Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiWeb 7.6.7 Release Notes
    7.6.7
    8.0.4
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.9.1
    5.8.7
    5.7.3
    5.7.0
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.6.0
    5.6.0
    5.5.7
    5.5.0
    5.5.0
    5.5.0
    5.4.0
    5.4.0
    5.4.0
    5.4.0
    5.1.0
    5.0.1
    5.0.0

    Resolved issues

    Resolved issues

    This section lists issues that have been fixed in version 7.6.7. For inquires about a particular bug, please contact Fortinet Customer Service & Support: https://support.fortinet.com

    Bug ID Description
    1247700 In True Transparent Proxy (TTP) mode, random members are dropped from server pools due to index corruption, specifically unsafe server slot reuse and index validation errors during configuration reloads. This mismanagement in the proxy engine occurs when a pool member is modified, resulting in traffic bypassing security policies and backend servers presenting certificates directly to clients.
    1244764 "FortiWeb DLDB is unauthorized" event logs are incorrectly generated on devices without a Data Leak Prevention (DLP) license. This issue results from the update daemon attempting to validate the Data Leakage Database (DLDB) contract status and logging a failure despite the service not being purchased or enabled.
    1243541 In monitor mode, high memory usage occurs within the proxyd process when the HTTP Protocol Constraint (HPC) module encounters malformed requests. This depletion of system memory is caused by the HPC module triggering custom error responses for abnormal traffic while the proxy engine fails to parse or release the response context under monitor mode constraints.
    1237459 IP group imports through the GUI fail without a visible error message when the destination group name contains spaces. This issue occurs because the CGI API incorrectly parses the management key (mkey) as only the first string before the whitespace rather than the full name, causing the system to attempt the import on a non-existent group.
    1237071 Automation stitches configured to trigger based on specific Attack Log signature IDs fail to execute or send notifications. This failure is caused by a matching logic error within the automation daemon that prevents the stitch from correctly identifying and responding to individual signature ID matches, even when the signature is correctly logged in the system.
    1236889 The GUI incorrectly displays a "Cipher must be selected" error when users attempt to change or save the SSL Ciphers Group in a server policy. This validation error occurs because the web interface mistakenly requires entries to be present in the Customized encryption level list, even when a predefined or custom SSL Ciphers Group is already selected and enabled.
    1236073 Remote TACACS+ users are restricted to a maximum of 16 assigned Administrative Domains (ADOMs). This limit prevents administrators from granting access to all required domains in large-scale deployments, such as MSSP environments. While the CLI enforces this 16-entry maximum, the GUI fails to provide a corrective warning when the limit is exceeded.
    1233160 After a reboot triggered by operations such as applying a new VM license, the admin account password could be reset to the default value, and in some cases remote administrator entries were removed. The issue was caused by the configuration save process incorrectly restoring the admin user during cmf_write_all_config.
    1232851 URL rewrite rules fail to modify response headers, such as the Location header, when the server response body is empty. This issue occurs because the URL rewrite module incorrectly blocks all rewrite operations for responses with a body size of zero, preventing necessary header transformations (e.g., rewriting HTTP to HTTPS) even when the regex patterns match successfully.
    1232808 Periodic CPU spikes occur during background Redis data persistence, particularly in high-traffic environments. This performance degradation is caused by the RDB compression mechanism consuming excessive CPU resources while saving client management data to disk. These intermittent spikes can reach critical levels on the primary unit in HA clusters, leading to resource exhaustion.

    1228318

    Report generation could stall at 1% due to a crash in the reportd process when processing Attack Details data.

    1228155

    In certain cases, the Web Vulnerability Scan (WVS) runtime directory was initialized in an incorrect filesystem path (/var/log/lib/ rather than /var/log/wvs/). When this occurred, the WVS engine could not locate required working files, resulting in scan-startup failures, template-creation errors, and “Internal Server Error” responses when accessing Web Vulnerability Scan > Scan History.

    1226243

    FortiWeb experienced high memory consumption due to a memory leak in proxyd. The module did not release svrnm_sess_hash and associated SNI domain data during SSL context cleanup, causing heap growth over time.

    1225626

    Remote administrator logins using RADIUS experienced GUI failures. In HA mode, the secondary unit rejected API calls because the access profile name was not passed correctly, causing the GUI to log out when loading HA Topology. An input-validation error also caused widget actions to fail.

    1224444

    In some deployments using 10-Gbps i40e interfaces, a link-down event on one v-zone member did not propagate to the other port. Although FortiWeb reported the interface as down, the physical link remained active, preventing expected failover behavior. The issue was caused by the i40e driver not bringing down the PHY on interface close. The driver has been updated to ensure v-zone members drop link correctly when any member fails.

    1222647

    When the Login Disclaimer banner is enabled, the GUI becomes inaccessible and returns an ERR_EMPTY_RESPONSE error. The issue occurs due to a null pointer condition during cookie handling in the login disclaimer process.

    Important: FIPS users are advised not to upgrade to this release, as the login disclaimer cannot be disabled in FIPS mode. Upgrading under these conditions results in loss of GUI access, leaving only SSH and console access available.

    1220604

    In True Transparent Proxy (TTP) mode, significant latency occurs during OCSP and TSP traffic forwarding, leading to client timeouts. This delay is caused by a processing bottleneck in the URL record module, where the proxy engine stalls while managing a large SQLite3 database of learned URLs. Under high-volume traffic, this database interaction prevents the timely transfer of packets between frontend and backend interfaces.

    1217916

    The proxyd process crashes during HA failover or execute ha manage operations due to a double-finalization of SQLite statements during URL record database initialization. This memory corruption occurs when sqlite3_prepare() fails and the system attempts to manually finalize an already invalid statement pointer, leading to a segmentation fault and service disruption on the secondary unit.

    1215779

    OFTP log forwarding did not resume after the connection to FortiAnalyzer was disrupted. The OFTP client failed to re-establish the transport session following events such as a FortiAnalyzer reboot or HA role change, leaving the session in a persistent “not ready” state and causing logs to remain queued rather than forwarded.

    1212635

    The proxyd process became unresponsive due to a client-management operation that performed slow Redis writes while holding a lock. This caused the proxy to hang, preventing traffic from being processed until the unit rebooted or failed over.

    1209339

    FortiWeb failed to authenticate administrators using FortiCloud SSO on some appliances with identical firmware. The SAML login process stopped due to missing certificate handling, preventing completion of the FortiCloud SSO flow.

    1207216

    When the HTTP Header Security (HHS) module was enabled with no rules configured, FortiWeb continued to buffer response data, which caused Server-Sent Events (SSE) responses to be dropped.

    1200770

    FortiWeb reset HTTP/2 requests when content routing was enabled. Under high HTTP/2 request rates, the Session Management module incorrectly counted individual requests as separate TCP connections, causing the request counter to accumulate and triggering period-block actions. This resulted in unexpected connection resets for all routed hosts.

    1194449

    Customized column settings in the Attack Log page were not retained when viewing archived log files. Opening logs through Log Management caused the column configuration to revert to default.
    Previous
    Next

    Resolved issues

    Resolved issues

    This section lists issues that have been fixed in version 7.6.7. For inquires about a particular bug, please contact Fortinet Customer Service & Support: https://support.fortinet.com

    Bug ID Description
    1247700 In True Transparent Proxy (TTP) mode, random members are dropped from server pools due to index corruption, specifically unsafe server slot reuse and index validation errors during configuration reloads. This mismanagement in the proxy engine occurs when a pool member is modified, resulting in traffic bypassing security policies and backend servers presenting certificates directly to clients.
    1244764 "FortiWeb DLDB is unauthorized" event logs are incorrectly generated on devices without a Data Leak Prevention (DLP) license. This issue results from the update daemon attempting to validate the Data Leakage Database (DLDB) contract status and logging a failure despite the service not being purchased or enabled.
    1243541 In monitor mode, high memory usage occurs within the proxyd process when the HTTP Protocol Constraint (HPC) module encounters malformed requests. This depletion of system memory is caused by the HPC module triggering custom error responses for abnormal traffic while the proxy engine fails to parse or release the response context under monitor mode constraints.
    1237459 IP group imports through the GUI fail without a visible error message when the destination group name contains spaces. This issue occurs because the CGI API incorrectly parses the management key (mkey) as only the first string before the whitespace rather than the full name, causing the system to attempt the import on a non-existent group.
    1237071 Automation stitches configured to trigger based on specific Attack Log signature IDs fail to execute or send notifications. This failure is caused by a matching logic error within the automation daemon that prevents the stitch from correctly identifying and responding to individual signature ID matches, even when the signature is correctly logged in the system.
    1236889 The GUI incorrectly displays a "Cipher must be selected" error when users attempt to change or save the SSL Ciphers Group in a server policy. This validation error occurs because the web interface mistakenly requires entries to be present in the Customized encryption level list, even when a predefined or custom SSL Ciphers Group is already selected and enabled.
    1236073 Remote TACACS+ users are restricted to a maximum of 16 assigned Administrative Domains (ADOMs). This limit prevents administrators from granting access to all required domains in large-scale deployments, such as MSSP environments. While the CLI enforces this 16-entry maximum, the GUI fails to provide a corrective warning when the limit is exceeded.
    1233160 After a reboot triggered by operations such as applying a new VM license, the admin account password could be reset to the default value, and in some cases remote administrator entries were removed. The issue was caused by the configuration save process incorrectly restoring the admin user during cmf_write_all_config.
    1232851 URL rewrite rules fail to modify response headers, such as the Location header, when the server response body is empty. This issue occurs because the URL rewrite module incorrectly blocks all rewrite operations for responses with a body size of zero, preventing necessary header transformations (e.g., rewriting HTTP to HTTPS) even when the regex patterns match successfully.
    1232808 Periodic CPU spikes occur during background Redis data persistence, particularly in high-traffic environments. This performance degradation is caused by the RDB compression mechanism consuming excessive CPU resources while saving client management data to disk. These intermittent spikes can reach critical levels on the primary unit in HA clusters, leading to resource exhaustion.

    1228318

    Report generation could stall at 1% due to a crash in the reportd process when processing Attack Details data.

    1228155

    In certain cases, the Web Vulnerability Scan (WVS) runtime directory was initialized in an incorrect filesystem path (/var/log/lib/ rather than /var/log/wvs/). When this occurred, the WVS engine could not locate required working files, resulting in scan-startup failures, template-creation errors, and “Internal Server Error” responses when accessing Web Vulnerability Scan > Scan History.

    1226243

    FortiWeb experienced high memory consumption due to a memory leak in proxyd. The module did not release svrnm_sess_hash and associated SNI domain data during SSL context cleanup, causing heap growth over time.

    1225626

    Remote administrator logins using RADIUS experienced GUI failures. In HA mode, the secondary unit rejected API calls because the access profile name was not passed correctly, causing the GUI to log out when loading HA Topology. An input-validation error also caused widget actions to fail.

    1224444

    In some deployments using 10-Gbps i40e interfaces, a link-down event on one v-zone member did not propagate to the other port. Although FortiWeb reported the interface as down, the physical link remained active, preventing expected failover behavior. The issue was caused by the i40e driver not bringing down the PHY on interface close. The driver has been updated to ensure v-zone members drop link correctly when any member fails.

    1222647

    When the Login Disclaimer banner is enabled, the GUI becomes inaccessible and returns an ERR_EMPTY_RESPONSE error. The issue occurs due to a null pointer condition during cookie handling in the login disclaimer process.

    Important: FIPS users are advised not to upgrade to this release, as the login disclaimer cannot be disabled in FIPS mode. Upgrading under these conditions results in loss of GUI access, leaving only SSH and console access available.

    1220604

    In True Transparent Proxy (TTP) mode, significant latency occurs during OCSP and TSP traffic forwarding, leading to client timeouts. This delay is caused by a processing bottleneck in the URL record module, where the proxy engine stalls while managing a large SQLite3 database of learned URLs. Under high-volume traffic, this database interaction prevents the timely transfer of packets between frontend and backend interfaces.

    1217916

    The proxyd process crashes during HA failover or execute ha manage operations due to a double-finalization of SQLite statements during URL record database initialization. This memory corruption occurs when sqlite3_prepare() fails and the system attempts to manually finalize an already invalid statement pointer, leading to a segmentation fault and service disruption on the secondary unit.

    1215779

    OFTP log forwarding did not resume after the connection to FortiAnalyzer was disrupted. The OFTP client failed to re-establish the transport session following events such as a FortiAnalyzer reboot or HA role change, leaving the session in a persistent “not ready” state and causing logs to remain queued rather than forwarded.

    1212635

    The proxyd process became unresponsive due to a client-management operation that performed slow Redis writes while holding a lock. This caused the proxy to hang, preventing traffic from being processed until the unit rebooted or failed over.

    1209339

    FortiWeb failed to authenticate administrators using FortiCloud SSO on some appliances with identical firmware. The SAML login process stopped due to missing certificate handling, preventing completion of the FortiCloud SSO flow.

    1207216

    When the HTTP Header Security (HHS) module was enabled with no rules configured, FortiWeb continued to buffer response data, which caused Server-Sent Events (SSE) responses to be dropped.

    1200770

    FortiWeb reset HTTP/2 requests when content routing was enabled. Under high HTTP/2 request rates, the Session Management module incorrectly counted individual requests as separate TCP connections, causing the request counter to accumulate and triggering period-block actions. This resulted in unexpected connection resets for all routed hosts.

    1194449

    Customized column settings in the Attack Log page were not retained when viewing archived log files. Opening logs through Log Management caused the column configuration to revert to default.
    Previous
    Next