1. Fortanix
  2. Downloads
  3. Data Security Manager (DSM)
  4. DSM Software Release Notes
  5. 4.35 (SaaS only)

[4.35] - December 13, 2024

Last Updated: 

Fortanix Data Security Manager (DSM) SaaS 4.35 comes with some exciting new features, general improvements, and resolved issues.

NOTE 
This release is for SaaS only and is not available for on-premises installations. Updates in this release will be part of a future on-premises release.

1. New Features

  • Added support for managing custom roles for new and existing Administrative Apps from the Fortanix DSM user interface (UI) (JIRA: PM-229).
    For more details, refer to User's Guide: Authentication.
    Screenshot (5).png
  • Added support for new TR-31 plugin in the DSM Plugin Library. This plugin can be used to import and export any key types under the American National Standards Institute (ANSI) Technical Report (TR)-31 format (JIRA: PM-73).
    For more details, refer to User's Guide: Plugin Library.
  • Added the new Fortanix Solutions drop down menu in the DSM UI.
    For more details, refer to User's Guide: Getting Started with Fortanix Data Security Manager - UI (JIRA: PM-387).
    Screenshot (13).png

2. Improvements

  • Added Fortanix DSM UI support for scheduled rotation of linked keys in FIPS-backed groups. Users can now assign a Key Rotation Policy (KRP) to keys generated in FIPS-backed groups, including the option to rotate linked keys (JIRA: EXTREQ-1195).
    For more details, refer to User's Guide: Fortanix Data Security Manager Key Lifecycle Management.
    Screenshot (37).png
  • Implemented groups multi-selector dropdown in COPY KEY feature to improve Fortanix DSM UI performance when group count exceeds 1000 (JIRA: ROFR-5159).
    Screenshot (38).png

    Screenshot (53).png

3. Other Improvements

  • Added missing Google Key Access Justification error message “test_wrap_error_message_with_denied_justifications“ (JIRA: PROD-9088).

4. API Updates

  • This release does not have any API changes.

5. Client Improvements

  • Added support to derive AES key in Fortanix DSM Key Management Interoperability Protocol (KMIP) proxy for HKDF (HMAC-based Key Derivation Function) (JIRA: PROD-9463).
  • The Fortanix DSM CNG provider client now supports configuring the log file location (JIRA: PM-412).
    For more details, refer to Clients: Microsoft CNG Key Storage Provider.

6. Bug Fixes

  • Fixed an issue where the user was unable to update the Retention period for Audit Logs setting in SettingsLog Management without an Account Quorum Policy (JIRA: ES-325).
  • Fixed an issue where the user was unable to retrieve the older version of the Azure soft-deleted key (JIRA: PROD-8223).
  • Fixed an issue where if a Pre-Active key is copied from a normal DSM group to an Azure Key Vault-backed group, the key state changes to Active on Azure Key Vault even though the activation date was set to a future date (JIRA: PROD-9505).

7. DSM-Accelerator Bug Fixes

  • DSM-Accelerator Webservice:
    • Fixed an issue where the DSM-Accelerator Webservice was unable to perform masked detokenization with the app configured with the "Masked Decrypt" permission (JIRA: ES-439).

8. Known Issues

  • The sync key API returns a “400 status code and response error” if its short-term access token expires during the synchronization of a group linked to AWS KMS (JIRA: PROD-3903).
    Workaround: increase the timeout of the temporary session token beyond the expected duration of the sync key operation.
  • If an Azure key is rotated and then soft-deleted, only one version of the key is soft-deleted (JIRA: PROD-6947).
    Workaround: Perform a key scan in DSM to synchronize the key state with Azure.
  • The create operation for security object creation does not work for the Azure Managed HSM plugin (JIRA: PROD-7078).
  • Copying an RSA or EC key from a normal DSM group to an AWS KMS-backed DSM group does not work as expected and results in an error (JIRA: PROD-7787).
    Workaround: Export the RSA or EC key from the normal DSM group and import it into the AWS KMS-backed DSM group.
  • The COPY KEY dialog box does not filter the HSM/External KMS groups as expected when Import key to HSM/External KMS check box is selected, if there are more than 1,000 groups in the account (JIRA: ROFR-5167).
  • Unable to delete a user who was invited to an account with a "Custom account role" that includes an "All Groups Role" along with group membership assigned explicitly in the invite user workflow if the invited user has not accepted the invitation (JIRA: PROD-9409).
    Workaround: To delete the invited user, contact Fortanix Support or perform the following steps:
    • If you have already assigned explicit group memberships, perform the following steps to remove them and delete the user:
      • Change the user's account role to "Account Member".
      • Remove the group memberships one by one using the user interface.
      • Delete the user.
  • The sudo get_csrs --rotate command does not support changing the hostname for the service URL. For example, If your service main URL is dsm.fortanix.net, you cannot change this main URL hostname (JIRA: PROD-9542).
  • Fortanix Windows CNG/EKM/CSP clients use a common Fortanix KMS client config parameter --log-file while specifying the file path for storing logs ((JIRA: PROD-9524).

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful