Client Proxy 4.9.1 Release Notes
About this Patch Release
This patch release addresses the Common Catalog removal process and provides users with a seamless experience when updating the Bypass List and Alternate Redirection List elements, enables simplified configuration settings for PA-UDP, and optimized Clear Text Logs. Apart from this, the SCP 4.9.1 release also addresses important bugs such as Optimal CPU utilization and performance improvements in Cloud Firewall and IPv6 traffic fallback to IPv4 in macOS Sonoma to name a few. For more information on the resolved issues, see the resolved issues list.
- Windows - 4.9.1.12
- Mac - 4.9.1.30
- SCP extension for Trellix Saas ePO - 4.9.1.17.1
- SCP Extension for OnPrem ePO - 4.9.1.28.1
NOTE: This patch release does not support the automatic upgrade of a pre-release software version. To upgrade to a production release of the software, you must first uninstall any pre-release versions.
Trellix On-Prem ePO Common Catalog Removal
In Skyhigh Client Proxy 4.9.1 and later, the dependency of Common Catalog Extension has been removed, providing users with a seamless experience when updating the Bypass List and Alternate Redirection List elements. For more details on how to remove it, see On-Prem ePO Common Catalog Removal.
IMPORTANT: It is required to follow the correct Common Catalog removal steps after completing the upgrade of the SCP extension to 4.9.1 or later to avoid any compatibility issues in the future with Trellix On-prem ePO.
Enhancements
Simplified Steps for Configuring PA-UDP
Support for the UDP protocol for Private Access has been improved through simplified steps for configuring PA-UDP settings. For more details, see Prerequisites and Firewall Settings for Private Applications.
Clear Text Log Optimization
Clear Text Logs are optimized by removing lines that are printed continuously, as they increase the log size and affect readability along with changing some of the ERROR Logs labels to INFO or WARNING on Windows & macOS.
Support for UDP-based Private Applications on macOS
Skyhigh Client Proxy supports UDP traffic for private applications using Private Access on macOS.
Resolved Issues
Reference | Issue Description |
---|---|
MCP-6313 | Client Proxy policy saves additional ports 9995 and 9999 to redirect as HTTP/HTTPS on-prem ePO without getting missed, which was not saved earlier. (Windows and macOS) |
MCP-6384 | SCP now does not allow a browser page with the ZTNA dashboard upon stoppage. (macOS only) |
MCP-6420 | Trellix ePO - SaaS SCP Policy Catalog screen transition. This issue is now resolved. |
MCP-6523 | When the machine recovers from sleep mode, SCP redirects to the cloud primary proxy. (Windows only) |
MCP-6579 | The optimal CPU utilization is due to an internal task that caused CPU spike in Skyhigh Client Proxy is now resolved. (macOS only) |
MCP-6583 | IPv6 traffic fallback to IPV4 traffic when the Block IPV6 option is enabled. (macOS only) |
MCP-6595 | Skyhigh Client Proxy connection was intermittently interrupting, the issue is now resolved. (Windows only) |
MCP-6597 | The About SCP Window now shows no redirection when the client proxy is not redirecting any traffic. (Windows only) |
MCP-6599 | The Bypass List and Alternate Redirection List page just spins and never loads, this issue is now resolved. (Windows and macOS) |
MCP-6687 | When upgrading Skyhigh Client Proxy in macOS via ePO, the Trellix icon becomes grey and now the issue is resolved and the Trellix icon is active. (macOS only) |
MCP-6735 | The client Proxy status window displayed a Bypass Mode message with an erroneous date. This issue is now resolved. (macOS only) |
MCP-6736 | Traffic redirection is not supported on Skyhigh Client Proxy 4.8 and 4.9.0.115 after the MacOS 14.4 upgrade. (macOS only) |
UFW-858 | The optimal CPU utilization is reduced and performance is improved in 2, 4, and 8-core CPU systems. (Windows only) |
Known Issues
Reference | Issue Description |
---|---|
MCP-6590 | Issue: Policy Revision Number Mismatch between Trellix SaaS EPO and SCP Client (Mac and Windows). which happens only in a specific user environment. Workaround: Only the Trellix Saas ePO would show a rev no. of (N+1), compared with the endpoint. All the functionalities will be working as it is. |
MCP-6668 | Issue: If we apply a dummy proxy as primary, scp blocks/bypasses the alternate redirection traffic as well since the primary proxy is not reachable. |
MCP-6755 | Issue: If a policy name is updated from the Policy Catalog page, the revision number will not increase. Workaround: Open the policy and save it to get the updated policy name reflected in an endpoint |
MCP-6759 | Issue: When SCP is installed, it is unable to use a T-Mobile iPhone hotspot. This is only for Mac and IPv6 networks. |
Vulnerability Fixed
This Skyhigh Client Proxy release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.
The following medium CVEs (CVSS 3.1 >= 5.5) were involved:
Reference | Description |
---|---|
MCP-6433 |
This Skyhigh Client Proxy release addresses the medium-severity vulnerabilities found in OpenSSL version 3.0.8. These issues is resolved by upgrading to OpenSSL version 3.0.13.
|