Version 4.3.4.0 Release Notes

This release includes the following updates and fixes.

Resolved Issues

Work Order Description
NSWA-1215 Issue fixed in which FTP authentication could fail in IE and Firefox.
NSWA-1332 Added a new option to allow ICMP redirects.
NSWA-1349 Fixed issue in which policy was not correctly applied to blocked file types within archives.
NSWA-1374 Updated network test URLs to use the actual URL and protocol that is used by the system to update.
NSWA-1376 Fixed a scaling issue on the support assistance page.
NSWA-1381 Fixed an issue in which updates to the appliance would incorrectly report a failure.
NSWA-1382 Added a new CA certificate for HTTPS scanning and a new option to switch to the new certificate. The existing built-in CA certificate on all Web Appliances expires on May 20, 2018. Customers should deploy the new certificate to all endpoints before switching over on their appliance. Customers will be notified beforehand that the certificate will expire.

The built-in certificate is provided for convenience and is the same for all Web Appliances. To improve security, customers should consider creating and using a custom CA certificate for their organization. For more information refer to the KB article at https://community.sophos.com/kb/en-us/127827.

NSWA-1387 Fixed an issue in which non-RFC compliant hostnames could not be exempt from HTTPS scanning.
NSWA-1393 Fixed an issue in which iOS11 was being detected as Mac OSX.
NSWA-1396 Fixed a code injection vulnerability on the Timezone page. This issue was reported by Christian Demko of MWR InfoSecurity.
NSWA-1477 Fixed an issue in that could cause loading chunked pages to fail.
NSWA-1478 Fixed an issue that could cause SMA/SWA syncing to take a long time and cause a connection warning.