Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 12.1.4 Release Notes

New Features in the 12.1 Release 

Configure Proxy Control X-Cache Header 

A configurable option is now available to either add or remove the Proxy Control X-Cache header in the response. The new setting is located at Policy > settings > proxy control, and the checkbox is called Override X-Cache Header. The setting is enabled by default. For more details, Configure the X-Cache Header in the Response.

TCP Half Close support for TCP Proxy and SOCKS Proxy  

TCP Half Close refers to a TCP connection that is half-closed. So if one participant in a TCP connection has initiated FIN in one direction, then it can still receive data from another participant until the second FIN is received from the other direction. TCP Half Close support is provided for SWG acting as TCP Proxy or SOCKS Proxy. For details, see TCP Half Close for TCP or SOCKS Proxy.

Configure Separate Passwords for SNMPv3 Auth and Encryption 

You can now configure separate passwords for Authentication and Encryption for the SNMPv3 messages. For details, see Configure Event Monitoring with SNMP

Return To Sender 

This feature allows outgoing traffic of SWG to skip default kernel routing. Each reply packet going out

  1. will have same source mac as destination mac in the request packet.
  2. will have same destination mac as source mac in the request packet.
  3. If the reply going out on different interface it came from,  the reply will be redirected to the same interface on which the request came from.
MediaType Detection for InDesign Files  

Media Type can detect InDesign INDD and INDT files and templates. For these file types, the MediaType.EnsuredTypes property contains application/x-indesign. For details, see Media Type Detection for InDesign.

Rebranded SNMP SMI and MIB file with updated Org OID for Skyhigh Security  

As part of the rebranding, a new Object Identifier (OID) has been introduced for Org Skyhigh Security. We are updating the SNMP OID from .* to .*. You'll need to update your management software accordingly if they are referring to these OID. For more details, see Configure event monitoring with SNMP.

Resolved Issues in the 12.1.4 Release   

This release resolves known issues.

NOTE: Secure Web Gateway 12.1.4 is provided as a controlled release.      

For information about how to upgrade to this release, see Upgrading to a New Version - Controlled Release.

JIRA issue numbers are provided in the reference columns.

Reference Description
WP-4517 A new media type has been added to media type filtering to cover requests where pipelined application/http traffic is involved.
WP-4952 Rules that include multiple conditions with multiple IP addresses are shown correctly now.
WP-5261 Enhanced media type detection for SVG files.
WP-5281 A signature has been added for detecting the .one and .onepkg media types.
WP-5361 When using SmartMatch the path component in an URL will now be matched in a case insensitive manner.
WP-5365 Read-only users are now able to switch to the network interface and read the information.
WP-5367 Media type detection has been enhanced for the EML file type.
WP-5376 When a download is performed on Web Gateway Cloud Service (WGCS) under the HTTP2 protocol, use of a progress page to show download progress no longer causes the download to fail.
WP-5377 An ENV variable has been introduced to disable ARP on interfaces where V4 is marked as disabled.
WP-5388 When an EICAR file with a test virus is embedded in a .docx file, it is extracted now and sent to the Gateway Anti-Malware (GAM) engine for scanning.
WP-5393 When data trickling is enabled, response data created under the HTTP2 protocol is completely sent to the client again.
WP-5398 When the value of the acknowledgement number field for the SSL tap is not zero, the ACK flag is set now.
WP-5461 Improved performance behaviour under heavy load situations.
WP-5462 UI login issues when large inline list is involved has been fixed.

Vulnerabilities Fixed       

Reference Description
WP-3575, WP-5369,
WP-5387, WP-5409, WP-5425

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2020-15522
  • CVE-2022-42252
  • CVE-2023-21930
  • CVE-2023-1393
  • CVE-2023-0767
  • Was this article helpful?