Version 4.3.1 Release Notes

In addition to the issues below, this release includes performance and stability fixes.

Changes to DNS Lookup Behavior

In this release, the proxy will attempt DNS resolution against any one of the configured DNS forwarders (primary, secondary, or tertiary), exiting once it has a result, and moving on to the next server if and only if the query returns no result.

It is important that all configured DNS servers return the same results for all domains.

For more information, see the Knowledge Base article Changes to DNS Lookup behavior in version 4.3.1.

Resolved Issues

Work Order # Description
NSWA-510 Improved the behavior of time selection boxes
NSWA-1146 Fixed an issue in which the ‘Top users by category’ report did not include blocked requests
NSWA-1170 Fixed an issue in which Microsoft Office documents are blocked as a result of ZIP archives being blocked
NSWA-1171 Fixed an issue in which entering an IP address with a leading zero in any octet into a policy would make that policy ineffective and could prevent subsequent policy changes taking effect
NSWA-1213 Fixed an issue in which, when setting up a virtual machine from the console, users cannot create a host name that begins with a number
NSWA-1220 Fixed an issue in which a request to allow a ZIP archive that contains a .doc file cannot be submitted when ZIP archives are allowed and .doc files are blocked
NSWA-1258 Fixed an issue in which users can block or unblock an IP address in a quarantine policy and inject a shell command as described in CVE-2016-9553. This issue was identified by Russell Sanford of Critical Start.
NSWA-1261 Changed default NTP server to 0.sophos.pool.ntp.org
NSWA-1263 Fixed an issue in which requests were not handled correctly if the specified content length was shorter than the actual content length