Showing results for 
Search instead for 
Did you mean: 

GD Availability of AsyncOS 9.6.0-042 for ESA

Robert Sherwin
Cisco Employee

Cisco is pleased to announce the General Deployment (GD) milestone for 9.6.0-042 for Email Security.  This release applies to Cisco Email Security Appliances (ESA)[C-Series, X-Series, and all virtual appliances].  9.6.0-042 encompasses both the earlier 9.5 Beta/Limited Deployment (LD) release(s) and 9.6 fixes and feature/product enhancements.  Please see the release notes for complete details for “What’s New in AsyncOS 9.6 for Cisco Email Security Appliances.”


Short list of defects fixed in AsyncOS 9.6 for Email

  • CSCuu95676: Email Security Virtual Appliance Default SSH Host Keys Vulnerability
  • CSCuu95988: Web Security Virtual Appliance Default Authorized SSH Key Vulnerability
  • CSCuu95994: Virtual ESA Default Authorized SSH Key Vulnerability
  • CSCuq16122: Bad file descriptor errors in sds_client logs lead to workq pauses
  • CSCus79598: SDS / CASE race condition, high SDS CPU, low CASE CPU = slow workqueue
  • CSCut63809: Missing validation check when specifying IP addresses for Sender Group
  • CSCuu48114: Mail Policy is not applied as expected
  • CSCuu70639: Email backups from unnecessary Stellent scans
  • CSCuu76594: SCP fails if there is a blank line in WELCOME message
  • CSCuv16010: Older Demo Certificate issues with upgrade to 9.5


Please see here for complete list of 9.6 fixed issues.

Please see here for complete list of 9.5 fixed issues.


Please see here for complete list of 9.6 known issues.

Please see here for complete list of 9.5 known issues.


AsyncOS 9.6 for Email Security Release Notes


For further information on this release and others, please refer to the AsyncOS for Email Security Release Notes available on


How to Upgrade

Prior to upgrading to this release, please read the Release Notes referenced above and save a copy of the configuration file somewhere other than directly on the appliance.


Once the Release Notes have been read and reviewed, log into the CLI of the Content Security Appliance as the 'admin' user and run upgrade, or use the GUI upgrade functionality, System Administration > System Upgrade.  The appliance may upgrade directly to the highest version available in the displayed list.


NOTE: It is important to follow the upgrade instructions available in the Release Notes. When upgrading, if the desired release version is not listed, the appliance may not be on a revision that is able to upgrade directly.  See 'Upgrade Paths' below.


Upgrade Paths

Please refer to the Release Notes for qualified upgrade paths.  If the appliance(s) are on any other AsyncOS revision, it may need to have multiple upgrades performed, as specified in the release notes. Only the immediate next step in the upgrade path will be shown, with the next revision being shown once the appliance is at appropriate provisioned version.


The following versions are available to upgrade directly to 9.6.0-042:

  • phoebe-8-5-6-106 -> phoebe-9-6-0-042
  • phoebe-8-5-7-042 -> phoebe-9-6-0-042
  • phoebe-9-1-0-032 -> phoebe-9-6-0-042
  • phoebe-9-5-0-201 -> phoebe-9-6-0-042
  • phoebe-9-6-0-030 -> phoebe-9-6-0-042


(*Please note – the new upgrade path from 8.5.7-042!)


Release Stage

General Deployment (GD).  A Cisco software release that provides new features and new platform support in addition to bug fixes which is ready for deployment anywhere in customer networks where the features and functionality of the release are required. This was formerly called General Availability (GA).

Recognize Your Peers
Content for Community-Ad