This document provides an overview of the improvements and known issues in the Fortanix Data Security Manager (DSM) 4.11.2125 patch release.
- This release allows you to log CPUSVN, ISVSV, and other useful SGX information when you start a node (JIRA: PROD-5714).
2. Known Issues
- An account could be lost if account tables are inconsistent between nodes. Make sure a backup is successful before proceeding with ANY upgrade (JIRA: PROD-4234).
- When a node is removed from a 3-node cluster with build 4.2.2087, and the 2-node cluster is upgraded with build 4.3.xxxx, it is possible that the deploy job is exited and marked completed before cluster upgrade (JIRA: DEVOPS-2068). Workaround: If all the pods are healthy, you can deploy the version again.
- The sync key API returns “400 status code and response error” due to the short-term access token expiry during the sync key operation of a group linked to AWS KMS (JIRA: PROD-3903).
excludedoes not work in the proxy config for operations such as attestation (JIRA: PROD: 3311).
- Encryption with GCM mode is failing for DSM-Accelerator PKCS#11 Client Library (JIRA: PROD-5479).
- Unable to connect to the Azure non-SGX endpoint while running DSM-A (JIRA: PROD-5558).
- Unable to perform Local encrypt/decrypt operation in Fortanix DSM-Accelerator using DES3 algorithm in CBC/ECB mode with the key size 112 (JIRA: PROD-5598).
For a complete list of new features, enhancements to existing features, other improvements, and bug fixes refer to the full description of the DSM 4.11 release note.