Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiMail 7.2.1 Release Notes
    7.2.1
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.5

    Resolved Issues

    Resolved Issues

    The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

    Antispam/Antivirus

    Bug ID

    Description

    824015

    SPF check failed due to DNS look up limit reached.

    815286

    SPF records with macros and IPv6 client IP may cause SPF check failure.

    810260

    Blocklist does not work when the sending email address is between quotation marks.

    813318

    Client names cannot be blocked using reverse DNS patterns after upgrading to v7.2.0.

    813613

    When using the "Rewrite recipient email address" action, irrelevant headers are removed.

    815586

    URL click protection scanned by FortiSandbox takes action before timeout if action is submit only.

    818127

    URL rewrite is not applied to all the links in the email body.

    809880

    Released email from the system quarantine is quarantined again due to FortiSandbox re-scan.

    811579

    The block list is only applied to the first recipient.

    818908

    URL rewrite may not work properly in some cases.

    823060

    After upgrading to 7.2.0, email attachments and URIs cannot be processed properly by Fortisandbox.

    822265

    DKIM check fails incorrectly for valid DKIM key.

    819717

    Disclaimer is not added to all email messages.

    811593

    Two files each matched by an attachment rule with different actions ends up with only one action.

    791736

    In some cases, the WebFilter can only detect part of the URL.

    827697

    Email address starting with "."(dot) is not rejected.

    824290

    In some cases, a disclaimer may be duplicated when replying to an email thread.

    826087

    JTD files are detected as Microsoft Office files.

    Mail delivery

    Bug ID

    Description

    769015

    Access control SAFE and SAFE & RELAY actions do not work on FortiMail 200E.

    819657

    The "for" field in the Received Header contains another recipient address when spam outbreak is triggered.

    821799

    Releasing email from Microsoft 365 on-demand system quarantine is delivered without the attachment.

    823544

    Email delivery is delayed with too many FortiSandbox mail queues.

    System

    Bug ID

    Description

    812907

    Admin users have access only to the main domain but not to the associated domains after upgrading to v7.2.0.

    810685

    Deleting LDAP user data will not delete the user mailbox account in database.

    809363

    Exporting the contact group to a .csv file exports all the address book contacts.

    811446

    In Microsoft 365 scheduled scan and search, the "daily" setting always defaults to a 24-hour window and overwrite the other configured time periods.

    692481

    Custom email template variable %%ORIG_FROM%% does not work as intended.

    807614

    DKIM keys may get lost in some cases.

    707515

    The secondary unit in an active-passive HA mode cannot recover from out-of-sync mode with checksum mismatch.

    821856

    DNS name for remote logging cannot be resolved, resulting in no logs being forwarded.

    817272

    Issue with HA synchronization (certificate checksum mismatch).

    823671

    SSO on mobile devices does not work after upgrading to v7.0.3.

    805629

    Domain block/safe list tracking hit count is not displayed when NAS storage is enabled.

    828856

    HA synchronization issue when updating the safe/block lists.

    825004

    In some cases, logs show incorrect relay IP addresses.

    Admin GUI and Webmail

    Bug ID

    Description

    623544

    Customer icon displayed an incorrect number of customers.

    810461

    The Compose Mail icon is not displayed when the mail is in the Encrypted Email folder.

    813612

    PKI authentication with customized webmail login page does not work.

    823267

    IBE webmail redirect defaults to port 443.

    830963

    Sorting by access level does not work under System > Administrator > Administrator.

    Common vulnerabilites and exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    Description

    793937

    CWE-284: Improper Access Control

    826878

    CVE-2022-31129: JavaScript library upgrade

    824889

    Curl library upgrade:

    CVE-2022-22576

    CVE-2022-27782

    CVE-2022-30115

    CVE-2022-27781

    CVE-2022-27780

    CVE-2022-27779

    CVE-2022-27776

    CVE-2022-27775

    CVE-2022-27774:

    792100

    CVE-17: OpenSSL upgrade (resolved in v7.2.0)

    765178

    CWE-134: Use of Externally-Controlled Format String (resolved in v7.2.0)

    792533

    Apache HTTPS upgrade (resolved in v7.2.0):

    CVE-2022-22720

    CVE-2022-22719

    CVE-2022-22721

    CVE-2022-23943:
    Previous
    Next

    Resolved Issues

    Resolved Issues

    The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

    Antispam/Antivirus

    Bug ID

    Description

    824015

    SPF check failed due to DNS look up limit reached.

    815286

    SPF records with macros and IPv6 client IP may cause SPF check failure.

    810260

    Blocklist does not work when the sending email address is between quotation marks.

    813318

    Client names cannot be blocked using reverse DNS patterns after upgrading to v7.2.0.

    813613

    When using the "Rewrite recipient email address" action, irrelevant headers are removed.

    815586

    URL click protection scanned by FortiSandbox takes action before timeout if action is submit only.

    818127

    URL rewrite is not applied to all the links in the email body.

    809880

    Released email from the system quarantine is quarantined again due to FortiSandbox re-scan.

    811579

    The block list is only applied to the first recipient.

    818908

    URL rewrite may not work properly in some cases.

    823060

    After upgrading to 7.2.0, email attachments and URIs cannot be processed properly by Fortisandbox.

    822265

    DKIM check fails incorrectly for valid DKIM key.

    819717

    Disclaimer is not added to all email messages.

    811593

    Two files each matched by an attachment rule with different actions ends up with only one action.

    791736

    In some cases, the WebFilter can only detect part of the URL.

    827697

    Email address starting with "."(dot) is not rejected.

    824290

    In some cases, a disclaimer may be duplicated when replying to an email thread.

    826087

    JTD files are detected as Microsoft Office files.

    Mail delivery

    Bug ID

    Description

    769015

    Access control SAFE and SAFE & RELAY actions do not work on FortiMail 200E.

    819657

    The "for" field in the Received Header contains another recipient address when spam outbreak is triggered.

    821799

    Releasing email from Microsoft 365 on-demand system quarantine is delivered without the attachment.

    823544

    Email delivery is delayed with too many FortiSandbox mail queues.

    System

    Bug ID

    Description

    812907

    Admin users have access only to the main domain but not to the associated domains after upgrading to v7.2.0.

    810685

    Deleting LDAP user data will not delete the user mailbox account in database.

    809363

    Exporting the contact group to a .csv file exports all the address book contacts.

    811446

    In Microsoft 365 scheduled scan and search, the "daily" setting always defaults to a 24-hour window and overwrite the other configured time periods.

    692481

    Custom email template variable %%ORIG_FROM%% does not work as intended.

    807614

    DKIM keys may get lost in some cases.

    707515

    The secondary unit in an active-passive HA mode cannot recover from out-of-sync mode with checksum mismatch.

    821856

    DNS name for remote logging cannot be resolved, resulting in no logs being forwarded.

    817272

    Issue with HA synchronization (certificate checksum mismatch).

    823671

    SSO on mobile devices does not work after upgrading to v7.0.3.

    805629

    Domain block/safe list tracking hit count is not displayed when NAS storage is enabled.

    828856

    HA synchronization issue when updating the safe/block lists.

    825004

    In some cases, logs show incorrect relay IP addresses.

    Admin GUI and Webmail

    Bug ID

    Description

    623544

    Customer icon displayed an incorrect number of customers.

    810461

    The Compose Mail icon is not displayed when the mail is in the Encrypted Email folder.

    813612

    PKI authentication with customized webmail login page does not work.

    823267

    IBE webmail redirect defaults to port 443.

    830963

    Sorting by access level does not work under System > Administrator > Administrator.

    Common vulnerabilites and exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    Description

    793937

    CWE-284: Improper Access Control

    826878

    CVE-2022-31129: JavaScript library upgrade

    824889

    Curl library upgrade:

    CVE-2022-22576

    CVE-2022-27782

    CVE-2022-30115

    CVE-2022-27781

    CVE-2022-27780

    CVE-2022-27779

    CVE-2022-27776

    CVE-2022-27775

    CVE-2022-27774:

    792100

    CVE-17: OpenSSL upgrade (resolved in v7.2.0)

    765178

    CWE-134: Use of Externally-Controlled Format String (resolved in v7.2.0)

    792533

    Apache HTTPS upgrade (resolved in v7.2.0):

    CVE-2022-22720

    CVE-2022-22719

    CVE-2022-22721

    CVE-2022-23943:
    Previous
    Next