Fortinet black logo

Release Notes

6.3.4
6.6.1
6.6.0
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.2
6.2.1
6.2.0
6.1.3
6.1.2
6.1.1
6.1.0
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.5.0
5.4.1
5.4.0
5.3.1
5.3.0
5.2.2
5.2.1
5.2.0
5.1.2
5.1.1
5.1.0
5.0.0
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.1
4.2.0

Resolved issues

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

837219

FortiAuthenticator-VM on same Hyper-V host cannot form HA A/A cluster after July 2022 Windows Updates.

861776

Upgrade OpenSSL from 1.1.1n to 1.1.1s, then again to 1.1.1t.

774147

FortiAuthenticator - [FG-IR-21-254] `Host` header injection.

831595

CLI - Setting timezone and DNS does not clear GUI settings cache.

791452

OpenSSL 1.1.1n - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778).

830002

XSS observed in the password reset done page.

800714

[3rd party component upgrade required for security reasons] FortiAuthenticator- OpenLDAP to 2.6.2.

814167

[3rd party component upgrade required for security reasons] FortiAuthenticator- libxml2 to 2.9.14.

805720

[3rd party component upgrade required for security reasons] FortiAuthenticator - linux_kernel to 5.10.111/5.4.189/4.19.238/4....

803891

SAML peer certificate expiration issue and XML security issue.

788824

[3rd party component upgrade required for security reasons] FortiAuthenticator - Dirty Pipe Vulnerability on Linux Kernel.

Common Vulnerabilities and Exposures

FortiAuthenticator is no longer vulnerable to the following CVE-Reference(s):

Bug ID

CVE references

791452

CVE-2022-0778

Visit https://fortiguard.com/psirt for more information.

Previous
Next

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

837219

FortiAuthenticator-VM on same Hyper-V host cannot form HA A/A cluster after July 2022 Windows Updates.

861776

Upgrade OpenSSL from 1.1.1n to 1.1.1s, then again to 1.1.1t.

774147

FortiAuthenticator - [FG-IR-21-254] `Host` header injection.

831595

CLI - Setting timezone and DNS does not clear GUI settings cache.

791452

OpenSSL 1.1.1n - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778).

830002

XSS observed in the password reset done page.

800714

[3rd party component upgrade required for security reasons] FortiAuthenticator- OpenLDAP to 2.6.2.

814167

[3rd party component upgrade required for security reasons] FortiAuthenticator- libxml2 to 2.9.14.

805720

[3rd party component upgrade required for security reasons] FortiAuthenticator - linux_kernel to 5.10.111/5.4.189/4.19.238/4....

803891

SAML peer certificate expiration issue and XML security issue.

788824

[3rd party component upgrade required for security reasons] FortiAuthenticator - Dirty Pipe Vulnerability on Linux Kernel.

Common Vulnerabilities and Exposures

FortiAuthenticator is no longer vulnerable to the following CVE-Reference(s):

Bug ID

CVE references

791452

CVE-2022-0778

Visit https://fortiguard.com/psirt for more information.

Previous
Next