Resolved issues
The following issues have been fixed in FortiProxy 7.6.3. For inquiries about a particular bug, please contact Customer Service & Support.
|
Description |
Bug ID |
|---|---|
| 1105484, 1110873, 1116906, 1117622, 1118078, 1119366, 1120458, 1122890, 1123775, 1125661, 1126935, 1133638, 1134920, 1136622, 1138133, 1138194, 1143201, 1143616, 1144162, 1144435 | GUI issues. |
| 1115120 | Incorrect service and URL in AV log when HTTP request via external proxy hit the AV infected URL cache. |
| 1107113 | SSL exempt logs "destination" and "destination-interface" fields are not correct. |
| 1118101 | ZTNA web portal should not have SSLVPN in the URL. |
| 1118107 | Non-HTTP traffic does not bypass application policy with deny and is dropped. |
| 1074460 | Crash due to buffer overflow issues related to corrupted traffic log files. |
| 1118408 | Crash when executing "dia wad license glob-usage". |
| 1111239 | The lock IP address function does not work in explicit proxy mode. |
| 1054835, 1121171 | Proxy HTTP2 single file transfer is slow when IPS/APP/SSL inspect-all is enabled. |
| 924740 | Improve WAD trace log precision of process-id-by-src filter. |
| 1121444 | Create custom SaaS applications for inline CASB causes HA to be out of sync. |
| 1120460 | Setting an Internet service as the destination in explicit web policies does not work. |
| 1120660 | Integer overflow in ZTNA web portal VNC bookmark. |
| 1126226 | FortiProxy OCR with DLP fails to block the uploading of sensitive images. |
| 1080366 | The FURL license seat does not control the inline CASB feature. |
| 1122606 | When web-auth-cookie is enabled in session-based kerberos authentication, the authentication window still appears after authentication is passed. |
| 1109469 | FortiProxy SOCKS5 traffic is denied when detect-https-in-http-request is enabled. |
| 1119389 | Explicit proxy does not work via IPsec tunnel. |
| 1103476 | License leak. |
| 1110668 | Web filter using simple URL entries does not work as expected. |
| 1118000 | Crash during authentication with OIDC when no captive portal is set. |
| 1128580 | FortiSandbox connection status shows error "Unreachable or not authorized" after upgrade to 7.6.2. |
| 1128371 | Register authentication scheme failed. |
| 1125415 | Duplicate headers in ZTNA web portal error responses. |
| 1127524 | web-proxy forward-server monitor URL does not work with HTTP scheme. |
| 1095093, 1092529 | "utmref" and "utmaction" fields are missing in forward traffic log and long-tcp sessions are missing in http-transaction traffic log. |
| 1127033 | For a policy with IP pool enabled, IP pool change does not take effect unless you disable and enable IP pool in policy. |
| 1127299 | JSON parser returns invalid results. |
| 1056498, 1075806, 1109306, 1110202 | Proxy inline IPS performance on HTTP traffic is much worse than the IPS engine. |
| 1071928 | Duplicated UTM log when log-http-transaction is enabled. |
| 1128154 | "print tablesize" returns the wrong values. |
| 1128283 | Logs that should have duration 0 sometimes show wrong values. |
| 1130067 | HTTP/2 traffic cannot pass through the explicit-policy when web filter is enabled. |
| 1131180 | Error message on console when FPX-4000E is booting. |
| 1034891 | IdP applications are failing via SWG. |
| 1129460 | On-demand sniffer interface does not support interface names with more than 7 characters. |
| 1045789, 1125827 | Dynamic address does not work in transparent policy. |
| 1129510 | WANOpt secure-tunnel negotiation failure when PSK is configured. |
| 1110321 | Close p2s session if the last response does not support keep-alive. |
| 1110904 | Unable to see logs for traffic that matches transparent policy with action DENY. |
| 1130522 | wad_p2s_http_ses always use the default port(80/443) even if there is a non-standard port in URL. |
| 1106807 | With a configuration that blocks bats.video.yahoo.com, visiting tw.sports.yahoo.com triggers HTTP2 PROTOCOL_ERROR. |
| 1123962 | diag wad policy list does not show implicit deny/allow policy. |
| 985311, 1121357, 1110850 | X-Forwarded-For header in webfilter log and "exec tac report" trace on console. |
| 1133565 | Password protected msofficex and msoffice files are bypassed when encrypted-file is set to inspect. |
|
1127004 |
No automatic refresh for OIDC server, causing error state and recovery issues which can only be fixed by manually restarting the FortiProxy or updating the config. |
| 1112756 | Incorrect ztna-proxy and explicit-proxy policy byte information. |
| 1127352 | Inline IPS generates duplicate and conflicting app control logs with app list configured to block category 23. |
| 1126749 | Duplicate session ID in traffic logs across different connections. |
| 1134204 | JSON delete/detach/replace is not case-sensitive on object key. |
| 1126862 | Traffic is passed by transparent deny policy when log-http-transaction is enabled. |
| 1137505 |
If the LDAP returns a user with group "a", it will match group "a1", "a2", which is incorrect. |
| 1102925, 1118853, 1127366, 1131558, 1132833 | WAD memory continuous increase due to memory leak. |
| 1096529 | WAD crash at wad_ctrl_workers_close_ips_db once. |
| 1135706, 1135863 | Domain matching issue caused by the "include_subdomains" flag not being initialized in some cases. |
|
1138575 |
ZTNA webportal logout does not clear the session's authentication state. |
|
1135253 |
OIDC should not print client_secret and access_token in log. |
|
1135709 |
IP set is unable to handle maximum external resource size. |
|
1125699 |
Inline IPS PCRE pattern matching issues. |
|
1102796 |
Passive proxy member send LDAP requests to the LDAP servers. |
|
1104821 |
WAD has signal 6 crash at wad_ftp_data_session_make. |
|
1121249 |
CASB fails to block the HTTP request when CASB profile is enabled and the header name is a known header like "Accept", "Content-type", "User-Agent", or "Host" set header-name "user-agent". |
|
1134310 |
SSL exemption does not work when the policy is a partial match. |
|
1133422 |
Authentication challenge does not appear when authentication scheme is set to "form" in web portal settings. |
|
1138209 |
Automatic firmware update should be disabled by default. |
|
1140047 |
Local user authentication fails when the authentication scheme includes both LDAP and local user DB. |
|
1012742 |
With fast-policy-match enabled, proxy fails to match policy for traffic with SD-WAN logical interface index. |
|
1135096 |
In HTTP transaction log, when certificate inspection is set, the URL filed lost protocol information if traffic passes through. |
|
1139414 |
WAD signal 11 crash with "wad_mem_free". |
|
1111368, 1129196, 1142863 |
Source IPs are banned without any quarantine features enabled. |
|
1141119 |
FortiProxy deletes a physical port during installation. |
|
1142196 |
Cannot perform DNS lookup in transparent policy mode unless a DNS server is specified. |
|
1070388 |
FortiProxy does not respond to an ICMP request from directly connected interfaces. |
|
1144280 |
HA becomes out-of-sync after upgrading and requires a reboot to force it to sync again. |
|
1136537 |
Partial WAD crash logs are shown when verifying WAD memory statistics. |
|
1121655 |
WAD http2 engine: integer overflow in wad_h2_learn_pad_opt. |
Common vulnerabilities and exposures
FortiProxy 7.6.3 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.
|
Bug ID |
CVE reference |
|---|---|
|
1125742 |
|
|
1120660 |
|
|
1125742 |
|
|
1194891 |