Release Notes
Product Description
CipherTrust Vaultless Tokenization (CT-VL) is a platform-independent appliance (virtual machine or bare-metal) that offers REST-API services to protect sensitive data.
Release Description
This release includes the Operating System security updates and resolved issues.
Security Updates
The CT-VL image is updated regularly with security updates.
Resolved Issues
| Reference | Description |
|---|---|
| CADP-18193 | NAE TCP mode breaks after upgrading to CT-VL 2.7.0. |
| CADP-18446, CS1533970 | CT-VL is not logging which CipherTrust Manager in the cluster it has connected to. The log to show the CipherTrust Manager connections can be viewed using the following CLI command: main> vts logfile --tail haproxy.log |
| CADP-18957, CS1538976 | /var/log/messages are not getting compressed on rotation. |
| CADP-19352 | Incorrect DSM error message appears even if DSM is not used. |
| CADP-19783 | CT-VL can produce invalid token data if the token template is not supplied. |
| CADP-19784 | CT-VL batch tokenization can return a mismatched number of items if the token template is not supplied. |
Known Issues
| Reference | Description |
|---|---|
| CADP-24392 | Problem: CT-VL backup fails due to large size of counter tables leading timeout while using GUI or API. |
| CADP-22956 | Problem: NGINX processes use more memory than usual when handling high traffic or heavy loads. Workaround: Monitoring Nginx memory utilization during peak loads using 'system top' command availale in CT-VL and restarting the vts service. |
| CADP-22331 | Problem: Tokenization services continue to fail even after communication to the CipherTrust Manager has been restored. This can happen if VTS services were restarted while communication to the CipherTrust Manager was still broken. |
| CADP-21987 | Problem : The API logs do not include the username when there are errors in input values. |
| CADP-16484 | CKMS encryption could momentarily fail to respond (HTTP 502 Error) if it encounters numerous invalid encryption requests. |
| TOK-3117, CS1526685, CS1528902, CS1530674 | Excessive PostgreSQL WAL archive files could occur causing disk space issues. This could happen with the VMs having a base image of v2.5 or below. Upgrading to v2.6 or higher will not fix the issue. The real fix is to recreate the cluster with a base image of v2.6 or higher. |
| CADP-22387 | Mismatch in the number of log entries and data displayed on the CT-VL dashboard. |
| CADP-21939, CS1570441 | Restoring a CT-VL backup that used a DSM on CT-VL connected (registered) to the CipherTrust Manager, or a CT-VL on DSM connected (registered) to the CipherTrust Manager, is currently not supported. Workaround: To restore a CT-VL backup that used a DSM, first register CT-VL to DSM and then perform the restore operation. After the restore operation is completed, reconnect CT-VL to the CipherTrust Manager. |
Limitation
- Auto-renewal of client certificate is not supported with CipherTrust Manager.
