Release Notes
| Product Version | GA Date |
|---|---|
| 2.9.2 | September 25, 2025 |
Product description
CipherTrust Vaultless Tokenization (CT-VL) is a platform-independent appliance (virtual machine or bare-metal) that offers REST-API services to protect sensitive data.
Release description
This release includes security and bug fixes.
Note
Support for DSM and KeySecure as a key manager has been deprecated.
Support for Azure Linux Agent has been deprecated.
Resolved and known issues
This section lists the issues fixed in this release. Also, the section lists the issues known to exist in the product at the time of release.
Resolved issues
| Reference | Description |
|---|---|
| CADP-24695 | Problem: vts upgrade --upload command does not work while upgrading from CT-VL 2.9.0 or 2.9.1 to a higher version. Workaround: vts upgrade --upload will only work when upgrading from 2.9.2 and higher. |
| CADP-22736 | Problem: In a multi node environment, the key cache gets invalidated, and the refresh duration defaults to 5 minutes. |
| CADP-25444 | Problem: Tokenization/Detokenization calls return invalid token values intermittently when the key cache update fails. |
| CADP-24430 | Problem: Unable to view haproxy.log in CT-VL Ubuntu CLI. |
| CADP-26775 | Problem: When using the date algorithm for tokenization with a DATETIME datatype input, the system tokenizes the date and truncates or deletes the data other than date. Workaround: Preserve all data except the date in the request when using the date algorithm for tokenization. However, if the input data contains the month (M) or day (D) in a single digit format instead of the expected two digit format (MM or DD) and additional data along with date (such as time) is provided, the tokenization logic might fail or produce incorrect results. |
Known issues
| Reference | Description |
|---|---|
| CADP-24392 | Problem: CT-VL backup fails due to large size of counter tables leading timeout while using GUI or API. |
| CADP-22956 | Problem: NGINX processes use more memory than usual when handling high traffic or heavy loads. Workaround: Monitor Nginx memory utilization during peak loads using 'system top' command availale in CT-VL and restarting the vts service. |
| CADP-27296 | Problem: A harmless "deadlock detected" warning may occur during cleanup of tokenization and key management counters in CT-VL, caused by simultaneous delete attempts of the same data by multiple nodes during replication. One operation succeeds, others are terminated. This warning has no functional impact and can be safely ignored. |
| CADP-24594 | Problem: syslog reduces the number of logs when the same message appears repeatedly in a short time. |
| CADP-25380 | Problem: When an IP (valid or invalid) is added during the cluster add operation, the cluster remove command does not remove the IP from the cluster. |
| CADP-21893 | Problem: For the restore process, UI session timeout after 10 minutes, therefore it is recommended to use CLI. Workaround: To monitor the data restore progress, use the following command: vts logfile --tail clish.log |
| CADP-16484 | Problem: CKMS encryption could momentarily fail to respond (HTTP 502 Error) if it encounters numerous invalid encryption requests. |
| TOK-3117 | Problem: Excessive PostgreSQL WAL archive files could occur causing disk space issues. Upgrading to v2.6 or higher doesn'o't fix the issue. The real fix is to recreate the cluster with a base image of v2.6 or higher. |
| CADP-21939 | Problem: CT-VL backup that used a DSM cannot be restored into a CT-VL 2.9.0 VM. |
| CADP-22912 | Problem: CT-VL does not adhere to Admin group permissions for encryption/decryption. |
| CADP-22321 | Problem: Error "502 Bad Gateway" occurs when a sign/verify operation is performed with an HMAC key of size 512. |
| CADP-22331 (CADP-23347) | Problem: Tokenization services continue to fail even after communication to the CipherTrust Manager has been restored. This can happen if VTS services were restarted while communication to the CipherTrust Manager was still broken. |
| CADP-23336 | Problem: The CipherTrust Manager NAE mode: "TLS, verify client cert, user name taken from client cert, auth request is optional" is currently not supported. |
| CADP-23407 | Problem: Unable to use Client Certificate Authentication in CT-VL 2.9.0 . Workaround: Create a client certificate with complete subject instead of Common Name only. |
Limitation
- Auto-renewal of client certificate is not supported with CipherTrust Manager.
