Secure Web Gateway 11.1.3 Release Notes
What's new in the 11.1 release
This release introduces new features and enhances existing features.
Radius-based authentication and management of CLI-based administrator accounts
On the Web Gateway user interface, you can as an administrator create CLI-based accounts for other administrators. Each of these accounts works across all the appliances in a cluster or on a standalone appliance. Logon is enabled based on Radius authentication or local authentication depending on the configuration.
For more information, see the Administrator accounts chapter of the Secure Web Gateway 11.1.x Product Guide.
Configurable ISTag header parameters for ICAP server responses
You can choose and configure additional parameters for the ISTag header that is sent in responses to the ICAP clients when Secure Web Gateway runs as an ICAP server. The header can also provide information about the version of the web protection policy that is in place on this Secure Web Gateway appliance.
For more information, see the Proxies chapter of the Secure Web Gateway 11.1.x Product Guide.
Terminating client connections on the command line interface
You can terminate a client connection by running a command on the command line interface (CLI). The reason for terminating a connection might be that the traffic on this connection consumes too much bandwidth.
Event for removing headers based on wildcard matches
Using the Header.RemoveAllWildcardMatchingHeaders event in a rule, you can remove all headers that match a given wildcard from requests and responses sent and received in web traffic that is processed on Secure Web Gateway.
Property for encoding a string under the Base64 method and rendering the result in binary format
Using the String.Base64EncodeAsBinary property in a rule, you can have a string encoded under the Base64 method and the result of this encoding turned into a string of binary digits.
Known Issues and Workaround
For a list of issues that are currently known, see SWG 11.x.x Known Issues and Workaround
Resolved issues in update 11.1.3
This release resolves known issue.
NOTE: Secure Web Gateway 11.1.3 is provided as a controlled release.
For upgrade information, see the Upgrading to a new version provided as a main release section of the Secure Web Gateway Installation Guide.
The JIRA issue number is provided in the reference column.
Network communication
| Reference | Description |
|---|---|
| WP-4145 | POST commands running while HTTP tunneling is enabled do not lead to a failure of the core process on Secure Web Gateway anymore. |
| WP-4541 | Processing of cluster messages sent by the Notification plugin that is implementend in the core process has been improved. |
| WP-4558 | When the data threshold of 10 GB is reached on an ICAP connection, the connection is shut down to avoid overload issues. |
| WP-4559 | Memory can be reserved for advance usage while reading messages on Secure Web Gateway, so the length of the response is already known early, which avoids memory reallocation. |
Web filtering
| Reference | Description |
|---|---|
| WP-4459 | File scanning now extracts text from PDFs, which had failed before, as the scanning process went into a loop causing CPU consumption to reach 100%. |
Other
| Reference | Description |
|---|---|
| WP-4362 | The Secure Web Gateway rule set for file scanning scans nested archives files now that caused issues before. |
| WP-4556 | Coordinator crashes that led to a shutdown on a Secure Web Gateway appliance do not occur anymore. |
| WP-4567 | The SmartCache default size value has been increased from 100 to 1000 MB. |
| WP-4584 | Response time for CStorageJob backup and restore activities has been improved. |
Vulnerabilities Fixed
| Reference | Description |
|---|---|
|
WP-4432, WP-4454, WP-4591
|
This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers. The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:
For more information about these CVEs and their impact, see the Red Hat CVE portal. |