Fortinet black logo

Release Notes

Home FortiMail 7.4.2 Release Notes
7.4.2
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.5

Resolved Issues

Resolved Issues

The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

AntiSpam/AntiVirus

Bug ID

Description

987126

Click protection with FortiIsolator occurred when its URL rating category was configured, even though CDR was not enabled in the content profile.

984945

In some case, legitimate JPG files are blocked by the content filter.

978390

Large QR codes cannot be detected.

974770

QR code with inverted colors cannot be detected.

966866

QR code scan does not detect images with transparent backgrounds.

973157

The specified recipient in the on-demand scan rule for Microsoft 365 is ignored.

955513

Enabling "Detect embedded components" in the content profile may cause system to not work properly.

985249

Fail to submit the email to FortiSandbox when the attachment ends with "." (such as "test.htm.").

977414

In some cases, outbound email is rejected with error "timeout before data read, where=eom".

993514

Large dictionary with wildcards may cause high CPU usage and email rejection.

993340

In some cases, the SPF records cannot be resolved properly.

995247

Email classified as a "Sender Alignment" is not archived in the "Bulk" but in the "Inbox".

Mail Delivery

Bug ID

Description

982592

Message ID is the same for email that is sent to original host and released from system quarantine.

976027

Some email was incorrectly rejected with SMTP code 421 4.7.0 and mail event error message milter_write(mailfilterd).

959876

After upgrading to 7.4.1 from 7.2.2, if the incoming email size is bigger than the maximum size to scan defined in the antispam profile, the email will be rejected.

System

Bug ID

Description

984713

4096-bit DKIM key import is not supported.

988353

SAML attribute to identify email address does not work.

955065

PKI admin login with non-ASCII characters does not work.

969925

After upgrading to v7.4.1, users cannot log in to FortiMail using RADIUS authentication.

966146

High memory usage when processing certain email.

963070

Domain administrators can change their permissions to other domains.

964861

In active-active HA mode, NFS synchronization after network disconnection overwrites data instead of appending data.

989046

Duplicate email after restoring the mailbox.

993319

In HA mode, the personal quarantine folder is automatically removed after some time on the secondary unit.

994895

In some cases, the quarantined email cannot be released from the History view.

995799

Incorrect replacement message information for email sent in HTML or Rich Text Format.

992801

LDAP synchronization for address book in server mode does not work properly.

997707

When importing contacts from the LDAP server, if a value has "" , the symbol "\\" is added,

Log and Report

Bug ID

Description

962023

Logs sent via syslog miss the "Disposition" field entry when email is sent to domain quarantine.

963521

Incorrect results for "OR" search criteria in log search tasks.

992734

In some cases, the original file names are not logged when sending attachments to FortiSandbox.

Admin GUI/Webmail

Bug ID

Description

960618

After upgrading to v7.4.1, the domain MTA status displays incorrectly.

972443

After the user accesses the secure email (IBE) webmail, the error message "Unable to open message. It might have been moved or deleted" displays although the secure email is showing in the inbox.

962059

After upgrading to v7.4.1, email cannot be sent to a contact name containing a comma in webmail.

973645

Webmail logins are redirected when mail migration is configured but "Enable mail migration" is disabled.

989622

Webmail unable to load when SSO is used and the webmail page is closed and then re-opened.

966184

Mail Statistics does not include email messages from associated domains.

997778

"Internal server error" message when creating an event in webmail calendar using a contact group for attendee.

Common Vulnerabilities and Exposures

FortiMail v7.4.2 is no longer vulnerable to the following CVE/CWE-References.

Visit https://fortiguard.com/psirt for more information.

Bug ID

Description

988041

CWE-345: Insufficient Verification of Data Authenticity
985989

CWE-1395: Dependency on Vulnerable Third-Party Component
985968

CWE-613: Insufficient Session Expiration

959932

CVE-2023-47539: Improper Access Control
Previous
Next

Resolved Issues

The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

AntiSpam/AntiVirus

Bug ID

Description

987126

Click protection with FortiIsolator occurred when its URL rating category was configured, even though CDR was not enabled in the content profile.

984945

In some case, legitimate JPG files are blocked by the content filter.

978390

Large QR codes cannot be detected.

974770

QR code with inverted colors cannot be detected.

966866

QR code scan does not detect images with transparent backgrounds.

973157

The specified recipient in the on-demand scan rule for Microsoft 365 is ignored.

955513

Enabling "Detect embedded components" in the content profile may cause system to not work properly.

985249

Fail to submit the email to FortiSandbox when the attachment ends with "." (such as "test.htm.").

977414

In some cases, outbound email is rejected with error "timeout before data read, where=eom".

993514

Large dictionary with wildcards may cause high CPU usage and email rejection.

993340

In some cases, the SPF records cannot be resolved properly.

995247

Email classified as a "Sender Alignment" is not archived in the "Bulk" but in the "Inbox".

Mail Delivery

Bug ID

Description

982592

Message ID is the same for email that is sent to original host and released from system quarantine.

976027

Some email was incorrectly rejected with SMTP code 421 4.7.0 and mail event error message milter_write(mailfilterd).

959876

After upgrading to 7.4.1 from 7.2.2, if the incoming email size is bigger than the maximum size to scan defined in the antispam profile, the email will be rejected.

System

Bug ID

Description

984713

4096-bit DKIM key import is not supported.

988353

SAML attribute to identify email address does not work.

955065

PKI admin login with non-ASCII characters does not work.

969925

After upgrading to v7.4.1, users cannot log in to FortiMail using RADIUS authentication.

966146

High memory usage when processing certain email.

963070

Domain administrators can change their permissions to other domains.

964861

In active-active HA mode, NFS synchronization after network disconnection overwrites data instead of appending data.

989046

Duplicate email after restoring the mailbox.

993319

In HA mode, the personal quarantine folder is automatically removed after some time on the secondary unit.

994895

In some cases, the quarantined email cannot be released from the History view.

995799

Incorrect replacement message information for email sent in HTML or Rich Text Format.

992801

LDAP synchronization for address book in server mode does not work properly.

997707

When importing contacts from the LDAP server, if a value has "" , the symbol "\\" is added,

Log and Report

Bug ID

Description

962023

Logs sent via syslog miss the "Disposition" field entry when email is sent to domain quarantine.

963521

Incorrect results for "OR" search criteria in log search tasks.

992734

In some cases, the original file names are not logged when sending attachments to FortiSandbox.

Admin GUI/Webmail

Bug ID

Description

960618

After upgrading to v7.4.1, the domain MTA status displays incorrectly.

972443

After the user accesses the secure email (IBE) webmail, the error message "Unable to open message. It might have been moved or deleted" displays although the secure email is showing in the inbox.

962059

After upgrading to v7.4.1, email cannot be sent to a contact name containing a comma in webmail.

973645

Webmail logins are redirected when mail migration is configured but "Enable mail migration" is disabled.

989622

Webmail unable to load when SSO is used and the webmail page is closed and then re-opened.

966184

Mail Statistics does not include email messages from associated domains.

997778

"Internal server error" message when creating an event in webmail calendar using a contact group for attendee.

Common Vulnerabilities and Exposures

FortiMail v7.4.2 is no longer vulnerable to the following CVE/CWE-References.

Visit https://fortiguard.com/psirt for more information.

Bug ID

Description

988041

CWE-345: Insufficient Verification of Data Authenticity
985989

CWE-1395: Dependency on Vulnerable Third-Party Component
985968

CWE-613: Insufficient Session Expiration

959932

CVE-2023-47539: Improper Access Control
Previous
Next