Fortinet black logo

GA Release Notes

Home FortiMail 6.4.8 GA Release Notes
6.4.8
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0

Resolved Issues

Resolved Issues

The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

Antispam/Antivirus

Bug ID

Description
845436 In custom replacement messages, the variable %%FILE%% is being replaced by the letter "p" instead of the file name.
834296 Released email from system quarantine fails DKIM check at Outlook.com.
867667 SPF check is not performed before trusted MTA, when "Received" chain is broken.
858117 In some cases, PDF attachment scan detects URL incorrectly.
854197 Content scan fails to detect macro-enabled files.
923805 URLs are sent to FortiSandbox despite the category not being selected in the URL filter profile.

896458

Microsoft One Note files are detected as plain/text instead of application/octet-stream by the content filter.

Mail delivery

Bug ID

Description
851651 Email cannot be sent via webmail when the user is in a GeoIP policy.

888653

IPv6 IP policies are not matched when the message size is above 10MB.

System

Bug ID

Description
865151 System quarantine search occasionally shows empty results.

901895

 In HA mode, hasyncd causes FortiMail CPU 100% usage on the secondary unit.

837522

SFTP remote backup fails.

836781

FortiMail MSSP domain mail statistics only show rejected email.

855067

The distribution list is only expanded to 1500 recipients although there are more.
847065 In HA mode, the uploaded images for custom email template on the primary unit are not synchronized to the secondary units.

921653

The /var/spool folder is not cleaned up properly and thus causes high mail disk usage and SMTP connection rejection.

911143

SMTP daemon restarts when a virus DB update is ocurring.

909330

Timezone is not updated with the daylight saving time (DST) change.

Log and Report

Bug ID

Description
825004 In some cases, logs show incorrect relay IP addresses.
847081 When an email is sent to FortiSandbox and the final action should be "Accept", the disposition field of the log message shows only "Defer Disposition" but not "Accept, Defer Disposition".
873970 In some cases, log search takes longer than usual.

929771

AntiSpam log still shows a spam IP score of 2 even when IP reputation level 2 is disabled.

Admin GUI and Webmail

Bug ID

Description
844509

Items in the access control rules cannot be moved up or down the list.

849405 URLs in the meeting message are not displaying correctly in webmail.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

Description

921580

FortiMail 6.4.8 is no longer vulnerable to the following CWE Reference:

  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
824889

Curl library upgrade:

CVE-2022-22576

CVE-2022-27782

CVE-2022-30115

CVE-2022-27781

CVE-2022-27780

CVE-2022-27779

CVE-2022-27776

CVE-2022-27775

CVE-2022-27774
Previous
Next

Resolved Issues

The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

Antispam/Antivirus

Bug ID

Description
845436 In custom replacement messages, the variable %%FILE%% is being replaced by the letter "p" instead of the file name.
834296 Released email from system quarantine fails DKIM check at Outlook.com.
867667 SPF check is not performed before trusted MTA, when "Received" chain is broken.
858117 In some cases, PDF attachment scan detects URL incorrectly.
854197 Content scan fails to detect macro-enabled files.
923805 URLs are sent to FortiSandbox despite the category not being selected in the URL filter profile.

896458

Microsoft One Note files are detected as plain/text instead of application/octet-stream by the content filter.

Mail delivery

Bug ID

Description
851651 Email cannot be sent via webmail when the user is in a GeoIP policy.

888653

IPv6 IP policies are not matched when the message size is above 10MB.

System

Bug ID

Description
865151 System quarantine search occasionally shows empty results.

901895

 In HA mode, hasyncd causes FortiMail CPU 100% usage on the secondary unit.

837522

SFTP remote backup fails.

836781

FortiMail MSSP domain mail statistics only show rejected email.

855067

The distribution list is only expanded to 1500 recipients although there are more.
847065 In HA mode, the uploaded images for custom email template on the primary unit are not synchronized to the secondary units.

921653

The /var/spool folder is not cleaned up properly and thus causes high mail disk usage and SMTP connection rejection.

911143

SMTP daemon restarts when a virus DB update is ocurring.

909330

Timezone is not updated with the daylight saving time (DST) change.

Log and Report

Bug ID

Description
825004 In some cases, logs show incorrect relay IP addresses.
847081 When an email is sent to FortiSandbox and the final action should be "Accept", the disposition field of the log message shows only "Defer Disposition" but not "Accept, Defer Disposition".
873970 In some cases, log search takes longer than usual.

929771

AntiSpam log still shows a spam IP score of 2 even when IP reputation level 2 is disabled.

Admin GUI and Webmail

Bug ID

Description
844509

Items in the access control rules cannot be moved up or down the list.

849405 URLs in the meeting message are not displaying correctly in webmail.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

Description

921580

FortiMail 6.4.8 is no longer vulnerable to the following CWE Reference:

  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
824889

Curl library upgrade:

CVE-2022-22576

CVE-2022-27782

CVE-2022-30115

CVE-2022-27781

CVE-2022-27780

CVE-2022-27779

CVE-2022-27776

CVE-2022-27775

CVE-2022-27774
Previous
Next