UTM Up2date 9.7 MR19 (9.719) released

We've just released UTM version 9.7 MR19 (9.719). As this is a regular maintenance update it will be released in three phases:

• In phase 1 you can download the update package from our download server. Click the link and navigate to the folder UTM / v9 / up2date.
  • Up2date package – 9.718 to 9.719 https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.718005-719003.tgz.gpg
  • Md5sum is cf86a634d9907d132ebe4fc622a07810 https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.718005-719003.tgz.gpg.md5
• During phase 2 we will make it available via our Up2Date servers in several stages.
• In phase 3 we will make it available via our Up2Date servers to all remaining installations.

Details of this release, along with previous releases, can be found on our official release notes page.

Along with a number of bug fixes and security improvements, you may notice one visible change - if you are using one of our older, end-of-life AP-series Wifi access points, the UI will display a message reminding you that they are end of life.

We published the lifecycle schedules for our AP models some time ago, and eventually delayed the event to 31 December 2023 as announced here on the Sophos Community. Although we expect these devices will continue to work for the foreseeable future, we will not be publishing any further updates to the access point firmware, even in the event that security issues are discovered.

Create and use encrypted backups in AWS

You can now create and use encrypted backups on your Sophos UTM instances running in AWS. This is an AWS update.

Other news

• Maintenance Release
• Security Release

Remarks

• System will be rebooted
• Configuration will be upgraded

Issues resolved

• NUTM-14447 [AWS, Network] VPC Route Propagation not working for added/Deleted Networks while connected.
• NUTM-14452 [Basesystem] OpenVPN config files are not compatible with OpenVPN 3 clients
• NUTM-14381 [Basesystem] Ulogd core dump
• NUTM-13857 [Basesystem] Tinyproxy vulnerability (ha_proxy) - CVE-2022-40468
• NUTM-12916 [Basesystem] Curl vulnerabilities - CVE-2021-22924, CVE-2023-28321, CVE-2023-28322 and others
• NUTM-14464 [Basesystem] Add the Sophos wildcard URL to default HTTPS scanning exceptions
• NUTM-14465 [HA/Cluster] Firewall misconfiguration could lead to ha_proxy acting as open proxy
• NUTM-14319 [Configuration Management, Security] Strengthen backup encryption
• NUTM-14364 [Email] S/MIME: WARNING - Encrypted, but cannot verify signature - on reply emails
• NUTM-14102 [Email] Upgrade Exim to 4.97.1
• NUTM-14487 [UI Framework] POST to WebAdmin with no Content-Type header causes worker crash
• NUTM-14442 [UI Framework] Arbitrary Host Header Manipulation in User Portal
• NUTM-14456 [UI Framework] Add a banner reminding that EOL access point devices are in use
• NUTM-14486 [WAF] WAF Segmentation fault with core dump
• NUTM-12897 [Web] Open redirection issue in login page