Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    7.4.6
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.5

    Resolved Issues

    Resolved Issues

    The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

    Antispam/antivirus

    Bug ID

    Description

    1165264

    Embedded URLs in PDF attachments are not detected.

    1172602

    Files with .emf extension are incorrectly detected as application/zip files.

    1163240

    Email with image attachment is blocked by the content profile as password-protected file.

    1184804

    Wrong MIME type detection.

    1183090

    JPEG files are incorrectly detected as RAR files.

    1200245

    When sender address rate control reaches the limit and some email are in the FortiSandbox queue, FortiMail receives NoResult from FortiSandbox.

    1191454

    Replacement message action in the content profile action does not work properly.

    1194912

    SPF check fails due to unknown modifiers.

    1189764

    Decompressed files with big size are not scanned or sent to quarantine.

    1190142

    Content type is changed although "Deliver to original host" action is set as "Unmodified copy".

    1213884

    URL click protection may not work properly during heavy workload.

    1189587

    "UNSEEN" error message returned from FortiSandbox.

    Email delivery

    Bug ID

    Description

    1191404

    Need to add missing header "From:" value.

    System

    Bug ID

    Description

    1160450

    When generating a certificate signing request (CSR), FortiMail does not add the X509v3 Subject Alternative Name (SAN) extension to the request.

    1164834

    After upgrading to v7.6.3 release, the HA pair is out of synchronization.

    1209753

    High CPU usage caused by DLP profiles.

    1173175

    Legitimate email caught by Intelligent Analysis.

    1182035

    In some cases, a block list entry may be missing in HA mode.

    1195444

    For FIPS-CC purpose, LDAPS needs to drop the non-approved and non-certified algorithms / TLS versions.

    1198879

    Disabling use of non-FIPS approved algorithms in IBE, S/MIME, and SNMPv3.

    1181436

    Some disclaimer variables may not work properly.

    1161849

    After upgrading v7.4.3 to v7.6.3, the system began crashing intermittently with the error message: Failed to boot default entries.

    1189164

    Calendar sharing does not work for Microsoft Outlook.

    1223903

    On some lower FortiMail models, PDF scanning may cause high CPU and memory usage.

    1220666

    High CPU usage caused by PDF attachments.

    1156491

    DKIM keys may be lost from the configuration.

    Log and report

    Bug ID

    Description

    1168320

    Database error executing message in antispam logs.

    1232787

    In some cases, the logs may not show the correct attachment file names.

    Administrator GUI/webmail

    Bug ID

    Description

    1198315

    Updated the JQuery-UI version.

    1176950

    Under Security > URL Filter > Profile, the total ref number does not display correctly.

    1196837

    In ForitMail webmail, encrypted email for Zoom session links is replaced with .ICS file attachment.

    1194351

    Character T and Z appear in FortiMail clawback timestamp for Quarantine Summary email template.

    1173729

    In server mode, the secondary identify cannot be deleted in the user preference.

    1054198

    In some cases, quarantine search may not work properly on the HA primary unit.

    1189608

    In some cases, personal quarantine search may not work properly.

    Common Vulnerabilities and Exposures

    FortiMail 7.4.6 is no longer vulnerable to the following CVE/CWE-References.

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    Description

    1189174

    CWE-358: Improperly Implemented Security Check for Standard

    1173145

    CWE-312: Cleartext Storage of Sensitive Information

    1173144

    CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

    1169607

    CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    1234022

    CWE-121: Stack-based Buffer Overflow

    1233871

    CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Previous
    Next

    Resolved Issues

    Resolved Issues

    The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support.

    Antispam/antivirus

    Bug ID

    Description

    1165264

    Embedded URLs in PDF attachments are not detected.

    1172602

    Files with .emf extension are incorrectly detected as application/zip files.

    1163240

    Email with image attachment is blocked by the content profile as password-protected file.

    1184804

    Wrong MIME type detection.

    1183090

    JPEG files are incorrectly detected as RAR files.

    1200245

    When sender address rate control reaches the limit and some email are in the FortiSandbox queue, FortiMail receives NoResult from FortiSandbox.

    1191454

    Replacement message action in the content profile action does not work properly.

    1194912

    SPF check fails due to unknown modifiers.

    1189764

    Decompressed files with big size are not scanned or sent to quarantine.

    1190142

    Content type is changed although "Deliver to original host" action is set as "Unmodified copy".

    1213884

    URL click protection may not work properly during heavy workload.

    1189587

    "UNSEEN" error message returned from FortiSandbox.

    Email delivery

    Bug ID

    Description

    1191404

    Need to add missing header "From:" value.

    System

    Bug ID

    Description

    1160450

    When generating a certificate signing request (CSR), FortiMail does not add the X509v3 Subject Alternative Name (SAN) extension to the request.

    1164834

    After upgrading to v7.6.3 release, the HA pair is out of synchronization.

    1209753

    High CPU usage caused by DLP profiles.

    1173175

    Legitimate email caught by Intelligent Analysis.

    1182035

    In some cases, a block list entry may be missing in HA mode.

    1195444

    For FIPS-CC purpose, LDAPS needs to drop the non-approved and non-certified algorithms / TLS versions.

    1198879

    Disabling use of non-FIPS approved algorithms in IBE, S/MIME, and SNMPv3.

    1181436

    Some disclaimer variables may not work properly.

    1161849

    After upgrading v7.4.3 to v7.6.3, the system began crashing intermittently with the error message: Failed to boot default entries.

    1189164

    Calendar sharing does not work for Microsoft Outlook.

    1223903

    On some lower FortiMail models, PDF scanning may cause high CPU and memory usage.

    1220666

    High CPU usage caused by PDF attachments.

    1156491

    DKIM keys may be lost from the configuration.

    Log and report

    Bug ID

    Description

    1168320

    Database error executing message in antispam logs.

    1232787

    In some cases, the logs may not show the correct attachment file names.

    Administrator GUI/webmail

    Bug ID

    Description

    1198315

    Updated the JQuery-UI version.

    1176950

    Under Security > URL Filter > Profile, the total ref number does not display correctly.

    1196837

    In ForitMail webmail, encrypted email for Zoom session links is replaced with .ICS file attachment.

    1194351

    Character T and Z appear in FortiMail clawback timestamp for Quarantine Summary email template.

    1173729

    In server mode, the secondary identify cannot be deleted in the user preference.

    1054198

    In some cases, quarantine search may not work properly on the HA primary unit.

    1189608

    In some cases, personal quarantine search may not work properly.

    Common Vulnerabilities and Exposures

    FortiMail 7.4.6 is no longer vulnerable to the following CVE/CWE-References.

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    Description

    1189174

    CWE-358: Improperly Implemented Security Check for Standard

    1173145

    CWE-312: Cleartext Storage of Sensitive Information

    1173144

    CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

    1169607

    CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    1234022

    CWE-121: Stack-based Buffer Overflow

    1233871

    CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Previous
    Next