Fortanix Data Security Manager SaaS (DSM SaaS) 4.22.2311 release provides an overview of the bug fixes and known issues.
1. Bug Fixes
- Fixed an issue where Google EKM APIs incorrectly translated internal errors to 404 during session lookup (JIRA: PROD-7701).
- Fixed a broken DSM SaaS signup flow (JIRA: ROFR-4430).
2. Known Issues
- Custom value cannot be selected from the drop down when there are more than two options in the drop down (JIRA: ROFR-4429).
- The sync key API returns a “400 status code and response error” if its short-term access token expires during the synchronization of a group linked to AWS KMS (JIRA: PROD-3903).
Workaround: increase the timeout of the temporary session token beyond the expected duration of the sync key operation.
excludedoes not work in the
proxyconfiguration for operations such as attestation (JIRA: PROD-3311).
- Unable to create an app when a Custom Group Role has the Create Apps permission enabled. This affects users who need to create App or Plugin entries (JIRA: PROD-5764). Workaround: use the predefined Administrative User definition under Settings.
- Rotating a GCP BYOK key to a pre-existing Fortanix DSM-hosted key (Rotate to DSM key) is not supported (JIRA: PROD-6722).
Workaround: You can manually copy an existing AES 256 key from a normal DSM group to a GCP-backed group. This key automatically becomes the currently active crypto key version in the GCP key ring.
- The “Rotate linked key” feature fails with an error for keys in an externally backed group where the external entity is a Google Cloud Platform key ring (JIRA: PROD-6828).
Workaround: You must first manually rotate the source key in the regular DSM group and then copy the rotated key to the GCP group.
- If an Azure key is rotated and then soft-deleted, only one version of the key is soft-deleted (JIRA: PROD-6947).
Workaround: Perform a key scan in DSM to synchronize the key state with Azure.
- Increasing the “Retention period for Audit Logs” setting at the account level duplicates the “purge audit log” message in the audit logs (JIRA: PROD-7031).
createoperation for security object creation does not work for the Azure Managed HSM plugin (JIRA: PROD-7078).
- The retry mechanism does not work as expected in the DSM-Accelerator Webservice (JIRA: PROD-7068).
- When a key is soft-deleted from the DSM Azure Key Vault Cloud Data Control (CDC) group, the “Purge deleted key” button is not visible in the UI (JIRA: PROD-7202).
- Page crashes when an app was created using API without the
app_typeparameter and modified from UI later (JIRA: ROFR-4383).
- The user gets an” OOPS” page when trying to associate an existing plugin with other DSM groups (JIRA: ROFR-4468).
Workaround: To associate an existing plugin to another DSM group:
- Navigate to the Plugins page and open that plugin.
- In the detailed view of the plugin, in the INFO tab, click the EDIT GROUPS button.
- In the “Groups Association” form, add the necessary groups for the plugin and click SAVE CHANGES to save the changes.