WebMarshal 7.3 Release Notes

Last Revision: June 19, 2019

These notes are additional to the WebMarshal User Guide and supersede information supplied in that Guide.

The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q21074.

New Features
System Requirements
Upgrade Instructions
Uninstalling
Release History

New Features

For more information about additional minor features and bug fixes, see the release history.

Features New in 7.3.1

Improved Performance and Scalability: Default settings are updated to take advantage of the performance gains available with 64 bit systems. Enhanced threading also improves performance.

Features New in 7.3

Supports TLS 1.3: WebMarshal client and server connections and rules support TLS 1.3.

Features New in 7.2

Header Rewrite: WebMarshal allows you to add or update one or more request headers with a Standard Rule action.
WebSockets Content Inspection: WebMarshal allows you to inspect content in a WebSockets connection.

Features New in 7.1

Google Safe Browsing support: WebMarshal implements Safe Browsing as a scan engine (similar to TRACEnet).
WebSockets support: WebMarshal supports proxying of the WebSockets protocol with Connection Rules. Inspection of WebSockets content is not available in this version.
Additional Categories in Trustwave Web Filter Database: The WFDB now includes additional categories "Downloads", "Violence", and "Translation Services".
Additional Wildcards in FileFilter: FileFilter now accepts the * wildcard at the beginning and/or end of the domain part, in addition to the previous stemming behavior.
SSL Improvements: WebMarshal supports Elliptic Curve key exchange and enforces the strongest available cipher for SSL connections from clients.

Features New in 7.0

Native 64-Bit Architecture: All services are now compiled as 64-bit applications. Malware scanner plug-ins are also provided in 64-bit versions.
Full IPv6 Support: IPv6 addresses can be used in all product settings and filtering.

Enhancements to file typing and unpacking: The file type and unpacking functions have been extended. The functionality can be updated automatically.
Enhancements to TextCensor: TextCensor now supports regular expressions.
Enhancements to URL Categories: URLs in categories and FileFilter can now match on querystring text

Features New in 6.12

Large Address Aware: The Engine, Controller, and Array Manager are now able to access up to 4GB of memory on a 64 bit system. Performance enhancement is expected (assuming adequate memory is available).
Supports Bitdefender for Marshal: The Bitdefender for Marshal malware scanner is included in the product installer and supported by the automatically generated trial key.
URL Category Entries for Individual Files: WebMarshal URL Categories and FileFilter entries can now include a specific file name as well as a folder path.
Supports checking of certificate revocation: WebMarshal HTTPS rules can now validate the revocation status of the certificate presented by a web server. For more information, see Trustwave Knowledge Base article Q20605.

Supports use of SQL Server 2014 and SQL Express 2014 for database logging: WebMarshal has been validated with these database engines.

Features New in 6.11

Supports TLS 1.1 and TLS 1.2: When HTTPS Content Inspection is enabled, these versions of TLS are used to negotiate connections by default, and can be selected in rule conditions.
SSLv2 and SSLv3 outbound connections blocked by default: When HTTPS Content Inspection is enabled, connections that use these versions of SSL protocol are blocked by default regardless of rule conditions. To configure the list of SSL and TLS protocols that will be negotiated and allowed, see Trustwave Knowledge Base article Q20067.
Optional unpacking limits: A new setting allows you to bypass unpacking for files larger than a specified size in specified URL categories.

Earlier Feature Enhancements

To review earlier feature enhancement history, see the release notes for earlier WebMarshal versions, available through the Trustwave Knowledge Base.

System Requirements

Hardware required is dependent on the number of concurrent web users and the rules in use. Use of Filtering Lists improves performance. Heavy use of TextCensor decreases performance. Be prepared to adjust specification as required.

Typically a computer with the following specifications is adequate as a processing server for 250-500 concurrent users.

Dual core processor, 2GHz or better. Use of HTTPS Content Inspection significantly increases CPU usage (due to encryption and decryption load).
20 GB free disk space. 30 GB additional free space required for Proxy Caching with the default settings. (Additional disk required for Filtering Lists and text logging.)
3 GB RAM available for this application. If CRL Checking is enabled, up to 500MB may be consumed on each processing node for cached CRL information. See also the upgrade note on proxy threads for 6.9.5.

WebMarshal Array Manager, processing servers, and Console require the following software:

Windows Server 2019
Windows Server 2016
Windows Server 2012 or 2012 R2
Windows Server 2008 R2 with Service Pack 1
Windows 10
Windows 8.1
Windows 7 SP1 and above.

Note: Install Windows using the English language version.

Utility prerequisites:
- Microsoft Visual C++ 2015 runtime
- Microsoft .NET 4.6.2
  - Note: The above software will be installed as part of the WebMarshal installation if necessary. Installation of .NET 4.6.2 may require a restart. If your WebMarshal policy blocks download of executable files, the automatic installation of .NET 4.6.2 will fail on any server where Internet Explorer proxy settings point to WebMarshal. You must make a temporary exception or install .NET 4.6.2 in another way.
For database logging (optional), SQL Server 2016 or 2016 Express, SQL Server 2014 or 2014 Express (SP1 or above), SQL Server 2012 or 2012 Express (SP3 or above), SQL Server 2008 R2 or 2008 R2 Express (SP3 or above).
- A WebMarshal installation package that includes SQL 2014 Express SP1 is available. If no local installation of SQL is found, this package will offer to install SQL Express locally with appropriate options (Named Pipes and TCP/IP enabled).
- SQL Server or SQL Express requires Windows Installer 4.5 and .NET 4.6.
For NDS integration, Novell NDS Client 2.

Upgrade Instructions

Upgrade from 7.X is a standard in-place upgrade. Upgrade/migration from 6.X uninstalls the 32-bit software and installs the 64-bit software.

To upgrade from a WebMarshal 6.11 or later release, run the product installer on each server where WebMarshal components are installed (including the Array Manager, and any additional processing node servers and Console installations).

To upgrade from versions prior to 6.11, you must first upgrade to at least 6.11.0.

Upgrade the Array Manager first and then upgrade any additional nodes. For more information, see Trustwave Knowledge Base article Q13031.
It is best practice to back up your WebMarshal configuration before upgrading.
If you are logging data to a SQL database, the database must be upgraded. If necessary, the installer will prompt for credentials of a database user with permission to upgrade the database (database owner privilege). If the database is not upgraded, database logging will be disabled until you upgrade the database and re-enable logging. For more information and instructions, see Trustwave Knowledge Base article Q12030.
Be sure to upgrade any WebMarshal Console installations on other workstations.

See the upgrade notes below for version-specific information. For upgrade notes relating to versions prior to 6.11, please see earlier Release Note documents available through the Trustwave Knowledge Base.

Upgrade Notes

Version 7.2 Google Safe Browsing API Key: In version 7.2 and above, you must enter a Google API Key to use the Google Safe Browsing integration. On upgrade, Google Safe Browsing will not be applied until you enter a key. For more information see Trustwave Knowledge Base article Q21059.
Version 7.1.0 Trustwave Web Filter Database Categories: After upgrade, if you use the Trustwave WFDB, you should add the WFDB categories "Downloads", "Violence", and "Translation Services" to related WebMarshal URL Categories. The new WFDB categories will be populated at the next update of the database.
Version 7.0.1 Proxy Cache: Upgrade/migration from 6.X clears the Proxy Cache if it is located within the WebMarshal install folder. If you want to retain the content of the Proxy Cache, before upgrading ensure the cache is in a custom location outside the install folder. For information about how to update the location and move existing cache files, see the User Guide.
Version 7.0 64-bit Installation: Upgrade/migration from 6.X uninstalls the 32-bit software and installs the 64-bit software in the new default location (or a location you select).
- The configuration files are moved to the new location. All configuration settings are preserved.
- Malware/Virus scanners must be manually installed. 64-bit versions of all "for marshal" virus scanners are available.
  - You must manually install the 64-bit scanners on each processing node and complete the engine and signature updates before starting the new WebMarshal engine.
  - If no other 32-bit products are using the scanners (Trustwave SEG or Trustwave ECM), you can uninstall the 32-bit scanner packages.
  - At this release, the Symantec and SAVI (Sophos) scanners are not supported, as 64-bit interfaces are not currently available. Trustwave will support these scanners if the manufacturers provide the appropriate interfaces. Note that Sophos for Marshal is available and can be used as an alternative to SAVI. Sophos for Marshal can be provided for the term of your SAVI license at no additional cost. To license Sophos for Marshal, contact Trustwave.
Version 7.0 TextCensor upgrade: Version 7.0 implements a new TextCensor with slightly changed functionality. See the User Guide for details of the features and matching behavior. In rare cases the small changes in matching behavior could affect the sensitivity of scripts triggering.
- The upgrade process checks existing scripts for compatibility with the new engine. If any scripts are incompatible, you should update them manually before proceeding. If you choose to ignore errors, upgrade will continue but the Engine will not start until errors are resolved.
Version 7.0 .NET 4.6.2 installation: If your WebMarshal policy blocks download of executable files, the automatic installation of .NET 4.6.2 will fail on any server where Internet Explorer proxy settings point to WebMarshal. You must make a temporary exception or install .NET 4.6.2 in another way.
Version 7.0 URL Filtering Lists Removed: MarshalFilter and Secure Computing SmartFilter are not available in this release.
- You MUST remove any references to these items in configuration before upgrading. Services will not start if any references remain.
- For URL filtering, use the Trustwave Web Filter Database (formerly known as M86 Filter List).
Version 6.12 Malware Scanners Removed: The Pest Patrol and CounterSpy scanners are not present in this release. These scanners are no longer available for licensing. Ensure that you remove any references in configuration before upgrading. Spyware protection is provided by the available malware scanners.
Version 6.12 SSL/TLS versions: SSLv2 is no longer supported and all configuration for this obsolete protocol version is removed from WebMarshal. When HTTPS inspection is enabled, Trustwave recommends you use the rule condition "Where SSL/TLS could not be negotiated" to block any attempt to connect with SSLv2. A rule to block connections "Where SSL/TLS could not be negotiated" is created and enabled on upgrade.
Version 6.11.0 TLS/SSL negotiation: Best practice is to block use of SSLv2 and SSLv3, which are considered deprecated and insecure protocols. By default, if HTTPS Content Inspection is enabled, WebMarshal attempts to block use of these protocols for all connections from browsers and to websites. Depending on the web browser version, users could see a WebMarshal block page or a "could not connect" message from the browser.
- SSLv2 might not be correctly negotiated with websites in some cases (this is a pre-existing behavior). To ensure that any websites that use only SSLv2 are controlled, create a HTTPS rule to block connections where SSL could not be negotiated. A rule to cover this case is enabled by default for new installations of 6.11, but cannot be created on upgrade.
- For more information, see Trustwave Knowledge Base article Q20067.

For upgrade notes relating to versions prior to 6.11, please see earlier Release Note documents available on the Trustwave website.

Uninstalling

WebMarshal can be installed in a variety of scenarios. For full information on uninstalling WebMarshal from a production environment, see the WebMarshal User Guide.

To uninstall a trial installation on a single computer:

Close the WebMarshal applications including the Console and Reports on all workstations.
On the WebMarshal server(s), use the Windows Add/Remove Programs control panel to remove WebMarshal.
If you selected a location outside the WebMarshal install folder for files created by WebMarshal (such as Proxy Cache or Configuration Backup), the uninstallation will not remove the files. Delete these files manually if required.
On any other workstations where WebMarshal components were installed, use the Windows Add/Remove Programs control panel to remove them. These components can include WebMarshal console software and older versions of WebMarshal Reports.
You can drop the WebMarshal database from the SQL server by using the SQL Express administration tools.

Release History

The following additional items have been changed or updated in the specific build versions of WebMarshal listed.

7.3.2 (June 19, 2019)

WM-5511	In release 7.3.1 when upgraded from a previous version, the Engine could encounter failures in the Scan Engine plugins. Fixed.
WM-5518	Traffic Logging now includes the IP address of the remote server or chained proxy (in WELF format, "dst="; in W3C format, "r-ip").
WM-5519	On a very busy processing system, random file generation for temporary files could fail. Fixed: more attempts and a longer file name format are used.

7.3.1 (May 14, 2019)

WM-5500

Filtering performance and scalability is significantly improved with an update to the Controller and new default settings.

7.3.0 (January 29, 2019)

WM-5477

WebMarshal supports TLS 1.3.

7.2.0 (December 18, 2018)

WM-5207	The WebMarshal HTTPS certificate was not saved when HTTPS inspection was not enabled. Fixed.
WM-5348	On upgrade WebMarshal replaces the TextCensor DLL with the copy from the install package.
WM-5357	Checking of OCSP stapled validity replies did not check the expiry time. Fixed.
WM-5360	Traffic Logging now includes the Bytes Sent (in WELF format, "Sent="; in W3C format, "cs-bytes").
WM-5365	File paths longer than 255 characters were not correctly decoded in some cases. Fixed.
WM-5375	In release 7.1.0, the Engine could fail to start after upgrade if the default URL category "[Exclude from HTTPS inspection]" did not exist. Fixed.
WM-5379	Logging of missing policy elements in the configuration file is improved.
WM-5401	The version of TextCensor that is included in the installation has been updated for improved reliability and performance. Features are not changed.
WM-5417	The version of the PDF unpacking library that is included in the installation has been updated.
WM-5418	Some third party modules did not correctly handle files when the file name ended with a space or fullstop. Fixed.
WM-5455	Matching of SAN entries in certificates was case sensitive, causing validation failure in rare cases. Fixed.
WM-5458	The warning message "Token position data not available" has been removed from TextCensor test results and log entries. This event does not affect TextCensor results.
WM-5473	In earlier 7.X releases, installation of the Visual C++ 2015 runtime returned an error if Visual C++ 2017 was already installed. Fixed: Visual C++ 2017 is recognized as a valid runtime version.

7.1.0 (June 20, 2018)

WM-3758	In the Server Tool, stopping or restarting the Proxy service affected all services. Fixed.
WM-4978	SSL certificate checking could incorrectly cache session state when sites shared an IP address and port using SNI. Fixed.
WM-5007	Caching failed to create folders for top level domains shorter than three characters. Fixed.
WM-5105	SSL negotiation was not retried where SSL could not be negotiated due to timeouts. Fixed.
WM-5195	The Proxy service could stop responding if Proxy Cache log files could not be created. Fixed.
WM-5215	Trustwave domains are added to the default Business Related URL category on new installations.
WM-5234	Computer accounts can be imported from Active Directory. For details of the setting to enable this functionality, see Trustwave Knowledgebase article Q20103.
WM-5248	Requesting URLCensor categorization of URLs over 256 characters in length returned an error. Fixed.
WM-5302	Proxy thread cleanup logic has been improved.
WM-5304	Obsolete server certificate keys have been removed from the installation.
WM-5316	A new default rule is created to exclude URLs in the "[Exclude from HTTPS inspection]" category from HTTPS inspection.
WM-5338	WebMarshal can use the MSOLEDBSQL database driver to allow connection to SQL servers that require TLSv1.2 connections. For more information, see Trustwave Knowledge Base article Q21019.
WM-5339	The version of the PDF unpacking library that is included in the installation has been updated.
WM-5340	The version of the TextCensor processor that is included in the installation has been updated to improve performance. Script functionality is not changed.
WM-5341	In earlier 7.X versions, the Array Manager stopped unexpectedly when refreshing groups from the NT Connector. Fixed.
WM-5345	The archive unpacker included with WebMarshal has been updated to address known vulnerabilities.
WM-5346	WebMarshal automatic updates now include the archive unpacker.
WM-5349	WebMarshal now supports Elliptic Curve key exchange for SSL connections from clients.
WM-5351	WebMarshal now enforces the strongest available cipher for SSL connections from clients.
WM-5352	In earlier 7.X releases, it was not possible to connect to the database using a machine name or "localhost". Fixed.
WM-5355	In earlier 7.X releases, certain OCSP responses caused the Proxy to stop unexpectedly. Fixed.

7.0.2 (December 14, 2017)

WM-5237

In release 7.0.1, the Engine could hang with 100% CPU under load in specific circumstances. Fixed.

7.0.1 (December 5, 2017)

WM-5084	HTTPS rules did not log a classification when the URL was not blocked. Fixed.
WM-5193	In release 7.0.0, the installer did not show the scanner installation screen when in Modify mode. Fixed.
WM-5196	In release 7.0.0, logging did not correctly display the operating system version in some cases. Fixed.
WM-5198	The Address Resolution Preference setting was not included in configuration print output. Fixed.
WM-5199	URL matching efficiency has been improved with a change in data structures.
WM-5200	Unpacking time has been reduced significantly with improvements in communication between processes.
WM-5201	In release 7.0.0, some files published for automatic update would not be updated. Fixed.
WM-5206	In release 7.0.0, a configuration could not be restored if it included TextCensor scripts that used item references. Fixed.
WM-5210	Upgrade from version 6.X could fail when moving a large Proxy Cache within in the install folder. Fixed: the Proxy Cache is not preserved if it is within the install folder. See Upgrade Notes above.
WM-5214	In an array installation, upgraded processing servers encountered an error when attempting to rejoin the array. Fixed.

7.0.0 (November 7, 2017)

WM-4248	The Trustwave WFDB licensing information in the Array Policy was not updated when a new WebMarshal license key was entered. Fixed.
WM-4413	Active Sessions filters were saved when a user navigated away from and back to the page, but were not displayed. Fixed: filters are properly displayed.
WM-4634	The Proxy service could stop creating log files if an attempt to create a file failed. Fixed: the service will continue to attempt to create a new file.
WM-4640	When a URL in a category was renamed, wildcard syntax was not enforced. Fixed.
WM-4698	URLs in the Trustwave Web Filter Database can now be up to 65535 characters in length.
WM-4977	CRL checking performance has been enhanced with brief in-memory caching.
WM-5002	A virus scanner could not be removed if it was used in any rule, even a disabled rule. Fixed.
WM-5023	If a configuration could not be updated on a processing node because the policy folder was locked, policy could be left in an inconsistent state. Fixed.
WM-5034	URL matching logic has been updated and made consistent between FileFilter and URL Category matching.
WM-5037	WebMarshal now uses OCSP stapling to validate certificates where available.
WM-5039	The TLS/SSL library used by WebMarshal has been updated.
WM-5058	The archive unpacker included with WebMarshal has been updated to support newer decompression methods.
WM-5087	The included version of SQL Express has been updated to SQL Express 2016 SP1.
WM-5155	FileFilter now accepts files that contain a Unicode Byte Order Marker.
WM-5156	Importing a configuration during installation caused the engine to stop. Fixed.
WM-5169	Configuration updates to nodes are not longer blocked by locked files in the Templates folder.
WM-5175	The Proxy could stop if configuration changed while a https connection was being established. Fixed.
WM-5176	When a URL in a category was renamed to include a wildcard *, it could no longer be deleted. Fixed.
WM-5191	If the WebMarshal Database connection was made using a limited Windows account, FileFilter categories could not be imported to the database. Fixed.

6.12.3 (July 27, 2017)

WM-5004	User session uploading has been optimized to reduce memory usage.
WM-5104	The version of Bitdefender for Marshal bundled with WebMarshal has been updated.
WM-5147	Connections to remote sites now support GZIP and DEFLATE encoding.
WM-5151	zlib streams were not correctly handled at the end of the stream. Fixed.
WM-5152	The versions of Sophos for Marshal, Kaspersky for Marshal, and McAfee for Marshal bundled with WebMarshal have been updated. Installation copies the required DLLs from any existing "for Marshal" malware scanning installation.
WM-5154	The version of the TLS/SSL library included with the product has been updated.

6.12.2 (December 20, 2016)

WM-5008	Memory consumption for FileFilter has been reduced.
WM-5011	The proxy service could fail due to a specific issue with the C++ version used. Fixed.
WM-5022	The proxy service could fail to start after a configuration commit if the controller was processing a configuration commit and a policy update to the proxy at the same time. Fixed.
WM-5024	The unpacking limit setting (introduced in version 6.11) now allows for complete exclusion from unpacking (set by making the limit zero).
WM-5027	The proxy service could become unresponsive when checking certificates if the certificate trust chain was circular. Fixed.
WM-5030	CRL checking could cause service failures with long CRL URLs. Fixed.

6.12.1 (September 9, 2016)

WM-4968	A single version of the Regular Expression library is now used by all WebMarshal components.
WM-4980	When calls from the Proxy to the Engine timed out (usually due to under-resourced systems), the Proxy could stop unexpectedly. Fixed.
WM-4981	The version of the TLS/SSL library included with the product has been updated. This update also fixes an issue with inability to extract CRL information from some certificates with V3 extensions.
WM-4982	Tortoise SVN did not work through WebMarshal due to a violation of HTTP protocol standards in the client. WebMarshal now handles the requests.
WM-4984	In release 6.12.0, matching of URLs with a wildcard in the domain part was not correctly supported. Fixed.
WM-4985	Download of Web Filter Database files now retries individual file downloads to be more resilient to minor network issues.
WM-4986	The proxy service could fail due to a problem in the revocation check. Fixed.
WM-4987	The WebMarshal Engine now reports "starting" for a longer period to reduce misleading "failed to start" reports from other services on slow systems.
WM-4988	WebMarshal now supports Chunked encoding for file upload.
WM-5001	The X-Authenticated-User header was not added to HTTPS CONNECT requests and some requests for images. Fixed.
WM-5003	In release 6.12.0, use of HTTPS CONNECT for FTP proxying did not work. Fixed. Also, the default behavior of related settings now matches the documentation (Knowledge Base article Q12950).

6.12.0 (June 30, 2016)

WM-4717	The WebMarshal Support Tool has been replaced by the Support Tool as used in the MRC, SEG, and SPE products. This tool is updated automatically when it is run.
WM-4843	WebMarshal URL Categories can contain entries ending in a specific file name.
WM-4882	For new installations, a default HTTPS rule is included to block sites with invalid certificates.
WM-4883	The "Spyware Scanner" selections within Malware Scanners are no longer available to license and have been removed from configuration. Detection of all malware is fully covered through the available virus/malware scanners and TRACEnet.
WM-4885	The Policy Tester and entry of URLs in categories now ignore leading and trailing dot, space and tab characters, for consistency with the filter.
WM-4886	The Engine, Controller, and Array Manager are now able to access up to 4GB of memory on a 64 bit system. Performance enhancement is expected.
WM-4887	TextCensor memory usage has been improved.
WM-4889	In version 6.11, the "reason" entry on the FileAborted template was not populated. Fixed.
WM-4892	Specific HTTPS sites loaded slowly as the data completion was not recognized. Fixed.
WM-4893	The MarshalFilter and SmartFilter URL lists cannot be selected. These lists are no longer offered.
WM-4894	File names were displayed and logged as "default.htm" in some cases when the actual file name was available. Fixed.
WM-4896	A File Aborted action from a Standard rule resulted in an "invalid template" notice in rare cases. Fixed.
WM-4899	Visual C++ 2013 runtimes are installed as required.
WM-4900	The X-Forwarded-For header is enabled on HTTP requests by default for new installations, and also for upgrades unless it was explicitly disabled. See also WM-4934. For more information see Trustwave Knowledge Base article Q12723.
WM-4916	Traffic log files can now be limited in size. New files will be created as required. For more information see Trustwave Knowledge Base article Q20581.
WM-4920	Certificate validation rules failed when the certificate used DHC or ECDHE ciphers. Fixed.
WM-4921	Redirect could fail when the HTTP response was malformed (lacking a blank line after headers). Fixed.
WM-4922	Distributed files created after January 1, 2016 are signed with a SHA-2 certificate.
WM-4924	The version of the TLS/SSL library included with the product has been updated.
WM-4926	Support for SSLv2 has been removed in all rules and processing. SSLv2 connections cannot be negotiated. A rule to block connections where SSL could not be negotiated is enabled on upgrade.
WM-4931	FileFilter will match entries ending in a specific file name.
WM-4934	The X-Forwarded-For header can be enabled separately for HTTPS requests by setting a value in the proxy configuration file. See also WM-4900. For more information see Trustwave Knowledge Base article Q12723.
WM-4937	The "Read-Only Access - Facebook" rule has been updated to work with the current Facebook framework for new installations only. To update this rule for upgraded installations, see Trustwave Knowledge Base article Q20602.
WM-4951	The included SQL Express installer is updated to SQL 2014 Express SP1.
WM-4957	The list of event sources shown in the Console Event Viewer has been updated with the current malware scanners.
WM-4967	In version 6.11, the Rule Print output did not show the TLS 1.1 and 1.2 options. Fixed.

6.11.2.8039 (April 17, 2015)

WM-4735	Authentication bypass by User-Agent incorrectly required a matching IP address. Fixed.
WM-4870	A corrupt email notification request could block processing of later requests. Fixed.
WM-4871	The version of the TLS/SSL library included with the product has been updated.

6.11.1.8021 (February 5, 2015)

WM-4850	The Connection Rules logic has been updated to recognize HTTPS URLs for Google and YouTube video.
WM-4853	In release 6.11.0, sites could fail to load or load slowly due to a problem with buffer allocation in the Proxy service. Fixed.
WM-4868	In release 6.11.0, if SSL could not be negotiated the proxy service could stop unexpectedly due to a logging error. Fixed.
WM-4869	The SHA-256 digest is registered with Open SSL to avoid potential problems generating certificates in the Array Manager.

6.11.0.8010 (January 14, 2015)

WM-4596	The allowed size of client and server headings can be adjusted if required (for instance if very large headers are required for successful authentication). See Trustwave Knowledge Base article Q20073.
WM-4800	The Kaspersky for Marshal linking DLL is correctly signed.
WM-4801	Categorization of URLs in a session could be incorrect for a site where the root and paths were differently categorized. Fixed.
WM-4804	FTP downloads could fail when the URL contained URL-encoded strings. Fixed.
WM-4805	The default size of the TCP/IP application buffer in the Proxy has been increased from 2 to 16 KB to enhance performance. You can adjust the size if required. See Trustwave Knowledge Base article Q20071.
WM-4806	When an alternate upstream proxy was configured, reloading configuration would always restart the WebMarshal Proxy service. Fixed.
WM-4808	The McAfee for Marshal linking DLL included with the product has been updated to resolve a potential issue with engine responsiveness after updates.
WM-4810	The licensing function is now found under the Tools menu of the Console.
WM-4811	The log entries for long-running processing threads have been clarified.
WM-4816	The version of the TLS/SSL library included with the product has been updated.
WM-4817	The product End User License Agreement has been updated.
WM-4818	The product is re-branded as WebMarshal.
WM-4821	The versions of SSL and TLS protocol that will be negotiated and allowed by WebMarshal for client and server connections can be configured. By default SSLv2 and SSLv3 are not allowed. The list of ciphers available for SSL negotiation has been updated to exclude weak and anonymous ciphers. To configure the list of protocols, see Trustwave Knowledge Base article Q20067.
WM-4823	Service executable paths are quoted to mitigate a potential vulnerability.
WM-4824	WebMarshal Content Inspection certificates are now signed with SHA-256 for improved security.
WM-4828	Use of anonymous authentication ciphers is disabled by default.
WM-4840	XML documents greater than 50MB in size are not extracted, for performance reasons.

Note: To review change history for earlier versions, please see the Release Notes for the specific version of WebMarshal. All Release Notes are available through the Trustwave Knowledge Base.

Legal Notice

All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

While the authors have used their best efforts in preparing this document, they make no representation or warranties with respect to the accuracy or completeness of the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.

Trademarks

Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.

About Trustwave®

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.