New code injection vulnerability in the User Portal and Webadmin of Sophos Firewall

Surprised there is no 'banner' announcement of this in the community forum (I learnt about it from a third party security mailing list). I've said it before but I will say it again, I think it is a major failing of Sophos not to have a security alert mailing list.

Details here -

How to check if your XG has been patched -

Added TAGs
[edited by: emmosophos at 9:53 PM (GMT -7) on 23 Sep 2022]