Resolved issues
The following issues have been fixed in FortiProxy 7.0.10. For inquiries about a particular bug, please contact Customer Service & Support.
| Bug ID | Description |
|---|---|
| 746587 | WAD process crashes because acsm_cmem global object gets written through. |
| 875708 | Disable swapping for FortiProxy. |
| 884339 | Fix algo process ICAP crash issue. |
|
850683 850688 |
Console keeps displaying |
| 881697 | After an HA cluster is formed, the secondary comes back with "config file may contain errors" after a restart. |
|
871749 874932 |
WAD crash about infection cache feature. |
| 854511 | Unable to make API calls via PostmanRuntime script. |
| 883618 | New Alibaba region (SCCC) uses different region-id. |
| 883121 | HTTP transaction log does not show status code for some cached traffics. |
| 882728 | SNAT ocassionally fails on DNS requests. |
| 873656 | Failed to validate the EMS certificate which is signed by third-party CA and installed into FortiProxy. |
|
880712 882878 |
Fix WAD crash and memory leak on traffic mirror. |
|
729351 889309 |
The object allocated by wad_mem_malloc is not freed by wad_mem_free. |
|
759144 888354 |
Port incorrect IOCTL causes userspace CMDB firewall issues. |
| 873475 | No model-specific limit for licensed sessions or disk limit for VMUL model. |
|
873224 874099 |
SSL log and configuration fixes. |
| 779361 | when ftp server require non-anonymous login, it fails to walk through when av profile has outbreak-prevention. |
| 883067 | AV cache-infected-result causes false positives with incorrect dst addr. |
|
833306 884670 |
Intermittent error "Failed to retrieve FortiView data" on real-time FortiView sources and destination. |
| 872550 | Fail to create config-sync HA on GCP when heartbeat interfaces are within the same subnet range. |
|
869573 885850 885912 886579 894569 899181 899625 900736 902135 |
Fix some GUI issues. |
|
835903 842624 |
Change WAD's TCP port to delay close if datais pending on socket's write queue. |
| 889382 | When query-v1-status is disabled and custom SNMP service doesn't exist, Iptable rule is not added and SNMP v2 query generation via client fails. |
| 887321 | wAD "signal 6" crash. |
| 887560 | dnsproxy does not populate ipsets when firewall.central-snap-map and firewall.shaping-policy are updated to include FQDNs. |
| 891541 | forward-server-group config change might cause crash. |
|
885994 889991 |
Fix a few bugs in CLI configuration during upgrade. |
| 872493 | Disk logging files are cached in kernel and causes high memory usage. |
| 840549 | WAD is unable to recognize RSSO users. |
| 891696 | Fix miscalculation on request header length and no space to append body for av scan with legacy scan mode. |
| 857543 | ha-management interface config on FPX units causes the cluster to be out-of-sync. |
| 894087 | FortiAnalyzer logs of secondary devices are queued under the Active-Passive HA cluster. |
|
886145 899507 |
Failure in creating firewall.address6 FQDNs with a syscall error. |
| 889537 | WAD fails to match policy when dstintf is specified. |
|
889349 892209 |
Improve the build performance of algo daemon fast match table. |
| 889521 | Failure in creating a firewall policy with a parse error message. |
|
769955 889493 899959 |
WAD crashes in some cases. |
| 882182 | Crash on av comfort stop due to missing secure profile. |
| 842336 | Timeout when sequentially upgrading a config-sync HA cluster. |
| 888670 | Local certificate is lost following the upgrade from FortiProxy 2.0 to 7.0. |
| 894884 | Fix WAD memory leak on master secret. |
| 854918 | Changing an HA cluster from unicast to multicast requires a reboot for the cluster to re-sync. |
| 776260 | MAPI is not functional when ICAP profile is enabled. |
| 866434 | Domain fronting detection log enhancement. |
| 894755 | Fix WAD firewall policy new memory leak. |
| 893697 | Incorrect cifs file cache purge timeout causes scan issues. |
| 800850 | ICMPv6 input and routing traffic is dropped. |
| 896345 | User authenticate timeout configuration doesn't work. |
| 897421 | ha-mgmt-interfaces are not used when ha-direct is enabled. |
| 891171 | SNMP walk failed when ha-direct is enabled in the snmp community config. |
| 877239 | Forward traffic log is missing utmref for some web filter events which causes empty results in Security tab. |
|
890809 |
Requests from users in a child domain cannot match a firewall policy with user-based authentication. |
| 863854 | Lack of certificate verification when establishing secure connections with FortiGuard's map server. |
| 897409 | SNMP Traffic not responding through dedicated-to management port. |
| 898325 | HA hbdev is reset to port2 as a "default" value during upgrade. |
| 896992 | Wrong minor version number in update request. |
| 890626 | WAD worker crashes with signal 11 during NTLM authentication after changing the authentication rule from session-based to IP-based. |
|
828917 878668 895126 |
LDAP group cache issue. |
| 898503 | WAD keeps crashing during SSLVPN test. |
|
898406 |
Heap buffer overflow in SSLVPN pre-authentication. |
|
892091 |
Wrong file type and matched file type/name is missing in filefilter logs for some archived zip files. |
|
899145 |
Trusthost ipsets are not present when a wildcard exists. |
|
891777 |
"set log-http-transaction disable" option does not work. |
|
896476 898903 |
FortiProxy rejects CONNECT request with body and extra data. |
|
901191 |
Fail to display "Security" of a traffic log with utm block in GUI. |
|
883831 |
FortiProxy web cache memory leak. |
|
896048 |
Access of uninitialized pointer in vdom parameter. |
Common vulnerabilities and exposures
FortiProxy7.0.10 is no longer vulnerable to the following CVE reference. Visit https://fortiguard.com/psirt for more information.
|
Bug ID |
CVE reference |
|---|---|
|
844920 |
|
|
863855 |
|
|
N/A |
|
|
898406 |
|
|
889254 |
|
|
857368 |
|
|
803283 |