Fix signal 6 backtrace is not generated for forticron daemon.

CMDB lock issues.

WAD crash at signal 11 on video filter related process.

Fix random system events log with the message "msg=UrlBwl-black gzopen fail".

Fix external resource download DNS bottleneck.

Flaws in auth_key_encrypt.

Unsupported ZTNA logic prevents proper ZTNA matching. Fix default CA certificate changed to blank after refresh.

A profile with higher privileges than the user's own profile can be set.

Fix GUI issues.

Client hung when FortiAI error encountered with fortiai-error-action as log-only in antivirus profile.

GUI permission override should only apply to GET by default.

Fix ZTNA Tag description message format problem.

HTTPS request is blocked if the destination interfaces in proxy policy and outgoing interface to web-proxy forward-server are different.

Change default source port range to 1024-65001.

Fix WAD process crash at wad_http_req_add_option of wad_http_engine.

FTP traffic does not get redirected to WAD.

GCP does not process multipart MIME data.

WAD user-info process randomly consumes 100% CPU of one core.

Fix disk formatting issue after changing usage.

WAD crashes on wad_p2s_ciphers_filter.

Crash due to connection aborting.

Guest users able to access webpage past the provisioned time allotted for them.

Extra, unnecessary X-authentication-User/Group field on ICAP header and default ICAP header change

ICAP client header parser cannot handle piggy or sibling flag HTTP headers.

WAD algorithm process crashes when the source interface of a firewall policy is set to virtual-wan-link.

Fix malformed request false positive issue.

ICAP client timeout issue .

Fix WAD unable to recognize RSSO user.

Fix WAD memory spike on ISO file when stream-scan enabled.

Disable VXLAN configuration in transparent mode.

Traffic is not authorized when AD username is provided without a domain.

Fix CIFS under ZTNA does not respect the port setting, and should not start while no scan is needed.

Enforce IP bans on existing traffic.

Fix for re-compiling wad_ebpf_dispatcher.c.

WAD crashes at fts_client_hello_cancel.

Remove the 10 second count down for falling back URL when SSO IdP is not configured.

ZTNA status removed from GUI.

Fix TLS 1.1 certificate-inspection bypass failure.

Allow management access to local interfaces with IPsec and SSLVPN.

Read-only administrators able to sniff other administrators' cookies.

Fix incorrect allocated RAM shown in the GUI.

Improve performance when changing the configuration.

In deep-inspection, FortiProxy cannot forward ALPN extension in clienthello to server.

Keep the default value, disable, for the pac-data field in config user krb-keytab when upgrading.

Fix WAD algorithm crash when loading ia-profile.

Webcache is unable to retrieve large cached objects.

Arbitrary read/write vulnerability in custom language.

Fix string comparing issue when the host name in the request is capitalized.

Fix kernel memory corruption.

Trusted host IP table rules are only generated for super administrators.

Non-super administrators are skipped when checking for trusthost wildcards.

Fix SSL certificate full check for external resources when the hostname is the IP address.

Fix SSL certificate full check for external resources when the hostname is the IP address.

WAD crash at sig 11 in wad_log_vs.c with ZTNA logging related tests .

Patch for arbitrary file deletion in log reports.

Path traversal vulnerability allowed VDOM escaping.

Fix TCP port validate return false for proxy SSL redirect.

Fix incorrect license information on secondary FortiProxy.

Fix error when adding different URL lists to different URL match ruless.

Fix pipeline requests failure when enabling IPS/APPCTL.

Clone DSCP marker to the other end of transparent proxies.

High latency and CPU usage when deleting webcache entries matching a simple-string URL pattern.

Fix netlink socket not closed when setting up IP pools.

High memory usage by WAD worker in object ssl.fts.str.fstr_buffer_bytes.

Remove NAF.

Fix WAD traffic stats client add stats crash.

WAD crash at wad_http_fwd_msg_body.

Remove duplicate address-ip-rating in the profile-protocol-options.

Fix wa_cs daemon crashes when the request data length is larger than the range data length.

Fix race condition resulting in interfaces being stuck up or down with HA enabled .

Fix webcache prefetch build crashes when an entry has an empty configuration.

Fix wrong web proxy profile assignment issue.

Decode DLP log URL field to utf-8 .

Improve table build speed when policy uses a zone as the soure and/or destination address.

Potential memory leak on DoT traffic.

SSL Mirror does not work.

Prevent password ciphertext exposure in logs.

Configuration Backup and Restore in CLI is not working as expected. The honor-df, send-pmtu-icmp, and ipv6-allow-anycast-probe commands are removed from config system global.

Both incoming and outgoing utm-filefilter logs are generated when email is passthrough with outgoing direction via MAPI.

SSH public key changes after every reboot

ICAP server with antivirus crash when sending HTTPS to eicar.com .

CVE-2022-42475

CVE-2022-45861

CVE-2022-41330

CVE-2022-43947

CVE-2022-42474

CVE-2022-41327

CVE-2023-26207