Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 12.2.21 Release Notes

  1. Last updated
  2. Save as PDF

The Skyhigh SWG 12.2.21 release adds dedicated AI and ML URL categories to enhance visibility, control, and policy enforcement for AI-related web traffic, along with important fixes. For details on the issues resolved in this release, see the Resolved Issues section.

What's New in 12.2.21 Release 

This release introduces the following enhancement:

Monitor AI and ML Web Traffic with New URL Categorization

Skyhigh Web Gateway introduces dedicated Artificial Intelligence (AI) and Machine Learning (ML) URL categories to enhance visibility, control, and policy enforcement for AI-related traffic. The categories Artificial Intelligence, Generative AI (Image/Audio/Video), and Machine Learning appear under A.I & M.L. and in the System URL Catalog are available for use across all policies.

These categories also enable advanced policy actions such as real-time inspection and granular control of AI-related traffic. Admins gain improved visibility through logs and dashboard views that clearly attribute blocks and policy actions to the appropriate AI/ML category, making it easier to monitor traffic trends and policy hits.  For more details, see Monitor AI and ML Web Traffic with New URL Categorization

NOTE: To troubleshoot URL blocks caused by AI and ML categories, see Troubleshoot URL Blocks Caused by AI and ML Categories.

Resolved Issues in the 12.2.21 Release    

SWG 12.2.21 is available as a main release. For information about upgrading, see Upgrading to a new version – Main Release. For details about resolved issues in previous releases and other related information, see Secure Web Gateway 12.2.x Release Notes.

NOTE: If you have configured SWG in Transparent Router mode, ensure that your configuration follows the mandatory steps outlined in the Configure Proxy Settings for a Director Node in Transparent Router Mode before upgrading to SWG version 12.2.9 or later. 

Reference Description
WP-5285 When RTS is enabled, the system now populates 0.0.0.0:0 as the default entry in the RTS table. Previously, it incorrectly displayed 0.0.0.0:9090 as the default entry.
WP-6631 DES encryption in SNMPv3 caused failure because of Net-SNMP version 5.9-11, and later dropped DES support. The update fixes this issue.
WP-7828 Resolved a crash that occurred when opening PDFs.
WP-7951 A crash triggered by parallel read/write operations on the same socket under secure NHP with HTTP/2 traffic is now fixed.
WP-7973 The system now displays the entries in mwg-boot-config.log in chronological order based on their timestamps.
WP-8055 In a CONNECT request during a retry, Secure NHP no longer adds X-SWEB headers twice when UCE Hybrid is enabled.
WP-8106 The system now correctly detects the sample file as bz2 type and multiple DMG files as DMG type when bz2 compression is used.
WP-8116 Added support for the new Volume Descriptor Version fields in the ISO9660 Opener.
WP-8125 Fixed media type detection to ensure compliance with RFC 822.
WP-8129 Changed the file permissions of /etc/rts/rts.conf and /etc/systemd/system/rts_monitor.service to match those of /etc/haproxy/haproxy.conf configuration files. 
WP-8183 IPv6 log entries now follow RFC 5952 and display correct IP and port information.
WP-8204 Improved detection of application/soap+xml content type.
WP-8243 Net-SNMP version upgrade fixes snmpd crash due to a double-free memory error
WP-8244 SWG now performs successful downloads that were previously failing due to incorrect handling of WINDOW_UPDATE.
WP-8289 PDF opener correctly extracts PDFs in a tabular format.
WP-8299 Parsing the PDF file no longer adds extra spaces.

Vulnerabilities Fixed in the 12.2.21 Release

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.
The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

Reference CVE  Description
WP-8165 CVE-2025-48988 SWG is affected, and it is recommended to upgrade Tomcat to version 9.0.107
CVE-2025-49125 SWG is not affected

Known Issues and Workarounds 

For a list of issues that are currently known, see SWG 12.x.x Known Issues and Workaround.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. Secure Web Gateway 12.2.4 Release Notes
    2. SWG 12.2.4 RNs