Password-protected XLS spreadsheet files were not be decrypted.

XLSX files inside of a winmail.dat file were incorrectly detected as XLS files.

Split QR codes in PDF files were not detected.

When the FortiSandbox timeout was reached, URL click protection returned an error message instead of allowing the URL according to the FortiSandbox timeout setting.

Color-coded URLs changed the URL format or category.

DMARC failure occurred for some valid senders.

Threat feed for a resource URL did not work properly.

URI redirect lookup did not work properly.

Content action in policy matches should have been classified as Not spam instead of Spam.

When the concurrent sessions were high, URI click protection did not work properly.

CDR did not work properly with some Microsoft Word files.

PDF QR code check should not have extracted embedded files.

After upgrading from v7.6.3 to v7.6.4, personal quarantine email cannot be released if the re-scan option is enabled.

Newsletter is not detected if FortiMail performs 'Expanding alias' based on the LDAP profile query.

Multi-line URL with hyphens is not handled properly.

If there were multiple long recipient addresses, then the X-FEAS-BEC-Info: message header was longer than 998 characters and not folded, which violates RFC 5322 section 2.1.1.

When there were multiple recipients and multiple matching policies, some recipients may not have received the email.

Email was dropped when there was an issue with the NAS server.

In some cases, email could not be sent. The error message was:

timeout before data read, where=eom

Email delivery failed due to a DNS TXT record limit.

In some cases, email continuity did not work properly.

On a primary unit in an HA group, quarantine search has intermittent issues.

Quarantine search took an abnormally long time.

Unable to remove DKIM selectors with underscores.

The most recently installed CA certificate was not effective in the CA chain.

In active-active HA mode, personal block/safe lists created during HA down time were not synchronized after HA was restored.

An OFTP connection with FortiAnalyzer 7.4.8 requires the correct certificate option.

STARTTLS was not initiated for authentication in relay host tests under System > Mail Setting . Relay Host List.

After an upgrade from FortiMail 7.6.4 to 7.6.5 interim release, the HA group was out of sync.

High CPU usage was caused by the PDF scan.

High CPU usage was caused by text extraction from images in the PDF scan.

After an upgrade from FortiMail 7.6.3 to 7.6.4, after the command chattr sync-disable, active-passive HA synchronization had issues.

High CPU usage occurred on FML-900F models.

High CPU usage was caused by large files in the PDF scan.

High CPU usage was caused by regular expressions in the DLP scan.

Address map rewriting did not comply with RFC 2047 encoding for Cyrillic display names.

TLS signature algorithm still accepts SHA224 /DSA family.

When using FortiGate v7.6.3 with FortiMail v7.6.3, the security fabric cannot be established.

After an uprade to FortiMail 7.6.4, regular expression errors were logged on every SSH login.

File names were not displayed correctly in logs.

Tables were truncated in downloaded PDF reports.

In some cases, personal quarantine search did not work properly.

When logging into the administrative GUI using SSO, the administrator access profile that was applied (admin_sso) was not the profile that had been selected.

CWE-358: Improperly Implemented Security Check for Standard

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-476: NULL Pointer Dereference

CWE-358: Improperly Implemented Security Check for Standard

CWE-121: Stack-based Buffer Overflow