Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Release Notes

Release Note for CTE v7.6.0 for Linux

search

Please Note:

Release Note for CTE v7.6.0 for Linux

title: Release Note for CTE v7.6 for Linux stf_product: [CipherTrust Transparent Encryption Linux (CTE-Linux)] stf_category: [Release-notes] page_order: 1 template: page

Release Note Version Date
v7.6.0.87 2024-06-25

This release of CipherTrust Transparent Encryption (CTE) for Linux adds new features, fixes known defects and addresses known vulnerabilities.

New Features and Enhancements

  • Multifactor Authentication Support

    Multifactor Authentication ensures that the access credentials presented belong to the actual person logging in. CipherTrust Transparent Encryption now supports Multifactor Authentication through integration with KeyCloak MFA provider. CipherTrust Transparent Encryption UserSpace will continue to integrate with additional providers and release information about them in the future.

    See Multifactor Authentication for CTE

  • Partial Config Push Support enabled for CipherTrust Manager

    When you click Notify All Hosts, CipherTrust Manager sends only the updated server list to the clients, not the entire configuration. When you make changes to the configuration information and click OK in any window, then CipherTrust Manager sends only the client configuration information changes (delta) to the clients, and not the entire configuration.

  • LDT Linux to support dynamically added resource sets

    CipherTrust Transparent Encryption v7.6.0, and subsequent versions, allows users to modify the Key Rules while an LDT for Linux policy is active and enforced on a client. Users can add new rules and modify the existing rules. (This feature was previously added for LDT for Windows in v7.4.0.)

    See Modifying Key Rules for more information.

  • Enhance Exclusion Key Rule flag to improve UX when using Dynamic Resource Sets

    CTE v7.6 now supports inclusion of a new resource set, in a new key rule, in an LDT policy already applied to a GuardPoint. The new key rule allows LDT to launch and rekey the files associated with the resource set.

    See Dynamic Resource Sets (Inclusion of New Key Rules)

  • Imperva Database Activity Monitoring (DAM) Support

    You can now use DAM and CTE simultaneously.

    See Using CTE and Imperva Database Activity Monitoring (DAM) Simultaneously

  • Relaunch Flag function improved

    LDT has improved the Relaunch flag function so that you can choose to rename a directory without triggering a relaunch.

    See Relaunch when Directories are renamed

  • Windows/Linux Format Compatibility

    Previously, Windows and Linux LDT files used different architecture, so Windows and Linux nodes could not both access a share drive after LDT encrypted data on the share. Now, you can access the share from either Windows or Linux nodes.

    See Windows/Linux Compatibility for more information.

  • LDT Communication Group Capability Level

    The Capability Level of a member determines what features that host can access and use, and allows the group to decide on a common capability level at which to run. This allows support for multiple versions of CTE in the same LDT Communication Group as the group runs at the capability level of the least capable member.

    See LDT GuardPoint Group Capability Level for more information.

  • File Name Change

    The metadata storage (MDS) file name has changed from `::vorm_mds::` to `__vorm_mds__`. ${gp}s will automatically rename the MDS file when guarding with a CTE 7.6.0 agent. LDT NFS ${gp}s will rename once all of the hosts, with the same share guarded, have been upgraded.

New Platform Support

The following platforms are supported starting with CTE 7.6.0:

RHEL

  • RHEL 8.10

  • RHEL 9.4

Ubuntu

  • Ubuntu 22.04.4 with 6.2 and 6.5 generic kernels

Resolved Issues

  • AGT-49641 CS1493550: Learn-mode-policy-builder does not work inside a domain

    Customer was unable to have a user, from a domain, run the learn mode policy builder tool. Only a root user could use the tool. This has been fixed.

  • AGT-54726: The secfs-upgrade.service does not work

    Removed the instances of secfs-upgrade.service from the documentation. That function has been replaced by the secfs-init.service function.

Known Issues

No Known Issues at this time.

End of Life

  • Red Hat is discontinuing support for Red Hat Enterprise Linux (RHEL) v7.0 on June 30, 2024. Therefore, CipherTrust Transparent Encryption no longer supports RHEL v7.0.

On this page