Please Read Before Updating
Before installing any firmware version, be sure to make a backup of your configuration and read all release notes that apply to versions more recent than the one currently running on your system.
Note that upgrading to this release may cause you to lose any patches that have been installed by Barracuda Networks Technical Support onto your system. Please check the version details below to verify that the bug number for your issue is marked as fixed in the version that you are trying to install (or an earlier one) prior to installing.
Do not manually reboot your system at any time during an upgrade, unless otherwise instructed by Barracuda Networks Technical Support. Depending on your current firmware version and other system factors, upgrading could take up to 10 minutes. If the process takes longer, please contact Technical Support for further assistance.
Before upgrading, BE SURE TO TAKE THE BARRACUDA SPAM & VIRUS FIREWALL OFFLINE. This will ensure that the inbound queue is emptied and all messages are scanned before the upgrade process begins. See the BASIC > Administration page for the Offline button.
Upgrading to Version 5.x
- When upgrading from firmware version 4.1 or later:
- Make extra sure that you have a recent backup of your configurations, since backups taken from firmware versions earlier than 4.1 will NOT restore properly with version 5.1 or later.
- Once you have upgraded to version 5.1, Barracuda Networks does not recommend reverting to an older firmware version.
- The Microsoft IE6 browser is supported ONLY for end-user pages in the web interface, which include the following:
- QUARANTINE INBOX > Quarantine Inbox
- PREFERENCES > Whitelist/Blacklist
- PREFERENCES > Quarantine Settings
- PREFERENCES > Spam Settings
- PREFERENCES > Password
- When upgrading from firmware versions earlier than 4.1:
- You must be running firmware version 4.1 before upgrading to version 5.1, to ensure that all components are properly updated. If you are running on firmware version 3.x, you must first upgrade to the 4.x version listed on your Firmware Update page before you will be able to upgrade to firmware 5.x.
- Configuration backups from firmware versions earlier than 4.1 will NOT restore properly with version 5.1.
Firmware Version 5.1
What's New in Version 5.1
- Exchange Antivirus
- The new Barracuda Exchange Antivirus Agent runs as a Windows service on your Microsoft Exchange server and enables it to scan internal email for viruses. From the ADVANCED > Exchange Antivirus page you can download the add-in and view associated email statistics once it is installed and running.
- New IPv6 support provides email receipt and delivery over IPv6 networks.
- Email can be redirected by policy to an IPv6 network/server.
- The Barracuda Microsoft Outlook add-in now features a Send Encrypted button for sending encrypted emails.
- Encrypted messages display as such in the Message Log with 'Outlook Add-in' as the Reason.
- Administrators can upload a logo that will be displayed when recipients log into the Barracuda Message Center to retrieve encrypted messages.
- Outgoing email notifications to recipients of encrypted messages can be customized using the per-domain ADVANCED > Encryption page.
- Barracuda Control Center
- Improved Barracuda Control Center integration.
- Web Interface
- Sender Domain and Sender Email filters are now combined on one page titled Sender Filters.
- Simplified process for replacing failed units in a clustered system in a production environment.
- The Explicitly Accepted Users and Explicit Users to Scan For lists are now synchronized across clustered systems (see the ADVANCED > Explicit Users page in the global web interface, and the DOMAINS > Manage Domains > USERS > Valid Recipients page in the domain level interface).
- Mail Processing
- The Deep Header Scan setting for use with Trusted Forwarder IP addresses has been removed from the web interface, as this functionality is now part of the Trusted Forwarder feature.
- Sender-Based Rate Control for outbound messages now counts number of recipients per sender as opposed to number of connections from the sender. The requirement for five unique sender email addresses before initiating rate control has been removed.
- SNMP MIB extended to provide objects for additional mail and performance statistics, as well as statistics on encrypted, blocked, quarantined and tagged messages based on spam, custom policy, virus, etc. Includes outbound mail.
- Multiple line regular expressions are supported for header filtering.
- With HIPAA predefined filters, two or more terms are now needed to trigger an action with a message.
- SMTP auth failures are logged in the Message Log for outbound mail only.
Fixed in Firmware Version 5.1
- To remove any "Invalid Domain" errors that may appear after restoring a System Configuration backup file, perform a configuration Reload (from the BASIC > Administration page).
- Enhancement: Multi-level intent analysis consistently handles timeouts. [BNSF-21731]
- Fix: PTR record analysis now honors Trusted Forwarder status; i.e. IP addresses are checked until and including the first IP that is not a trusted forwarder. [BNSF-21490]
- Fix: Time zone updates for Israel per new 2013 DST settings. [BNSF-21277]
- Fix: Changing character set in the message viewer now shows the message body rather than a login screen. [BNSF-21348]
- Fix: Quarantined messages can now be viewed from any Barracuda Spam Firewall in a cluster. [BNSF-21348]
- Fix: Helpdesk users can view their own quarantined messages. [BNSF-21480]
- Fix: Barracuda Cloud Control shows correct status for firmware and subscriptions on the Status page. [BNSF-21521]
Barracuda Outlook Add-inThis firmware version requires update of your Barracuda Outlook Add-in (see the USERS > User Features page) to version 6.0.40 or later.
- Feature: Outlook Add-in now supports Outlook 2013. [BNSF-19535]
- Enhancement: Classification buttons are now available for public folders. [BNSF-20670]
- Fix: The property page shows correctly in Outlook 2003 and 2007. [BNSF-21300]
- Fix: The Outlook add-in starts even if a localization is unavailable. [BNSF-21492]
- Fix: Resolved the following vulnerabilities:
- High severity: Authentication bypass. [BNSEC-2625]
- Low - Medium severity: Persistent XSS; unauthenticated; authentication bypass. [BNSEC-2563]
- Enhancement: Improved Sender Policy Framework (SPF) algorithms for increased accuracy. [BNSF-18114, BNSF-20387, BNSF-20523, BNSF-20558, BNSF-20883, BNSF-21068, BNSF-21118]
- Enhancement: Multi-level intent analysis performs better with slow web servers. [BNSF-20003]
- Enhancement: Improved disk space management. [BNSF-20543, BNSF-21026, BNSF-21339, BNSF-21308]
- Enhancement: Improved recovery of services that are in an inconsistent state. [BNSF-20656, BNSF-20802, BNSF-20898]
- Enhancement: Improved credit card detection accuracy. [BNSF-20736, BNSF-21272]
- Enhancement: Improved Real-Time Protection performance for archived files. [BNSF-21147]
- Fix: The Create Password email can now be sent to users with spaces in the UID. [BNSF-14773]
- Fix: Block Sender Verify is no longer disabled when Block Empty Sender is enabled. [BNSF-14977]
- Fix: PTR record analysis is now performed when mail is received from a Trusted Forwarder. [BNSF-19257]
- Fix: All messages in a single SMTP session are now whitelisted when sent from a whitelisted IP address. [BNSF-19779, BNSF-20562]
- Fix: Improved whitelist setting interactions between a primary account and its LDAP or Valid Recipient alias. [BNSF-20592]
- Fix: Resolved issue in which, in rare circumstances, per-user quarantine files could be written as zero bytes when in a clustered environment. [BNSF-20991]
- Fix: Whitelist properly takes precedence over quarantine rules that are based on EmailReg settings. [BNSF-20934]
- Fix: Spam analysis conditions which could prevent unusual messages from being processed. [BNSF-20994, BNSF-20997]
- Enhancement: Improved web interface performance when displaying a large number of users or domains. [BNSF-18336]
- Enhancement: Reduced time to reload system configurations when there are a large number of domains. [BNSF-20145]
- Enhancement: Improved support for Internet Explorer 9 and 10 and Firefox 23. [BNSF-20259, BNSF-21324, BNSF-21244]
- Enhancement: Improved detection of malformed character sets when displaying unicode messsages. [BNSF-20503]
- Enhancement: Added 3 new methods to API to list and edit Valid Recipients. [BNSF-20605]
- Enhancement: Web Syslog now includes troubleshooting commands. [BNSF-20990]
- Fix: Corrected handling of unicode characters in user whitelists. [BNSF-13751]
- Fix: Reduced time to log into the web interface when the update server is not reachable. [BNSF-18333]
- Fix: Improved handling of special characters such as '$' in the LDAP password for Single Sign-On users. [BNSF-19396]
- Fix: The SNMP agent starts correctly on Vx models. [BNSF-19478]
- Fix: All users are now able to view quarantine messages when a device is removed from a cluster. [BNSF-19567]
- Fix: Searching the outbound quarantine from a user's account no longer forces a logout. [BNSF-19775]
- Fix: Vx models now display the correct expiration date for Energize Updates subscriptions. [BNSF-20076]
- Fix: Performance statistics are now displayed when viewing the BASIC > Status page in the web interface page for the Chinese locale. [BNSF-21156]
- Fix: SMB shares are now always unmounted after a backup. [BNSF-19249]
- Fix: Backup retention policy is now correctly enforced when Bayesian database is not included. [BNSF-21022]
- Feature: Outlook Add-in now supports Outlook 2013. [BNSF-21346]
- Fix: Resolved the following vulnerabilities:
- Medium severity: Unauthenticated, URL redirection. Reported by David Niedermaier. [BNSEC-1800 / BNSF-21024]
- Low severity: Persistent XSS, requires authentication. Reported by Max Corrientes. [BNSEC-220 / BNSF-18321]
- Low severity: Persistent XSS, requires authentication, remotely exploitable. Reported by Maxim Rupp. [BNSEC-1001 / BNSF-18321]
- Low severity: Non-persistent XSS, requires authentication, remotely exploitable. Reported by Yogesh Jaygadkar (jaygadkar.com). [BNSEC-1052 / BNSF-20474]
- Enhancement: Improved real-time detection for multilevel intent analysis. [BNSF-20733]
- Enhancement: Improved real-time detection of malformed attachments. [BNSF-21142]
- Fix: Graceful shutdown via the power button now works in all cases. [BNSF-20706]
- Fix: Resolved the following vulnerabilities:
- High severity: Clickjacking. Reported by Dinesh Shetty. [BNSEC-509 / BNSF-20356]
- High severity: Persistent XSS, unauthenticated, remotely exploitable. Reported by Justin Steven (justinsteven.com). [BNSEC-1550 / BNSF-20929]
- High severity: Persistent XSS, unauthenticated, remotely exploitable. Reported by Justin Steven (justinsteven.com). [BNSEC-1650 / BNSF-20943]
- High severity: Requires authentication, account takeover. Reported by Justin Steven (justinsteven.com). [BNSEC-1710 / BNSF-20956]
- Low - High severity: Requires authentication, information disclosure. Reported by Justin Steven (justinsteven.com). [BNSEC-1706 / BNSF-20955]
- Medium severity: Information disclosure. Reported by Luca Carettoni. [BNSEC-107 / BNSF-17460]
- Low - Medium severity: Unauthenticated, information disclosure. Reported by Justin Steven (justinsteven.com). [BNSEC-1746 / BNSF-20978]
- Low severity: Non-persistent XSS, unauthenticated. Reported by David Niedermaier. [BNSEC-1788 / BNSF-21018]
- Low severity: Non-persistent XSS, requires authentication. Reported by secbounty. [BNSEC-1152 / BNSF-20394]
- Low severity: Persistent XSS, requires authentication. Reported by Justin Steven (justinsteven.com). [BNSEC-1702 / BNSF-20953]
- Low severity: Requires authentication, information disclosure. Reported by secbounty. [BNSEC-1156 / BNSF-20395]
- Low severity: Requires authentication, information disclosure. Reported by secbounty. [BNSEC-1160 / BNSF-20396]
- Fix: Inbound mail from a Trusted Relay source is now subject to Recipient Verification (if configured) to prevent sending email to an invalid user for the domain. [BNSF-20482]
- Enhancement: Improved Spoof Protection analysis of envelope content. [BNSF-15997]
- Enhancement: Improved recipient verification performance if no Explicit Users are defined. [BNSF-19048]
- Enhancement: Improved false positive detection for DLP settings. [BNSF-18738, BNSF-19321, BNSF-19946]
- Enhancement: TLS can now be required for all incoming domains from the Per Domain ADVANCED > Email Protocol page. [BNSF-19738]
- Enhancement: Improved performance for tar file attachments. [BNSF-19979]
- Enhancement: Improved performance for Realtime Intent Analysis. [BNSF-20002]
- Fix: Attachment content filtering does not cause a spike in CPU usage. [BNSF-17216]
- Fix: Appliance remains offline after a firmware upgrade if it is already in offline mode. [BNSF-18941, BNSF-19705]
- Fix: Attachment filter now correctly detects video file types with altered extensions. [BNSF-18977]
- Fix: Rejected mail retrieved from a POP3 server is now marked for deletion. [BNSF-19035]
- Fix: Duplicate X-Barracuda-IPDD header lines are no longer added. [BNSF-19547]
- Fix: Duplicate X-Barracuda-Registry header lines are no longer added. [BNSF-19829]
- Fix: Improved processing performance for large multi-part text emails. [BNSF-19644]
- Fix: LDAP routing will now enable alias rewriting if username/password are not set. [BNSF-19114]
- Fix: SPF IPv6 record lookups work as expected. [BNSF-19500]
- Fix: URL inspection now correctly handles UTF-8 characters. [BNSF-19575]
- Fix: Improved process monitoring of front-end scanning engine. [BNSF-19675]
- Fix: Rate control settings for POP accounts are now applied correctly. [BNSF-19745]
- Fix: UID with spaces now matches white/block lists. [BNSF-19801]
- Fix: Inbound Queue details now include the To address. [BNSF-17127]
- Fix: General report improvements and optimizations. [BNSF-17853, BNSF-19956, BNSF-18673, BNSF-20119]
- Enhancement: Rate Control and Trusted Forwarder settings are now synchronized and used by CPL unless overridden in CPL. [BNSF-20094]
- Fix: Message Log is no longer sorted based on the Queue Management sort. [BNSF-16315]
- Fix: The Troubleshooting Telnet utilities no longer omit the connection banner when telnetting to a mail server. [BNSF-19163]
- Fix: Product Tips (see BASIC > Status page) now properly expire. [BNSF-19661]
- Fix: Changing the destination mail server now takes effect immediately. [BNSF-19279]
- Fix: Resolved issue with potential SSH access to unit when not deployed behind a firewall. To completely disable remote support functionality, contact Barracuda Networks Technical Support. Reported by Stefan Viehböck, SEC Consult Vulnerability Lab (https://www.sec-consult.com) [BNSEC-767]
- Fix: Binary attachments are no longer erroneously categorized as password protected archives. This could have been triggered by a large number of specially crafted password protected archives sent in a recent spam campaign [BNSF-18514]
- Enhancement: The Link Domains feature, configured on the BASIC > Quarantine page, and the per-domain Unify Email Aliases option, configured on the USERS > LDAP Configuration page at the domain level, are mutually exclusive and can no longer be enabled at the same time. These settings affect how and where user quarantined mail is delivered.
Important:No changes are automatically made to existing settings after upgrading, so make sure to verify that both of these settings are not enabled at the same time. If both options were enabled prior to upgrading, and one is then disabled, that setting cannot be re-enabled without disabling the other setting. Please see the online help for both settings to understand what each feature does and decide which configuration works best for your organization. [BNSF-17401]
- Enhancement: If using Single Sign-On, users can now log in with either an alias or with their primary email address. If the per-domain Unify Email Aliases option is set to Yes, then when a user logs in with an alias, that user will be directed to the primary account. [BNSF-18377]
- Fix: When an LDAP user logs into the Barracuda Spam & Virus Firewall for the first time and uses an email alias to log in, a duplicate account will no longer be created if they already have a primary account. [BNSF-18839, BNSF-19406]
- Fix: Improved configuration data lookup for mail flow performance. [BNSF-19025, BNSF-18462]
- Fix: Resolved high CPU loads that could occur with certain operations. [BNSF-19361]
- Enhancement: Improved per-domain recipient blocklisting. [BNSF-18462]
- Enhancement: Improved disk space monitoring. [BNSF-18998]
- Enhancement: The product web interface does not reveal version information to unauthenticated users. [BNSF-18437]
- Enhancement: Improved IPv6 message handling.
- Enhancement: Updated Polish translation of web interface.
- Enhancement: Updated Czech translation of web interface.
- Enhancement: Improved SPF checking for email from ipv6 networks. [BNSF-19110]
- Enhancement: Improved help text for the USERS > User Features page.
- Enhancement: Improved security for web interface login. [BNSF-19105]
- Enhancement: Improved internal process monitoring for mailflow, mitigating intermittent interruption to mail processing for firmware version 5.1.1.005 and higher. [BNSF-18984]
- Enhancement: Improved handling of large XLS files for attachment content filtering. [BNSF-18955]
- Enhancement: Improved process monitoring for secure web interface access over HTTPS. [BNSF-19070]
- Enhancement: Improved Barracuda Cloud Control connectivity. [BNSF-19129]
- Fix: Changes to the per-domain recipient whitelist now take immediate effect. [BNSF-19025]
- Fix: Changes to outbound mail trusted relay settings now take immediate effect, precluding 'Invalid Domain' errors. [BNSF-19156]
- Fix: Anonymous binding is allowed for LDAP routing/alias rewriting. [BNSF-19114]
- Fix: Relay Using Trusted Host/Domain (configured on the BASIC > Outbound page) works as expected. [BNSF-19193]
- Fix: Improved recognition of Japanese credit card numbers in Predefined Filters (BLOCK/ACCEPT > Content Filtering). [BNSF-18979]
- Fix: Inbound mail going to subdomains no longer mis-categorized as outbound mail. [BNSF-18960]
- Fix: The User Features Override table in the USERS > User Features help page now renders in widths appropriate to the amount of content to display in each column. [BNSF-17930]
- Fix: Bounce messages will not be inspected (so not blocked as 'invalid') when received from a trusted relay source. [BNSF-17564]
- Fix: Improved analysis of bounce messages (NDR) from MS-Exchange when receiving messages from a trusted forwarder. [BNSF-13370]
- Fix: Resolved potential 'Range Header' security issue [CVE-2011-3192]. Reported by Ben Williams, NGSSecure. [BNSF-18920]
- Fix: Messages no longer being blocked for internal domains hosted by the Barracuda Spam & Virus Firewall with reason of Invalid Domain. [BNSF-19111]
- Enhancement: Improved spam fingerprint/ZeroHour virus protection accuracy.
- Enhancement: Support for recently changed time zone/daylight savings times including Moscow, Pacific/Pohnpei and Chile. [BNSF-18449, BNSF-17613, BNSF-18467]
- Enhancement: Updated Czech and Chinese translations in web interface.
- Fix: Mail for a specific domain is not rejected with 'invalid domain' message unless appropriate. [BNSF-17673]
- Fix: Rare circumstance no longer incorrectly causing messages to be deferred due to Rate Control. [BNSF-18059]
- Fix: Improved mail processing for large messages.
- Fix: Messages which are not in password protected archives are no longer being incorrectly blocked as such. [BNSF-18514]
- Fix: Outbound mail from a trusted relay is not blocked as an invalid domain. [BNSF-18475]
- Fix: Resolved reflective cross-site scripting issue. Thanks to Ben Williams of NGS-Secure. [BNSF-18434]
- Fix: Quarantine messages now sync properly across a cluster. [BNSF-18563]
- Fix: Traffic Summary report and BASIC > Status page more accurately represent inbound and outbound traffic. [BNSF-18631]
- Fix: Trusted Forwarders listed in SPF records pass SPF checks as expected. [BNSF-18122]
- Enhancement: Improved Queue Management performance. [BNSF-16951]
- Fix: When Unify Email Alias option is set to No on the per-domain USERS > LDAP Configuration page, both the primary and alias email addresses are able to log into the corresponding Quarantine accounts. [BNSF-18318]
- Fix: The Message Log renders properly in IE version 7. [BNSF-18301]
- Fix: Performance Statistics render as expected on the BASIC > Status page. [BNSF-17446]
- Fix: The message source of the message in the Message Log view shows all the normal headers including the Barracuda Spam & Virus Firewall's own Received line. [BNSF-17842]
- Fix: Indexed searching in the Message Log for only inbound or only outbound messages works as expected. [BNSF-17968]
- Fix: Users can whitelist an email address for which they have blocklisted the domain. [BNSF-17935]
- Fix: When sending a message to the Barracuda Spam & Virus Firewall from a Trusted Relay IP address, and Recipient Verification is configured, and the recipient is not a valid user in the domain as configured on the Barracuda Spam & Virus Firewall, the message is blocked as expected. [BNSf-17905]
- Fix: If more than one LDAP server IP address is configured, Single Sign-On allows valid logins as expected. [BNSF-17990]
- Fix: The Quarantine digest contains proper formatting without unreferenced images. [BNSF-17853]
- Fix: Quarantine notification show a single blue bar indicating messages in quarantine instead of multiple bars. [BNSF-17884]
- Fix: LDAP user passwords which include the % character are accepted as valid when doing an LDAP Test. [BNSF-17904]
- Fix: False positives no longer occuring for Social Security numbers in docx files. [BNSF-17721]
- Fix: Sending an email to a domain immediately after adding it to the Barracuda Spam & Virus Firewall takes immediate effect. [BNSF-17673]
- Fix: Performance Statistics now render properly on the BASIC > Status page when there are multiple system fans present in the Barracuda Spam & Virus Firewall hardware. [BNSF-17779]
- Fix: Message Log and statistics updates are more efficient. [BNSF-17717]
- Fix: Single Domain Admin role restrictions are properly applied. [BNSF-17168]
- Enhancement: For outbound sender-based rate control, removed requirement for 5 unique sender email addresses before beginning rate control.
- Fix: Resolved clustering synchronization issue.
- Fix: The checkbox control now renders properly on all web interface pages in newer versions of Firefox and Opera browsers.
- Fix: Changing the Key Size or other options on the ADVANCED > Secure Administration page doesn't cause the web interface to reset.
- Fix: When configuring the Barracuda Spam & Virus Firewall Vx, the consconf utility does correct input checking.
- Fix: Outbound sender-based rate control now sends back 450 and 550 responses to the sending mail server, and consequently mail servers running Microsoft Exchange now take the correct actions.
- Fix: IPv6 web links work as expected in quarantined messages.
Firmware Version 5.0
- Ability to encrypt outbound email based on policy. Requires validation of sending domains on per-domain ADVANCED > Encryption page.
A notification email to the recipient provides a link to the Barracuda Message Center where the encrypted message can be retrieved.
Encryption can be selected for the following filters:
- Sender domain
- Sender email address
- Recipient filters
- Attachment filters
- Content Filters
- Redirection of outbound email based on policy. Email is redirected over a TLS connection to another gateway or to an encryption server or service. Redirection can be selected for the same filters as encryption (see above).
- Includes the Barracuda Cloud Protection Layer, an optional cloud-based filtering layer to protect against spam and viruses. The Cloud Protection Layer also provides email spooling to hold email in the cloud for up to 96 hours if the destination network is unavailable. This feature is available via the Barracuda Control Center.
- Content Filtering: Ability to block, quarantine, encrypt or redirect messages based on content inside text-type file attachments such as MS Office files, html, pdf or other document files.
- Attachment Filtering - ability to block, quarantine, encrypt or redirect messages based on the following:
- Attachment file name or file extension.
- Defined attachment file types such as Microsoft Office, PDF, executables (exe) and Windows scripts (vbs).
- Attachment MIME types.
- Multiple Quarantine Notifications: Ability to configure more than one notification in a 24 hour period.
- New reports and reporting features:
- The Traffic Summary report can print to the screen as well as being sent by email.
- For use when Bayesian Filtering is turned on: False Positives report shows number of messages marked as 'Not Spam' by user per 100 inbound emails. False Negatives report shows number of messages marked as 'Spam' by user per 100 inbound emails.
- Reports can scheduled to be sent out daily, weekly or monthly.
- Output formats include HTML, PDF or text.
- The Outlook add-in feature now offers an installation kit download for administrators who wish to push the add-in to users' machines with a Windows GPO. MS Exchange Server versions 2003, 2007 and 2010 are supported.
- The 3.x API is no longer supported in firmware release 5.x.
- APC UPS is properly supported by Barracuda Spam & Virus Firewall models 300, 400, and 800. [BNSF-12041]
- Per-domain message logs now display every domain's messages in results from multiple filter searches. [BNSF-16746]
- Inbound and outbound quarantine notifications can now be generated at the same time. [BNSF-16758]
- SSO issue with LDAP is resolved such that users can log in without errors. [BNSF-16812]
- Attachments in Microsoft Composite Document file format which are corrupt can now be extracted without errors. [BNSF-16928]
- Feature: At the per-domain level, ability to specify a 'blank' LDAP search base for Active Directory. Applies when using the global catalog port (3268) and enables searching the entire Active Directory if you have configured users for the domain outside of the domain's search base.
- Enhancement: Ability to block mail from IP addresses with a blank PTR (reverse DNS) record from the BLOCK/ACCEPT > Reverse DNS page.
- Enhancement: Time zone updates for Chile and Morocco.
- Fix: Per-Domain Spoof Protection is correctly only blocking mail FROM the specified domain on the Barracuda Spam & Virus Firewall TO the specified domain. [BNSF-15845]
- Fix: Users can add TLD entries (e.g. info or com) to their white/block lists and properly allow/block messages accordingly. [BNSF-16587]
- Fix: Inbound quarantine correctly appends Quarantine Subject Text to the subject of a message under global quarantine.
- Fix: Multi-line regular expressions work correctly on the message header. [BNSF-16004]
- Fix: After restoring a User Settings backup, quarantine size correctly appears as 0.00 KB on the USERS > Account View page. [BNSF-15426]
- Enhancement: Italian localization now available/selectable for end user web interface, online help files and Outlook add-in.
- Enhancement: Updated localizations for Dutch, French and Japanese.
- Fix: Outbound quarantine no longer appends Quarantine Subject Text to the subject of the message, and those messages are delivered to the Quarantine Delivery Address, if configured, instead of to the original recipient. [BNSF-16329]
- Fix: BLOCK/ACCEPT > Sender Domain page now properly validates top level domains (TLDs) in Bulk Edit. [BNSF-16205]
- Fix: Resolved quarantine issues.
- Fix: SSL certificates no longer prevent making changes on the ADVANCED > Secure Administration page. [BNSF-16166]
- Enhancement: If TLS Encryption is required per the DOMAINS > Manage Domain > ADVANCED > Email Protocol page, the Barracuda Spam & Virus Firewall will always issue an EHLO, regardless of welcome banner containing ESMTP. [BNSF-15994]
- Enhancement: Updates to Japanese help files.
- Fix: User Feature overrides work with clustered systems as expected. [BNSF-14521]
- Enhancement: Improved integration of Cloud Protection Layer and Barracuda Control Center.
- Enhancement: Updates to Japanese localization.
- Fix: The API password stored in the configuration database is now decrypted before matching the entry. [BNSF-15906]
- Fix: The message body is correct in queued messages that are re-sent. [BNSF-15955]
- Enhancement: Revised wording of HIPAA / Privacy filtering on BLOCK/ACCEPT > Content Filtering help page. [BNSF-15724]
- Enhancement: Updates to French localization.
- Fix: SSL Certs work as expected.
- Fix: On the BASIC > Message Log page, all messages matching filter criteria are now shown when the Search button is clicked on any page other than page 1. [BNSF-15795]
- Fix: On the USERS > LDAP Configuration page at the domain level, multiple LDAP servers delimited by a space do not cause SSO failure after upgrading to version 5.0.
- Update: In Reporting, PDF format is only available for emailed reports. 
- Fix: Online help is now correct for the Test Encryption Connection button popup on the per-domain ADVANCED > Encryption page.
- Fix: The Test LDAP button on the USERS > LDAP Configuration (domain level) page works as expected.
- Fix: Whitelisted IP addresses are treated as such when using a Trusted Forwarder. [BNSF-13737]
- Fix: The Certified Email registry now overrides content filtering as expected. [BNSF-15643]
- Enhancement: EmailReg.org Exemptions are now entered on the BLOCK/ACCEPT > Sender Authentication page instead of on the BLOCK/ACCEPT > Sender Domain page. [BNSF-15497]
- Fix: NDRs are not sent out for messages blocked due to Attachment policy if the Notify Sender of Blocked File Interception is set to No on the ADVANCED > Bounce/NDR Settings page. [BNSF-14837]