We've just released UTM version 9.7 MR17 (9.717). Our usual release phases will be accelerated for this release as it addresses a serious security vulnerability in the Exim email server:

Details of this release, along with previous releases, can be found on our official release notes page.

Important information

This release addresses a vulnerability in the Exim email server component that is used in SG UTM's email gateway feature. Full information about the recently disclosed vulnerabilities in the Exim software can be found in our security advisory on the topic. 

This release also addresses an issue that was discovered by a few customers affecting the performance of SG UTM systems with Intel i40e network interfaces. This may impact some customers with pluggable network interface modules using this chipset, or customers running SG UTM as software on non-Sophos hardware with network interfaces of this type.

We recommend that all customers upgrade to 9.7 MR17 as soon as possible. Customers who have not yet updated to 9.716 are encouraged to go straight to 9.717 by allowing the up2date process to apply all available updates in sequence.

Other news

  • Maintenance Release
  • Security Release


  • System will be rebooted
  • Configuration will be upgraded

Issues resolved

  • NUTM-14362 - [Basesystem] Increase granularity of ethernet offload options
  • NUTM-14368 - [Email] Exim: libspf2 vulnerability - CVE-2023-42118