UTM Up2Date 9.502 Released

Hi Everyone,

Today we've released UTM 9.502. The release will be rolled out in phases. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.

IMPORTANT: The re-join workaround is required after upgrading from 9.501 to 9.502. See: https://community.sophos.com/kb/en-us/126819

 

[Edit 2017-07-17]: Moved workaround into a KBA.

[Edit 2017-07-18]: Release is available as GA

 

Up2Date Information

News

  • Maintenance Release
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade

Remarks

  • System will be rebooted

Bugfixes

  • NUTM-8127 [AWS] Link to CloudFormation console during cloudupdate is not working
  • NUTM-3213 [Access & Identity] Inconsistent behaviour/state when deleting a user cert
  • NUTM-3283 [Access & Identity] IPSec: VPN ID shall not include blanks
  • NUTM-3294 [Access & Identity] Menu option (keyboard layout) background not rendered properly in IE (version 11.0.9600.17728)
  • NUTM-6972 [Access & Identity] SSLVPN disconnection: backend AD sync
  • NUTM-7897 [Access & Identity] Argos doesn't start in HA setup without IP address
  • NUTM-7940 [Access & Identity] Client Authentication daemon crashes in HA scenario
  • NUTM-7982 [Access & Identity] SSL VPN connection not possible since v9.5 if organisation name contains umlauts
  • NUTM-7996 [Access & Identity] Devices authenticated via SAA are no longer associated with multiple user network objects in UTM 9.5
  • NUTM-8122 [Access & Identity] L2TP connections with separate DHCP server does not work
  • NUTM-8146 [Access & Identity] PPTP fails to connect when Assign IP addresses by is set to DHCP Server
  • NUTM-8147 [Access & Identity] OpenVPN vulnerabilities
  • NUTM-8161 [Access & Identity] OpenVPN vulnerabilities (client part)
  • NUTM-8280 [Access & Identity] High confd load through UMA
  • NUTM-8130 [Basesystem] Linux vulnerability 'The Stack Clash'
  • NUTM-8156 [Basesystem] Apache httpd vulnerability (CVE-2017-3169)
  • NUTM-7235 [Confd] READONLY user can download support package
  • NUTM-7425 [Email] Emailenc causing high load - permanently 100% CPU usage
  • NUTM-7790 [Email] Restrict long regular expression in WebAdmin
  • NUTM-7876 [Email] POP3 Proxy stops working after some time
  • NUTM-7889 [Email] Sandbox scan doesn't work - worker_do_get_file req content parsing error or missing parameters
  • NUTM-6116 [Network] Service_monitor sets wrong IP address for availability group
  • NUTM-7647 [Network] WAN random disconnects
  • NUTM-7735 [Network] ATP doesn't work with "Send anonymous application accuracy telemetry data" disabled.
  • NUTM-7950 [Network] Dhcp client not running - restarted
  • NUTM-8015 [Network] Main interface IP address swapped by additional address for DHCP setup
  • NUTM-7543 [Reporting] Calculate correct malware count for ExecReport
  • NUTM-7609 [Reporting] Websec-reporter is constantly restarting
  • NUTM-7725 [Reporting] High latency while navigating through WebAdmin after trying to display Web Reports
  • NUTM-7878 [WAF] Segfault for HTTP 1.0 requests when cookie rewriting is enabled
  • NUTM-6845 [Web] https://sslvpn.goodix.com does not loads through UTM PROXY
  • NUTM-7467 [Web] Sandstorm communication issues in some configurations
  • NUTM-7697 [Web] httpproxy.ConfdReload - core dump generated during configuration reload
  • NUTM-7895 [Web] Enable SMB2 in Samba
  • NUTM-7939 [Web] Chrome v58 and higher fail verification with HTTPS scanning enabled
  • NUTM-7967 [Web] httpproxy coredump
  • NUTM-7960 [Web] Authentication issue after upgrade to 9.5 (kerberos)
  • NUTM-8110 [Web] Since upgrading to 9.501 authentication stops working every morning
  • NUTM-6950 [WiFi] APs displayed as inactive in WebAdmin while clients connect to SSIDs which are still being broadcasted
  • NUTM-7495 [WiFi] Wireless client IP in Webadmin not updated after changing the SSID
  • NUTM-6646 [AWS, REST API] REST API panic when unlocking unlocked mutex
  • NUTM-7962 [WiFi] Split traffic not working for wireless clients on RED15w after upgrade to v9.5
  • Has anyone already installed this update yet?  If so have you noticed anything else breaking from the update?

  • Any updates from bad experiences, we hit the below so very cautious to move of 9.413

    NUTM-8110 [Web] Since upgrading to 9.501 authentication stops working every morning

  • I've updated a few UTMs to 9.502 and no problems so far - some were from the version that broke Kerberos and others were from earlier versions. In all cases, the UTMs were re-joined to the AD domain following the upgrade. The problems with AD SSO have been resolved.

  • I'm using version 9.413. Has anyone upgraded directly to version 9.502 (update to latest version now) and everything worked correctly?