We've just released SG UTM version 9.712. The release will be rolled out in phases:

News

  • Maintenance release
  • Security release

Remarks

  • System will be rebooted
  • Configuration will be upgraded

Issues resolved

  • NUTM-13504 [WAF] Enforce usage of valid Let's Encrypt root CA
  • NUTM-13496 [Basesystem] Openssl vulnerability. The UTM software is not vulnerable to this CVE. - CVE-2022-1292
  • NUTM-13376 [Basesystem] DHCP Relay not working after upgrade to 9.704
  • NUTM-13227 [Basesystem] uriparser vulnerabilities- Multiple CVEs
  • NUTM-13215 [AWS] AWS Pay-As-You-Go license expires on C5/M5 instances
  • NUTM-12872 [Basesystem] LibXML vulnerability - CVE-2021-3541

Link to Full Release Notes: Sophos Release Notes

Notice: An issue was discovered in the early stages of rollout that impacted SG UTM in Amazon Web Services on C5 or M5 instance types. Affected devices did not restart after updating to version 9.712. We published a new update (9.712-13) to address the issue and removed the original release package (9.712-12). This blog post was updated with the new release package details on September 19, 2022.