Version 4.3.4 Release Notes

This release includes the following updates and fixes.

Resolved Issues

Work Order Description
NSWA-1215Issue fixed in which FTP authentication could fail in IE and Firefox.
NSWA-1332Added a new option to allow ICMP redirects.
NSWA-1349Fixed issue in which policy was not correctly applied to blocked file types within archives.
NSWA-1374Updated network test URLs to use the actual URL and protocol that is used by the system to update.
NSWA-1376Fixed a scaling issue on the support assistance page.
NSWA-1381Fixed an issue in which updates to the appliance would incorrectly report a failure.
NSWA-1382Added a new CA certificate for HTTPS scanning and a new option to switch to the new certificate. The existing built-in CA certificate on all Web Appliances expires on May 20, 2018. Customers should deploy the new certificate to all endpoints before switching over on their appliance. Customers will be notified beforehand that the certificate will expire.

The built-in certificate is provided for convenience and is the same for all Web Appliances. To improve security, customers should consider creating and using a custom CA certificate for their organization. For more information refer to the KB article at https://community.sophos.com/kb/en-us/127827.

NSWA-1387Fixed an issue in which non-RFC compliant hostnames could not be exempt from HTTPS scanning.
NSWA-1393Fixed an issue in which iOS11 was being detected as Mac OSX.
NSWA-1396Fixed a code injection vulnerability on the Timezone page. This issue was reported by Christian Demko of MWR InfoSecurity.
NSWA-1477Fixed an issue in that could cause loading chunked pages to fail.
NSWA-1478Fixed an issue that could cause SMA/SWA syncing to take a long time and cause a connection warning.