Release Notes
Product description
CipherTrust Vaultless Tokenization (CT-VL) is a platform-independent appliance (virtual machine or bare-metal) that offers REST-API services to protect sensitive data.
Release description
This release includes the resolved issues CS1526685, CS1528902, and CS1530674.
Security updates
The CT-VL image is updated regularly with security updates.
Resolved issues
| Reference | Description |
|---|---|
| CS1526685, CS1528902, CS1530674 | A CLI utility is now available to allow cleanup of the excessive PostgreSQL WAL archive files. Note: • This is only a workaround to temporarily cleanup the excessive pgsql archive files. • This is a known issue TOK-3117 with the VMs having a base image of v2.5 or below. |
Known issues
| Reference | Description |
|---|---|
| CADP-24392 | Problem: CT-VL backup fails due to large size of counter tables leading timeout while using GUI or API. |
| CADP-22956 | Problem: NGINX processes use more memory than usual when handling high traffic or heavy loads. Workaround: Monitoring Nginx memory utilization during peak loads using 'system top' command availale in CT-VL and restarting the vts service. |
| CADP-22331 | Problem: Tokenization services continue to fail even after communication to the CipherTrust Manager has been restored. This can happen if VTS services were restarted while communication to the CipherTrust Manager was still broken. |
| CADP-25182 | Problem: When a node or cluster of nodes is offline for a long period of time, the bdr does not synchronize correctly with the new nodes joining the existing cluster. Workaround: Break the CT-VL cluster and create a new cluster from a backup, or a good node. Rejoin all the nodes to the new cluster. If a node is expected to be offline for a long period, it is highly recommended to remove the node from the cluster and only join it back when it goes back online. |
| CADP-21987 | Problem: The API logs do not include the username when there are errors in input values. |
| CADP-16484 | CKMS encryption could momentarily fail to respond (HTTP 502 Error) if it encounters numerous invalid encryption requests. |
| TOK-3117, CS1526685, CS1528902, CS1530674 | Excessive PostgreSQL WAL archive files could occur causing disk space issues. This could happen with the VMs having a base image of v2.5 or below. Upgrading to v2.6 or higher will not fix the issue. The real fix is to recreate the cluster with a base image of v2.6 or higher. |
| CADP-18193 | Upgrading to CT-VL v2.7 or higher will break TCP mode connectivity to the CipherTrust Manager NAE interface. A fix to this issue will be available in the next patch release. In the meantime, a workaround is available. Please contact Support to obtain the workaround. |
| CADP-22387 | Mismatch in the number of log entries and data displayed on the CT-VL dashboard. |
Limitation
- Auto-renewal of client certificate is not supported with CipherTrust Manager.
