本升级包为引擎升级包，支持在固件版本5.6.3.56，引擎版本为5.6.3.56及其以后的所有标准版本（非定制版本）基础上进行升级。本升级包为全量升级包，升级后固件版本不变，引擎版本变更为5.6.3.149。

本升级包新增/改进功能：
1.修复TLS Diffie-Hellman Key Exchange Logjam Vulnerability
2.WEB优化
3.更新规则：23272,23002,22796,22680,22432,22264,21374,30633
4.新增规则：23612,23613,23614,10405

注意事项：
1.本升级包升级过程不会影响设备当前任何配置；
2.本升级包升级完成后需要手动刷新WEB页面；
3.本升级包升级完成后自动重启引擎生效，会导致通过设备的会话中断，请选择合适的时间进行设备升级。

This is an engine upgrade package, which can be used to perform upgrade based on standard (non-customized) devices with the firmware version of 5.6.5.56 and engine version of 5.6.3.56 and later. This upgrade package covers previously released patches. After upgrade, the firmware version remains unchanged, but the engine version is updated to 5.6.3.149.
New or Improved Functions in This Upgrade Package:

1.Fix of "TLS Diffie-Hellman Key Exchange Logjam Vulnerability"
2.Optimize WEB
3.Update rules:23272,23002,22796,22680,22432,22264,21374,30633
4.Add rules:23612,23613,23614,10405

Notes:
1. When this upgrade package is applied to a device, the upgrade process does not affect any configurations existing on the device.
2. After the upgrade is completed, you need to manually refresh the web page of the web-based manager.
3. When the upgrade is completed, the engine automatically restarts, which will interrupt sessions going through the device. Please perform the upgrade at a appropriate time.

本升级包为引擎升级包，支持在固件版本5.6.3.56，引擎版本为5.6.3.146上进行升级。本升级包为增量升级包，升级后固件版本不变，引擎版本变更为5.6.3.148。

本升级包新增/改进功能：
1.修复PHP multipart/form-data头部解析远程拒绝服务漏洞。

注意事项：
1.本升级包升级过程不会影响设备当前任何配置；
2.本升级包升级完成后需要手动刷新WEB页面；
3.本升级包升级完成后自动重启引擎生效，会导致通过设备的会话中断，请选择合适的时间进行设备升级；
4.本升级包不能回退至5.6.3.148以前版本；

This is an engine upgrade package, which can be used to perform upgrade based on standard devices with the firmware version of 5.6.3.56 and engine version of 5.6.3.146.This upgrade package is an incremental upgrade package. After upgrade, the firmware version remains unchanged, but the engine version is updated to 5.6.3.148.
New or Improved Functions in This Upgrade Package:
1.Fix PHP multipart/form - data parsing head remote denial of service vulnerability

Notes:
1. When this upgrade package is applied to a device, the upgrade process does not affect any configurations existing on the device.
2. After the upgrade is completed, you need to manually refresh the web page of the web-based manager.
3. When the upgrade is completed, the engine automatically restarts, which will interrupt sessions going through the device. Please perform the upgrade at a appropriate time.
4.The upgrade package can not fall back to the previous version below the 5.6.3.148.

本升级包为引擎升级包，支持在固件版本为5.6.3.56，引擎版本为5.6.3.56及其以后的所有标准版本（非定制版本）基础上进行升级。本升级包为全量升级包，升级后固件版本不变，引擎版本变更为5.6.3.146。

本升级包新增/改进功能：
1.增加规则23408,修复Microsoft Windows HTTP.sys远程代码执行漏洞(CVE-2015-1635)(MS15-034)

注意事项：
1.本升级包升级过程不会影响设备当前任何配置；
2.本升级包升级完成后需要手动刷新WEB页面。
3.本升级包升级完成后自动重启引擎生效，会导致通过设备的会话中断，请选择合适的时间进行设备升级；

This is an engine upgrade package, which can be used to perform upgrade based on standard (non-customized) devices with the firmware version of 5.6.5.56 and engine version of 5.6.3.56 and later. This upgrade package covers previously released patches. After upgrade, the firmware version remains unchanged, but the engine version is updated to 5.6.3.146.
New or Improved Functions in This Upgrade Package:
1.Add rule 23408,Fix of"remote code execution based on Microsoft Windows HTTP.sys(CVE-2015-1635)(MS15-034)"

Notes:
1. When this upgrade package is applied to a device, the upgrade process does not affect any configurations existing on the device.
2. After the upgrade is completed, you need to manually refresh the web page of the web-based manager.
3. When the upgrade is completed, the engine automatically restarts, which will interrupt sessions going through the device. Please perform the upgrade at a appropriate time.

本升级包为引擎升级包，支持在固件版本为5.6.3.56，引擎版本为5.6.3.56及其以后的所有标准版本（非定制版本）基础上进行升级。本升级包为全量升级包，升级后固件版本不变，引擎版本变更为5.6.3.142。

本升级包新增/改进功能：
1.增加规则23315,GNU glibc gethostbyname缓冲区溢出漏洞
2.增加规则41194,CTB-Locker比特币敲诈者病毒恶意文件下载
3.改进ESPC下发策略到IPS中的功能
4.修复DTLS segmentation fault in dtls1_get_record漏洞(CVE-2014-3571)
5.修复no-ssl3 configuration sets method to NULL漏洞 (CVE-2014-3569)
6.修复ECDHE silently downgrades to ECDH [Client]漏洞 (CVE-2014-3572)
7.修复RSA silently downgrades to EXPORT_RSA [Client]漏洞 (CVE-2015-0204)
8.修复Certificate fingerprints can be modified漏洞 (CVE-2014-8275)
9.修复Bignum squaring may produce incorrect results漏洞 (CVE-2014-3570)


注意事项：
1.本升级包升级过程不会影响设备当前任何配置；
2.本升级包升级完成后需要手动刷新WEB页面。
3.本升级包升级完成后自动重启引擎生效，会导致通过设备的会话中断，请选择合适的时间进行设备升级；

This is an engine upgrade package, which can be used to perform upgrade based on standard (non-customized) devices with the firmware version of 5.6.5.56 and engine version of 5.6.3.56 and later. This upgrade package covers previously released patches. After upgrade, the firmware version remains unchanged, but the engine version is updated to 5.6.3.142.
New or Improved Functions in This Upgrade Package:
1.Add rule 23315,GNU glibc gethostbyname Buffer Overflow Vulnerability
2.Add rule 41194,CTB-Locker Bitcoin Backmail Virus Malicious File Downloading
3.Update the function:ESPC delivery some strategies to IPS.
4.Fix of "DTLS segmentation fault in dtls1_get_record(CVE-2014-3571)"
5.Fix of "no-ssl3 configuration sets method to NULL(CVE-2014-3569)"
6.Fix of "ECDHE silently downgrades to ECDH [Client](CVE-2014-3572)"
7.Fix of "RSA silently downgrades to EXPORT_RSA [Client](CVE-2015-0204)"
8.Fix of "Certificate fingerprints can be modified(CVE-2014-8275)"
9.Fix of "Bignum squaring may produce incorrect results(CVE-2014-3570)"

Notes:
1. When this upgrade package is applied to a device, the upgrade process does not affect any configurations existing on the device.
2. After the upgrade is completed, you need to manually refresh the web page of the web-based manager.
3. When the upgrade is completed, the engine automatically restarts, which will interrupt sessions going through the device. Please perform the upgrade at a appropriate time.

本升级包为引擎升级包，支持在固件版本为5.6.3.56，引擎版本为5.6.3.56及其以后的所有标准版本（非定制版本）基础上进行升级。本升级包为全量升级包，升级后固件版本不变，引擎版本变更为5.6.3.140。

本升级包新增/改进功能：
1.修复bash环境变量远程命令执行漏洞(CVE-2014-7169）
2.修复bash环境变量远程命令执行漏洞（CVE-2014-6271）
3.修复SSL 3.0 POODLE攻击信息泄露漏洞(CVE-2014-3566)
4.更新规则[20815]Microsoft IE 恶意数据编码指令执行攻击
5.更新规则[40450]网络蠕虫Nimda利用共享传播

注意事项：
1.本升级包升级过程不会影响设备当前任何配置；
2.本升级包升级完成后自动重启引擎生效，会导致通过设备的会话中断，请选择合适的时间进行设备升级；
3.本升级包升级完成后需要手动刷新WEB页面。

This is an engine upgrade package, which can be used to perform upgrade based on standard (non-customized) devices with the firmware version of 5.6.3.56 and engine version of 5.6.3.56 and later. This upgrade package covers previously released patches. After upgrade, the firmware version remains unchanged, but the engine version is updated to 5.6.3.140.

New or Improved Functions in This Upgrade Package:
1.Fix of "remote code execution through bash(CVE-2014-6271)"
2.Fix of "remote code execution through bash(CVE-2014-7169)"
3.Fix of "POODLE attacks on SSLv3(CVE-2014-3566 )"
4.updated rule[20815]Microsoft IE Malicious Data Encoding Code Execution
5..updated rule[40450]Worm Nimda Propagation on Windows via Sharing

Notes:
1. When this upgrade package is applied to a device, the upgrade process does not affect any configurations existing on the device.
2. When the upgrade is completed, the engine automatically restarts, which will interrupt sessions going through the device. Please perform the upgrade at a appropriate time.
3. After the upgrade is completed, you need to manually refresh the web page of the web-based manager.

本升级包为引擎升级包，支持的固件版本为5.6.3。本升级包为全量升级包，升级后不改变版本号。
本升级包新增/改进功能：
修复bash远程命令执行漏洞（CVE-2014-6271）
修复bash远程命令执行漏洞（CVE-2014-7169）

注意事项：
1.本升级包升级过程不会影响设备当前任何配置；
2.本升级包升级完成后自动重启引擎生效，会导致通过设备的会话中断，请选择合适的时间进行设备升级；

Fix of "remote code execution through bash(CVE-2014-6271)"
Fix of "remote code execution through bash(CVE-2014-7169)"

本升级包为引擎升级包，支持在固件版本为5.6.3.56，引擎版本为5.6.3.56及其以后的所有标准版本（非定制版本）基础上进行升级。本升级包为全量升级包，升级后固件版本不变，引擎版本变更为5.6.3.136。

本升级包新增/改进功能：
--修复OpenSSL SSL/TLS MITM 漏洞 (CVE-2014-0224)
--修复OpenSSL dtls1_get_message_fragment函数拒绝服务漏洞 (CVE-2014-0221)
--修复OpenSSL DTLS无效片段漏洞 (CVE-2014-0195)
--修复OpenSSL 'so_ssl3_write()'函数空指针间接引用拒绝服务漏洞（CVE-2014-0198）
--修复SSL_MODE_RELEASE_BUFFERS会话注入或拒绝服务漏洞（CVE-2010-5298）
--修复OpenSSL 匿名ECDH拒绝服务漏洞 (CVE-2014-3470)

注意事项：
1.本升级包升级过程不会影响设备当前任何配置；
2.本升级包升级完成后自动重启引擎生效，会导致通过设备的会话中断，请选择合适的时间进行设备升级；
3.本升级包升级完成后需要手动刷新WEB页面。

This is an engine upgrade package, which can be used to perform upgrade based on standard (non-customized) devices with the firmware version of 5.6.3.56 and engine version of 5.6.3.56 and later. This upgrade package covers previously released patches. After upgrade, the firmware version remains unchanged, but the engine version is updated to 5.6.3.136.

New or Improved Functions in This Upgrade Package:
--Fix of "OpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224)"
--Fix of "OpenSSL dtls1_get_message_fragment Function Denial-of-Service Vulnerability (CVE-2014-0221)"
--Fix of "OpenSSL DTLS Invalid Fragment Vulnerability (CVE-2014-0224)"
--Fix of "OpenSSL 'so_ssl3_write()' Function NULL Pointer Indirect Dereference Denial-of-Service Vulnerability (CVE-2014-0198)"
--Fix of "SSL_MODE_RELEASE_BUFFERS Session Injection or Denial-of-Service Vulnerability (CVE-2010-5298)"
--Fix of "OpenSSL Anonymous ECDH Denial-of-Service Vulnerability (CVE-2014-3470)"

Notes:
1. When this upgrade package is applied to a device, the upgrade process does not affect any configurations existing on the device.
2. When the upgrade is completed, the engine automatically restarts, which will interrupt sessions going through the device. Please perform the upgrade at a appropriate time.
3. After the upgrade is completed, you need to manually refresh the web page of the web-based manager.

增强防病毒功能；
更新Web信誉模块；
更新Ftp解码器；
更新规则[20845]HTTP协议URL字段超长缓冲区溢出攻击；
更新规则[50141]PPStream网络电视流媒体播放。

Enhancement in Anti-virus；
Update of the Web Reputation;
Update of the Ftp decoder;
Update [20845]HTTP Protocol Over-Long URL Field Buffer Overflow;
Update [50141]Online Streaming Media PPStream Network TV Connect.

更新[22796] Apache Struts远程代码执行漏洞 (CVE-2013-2251)
完善finger解码
完善流量分析


Update[22796] Apache Struts Remote Code Execution(CVE-2013-2251)
Improvement of finger decoding
Improvement of traffic analysis

改进规则[40379]DDOS工具TFN主控端向分布端发送指令。

Updated rule[40379]DDOS Tool TFN Console Sending Command to Distributed End.

改进规则[20982]Conficker 蠕虫攻击(HTTP);
改进规则[21125]Microsoft Word RTF文件解析栈溢出漏洞;
改进规则[21202]Adobe Flash Player "SWF"文件远程内存破坏漏洞;
改进规则[29001]WEB服务远程SQL注入攻击可疑行为;
改进规则[50177]股票行情分析操作软件中国银河证券海王星用户登录;
改进规则[50280]股票行情分析操作软件安信同花顺用户登陆;
改进规则[50331]股票行情分析操作软件双子星绿色通道用户登录;
改进规则[50385]东兴证券股票行情交易软件登陆;
改进规则[50045]FTP服务用户弱口令认证。　

updated rule[20982]Conficker Worm Attack(HTTP);
updated rule[21125]Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability;
updated rule[21202]Adobe Flash Player "SWF" File Remote Memory Corruption Vulnerability;
updated rule[29001]WEB Service Remote SQL Injection;
updated rule[50177]Stock Market Analysis Software China Galaxy Securities Neptune User Login;
updated rule[50280]Stock Market Analysis Software Anxin Tonghuashun User Login;
updated rule[50331]Instant Messaging Software Gemini Green Channel User Login;
updated rule[50385]Dongxing Securities Stock market trading software login;
updated rule[50045]FTP Service User Weak Password Authentication.

改进规则[21352]WEB服务远程SQL注入查询数据库信息
改进规则[29001]WEB服务远程SQL注入攻击可疑行为
规则帮助文件需要更新
修改日志归并算法
改进snmp get (snmpagent)模块稳定性

updated rule [21352]WEB Service Remote SQL Injection Query The Database Information
updated rule [29001]WEB Service Remote SQL Injection Suspicious Behavior
updated rule help
modified the merge algorithm of ips log
improved the stability of snmp get module(snmpagent)

首次登陆设备提示更改默认密码

Be prompted to change the initial password the first time sign-on to the IPS

加入对安保弱口令规则的支持，支持BMB17口令格式；
更新 PPTV3.0.4.0008 规则；
更新风行网络电视流媒体播放规则；
更新MSN检测规则；
更新BitTorrent7.2.1.25432规则；
更新BitTorrent7.2.1.25563规则；
更新流控会话统计算法；
修复Apache漏洞(CVE-2011-3192）；
增强Apache配置SSL加密强度。

support BMB17 weak password authentication specification;
update PPTV3.0.4.0008 Rule;
update funshion net-tv rule;
update BitTorrent7.2.1.25432 rule;
update BitTorrent7.2.1.25563 rule;
update tcpsession statistical algorithms in traffic control;
resolve Apache vulnerability(CVE-2011-3192);
increase the Strength of SSL Cipher Suites Supported.

添加了[10291]Apache HTTP Server畸形Range选项处理远程拒绝服务漏洞规则

Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability[10291] rule is added.

添加Microsoft IE CSS标签解析远程代码执行0day漏洞阻断规则[21174]
修复“无法阻断QVOD”问题
修复“kav/nav病毒升级包大于100M后不能上传”问题
修复“Kugoo在线听音乐不能阻断”问题
修复“添加url字符串有空格等不可见特殊字符导致web信誉白名单功能失效”问题



Microsoft IE CSS Tags Remote Code Execution Vulnerability block rule [21174] is added.
QVOD block rule is updated.
KuGoo online music block rule is updated.
"Upload a kav/nav virus upgrade pack greater than 100M" problem is fixed.
"Invisible characters like blank space in URL strings could cause invalid Web reputation whitelist" problem is fixed.

修复了web管理界面显示问题
修改了电驴(EasyMule)检测规则
修改了迅雷看看(Thunder看看)检测规则
修改了比特彗星(BitComet)检测规则

Existed display problems of the web management interface are fixed
EasyMule block rule is updated
Thunder KanKan block rule is updated
BitComet block rule is updated

修复http解码异常问题
修复telnet解码异常问题
添加了Microsoft IE CSS标签解析远程代码执行0day漏洞阻断规则[21111]

Existed http decoder problem is fixed.
Existed telnet decoder problem is fixed.
[21111]Remote Code Execution Vulnerability in Microsoft Internet Explorer (CVE-2010-3962) is added.

更新了[50208]土豆网在线流媒体播放检测规则
更新了[50209]酷6网在线流媒体播放检测规则
更新了[50228]迅雷看看在线流媒体播放(TCP)检测规则
更新了[50229]迅雷看看在线流媒体播放(UDP)检测规则
更新了[50349]风行网络电视流媒体播放检测规则
更新了[50236]Qvod网络流媒体播放检测规则
修复了代理上网web信誉返回页面URL存在问题

Modify: [ 50208 ] Tudou.com Online Streaming Media Playing is updated
[ 50209 ] ku6.com Online Streaming Media Playing is updated
[ 50228 ] Thunder kankan Online Streaming Media Playing (TCP) is updated
[ 50229 ] Thunder kankan Online Streaming Media Playing (UDP) is updated
[ 50349 ] Funshion Network TV Streaming Media Playing is updated
[ 50236 ] Qvod Network Streaming Media Playing is updated
Existed URL Error problem on returned webpages of Web Reputation is fixed