[Note: this post was updated on 15 July 2021 to correct the omission of two resolved issues, on 20 July to advise of potential hardware compatibility issues, and again on 29 July to update a CVE reference]
Email protection features in this release depend on CPU features introduced by Intel and AMD 10-15 years ago.
SG-series appliances and many older end-of-life Sophos appliance models are not affected. Devices running on KVM/QEMU or on hardware with older CPUs may experience issues - consult this article before upgrading.
Today we've released UTM 9.706. The release will be rolled out in phases.
NUTM-12050 [Access & Identity] IPv6 auto-firewall rules missing with IPsec S2S respond only
NUTM-12062 [Access & Identity] AD Group object not updated when user with an Umlaut in the username logs in
NUTM-12188 [Access & Identity] openl2tp service is dead and unable to start
NUTM-12198 [Basesystem, UI Framework] Webadmin host injection reported
NUTM-11753 [Basesystem] SG450 RAID status not alerting
NUTM-11988 [Basesystem] Interface goes down after re-assigning the hardware of an interface
NUTM-11989 [Basesystem] BGP issue causes long delay in UTM startup
NUTM-12064 [Basesystem] Perl - Vulnerabilities
NUTM-12112 [Basesystem] Libc Vulnerabilities
NUTM-12122 [Basesystem] net-snmp Vulnerability CVE-2019-20892
NUTM-12354 [Basesystem] Patch BIND (CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624)
NUTM-12471 [Basesystem] OpenSSL: CVE-2020-1971 - DoS
NUTM-11941 [Email] unnecessary SMTP restarts due to a SSL VPN login
NUTM-12286 [Email] ECC Ciphers ECDH-ECDSA not supported by Exim SMTP
NUTM-12542 [Email] Arbitrary Config Object Deletion via User Portal
NUTM-11915 [Network] Ipsec routes will be removed if a wifi network will be added and the ipsec local networks overlap with an existing wifi network
NUTM-12045 [Network] INFO-122 Dhcpd not running
NUTM-12280 [RED] RED site-to-site tunnels reconnecting at random intervals (utm to tum)
NUTM-12253 [RED_Firmware] Split DNS doesn't work with SD-RED
NUTM-12379 [RED_Firmware] RED doesn't reboot after reconnect doesn't work properly
NUTM-12098 [UI Framework] Remote crash of User Portal index.plx
NUTM-11950 [WAF] AH00051 child pid XXXX exit signal Segmentation fault (11), possible coredump in /tmp
NUTM-12148 [WAF] WAF not always sending SNI to backend
NUTM-12029 [Web] AWS https scanning connect timeout on some sites with chrome
NUTM-12204 [Web] High CPU with http proxy coredumps.
NUTM-12032 [Wireless] "&" sign in PSK cause issues after config change
NUTM-12127 [Wireless] wireless client list empty
NUTM-12254 [Wireless] Website not loading for wireless user due to large packets whose size is larger than the MTU of the link
NUTM-12362 [Wireless] AP55/55C/100X/320X : Communication issue for Clients which are connected to the same SSID but at different APs
NUTM-12383 [Wireless] All SSIDs disappears from AP and disconnects all connected clients
NUTM-12317 [Email] Stored XSS can execute as administrator in quarantined email detail view. (CVE-2021-25273)
Hey Eddy, I was just struggling with this same issue, but from a different angle.Turns out, the naming works like so:u2d-sys-9.<Minimum version you need>-<version you will be upgrading to>.tgz.gpg
Updated a bunch of SGs wit all features the last days - so far no problems.
Sophos's naming convention in the download server is confusing as hell. Either that or the 9.706 is not released yet as claimed in this article.
u2d-sys-9.705003-705007.tgz.gpg 2021-May-12 18:38:55 12.0M application/octet-streamu2d-sys-9.705003-706008.tgz.gpg 2021-May-03 09:52:27 268.8M application/octet-stream
today, already release 9.705-7,and tomorrow for 9.706-9 will fix exim21 nails vulnerabilities