Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 12.2.23 Release Notes

  1. Last updated
  2. Save as PDF

The Skyhigh SWG 12.2.23 release includes updates to multiple third-party packages addressing known CVEs across various components and introduces new functionality to strengthen protection against decompression bomb attacks. For the full list of package updates, refer to the Complete CVE and Package List.For details on the issues resolved in this release, see the Resolved Issues section. 

What's New in 12.2.23 Release  

This release introduces the following enhancement:

New Decompression Protection in Secure Web Gateway

Skyhigh Secure Web Gateway (SWG) now includes decompression protection to defend against decompression bombs (zip bombs). These files appear small during transfer but expand significantly during decompression, which can exhaust system memory and disrupt services. For more details, see Prevent Memory Exhaustion from Decompression Bomb Attacks.

Resolved Issues in the 12.2.23 Release    

SWG 12.2.23 is available as a main release. You can download the build from the Content & Cloud Security Portal. For information about upgrading, see Upgrading to a new version – Main Release. For details about resolved issues in previous releases and other related information, see Secure Web Gateway 12.2.x Release Notes.

 

NOTE: 

If you have configured SWG in Transparent Router mode, ensure that your configuration follows the mandatory steps outlined in the Configure Proxy Settings for a Director Node in Transparent Router Mode before upgrading to SWG version 12.2.9 or later. 

IMPORTANT: Skyhigh recommends that users using SSL Tap do not upgrade to version 12.2.23 due to a known issue with SSL Tap. Refer to the Known Issues section for more details. 

Reference Description
WP-8765 The system now excludes DCC cache entries from AI category calculation, preventing a race condition that could cause an mwg-core crash.

Vulnerabilities Fixed in the 12.2.23 Release

NOTE: The 12.2.23 release includes multiple package updates and addresses several CVEs. This section lists only the critical CVEs and their corresponding packages in the release notes. Descriptions are provided only for the critical CVEs. For a complete list of all packages and their associated CVEs, refer to the Complete CVE and Package List

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following critical CVE's (CVSS 9.0 to 10.0) were involved: 

Reference CVE  Packages Updated Description
WP-8676 CVE-2018-18751 gettext SWG is not affected.
CVE-2022-23219 glibc SWG is not affected.
CVE-2022-23218 SWG is not affected.
CVE-2014-9474 mpfr SWG is not affected.
CVE-2024-52530 libsoup SWG is not affected.
CVE-2021-3177 python3 SWG is not affected.
CVE-2023-48795 openssh SWG is affected, and the current release includes the recommended
package version openssh-7.4p1-33.1
CVE-2025-55754 tomcat SWG is affected, and the current release includes the recommended
package version tomcat-9.0.112-1
CVE-2024-37371 krb5 SWG is affected, and the current release includes the recommended
package version krb5-1.15.1-55.0.9.1

Known Issues and Workarounds 

For a list of issues that are currently known, see SWG 12.2.x Known Issues and Workaround.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. Secure Web Gateway 12.2.4 Release Notes
    2. SWG 12.2.4 RNs