Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Release Notes

search

Please Note:

printsuggest an edit

Release Notes

copy link to clipboardProduct Description

CipherTrust Vaultless Tokenization (CT-VL) is a platform-independent appliance (virtual machine or bare-metal) that offers REST-API services to protect sensitive data.

copy link to clipboardRelease Description

This release includes security and bug fixes.

Note

Support for DSM and KeySecure as a key manager has been deprecated.

copy link to clipboardResolved and Known Issues

This section lists the issues fixed in this release. Also, the section lists the issues known to exist in the product at the time of release.

copy link to clipboardResolved Issues

ReferenceDescription
CADP-23317Problem: syslog is compressing consecutive events into one entry "last message repeated X times"
CADP-23563Problem: Unable to download logs using REST in CT-VL 2.9.0
CADP-20433Problem: The API logs do not include the username when there are errors in input values.
CADP-23420Problem: Server Certificate's show key command is not working in CT-VL 2.9.0.

copy link to clipboardKnown Issues

Note

Upgrading from CT-VL 2.9.0 to 2.9.1 will not work using vts upgrade --upload command. You can use the vts upgrade --url command.

ReferenceDescription
CADP-25380Problem: Unable to remove a node from the cluster.
CADP-24695Problem: While upgrading from CT-VL 2.9.1 to a higher version, using vts upgrade --upload command will not work.

Workaround: Use vts upgrade --url command.
CADP-21893Problem: For the restore process, UI session timeout after 10 minutes, therefore it is recommended to use CLI.

Workaround: To monitor the data restore progress, use the following command:
vts logfile --tail clish.log
CADP-16484Problem: CKMS encryption could momentarily fail to respond (HTTP 502 Error) if it encounters numerous invalid encryption requests.
TOK-3117Problem: Excessive PostgreSQL WAL archive files could occur causing disk space issues.

Upgrading to v2.6 or higher doesn'o't fix the issue. The real fix is to recreate the cluster with a base image of v2.6 or higher.
CADP-21939Problem: CT-VL backup that used a DSM cannot be restored into a CT-VL 2.9.0 VM.
CADP-22912Problem: CT-VL does not adhere to Admin group permissions for encryption/decryption.
CADP-22321Problem: Error "502 Bad Gateway" occurs when a sign/verify operation is performed with an HMAC key of size 512.
CADP-22331 (CADP-23347)Problem: Tokenization services continue to fail even after communication to the CipherTrust Manager has been restored. This can happen if VTS services were restarted while communication to the CipherTrust Manager was still broken.
CADP-23336Problem: The CipherTrust Manager NAE mode: "TLS, verify client cert, user name taken from client cert, auth request is optional" is currently not supported.
CADP-23407Problem: Unable to use Client Certificate Authentication in CT-VL 2.9.0 .

Workaround: Create a client certificate with complete subject instead of Common Name only.
CADP-22736Problem: Key cache expiration setting does not work with a multi-node cluster.

On this page