Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 12.2.17 Release Notes

  1. Last updated
  2. Save as PDF

New Features in the 12.2.x Release    

Below is a consolidated list of new features available across the different 12.2.x releases. For issues resolved as a part of this release, see the Resolved Issues section.

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.   

Rebranding to Account for Transition    

Names of products, components, and other items have been rebranded to account for the transition from McAfee to Secure Web Gateway.

Rebranded SNMP SMI and MIB file with Updated Org OID for Skyhigh Security    

As part of the rebranding, a new Object Identifier (OID) has been introduced for Org Skyhigh Security. We are updating the SNMP OID from .1.3.6.1.4.1.1230* to .1.3.6.1.4.1.59732*. You'll need to update your management software accordingly if they are referring to these OID. For more details, see Configure event monitoring with SNMP.

Trellix VX Integration to SWG   

The SWG 12.2.0 supports integration with Trellix Virtual Execution (VX). For more details, see Trellix Virtual Execution Integration to SWG.

Detection of OneNote files  

New Mediatype detection has been added for OneNote files to detect .one and .onepkg files. 

Insecure NETLOGON   

Insecure NETLOGON channel is blocked by default. To explicitly allow Insecure NETLOGON, a new checkbox is provided in Windows Join Domain Dialogue. For more details, see Insecure Netlogon.

TCP Health Check   

Prior to this feature, SWG would send live traffic to Next Hop Proxies to determine its health which resulted in delayed response in case Next Hop Proxy is not healthy. With this feature, SWG will have knowledge of the health of the Next Hop Proxies beforehand. For more details, see TCP Health Check for Next Hop Proxy.

Server Chunk Encoding   

A new check box option is provided in proxy control event settings, which allows to enforce chunk encoding transfer on server requests from SWG. For more details, see Server Side Chunk Encoding.

Connect Response Based on HTTP-Protocol  

The Connection Established response message always shows HTTP1.0 even if the HTTP Protocol header of the request was HTTP1.1. Now you can configure this under Proxy Control Event, where we can select to send back the Connection Established response text based on the HTTP Protocol version received. For more details, see Configure Connection Established Response based on HTTP Protocol Version.

Support to Pipelined Application/HTTP  

A new media type has been added to media type filtering for detection and openers for Pipelined Application/HTTP. 

New Properties for Multiline Base64  

To support the multiline Base64, new properties are added in SWG.

Support for kdbx-kdb-Filetype  

A new media type has been added to media type filtering to detect files of the kdbx and kdb types.

Client Certificate Authentication for HTML UI  

Client Certificate Authentication is now added for the HTML UI. For more details, see Client Certificate Authentication for HTML UI.

Configurable Size Limit of Single XML AttributesEdit section 

The configurable size limit of single XML attributes has been increased to reduce errors on startup when having large inline lists.

Known Issues and Workaround 

For a list of issues that are currently known, see SWG 12.x.x Known Issues and Workaround.

Resolved Issues in the 12.2.17 Release     

NOTES:

  • Secure Web Gateway 12.2.17 is provided as a main release.    
  • If you have configured SWG in Transparent Router mode, ensure that your configuration follows the mandatory steps outlined in the Skyhigh document before upgrading to SWG version 12.2.9 or later.

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.   

The following table provides a list of Resolved Issues with associated Jira numbers.

Reference Description
WP-5848/WP-6615/WP-2636/WP-7063 During the Health Check and NHP list validation in UI, the invalid Hostnames and IP addresses are highlighted in red. In addition, an error message displays.
WP-6161 The IP port efficiently redirects to load the User Interface during Client Certificate Authorization.
WP-6250 An error message with the appropriate public IP (URL) displays when multiple users try logging into another device in the same SWG cluster. 
WP-6408 The missing Skyhigh Client Proxy (SCP) headers are included in the Secure Next-Hop Proxy (SNHP) requests. Consequently, the NHP authenticates HTTP2 traffic despite the Proxy style request option being disabled. 
WP-6563 The Oracle Cloud Infrastructure (OCI) image scripts are updated, and the cloud-init package is upgraded from v18.4 to v23.4 to support both IMDSv1 and IMDSv2 versions.
WP-6634/WP-7364 To reduce high memory usage during large file downloads, HTTP/2 is optimized by linking client.
WP-6885 The Skyhigh Secure Web Gateway enables uploading PARQUET files (.parquet) as a valid media type.
WP-6887 Memory leak in the Kerberos Authentication module is optimized.
WP-7001  The Skyhigh Secure Web Gateway Radius UI Authentication successfully authenticates usernames in UPN format.
WP-7091 The missing null pointer is referenced in CMSGraphAPIClient::ReportIssue(...) feedback and no crash is observed.
WP-7112 The libcurl library is updated to address CVE-2025-0665.
WP-7133 The Skyhigh Secure Web Gateway supports legitimate Excel files with invalid rupYear.
WP-7159 The Proxies tab in the Configuration section of the UI is accessible after the upgrade.

Vulnerabilities Fixed     

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE is shown to impact customers.
The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

Reference CVE  Description
WP-6310 CVE-2021-27645 Not applicable, libslirp is not installed.
CVE-2024-2961 Not applicable for SWG.
CVE-2024-33599 Not applicable, SWG doesn't use nscd service.
CVE-2024-33600 Not applicable, SWG doesn't use nscd service.
CVE-2024-33601 Not applicable, SWG doesn't use nscd service.
CVE-2024-33602 Not applicable, SWG doesn't use nscd service.
WP-6835 CVE-2025-21502 Not applicable, SWG doesn't use 8u431-perf.

IMPORTANT: For resolved issues on the previous releases and other information, see Secure Web Gateway 12.2.x Release Notes 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. Secure Web Gateway 12.2.4 Release Notes
    2. SWG 12.2.4 RNs