Secure Gateway Change Log

Features

• Upgrade Node.js to 18.20.3
• Resolve potential vulnerabilities

Features

• Upgrade Node.js to 18.20.2
• Resolve potential vulnerabilities

Features

• Upgrade Node.js to 18.19.1
• Resolve potential vulnerabilities

Features

• Upgrade Node.js to 18.18.2
• Resolve potential vulnerabilities

Features

• Upgrade Node.js to 16.20.1
• Resolve potential vulnerabilities
• Resolve unexpected issue when using proxy option

Features

• Upgrade Node.js to 16.19.1
• Resolve potential vulnerabilities
• Enhance logging related to gateway connection
• Fix error related to gateway connection in different region

Features

• Upgrade Node.js to 14.20.1
• Resolve potential vulnerabilities

Features

• Upgrade Node.js to 14.20.0
• Resolve potential vulnerabilities

Features

• Upgrade Node.js to 14.19.1
• Resolve potential vulnerabilities
• Fix connection error in slow network

Features

• Upgrade Node.js to 12.22.7
• Resolve potential vulnerabilities

Features

• Upgrade Node.js to 12.22.2
• Resolve potential vulnerabilities

Features

• Upgrade Node.js to 12.21.0
• Resolve potential vulnerabilities

Fixes

• Resolve unexpected error when there is network latency between SG client and SG server
• Resolve error when using RPM installer with upgrade operation
• Enhance the handling when both side close the connection in the same time

Fixes

• Resolve potential vulnerabilities
• Resolve unexpected websocket fatal error
• Resolve error when update destination too frequently
• Resolve incorrect UI version info
• Resolve DataPower SG client unexpected restart issue
• Enhance concurrent connection limit counting and logging
• Resolved incorrect UI version info

Breaking changes

TLS 1.0 and TLS 1.1 is disabled since this version, connections which use TLS 1.0 and TLS 1.1 will get SSL error.

Fixes

• Resolve the error when starting the Secure Gateway Client UI in Windows version

Features and Fixes

• Upgrade Node.js to 10.19.0
• Resolve the error when starting the Secure Gateway Client as Windows service

Features

• Upgrade Node.js to 10.17.0
• Node modules vulnerabilities fix
• Resolve the Node.js conflict on Windows installer
• Add proxy option to the installer for npm module installation

Breaking changes

Please be aware the breaking changes for the Node.js version upgrade, for example, the OpenSSL is upgraded to 1.1.1d because of Node.js upgrade which might cause some breaking changes on the TLS connections since the security policy is stricter than before, customer will get error when enable Reject unauthorized and connect to the endpoint which using cert/key which generate with insecure algorithm.

Features

• Support the toggle rejectUnauthorized for Resource Authentication

Features and Fixes

• Resolve error when sending the large data with HTTP/HTTPS request to on-cloud destiantion
• Resolve data truncated issue when sending data to on-perm destination
• Resolve the docker version Secure Gateway Client UI issue

Features and Fixes

• Resolve Windows installer vulnerability for Secure Gateway Client UI Password
• Resolve unexpected behaviour when configure Secure Gateway Client UI port and password
• Resolve the error when generating logs
• Add the startup option to define the reconnect attempts
• Add addtional startup option field to the auto-start config
• Add proxy support for the gateway authentication request to port 443

Breaking changes

For Windows installer, the old Secure Gateway Client UI Password configuration cannot be reused since this release. Please remove the UI Password configuration before you reuse the old config file during installation.

Fixes

• Resolve Secure Gateway Client UI vulnerability
• Resolve resource auth vulnerability
• Enhance the handling when both side close the connection in the same time
• Resolve collapsed resource when the on-prem destination connection close too fast

Breaking changes

You might get certificate error when the Secure Gateway Client is sending connection to the endpoint since this release, to fix the vulnerabilities, we start to check whether the certificate of the endpoint is authorized with the list of supplied CAs.

To fix the error, you can upload the CAs to the resource authentication such that the Secure Gateway Client can trust it, or you can upgrade the Secure Gateway Client to v1.8.4 or later, then disable the Reject unauthorized in the resource authentication.

Fixes

• Upgrade Node.js to 8.15.1
• Resolve undefined environment info in Deutsch
• Resolve the incorrect concurrent connection limit for reverse connections
• Resolve collapsed connections when both side end the connection in the same time

Features and Fixes

• Upgrade Node.js to 8.15.0
• Node modules vulnerabilities fix

Breaking changes

The system requirement is changed since this release. For more information, see System Requirements

Features and Fixes

• Resolve regular connections hanging issue when closing
• Uew new path for gateway authentication (Click here for more info)
• Use new mechanism for log generating (Log translation enhance)

Breaking changes

The network requirement is changed since this release. For more information, see Network Requirements

Fixes

• Separate the ConnIndicies for reverse and regular destination
• Accessibility enhancements on client UI.
• Resolve unexpected behaviour when set UI password on command line.
• Resolve unexpected crash when UI closed

Fixes

• Enhance the logs
• Add the data size checking when transmitted data

Fixes

• Added the TRACE level log for transmitted data
• Add Error level log when reverse dest hit concurrent limit
• Resolve the undefined Secure Gateway Client fixpack info in gateway panel

Fixes

• Enhance the logs
• Resolve unexpected behaviour in docker version

Fixes

• Resolve the corrupted header
• Enhance the error log

Fixes

• Resolve ACL configuration issue

Fixes

• Resolve the truncated message
• Resolve the hang connection
• Add option to define timeout on destination

Fixes

• Resolve issue when the connection closed by the cloud side
• Resolve issue related to the host header

Fixes

• Resolve Docker version Secure Gateway Client UI issue
• Enhance error log when error occur on server side
• Resolve connection issue between Secure Gateway Client and Secure Gateway Server

Features

• Performance improvement
• Add Secure Gateway Client reconnect logic

Features

• Resolve Secure Gateway Client UI vulnerability
• Resolve issue related to UDP connections
• Resolve issue related to quality test
• Refactor log generater
• Add the startup option to define the proxy for the 9000 ws connection
• Fixes EADDRINUSE error caused by listeners that do not execute a teardown appropriately when a destination is deleted.
• Resolve issue where service instances bound to an application could not be deleted.

Features

• Introduces new service plans: Essentials, Professional, and Enterprise.
• The Secure Gateway Client now supports SOCKS proxy between itself and the on-prem destination.

Fixes

• Resolve issue where disconnecting multiple clients results in orphaned processes in the connected clients array.
• Now cleans up orphaned connections that resulted in incorrecty paused listeners.

Features

• Access Control List now supports specific path routing for HTTP/S requests.
• Destinations now support Server Name Indicators for TLS connections.

Features

• Destination wizard added for destination creation.
• Gateways now support uploading a custom cert/key pair.
• Services are now limited to 50 gateways and 50 destinations per gateway.
• Destinations/Gateways/Services can now be exported/imported.
• Latency tests between client and server capable of being executed from Secure Gateway UI.
• Cleans up orphaned tunnel processes on network disconnect.
• Resolve duplicate port allocation caused by failed destination deletion.
• Resolve HTTP/S issue with non-UTF8 encoding.
• Resolve missing IPC handlers on replacement processes.

Features

• Client now has a local interactive UI.
• UDP connections are now supported.
• Memory footprint of the client has been drastically reduced.
• Single client mode is no longer supported; multi-client will be default and transparent to a single-gateway client.
• Access Control List synchronizes between clients connected to the same gateway.

Features

• Clients are now assigned an ID when connecting to the SG server.
• Clients are now terminated remotely via API or the Secure Gateway UI.
• The connected status of a client can be checked via API.
• Destination-side TLS now supports Mutual Authentication.
• Cloud destinations now support Mutual Authentication protocols.