Netskope Cloud Exchange Release Notes Version 3.3.3
We are excited to announce our Cloud Exchange 3.3.3 updates! Get the latest features, issues fixed, and other updates in this release.
Cloud Exchange 3.3.3 maintenance release includes several vulnerability patches to the Docker base image. To upgrade, go to Settings > General and select Check For Update. If you are still on any version prior to 3.1, upgrade to 3.3 by following the instructions in Upgrading to the Latest Version of Cloud Exchange.
Added
Added support for container wide proxy configuration using the updated setup script.
Added Error Code column and log details on the Logging page with more verbose error messages.
Added support for TLS v1.2 communication with Cloud Exchange
Added following checks as part of the setup script:
Minimum system requirements.
Required docker/podman-compose versions are installed.
Connectivity checks to Netskope tenant, Github, and Docker Hub.
Verify that all the required ports are open.
Changed
Proxy information provided while running the setup will now be reflected in the UI.
Updated the setup script to restrict invalid characters in the maintenance password.
New Plugins Released/Updated
Mandiant for Threat Exchange
Cloud Exchange pulls indicators from Mandiant into CE.
Indicators supported URL, MD5, FQDN, IPv4, IPv6.
ThreatConnect for Threat Exchange
Bilateral indicator sharing
Digital Shadows for Threat Exchange
Cloud Exchange pulls indicators from Digital Shadows
Indicators supported URL.
CrowdStrike for Threat Exchange 1.0.2 update
Added pagination and timeouts in API calls
JIRA for Ticket Orchestrator 1.0.2 update
Fixed newline error while adding summary in queue
These can all be found via the Check for Updates button for the default netskopeoss plugin github repo on the Plugin Repository page under Settings.
Vulnerability Reports
Core: Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
UI: Total: 5 (UNKNOWN: 0, LOW: 5, MEDIUM: 0, HIGH: 2, CRITICAL: 0)
Note
The vulnerabilities are in the nginx:alpine
base image with curl and openssl. We'll be monitoring the image for fixes and keep you posted.
Here is the list of issues fixed in this release.
Fixed an issue where numbers were not working in the Custom Message in the Ticket Orchestrator Queue Mappings.
When changing the status of a JIRA ticket to ‘done’, the status in CE still showed ‘other’.
Fixed an issue where SSO on CE could not be enabled if the host names did not have a top level domain (i.e. .com, .net, etc).
Plugin repository (via github) wasn’t respecting proxy settings.
Port 5672 is no longer exposed externally but is only used for RabbitMQ to core container communications.
Here is the list of known issues in this release.
CE has to be restarted when there is a plugin update that has changes to multiple python files.
Customers have to upgrade to 3.3.3 from the CLI using the new setup script. If they upgrade from the UI to 3.3.3 there are a number of global environmental variables that will not be set, preventing CE proxy from being used for communication with docker and github, among other services.
If CE was installed previously using ZIP instead of GIT, customers will need to back up the database and migrate it to the new directory as specified in the migration notes.
If CE is installed on a RHEL host, it can not be configured within podman to always automatically restart. Upon failure, customers will need to manually restart CE.