We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Release Notes

  • Last updated on

Important: Please Read Before Upgrading

Before installing any firmware version, back up your configuration and read all release notes that apply to versions more recent than the one currently running on your system.

Do not manually reboot your system at any time during an update, unless otherwise instructed by Barracuda Networks Support. Depending on your current firmware version and other system factors, updating can take up to 10 minutes. If the process takes longer, please contact Barracuda Technical Support for further assistance.

Before upgrading, BE SURE TO TAKE THE BARRACUDA EMAIL SECURITY GATEWAY OFFLINE. This will ensure that the inbound queue is emptied and all messages are scanned before the update process begins. See the BASIC > Administration page for the Offline button.

Updating to Version 9.x

WARNING: After clicking Apply Now on the ADVANCED > Firmware Update page, the progress bar may appear to time out and the administrator may need to manually return to the login screen after 5 minutes if it doesn't load automatically in the browser.

Firmware Version 9.0

What's New in Version 9.0

Web Interface

  • Drop-down Help button control on some web interface pages, providing links to relevant Barracuda Campus articles for additional information about features configured on those pages. 
  • On the BASIC > IP Configuration page, Trusted Forwarder has been renamed Known Forwarder
  • Firmware Patches option for pushing product/security patches to the Barracuda Email Security Gateway on ADVANCED > Firmware Update page.  
  • Uptime – Display of uptime of the Barracuda Email Security Gateway in days, hours, and minutes in the System Management section of the BASIC > Administration page.

Mail Processing

  • Block Macros enhancement – This feature now exempts whitelisted senders. See the BLOCK/ACCEPT > Attachment Filters page.
  • Inbound External Sender Warning - Ability to enable external sender warning for inbound emails on BASIC > Administration page. [BNSF-28378]
  • Improved Spam protection.
  • Added support to block RAR 5.0.
  • Sender spoofing settings of child domains are now independent of the parent domain.  
  • Improved sender whitelisting to avoid spam though sender spoofing.  


  • SSL/TLS Mode option – Supports LDAPS for SMTP AUTH requests. Configure on LDAP tab of BASIC > Outbound page.   

Message Log

  • Re-delivery log entry added to Message Log when a blocked message is manually delivered by the administrator.  


  • Ability to store trusted CA. [BNSF-27319]
  • Improvements for backup through FTP: Added support for FTPSSL session reuse. [BNSF-28711] .
  • CVE-2016-5385 – HTTPoxy. [BNSF-25943]
  • Message Log P-XSS - malicious PTR record affects N/A. [BNSF-26827]
  • Upgraded Jquery library - CVE-2015-9251 [BNSF-28117]
  • Vulnerability: BCrypt support [BNSF-20799]
  • Vulnerability: Login susceptible to directory harvesting. [BNSF-22574]
  • Vulnerability: Avoid potential leaking of ‘bcc’ email addresses. [BNSF-28723]
  • Added support for TLSv1.3 over SMTP and HTTPS by default for Barracuda Email Security Gateway.

Fixed in Version 9.0

  • Fixed high severity vulnerability: Upraded OpenSSL, addressed the following CVEs. (CVE-2019-1563, CVE-2019-1547, CVE-2019-1552). [BNSF-27318]
  • Vulnerability: Fixed unauthenticated XSS attack via view_help.cgi [BNSF-22335]
  • Vulnerability: Fixed data path based persistent XSS attack through Message Log. [BNSF-26827]
  • Vulnerability: Fixed unauthenticated remote command execution on Barracuda Email Security Gateway. [BNSF-27738]
  • Misspelled password in 'Dansk' language on login page. [BNSF-28012]

Updating to Version 8.x

WARNING: After clicking Apply Now on the ADVANCED > Firmware Update page, the progress bar may appear to time out and the administrator may need to manually return to the login screen after 5 minutes if it doesn't load automatically in the browser

Firmware Version 8.2

What's New in Version 8.2

  • Improved support for Support Tunnel 2.0.


  • Resolved Brazil Daylight Savings Time Zone issue. [BNSF-28612]



  • Resolved XSS vulnerability for Message Log view. [BNSF-28394]
  • Resolved vulnerability related to LDAP bind password being exposed. (R7-2019-39). [BNSF-28578]
  • Improved support for SMB 2.0 backups. [BNSF-28514]

Firmware Version 8.1

What's New in Version 8.1

  • Microsoft Exchange 2010 is no longer supported in version v8.1.x and above.


Web Interface
  • Resolved compatibility issues with older kernels. [BNSF-28561]


  • Fixed medium severity vulnerability: Updated OpenSSL to address CVE-2017-3736 with OpenSSL upgrade.


  • Support for SMB versions 2.0 and 3.0 for backups. [BNSF-26803]
  • Improved cloud backup support.
  • Added an option in the web interface to enable/disable SSO/auto login for links in Quarantine Summary emails.   [BNSF-27803]  
  • Removed Extended Malware from subscription statistics on the BASIC > Dashboard page.      [BNSF-27935]
  • Updated root CA certificates.   [BNSF-27930]    
  • New advanced LDAP setting Disable built-in LDAP Filter to disable default LDAP filters as needed. Configure per-domain on the USERS > LDAP Configuration page. [BNSF-27992] 
  • The Outbound Quarantine feature is now available for models 100 and 200. [BNSF-27996]
  • Included support for Support Tunnel 2.0 as part of firmware. [BNSF-27807]
  • Spam accuracy improvements. [BNSF-28017]


  • New option on BASIC > Quarantine page to enable/disable SSO/auto-login for users through links in quarantine summary emails. [BNSF-27803]
  • New option to disable default LDAP filters used for authenticating the user on USERS > LDAP Configuration page at the domain level. [BNSF-27992]
  • Support for support tunnel version 2.0 [BNSF-27807]
  • Updated root CA certificates [BNSF-27930]
  • Spam accuracy improvements [BNSF-28017]
Web Interface
  • Extended Malware Subscription information is no longer displayed on the BASIC > Dashboard page. [BNSF-27935]
  • The Outbound Quarantine feature is now available for Barracuda Email Security Gateway models 100 and 200. [BNSF-27796]

Firmware Version 8.0

What's New in Version 8.0

Web Interface
  • The Barracuda Spam Firewall has been renamed the Barracuda Email Security Gateway.
Barracuda Exchange Antivirus Agent

Fixed in Version 8.0



  • Upgraded SAVAPI version to continue support for ‘Extended Malware Protection’. [BNSF-27814]



  • Feature: All users can now set and use a local password to access their quarantine account. [BNSF-27556]

Mail Processing
  • Option to disable TLS 1.0 over SMTP through Barracuda Email Security Gateway web interface to conform to PCI standards of TLS 1.1+. [BNSF-27561]
Message Log
  • Improvement: Added a popup to indicate that only 10k messages lines from the Message Log can be exported when the Barracuda Email Security Gateway is clustered. [BNSF-27650]

  • Resolved vulnerability with 7zip file compression (CVE-201810115). [BNSF-27684]    


  • Fix: When a user logs in (as user role) and marks an email in quarantine as NOT spam, the email auto-delivers as expected. [BNSF-27442]


  • Feature: Active session tokens are now transmitted via cookies, rather than in a URL. This means that end-users will no longer be able to click on a link in the quarantine summary email to log directly into a quarantine inbox without the use of a password. [BNSF-26659]


  • Fixed bug affecting mail processing after upgrading the firmware. [BNSF-26691]

Version 8.0.3

Barracuda Outlook Add-in
  • Enhancement: Added support for TLS 1.1 and TLS 1.2. [BNSF-25586]
  • Enhancement: The system administrator and email recipient can receive notifications when a message is blocked due to a virus. Configure on the ADVANCED > Bounce/NDR Settings page. [BNSF-25486]
Mail Processing
  • Improved spam scanning. [BNSF-26591]

Version 8.0.2

Barracuda Exchange Antivirus Agent
  • Feature: Added support for Microsoft Exchange 2016. 
Web Interface
  • Fix: A Welcome email is not sent when a new user account is created due to a quarantined email. [BNSF-25904]
  • High severity vulnerability: authenticated, remote code injection [BNSEC-6613 / BNSF-25407]
  • High severity vulnerability: unauthenticated, remotely exploitable, code injection [BNSEC-6223 / BNSF-24618]
  • High severity vulnerability: remotely exploitable, buffer overflow [BNSEC-2012 / BNSF-24897]
  • Medium - High severity vulnerability: unauthenticated, remotely exploitable, denial of service (DoS), ssl weakness [BNSEC-7107 / BNSF-25937]
  • Medium - High severity vulnerability: unauthenticated, remotely exploitable, limited HTML content control, XSS delivered outside of the web based interface [BNSEC-6227 / BNSF-24635]
  • Medium - High severity vulnerability: unauthenticated, remotely exploitable [BNSEC-6225 / BNSF-24621]
  • Medium severity vulnerability: non-persistent XSS [BNSEC-2678 / BNSF-23507]


Mail Processing
  • Enhancement: Mail with Microsoft Office attachments that contain macros can be blocked. [BNSF-23786]
Web Interface
  • Resolved issue which prevented the Dashboard from displaying during update server outages. [BNSF-25934]
  • Resolved issue preventing access to ADVANCED > Energize Updates and ADVANCED > Firmware Update pages when the Barracuda Email Security Gateway was offline. [BNSF-25929]
Barracuda Exchange Antivirus Agent
  • Enhancement: The Barracuda Exchange Antivirus Agent supports Microsoft Exchange Server 2016. [BNSF-25828]


Mail Processing
  • Enhancement: Improved Sender Spoof Protection efficiency. [BNSF-25835]
  • Resolved issue which could cause excessive system load. [BNSF-25831, BNSF-25884]
  • Resolved issues with malformed headers causing incorrect parsing. [BNSF-25836, BNSF-25838]
  • Resolved issue with Multi-Level Intent Analysis. [BNSF-25907]
  • Improved handling of Standby mode in a clustered system. [BNSF-25797]


Mail Processing
  • Outbound messages from whitelisted IP addresses are now properly checked for encryption if encryption is enabled. [BNSF-25732]
  • Links in the BASIC > Message Log message view page now work properly. [BNSF-22345]


Mail Processing
  • Outbound messages from whitelisted IP addresses are now properly checked for encryption if encryption is enabled. [BNSF-25732]


Mail Processing
  • Improved attachment filtering/detection. [BNSF-25491]


Mail Processing
  • Downloading a PDF file attached to a message from the Message Log through BAC/BCS works as expected. [BNSF-25536]
  • Attachment filtering blocks correctly even if MIME type encoding is not formatted correctly. [BNSF-20598]
  • Messages received by the Barracuda Email Security Gateway which are just under the maximum message size are processed properly and are not blocked. [BNSF-25500]
  • When the From header of a message has an unusual format, the unit does not time out when attempting to deliver the message from the user's quarantine inbox. [BNSF-25254]
  • SMTP over TLS for outbound mail works as expected, the mail queues and delivers properly and the logs do not indicate errors. [BNSF-25437]
  • Outbound quarantine emails with multi-line From headers due to UTF8 are delivered as expected. [BNSF-25309]
  • The Barracuda Email Security Gateway no longer sends out notifications that state "Encrypted email unable to be delivered" for emails that trigger encryption policies and have a blank sender. [BNSF-17895]
  • Alert email announcing that Energize Updates subscription is about to expire is now branded correctly as Barracuda Email Security Gateway. [BNSF-25615]
  • NDRs are not rejected by some mail servers, including O365, if they don't include a valid From header. [BNSF-25612]
Web Interface
  • The Configuration Updated message only shows on web interface pages as needed. [BNSF-25566]
  • Street Address and Driver's License information in emails trigger Privacy policies as expected. [BNSF-24772]
  • When specifying a filename for an attachment content filter, the pattern specified (filename= <example_filename>) works when there is a space between the  "= " and the filename. [BNSF-25491]
  • Fix: resolved the following vulnerabilities:
    • High severity vulnerability: persistent XSS, authenticated [BNSEC-6504 / BNSF-25215, BNSEC-4551 / BNSF-22345]


Mail Processing
  • Enhancement: Improved performance of IP Whitelisted and outbound message scanning. [BNSF-23352, BNSF-24293]
  • Enhancement: Improved street address and driver's license detection. [BNSF-24388]
  • Enhancement: Improved error handling for 'full disk' condition. [BNSF-24622]
  • Enhancement: Added macro support for SPF records with macros. [BNSF-24659]
  • Enhancement: Improved general performance of mail scoring and attachment scanning. [BNSF-24473]
  • Enhancement: General improvements in PDF processing capabilities. [BNSF-24846]
  • Enhancement: Improved HIPAA and Credit Card data detection. [BNSF-25026, BNSF-25028]
  • Fix: Updated internal scanning processes to improve stability. [BNSF-21928, BNSF-24241, BNSF-25268]
  • Fix: Resolved intermittent PTR detection issue. [BNSF-24546]
  • Fix: Users who lack a mail attribute in LDAP are now properly quarantined. [BNSF-25136]
  • Fix: LDAP Alias re-writing no longer rewrites the "To" header. [BNSF-25141]
  • Fix: Lines exceeding 990 characters are no longer broken in multiple places. [BNSF-25206]
Web Interface
  • Enhancement: Administrative ACLs can be temporarily removed through the Console Administrator with the System > Reset Administrator IP/Range selection. [BNSF-23352]
  • Enhancement: Invalid username and password attempts are now logged to the Web Syslog. [BNSF-24629]
  • Enhancement: Improved performance of bulk classification of Spam/Not Spam. [BNSF-25000]
  • Enhancement: Messages with unknown character sets are now treated as UTF-8. [BNSF-25086]
  • Enhancement: Updated Japanese help file translations. [BNSF-25088]
  • Enhancement: Improved web interface load times in general, and especially for BASIC > IP Configuration. [BNSF-25193, BNSF-25199]
  • Fix: Message viewer Download and Delivery buttons now show properly for all window sizes. [BNSF-24177]
  • Fix: Miscellaneous web interface improvements. [BNSF-24300, BNSF-24381]
  • Fix: New user quarantine email links now work properly. [BNSF-24404]
  • Fix: Users with an '&' in the name can now view the Quarantine Inbox. [BNSF-24764, BNSF-24961]
  • Fix: Outbound Quarantine actions no longer result in an error page. [BNSF-24858]
  • Fix: Invalid users can be removed. [BNSF-24860]
  • Fix: Randomization has been improved for password generation. [BNSF-24995]
  • Fix: The details for messages blocked without message bodies can now be viewed on all systems in a cluster. [BNSF-24973, BNSF-25053]
  • Fix: Fixed display of erroneous 'Permission denied'. [BNSF-24600]
  • Fix: LDAP Failure Notifications are no longer triggered by outdated logs. [BNSF-25180]
  • Fix: Replies to encrypted emails are now archived. [BNSF-24496]
  • Enhancement: Tuned database configuration for Microsoft Azure, Amazon AWS, and VMWare vCloud Air. [BNSF-24836]
Barracuda Outlook Add-in
  • Fix: Resolved issue preventing Add-in authorization for some usernames. [BNSF-23766]
  • Fix: Resolved issue which could cause the Add-in to appear in the wrong window. [BNSF-24585]
  • Fix: The Add-in can now be used from an IP address in the Administration ACL IP Range. [BNSF-24759]
Last updated on