Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 12.0.1 Release Notes

New Features in the 12.0 Release 

This release provides the following new features. For resolved issues in this release and the update releases, see further below.

Rebranding to Account for Transition  

Names of products, components, and other items have been rebranded to account for the transition from McAfee to Secure Web Gateway.

Action for Certificate Error to be Decided by User  

When a certificate error occurs, it is shown in the browser, so that you can decide which action to take.

Configurable OCSP/CRL Domain to Support Proxy Mode  

When configuring a proxy mode for Secure Web Gateway, you can select the OCSP or CRL domain that information about revoked certificates is retrieved from.

Validation of customer ID and Shared secret for UCE hybrid 

For UCE hybrid customers using SCP, a configurable option has been provided to validate the customer ID and shared secret. It ensures if the traffic from multiple tenants should be allowed to go to UCE via same on-prem Secure Web Gateway.

Property for Logging Next-hop Proxy Address  

A new property is provided that allows you to log the IP addresses of next-hop proxies in the logging cycle on Secure Web Gateway.

Tomcat Upgrade  

Tomcat has been upgraded to version 9.

LogJ4 Upgrade  

LogJ4 has been upgraded from version 1.x to 2.x.

Resolved Issues in the 12.0.1 Release  

This release resolves known issues.

NOTE: Secure Web Gateway 12.0.1 is provided as a controlled release.      

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.

JIRA issue numbers are provided in the reference columns.

Web filtering     

Reference Description
WP-2217 The PDF opener now also supports PDFs with versions 2.0.
WP-4536 Client IP or URL to be logged with Kerberos error messages, when authentication logs are enabled."
WP-4859 File previously not getting detected as TTF gets detected correctly as TTF now.
WP-4934 Long list names used when configuring Secure Web Gateway web policy rules are rendered completely in rule sets.
WP-4966 The file opener does not crash anymore when used to parse rtf documents.
WP-4981 Block page now shows URL and category, which was missing after transitioning from coaching block page to URL blocked page
WP-4992 A new media type has been added to detect InDesign documents and templates
WP-4998 The file opener now supports tar files with pax headers.
WP-5076 The PDF opener function for detecting JavaScript has been improved.

 

Network communication    

Reference Description
WP-4557 No error was found when selecting rule trace even when option Restrict browser session to IP address of user is enabled
WP-4954 Passive FTP is are working as expected now in a HA Proxy setup through Haproxy.
WP-4985 An HTTP2 issue related to a wrong value for connection level flow control has been fixed.
WP-5010 TCP half-close support for TCP and SOCKS proxies to access an application works without issues.
WP-5018 Version discrepancy of DLP system lists no longer occurs after updating SWG 10.2 to 11.2.
WP-5070 A high client connection issue related to URL parsing has been fixed.
WP-5111 SaaSConnectors are syncing again.

Other      

Reference Description
WP-4491 Issue related to LinkedIn video upload with HTTP2 is now fixed.
WP-4664 Update Webgateway to point from existing McAfee based GTI domains to newly migrated GTI domain (swg.repl.gti.trellix.com).
WP-4667 Users can join a Zoom meeting via browser when the waiting room option is enabled.
WP-4724 SWG UI login issue while using Client Certificate for Authentication does not occur anymore.
WP-4944 Restore backup are working as expected now, which had happened due to duplicate ID that had been assigned to configuration file.
WP-5024 The rsyslog daemon had kept the /var/log/haproxy/ haproxy-info_1.log file open until all disk space had been filled up on a Secure Web Gateway appliance. This has been fixed now and log rotation works fine again.
WP-5074 A core crash issue with the NativeBrowserCA feature has been resolved.
WP-5081 An option to configure addition of X cache headers is added to proxy control configuration
WP-5109 All the logs are rotated as per Log Manager Configuration.

 

Vulnerabilities Fixed       

Reference Description
WP-4996, WP 4999,
WP-5050, WP-5101

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2022-40674
  • CVE-2023-0214
  • CVE-2022-21626,
    CVE-2022-21628,
    CVE-2022-21619,
    CVE-2022-21624
  • CVE-2022-3550,
    CVE-2022-3551
  • Was this article helpful?