Fix signal 6 backtrace is not generated for forticron daemon.

CMDB lock issues.

WAD crash at signal 11 on video filter related process.

Fix random system events log with the message "msg=UrlBwl-black gzopen fail".

Fix external resource download DNS bottleneck.

Flaws in auth_key_encrypt.

Unsupported ZTNA logic prevents proper ZTNA matching. Fix default CA certificate changed to blank after refresh.

A profile with higher privileges than the user's own profile can be set.

Fix GUI issues.

Disable group profile with DNS filter in explicit-web policy.

Client hung when FortiAI error encountered with fortiai-error-action as log-only in antivirus profile.

GUI permission override should only apply to GET by default.

Fix VDOM data from leaking to other VDOMs through the REST API (Report Runner and CMDB tables cluster-sync and vdom-property).

Fix WAD process crash at wad_http_req_add_option of wad_http_engine.

FTP traffic does not get redirected to WAD.

GCP does not process multipart MIME data.

WAD user-info process randomly consumes 100% CPU of one core.

Fix disk formatting issue after changing usage.

WAD crashes on wad_p2s_ciphers_filter.

Crash due to connection aborting.

Guest users able to access webpage past the provisioned time allotted for them.

Extra, unnecessary X-authentication-User/Group field on ICAP header and default ICAP header change

ICAP client header parser cannot handle piggy or sibling flag HTTP headers.

Fix virtual MAC setup in HA mode.

Fix malformed request false positive issue.

ICAP client timeout issue .

Fix WAD unable to recognize RSSO user.

Fix WAD memory spike on ISO file when stream-scan enabled.

Disable VXLAN configuration in transparent mode.

Traffic is not authorized when AD username is provided without a domain.

Update of VRF with multiple VDOMs.

Enforce IP bans on existing traffic.

Fix for re-compiling wad_ebpf_dispatcher.c.

WAD crashes at fts_client_hello_cancel.

Remove the 10 second count down for falling back URL when SSO IdP is not configured.

ZTNA status removed from GUI.

Fix TLS 1.1 certificate-inspection bypass failure.

Allow management access to local interfaces with IPsec and SSLVPN.

Read-only administrators able to sniff other administrators' cookies.

Improve performance when changing the configuration.

In deep-inspection, FortiProxy cannot forward ALPN extension in clienthello to server.

Keep the default value, disable, for the pac-data field in config user krb-keytab when upgrading.

Fix WAD algorithm crash when loading ia-profile.

Webcache is unable to retrieve large cached objects.

Arbitrary read/write vulnerability in custom language.

Change the maximum size allowed for entry names under config firewall proxy-address to 80 bytes.

Fix string comparing issue when the host name in the request is capitalized.

FNBI installation failed on version 7.2.1.

FTP over HTTP connect method should not require that ftp-over-http be enabled. Port matching mechanism optimized. Missing semicolon caused a compile error.

Saving issue when adding entries to an Isolator profile.

Trusted host IP table rules are only generated for super administrators.

Non-super administrators are skipped when checking for trusthost wildcards.

WAD memory is not assigned when building JSON responses for isolator.

Fix SSL certificate full check for external resources when the hostname is the IP address.

Patch for arbitrary file deletion in log reports.

Fix TCP port validate return false for proxy SSL redirect.

Fix print mgmt-data syntax errors.

Fix incorrect license information on secondary FortiProxy.

Fix error when adding different URL lists to different URL match ruless.

Fix pipeline requests failure when enabling IPS/APPCTL.

Clone DSCP marker to the other end of transparent proxies.

High latency and CPU usage when deleting webcache entries matching a simple-string URL pattern.

Fix netlink socket not closed when setting up IP pools.

High memory usage by WAD worker in object ssl.fts.str.fstr_buffer_bytes.

Remove NAF.

Fix WAD traffic stats client add stats crash.

WAD crash at wad_http_fwd_msg_body.

The image-analyzer profile should be a per VDOM configuration, not a global shared profile,

Remove duplicate address-ip-rating in the profile-protocol-options.

Fix wa_cs daemon crashes when the request data length is larger than the range data length.

Fix race condition resulting in interfaces being stuck up or down with HA enabled .

Proxy address cannot be selected when editing an isolator profile.

Fix webcache memory leak.

Fix webcache prefetch build crashes when an entry has an empty configuration.

Fix wrong web proxy profile assignment issue.

Decode DLP log URL field to utf-8.

Improve table build speed when policy uses a zone as the soure and/or destination address.

Potential memory leak on DoT traffic.

SSL Mirror does not work.

Prevent password ciphertext exposure in logs.

Fix high data/partition usage.

Configuration Backup and Restore in CLI is not working as expected. The honor-df, send-pmtu-icmp, and ipv6-allow-anycast-probe commands are removed from config system global.

SSH public key changes after every reboot

Multipart boundary parsing failed with CRLF before the end of boundary1.

ICAP server with antivirus crash when sending HTTPS to eicar.com .

CVE-2022-42475

CVE-2022-42476

CVE-2022-45861

CVE-2022-41330

CVE-2022-43947

CVE-2023-26207

CVE-2022-42474

CVE-2022-41327

CVE-2023-26207