[4.21] Patch - September 16, 2023

Fortanix Data Security Manager SaaS (DSM SaaS) 4.21.xxxx release provides an overview of the bug fixes and known issues.

This release is for SaaS only and is not available for on-premises installations.

1. Bug Fixes

  • Fixed an issue where the Fortanix DSM SaaS sign-up flow was broken (JIRA: ROFR-4430).

2. Known Issues

  • The DSM login page is shown briefly after performing an SSO login (JIRA: ROFR-4148).
  • The sync key API returns a “400 status code and response error” if its short-term access token expires during the synchronization of a group linked to AWS KMS (JIRA: PROD-3903).
    Workaround: Increase the timeout of the temporary session token beyond the expected duration of the sync key operation.
  • exclude does not work in the proxy configuration for operations such as attestation (JIRA: PROD-3311).
  • Unable to create an app when a Custom Group Role has the Create Apps permission enabled. This affects users who need to create App or Plugin entries (JIRA: PROD-5764). Workaround: Use the predefined Administrative User definition under Settings.
  • Rotating a GCP BYOK key to a pre-existing Fortanix DSM-hosted key (Rotate to DSM key) is not supported (JIRA: PROD-6722).
    Workaround: You can manually copy an existing AES 256 key from a normal DSM group to a GCP-backed group. This key automatically becomes the currently active crypto key version in the GCP key ring.
  • The “Rotate linked key” feature fails with an error for keys in an externally backed group where the external entity is a Google Cloud Platform key ring (JIRA: PROD-6828).
    Workaround: You must manually rotate the source key in the regular DSM group and then copy the rotated key to the GCP group.
  • If an Azure key is rotated and then soft-deleted, only one version is soft-deleted (JIRA: PROD-6947).
    Workaround: Perform a key scan in DSM to synchronize the key state with Azure.
  • Increasing the “Retention period for Audit Logs” setting at the account level duplicates the “purge audit log” message in the audit logs (JIRA: PROD-7031).
  • The create operation for security object creation does not work for the Azure Managed HSM plugin (JIRA: PROD-7078).
  • The retry mechanism does not work as expected in the DSM-Accelerator Webservice (JIRA: PROD-7068).
  • When a key is soft-deleted from the DSM Azure Key Vault Cloud Data Control (CDC) group, the “Purge deleted key” button is not visible in the UI (JIRA: PROD-7202).
  • Error during DSM login in a new or existing cluster (JIRA: ROFR-4370).
    Workaround: In the browser developer tools, clear the auth.accountId field from Local storage.
  • After logging in to Fortanix DSM, you will see an additional region mentioned in the DSM UI breadcrumbs navigation (JIRA: ROFR-4390).

For a complete list of new features, enhancements to existing features, other improvements, and bug fixes refer to the full description of the 4.21 DSM SaaS release.


Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful