Protege GX cybersecurity changes: What you need to know
Protege GX cybersecurity changes: What you need to know
https://defsec.net.nz/2026/06/02/protege-gx-cybersecurity-changes/
Publish Date: 2026-06-01 22:33:00
Source Domain: defsec.net.nz
Using an unordered list, summarize the following article with between 4 and 8 key points.
The first of a new series of quarterly updates. Image: ICT.
ICT has announced a new series of quarterly Protégé GX updates aimed at delivering stronger protection by default. The first update is available now.
In the first of a new series of quarterly updates, Protege GX 4.3.402 receives bolstered security with stronger password defaults, encrypted connections (TLS 1.2/HTTPS), and a new path forward for browser-based access.
According to ICT, there are a few things you’ll need to do when upgrading existing sites. At a high level:
Plan to upgrade server, clients, SOAP and web client together
Confirm encrypted connections are in place before the upgrade
Notify operators they’ll need to set a new password at next login
Decide whether to upgrade the legacy Web Client or move customers to the new Web App
The headline rule: upgrade everything together. Server, clients, SOAP, and web client need to move at the same time. If they don’t, parts of the system won’t communicate.
What’s changing
Stronger passwords by default. ICT is tightening operator password requirements so every Protege GX system starts from a stronger baseline. After upgrading, operators will be prompted to reset their password the first time they log in — a quick, one-time step.
This applies to operator accounts used by SOAP integrations and mobile apps as well, so it’s worth identifying those ahead of time. Those applications will fail to connect until the passwords are updated.
Protege GX components will now only talk to each other over encrypted connections — TLS 1.2 between server, clients and SOAP service, and HTTPS for web client, entry station, and mobile app traffic.
“If your customers rely on specific Web Client features, the Protege GX Web App Installation Manual has the current feature comparison so you can decide which path fits each site.”
For sites already running encrypted communications, this is business as usual. For sites still running unencrypted connections, some setup work is required prior to upgrade.
There’s also a server compatibility check worth doing early: 4.3.402 requires a 64-bit OS and a current SQL Server version (2016 or later). Most sites will already be there, but older installs may need a server migration as part of upgrade planning.
Together, these changes line Protege GX up with what IT and security teams now expect by default: encryption in transit and strong credential hygiene out of the box.
A new option: the Protege GX Web App
This release coincides with the general availability of the Protege GX Web App — ICT’s modern web-based replacement for the legacy Protege GX Web Client.
ICT will be rolling out feature parity with the legacy Web Client over the coming months. This means that when upgrading a site, you currently have two paths open to you:
Stay on the legacy Web Client and apply the encryption updates, or
Move to the new Web App as the web access experience going forward
If your customers rely on specific Web Client features, the Protege GX Web App Installation Manual has the current feature comparison so you can decide which path fits each site.
More detailed information is available from the ICT website and App Note 366.
