Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
v8.0 Release Notes for On-Premises TRITON AP-EMAIL
v8.0 Release Notes for On-Premises TRITON AP-EMAIL
Topic 70120 | Release Notes | TRITON AP-EMAIL | Version 8.0 | Updated: 02-Feb-2015
Applies To:
TRITON AP-EMAIL v8.0
Websense® TRITON® AP-EMAIL version 8.0 (the on-premises email protection solution formerly known as Email Security Gateway) is the first product version that uses a new, simplified product naming and grouping of the familiar Websense TRITON product line. For more information about on-premises email protection solution renaming, see New in version 8.0.
Version 8.0 is also a correction release that includes email protection improvements and fixes, some requested by our customers. This release also includes important fixes for the Bash vulnerabilities (Shellshock) and SSL vulnerability (POODLE). See Important updates for details.
Part of the TRITON APX security solutions, TRITON AP-EMAIL is a Websense on-premises, V-Series appliance-based system that prevents malicious email threats from entering an organization's network, and protects sensitive data from unauthorized email transmission.
 
* 
Important 
Some older V10000 and V5000 appliances are not supported with version 8.0.0 and higher. See V-Series appliances supported with version 8.0.
You can also deploy TRITON AP-EMAIL on a virtual appliance. Download the image file (WebsenseEmail800Setup_VA.ova) from the MyWebsense downloads page. See the virtual appliance Quick Start Guide for deployment information.
In addition, TRITON AP-EMAIL can be deployed on a Websense X-Series modular chassis blade server, part of a high-performance network security system. This support has the benefit of making on-premises email protection available on a platform that is scalable for large enterprise organizations. See the following resources for information about X-Series appliance deployment:
*
X-Series Appliance Release Notes
*
X-Series Appliance Getting Started Guide
*
X-Series Appliance Command Line Interface Guide
Use these Release Notes to find information about version 8.0 TRITON AP-EMAIL. Version 8.0 Release Notes are also available for the following Websense products:
*
TRITON Manager
*
Websense Web Protection Solutions (including Content Gateway)
*
Websense Data Protection Solutions
*
V-Series Appliance
*
X-Series Appliance
See the Administrator Help for details about on-premises TRITON AP-EMAIL operations.
If you are installing this on-premises email protection solution for the first time, see Installing Websense Appliance-Based Solutions.
If you are upgrading from a previous email protection system version (known as Email Security Gateway), see Upgrading Email Protection Solutions.
Important updates
The following software updates are included in TRITON AP-EMAIL version 8.0:
Bash vulnerabilities (Shellshock)
The critical Bash vulnerabilities were first identified in CVE-2014-6271. Subsequent investigation of the Bash code revealed other, related vulnerabilities.
The vulnerabilities present in Bash (Bourne Again Shell) up to version 4.3 can be exploited by malicious persons, including over HTTP.
Many programs like SSH, telnet, and CGI scripts allow Bash to run in the background, allowing the vulnerability to be exploited remotely over the network.
TRITON AP-EMAIL includes a new version of the Bash program that has been corrected to eliminate these vulnerabilities.
SSL vulnerability (POODLE)
The critical SSLv3 vulnerability was identified in CVE-2014-3566.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. TLS (Transport Layer Security) has since superseded SSL. However, support for the older SSL version 3.0 still exists in many applications and can therefore lead to software (such as browsers) being forced into using a vulnerable SSLv3 connection.
The vulnerability can be exploited by inducing a client's browser into making multiple browser requests over HTTPS with SSLv3, and inferring details about the encrypted contents that allow an attacker to compromise the security of SSLv3.
Two components of TRITON AP-EMAIL were affected by this vulnerability: the Personal Email Manager end-user portal and the appliance mail transfer agent.
*
SSLv3 is now disabled in the Personal Email Manager portal.
*
SSLv3 is not disabled in the appliance mail transfer agent. However, this version of TRITON AP-EMAIL does include an updated OpenSSL library to reduce the possibility of attack from this vulnerability.
You may manually disable SSLv3 on the appliance with the assistance of Websense Technical Support, but you should use this option with caution. Disabling SSLv3 means the mail transfer agent will block all connection requests from servers that use SSLv3.
Contents
*
New in version 8.0
*
Installation and upgrade
*
Resolved and known issues

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
v8.0 Release Notes for On-Premises TRITON AP-EMAIL
Copyright 2016 Forcepoint LLC. All rights reserved.