Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CTE-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Widows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Release Notes

Release Notes for CTE UserSpace

search

Release Notes for CTE UserSpace

Release Note Version Date
10.2.0.72 2023-11-23

copy link to clipboardNew Features and Enhancements

  • FreeBSD with CTE-U

    You can now use CTE-U on FreeBSD with the option of installing CTE-U in a FreeBSD jail.

    See FreeBSD: Using FreeBSD with CTE-U for more information.

  • Restricting Access with Client Settings

    You can now restrict access with client settings with su support.

    See Restricting Access with Client Settings for more information.

  • Arm Processor

    The ARM processor is now supported with Ubuntu 22 for v10.2.0 and subsequent versions.

copy link to clipboardResolved Issues

  • AGT-43828 [CS1447055] List disk is not showing the disk on other node

    This feature required I/O direct mode for loop devices. Support for this feature was not added in the kernel loop driver until kernel 4.10.

    See Block Device Support

  • AGT-46597: CTE-U not exporting GuardPoints over NFS

    An IO error occurred when accessing GuardPoints over NFS. The IO issue has been fixed. You can successfully export GuardPoints over NFS.

    See Exporting GuardPoints over NFS for more information.

  • AGT-46885: CTE Agents not returning to healthy state after CipherTrust Manager reboot

    After the CipherTrust Manager rebooted, the majority of the clients, or all of the clients, remained at the warning state with a message stating: 1 of 1 servers are poor responders. This issue was caused by a long poll problem. CTE client tried to upload the client status to CipherTrust Manager without sending a long poll message. As a result, CTE agent was never notified of the new status. CTE clients waited indefinitely and never cleared the warning from CipherTrust Manager.

  • AGT-48403 [CS1502762] Read-Only user is trying to edit the file; after edits, file is losing data

    If CTE rejects writes due to the policy, then kernel fuse cannot interpret if writeback cache was enabled, since the original write was accepted. This results in stale cache and can result in all users seeing bogus data that can eventually cause corruption. The solution is to not allow an open write flag (WONLY, TRUNC or RDWR) if the user/process does not have write access.

  • AGT-48639 [CS1510594]: Files displayed extra white space characters when read in VI

    For the f_rd_att action, set the effect to: Permit, Apply Key

copy link to clipboardKnown Issues

  • AGT-44852: Cannot delete very long file names in FreeBSD

    A path length longer than 1024 characters is not supported.

  • AGT-45125: Execute program from the GuardPoint

    Due to the implementation of the FreeBSD kernel, process sets and signature sets are not supported in CTE-U in FreeBSD.

  • AGT-46856: FreeBSD 13.1 Documentation: FUSE protocol violation warning message

    The kernel driver displays this message because the file size reported by CTE is different than the file size of the actual file. So FuseFS thinks something has changed and triggers the warning. This message is benign and can be ignored.

  • AGT-47108: Enabling Concise logging does not reduce logs as compared to when it is disabled

    In the future, Thales will try to enhance this feature to reduce the logs more.

  • AGT-47230: Missing IOCTL in CTE-U causes VMSec challenge to claim that a challenge is needed

    Invalid. CTE-U does not support challenge/response.

  • AGT-48249: Direct IO does not work with mmap or buffered IO

    Writing to a file without direct IO, and then reading from the same file with direct IO, while using a different file descriptor, without syncing or closing the first file descriptor, causes the read to fail to get the correct data.

    Work-around

    Disable writeback cache:

    voradmin secfs config writeback_cache_local 0 <GP>

  • AGT-48284: Access to the GuardPoint displays incorrect GuardPoint path and garbage in path on first access

    CTE-U does not support security rules with process sets, or user sets, for Block Devices. Refer to Sample Policy for Block Devices.

  • AGT-48289: dkey not available after reboot on AWS EC2

    This issue is caused by a race condition during initial boot.

  • AGT-48348: Raw device GuardPoint gets stuck in processing state after getting removed from agent

    In SUSE Linux Enterprise Server 12 SP5, it is not possible to gracefully detach a Guardpoint from the loop device layer. As a result, it is not possible to cleanly stop secfs-fuse. Attempts to do so may result in a hang where recovery is only possible by power cycling the machine. For these reasons, block deviceGuardPoint are not currently supported on SUSE Linux Enterprise Server 12 SP5 or previous versions.

  • AGT-48387: FreeBSD: Unable to run dataxform against the same directory more than once

    Work-around

    Run the following Data Transformation cleanup command before transforming the data: 

    dataxform --cleanup --gp <gp_path>

  • AGT-48502: CTE to CTE-U migration on NFS v3/v4 with backup user generates I/O error when restored on CTE-U NFS GuardPoint in SLES and RHEL 9.2

    If the file does not have write permissions, then when updating, the keyid fails and CTE-U generates an I/O error.

    Work-around

    In CTE to CTE-U migration, you must have full write OS permissions for the files copied from the CTE backup to the CTE-U GuardPoint.

  • AGT-48532 [CS1506097] Using a Standard Policy with an XTS key, when user migrated from a CipherTrust Manager to another CipherTrust Manager, key stopped working

    When a key is backed up and restored to a different domain or CipherTrust Manager, the keyid may be changed and trigger a protection code in CTE-U that is designed to prevent accidental use of the wrong key or accidental double encryption.

    Work-around

    See Migrating an Encryption Key for more information.

  • AGT-48659: CTE-CTE-U migration: embed GuardPoint command is not working

    After migration from CTE-CTE-U, the command dxf --embed --gp <path> is not embedding header info into the files.

On this page