Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 12.2.1 Release Notes

New Features in the 12.2 Release   

Edit section

This release provides the following new features. For resolved issues in this release and the update releases, see further below.

For information about how to upgrade to this release, see Upgrading to a New Version - Controlled Release.

Rebranding to Account for Transition   

Names of products, components, and other items have been rebranded to account for the transition from McAfee to Secure Web Gateway.

Rebranded SNMP SMI and MIB file with updated Org OID for Skyhigh Security   

As part of the rebranding, a new Object Identifier (OID) has been introduced for Org Skyhigh Security. We are updating the SNMP OID from .* to .*. You'll need to update your management software accordingly if they are referring to these OID. For more details, see Configure event monitoring with SNMP.

Trellix VX Integration to SWG  

The SWG 12.2.0 supports integration with Trellix Virtual Execution (VX). For more details, see Trellix Virtual Execution Integration to SWG.

Detection of OneNote files 

New Mediatype detection has been added for OneNote files to detect .one and .onepkg files. 


Insecure NETLOGON channel is blocked by default to explicitly allow Insecure NETLOGON,  a new checkbox is provided in Windows Join Domain Dialogue. For more details, see InsecureNetlogon 

TCP Health Check  

Prior to this features, SWG would send live traffic to Next Hop Proxies to determine its health which resulted in delayed response in case Next Hop Proxy is not healthy. With this feature, SWG will have knowledge of the health of the Next Hop Proxies beforehand. For more details, see TCP Health Check for Next Hop Proxy.

Server Chunk Encoding  Edit section

A new check box option is provided in proxy control event settings, which allows to enforce chunk encoding transfer on server requests from SWG. For more details, see Server Side Chunk Encoding

Connect Response Based on HTTP-Protocol 

Connection Established response message always shows HTTP1.0 even if the HTTP Protocol header of the request was HTTP1.1. Now you can configure this under Proxy Control Event, where we can select to send back the Connection Established Response text based on the HTTP Protocol version received.   For more details, see Configure Connection Established Response based on HTTP Protocol Version.

Support to pipelined application/HTTP Edit section

A new media type has been added to media type filtering for detection and Openers for pipelined Application/HTTP. 

New Properties for Multiline Base64 

To support the multiline Base-64, new properties are added in SWG

Support for kdbx-kdb-Filetype 

A new media type has been added to media type filtering to detect files of the kdbx and kdb types.

Client certificate authentication for HTML UI 

Client certificate authentication is now added for the HTML UI, For more details, see Client Certificate Authentication for HTML UI.

Configurable size limit of single XML attributes 

The configurable size limit of single XML attributes has been increased to reduce errors on startup when having large inline lists.

Resolved Issues in the 12.2.1 Release   

Note: 12.2.1 release is no longer generally available, please install the next available version (12.2.2) instead of 12.2.1.

This release resolves known issues.

NOTE: Secure Web Gateway 12.2.1 is provided as a controlled release.      

For information about how to upgrade to this release, see Upgrading to a New Version - Controlled Release.

JIRA issue numbers are provided in the reference columns.

Reference Description
WP-3593 Login message in login dialog of HTML UI/Webstart is shown properly. 
WP-4401 The import of algorithms like elliptic curves under "SSL Client Certificate Handling" is working normally as RSA restriction is removed.
The supported ecparam curves are: secp256k1, secp384r1, secp521r1, prime256v1
WP-5335 A New 4500-E BIOS V7.220 is released.
NOTE: To upgrade to the new BIOS V7.220, you should upgrade SWG to one of the latest versions (12.2.1, 11.2.14, and 10.2.25). These versions have the updated AMISCE that reduces the risk of incompatibility of an old AMISCE version used with the new BIOS.
WP-5537 The vulnerability CVE-2023-4400, related to Clear text storage of sensitive information is fixed. After upgrading to 12.2.1 version, It is recommended to update the previous passwords set in the Configuration files. For more details see, SB10406
WP-5551 An issue with memory leak that occurred while handling Intermediary 103 headers in HTTP2.0 for On-Prem appliance has been resolved. 
WP-5578 Both body.replace and body.insert functions work fine when a file content starts with a double quotation mark ("). 
WP-5597 Browser is now redirected back to the original requested page, when the coaching page is displayed and the continue button clicked.
WP-5613 The memory utilization of mwg-core is reduced.
WP-5629  The default value of scan timeout in ICAP client settings is set to 600 seconds.

Vulnerabilities Fixed      

Reference Description
WP-4635 This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number.
  • CVE-2022-27776,
WP-4780 Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that a remote attacker can use to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
  • CVE-2022-44792,
WP-5392 Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root.
  • CVE-2022-41974
WP-5576 Checking excessively long DH keys or parameters may be very slow. So Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays.
  • CVE-2023-3446,
WP-5603 This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the user's privileges running the SSH-agent.
  • CVE-2023-38408
  • Was this article helpful?