Sophos XG Update v16.05.5: Noch mehr Bugfixes
Sophos nimmt weitere Optimierungen an ihrem SFOS vor, um die stetig wachsende XG-Gemeinde glücklich zu machen. Es gibt nämlich bereits das nächste Update für eure XG. Das neue SFOS v16.05.5 Update bringt wie beim letzten Mal keine neuen Features, dafür wieder massig viele Bugfixes.
NC-14549 [API] Unable to delete a web policy NC-16612 [API] Can not configure second WAN link on any physical interface NC-17948 [API] Getting different autogenerated password for same guest user in HA (Primary and Auxiliary device) NC-17955 [API] Unable to ping facebook.com from ping tool in the diagnostics page NC-18595 [API] Issues with char encoding using Sophos API NC-16205 [Authentication] First user login not registered with firewall NC-17493 [Authentication] Radius authentication doesn't work for Webadmin login NC-17767 [Authentication] AD users cannot login to userportal with samAccount name plus domain information in login NC-18282 [Authentication] Client based SSO doesn't work NC-18630 [Authentication] AD users email addresses will be cut if the email address contains more than 64 characters NC-18940 [Authentication] access_server crash when multiple users log in at the same time NC-18733 [Base System, License] UTM9 to SF – Eval to full license migration fails in one of two possible user flows NC-13297 [Base System] Appliance certificate is invalid after import .xml file. NC-16623 [Base System] Firmware install message shows "undefined" string instead of firmware display version on GUI NC-16660 [Base System] CCL details XML information not displaying for Sandbox Events on System Service > Log Settings NC-17339 [Base System] Hotspot with voucher and full customization can't be created NC-17393 [Base System] Eval registration from a SG appliance results in multiple registration requests NC-17545 [Base System] Interface names are not correct for 4-Port 10G module with CR200iNG-XP/CR300iNG-XP appliances NC-17753 [Base System] User not displayed in correct format in log-viewer in case of email sandbox NC-18497 [Base System] XG Home subscription - RAM in some corner cases gets Limited to 4GB than 6GB NC-18830 [Base System] Appliance certificate's issuer CA not present resulting in not able to download SSL client from user portal NC-3719 [Base System] VPN IPSec connection name length increase from 50 to 100 NC-8998 [Base System] During memtest from SFLoader, units don't reboot by pressing ESC button NC-18485 [CR-to-CN_Migration] Migration failed from CR 10.6.5-050 to SF 16.05.3-MR3 NC-17334 [Certificates] Certificate Authority can not be deleted in specific scenario NC-13570 [Clientless Access(HTTP/HTTPS)] Clientless Web Access: Site access issue with 'Restrict Web Application ON' in policy NC-18639 [DDNS] IP not getting updated in case of NATed IP address using Sophos DDNS NC-15754 [Date/Time Zone] Time Zone changes for Russia NC-13855 [Firewall] CCL link not displaying for device access from group level and device level NC-16484 [Firewall] Kernel Panic on 'IPSET -L' when host have more than 600 IPs NC-16819 [Firewall] Device becomes inaccessible after deleting Business Policy rule NC-17042 [Firewall] "Log Firewall Traffic" is unchecked in firewall rule but visible in log viewer NC-17420 [Firewall] Unable to set proxy port as 80 NC-18425 [Firewall] In WAN to LAN rule firewall drop and reject doesn't work for HTTP and HTTPS traffic NC-18618 [Firewall] Update of custom zone shows error "Record does not exist" on zone page when "Any" interface not bound with zone NC-18844 [Firewall] Local ACL exception rule export-import fails NC-18880 [Firewall] Existing iptables traffic redirection chains not removed when web proxy listening port is updated NC-18709 [HA] All timers disabled in primary appliance (HA A-A ) NC-17806 [Hotspot] Voucher creation fails if the description includes ' or " sign NC-17878 [Hotspot] Remove TLS v1.0 and DES/3DES/RC4 cipher algorithm from Hotspot login page NC-16862 [IPS] Default CA blank because of company name more than chars(50) NC-17561 [IPS] AWS Upload consumes 100% CPU and goes down only when IPS is disabled NC-18617 [IPS] IPS restarting (sometimes) while enabling ATP or on ATP policy change NC-18208 [License] License does not update in Auxiliary appliance in case of standalone in HA Active-Passive mode NC-18521 [License] Unable to increase virtual cores after license upgrade NC-11596 [Mail Proxy] Vulnerability fix for CVE-2011-1473 NC-17072 [Mail Proxy] SMTP DOS max Recipients exceeds limit NC-17311 [Mail Proxy] File filter is not working if file name is very large (i.e. 1k) NC-17738 [Mail Proxy] SPX encrypted PDF doesn't render properly in case of very long sender address NC-17875 [Mail Proxy] SMTP service doesn't in MTA mode after switching back and forth between MTA and Legacy Mode multiple times NC-18353 [Mail Proxy] Image file within compressed files not being allowed with white listing NC-18493 [Mail Proxy] SMTP service (MTA mode) doesn't deliver mails when receiving and forwarding n/w are on different IP family (ipv4/ipv6) NC-18548 [Mail Proxy] Sender notification not send when DPP action set as accept with SPX and SPX type as specified by recipient NC-18869 [Mail Proxy] SF failing PCI compliance on port 25 due to MTA mode responding to RC4 ciphers NC-18958 [Mail Proxy] System files are accessible to authenticated non-admin users NC-17781 [Network Services] Static Mac-IP binding NC-18696 [Network Services] 4G dongle(D-Link DWM-222) not detected NC-12852 [Networking] DHCP Relay flood customer network NC-18828 [RED] RED15 tunnel disconnect and data traffic is higher before disconnect NC-17846 [Reporting] Not able to get reports in case of long email sender (>256) NC-18769 [Reporting] Records for more than 256 character for sender/receiver should be properly displayed in PDF export NC-17978 [SSLVPN] Unable to delete bridge interface when bridge host is used in SSL VPN Site to Site NC-18424 [SSLVPN] SSLVPN Client fails to connect if certificate character has "ã" in the certificate attributes NC-18885 [SSLVPN] Openvpn Denial of Service due to Exhaustion of Packet-ID counter (CVE-2017-7479) NC-18265 [Sandstorm] SFM CCL: XML API changes missing for Sandstorm activity in System > Profiles > Device Access NC-17391 [SupportAccess] SupportAccess: UMA sometimes sends "ApuPort 0" in WebadminResponse NC-11775 [VPN] Import for selective configuration with "include dependent entity" failed NC-18039 [VPN] IPSec services is restarting continuously NC-17862 [WAF] Remote users accessing the site for the web server forwarded with WAF intermittently lose access to the site NC-18923 [WAF] Segfault for HTTP1.0 requests when cookie rewriting is enabled NC-18395 [Web] Not getting website category in custom message for unauthenticated blocks NC-18620 [Wireless] Unable to change the encryption to TKIP or TKIP&AES, settings are reverted back to AES after saving NC-18623 [Wireless] Wireless clients not able to authenticate after patches applied from NC-13982 NC-18628 [Wireless] Unable to change channel_width for an AP(5GHz) from cli NC-18698 [Wireless] Internal AP in "W" models are broadcasting the incorrect case for country code NC-18750 [Wireless] SSIDs are suddenly not broadcasted and connections are getting dropped NC-18792 [Wireless] LocalWiFi - failed to configure IP address on Bridge to LAN interface if configuration is done immediately NC-18960 [Wireless] Wireless network stops broadcasting on in-built Wifi Appliance models