Resolved issues
The following issues have been fixed in FortiProxy 7.0.9. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID |
Description |
---|---|
871559 | The command "exec bypass-mode enable/disable" is not functional. |
875832 | doh server crash when connecting to 443 port for GUI. |
756345 | In certain circumstances, such as after booting, vd->policy_conf_gen lags behind g_wad.policy_generation, causing a logic failure that leads to conflict with IANA protocol numbers. |
796510 | When all server in a forward server group goes down, traffic through the group is forwarded to the original destination directly even if down-option is set to `block`. |
807982 | Disable group profile with DNS Filter in proxy-policy. |
812888 | When a client sends an HTTP/1.0 request, FortiProxy's forwarded response is always HTTP/1.1. Furthermore, if the server's response has chunked encoding, then FPX does not remove chunked encoding before forwarding the response to the client. |
822829 | FortiProxy does not have default policy for ftp. When a client tries to access an ftps server, ses_ctx->sec_profile is none in wad_ftp_on_auth_cmd(), which causes crash. |
825977 | Fix crash on avscan submission error due to double close. |
828194 |
SSLVPN stops passing traffic after some time. |
831069 |
Blank page displayed after login to back-end server in SSLVPN web mode. |
842517 |
Adding a local user to a group containing lot of users causes delay on GUI and CLI due to cmdbsvr (high CPU). |
843318 |
WAD worker may crash with signal 11 if the request header contains "Cache-Control: only-if-cached". |
851581 | Change FortiView shaper monitor to show real-time information. |
854115 | ssh-policy-check results in TP policy being ignored. |
855882 | Memory leaking issue due to a typo in the calloc API. |
857368 | After upgrading to 7.0.8, WAD crash with signal 11 wad_hpack which is caused by a stack allocated buffer overflow. |
857632 | wad http2 hpack parsing error in an edge case. |
859013 | Debug daemon may get stuck and cause Web GUI to load slowly. |
860190 | A tp-policy without any ssh related UTM will fail to redirect to check ssh-policies. |
863317 |
Fix GUI issue about FortiSandbox on the AntiVirus profile configuration page. |
863855 |
Lack of certificate verification when establishing secure connections with fabric devices. |
865135 | Multipart boundary parsing failed with CRLF before the end of boundary1. |
867005 | Sending traffic to icap client using icap secure results in "502 Bad Gateway". |
868250 |
No monitoring for disk access. Difficult to trace what causes frequent disk access. |
868666 | Improper use of snprintf to write into a buffer. |
868782 | Change the default value formula of config.system.global.conntrack to be memory-size-based. |
869120 | Fix wad crashes when loading or updating policy configuration. |
869267 | config-sync cluster is not able to sync with NTP server using dedicated mgmt interfaces. |
869359 |
Azure Auto-scale HA shows certificate error in secondary. |
869578 | When solving eicar evasion problem, status code 1xx and 204/304 are handled together rather than separately. |
869700 | wad crash at wad_h2_proc_data when icap blocks the traffic. |
869923 | DNS filter not taking effect for DoT traffic. |
870099 |
LDAP cache was not updated properly after the user group changed in Active Directory server. |
870764 | In wad_ftp_tp_cancel, wad delete the session context lease after the session is closed |
871449 | WAD crashes on policy testing when test request destination is IP and port. |
872358 | The logout option does not work when "Keep-alive" authentication is enabled. |
872366 |
"Insert empty policy" in GUI copies some fields from the parent policy instead of inserting a blank policy. |
872368 |
Failed to save changes while adding a user as source in a policy using quick edit. |
872617 | SWG SSO shows "Firewall Authentication" failure on endpoint, which is caused by infinite redirects. |
872685 |
When adding user objects to source field in a policy, the user objects are not highlighted. |
872721 | HA role is not updated on Web UI status bar. |
872931 | 'diag sys session list' fails to list all sessions. |
872950 | wad_scan module is closed in wad_scan_handle_scan_results, which causes a crash. |
873031 |
Web UI firmware upgrade option is not available. |
873369 | HA fails to sync on KVM multicast HA when interface is virtio. |
873458 | Add forward server status update in passive mode for transparent traffic. |
873851 | When you create a new vdom, wad_ui_prefetch_vd_init and wad_ui_reverse_cache_server_vd_init are not called and the linked list is not initialized, which results in a crash while traversing the linked list. |
874563 | Crash and compile error due to implementation or coding error. |
874711 |
Explicit Proxy Traffic only has Policy ID recorded without the policy name on Web UI. |
874989 |
Support multiple 'Server' headers to fix website login issues. |
875170 |
Cannot view more than 500 lines under Log & Report > Forward Traffic on FortiProxy-2000E. |
875175 | Requests from local non-domain LDAP users are denied by the explicit firewall policy. |
875485 | Log all socks traffic as https transaction and show domain name in "hostname" and "url" for FQDN requests. |
876758 |
SSH key is added even if operation is aborted. |
877128 | ZTNA saml portal or auth portal cannot handle cors preflight because it does not take cors preflight request into consideration after matching (saml/auth) gateway. |
877230 | If an HB interface is disabled and enabled on a unit, the respective unit will never join the cluster unless it is restarted. |
877774 | psv_tm prints the wrong time in diagnose command. |
878298 | If the memory usage is out of control, the appending request is added to a 'hold-list' for a while to apply flow-control to the worker. The request might not be removed from the list properly for some corner cases. |
878386 | Add upgrade code to retain firewall policy's ssl-ssh-profile on upgrade from FortiProxy 2.0 to 7.0. |
878587 | HA role in the list page is not consistent with the detail page. |
878782 |
PAC configuration issue. |
878863 | Forward server group log only works when load-balance algorithm (ldb-method) is `weighted`. |
880092 | icap server hangs when icap secure is enabled. |
880205 | Fix firewall policy schedule with year later than 2038. |
880479 | Fix debug daemon crash when session is not found, which usually happens when CLI or worker exits before the request is done. |
881208 |
Fix masquerade 'disable' in transparent policy which causes traffic failure. |
881499 |
Icap client crashed on wad_conn_pool_conn error. |
881693 |
Fix SSL/SSH Inspection inspection profile visible issue. |
882475 |
Domain user suffix extract from krb ticket not matching what's shown in diag wad user list. |
883170 |
Cached object is corrupted and client keeps resending request with token. |
378251 860859 |
Fix nf_conntrack_expect's reference for master conntrack to avoid leaks. |
802564 881341 |
forticron crash when restoring vdom configuration. |
843288 874159 |
No endpoint information is found when accessing ZTNA application FUSE. |
874049 860282 |
SSLVPN crashes when using webmode access. |
877873 877875 |
When new hatalk is launched, ha_clear_state() is called to reset some shared memory information which could be accessed by hatalk. |
880624 881471 |
Fix unpopulated ipset when FQDN dstaddr is specified. |
845698 857358 866735 |
Google Cloud - When ha_filtered is called on slave's receiving, some packets are dropped as IP header is not correct. |
861343 863428 870022 |
Fix policy hit counts not shown in GUI policy list and diag command. |
870846 871239 871587 |
FPX hardware models do not update CMOS time correctly. |
881553 882350 882403 |
Fix some GUI issues. |
Common vulnerabilities and exposures
FortiProxy 7.0.9 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE reference |
---|---|
845848 |
|
874761 |
|
874049 |
CVE-2023-33307 |
843318 |