We've just released UTM version 9.7 MR16 (9.716). As usual, the release will be rolled out in phases:

Details of this release, along with previous releases, can be found on our official release notes page.

Other news

  • Maintenance Release
  • Security Release


  • System will be rebooted
  • Configuration will be upgraded

Sophos UTM no longer supports CFFS for web categorization

With this release, all online web categorizations will use Sophos XL Categorisation (SXL). This has been the default method since version 9.3 - released nearly 10 years ago - so this change will impact very few devices.

We recommend you upgrade to this release to benefit from this change.

For more information, see Decommissioning of obsolete URL categorization services (CFFS) on 1 September 2023.

Issues Resolved

  • NUTM-14139 [Basesystem] Mexico time zone still switches to DST
  • NUTM-14089 [Basesystem] High CPU usage by rrdtool due to DST
  • NUTM-14051 [Basesystem] Upgrade Postgres to 9.2.24 to address numerous vulnerabilities
  • NUTM-14038 [Basesystem] Address OpenSSL vulnerabilities: CVE-2023-0286, CVE-2023-0215
  • NUTM-13689 [Basesystem] Upgrade Apache to 2.4.56 to address numerous vulnerabilities
  • NUTM-13537 [Basesystem] VLAN interfaces on a RED interface are deactivated if you turn off and then turn on the RED interface
  • NUTM-14172 [Email] Potential denial of service vulnerability in SPX portal and Webadmin: CVE-2002-20001, CVE-2022-40735
  • NUTM-14107 [Email] SPX announcement email without message ID header
  • NUTM-14039 [Email] Potential denial of service vulnerability in email service: CVE-2002-20001, CVE-2022-40735
  • NUTM-13882 [Email] Downloading emails from Mail Manager fails
  • NUTM-14217 [UI framework] WebAdmin post-auth command injection: CVE-2023-3367
  • NUTM-14134 [WAF] Potential denial of service vulnerability in webserver protection: CVE-2002-20001, CVE-2022-40735