Secure Web Gateway 12.0.x Release Notes
New Features in the 12.0 Release
This release provides the following new features. For resolved issues in this release and the update releases, see further below.
Rebranding to Account for Transition
Names of products, components, and other items have been rebranded to account for the transition from McAfee to Secure Web Gateway.
Action for Certificate Error to be Decided by User
When a certificate error occurs, it is shown in the browser, so that you can decide which action to take.
Configurable OCSP/CRL Domain to Support Transparent Mode
When configuring a transparent proxy mode for Secure Web Gateway, you can select the OCSP or CRL domain that information about revoked certificates is retrieved from.
Validation of customer ID and Shared secret for UCE hybrid
For UCE hybrid customers using SCP, a configurable option has been provided to validate the customer ID and shared secret. It ensures if the traffic from multiple tenants should be allowed to go to UCE via same on-prem Secure Web Gateway.
Property for Logging Next-hop Proxy Address
A new property is provided that allows you to log the IP addresses of next-hop proxies in the logging cycle on Secure Web Gateway.
Tomcat Upgrade
Tomcat has been upgraded to version 9.
LogJ4 Upgrade
LogJ4 has been upgraded from version 1.x to 2.x.
Resolved Issues in the 12.0.1 Release
This release resolves known issues.
NOTE: Secure Web Gateway 12.0.1 is provided as a controlled release.
For information about how to upgrade to this release, see Upgrading to a new version – Main Release.
JIRA issue numbers are provided in the reference columns.
Web filtering
| Reference | Description |
|---|---|
| WP-2217 | The PDF opener now also supports PDFs with versions 2.0. |
| WP-4536 | Client IP or URL to be logged with Kerberos error messages, when authentication logs are enabled." |
| WP-4859 | File previously not getting detected as TTF gets detected correctly as TTF now. |
| WP-4934 | Long list names used when configuring Secure Web Gateway web policy rules are rendered completely in rule sets. |
| WP-4966 | The file opener does not crash anymore when used to parse rtf documents. |
| WP-4981 | Block page now shows URL and category, which was missing after transitioning from coaching block page to URL blocked page |
| WP-4992 | A new media type has been added to detect InDesign documents and templates |
| WP-4998 | The file opener now supports tar files with pax headers. |
| WP-5076 | The PDF opener function for detecting JavaScript has been improved. |
Network communication
| Reference | Description |
|---|---|
| WP-4557 | No error was found when selecting rule trace even when option Restrict browser session to IP address of user is enabled |
| WP-4954 | Passive FTP is are working as expected now in a HA Proxy setup through Haproxy. |
| WP-4985 | An HTTP2 issue related to a wrong value for connection level flow control has been fixed. |
| WP-5010 | TCP half-close support for TCP and SOCKS proxies to access an application works without issues. |
| WP-5018 | Version discrepancy of DLP system lists no longer occurs after updating SWG 10.2 to 11.2. |
| WP-5070 | A high client connection issue related to URL parsing has been fixed. |
| WP-5111 | SaaSConnectors are syncing again. |
Other
| Reference | Description |
|---|---|
| WP-4491 | Issue related to LinkedIn video upload with HTTP2 is now fixed. |
| WP-4664 | Update Webgateway to point from existing McAfee based GTI domains to newly migrated GTI domain (swg.repl.gti.trellix.com). |
| WP-4667 | Users can join a Zoom meeting via browser when the waiting room option is enabled. |
| WP-4724 | SWG UI login issue while using Client Certificate for Authentication does not occur anymore. |
| WP-4944 | Restore backup are working as expected now, which had happened due to duplicate ID that had been assigned to configuration file. |
| WP-5024 | The rsyslog daemon had kept the /var/log/haproxy/ haproxy-info_1.log file open until all disk space had been filled up on a Secure Web Gateway appliance. This has been fixed now and log rotation works fine again. |
| WP-5074 | A core crash issue with the NativeBrowserCA feature has been resolved. |
| WP-5081 | An option to configure addition of X cache headers is added to proxy control configuration |
| WP-5109 | All the logs are rotated as per Log Manager Configuration. |
Vulnerabilities Fixed