• Release of Sophos Web Appliance v4.3.10.3

    We have just released version 4.3.10.3 of the Sophos Web Appliance software. Your appliance should receive this update over the coming week if it has not already upgraded. This release addresses the recently-discovered vulnerability in OpenSSL, C...
  • Release of Sophos Web Appliance v4.3.10.2

    We recently began rollout of version 4.3.10.2 of the Sophos Web Appliance software. Your appliance should receive this update over the coming week if it has not already upgraded. This release addresses an issue that was caused by the recent expiry of...
  • Changes to appliance service IP addresses

    Note: Initially published August 13, 2020. Updated on January 8th, 2021

    To improve the resiliency of the services that support Sophos Web and Email appliances, we are making some network infrastructure changes at our data centers. This requires IP address changes for services used by appliances. These changes are planned for January 23rd, 2021 starting at 1100 EST / 1600 UTC

    For most customers this should not be an issue…

  • Advisory: Sophos Web Appliance- Support submissions from Appliances do not create cases in Service Cloud

    Hi Community,  It appears that users submitting Support requests via appliances do not get a case created at the moment. The email route works if used outside of the appliance but not from the Email or Web Appliance.  We are investigating t...
  • Release of Sophos Web appliance v4.3.10.1

    Hi Community,

    Sophos Web appliance v4.3.10 has been released! 

    Resolved Issues

    Work Order

    Description

    NSWA-1690

    Resolved an issue with Certificate Validation caused by expiry of the Sectigo ‘AddTrust External CA Root’ certificate authority

    For release notes, please check the following link:

     
  • Release of Sophos Web appliance v4.3.10.1

    Hi Community,

    Sophos Web appliance v4.3.10 has been released! 

    Resolved Issues

    Work Order

    Description

    NSWA-1690

    Resolved an issue with Certificate Validation caused by expiry of the Sectigo ‘AddTrust External CA Root’ certificate authority

    For release notes, please check the following link

     
  • Release of Sophos Web appliance v4.3.10.1

    Hi Community,

    Sophos Web appliance v4.3.10 has been released! 

    Resolved Issues

    Work Order

    Description

    NSWA-1690

    Resolved an issue with Certificate Validation caused by expiry of the Sectigo ‘AddTrust External CA Root’ certificate authority

    For release notes, please check the following link

     
     
  • Release of Sophos Web appliance v4.3.10

    Hi Community,

    The rollout of Sophos Web appliance v4.3.10 is started just now. This version has a below-mentioned resolved issues.

    Work Order

    Description

    NSWA-1671

    Fixed an issue where the Sophos Cloud Endpoint certificate was not trusted, causing problems with installation

    NSWA-1674

    Added configuration to allow limiting the minimum TLS version supported by the proxy

    NSWA-1675

    Fixed a XSS vulnerability…

  • Release of SWA v4.3.9.1 - Mac OS Catalina, iOS 13 and certificate trust changes

    We've just started the rollout of version 4.3.9.1 of the Sophos Web Appliance software. This update is a small one, aimed at ensuring compatibility with the new version of macOS, Catalina (version 10.15) and iOS 13.

    In Catalina, Apple have updated the criteria that the operating system will enforce when validating TLS certificates. You can find out more information about the change on Apple's website.

    We have…

  • Release of SWA v4.3.9 - Support for a new Sandstorm data center

    Rollout of version 4.3.9 of the Sophos Web Appliance has just begun. This version fixes a few issues and delivers a couple of minor feature enhancements. It also adds support for a new Sandstorm data center, located in Frankfurt am Main, Germany.

    For most customers who use Sandstorm for advanced threat protection on the Sophos Web Appliance, the best option is to leave the data center configuration as the default 'Let…

  • Release of SWA version 4.3.8.1 - addressing the TCP SACK PANIC vulnerability

    We have just begun the rollout process for version 4.3.8.1 of Sophos Web Appliance.

    As with many other products, the Sophos Web Appliance is vulnerable to the TCP SACK PANIC issues described in this Naked Security article. Sophos published an initial advisory regarding this issue here: https://community.sophos.com/kb/en-us/134237

    Version 4.3.8.1 addresses these vulnerabilities. This update will be applied in the next…

  • Release of SWA v4.3.6 - Safesearch for Bing over HTTPS

    It's time for another small update for the Web Appliance. Version 4.3.6 will be going out to customers over the next couple of weeks.

    This version addresses a number of bugs that have been reported by customers. See the release notes for details.

    It also extends the Safe Search enforcement feature of the Web Appliance by adding the ability to enforce safe search for Bing, even when HTTPS decryption is not enabled…

  • Release of SWA v4.3.5 - Sandstorm presence in Asia Pacific

    We are just starting the rollout of another update to the Sophos Web Appliance. Most of what's in version 4.3.5 relates to fixing issues reported by customers. For more details on the issues addressed, please take a look at the release notes.

    There is one new feature in this update, which may be of interest to customers in the Asia Pacific region who are using Sandstorm.

    In late 2017, Sophos expanded the Sandstorm…

  • Release of SWA v4.3.4 - Important information for customers using HTTPS decryption

    A new version of the Sophos Web Appliance software is being rolled out starting this week. Version 4.3.4 combines a number of fixes for reported bugs, including a potential vulnerability reported to us by Christian Demko of MWR InfoSecurity. Thanks to Christian for notifying us of this issue.

    A list of issues addressed in this version can be found in the release notes.

    It also includes an update to the built-in Certificate…

  • Release of SWA v4.3.3.1

    Today we started rollout of version 4.3.3.1. This update addresses an issue reported by a number of customers with version 4.3.3 where users were occasionally unable to authenticate. This was particularly noticeable with usernames containing non-ASCII characters.

    It also addresses a potential vulnerability in the Report Schedule user interface. It was possible for a logged-in Administrator to insert code into the Report…

  • Release of SWA v4.3.3 - includes support for SMB v2

    This week we began rollout of version 4.3.3 of the Sophos Web Appliance software. We will be making it available gradually to customers over the next 2-3 weeks.

    This version supports SMBv2 and eliminates the dependency on SMB v1 that was highlighted as an issue after the WannaCry ransomware outbreak in May. Although Microsoft provided patches for the specific SMBv1 vulnerability that was exploited by Wanna, it was widely…

  • Release of SWA v4.3.2.1 - Security fix

    Today we are publishing update version 4.3.2.1 for the Sophos Web Appliance. This is a fairly small update that covers a couple of security-related issues.

     The most significant change removes support for Microsoft Internet Explorer 8.0 and earlier when using the Web Appliance's administrative UI by removing some old, weak cipher suites. We had kept these cipher suites enabled for compatibility reasons even though we…

  • Release of SWA v4.3.2 - security and defect fix rollup

    Today we are beginning the rollout of update version 4.3.2 for Sophos Web Appliance. This update will be made available to all customers over the next couple of weeks.

    This update is a rollup of a number of bug fixes and also addresses two vulnerabilities that were reported to us by security researchers Brian Martin of Tenable Security Response, and Wilhelm-Jan Stiny.

    The first vulnerability was found in the FTP redirect…

  • Release of SWA v4.3.1.4 - Chrome and SSL decryption

    We have begun to roll out another SWA update - version 4.3.1.4. This update should be available to all customers within the next week. This update was made necessary by an upcoming change to Google Chrome. In version 58 of Chrome, HTTPS certificate v...
  • Release of SWA v4.3.1.3

    Version 4.3.1.3 is being released to all customers today. It fixes one issue that is triggered when accessing an ftp:// url from the browser in explicit proxy mode. Although it's only one issue, it has affected a number of customers and can cause browsing interruptions, so we thought we should release it as soon as possible.

    The release notes for this version can be found here: http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4…

  • Release of SWA v4.3.1.2

    This week we started the rollout of another update to the Sophos Web Appliance. Version 4.3.1.2 is an important update that fixes a number of vulnerabilities that were reported to Sophos recently by security researchers Russell Sanford at Critical Start and Kapil Khot of the Qualys Security Research Team. Customers should all receive this update by the middle of next week.

    One of the issues describes a way that an attacker…

  • Release of SWA v4.3.1.1

    Today we are starting the rollout of SWA version 4.3.1.1. This is a hot fix release that addresses a couple of issues seen in the field by customers.

    For more information about the release, check the Release Notes.

  • Release of SWA version 4.3.1

    In the past day, we have begun the release of version 4.3.1 of the Sophos Web Appliance. Rollout will continue to customers over the next couple of weeks.

    This new version fixes a vulnerability, discovered by Russell Sanford of Critical Start, along with a number of defects that were either discovered in-house or experienced by customers. You can find out more about these fixes in the Release Notes.

    A couple of the fixes…

  • Release of SWA version 4.3.0.2

    Late last week we released version 4.3.0.2 of Sophos Web Appliance to all customers. This is the final update in the process of rolling out version 4.3 to all customers.

    Version 4.3 of the Web Appliance adds a few new features along with an upgrade to the base Operating System to ensure that the latest security fixes continue to be easily available to you.

    One of the changes made is an update to the communications protocols…