Airlock Microgateway 3.1.9
SEC: AM-1343 Update base image and Java (CVE-2022-28391, CVE-2022-1271) FIX: AM-1322 Corrected behavior when configuring custom allow rules
Airlock Microgateway 3.1.8
SEC: AP-32416 Deny rule update to mitigate Spring4Shell (CVE-2022-22963, CVE-2022-22965) UPD: AM-1269 Update Spring Framework to 5.3.18 and Spring Boot to 2.6.6 UPD: AP-32418 Update to zlib 1.2.12
Airlock Microgateway 3.1.7
UPD: AM-1208 Update base image and Java (CVE-2022-0778, CVE-2020-36518)
Airlock Microgateway 3.1.6
UPD: AM-1134 Update to OpenSSL 1.1.1n (CVE-2022-0778)
Airlock Microgateway 3.1.5
UPD: AM-1110 Update package expat
Airlock Microgateway 3.1.4
UPD: AM-1086 Update base image
Airlock Microgateway 3.1.3
NEW: AP-32037 For one-shot requests, send original URL in location parameter (CASE-32507) NEW: AP-32038 Apply deny rules to URLs embedded in parameters (CASE-32507) UPD: AM-1039 Update to log4j 2.17.1 UPD: AP-31710 Update to libcurl 7.81.0 UPD: AP-31722 Update to PCRE2 10.39 FIX: AP-32068 Omit false positives in template injection deny rules FIX: AP-31948 Don't truncate request IDs on error pages (CASE-32410)
Airlock Microgateway 3.1.2
SEC: AM-1030 Component updates for Log4Shell mitigation (CVE-2021-44228)
Airlock Microgateway 3.1.1
SEC: AM-1025 Component updates for Log4Shell mitigation (CVE-2021-44228) SEC: AM-1026 Improve scope and performance of template injection rules (CVE-2021-44228)
Airlock Microgateway 3.1.0
SEC: AM-1017 Log4Shell mitigation (CVE-2021-44228) NEW: AM-943 Smaller image based on Alpine NEW: AM-946 Additional image tags in Dockerhub repo for latest version NEW: AM-992 Helm Chart option: Deploy Ingress with a default hostname NEW: AM-54 DSL extension: Start Microgateway with an empty config NEW: AM-614 DSL extension: HTTP parameter pollution NEW: AM-869 DSL extension: entry_path regex FIX: AM-977 Set default session.idle_timeout to 600 seconds