The email subject in Cyrillic characters of a quarantine notification cannot be displayed properly.

    1128095

    When uploading a safe list or block list via the REST API, it could fail with the error message Access Check Failed.

    1121575

    When a ZIP file is password-encrypted but the content profile does not have the password, sometimes FortiMail does not quarantine the file as expected, but instead submits it to FortiSandbox. This causes an error log on FortiSandbox: WARNING: Wrong password for file submission.

    1110089

    For email clients that use the RSA-OAEP key exchange algorithm, the recipient is not able to decrypt the email. Antispam logs show the error message DecrypterMediaIn: Decoded Data not valid.

    1104902

    High CPU usage during Thunderbird calendar synchronization.

    Logs and reports

    Bug ID

    Description

    1138977

    No detailed syntax error in log "4.7.0 Too many errors; closing connection".

    1122451

    IP addresses which users use when changing their credentials are not included in the relevant system event logs.

    1126312

    No logs when the admin moves email to quarantine.

    1122001

    System event logs should include the user preference configuration changes.

    Administrator GUI/webmail

    Bug ID

    Description

    1144660

    MS365 API user list view search should be case insensitive.

    1146195

    In some cases, the quarantine report template preview does not work properly.

    1142787

    Fail to open quarantined email if the folder name contains Japanese.

    Common Vulnerabilities and Exposures

    FortiMail 7.6.3 is no longer vulnerable to the following CVE/CWE-References.

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    Description
    985968

    CWE-613: Insufficient Session Expiration

    1147094

    CVE-2025-32756: Stack-based Buffer Overflow (CWE-121)
    Previous
    Next