Skyhigh Security Cloud Known and Resolved Issues 6.0.1 (May 2022)
- Last updated
- Save as PDF
Skyhigh CASB
Resolved Issues
| Reference | Description |
|---|---|
| May 10, 2022 | When running the ODS Scan for OneDrive, the scan is auto paused, and the status of the scan does not proceed from the initializing phase due to a large user base which results in rate-limiting. The scan restarts and fetches the root folders from the beginning if there is an error during the initialization phase. This issue has been fixed by adding a feature flag to change the logic of fetching root folders from the ODS crawler phase instead of the initialization phase. To enable this feature flag, contact Skyhigh CASB Support for assistance. |
Skyhigh Private Access
Resolved issues
| Reference | Description |
|---|---|
| PAC-1545 | Instead of FQDN, the hostname of the VM (RHEL/ Ubuntu) is now used to update the POP name in the Skyhigh CASB. |
Known issue
| Reference | Description |
|---|---|
| PAC-1363 | When you see cwpp-pop-manager pod is in a CrashLoopBackOff state, then it is due to the DNS resolution errors. Workaround: Add the private DNS server to the cwpp-connector pod.
|
Skyhigh Secure Web Gateway (On-Prem)
Resolved issues in 11.0.2
This release resolves known issues.
For a list of issues that are known, but not resolved yet, see Secure Web Gateway 11.x Known Issues (KB94979).
NOTE: Secure Web Gateway 11.0.2 is provided as a controlled release.
For information about how to upgrade to this release, see Upgrade to a new version provided as a controlled release.
The JIRA issue number is provided in the reference column.
Vulnerabilities
| Reference | Description |
|---|---|
| WP-4355 | This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers. The following medium and higher level CVEs (CVSS 3.0 >= 4) were involved:
|
Resolved issues in 11.0.1
This release resolves known issues.
For a list of known issues that are currently unresolved, see Skyhigh Security Secure Web Gateway 11.x Known Issues (KB94979).
NOTE: Skyhigh Security Secure Web Gateway 11.0.1 is provided as a controlled release.
For information about how to upgrade to this release, see Upgrading to a new version provided as a controlled release in the McAfee Secure Web Gateway Installation Guide.
JIRA issue numbers are provided in the reference column.
Web filtering
| Reference | Description |
|---|---|
| WP-4158 | The time consumed during a transaction can be retrieved again as a value for the Timer.TimeInTransaction property when Secure Web Gateway is running as a proxy under TCP or the SOCKS protocol. |
Other
| Reference | Description |
|---|---|
| WP-3247 | The mcelog service will only be enabled on physical appliances now and will remain disabled on virtual appliances. |
Resolved issues in 11.0
This release resolves known issues.
For a list of known issues that are currently unresolved, see Skyhigh Security Secure Web Gateway 11.x Known Issues (KB94979).
JIRA issue numbers are provided in the reference column.
Network communication
| Reference | Description |
|---|---|
| WP-1455 | POST commands run while HTTP tunneling is enabled do not lead to a failure of the core process on Secure Web Gateway anymore. |
| WP-3637 | When the NTLM authentication method is applied, submitting user names in the User Principal Name (UPN) format does not lead to a failure of the authentication process anymore. |
| WP-3810 | When a director node is not working as a scanner in a Proxy High Availability (Proxy HA) configuration, the proxy on Secure Web Gateway listens to other scanning nodes again. |
| WP-4073 | When using the IP Neigh network tool for troubleshooting on a Secure Web Gateway appliance with an HTML-based user interface, bindings between protocol and link layer addresses are displayed again. |
Authentication
| Reference | Description |
|---|---|
| WP-3637 | When the NTLM authentication method is applied, submitting user names in the User Principal Name (UPN) format does not lead to a failure of the authentication process anymore. |
Web filtering
| Reference | Description |
|---|---|
| WP-3072 | Only errors relating to the user interface are logged in the mwg.ui.errors log, whereas unexpected errors, such as error 143 and others, are not logged anymore. |
| WP-3658 | When uncategorized URLs are blocked, events are successfully synchronized for two Trusted Source properties, which had not worked properly before, as an unexpected event had been added. |
| WP-3663 | When running Advanced Threat Defense (ATD) to scan web traffic, a previous detection of malware can be reused, which had not worked for a zip file due to incorrectly querying md5 information. |
| WP-3751 | Upgrade packages for Secure Web Gateway can be downloaded, which had not been possible because the PGP key files inside these packages were blocked as encrypted media types. |
| WP-3811 | Requests to retrieve CRL and OSCP information about the status of certificates used for secure communication are forwarded, which had not worked in a next-hop proxy chain with two Secure Web Gateway appliances. |
| WP-3904 | Infinite loops that were created on some occasions when zip archives were scanned, causing threads to hang and resulting in problems with high CPU and memory load, do no longer occur. |
Vulnerabilities
| Reference | Description |
|---|---|
|
WP-3468, WP-3580, WP-3656, WP-3765, WP-3792, WP-3806, WP-3815, WP-3878, WP-3882, WP-3934, WP-3935, WP-3936, WP-3999, WP-4003, WP-4021, WP-4058, WP-4067, WP-4203 |
This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers. The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:
For more information about these CVEs and their impact, see the Red Hat CVE portal. |
Other
| Reference | Description |
|---|---|
| WP-2686 | Documents containing Austrian IBAN numbers are detected with the Data Loss Protection (DLP) functions on Secure Web Gateway even if spaces between number groups are omitted. |
| WP-3951 | An issue that caused the core process on a Point-of-Presence (PoP) for Secure Web Gateway to fail has been resolved. |
| WP-3998 | An issue that caused the core process on Secure Web Gateway running as a node in a cluster to fail has been resolved. |
| WP-4010 | The latest KVM build for the Oracle Cloud Infrastructure (OCI) that Secure Web Gateway runs with can be downloaded again. |
| WP-4022 | The rsyslog daemon had kept the /var/log/haproxy/ haproxy-info_1.log file open until all disk space had been filled up on a Secure Web Gateway appliance. This has been fixed now and log rotation works fine again. |
| WP-4043 | Admins can log on to the Secure Web Gateway user interface again from external accounts. |
Skyhigh Client Proxy
Resolved issues in 4.4.0
| Reference | Issue Description |
|---|---|
| MCP-4539 | Entering incorrect release code no longer crashes the Client Proxy console. (Mac only) |
| MCP-4730 | The connection to private applications based on the RDP protocol failed when configured by using the IP address. This issue is now resolved. (Windows only) |
| MCP-4809 | After rebooting the system, Client Proxy now displays the policy name in the System information header correctly. |
| MCP-4893 | Client Proxy on-premise extension now saves the changes made to the policy and generates the revision ID correctly. |
| MCP-4916 | Client Proxy now redirects the traffic and automatically loads the system extensions. (Mac only) |
| MCP-4917 | Client Proxy lost network connectivity after updating the macOS. This issue is now resolved. |
| MCP-4918, MCP-4919, MCP-4920 | Client Proxy now instantly connects to the proxy server after rebooting the system. (Mac only) |