[4.9] Patch- September 02, 2022

Fortanix Data Security Manager (DSM) 4.9 patch release provides an overview of the resolved issues.

This release is superseded by September 26, 2022, release.

It is “REQUIRED” to upgrade Fortanix DSM to version 4.6 or 4.8 before upgrading to the 4.9.2102 version. If you want to upgrade to the 4.9.2102 version from an older version, please reach out to the Fortanix Customer Success team.
The Fortanix DSM cluster upgrade must be done with Fortanix support on call. Please reach out to Fortanix support if you are planning an upgrade.

1. Bug Fixes

  • Fixed a panic due to missing GET_SOBJECTS permission in the group Quorum policy (JIRA: PROD-5390).
  • Fixed inconsistent placement of import/export approval requests before and after approval on the Tasks page (JIRA: ROFR-2768).
  • Fixed an issue where the Fortanix DSM backend code ignores the connect-src whitelist in the manifest.json file (JIRA: PROD-5280).
  • Fixed an issue where the “Expiration date” was not showing for a copied key in the Azure hardware-protected Premium key vault (JIRA: PROD-5252).
  • Fixed an issue where GET_SOBJECTS was being returned as an additional operation on the quorum policy of existing DSM groups before upgrading to the 4.9 version (JIRA: PROD-5196).
  • Fixed panic in mfa/u2f path (JIRA: PROD-5132).
  • Fixed an issue where the cluster upgrade from DSM 4.4 to 4.9 was stuck due to a deploy job failure (JIRA: DEVOPS-3038).

2. Known Issues

  • An account could be lost if account tables are inconsistent between nodes. Make sure a backup is successful before proceeding with ANY upgrade (JIRA: PROD-4234).
  • When a node is removed from a 3-node cluster with build 4.2.2087, and the 2-node cluster is upgraded with build 4.3.xxxx, it is possible that the deploy job is exited and marked completed before cluster upgrade (JIRA: DEVOPS-2068). Workaround: If all the pods are healthy, you can deploy the version again.
  • The sync key API returns “400 status code and response error” due to the short-term access token expiry during the sync key operation of a group linked to AWS KMS (JIRA: PROD-3903).
  • exclude does not work in the proxy config for operations such as attestation (JIRA: PROD: 3311).

For the new features, enhancements to existing features, and other improvements please refer to the full description of the 4.9 release on our support portal.

4. Installation

To download the DSM SGX (on-prem/Azure) and Software (AWS/Azure/VMWare) packages, click here.


Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful