Common Gateway - Security Fixes
The following security fix applies to both Classic Gateway and NextGen Gateway.
Known Vulnerability in Google Chrome Package
We have identified and addressed multiple vulnerabilities in OpsRamp Gateway version 20.0.3.
The embedded Chrome browser has been upgraded to the stable version 142.0.7444.59, which addresses several critical security issues. We recommend the following workaround depending on your Gateway type.
- If you are planning to upgrade to version 20.0.3, no action is required. The patch will automatically update the chrome package.
- If you are not upgrading to 20.0.3, you must manually update the chrome package using one of the following methods:
- For Classic Gateway, see Update Instructions page.
- For NextGen Gateway, see Update Instructions page.
Classic Gateway - Security Fixes
The following security fix applies to Classic Gateway.
Known Vulnerability in Squid Proxy Package
A security vulnerability in the Squid web proxy (prior to version 5.9-0ubuntu0.22.04.2) could cause info disclosure due to improper redaction of HTTP authentication credentials.
- Squid Patch Availability: Squid fix (5.9-0ubuntu0.22.04.4 or newer) is available from Ubuntu. Apply both the patch and the config change.
We recommend the following workaround for your classic gateway. This vulnerability has been addressed in patch version 20.0.3.
- If you are planning to upgrade to version 20.0.3: No action is required. The patch will automatically update the Squid package.
- If you are not upgrading to 20.0.3: You must manually update the Squid package. For more information, refer to the Update Instructions page for Classic Gateway.