Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Linux Patch Notes for CTE v7.8.0

Linux Patch Notes for CTE v7.8.0.88

search

Please Note:

Linux Patch Notes for CTE v7.8.0.88

CTE version Date Release Note version
v7.8.0.88 2025-06-17 v1
v7.8.0.88 2025-08-29 v2

Resolved Issues

  • AGT-64653: LDT with automount enabled does not work with systemd automount

    AFFECTED VERSIONS: 7.8.0.79

    Automount was previously not supported with CTE. As of this release, CTE now supports automount with systemd.

  • AGT-64875: CTE Linux agent is not being registered with RWP on CipherTrust Data Security Platform Services

    AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.79

    FIXED VERSION: 7.8.0.88

    This has been fixed. Ransomware Protection support has been added to CipherTrust Data Security Platform Services.

  • AGT-65394: Extra data added to some files when renaming, during initial rekey on LDT NFS GP

    AFFECTED VERSIONS: 7.8.0.79

    Renaming files on secondary hosts of LDT GuardPoint Groups during rekey, may trigger single file level rekey operations on the renamed files. Execution of single file rekey during initial data transformation may incorrectly change the size of files smaller than 4K. This issue has been fixed.

  • AGT-65402: LDT with automount fails to guard when autofs is configured with direct mount

    AFFECTED VERSIONS: 7.8.0.79

    Previously, autofs was not supported. CTE now supports autofs configured with direct mount.

  • AGT-66185: Misleading error message when secondary attempt to access automount GuardPoint during single file rekey

    AFFECTED VERSIONS: 7.8.0.79

    Guarding an LDT automount NFS GuardPoint while a single file rekey operation is in progress on the primary client, resulted in an invalid GuardPoint status on the client that attempted to guard. This patch correctly sets the GuardPoint status on the client.

  • AGT-66216 [CS2141714]: Linux NAS setup with 3 nodes issues

    AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.79

    The issue was caused by the notification to LDT if umount fails. The solution is that, regardless of umount success/failure, LDT is notified that the host must trigger election of a new primary for the GuardPoint.

  • AGT-66295|AGT-66743: Directory within an autofs mount point fails to guard with Ignored, AUTOFS but type is not automount

    AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.79

    Guarding a directory within an autofs mount point directory is now supported.

  • AGT-66366: User can create a directory inside the vorm_ldtprivspace

    AFFECTED VERSIONS: 7.8.0.79

    Write access is supposed to be restricted to internal CTE binaries. The solution was to prevent any directory creation within the vorm_ldtprivspace.

  • AGT-66424: The setfacl operation is not supported on a GuardPoint in RHEL 9.6

    AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.79

    There was a issue in setting access control lists for files and directories on a GuardPoint in RHEL 9.6. The issue has been fixed.

  • AGT-66457: [CS2135100]: Getting errors during agent installation when the host that didn't contain the SEManage package disabled SELinux

    AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.79

    The user ran the semanage command even though the command was not present on the system. The solution checks for the presence of the SELinux related commands before running them. If they don't exist on the host, CTE does not run the commands.

  • AGT-66484: Hardware Association Linux (HWSIG) value is not updating on the agent

    AFFECTED VERSIONS: 7.8.0.79

    The issue was caused by a setting in registerhost that set using-hwsig:true when it false. This has been fixed.

  • AGT-66634: Deleting a directory using rm -rf creates a remove_file FAM log instead of a remove_dir log

    AFFECTED VERSIONS: 7.8.0.79

    The issue was caused by an intercept that was logging FAM audit action as remove_file for all of the unlink operations for files or directories. The solution was to change CTE to appropriately log the action as remove_dir in the FAM audit action for directory unlink.

  • AGT-66720: Old primary with different automount GuardPoint path crashed on mutex_lock after rejoin during rekey

    AFFECTED VERSIONS: 7.8.0.79

    Promotion of a member of the LDT GuardPoint Group to primary role while the GuardPoint is mounted on different paths, resulted in failed rekey operations or system crash after the previous primary member guards and rejoins the LDT GuardPoint Group as a secondary member. The solution was to force LDT to update the MDS header during promotion of a member to primary role.

Known Issues

  • AGT-28604: Linux GlusterFS Trash Translate does not work if .trashcan directory is outside of GuardPoint

    AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88

    CTE has an issue with subdirectories in Gluster FS. If a file deleted from a GuardPoint is moved to a subdirectory that is outside of the GuardPoint, then it shows only the garbage values because it is encrypted.

    Currently, CipherTrust Transparent Encryption does not support the GlusterFS Trash Translator.

  • AGT-62836: The command to get the vm process logs dumped the logs into vorvmd during the first association of a FAM policy with CTE

    AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88

    These logs are generated when a FAM policy is pushed for the first time. They do not affect the functioning of FAM, or any other feature, and can be ignored.

  • AGT-65002: LDT-AutoFS: Not Removing Shadow directory after auto unmount of NAS mount point

    AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88

    Unmounting automount directories, configured as a CTE AutoGuard GuardPoint under an LDT policy protection, does not remove the mount point subdirectories that are dynamically created when mount points are auto-mounted.

  • AGT-65138: Files corrupted after restored from backup version key into exclude clear key then rotate key

    AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88

    Avoid restoring encrypted files, from a backup, into a directory which contains an LDT Exclusion key rule with clear_key. Although there is no issue with accessing such files after they are restored from a backup, those files will not be transformed to clear_key at the time of next rekey process across the GuardPoint. Consequently, the files appear to have been corrupted.

  • AGT-65631: COS | Internal server error observed if awscli is higher 2.23.0

    AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88

    Starting with AWS CLI v2.23.0 and continuing with subsequent versions, AWS implemented enhanced and more efficient checksum algorithms. Therefore, customers needs to utilize an earlier version of the AWS CLI to accommodate this change. Use a version of awscli that is a previous version to v2.23.0.

  • AGT-66297: No error message reported when accessing auto mount GuardPoint that's in "needs LDT recovery" state

    AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88

    ** Work-around**

    Use secfsd -status guard to check the state of the GuardPoint prior to using it. An error message will be added in a future version.

  • AGT-66365: Files marked for lazy_rekey, during the initial rekey, change to rekey_error during the next key rotation

    AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88

    For files that are set to clear key with lazy_rekey and rekey-status=none, these files does not show attributes after unguarding the GuardPoint which means that the attributes were all internal for these files.

  • AGT-66367: Secondary host does not trigger a single file rekey when clear_key files marked with lazy_rekey

    AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88

    When trying to generate clear_key files marked with lazy_rekey after renaming files consecutively during the initial rekey, single file rekey is not triggered when secondary host accesses these files.

On this page