Release Notes
Product Description
CipherTrust Vaultless Tokenization (CT-VL) is a platform-independent appliance (virtual machine or bare-metal) that offers REST-API services to protect sensitive data.
Release Description
This release includes the operating system security updates and resolved issues.
Note
Support for KeySecure as a key manager has been deprecated.
Security Updates
The CT-VL image is updated regularly with security updates.
Resolved Issues
| Reference | Description |
|---|---|
| CADP-22736 | Key cache expiration setting does not work with a multi-node cluster. |
| CADP-22331 (CADP-23347) | Tokenization services continue to fail even after communication to the CipherTrust Manager has been restored. This can happen if VTS services were restarted while communication to the CipherTrust Manager was still broken. |
| CADP-23352 | Deprecated support for SHA-1 in OpenSSH. |
Known Issues
| Reference | Description |
|---|---|
| CADP-24392 | Problem: CT-VL backup fails due to large size of counter tables leading timeout while using GUI or API. |
| CADP-22956 | Problem: NGINX processes use more memory than usual when handling high traffic or heavy loads. Workaround: Monitor Nginx memory utilization during peak loads using 'system top' command availale in CT-VL and restarting the vts service. |
| CADP-27506 | Problem:When the input data length is less than or equal to keep right count in token template and the "Preserve NULL or 1 character inputs" option is selected, an empty "" token is returned. Workaround: To preserve single character input , set keep right count to a value smaller than minimum input data length. |
| CADP-21987 | Problem : The API logs do not include the username when there are errors in input values. |
| CADP-22832 | CT-VL does not adhere to admin group permissions for encryption/decryption |
| CADP-21219 | Per user records for tokenization, detokenization, and crypto operations are not displayed on the UI dashboard. |
| CADP-16484 | CKMS encryption could momentarily fail to respond (HTTP 502 Error) if it encounters numerous invalid encryption requests. |
| TOK-3117 | Excessive PostgreSQL WAL archive files could occur causing disk space issues. This could happen with the VMs having a base image of v2.5 or below. Upgrading to v2.6 or higher will not fix the issue. The real fix is to recreate the cluster with a base image of v2.6 or higher. |
| CADP-22387 | Mismatch in the number of log entries and data displayed on the CT-VL dashboard. |
| CADP-21939 | Restoring a CT-VL backup that used a DSM on CT-VL connected (registered) to the CipherTrust Manager, or a CT-VL on DSM connected (registered) to the CipherTrust Manager, is currently not supported. Workaround: To restore a CT-VL backup that used a DSM, first register CT-VL to DSM and then perform the restore operation. After the restore operation is completed, reconnect CT-VL to the CipherTrust Manager. |
Limitation
- Auto-renewal of client certificate is not supported with CipherTrust Manager.
