This release updates the kernel and OS, which includes numerous security, performance, and stability improvements.
This release allows you to block Windows script files, system files, and HTML Application files. Go to and cilck the Categories & Download Types tab to view file types and set actions.
The administrative web interface for this release supports TLS 1.2.
Support for YouTube for Schools has been removed as this service is no longer available.
You can now send files manually for testing by Sandstorm. In the Dashboard, click the Submit to Sandstorm tab, select a file or type the URL of a file, and click Submit. You can view the progress of the test in the Sandbox Activity Search page.
You can now select the data center to which you send files for analysis by Sandstorm. Go to .
If you release a file before it is finished being analyzed by Sandstorm and if the file is later determined to be malicious, an alert is sent to all alert recipients. Go to and click the System Alerts tab.
Sandstorm reports are now retrieved using TLS 1.2.
| Work Order # | Description |
|---|---|
| NSWA-867 | Fixed an issue in which policy tester result wouldn’t match the actual policy |
| NSWA-906 | Fixed an issue in which CSS files were incorrectly identified |
| NSWA-927 | Fixed an issue in which MP3 streaming media would not play correctly |
| NSWA-930 | Fixed an issue in which large local site lists could cause the UI to time out |
| NSWA-934 | Fixed an issue where trusted CA certificates were not refreshed after removing a trusted CA certificate |
| NSWA-935 | Fixed an issue in which the download scan icon displayed the incorrect status on the patience page |
| NSWA-936 | Made several improvements to the behavior of quota in SMA/SWA environments |
| NSWA-942 | Vulnerability Fix: OPENSSL DROWN as described in CVE-2016-0800 and related CVEs |
| NSWA-947 | Fixed an issue where some reports didn’t include HTTPS traffic when HTTPS scanning was disabled |
| NSWA-951 | Winbindd configuration improvements |
| NSWA-953 | Fixed an issue where the patience page wouldn’t display correctly in Firefox |
| NSWA-958 | Vulnerability Fix: SAMBA Badlock as described in CVE-2016-2118, CVE-2016-0128, CVE-2015-5370, and CVE-2016-2110 to CVE-2016-2115 |
| NSWA-975 | Increased the maximum number of additional policies allowed |
| NSWA-977 | Vulnerability Fix: Openssl as described in CVE-2016-2105 to CVE-2016-2109 |
| NSWA-980 | Vulnerability Fix: Fixed an issue where it was possible to evade quota settings |
| NSWA-982 | Fixed a port conflict that could cause FTP backup to fail |
| NSWA-984 | Additional file types not requiring Sandstorm analysis are now allowed through the proxy |
| NSWA-987 | Vulnerability Fix: Manual backup archive can be accessed unauthenticated by brute force. This issue was identified by Gregory Draperi. |
| NSWA-988 | Vulnerability Fix: Password hashes for administrators could be exposed on the users page. This issue was identified by Gregory Draperi. |
| NSWA-989 | Vulnerability Fix: FTP over HTTP page could be leveraged for malicious redirection. This issue was identified by Gregory Draperi. |
| NSWA-990 | Fixed an issue in which speed test upload results were slower than expected |
| NSWA-1144 | Vulnerability Fix: CVE-2016-5696 TCP |
| NSWA-1145 | Fixed an issue in which the SMAs connection to Liveconnect would fail |
| NSWA-1151 | Vulnerability Fix: OPENSSL SWEET32 as described in CVE-2016-2183 |
| NSWA-1208 | Vulnerability Fix: CVE-2016-9554. Shell command injection vulnerabilities in the SWA UI. This issue was identified by Matt Bergin of KoreLogic. |