Resolved issues

The current release of the product resolves these issues.

Bugzilla numbers are provided in parentheses.

Network communication

  • Static routes could not be set up for VLAN interfaces on Web Gateway, as the configuration menu only showed eth interfaces for selection. (1260072)

Cluster nodes

  • When performing an upgrade on a Web Gateway appliance that was running as a node in a hybrid cluster, the repository could not be set to main using the mwg-switch-repo main command. (1259880)
  • Some Web Gateway appliances that were running as nodes in a cluster could not be added back to the cluster after the appliance software had been updated because the sysconf daemon had not been restarted after the upgrade. (1260529)

Authentication

  • Authentication failed on Web Gateway, as the domain controller had been configured to impose a timeout on SMB2 connections. (1260361)
  • The core process on Web Gateway failed with term signal 11, as a decoding element was missing when a particular authentication method was applied. (1261802)

File and archive handling

  • Text in a PDF file was not detected when using the DLP.Dictionary.BodyText.Match property in a rule for data loss prevention, which would otherwise have blocked a download of the file. (1257502)
  • An executable file that was encrypted and attached to a PDF file was not detected when using the Body.IsEncrypted property in a rule, as the encryption did not result from use of a password, but from access restrictions. (1259143)
  • When a request for scanning an archive was processed, an error message was logged, stating that no archive subelement name was available. This happened when the malware probability had been set to zero, but scanning was still applied twice and an archive subelement was expected for the second scanning. (1260815)
  • When a file with a size of 4.5 GB was downloaded on Web Gateway, only 400 MB were actually made available to the user who had requested the download. This was due to an error in encoding, which occurred when files larger than 4 GB were involved and file compression had been configured. (1261175)
  • When the RPM opener on Web Gateway was involved in downloading and scanning an archive file, embedded object handling was not triggered, as the opener assumed that no body followed after the response header, relying on the result of processing yet another property after some initial file handling activities had been completed by the opener. (1261972)

Web filtering

  • Streaming media could not be scanned for malware, as the rule event that enabled the scanning did not provide settings for the Gateway Anti-Malware (GAM) 2017 engine. Default settings were therefore used, which did not include enabling the required scanning mode, and URL Filter settings that would have provided a workaround by performing GTI lookups had not been enabled for performance reasons. (1258067)

Vulnerabilities

  • Web Gateway was affected by the CVE-2018-11784 vulnerability, which was caused by an Apache Tomcat redirection issue. After a suitable fix has been implemented, Web Gateway is not affected anymore. (1257641).
  • Web Gateway was affected by the CVE-2018-7170 and CVE-2018-12328 vulnerabilities, which were related to a misuse of a private key and a buffer overflow when working with NTP. After suitable fixes have been implemented, Web Gateway is not affected anymore. (1260744)
  • Web Gateway was affected by the CVE-2019-3581 vulnerability, which was due to improper input validation that allowed remote attackers to bring about a denial of service using a crafted HTTP request parameter. After a suitable fix has been implemented, Web Gateway is not affected anymore. (1263255)

Other

  • The DateTime.ISOString.FromEpoch property accepted non-integer values, which were processed, however, to return the current date for any such value. (1261620)