Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.4
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    7.6.4
    8.0.0
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.5

    Resolved issues

    Resolved issues

    The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

    Antispam/antivirus

    Bug ID

    Description

    1165264

    Embedded URLs in PDF attachments were not detected.

    1172602

    Files with EMF file extension were incorrectly detected as application/zip files.

    1163240

    Email with image attachments were blocked by the content profile as password-protected files.

    1184804

    Wrong MIME type detections occurred.

    1183090

    JPEG files were incorrectly detected as RAR files.

    1200245

    When sender address rate control reaches the limit and some email are in the FortiSandbox queue , FortiMail received NoResult from FortiSandbox.

    1199314

    Invisible malicious URLs could not be detected.

    1191454

    Replacement message action in the content profile action did not work properly.

    1194912

    SPF check failed due to unknown modifiers.

    1189764

    Decompressed files with large file size were not scanned nor sent to quarantine.

    Email delivery

    Bug ID

    Description

    1180692

    Opening encrypted email notification links failed after going through a third-party security inspection.

    1191404

    Header From: value was missing.

    110142

    In some cases, email was modified even though Deliver to original host was set to Unmodified copy.

    System

    Bug ID

    Description

    1160450

    When generating a certificate signing request (CSR), FortiMail did not add the X509.3 Subject Alternative Name (SAN) extension to the request.

    1164834

    In HA mode, after upgrading to FortiMail 7.6.3, the HA pair was out of synchronization.

    1163747

    High CPU usage was caused by mailfilterd.

    1181505

    High CPU usage without known reasons.

    1209753

    High CPU usage caused by DLP profiles.

    1186768

    IP address with port number was not supported in email archiving destinations.

    1173175

    Legitimate email was caught by intelligent analysis.

    1182035

    In HA mode, in some cases, a block list entry could be missing.

    1195444

    In FIPS-CC mode, non-approved and non-certified algorithms and TLS versions must be disabled for LDAPS.

    1198879

    In FIPS-CC mode, non-approved and non-certified algorithms must be disabled for IBE, S/MIME, and SNMPv3

    1181436

    Some disclaimer variables did not work properly.

    1161849

    After upgrading FortiMail 7.4.3 to 7.6.3, the system crashed intermittently with the error message Failed to boot default entries.

    1197184

    In some cases, changing banned words or dictionary profiles caused a system freeze.

    1189587

    UNSEEN error was returned from FortiSandbox.

    Logs and reports

    Bug ID

    Description

    1168320

    Database error executing message appeared in antispam logs.

    1157617

    In some cases, the miglogd process could run in a dead loop.

    Administrator GUI/webmail

    Bug ID

    Description

    1198315

    Older JQuery-UI version was used.

    1176950

    Under Security > URL Filter > Profile, the total number of references did not display correctly.

    1196837

    In FortiMail webmail, encrypted email for Zoom session links was replaced with an ICS file attachment.

    1194351

    Character T and Z appeared in the FortiMail clawback timestamp for the Quarantine Summary email template.

    1195458

    A report with a comma ( , ) in its name could not be generated or deleted.

    Common Vulnerabilities and Exposures

    FortiMail 7.6.4 is no longer vulnerable to the following CVE/CWE-References.

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    Description

    1189174

    CWE-358: Improperly Implemented Security Check for Standard

    1174554

    CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

    1173145

    CWE-312: Cleartext Storage of Sensitive Information

    1173144

    CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

    1169607

    CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    1130313

    CVE-2025-26466: Pre-authentication Denial of Service attack in OpenSSH
    Previous
    Next

    Resolved issues

    Resolved issues

    The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

    Antispam/antivirus

    Bug ID

    Description

    1165264

    Embedded URLs in PDF attachments were not detected.

    1172602

    Files with EMF file extension were incorrectly detected as application/zip files.

    1163240

    Email with image attachments were blocked by the content profile as password-protected files.

    1184804

    Wrong MIME type detections occurred.

    1183090

    JPEG files were incorrectly detected as RAR files.

    1200245

    When sender address rate control reaches the limit and some email are in the FortiSandbox queue , FortiMail received NoResult from FortiSandbox.

    1199314

    Invisible malicious URLs could not be detected.

    1191454

    Replacement message action in the content profile action did not work properly.

    1194912

    SPF check failed due to unknown modifiers.

    1189764

    Decompressed files with large file size were not scanned nor sent to quarantine.

    Email delivery

    Bug ID

    Description

    1180692

    Opening encrypted email notification links failed after going through a third-party security inspection.

    1191404

    Header From: value was missing.

    110142

    In some cases, email was modified even though Deliver to original host was set to Unmodified copy.

    System

    Bug ID

    Description

    1160450

    When generating a certificate signing request (CSR), FortiMail did not add the X509.3 Subject Alternative Name (SAN) extension to the request.

    1164834

    In HA mode, after upgrading to FortiMail 7.6.3, the HA pair was out of synchronization.

    1163747

    High CPU usage was caused by mailfilterd.

    1181505

    High CPU usage without known reasons.

    1209753

    High CPU usage caused by DLP profiles.

    1186768

    IP address with port number was not supported in email archiving destinations.

    1173175

    Legitimate email was caught by intelligent analysis.

    1182035

    In HA mode, in some cases, a block list entry could be missing.

    1195444

    In FIPS-CC mode, non-approved and non-certified algorithms and TLS versions must be disabled for LDAPS.

    1198879

    In FIPS-CC mode, non-approved and non-certified algorithms must be disabled for IBE, S/MIME, and SNMPv3

    1181436

    Some disclaimer variables did not work properly.

    1161849

    After upgrading FortiMail 7.4.3 to 7.6.3, the system crashed intermittently with the error message Failed to boot default entries.

    1197184

    In some cases, changing banned words or dictionary profiles caused a system freeze.

    1189587

    UNSEEN error was returned from FortiSandbox.

    Logs and reports

    Bug ID

    Description

    1168320

    Database error executing message appeared in antispam logs.

    1157617

    In some cases, the miglogd process could run in a dead loop.

    Administrator GUI/webmail

    Bug ID

    Description

    1198315

    Older JQuery-UI version was used.

    1176950

    Under Security > URL Filter > Profile, the total number of references did not display correctly.

    1196837

    In FortiMail webmail, encrypted email for Zoom session links was replaced with an ICS file attachment.

    1194351

    Character T and Z appeared in the FortiMail clawback timestamp for the Quarantine Summary email template.

    1195458

    A report with a comma ( , ) in its name could not be generated or deleted.

    Common Vulnerabilities and Exposures

    FortiMail 7.6.4 is no longer vulnerable to the following CVE/CWE-References.

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    Description

    1189174

    CWE-358: Improperly Implemented Security Check for Standard

    1174554

    CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

    1173145

    CWE-312: Cleartext Storage of Sensitive Information

    1173144

    CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

    1169607

    CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    1130313

    CVE-2025-26466: Pre-authentication Denial of Service attack in OpenSSH
    Previous
    Next