Sophos has just soft-released 9.707 today, fixing theese issues, here is from release notes:
We’ve just released UTM 9.707. As usual, the release will be rolled out in phases:
- In phase 1 you can download the update package from our download server.
- During phase 2 we will make it available via our Up2Date servers in several stages.
- In phase 3 we will make it available via our Up2Date servers to all remaining installations.
- Maintenance release
- Security release
- System will be rebooted
- Configuration will be upgraded
- NUTM-12550 [Access & Identity] Replace deprecated option in SSLVPN client config
- NUTM-12310 [Email] SPF checks incorrectly occurring when multiple upstream hosts are configured in an availability group
- NUTM-12672 [Logging] IPFIX does not switch source and destination ports between inbound and outbound side of flow
- NUTM-12749 [Basesystem] Update bzip2 to address CVE-2019-12900
- NUTM-12590 [Basesystem] Patch OpenSSL against CVE-2021-23840 & CVE-2021-23841
Remark, the “NUTM-12550 [Access & Identity] Replace deprecated option in SSLVPN client config” contains this change:
They replaced the deprecated command-line option --tls-remote with the update option --verify-x509-name in OpenVPN client config files.
This updated option has been supported in OpenVPN since version 2.5.3, released in 2013. Continuing to use the older option generates warnings during connection.