Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiWeb 7.6.6 Release Notes
    7.6.6
    8.0.4
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.9.1
    5.8.7
    5.7.3
    5.7.0
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.6.0
    5.6.0
    5.5.7
    5.5.0
    5.5.0
    5.5.0
    5.4.0
    5.4.0
    5.4.0
    5.4.0
    5.1.0
    5.0.1
    5.0.0

    Resolved issues

    Resolved issues

    This section lists issues that have been fixed in version 7.6.6. For inquires about a particular bug, please contact Fortinet Customer Service & Support: https://support.fortinet.com

    Bug ID Description
    1215779 FortiWeb failed to resume log forwarding to FortiAnalyzer after connectivity loss. When FortiAnalyzer rebooted or an HA failover occurred, the connection was not automatically re-established due to improper OFTP session handling.
    1214406 FortiWeb returned intermittent HTTP 503 errors when processing multiple HTTP/1.1 requests over the same client connection. If consecutive requests matched different content-routing rules or backend pools, FortiWeb incorrectly reused the previous upstream connection instead of opening a new one, causing routing failures.
    1208900 FortiWeb allowed the use of weak SSH MAC algorithms umac-128-etm@openssh.com and umac-128@openssh.com. These algorithms have been removed from the supported MAC list to ensure compliance with cryptographic security standards such as PCI DSS.
    1207216 When the HTTP Header Security (HHS) module was enabled without any configured rules, FortiWeb still invoked internal data-processing routines, which caused responses such as Server-Sent Events (SSE) streams to be buffered or dropped.
    1198193 SSH login using a valid local administrator account failed, with the session disconnecting immediately despite successful event log entries. The issue occurred due to improper handling of authentication return values and public-key login behavior introduced in newer OpenSSH versions.
    1197768 FortiWeb generated incorrect event log entries for administrator login failures from untrusted hosts. When multiple administrator accounts were configured with trust host restrictions, the system logged failed login attempts under other valid usernames due to a loop error in the trust host verification logic.
    1196763 Multiple traffic outages occurred due to proxyd crashes triggered by a double-free condition in the PDF parser during AV scanning timeouts. The issue has been resolved by updating the AV engine to version 7.0.47, which adds safeguards to prevent double frees and null pointer releases during PDF decompression.
    1194449 Customized column settings in the Attack Log page were not retained when viewing archived log files. The GUI reverted to default column configurations each time a different log file was opened from Log Management.
    1179959 A proxyd crash occurred during FortiGuard signature upgrades when worker threads accessed function pointers from an unloaded signature library. During the crash, Server_RST responses were sent and traffic was temporarily dropped.
    1165918 Pasting multiple IP addresses into the Source filter field on the Attack Log page produced empty results. The filter logic did not correctly interpret pasted entries as separate values. A note has been added to the GUI log pages explaining how to manually use the OR operator when entering multiple filter conditions.
    1160087 A proxyd crash occurred during HTTP/2 traffic handling. When network instability caused the frontend and backend HTTP/2 streams to become unsynchronized, FortiWeb could still receive stream-0 data from a closed connection, leading to a crash and temporary connection resets.
    Previous
    Next

    Resolved issues

    Resolved issues

    This section lists issues that have been fixed in version 7.6.6. For inquires about a particular bug, please contact Fortinet Customer Service & Support: https://support.fortinet.com

    Bug ID Description
    1215779 FortiWeb failed to resume log forwarding to FortiAnalyzer after connectivity loss. When FortiAnalyzer rebooted or an HA failover occurred, the connection was not automatically re-established due to improper OFTP session handling.
    1214406 FortiWeb returned intermittent HTTP 503 errors when processing multiple HTTP/1.1 requests over the same client connection. If consecutive requests matched different content-routing rules or backend pools, FortiWeb incorrectly reused the previous upstream connection instead of opening a new one, causing routing failures.
    1208900 FortiWeb allowed the use of weak SSH MAC algorithms umac-128-etm@openssh.com and umac-128@openssh.com. These algorithms have been removed from the supported MAC list to ensure compliance with cryptographic security standards such as PCI DSS.
    1207216 When the HTTP Header Security (HHS) module was enabled without any configured rules, FortiWeb still invoked internal data-processing routines, which caused responses such as Server-Sent Events (SSE) streams to be buffered or dropped.
    1198193 SSH login using a valid local administrator account failed, with the session disconnecting immediately despite successful event log entries. The issue occurred due to improper handling of authentication return values and public-key login behavior introduced in newer OpenSSH versions.
    1197768 FortiWeb generated incorrect event log entries for administrator login failures from untrusted hosts. When multiple administrator accounts were configured with trust host restrictions, the system logged failed login attempts under other valid usernames due to a loop error in the trust host verification logic.
    1196763 Multiple traffic outages occurred due to proxyd crashes triggered by a double-free condition in the PDF parser during AV scanning timeouts. The issue has been resolved by updating the AV engine to version 7.0.47, which adds safeguards to prevent double frees and null pointer releases during PDF decompression.
    1194449 Customized column settings in the Attack Log page were not retained when viewing archived log files. The GUI reverted to default column configurations each time a different log file was opened from Log Management.
    1179959 A proxyd crash occurred during FortiGuard signature upgrades when worker threads accessed function pointers from an unloaded signature library. During the crash, Server_RST responses were sent and traffic was temporarily dropped.
    1165918 Pasting multiple IP addresses into the Source filter field on the Attack Log page produced empty results. The filter logic did not correctly interpret pasted entries as separate values. A note has been added to the GUI log pages explaining how to manually use the OR operator when entering multiple filter conditions.
    1160087 A proxyd crash occurred during HTTP/2 traffic handling. When network instability caused the frontend and backend HTTP/2 streams to become unsynchronized, FortiWeb could still receive stream-0 data from a closed connection, leading to a crash and temporary connection resets.
    Previous
    Next