Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved issues

The following issues have been fixed in FortiProxy 7.0.7. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID

Description

604172

Webfilter cannot communicate with FortiGuard through proxy.

669251

Removed the OPTIONS method from the HTTP 405 “Method Not Allowed” response.

734909

ICAP error messages use the correct replacement messages rather than the existing, hard-coded 502 response.

763951, 832173

Speed up policy learning by using a delta config.

780182

WAD crash at wad_http_fwd_msg_body.

805703

Select the next forward server by default for the least connection algorithm.

817056

The inactivity timer is 30 minutes, and renewed any time it is given out by the pool for ICAP traffic, or when any traffic flows through the connection in either direction.

821242

ICAP bypassing yields to web traffic corrupted upon ICAP_server failure to response.

822015

Add support for ACI dynamic address in WAD.

824259

Too many redirections error with session based authenthication and web-auth-cookie.

825349

WAD crashed at wad_http_req_finished with signal 11.

830907

WAD can crash when building a proxy policy if an address group has no member.

831428

Corrupted forward-server caused WAD crash.

833174, 835163, 835638, 836141, 836142, 837089, 840519, 840525

Fix GUI issues.

833372

WAD crash due to long line reponse from server and SSH filter vulnerability.

834684

Configuring SNMP wiped kernel SNAT settings.

835180

Fix traffic shaping on newly configured VLAN interface.

835623, 837608

Embed base64 string images instead of URLs for WAD blocking page.

835739

Website will not reply if Connection uses the wrong letter case

836286

ICAP infection headers could not show the correct file name.

836464

The mac address type removed from firewall addresses, as it is not supported.

836723

HTTP/HTTPS requests that match a policy with an L7 address are not forward to the isolate server.

836915

DNS queries fail with dnsfilter applied.

837192

Fix virtual MAC setup in HA mode.

837598

cloudinitd crash when deploying FortiProxy on AWS.

837729

Bypass interface kernel driver reset after rebooting.

838354

FTP over TLS does not work through explicit proxy when ftp-over-http is enabled.

838888

Fix HA sequential upgrade.

838910

WAD crashes on attaching history traffic stats to NULL tcp_port from session.

840189

Rare case in HA configuration caused kernel panic.

840680

Fix SSLVPN connection issue.

841086

FortiProxy does not have any cache hits after memory usage passes 60%.

842338, 842826

Fix VPN widgets in the GUI.

842469

ZTNA access stuck when going through TCP-fwd towards HTTPS with a deep-inspection profile.

842835

Prefetch tasks added multiple times, leading to high resource usage .

842908

Fix synchronizing captive-portal IP/FQDN in config-sync mode .

842925

Image Analyzer (IA) profile not applied after being changed.

842926

Failure to perform SNAT when creating an FTP PASSIVE mode data channel.

844823, 846862

WAD can enter a dead loop when rebuilding explicit policy, and can timeout waiting for the DNS proxy daemon to reload a DNS profile.

845323

SNMP not responding when dedicated-to management is enable on an interface.

845849

XSS vulnerability on login check and SAML IdP route handler.

846114

DNS can cause a dead loop in the WAD main schedule loop.

847582

HLS vcache crash.

847944

Fix issues with the function of administrator trusted host settings.

848398

Access-Control-x headers not added to the owner tables and marked as invalid.

848493

User information daemon memory use increases steadily if the LDAP server is unreachable.

848534

Fix System Events is not accessible.

848592

Daemons can fail to start if the prefetch WGET processes consume a lot of resources.

Common vulnerabilities and exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

846234

FortiProxy 7.0.7 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-40684

847070

FortiProxy7.0.7 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-40684

Resolved issues

The following issues have been fixed in FortiProxy 7.0.7. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID

Description

604172

Webfilter cannot communicate with FortiGuard through proxy.

669251

Removed the OPTIONS method from the HTTP 405 “Method Not Allowed” response.

734909

ICAP error messages use the correct replacement messages rather than the existing, hard-coded 502 response.

763951, 832173

Speed up policy learning by using a delta config.

780182

WAD crash at wad_http_fwd_msg_body.

805703

Select the next forward server by default for the least connection algorithm.

817056

The inactivity timer is 30 minutes, and renewed any time it is given out by the pool for ICAP traffic, or when any traffic flows through the connection in either direction.

821242

ICAP bypassing yields to web traffic corrupted upon ICAP_server failure to response.

822015

Add support for ACI dynamic address in WAD.

824259

Too many redirections error with session based authenthication and web-auth-cookie.

825349

WAD crashed at wad_http_req_finished with signal 11.

830907

WAD can crash when building a proxy policy if an address group has no member.

831428

Corrupted forward-server caused WAD crash.

833174, 835163, 835638, 836141, 836142, 837089, 840519, 840525

Fix GUI issues.

833372

WAD crash due to long line reponse from server and SSH filter vulnerability.

834684

Configuring SNMP wiped kernel SNAT settings.

835180

Fix traffic shaping on newly configured VLAN interface.

835623, 837608

Embed base64 string images instead of URLs for WAD blocking page.

835739

Website will not reply if Connection uses the wrong letter case

836286

ICAP infection headers could not show the correct file name.

836464

The mac address type removed from firewall addresses, as it is not supported.

836723

HTTP/HTTPS requests that match a policy with an L7 address are not forward to the isolate server.

836915

DNS queries fail with dnsfilter applied.

837192

Fix virtual MAC setup in HA mode.

837598

cloudinitd crash when deploying FortiProxy on AWS.

837729

Bypass interface kernel driver reset after rebooting.

838354

FTP over TLS does not work through explicit proxy when ftp-over-http is enabled.

838888

Fix HA sequential upgrade.

838910

WAD crashes on attaching history traffic stats to NULL tcp_port from session.

840189

Rare case in HA configuration caused kernel panic.

840680

Fix SSLVPN connection issue.

841086

FortiProxy does not have any cache hits after memory usage passes 60%.

842338, 842826

Fix VPN widgets in the GUI.

842469

ZTNA access stuck when going through TCP-fwd towards HTTPS with a deep-inspection profile.

842835

Prefetch tasks added multiple times, leading to high resource usage .

842908

Fix synchronizing captive-portal IP/FQDN in config-sync mode .

842925

Image Analyzer (IA) profile not applied after being changed.

842926

Failure to perform SNAT when creating an FTP PASSIVE mode data channel.

844823, 846862

WAD can enter a dead loop when rebuilding explicit policy, and can timeout waiting for the DNS proxy daemon to reload a DNS profile.

845323

SNMP not responding when dedicated-to management is enable on an interface.

845849

XSS vulnerability on login check and SAML IdP route handler.

846114

DNS can cause a dead loop in the WAD main schedule loop.

847582

HLS vcache crash.

847944

Fix issues with the function of administrator trusted host settings.

848398

Access-Control-x headers not added to the owner tables and marked as invalid.

848493

User information daemon memory use increases steadily if the LDAP server is unreachable.

848534

Fix System Events is not accessible.

848592

Daemons can fail to start if the prefetch WGET processes consume a lot of resources.

Common vulnerabilities and exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

846234

FortiProxy 7.0.7 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-40684

847070

FortiProxy7.0.7 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-40684