CipherTrust Manager Release Model
CipherTrust Manager distributes new firmware releases regularly on a predictable schedule to give customers the benefit of new functionality and bug fixes while allowing time to plan upgrades.
Version Numbering
CipherTrust Manager firmware releases follow semantic versioning conventions. Version numbering format is <MAJOR>.<MINOR>.<PATCH>.
Most releases are minor versions and patches on minor versions, to introduce new functionality without breaking backward compatibility.
Release Schedule and Support Time Frame
Starting with the 2.11.x release, a minor version is designated either a Long Term Support (LTS) Release or a Feature Release (FR).
The following table summarizes the release schedule and support time frame differences between the two release types:
| Release Characteristic | Future LTS versions | FR version |
|---|---|---|
| Technical Support Timeframe | Four years | Two years |
| Patches | Four scheduled patches for two years | As needed for the current latest FR version only |
| Best strategy to fix bugs | Upgrade to scheduled patches | Upgrade to the next minor release |
Long Term Support Releases are enterprise-grade releases focused on stability. The CipherTrust Manager interfaces display the version with the suffix
LTS. Future LTS releases will have the following characteristics:Each LTS release will have four scheduled patches, which include the latest security fixes and other critical or low-risk functional fixes. These patches will be released twice a year for the two years following the initial release.
Technical support continues for four years past the original release. This support consists of updates to the support portal knowledge center, and availability of Thales technical staff to help troubleshoot problems. After the first two years, Thales will no longer issue further patches or bug fixes, and will provide technical support only.
Note
We are currently determining the schedule and designation for the next LTS release. We will update this page with that information as soon as it is finalized.
2.11.x-LTS Release is the first LTS release. We have made some adjustments the standard LTS release model for 2.11.x.
There are seven scheduled patches, continuing into Q3 2025.
Note
2.11.6 was an unscheduled, hot fix release.
Technical support, consisting of updates to the support portal knowledge center, and availability of Thales technical staff to help troubleshoot problems, extends four and a half years into Q3 2027.
Feature Releases are production-quality releases providing early access to new features for evaluation, released three times a year.
Patches for FR versions are created as needed for security fixes ranked as critical or major and bug fixes ranked as critical. If fixes are qualified for a patch, one is issued for the current latest FR.
Note
If you wish to apply non-critical bug fixes to an FR version, upgrade to the next minor version.
Technical support continues for two years past the original release, until the end of the same quarter for that year. This support consists of updates to the support portal knowledge center, and availability of Thales technical staff to help troubleshoot problems.
The following diagram demonstrates support and scheduled patch time frames for the current planned LTS and FR versions:
Versions 2.10.x and older will reach end of support at the end of Q3 in 2025.
Release Distribution and Upgrade
All minor releases are available as an upgrade on physical and virtual appliances, and as new deployments of Virtual CipherTrust Manager on supported public and private clouds. Consult release notes for a specific version for more details. Minor releases contain new features and bug fixes for issues of any severity.
For new minor versions, x.y.0, upgrade paths and available upgrade methods for a cluster vary depending on LTS or FR designation. You can only upgrade to FR versions from the immediate previous release. For example, you are only able to upgrade a cluster directly from 2.12.x to 2.13.x. You will be able to upgrade directly to LTS versions from previous LTS versions. For example, you will be able to upgrade from 2.11.x to the next LTS version.
You can exercise an online in-place cluster upgrade, where the CipherTrust Manager remains available for requests during upgrade, from the immediate previous release. You can exercise the offline in-place cluster upgrade to skip intermediate versions if you are moving from an LTS release to an LTS release. For offline in-place cluster upgrade, the CipherTrust Manager requires true downtime and does not allow requests from connector or client applications. Refer to the System Upgrade/Downgrade page of the target release version for steps to exercise the upgrade.
The following diagram demonstrates upgrade paths for clusters between minor releases:
Scheduled patches for LTS releases are available as cumulative upgrades. You can upgrade from any LTS version to the latest patch for that LTS minor version. For example, if there are x.y.1, x.y.2, and x.y.3 patches released for the minor LTS version, you can upgrade from x.y.0 or x.y.1 to x.y.3 directly without having to pass through any intermediate versions.
Thales intends to make the latest LTS release available as an option for physical k570, k570, and k160 appliance orders.
Note
As of February 2023, you can order physical appliances with either 2.9.x or 2.0 pre-installed. These versions existed before Long Term Support and Feature Release designation.
Patches for FR versions are usually upgrade only. In some cases, new deployments for Virtual CipherTrust Manager are also made available on supported public and private clouds. Consult release notes for a specific version for supported upgrade paths.
