Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID Description
527119 OCSP shows incorrect certificate status.
537510 Increase the VM_Base certificate table size.
537413 The DH parameters are not updated when upgrading firmware to version 5.4 or higher.
528680 Guest portals created from the migration of the legacy MAC address captive portal do not preserve the disclaimer setting.
526455 FortiToken Mobile transfer email message displays an incorrect expiration time.
526820 Push notifications aren't sent out to remote users when another user with the same username (but different realm) is present.
528211 SYSLOG SSO stops working after upgrade to firmware version 5.5.0.
529463 FortiAuthenticator randomly drops all FSSOMA sessions.
537945 Support multiple username attributes in FSSO LDAP user lookup when multiple remote LDAP servers in the same domain are configured.
517959 Duplicate DCs appear under domain in FSSO if FQDN is configured in LDAP.
526095 SAML authentication fails when signing the service provider request with a local certificate.
506294 FortiAuthenticator truncates SSO groups in long SAML attributes resulting in log on failures.
525263 SAML SP using Azure does not work.
535754 Username case sensitivity is removed from RADIUS authentication, but not from FSSO.
532689 FortiAuthenticator FSSO usernames containing spaces are ignored in event polling.
503366 Monitor SSO Domains shows a domain controller as red on HA Master and green on HA backup.
520572 When the pre-login disclaimer is enabled, the FSSO login widget requires two clicks instead of one.
527359 Unable to send randomly generated passwords via SMS when admin approval is required.
532079 Guest Portal-triggered RADIUS authentication follow-up does not include group-name VSA in Access-Accept on first attempt.
535038 Radius group-name attribute is not sent to the FortiGate during initial authentication of social user causing authentication to fail.
532016 Unable to import SSO users with a DN longer than 255 characters.
509121 FSSO Logged-in users shows "N/A" in the User Inventory widget when there are users logged into the system.
538546 Error occurs when switching a local user from Sponsor to Admin.
534736 LDAP query fails if the query string contains non-ascii characters.
534347 Creating or importing Mac devices with names containing non-ascii characters causes a server crash.
532894 Registration is misspelled 'Registeration' on the self-registration page.
526637 When changing user type to admin, 'Allow Radius Auth' option should automatically be deselected.
519150 Spaces preceding and following the SAML IdP server address and service provider settings fields should automatically be removed.
512109 When setting up SAML IdP, selecting a third-party server certificate that is still in a pending state causes a server crash.
511667 The Change Password page does not have a Cancel button.
455084 The Debug Page for Radius Accounting crashes when displaying logs with non-utf-8 characters.
515429 An error can cause loss of access to the FortiAuthenticator GUI.
516167 An admin profile with "read-only" permissions for the SSO Monitor can log off authenticated users.
538016 Unable to assign a FortiToken to another user if the user has been already deleted on FortiAuthenticator.
504695 When exporting a guest user with the Print function, the resulting page includes unnecessary content.
521547 Mobile phone numbers with seven or eight digits do not work with SMS Gateway
540391 Finding "last backup" date/time can cause delays or failure of the System Information widget.
534879 Fix typo in error message when uploading an organization image.
521183 Rename Fortinet CAs.
307386 FortiAuthenticator version upgrade history should be part of config backup/restore.
528440 The FortiAuthenticator GUI crashes after adding a guest portal rule.
522611 Rename "Meru" guest portal label to "Social portal pinholes".
523622 Coordinated HA upgrade produces two log entries under Upgrade History on the master.
522057 Deleting a social user on a LB slave will cause a crash to occur.
538865 FortiAuthenticator units fail to form a cluster when configuring HA active-passive mode.
534338 Factory reset / data drive formatting is extremely slow in Azure/HV/KVM.
526507 Remote user sync rules do not assign FortiToken to imported LDAP users.
524350 Tokens are not correctly assigned to local users during import rule execution.
490281 Column titled 'Type id' in the GUI logs is titled 'Log id' in the downloaded logs.
523780 Include Token Transfer Code in log entry.
520514 System reboots and shutdowns, intended or unintended, should be logged.
494705 Domain authentication fails for users from trusted domains due to missing domain name in authentication request.
530590 "Force password change on next logon" option does not work with FortiGate SSL-VPN if FortiToken Mobile push is used.
528580 FortiAuthenticator radiusd is unable to recognize client defined by hostname after DNS change.
493318 Remote LDAP users with expired passwords receive incorrect error messages when login fails.
526616 Auth REST API endpoint concatenated password+token_code in password field doesn't authenticate users.
519655 REST API: localusers endpoint accepts invalid parameters when sent via the PATCH method.
519652 Changing the FortiToken Mobile provisioning PIN length via REST API causes a server error.
400466 Support signed authentication requests with embedded signature for SAML IdP.
542547 SAML IdP user sessions expire earlier than configured session timeout.
539134 Typo in default replacement message for SAML Login Message Page.
513278 Remote LDAP displayName attribute isn't included in SAML assertion for remote LDAP admin.
522350 Miscellaneous performance improvements to SAML authentication.
531734 SAML IdP: support special character '&' in SP URLs and multiple ACS URLs.
535136 SAML IdP needs to add "SessionIndex" inside "saml:AuthnStatement" on successful logins.
504081 SCEP requests from an iPhone fail due to an error "The SCEP server returned an invalid response.".
526242 UTF8STRING-encoded challengePassword within CSR sent during SCEP enrollment is not parsed correctly.
523340 Sending SMS messages using Twilio fails.
519994 When the sysOID is queried, FortiAuthenticator-VM identifies itself as a LINUX Net-SNMP agent system rather than a Fortinet device.
397184 Unable to monitor the FSSO user count via SNMP.
502007 The RADIUS accounting and CoA does not take effect on FortiAuthenticator.
464556 Time-based user expiry configured in usage profile isn't applied to users when they already have an expiry date configured.
485564 Fixed vulnerability to "TCP sequence number approximation based denial of service" attack.
411510 Fixed vulnerability to "Reverse Tabnabbing" attack.

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID Description
527119 OCSP shows incorrect certificate status.
537510 Increase the VM_Base certificate table size.
537413 The DH parameters are not updated when upgrading firmware to version 5.4 or higher.
528680 Guest portals created from the migration of the legacy MAC address captive portal do not preserve the disclaimer setting.
526455 FortiToken Mobile transfer email message displays an incorrect expiration time.
526820 Push notifications aren't sent out to remote users when another user with the same username (but different realm) is present.
528211 SYSLOG SSO stops working after upgrade to firmware version 5.5.0.
529463 FortiAuthenticator randomly drops all FSSOMA sessions.
537945 Support multiple username attributes in FSSO LDAP user lookup when multiple remote LDAP servers in the same domain are configured.
517959 Duplicate DCs appear under domain in FSSO if FQDN is configured in LDAP.
526095 SAML authentication fails when signing the service provider request with a local certificate.
506294 FortiAuthenticator truncates SSO groups in long SAML attributes resulting in log on failures.
525263 SAML SP using Azure does not work.
535754 Username case sensitivity is removed from RADIUS authentication, but not from FSSO.
532689 FortiAuthenticator FSSO usernames containing spaces are ignored in event polling.
503366 Monitor SSO Domains shows a domain controller as red on HA Master and green on HA backup.
520572 When the pre-login disclaimer is enabled, the FSSO login widget requires two clicks instead of one.
527359 Unable to send randomly generated passwords via SMS when admin approval is required.
532079 Guest Portal-triggered RADIUS authentication follow-up does not include group-name VSA in Access-Accept on first attempt.
535038 Radius group-name attribute is not sent to the FortiGate during initial authentication of social user causing authentication to fail.
532016 Unable to import SSO users with a DN longer than 255 characters.
509121 FSSO Logged-in users shows "N/A" in the User Inventory widget when there are users logged into the system.
538546 Error occurs when switching a local user from Sponsor to Admin.
534736 LDAP query fails if the query string contains non-ascii characters.
534347 Creating or importing Mac devices with names containing non-ascii characters causes a server crash.
532894 Registration is misspelled 'Registeration' on the self-registration page.
526637 When changing user type to admin, 'Allow Radius Auth' option should automatically be deselected.
519150 Spaces preceding and following the SAML IdP server address and service provider settings fields should automatically be removed.
512109 When setting up SAML IdP, selecting a third-party server certificate that is still in a pending state causes a server crash.
511667 The Change Password page does not have a Cancel button.
455084 The Debug Page for Radius Accounting crashes when displaying logs with non-utf-8 characters.
515429 An error can cause loss of access to the FortiAuthenticator GUI.
516167 An admin profile with "read-only" permissions for the SSO Monitor can log off authenticated users.
538016 Unable to assign a FortiToken to another user if the user has been already deleted on FortiAuthenticator.
504695 When exporting a guest user with the Print function, the resulting page includes unnecessary content.
521547 Mobile phone numbers with seven or eight digits do not work with SMS Gateway
540391 Finding "last backup" date/time can cause delays or failure of the System Information widget.
534879 Fix typo in error message when uploading an organization image.
521183 Rename Fortinet CAs.
307386 FortiAuthenticator version upgrade history should be part of config backup/restore.
528440 The FortiAuthenticator GUI crashes after adding a guest portal rule.
522611 Rename "Meru" guest portal label to "Social portal pinholes".
523622 Coordinated HA upgrade produces two log entries under Upgrade History on the master.
522057 Deleting a social user on a LB slave will cause a crash to occur.
538865 FortiAuthenticator units fail to form a cluster when configuring HA active-passive mode.
534338 Factory reset / data drive formatting is extremely slow in Azure/HV/KVM.
526507 Remote user sync rules do not assign FortiToken to imported LDAP users.
524350 Tokens are not correctly assigned to local users during import rule execution.
490281 Column titled 'Type id' in the GUI logs is titled 'Log id' in the downloaded logs.
523780 Include Token Transfer Code in log entry.
520514 System reboots and shutdowns, intended or unintended, should be logged.
494705 Domain authentication fails for users from trusted domains due to missing domain name in authentication request.
530590 "Force password change on next logon" option does not work with FortiGate SSL-VPN if FortiToken Mobile push is used.
528580 FortiAuthenticator radiusd is unable to recognize client defined by hostname after DNS change.
493318 Remote LDAP users with expired passwords receive incorrect error messages when login fails.
526616 Auth REST API endpoint concatenated password+token_code in password field doesn't authenticate users.
519655 REST API: localusers endpoint accepts invalid parameters when sent via the PATCH method.
519652 Changing the FortiToken Mobile provisioning PIN length via REST API causes a server error.
400466 Support signed authentication requests with embedded signature for SAML IdP.
542547 SAML IdP user sessions expire earlier than configured session timeout.
539134 Typo in default replacement message for SAML Login Message Page.
513278 Remote LDAP displayName attribute isn't included in SAML assertion for remote LDAP admin.
522350 Miscellaneous performance improvements to SAML authentication.
531734 SAML IdP: support special character '&' in SP URLs and multiple ACS URLs.
535136 SAML IdP needs to add "SessionIndex" inside "saml:AuthnStatement" on successful logins.
504081 SCEP requests from an iPhone fail due to an error "The SCEP server returned an invalid response.".
526242 UTF8STRING-encoded challengePassword within CSR sent during SCEP enrollment is not parsed correctly.
523340 Sending SMS messages using Twilio fails.
519994 When the sysOID is queried, FortiAuthenticator-VM identifies itself as a LINUX Net-SNMP agent system rather than a Fortinet device.
397184 Unable to monitor the FSSO user count via SNMP.
502007 The RADIUS accounting and CoA does not take effect on FortiAuthenticator.
464556 Time-based user expiry configured in usage profile isn't applied to users when they already have an expiry date configured.
485564 Fixed vulnerability to "TCP sequence number approximation based denial of service" attack.
411510 Fixed vulnerability to "Reverse Tabnabbing" attack.