Cisco is pleased to announce a new major release of AsyncOS 9.1.0 for Email. This release applies to all our Email Security Appliances (C-Series, X-Series, and virtual appliances) with 8GB of RAM, and the C170 appliance.
Please note that the following hardware is NOT supported for this release: C160, C360, C660, and X1060
New Enhancements in AsyncOS 9.1.0 for Email
- File Analysis quarantine improvements: Messages can now be automatically released or deleted from the centralized File Analysis quarantine on the Content Security Management Appliance based on the analysis verdict.
- Updater Enhancement: Email security appliance can check the validity of the Cisco updater server certificate every time the appliance communicates with the updater server.
- Option to disable SSLv3 for enhanced security: The new sslv3config command in CLI can used to disable SSLv3 for the the following services - Updater, URL Filtering, End User Quarantine and LDAP
Short list of defects fixed in AsyncOS 9.1.0 for Email
CSCut42997 - ESA Resource Monitor in 9.0 can make C170s unusable
CSCus45574 - Messages with Status "unsupported file type" need to be handled in ESA
CSCur27131 - Evaluation of CVE-2014-3566 on Cisco Email Security Appliance
CSCus54216 - Auto-release is not happening if file is not uploaded with curl error
CSCzv93864 - Cisco IronPort ESA Subject header length DoS Vulnerability
CSCup53161 - Check the status of CASE to prevent it swap exhaustion
CSCzv54343 - Uuencode emails are generating scanning error.
CSCuq71053 - OOXML files with non-standard file order are mis-detected as zip files
CSCut24259 - Changing case of Group query name in LDAP profile does not take effect.
CSCzv38297 - ESA FreeBSD -- glob(3) related resource exhaustion
Note: Security Management Appliance upgrade to AsyncOS 9.1 for Management is required for full interoperability with AsyncOS 9.1 for Email.
Complete list of defects fixed:
https://tools.cisco.com/bugsearch/search?kw=*&pf=prdNm&pfVal=282509130&rls=9.1.0-032&sb=fr&srtBy=byRel&bt=custV
For further information about this release, please refer to the AsyncOS release notes available on Cisco.com at the following URL:
Cisco Email Security Appliance http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-release-notes-list.html
Cisco Content Security Management Appliance http://www.cisco.com/c/en/us/support/security/content-security-management-appliance/products-release-notes-list.html
AsyncOS 9.1.0 for Email release notes:
http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-1/ESA_9-1_Release_Notes.pdf
Changes in Behavior
While configuring the global settings for listeners, you can now specify whether to accept or reject messages based on the size of the subject. If you specify this parameter, messages having subject size within the specified limit will be accepted and any other messages will be rejected. For more information, see Cisco AsyncOS for Email User Guide
How to Upgrade
Prior to upgrading to this release, please read the Release Notes referenced above and save a copy of the configuration file somewhere other than on your appliance.
Once you have read the Release Notes you may log into the command line of your IronPort Appliance as the 'admin' user, and type 'upgrade', or use the WebUI upgrade functionality in the 'System Administration' tab.
You may upgrade directly to the highest version available in the displayed list.
**NOTE** It is important that you follow the upgrade instructions available in the Release Notes. If you do attempt to upgrade and do not see the desired release version available, your appliance is likely not on a version allowed to upgrade directly. See 'Upgrade Paths' below.
Upgrade Paths
Please refer to the Release Notes for qualified upgrade paths. If your systems are on any other AsyncOS release, you will need to perform multiple upgrades as specified in the release notes. Only the immediate next step in the upgrade path will be shown to you, with the next revision being shown once you are at the approved level.
The qualified upgrade paths to reach AsyncOS 9.1.0-032:
ASYNCOS 8.0.2-066 -> ASYNCOS 9.1.0-032
ASYNCOS 8.5.6-106 -> ASYNCOS 9.1.0-032
ASYNCOS 8.5.6-116 -> ASYNCOS 9.1.0-032
ASYNCOS 9.0.0-500 -> ASYNCOS 9.1.0-032
ASYNCOS 9.1.0-024 -> ASYNCOS 9.1.0-032
Supported Hardware for This Release
All virtual appliance models.
The following hardware models:
– C380 or C680
– C170
– C370, C370D, C670 or X1070 appliances (8GB of RAM models)
Upgrading Deployments with Centralized Management (Clustered Appliances)
If a cluster includes C160, C360, C660, or X1060 hardware appliances, remove these appliances from the cluster before upgrading. All machines in a cluster must be running the same version of AsyncOS, and x60 hardware cannot be upgraded to this release. If necessary, create a separate cluster for your x60 appliances.
Release Stage
Early Deployment (ED) A Cisco software release that provides new features and new platform support, in addition to bug fixes. This is intended for early adoption by customers. This was formerly called First Customer Ship (FCS).
Need further assistance? Product Support | Downloads | Open a Support Case