Airlock Microgateway Changelog 3.1

Airlock Microgateway 3.1.9

SEC: AM-1343 Update base image and Java (CVE-2022-28391, CVE-2022-1271)
FIX: AM-1322 Corrected behavior when configuring custom allow rules

Airlock Microgateway 3.1.8

SEC: AP-32416 Deny rule update to mitigate Spring4Shell (CVE-2022-22963, CVE-2022-22965)
UPD: AM-1269 Update Spring Framework to 5.3.18 and Spring Boot to 2.6.6
UPD: AP-32418 Update to zlib 1.2.12 

Airlock Microgateway 3.1.7

UPD: AM-1208 Update base image and Java (CVE-2022-0778, CVE-2020-36518)

Airlock Microgateway 3.1.6

UPD: AM-1134 Update to OpenSSL 1.1.1n (CVE-2022-0778)

Airlock Microgateway 3.1.5

UPD: AM-1110 Update package expat

Airlock Microgateway 3.1.4

UPD: AM-1086 Update base image

Airlock Microgateway 3.1.3

NEW: AP-32037 For one-shot requests, send original URL in location parameter (CASE-32507)
NEW: AP-32038 Apply deny rules to URLs embedded in parameters (CASE-32507)
UPD: AM-1039 Update to log4j 2.17.1
UPD: AP-31710 Update to libcurl 7.81.0
UPD: AP-31722 Update to PCRE2 10.39
FIX: AP-32068 Omit false positives in template injection deny rules
FIX: AP-31948 Don't truncate request IDs on error pages (CASE-32410)

Airlock Microgateway 3.1.2

SEC: AM-1030 Component updates for Log4Shell mitigation (CVE-2021-44228)

Airlock Microgateway 3.1.1

SEC: AM-1025 Component updates for Log4Shell mitigation (CVE-2021-44228)
SEC: AM-1026 Improve scope and performance of template injection rules (CVE-2021-44228)

Airlock Microgateway 3.1.0

SEC: AM-1017 Log4Shell mitigation (CVE-2021-44228)
NEW: AM-943 Smaller image based on Alpine
NEW: AM-946 Additional image tags in Dockerhub repo for latest version
NEW: AM-992 Helm Chart option: Deploy Ingress with a default hostname
NEW: AM-54  DSL extension: Start Microgateway with an empty config
NEW: AM-614 DSL extension: HTTP parameter pollution
NEW: AM-869 DSL extension: entry_path regex 
FIX: AM-977 Set default session.idle_timeout to 600 seconds