Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 1.9.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiPAM 1.9.0 Release Notes
    1.9.0
    1.9.0
    1.8.2
    1.8.1
    1.8.0
    1.7.2
    1.7.1
    1.7.0
    1.6.2
    1.6.1
    1.6.0
    1.5.1
    1.5.0
    1.4.3
    1.4.2
    1.4.1
    1.4.0
    1.3.1
    1.3.0
    1.2.0
    1.1.2
    1.1.1
    1.1.0
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    Resolved issues

    Resolved issues

    The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please contact Technical Support within the FortiCare portal.

    Secret/Launch

    Bug ID

    Description
    1243034 Change "Username" and "Password" in default template of "Windows Machine" from Required to Optional.
    1200794 Network mapping using secret probing on FortiPAM.

    1268756

    Explicit Web Proxy Certificate Import GUI vs CLI bevhaviour.

    1198058

    Web launcher is disabled after importing secret.

    1256560

    AV-profile is removed when attempting to save changes.

    1239711

    Customized resolution on Web RDP not available when accessing secrets from the secrets details page.

    1237851

    Replace Web Credential on Proxy does not work with Associated Secret enabled.

    1238033

    Error message "Unable to launch secret, request too frequently" when using a native launcher.

    1193572

    FortiPAM gateway access control.

    1228329

    Slow web SMB/SFTP file upload speed (1Mbps).

    1237849

    Add URL decode in the gateway info handler.

    1050328

    Approver unable to revoke the secret.

    1273260

    Secret Password Changer Fails for Azure AD web-api password changer.

    1276453

    Domain field does not accept domains starting with a number.

    System/Log

    Bug ID

    Description

    1257731

    SFTP Config Backup to a remote server does not work.

    1263941

    No secret logs are send through syslog in version 1.8.0 nor 1.8.1.

    1253814

    Unable to view the logs on the FortiPAM when secretgrp set to custom.

    1263843

    FortiPAM HA synchronization issue caused by some fields missing in the EMS tag.

    1260462

    HA out of sync because secret target cannot be added into the secondary due to duplicate.

    1235477

    Changing to concurrent license causes FortiPAM to deny all logins via GUI.

    1279383

    Stack Buffer Overflow in Log Report.

    Others

    Bug ID

    Description

    1243837

    FortiPAM 1100G/3100G chassis UID button does not function.

    1246179

    SSL-VPN Reflected XSS.

    1201838

    Stack buffer overflow in CLI.

    1217886

    port FortiOS bug fix for potential html injection.

    1242213

    Arbitrary file write via /api/usrbwl and /api/usrbwlqry endpoints.

    1241847

    Fabric connector with EMS 7.4.5 no longer works.

    1256882

    Agentless only not working on Edge/Chrome.

    1242162

    Evaluate path in "exec usb-disk delete" command.

    1274827

    API return code when querying target might be incorrect.

    1275950

    Wrong API return code for /api/v2/utility/id.

    Common Vulnerabilities and Exposures

    Bug ID

    CVE references

    1055670

    FortiPAM is no longer vulnerable to the following CVE-Reference(s):

    • CVE-2024-3596

    Visit https://fortiguard.com/psirt for more information.

    Previous
    Next

    Resolved issues

    Resolved issues

    The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please contact Technical Support within the FortiCare portal.

    Secret/Launch

    Bug ID

    Description
    1243034 Change "Username" and "Password" in default template of "Windows Machine" from Required to Optional.
    1200794 Network mapping using secret probing on FortiPAM.

    1268756

    Explicit Web Proxy Certificate Import GUI vs CLI bevhaviour.

    1198058

    Web launcher is disabled after importing secret.

    1256560

    AV-profile is removed when attempting to save changes.

    1239711

    Customized resolution on Web RDP not available when accessing secrets from the secrets details page.

    1237851

    Replace Web Credential on Proxy does not work with Associated Secret enabled.

    1238033

    Error message "Unable to launch secret, request too frequently" when using a native launcher.

    1193572

    FortiPAM gateway access control.

    1228329

    Slow web SMB/SFTP file upload speed (1Mbps).

    1237849

    Add URL decode in the gateway info handler.

    1050328

    Approver unable to revoke the secret.

    1273260

    Secret Password Changer Fails for Azure AD web-api password changer.

    1276453

    Domain field does not accept domains starting with a number.

    System/Log

    Bug ID

    Description

    1257731

    SFTP Config Backup to a remote server does not work.

    1263941

    No secret logs are send through syslog in version 1.8.0 nor 1.8.1.

    1253814

    Unable to view the logs on the FortiPAM when secretgrp set to custom.

    1263843

    FortiPAM HA synchronization issue caused by some fields missing in the EMS tag.

    1260462

    HA out of sync because secret target cannot be added into the secondary due to duplicate.

    1235477

    Changing to concurrent license causes FortiPAM to deny all logins via GUI.

    1279383

    Stack Buffer Overflow in Log Report.

    Others

    Bug ID

    Description

    1243837

    FortiPAM 1100G/3100G chassis UID button does not function.

    1246179

    SSL-VPN Reflected XSS.

    1201838

    Stack buffer overflow in CLI.

    1217886

    port FortiOS bug fix for potential html injection.

    1242213

    Arbitrary file write via /api/usrbwl and /api/usrbwlqry endpoints.

    1241847

    Fabric connector with EMS 7.4.5 no longer works.

    1256882

    Agentless only not working on Edge/Chrome.

    1242162

    Evaluate path in "exec usb-disk delete" command.

    1274827

    API return code when querying target might be incorrect.

    1275950

    Wrong API return code for /api/v2/utility/id.

    Common Vulnerabilities and Exposures

    Bug ID

    CVE references

    1055670

    FortiPAM is no longer vulnerable to the following CVE-Reference(s):

    • CVE-2024-3596

    Visit https://fortiguard.com/psirt for more information.

    Previous
    Next