Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 11.2.14 Release Notes

New Features in the 11.2 Release 

This release provides the following new features. For resolved issues in this release and the update releases, see further below.

NOTE: Secure Web Gateway 11.2 is provided as a main release.

For information about how to install this release, see the Upgrading to a New Version - Controlled Release. If you are installing the Secure Web Gateway appliance software for the first time, see Installing Secure Web Gateway for the First Time.

New Properties for Web Policy Rules  

When configuring rules for your web policy, you can use these new items:

  • A new property to expose encrypted archive directory listings.
  • A new property to store the rule and rule set names or IDs that were processed at the end of the request and response filtering cycles.

GTI Data Included in Feedback File  

Data that is collected by the GTI diagnosis script of the operating system is included in the output feedback file.

Support for Rolling TCPdump collection 

Support for rolling TCPdump collection option is now available in the UI. For more details, see Create a packet tracing file. For more details on Performing Packet Tracing in Secure Web Gateway, see Performing Packet Tracing in Secure Web Gateway SWG

More Flexibility for HTTP Proxy Port Configuration  

When configuring an HTTP Proxy Port, you can disable the Enable FTP over HTTP option. The option is enabled by default.

SSL Tap Configuration Enhanced  

 The following enhancements have been added to SSL Tap configuration:

  • The destination port number is not overwritten by default when tapped packets are created.
  • The destination MAC address can be customized when tapped packets are broadcast.
  • SSL tapping now supports HTTP2 on Secure Web Gateway.

Detection of Excel 4 Macros Added  

Excel 4 macros are now detected in media type filtering. 

IP Spoofing Supported for HTTP(S) in Proxy Configuration  

IP spoofing is supported for HTTP(S) when setting up proxies in Explicit Proxy or L2 Transparent mode.

Known Issues and Workaround 

For a list of issues that are currently known, see SWG 11.x.x Known Issues and Workaround

Resolved issues in update 11.2.14 

Note: 11.2.14  release is no longer generally available, please install the next available version (11.2.15) instead of 11.2.14.

This release resolves known issues.   

NOTE: Secure Web Gateway 11.2.14 is provided as a main release.

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.

JIRA issue numbers are provided in the reference columns.

Reference Description
WP-3593 Login message in login dialog of HTML UI/Webstart is shown properly. 
WP-4401 The import of algorithms like elliptic curves under "SSL Client Certificate Handling" is working normally as RSA restriction is removed.
The supported ecparam curves are : secp256k1 ,secp384r1 ,secp521r1 ,prime256v1
WP-5537 The vulnerability CVE-2023-4400, related to Clear text storage of sensitive information is fixed. After upgrading to 11.2.14 version, it is recommended to update the previous passwords set in the Configuration files. For more details see, SB10406
WP-5578 Both body.replace and body.insert functions work fine when a file content starts with a double quotation mark (").
WP-5613 The memory utilization of mwg-core is reduced.

Vulnerabilities Fixed         

Reference Description
WP-4635 This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number.
  • CVE-2022-27776,
    CVE-2022-27775,
    CVE-2022-27775,
    CVE-2022-22576
WP-4780 Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that a remote attacker can use to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
  • CVE-2022-44792,
    CVE-2022-44793
WP-5392 Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root.
  • CVE-2022-41974
WP-5576 Checking excessively long DH keys or parameters may be very slow. So Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays.
  • CVE-2023-3446,
    CVE-2023-3817
WP-5603 This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the user's privileges running the SSH-agent.
  • CVE-2023-38408
  • Was this article helpful?