[4.21] Patch - September 12, 2023

Fortanix Data Security Manager SaaS (DSM SaaS) 4.21.2284 release provides an overview of the new improvements and known issues.

1. Improvements

• Updated AIC BIOS to version ATLK0061 and Gigabyte BIOS to version F14 in the Fortanix DSM installer (JIRA: DEVOPS-4217).
• Added checks to see if the Key Attestation Authority Certificates are signed by the correct Root CAs (JIRA: PROD-7243).
• Added support to re-issue attestation statement if the Key Attestation Authority Certificate is renewed (JIRA: PROD-7475).

2. Known Issues

• The DSM login page is shown briefly after performing an SSO login (JIRA: ROFR-4148).
• The sync key API returns a “400 status code and response error” if its short-term access token expires during the synchronization of a group linked to AWS KMS (JIRA: PROD-3903).
  Workaround: Increase the timeout of the temporary session token beyond the expected duration of the sync key operation.
• exclude does not work in the proxy configuration for operations such as attestation (JIRA: PROD-3311).
• Rotating a GCP BYOK key to a pre-existing Fortanix DSM-hosted key (Rotate to DSM key) is not supported (JIRA: PROD-6722).
  Workaround: You can manually copy an existing AES 256 key from a normal DSM group to a GCP-backed group. This key automatically becomes the currently active crypto key version in the GCP key ring.
• The “Rotate linked key” feature fails with an error for keys in an externally backed group where the external entity is a Google Cloud Platform key ring (JIRA: PROD-6828).
  Workaround: You must manually rotate the source key in the regular DSM group and then copy the rotated key to the GCP group.
• If an Azure key is rotated and then soft-deleted, only one version is soft-deleted (JIRA: PROD-6947).
  Workaround: Perform a key scan in DSM to synchronize the key state with Azure.
• Increasing the “Retention period for Audit Logs” setting at the account level duplicates the “purge audit log” message in the audit logs (JIRA: PROD-7031).
• The create operation for security object creation does not work for the Azure Managed HSM plugin (JIRA: PROD-7078).
• The retry mechanism does not work as expected in the DSM-Accelerator Webservice (JIRA: PROD-7068).
• When a key is soft-deleted from the DSM Azure Key Vault Cloud Data Control (CDC) group, the “Purge deleted key” button is not visible in the UI (JIRA: PROD-7202).
• Error during DSM login in a new or existing cluster (JIRA: ROFR-4370).
  Workaround: In the browser developer tools, clear the auth.accountId field from Local storage.
• After logging in to Fortanix DSM, you will see an additional region mentioned in the DSM UI breadcrumbs navigation (JIRA: ROFR-4390).

For a complete list of new features, enhancements to existing features, other improvements, and bug fixes refer to the full description of the 4.21 DSM SaaS release.