Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 8.2.x Release Notes

What's new in the 8.2 release

Releases can introduce new features and enhancements or update platform support.

Installation of Secure Web Gateway on Azure

Secure Web Gateway can be installed as a virtual machine on a Microsoft Azure platform. This installation mode is offered in addition to an already existing option to install Secure Web Gateway on Azure with Hyper-V.

The installation can be performed:

  • Using the Azure command line interface (CLI)
  • Using a script that skyhigh security provides
Support of TLS 1.3

TLS (Transport Layer Security) 1.3 can be configured as the protocol version for Secure Web Gateway modules that perform SSL (Security Sockets Layer) scanning.

The modules follow this protocol when handling web traffic under HTTPS (Hyper-Text Transfer Protocol — Secure).

Note: Zero RTT and post-handshake authentication are not supported.

Enhanced authentication methods

Methods for authenticating users have been enhanced by implementing new options.

  • The RADIUS authentication method can be applied when users log on to Secure Web Gateway remotely with SSH or run sudo commands in an unprivileged mode.
    A PAM (pluggable authentication module) device can be installed to enforce this authentication method.
  • Authentication between Secure Web Gateway and Skyhigh Security Client Proxy (Client Proxy) can be performed in an enhanced mode.
Enlarged range of configuration

The range of configuring Secure Web Gateway has been enlarged by adding more settings options.

  • A size limit for uncompressed data and a maximum compression rate can be set for the Composite Opener. This module extracts archived and compressed data to make them available for scanning and filtering measures.
  • A new setting is provided for specifying a port on a Skyhigh Security® ePolicy Orchestrator® (Skyhigh Security® ePO™) server. Secure Web Gateway connects to this server in order to enable DXL (Data Exchange Layer) messaging.
MFEND kernel module replaced

The MFEND kernel module has been replaced with a new solution.

The replacement impacts the operation of network modes for Secure Web Gateway, including Proxy HA (High Availability) and the transparent modes.

The Transparent Bridge mode is not available in these product versions:

  • Secure Web Gateway 8.2
  • Secure Web Gateway 8.2.1

It is again available in Secure Web Gateway 8.2.2 and subsequent versions.

Note: Migration to the new solution cannot be performed unattended.
For more information, see KB91848.

No FIPS certification

The product is no longer certified to comply with FIPS regulations. Secure Web Gateway 7.8.2 is the latest product version that is FIPS-certified.

Resolved issues in update 8.2.29

This release resolves known issue.

For a list of currently unresolved known issues, see Secure Web Gateway 8.x Known Issues (KB90960).

NOTE: Secure Web Gateway 8.2.29 is provided as a main release and archived.         

For upgrade information, see the Upgrading to a new version provided as a main release section of the Secure Web Gateway Installation Guide. 

The JIRA issue number is provided in the reference column.

Others
Reference Description
WP-4465 Tomcat has been upgraded from version 7.x to version 9.x

Announced Vulnerabilities  

Reference Description

WP-3750

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2022-23307, 
    CVE-2022-23305,
    CVE-2022-23302 

For more information about these CVEs and their impact, see the Red Hat CVE portal.

 

Resolved issues and a change in update 8.2.28

This release resolves issues.

For a list of currently unresolved known issues, see Secure Web Gateway 8.x Known Issues (KB90960).

NOTE: Secure Web Gateway 8.2.28 is provided as a main release and archived.         

For upgrade information, see the Upgrading to a new version provided as a main release section of the Secure Web Gateway Installation Guide. 

Changed    

The Web Hybrid Legacy settings are no longer available for configuring an appliance system.

Resolved issues   

JIRA issue numbers are provided in the reference column.

Web filtering and logging     
Reference Resolution
WP-4156  Invalid logon error "Session restricted to another IP" has been fixed. 
Vulnerabilities  
Reference Resolution

WP-4731, WP-4762, 
WP-4781

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2022-2310 - For Impact details, see Security Bulletin SB10384. 
  • CVE-2022-34914 -  There is a critical impact.Immediate upgrade is strongly recommended. 
  • CVE-2022-2097 - There is a Low impact, since vulnerability only affects 32bit implementation and does not affect TLS.

For more information about these CVEs and their impact, see the Red Hat CVE portal.

Resolved issues in update 8.2.27

This release resolves known issue.

For a list of currently unresolved known issues, see Secure Web Gateway 8.x Known Issues (KB90960).

NOTE: Secure Web Gateway 8.2.27 is provided as a main release and archived.         

For upgrade information, see the Upgrading to a new version provided as a main release section of the Secure Web Gateway Installation Guide. 

The JIRA issue number is provided in the reference column.

Vulnerabilities  
Reference Resolution

WP-4432, WP-4454, WP-4591

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2022-23990
  • CVE-2022-23852
  • CVE-2022-45960
  • CVE-2022-22822
  • CVE-2022-22823
  • CVE-2022-22824
  • CVE-2022-22825
  • CVE-2021-46143
  • CVE-2022-22826
  • CVE-2022-22827
  • CVE-2022-25236
  • CVE-2022-25235
  • CVE-2022-25315
  • CVE-2022-1254
  • CVE-2018-25032

For more information about these CVEs and their impact, see the Red Hat CVE portal.

  • Was this article helpful?