Fortanix Data Security Manager (DSM) 4.6.2057 provides an overview of the resolved issues.
1. Bug Fixes
- Fixed an issue where the
GetAccountUsageAPI had an incorrect session type (JIRA: PROD-4610).
- Fixed an issue where a JCE update to print
x-request-idcauses a backward compatibility error (JIRA: PROD-4612).
2. Security Fixes
- Fixed a bug where essential validation checks were missing when allocating and processing
FifoDescriptor(JIRA: PLAT-896). In a scenario where an attacker has complete control of the address space, an attacker could leverage these missing checks to rewrite the stack pointer outside of the enclave into an attacker-crafted stack. By utilizing ROP the attacker could execute arbitrary code and leak anything accessible by the enclave.
3. Known Issues
- An account could be lost if account tables are inconsistent between nodes. Make sure a backup is successful before proceeding with ANY upgrade (JIRA: PROD-4234).
- When a node is removed from a 3-node cluster with build 4.2.2087, and the 2-node cluster is upgraded with build 4.3.xxxx, it is possible that the deploy job is exited and marked completed before cluster upgrade (JIRA: DEVOPS-2068). Workaround: If all the pods are healthy, you can deploy the version again.
- The sync key API returns “400 status code and response error” due to the short-term access token expiry during the sync key operation of a group linked to AWS KMS (JIRA: PROD-3903).
excludedoes not work in the proxy config for operations such as attestation (JIRA: PROD: 3311).
To download the DSM SGX (on-prem/Azure) and Software (AWS/Azure/VMWare) packages, click here.