1. Fortanix
  2. Downloads
  3. Data Security Manager (DSM)
  4. DSM Software Release Notes
  5. 4.32 (SaaS Only)

[4.32] - September 05, 2024

Last Updated: 

Fortanix Data Security Manager (DSM) SaaS 4.32 comes with some exciting new features, improvements, and resolved issues.

NOTE 
This release is for SaaS only and is not available for on-premises installations. Updates in this release will be part of a future on-premises release.

1. New Features

  • You can now configure a group with an Export Policy such that all security objects in that group can be exported as wrapped or without wrap (JIRA PM-219).

    Screenshot (495).png

    You can also configure an export policy for a security object using the new Define export permissions section in the detailed view of the security object such that the security object can be exported as wrapped or without wrap.

    Screenshot (496).png

    You can also specify if the wrapping key to wrap the security object can be any key with wrap permission or a specific key with wrap permission. For more details, refer to the Fortanix DSM Export Policy User Guide.

2. Client Improvements

  • Updated the sq-dsm key generation capabilities to support RSA 8K keys (JIRA PM-382).
  • Added support in the PKCS#11 client for key or certificate authentication with Fortanix DSM using a password-protected private key file (JIRA PM-333). For more details, refer to Clients: PKCS#11 Library.

3. DSM-Accelerator Improvements and Bug Fixes

  • DSM-Accelerator Webservice: 
    • Added a new environment variable, AVAILABILITY, that allows you to prioritize the use of the cached key. You can continue using the cached key even if Fortanix DSM is not reachable when the time-to-live (TTL) for the cached key expires (JIRA: PM-372).
      For more details, refer to DSM-Accelerator Webservice Developer Guide.
  • DSM-Accelerator JCE Provider:
    • Added a new parameter, AVAILABILITY, that allows you to prioritize the use of the cached key. You can continue using the cached key even if Fortanix DSM is not reachable when the time-to-live (TTL) for the cached key expires (JIRA: PM-372).
      For more details, refer to DSM-Accelerator JCE Provider Developer Guide.

4. Bug Fixes

  • Assigned attestation: null as the default attestation for non-SGX nodes to fix VMware and AWS upgrade failure (JIRA: ES-360).

5. Known Issues

  • A Fortanix DSM account, whether normal or system administrator, with the "No Roles Can Login with Password" role selected, may experience issues when attempting to log in using a password. If the users select such an account and enter the SSO credentials, they will be logged out instead of accessing the account (JIRA: ROFR-4998).
    Workaround: The users should log in directly with SSO after the "No Roles Can Login with Password" role is set to access the account. 
  • When you edit the starting time of a Key rotation policy for a security object with the value as single digit time, for example: 01:00 am, it shows an error “Invalid date/time selected. Ensure that you filled in a valid 12-hour time” (JIRA: ROFR-4786).
    Workaround: Re-enter the rotate start time by removing the “0” before the single digit time and enter a new time (for example, 01:00 am to 2:00 am).
  • Unable to create an LMS key with the following height combinations of 20 (JIRA: PROD-8248).
    • 5, 20, and vice versa.
  • The hyperlink color for the field “Follow the instructions in” in the “Add Instance” form for Google Workspace Client-Side Encryption (CSE) still reflects the old link color value (JIRA: ROFR-4789).
    Screenshot (497).png
  • The sync key API returns a “400 status code and response error” if its short-term access token expires during the synchronization of a group linked to AWS KMS (JIRA: PROD-3903).
    Workaround: increase the timeout of the temporary session token beyond the expected duration of the sync key operation.
  • exclude does not work in the proxy configuration for operations such as attestation (JIRA: PROD-3311).
  • If an Azure key is rotated and then soft-deleted, only one version of the key is soft-deleted (JIRA: PROD-6947).
    Workaround: Perform a key scan in DSM to synchronize the key state with Azure.
  • Copying an RSA or EC key from a normal DSM group to an AWS KMS-backed DSM group does not work as expected and results in an error (JIRA: PROD-7787).
    Workaround: Export the RSA or EC key from the normal DSM group and import it into the AWS KMS-backed DSM group.
  • The Fortanix DSM user interface (UI) fails to load groups beyond 1000. Therefore, any security object associated with a group beyond 1000 will not be displayed (JIRA: ROFR-4378).
  • The admin applications (apps) cannot retrieve the details for GET /users/{uuid} and instead returns the error "Inappropriate authorization for the requested operation" (JIRA: PROD-9212).
    Workaround: Use GET /users/{uuid} using the system administrator credentials to retrieve the user ID details.

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful