Resolved issues
The resolved issues listed below do not list every bug that has been corrected with this release. For inquiries about a particular bug, contact Customer Service & Support.
Bug ID |
Description |
---|---|
483417 | Include SNI cache in HA sync. |
483417, 499598 | Do not allow forged SNI in TLS traffic for Application Control. |
488392 , 511778 , 522196 , 523655 , 526865 , 530449 | Backport of SSL session ID cache improvement. |
529659 , 540063 | Non-SSL traffic cannot pass through IPS engine. |
535288 |
Read over boundary when getting file name from HTTP URL. |
540344 , 567923 | IPS engine crash. |
540902 | Reply to FIN+ACK retransmission with seq=0ack=0 pkt& |
542818 | Unable to use client certificate authentication through a policy with deep inspection and IPS enabled. |
546787 , 548413 | Crash on certain RTSP interleave data. |
550227 | Keep getting attackid=0 in FortiGate IPS logs for P2P traffic. |
552326 | Port IPS tag database improvement patch. |
554062 | Too long wait time in sniff mode. |
554219 | Always choose explicitly configured rules over implicit ones. |
557379 | Do not generate random serial number for resigned server certificate. |
557944 |
Crash when doing CBC HMAC validation. Avoid padding oracles due to different handling of invalid record mac and invalid paddings. |
561936 | Web rating override does not work with external proxy. |
562419 | Certificate inspection profile triggers SSL deep inspection. |
562832 | Do not filter out application signatures based on application detected in host session. |
563177 | Incorrect sack. |
568328 | Botnet database loading crash on Windows and remove garbage strings from database. |
569143 |
CIFS antivirus flow mode allows malware blocked via HTTP. Change the value of SMB2_OOO_LIMIT to four megabytes. |
574745 |
Revert patch: create different sessions for the same session from different policy. |
578282 | SSL session stuck if server hello and certificate are in different packets. |
584073 | Crash on HTTP2 control when getting content disposition. |
589653 |
Crash after upgrade to 3.555. |
592618 |
Do not do URL filter query if SNI is not yet verified. |