Fortanix Data Security Manager SaaS (DSM SaaS) 4.21.2302 release provides an overview of the bug fixes and known issues.
1. Bug Fixes
- Fixed an issue where the async and scheduled HSM Management Gateway (HMG) scans were broken due to a bug in
- Fixed an issue where
service.csrcertificate provisioning failed (JIRA: PROD-7615).
2. Known Issues
- The DSM login page is shown briefly after performing an SSO login (JIRA: ROFR-4148).
- The sync key API returns a “400 status code and response error” if its short-term access token expires during the synchronization of a group linked to AWS KMS (JIRA: PROD-3903).
Workaround: Increase the timeout of the temporary session token beyond the expected duration of the sync key operation.
excludedoes not work in the
proxyconfiguration for operations such as attestation (JIRA: PROD-3311).
- Unable to create an app when a Custom Group Role has the Create Apps permission enabled. This affects users who need to create App or Plugin entries (JIRA: PROD-5764). Workaround: Use the predefined Administrative User definition under Settings.
- Rotating a GCP BYOK key to a pre-existing Fortanix DSM-hosted key (Rotate to DSM key) is not supported (JIRA: PROD-6722).
Workaround: You can manually copy an existing AES 256 key from a normal DSM group to a GCP-backed group. This key automatically becomes the currently active crypto key version in the GCP key ring.
- The “Rotate linked key” feature fails with an error for keys in an externally backed group where the external entity is a Google Cloud Platform key ring (JIRA: PROD-6828).
Workaround: You must manually rotate the source key in the regular DSM group and then copy the rotated key to the GCP group.
- If an Azure key is rotated and then soft-deleted, only one version is soft-deleted (JIRA: PROD-6947).
Workaround: Perform a key scan in DSM to synchronize the key state with Azure.
- Increasing the “Retention period for Audit Logs” setting at the account level duplicates the “purge audit log” message in the audit logs (JIRA: PROD-7031).
- The create operation for security object creation does not work for the Azure Managed HSM plugin (JIRA: PROD-7078).
- The retry mechanism does not work as expected in the DSM-Accelerator Webservice (JIRA: PROD-7068).
- When a key is soft-deleted from the DSM Azure Key Vault Cloud Data Control (CDC) group, the “Purge deleted key” button is not visible in the UI (JIRA: PROD-7202).
- Error during DSM login in a new or existing cluster (JIRA: ROFR-4370).
Workaround: In the browser developer tools, clear the auth.accountId field from Local storage.
- After logging in to Fortanix DSM, you will see an additional region mentioned in the DSM UI breadcrumbs navigation (JIRA: ROFR-4390).
For a complete list of new features, enhancements to existing features, other improvements, and bug fixes refer to the full description of the 4.20 DSM SaaS release.