SG 4 Update #20 – WeChat, HTTPS web server upgrade, enhanced security
This update adds the following enhancements:
- New wechat social network authentication
- HTTPS web server upgrade for enhanced security
-
- Disable TLS 1.0 for PCI compliance
- Note: TLS 1.0 shall be re-enabled in a subsequent update in order to fix the issue of Account Printer AP 2100 not connecting to the gateway.
- Disable TLS 1.0 for PCI compliance
-
- Address the following security vulnerabilities:
-
-
- CVE-2015-1993 (Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute)
- CVE-2015-4000 (Man-in-the-middle attack to downgrade vulnerable TLS connections to 512-bit export-grade cryptography aka Logjam)
-
- Enhanced security with additional system hardening
- Enhanced walled garden support for HTTPS domains without having to specify their IP addresses, especially for those served by content delivery networks
- Note: pre-update ‘HTTPS Domains’ settings will now be under the ‘Proxy Domains’ tab
- Documentation update
- API and CLI manuals
- Contextual help for event manager
- API upgrade
- social_embed to support 3 sizes of social media login icons
- Gateway’s default SSL certificate expiry extended to April 7, 2021
This update fixes the following bugs:
- With external success/error URL configured, successful PMS VIP login results in standard success/error page rather than the configured external link
- Invalid DHCP vendor-encapsulated-options value may cause downstream clients to fail to get IP address
- Some settings are not backed up:
- Lawful Intercept
- DHCP VLAN scope
Note: the gateway will automatically reboot upon successful patching.