[4.22] Patch - October 20, 2023

Fortanix Data Security Manager SaaS (DSM SaaS) 4.22.2311 release provides an overview of the bug fixes and known issues.

This release is for SaaS only and is not available for on-premises installations.

1. Bug Fixes

  • Fixed an issue where Google EKM APIs incorrectly translated internal errors to 404 during session lookup (JIRA: PROD-7701).
  • Fixed a broken DSM SaaS signup flow (JIRA: ROFR-4430).

2. Known Issues

  • Custom value cannot be selected from the drop down when there are more than two options in the drop down  (JIRA: ROFR-4429).
  • The sync key API returns a “400 status code and response error” if its short-term access token expires during the synchronization of a group linked to AWS KMS (JIRA: PROD-3903).
    Workaround: increase the timeout of the temporary session token beyond the expected duration of the sync key operation.
  • exclude does not work in the proxy configuration for operations such as attestation (JIRA: PROD-3311).
  • Unable to create an app when a Custom Group Role has the Create Apps permission enabled. This affects users who need to create App or Plugin entries (JIRA: PROD-5764). Workaround: use the predefined Administrative User definition under Settings.
  • Rotating a GCP BYOK key to a pre-existing Fortanix DSM-hosted key (Rotate to DSM key) is not supported (JIRA: PROD-6722).
    Workaround: You can manually copy an existing AES 256 key from a normal DSM group to a GCP-backed group. This key automatically becomes the currently active crypto key version in the GCP key ring.
  • The “Rotate linked key” feature fails with an error for keys in an externally backed group where the external entity is a Google Cloud Platform key ring (JIRA: PROD-6828).
    Workaround: You must first manually rotate the source key in the regular DSM group and then copy the rotated key to the GCP group.
  • If an Azure key is rotated and then soft-deleted, only one version of the key is soft-deleted (JIRA: PROD-6947).
    Workaround: Perform a key scan in DSM to synchronize the key state with Azure.
  • Increasing the “Retention period for Audit Logs” setting at the account level duplicates the “purge audit log” message in the audit logs (JIRA: PROD-7031).
  • The create operation for security object creation does not work for the Azure Managed HSM plugin (JIRA: PROD-7078).
  • The retry mechanism does not work as expected in the DSM-Accelerator Webservice (JIRA: PROD-7068).
  • When a key is soft-deleted from the DSM Azure Key Vault Cloud Data Control (CDC) group, the “Purge deleted key” button is not visible in the UI (JIRA: PROD-7202).
  • Page crashes when an app was created using API without the app_type parameter and modified from UI later (JIRA: ROFR-4383).
  • The user gets an” OOPS” page when trying to associate an existing plugin with other DSM groups (JIRA: ROFR-4468).
    Workaround: To associate an existing plugin to another DSM group:
    1. Navigate to the Plugins page and open that plugin.
    2. In the detailed view of the plugin, in the INFO tab, click the EDIT GROUPS button.
    3. In the “Groups Association” form, add the necessary groups for the plugin and click SAVE CHANGES to save the changes.


Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful