Hi XG Community!

We've finished SFOS v16.05.2 MR2. This release is available from within your device for all SFOS v16.05 MR1 installations as of now and will increase the group in a few days.
The release is available to all SFOS version via MySophos portal.

Update: The release is available to all SF installations as of 17 March.

Issues Resolved

  • NC-15682 [API] Add migration support for CR 10.6.5 to SF 16.05
  • NC-13548 [Authentication] Not able to add STAS collector in new Group in IE 11
  • NC-16686 [Backup-Restore] Restoring of policy route fails
  • NC-6555 [Base System] Filter for WAF component is not available in Log Viewer
  • NC-16158 [CR-to-CN_Migration] Skip discover zone rules when migrating from CROS to SFOS
  • NC-16043 [Certificates] UI Label missing - Page System > Certificates > Certificate Authorities
  • NC-13711 [Documentation, Reporting] Adjust UI labels for reports
  • NC-13030 [Firewall] Improve firewall description for source and destination when using heartbeat
  • NC-14406 [Firewall] Unable to delete user if added to a firewall rule
  • NC-16269 [Firewall] Improve description of country group Africa
  • NC-16342 [Firewall] XG reboots whenever another XG that is connected via IPSec gets rebooted
  • NC-16159 [Galileo Heartbeat] Heartbeat service does not start automatically after HA failover
  • NC-11141 [HA] Clicking HA AUX configuration save button twice results in error message
  • NC-15699 [HA] HA A-A mode - AUX appliance is not passing traffic from bridge interface
  • NC-14992 [Hotspot] Hotspot stopped working due to missing chain "hotspot_filter_in"
  • NC-15768 [Hotspot] WLAN interface should be removed after deleting hotspot SSID
  • NC-15928 [Hotspot] Add support for TLS 1.1 and TLS 1.2
  • NC-15139 [IPS] Quality issues with VoIP calls when forwarded over XG
  • NC-16215 [Localization] Translation error on UI with traditional chinese
  • NC-15472 [Logging] Report SMTPs traffic when using secure communication over port 25
  • NC-14380 [Mail Proxy] Incorrect values shown for disk utilization for SMTP quarantine
  • NC-14539 [Mail Proxy] Legacy mode - improve notifiaction for delivery failure reason for SPX password requirement
  • NC-14822 [Mail Proxy] Email address should be displayed in log viewer for sandstorm email logs
  • NC-15201 [Mail Proxy] API Sample configuration missing for MTA
  • NC-15542 [Mail Proxy] Emails are rejected when service gets large number of IP reputation request
  • NC-15838 [Mail Proxy] Re-scan email for AV at time of release from quarantine in proxy mode
  • NC-16313 [Mail Proxy] Double dash in domain name not allowed in SMTP hostname
  • NC-16595 [Mail Proxy] MTA segfault in case of invalid content disposition header
  • NC-16608 [Mail Proxy] File is not blocked/filtered by MTA if file name contains i18n characters.
  • NC-16661 [Mail Proxy] Sandstorm scan is bypassed when attachment does not contain content-disposition
  • NC-17150 [Mail Proxy] Global SPX is not working in case of sender profile match and recipient profile does not match.
  • NC-16382 [Network Services] Cannot add non-hex values in DHCP server options
  • NC-15777 [Networking] Missing conntrack after migration of primary and backup gateway
  • NC-15476 [Qos] Wrong calculation of total guaranteed bandwidth
  • NC-15771 [RED] Cannot select 255.255.255.252 network in RED netmask in RED network settings
  • NC-15864 [RED] CCL details should be shown for TLS
  • NC-15950 [RED] Useless error message when wrong unlock code is entered
  • NC-11037 [Reporting] Data usage bar wraps to new line
  • NC-13574 [Reporting] Character corruption in traffic reports in Japanese language
  • NC-14554 [Reporting] Report notification email does not contain pdf attachment for non-english languages
  • NC-15715 [Reporting] Custom web reports shows the report for wrong time
  • NC-15767 [Reporting] Report group 'Sandbox' is displayed twice
  • NC-15787 [Reporting] File size content should not be clickable in detail report of Sandstorm module (both mail and web)
  • NC-15813 [Reporting] Summary tab is disabled when we click on detail report and no data is available for current filter
  • NC-15832 [Reporting] Mail report shows wrong number of mails sent
  • NC-16270 [Reporting] HA active passive - garner does not start after upgrade to SF 16.05 due to wrong name in OutputPlugin
  • NC-16508 [Reporting] Mismatch between objectionable websites count on control center and in reports
  • NC-4739 [Reporting] IPv6 address should be displayed in SSL VPN Remote Access User and Site to Site Usage Report
  • NC-13142 [SSLVPN] Revoking user certificate more than 10 times breaks SSL VPN remote access for all users
  • NC-15637 [SSLVPN] SSL VPN connection not possible if UDP is used
  • NC-15210 [Sandstorm] XML Export/Import does not work because Sandstorm get/set uses ids/names
  • NC-15644 [Sandstorm] Trial evaluation link sends incorrectly encoded activation link
  • NC-16282 [UI] WebAdmin is not accessible if special characters are used in company name
  • NC-1933 [Up2date Client] Wrong error message is shown for up2date pattern action when internet connection down
  • NC-16079 [VPN] IPsec service hangs until "send_mail_for_vpn_updown" opcode completes when email notification is used for updown event
  • NC-15629 [WAF] Fix padding oracle attack in mod_session_crypto (CVE-2016-073)
  • NC-16035 [WAF] Make cookiesign_drop_unsigned default to 1
  • NC-16318 [WAF] Prefork: MaxRequestWorkers of 256 exceeds ServerLimit value of 16 servers
  • NC-13988 [Web] MIME type multipart/form-data does not trigger HTTP uploads dynamic category
  • NC-14558 [Web] Use original destination port 443 in transparent mode for https-over-http case
  • NC-14970 [Web] NTLM authentication not working with Web Proxy
  • NC-15853 [Web] Redirection page issue with Sandstorm
  • NC-16192 [Web] Web Proxy restarting automatically
  • NC-15792 [Wireless] CVE-2016-5696: Update AP firmware
  • NC-15937 [Wireless] Fix visibility of Fast Transition option in different security modes
  • NC-16296 [Wireless] AP does not get IP address on 100 Mbit ethernet link
  • NC-6183 [Wireless] AWEd goes in unregistered state after HA failover

Downloads

You can find the firmware for your appliance from in MySophos portal.