Skip to main content
Skyhigh Security

Secure Web Gateway 10.2.x Release Notes

What's new in the 10.2 release

Releases can introduce new features and enhancements or update platform support.

Improvements for Proxy HA mode

Several options are now available that allow for improved performance and handling when running Secure Web Gateway in Proxy High Availability (Proxy HA) network mode.

  • An inactivity timeout, a load balancing algorithm, and sticky sessions can be configured, as well as egress IP addresses to increase the number of simultaneously active connections to cluster nodes scanning web traffic.
  • Filtering traffic coming in under the SOCKS protocol is supported.

For more information, see the Proxy HA mode section of the Secure Web Gateway Product Guide.

More protocol versions for secure ICAP

Different versions of the TLS and SSL protocols can now be selected when running Web Gateway in a secure ICAP server configuration.

For more information, see the ICAP server section of the Secure Web Gateway Product Guide.

Property for troubleshooting ATD issues

The Antimalware.MATD.Error.MessageDetails string-type property has been added to the list of properties for use in web security rules. It provides details of an Advanced Threat Defense error message, such as timeouts, missing values, or network problems.

For more information, see the Properties - A section of the Secure Web Gateway Product Guide.

More media types detected

More media types are detected by the functions for media type filtering on Web Gateway, including:

  • Visio files with the following extensions: vsdm, vsdx, vssm, vssx, vstm, vstx
  • CAD files
More efficiency in internal processing
  • Several internal processes have been improved on Web Gateway as follows.
  • For users working with the WebSwing version of the user interface, the individual IP addresses of their client systems are recorded in the audit log when requests come in from these clients. The common 127.0.0.1 address is no longer in use here.

This address had been logged for all users due the role as a remote desktop that WebSwing took from the point of view of the Java user interface.

A commercial WebSwing version has also been implemented to overcome some limitations of the open source versions.

  • More efficient methods of identifying customers, clients, and connections involved in issues that occurred are now used when reading core files stored in a temp folder.
  • Some enhancements have been implemented for the consistency checking tool, which identifies unused settings and lists on Web Gateway.
  • The feedback file that is evaluated on the master node in a cluster of Web Gateway appliances now provides the current version of the appliance software for each cluster node.
  • Processing lists with entries in Regex format performs better due to an improvement of the diagnostic tool.

What's new in update 10.2.1

This release introduces several enhancements.

SmartMatch optimization

Performance has been optimized for SmartMatch lookups by improving the way lists are handled when searching for matches.

Kerberos authentication with improved logging

When the Kerberos authentication method is used, error logging has been improved, for example, by writing client IP addresses in the log.

Handling of HTTP2 statistics improved

HTTP2 statistics, which are also shown on the Secure Web Gateway dashboard, are provided under the Simple Network Management Protocol (SNMP) to be read by an external SNMP manage poll.

Resolved issues in update 10.2.16 

This release resolves issues.

For a list of issues that are currently known, but not resolved yet, see Secure Web Gateway 10.x Known Issues (KB93400).

NOTE: Secure Web Gateway 10.2.16 is provided as a main release and archived.      

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.   

The JIRA issue number is provided in the reference column.

Reference Description
WP-4966 The Opener used for parsing rtf documents does not crash anymore.

Announced Vulnerabilities   

Reference Description
WP-4996
 

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2022-40674

Resolved issues in update 10.2.15 

This release resolves issues.

For a list of issues that are currently known, but not resolved yet, see Secure Web Gateway 10.x Known Issues (KB93400).

NOTE: Secure Web Gateway 10.2.15 is provided as a main release and archived.      

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.   

The JIRA issue number is provided in the reference column.

Network communication      
Reference Description
WP-4734 Both the proxy.outbound IP address and port are working as expected now for TCP proxy connections.
Others      
Reference Description
WP-4935 The version check fails no longer when new kernel are released.

 

Announced Vulnerabilities        
Reference Description
WP-4949,
WP-4950,WP-4951

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2022-31676
  • CVE-2022-1552
    CVE-2022-2319
    CVE-2022-2320
    CVE-2022-29154
  • CVE-2022-2319
    CVE-2022-2320

For more information about these CVEs and their impact, see the Red Hat CVE portal.

Resolved issues in update 10.2.14 

This release resolves issues.

For a list of issues that are currently known, but not resolved yet, see Secure Web Gateway 10.x Known Issues (KB93400).

NOTE: Secure Web Gateway 10.2.14 is provided as a main release and archived.      

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.   

The JIRA issue number is provided in the reference column.

Web filtering     
Reference Description  
WP-4578 An issue with eml files, which were getting blocked due to an underscore in the message header, has been resolved.  
WP-4605 PDF files that are submitted to an electronic signature platform do not get blocked anymore by a Block Encrypted Types rule, as the user key is correctly detected now.  
WP-4887 Opening a document of the application/postscript media type no longer results in false as a value for the MediaTypeHasOpener property after this media type was added to the list of media types than can be handled by the File Opener on Secure Web Gateway.  
WP-4922 An issue with high memory usage that occurred with the UCE container on Secure Web Gateway due to an endless loop in excel4 macro media type detection has been resolved.  
Network communication      
Reference Description
WP-4835 Exceptions that had been entered in the Port Redirection table based on IP addresses are working as expected for the Transparent Bridge mode.
WP-4931 Checking lists with revoked certificates does not fail anymore, which had happened due to a browser error.
Others      
Reference Description
WP-4465 Tomcat has been upgraded from version 7.x to version 9.x

 

Announced Vulnerabilities        
Reference Description

WP-3750,WP-4871

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2022-23307, 
    CVE-2022-23305,
    CVE-2022-23302 
  • CVE-2022-37434 - There is a Low impact, needs physical system access for successful exploitation.

For more information about these CVEs and their impact, see the Red Hat CVE portal.

Resolved issues in update 10.2.13 

This release resolves issues.

For a list of issues that are currently known, but not resolved yet, see Secure Web Gateway 10.x Known Issues (KB93400).

NOTE: Secure Web Gateway 10.2.13 is provided as a main release.      

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.   

The JIRA issue number is provided in the reference column.

Other     
Reference Description
WP-4767 Resolved SWG not processing traffic issue when used along with HSM , due to threads hanging in critical section lock.
WP-4813 Alerts related to HSM keys containing control characters are escaped (‘%’ replaced with ‘/’) to resolve Alert Page disappear issue.
WP-4839 The AOLE2 Opener used for opening Microsoft Office files does not crash anymore.

Announced Vulnerabilities       

Reference Description

WP-4801, WP-4802, WP-4834, WP-4841

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2020-10663 - There is no impact on SWG. The ruby core of SWG does not use this library to parse/process JSON data, so there is no input vector available for exploitation.
  • CVE-2021-31799 - There is no impact on SWG. Since package is used to generate documentation and is therefore not installed on customer environments.
  • CVE-2020-26116 - There is no impact on SWG, since Python is not in use for normal SWG functioning.
    CVE-2020-26137
    CVE-2022-0391
  • CVE-2022-34169 - There is no impact. SWG does not load untrusted code.
    CVE-2022-25647
    CVE-2022-21541
    CVE-2022-21540
    CVE-2022-21549 

For more information about these CVEs and their impact, see the Red Hat CVE portal.

Resolved issues and a change in update 10.2.12 

This release resolves issues.

For a list of issues that are currently known, but not resolved yet, see Secure Web Gateway 10.x Known Issues (KB93400).

NOTE: Secure Web Gateway 10.2.12 is provided as a main release.      

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.   

Changed  

The Web Hybrid Legacy settings are no longer available for configuring an appliance system.

Resolved issues 

JIRA issue numbers are provided in the reference column.

Web Filtering    
Reference Description
WP-4555 Performance of the is-in-list operator when searching lists of IP addresses has been improved.
WP-4761 Opening zipped files with the 7Zip opener does not fail anymore.
Other     
Reference Description
WP-2952 Files can be downloaded and deleted again on the REST interface, which had not been possible due to an issue with troubleshooting rights.
Vulnerabilities      
Reference Description

WP-4619, WP-4723, WP- 4731, WP-4733, WP-4762, WP-4766, WP-4781 

 

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2022-21476 - There is no impact on SWG because no untrusted Java code is loaded.
    CVE-2022-21496
    CVE-2022-21434
    CVE-2022-21426
    CVE-2022-21443
  • CVE-2022-24903 - There is no impact on SWG because as it is not configured to be a receiver by default.
  • CVE-2022-2310 - For Impact details, see Security Bulletin SB10384.
  • CVE-2022-2068 - There is no impact. Affected script is not shipped by default on customer instances.
  • CVE-2022-34914 -  There is a critical impact.Immediate upgrade is strongly recommended. 
  • CVE-2022-1271 - There is a moderate impact on SWG since it requires CLI access to the instance to be exploited.
  • CVE-2022-2097 - There is a Low impact, since vulnerability only affects 32bit implementation and does not affect TLS.

For more information about these CVEs and their impact, see the Red Hat CVE portal.

Resolved issues in update 10.2.11 

This release resolves known issue.

For a list of issues that are currently known, but not resolved yet, see Secure Web Gateway 10.x Known Issues (KB93400).

NOTE: Secure Web Gateway 10.2.11 is provided as a main release.         

For upgrade information, see the Upgrading to a new version provided as a main release section of the Secure Web Gateway Installation Guide. 

The JIRA issue number is provided in the reference column.

Network communication   
Reference Description
WP-3343 IP spoofing is supported for HTTP(S) when setting up proxies in Explicit Proxy or L2 Transparent mode.
Other   
Reference Description
WP-3990 Excel 4 macros are now detected in media type filtering.
Vulnerabilities     
Reference Description

WP-4547, WP-4598, WP-4621

 

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2022-24407 - There is no impact on SWG since the affected component is not in use. 
  • CVE-2022-1271 - There is a moderate impact on SWG since it requires CLI access to the instance to be exploited.
  • CVE-2022-1292  - There is No impact since SWG does not ship the affected script by default. 
    CVE-2022-1473
    CVE-2022-1434
    CVE-2022-1343

For more information about these CVEs and their impact, see the Red Hat CVE portal.

 

Resolved issues in update 10.2.10 

This release resolves known issue.

For a list of issues that are currently known, but not resolved yet, see Secure Web Gateway 10.x Known Issues (KB93400).

NOTE: Secure Web Gateway 10.2.10 is provided as a main release.         

For upgrade information, see the Upgrading to a new version provided as a main release section of the Secure Web Gateway Installation Guide. 

The JIRA issue number is provided in the reference column.

Network communication 
Reference Description
WP-4646 An issue with high memory usage that occurred on a Secure Web Gateway for On-Prem appliance has been resolved. 
Other 
Reference Description
WP-3772 The PDF opener now also supports PDF versions below 2.0 with AESV3 encryption.
WP-4238 The rule in the script filter rule set that removes ActiveX objects from Javascript is working fine now. 
WP-4351 A table without a header is no longer recognized erroneously as application/x-compressed-arc.
WP-4650 Random f.txt file downloaded on Chrome\Edge browsers do not occur anymore.

 

Resolved issues in update 10.2.9 

This release resolves known issues.

For a list of issues that are currently known, but not resolved yet, see Secure Web Gateway 10.x Known Issues (KB93400).

NOTE: Secure Web Gateway 10.2.9 is provided as a main release.         

For upgrade information, see the Upgrading to a new version provided as a main release section of the Secure Web Gateway Installation Guide. 

The JIRA issue number is provided in the reference column.

Network communication 
Reference Description
WP-4145 POST commands running while HTTP tunneling is enabled do not lead to a failure of the core process on Secure Web Gateway anymore.
WP-4541 Processing of cluster messages sent by the Notification plugin that is implemented in the core process has been improved.
WP-4558 When the data threshold of 10 GB is reached on an ICAP connection, the connection is shut down to avoid overload issues.
WP-4559 Memory can be reserved for advance usage while reading messages on Secure Web Gateway, so the length of the response is already known early, which avoids memory reallocation.
Web filtering 
Reference Description
WP-4459 File scanning now extracts text from PDFs, which had failed before, as the scanning process went into a loop causing CPU consumption to reach 100%. 
Other 
Reference Description
WP-4362 The Secure Web Gateway rule set for file scanning scans nested archives files now that caused issues before. 
WP-4556 Coordinator crashes that led to a shutdown on a Secure Web Gateway appliance do not occur anymore.
WP-4567 The SmartCache default size value has been increased from 100 to 1000 MB.  
WP-4584 Response time for CStorageJob backup and restore activities has been improved. 
Vulnerabilities   
Reference Description

WP-4432, WP-4454, WP-4591

 

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2022-23990
  • CVE-2022-23852
  • CVE-2022-45960
  • CVE-2022-22822
  • CVE-2022-22823
  • CVE-2022-22824
  • CVE-2022-22825
  • CVE-2021-46143
  • CVE-2022-22826
  • CVE-2022-22827
  • CVE-2022-25236
  • CVE-2022-25235
  • CVE-2022-25315
  • CVE-2022-1254
  • CVE-2018-25032

For more information about these CVEs and their impact, see the Red Hat CVE portal.

  • Was this article helpful?