Thales Data Protection on Demand 

https://thalesdocs.com/dpod/support/changelog/index.html

Input fields will be trimmed for tenant registration

The input fields for tenant registration, excluding the password field, will be trimmed. Leading and trailing spaces on input fields, excluding the password field, will be removed by the platform during registration. 

If you have automation using the API for tenant registration and tenant updating you should modify your automation to account for this behavior. 

See the Data Protection on Demand (DPoD) API for more information.

Additional registration fields are being made mandatory for tenant registration

The following fields are being made mandatory for tenant registration when Country is set to United States, Canada, or Australia:

  • State/Province/Region

If you have automation using the API for tenant registration and tenant updating you should modify your automation to account for these new mandatory fields. 

See the Data Protection on Demand (DPoD) API for more information about available endpoints and fields.

Additional registration fields are being made mandatory for tenant registration

The following fields are being made mandatory for tenant registration:

  • Address
  • City
  • ZIP or postal code

If you have automation using the API for tenant registration and tenant updating you should modify your automation to account for these new mandatory fields. 

See the Data Protection on Demand (DPoD) Public API for more information about available endpoints and fields.

Removed API Endpoints

Removed

The PATCH /tenants/{id}/admin/reset and POST /tenants/{id}/admin/resetMfaToken operations have been removed from the DPoD Platform API.

Service provider administrators can no longer reset the password or MFA token of a user inside of a child tenant.  Users can use the self-service resources in the DPoD platform or submit requests to an available administrator. See User Management for more information.

10.3 Luna Cloud HSM Service Client

Added

  • Version 10.3 of the HSM service client is now available for download from Thales Data Protection on Demand. This client supports hybrid usage of both Luna Cloud HSM services and the Luna HSM product line, as detailed in the HSM on Demand Client User Guide. See Upgrading your Luna Cloud HSM Service Client for more information about updating your Luna Cloud HSM service client.

Bugs Found

  • LUNA-14009 - Executing cmu verifyhsm does not prompt the user to enter a challenge string. Always specify a challenge string using cmu verifyhsm -challenge <string>.
  • LUNA-13907 - Requesting a certificate using cmu requestcertificate using the wrong attribute to specify the private key returns an incorrect error message. Use the -privateouid to specify a private key on a Luna Cloud HSM service.
  • LUNA-13780 - Executing cmu import to import a DSA key fails. Use an RSA public key instead.
  • LUNA-13761 - Executing cmu selfsigncertificate with no arguments specified, on Linux, cmu fails to prompt the user for the relevant object handles/OUIDs. Always specify the object handles/OUIDs using -publichandle and -privatehandle or -publicouid and -privateouid.
  • LUNA-12822 - ckmdeo option Get OUID (39) returns OUIDs with extra zeroes appended. Use option Get Attribute (24) to view the correct OUID.
  • LUNA-11269 - In HA configurations, where a Luna Cloud HSM service is configured as a standby, some events (such as when a connection drops and recovers due to a timeout when contacting the service) are not recorded in the HA log file.
  • SH-5595 - Deriving X9.42 DH2 keys returns CKR_OBJECT_HANDLE_INVALID. We recommend you avoid upgrading your Luna Cloud HSM service client until the issue is resolved. 
  • SH-4194 - Executing cmu getpkc to confirm a public key can fail. Execute the ckdemo Display Object (27) function to confirm the key pairs origins and security in the HSM. If the CKA_NEVER_EXTRACTABLE attribute is present it confirms that the private key was created in the HSM and has never been extracted.

Bugs Fixed

  • SH-4987 - The displayed serial numbers of self-signed certificates created using cmu selfsigncertificate now match the input serial number.

Update to Service Elections Process

Added 

Bugs Found

  • DPS-6769 - The Salesforce Key Broker service does not update the Last Modified At and Modified By columns in the Service Details tables when service secrets are updated.

Bugs Fixed

  • DPS-6737 DPoD Terms of Service now display correctly in the Safari browser. The DPoD Terms of Service are always available from the support portal. 
  • DPS-6761 - If the DPoD user interface cannot display the Salesforce Secret Type, the DPoD user interface will display the Salesforce value. 

Non-FIPS Luna Cloud HSM Firmware Version 1.4.2

Changed

  • Non-FIPS Luna Cloud HSM service firmware has been updated to version 1.4.2. Firmware version 1.4.2 provides various performance improvements and is an enabler for future marketplace services. See Luna Cloud HSM Services for more information about FIPS and non-FIPS services.

Deprecated

  • The DPoD platform will remove the ability for a service provider administrator to reset a tenant administrators account password. Tenant administrators can use the self-service password reset from the DPoD tenant login screen or request that a sibling tenant administrator reset their password.

Bugs Fixed

  • SH-4366 - Firmware version 1.4.2 for non-FIPS Luna Cloud HSM services disallows the creation of a key with both the "public" and "sensitive" attribute combination.  

Release 1.17.2

Bugs Fixed

  • DPS-5823 - New service clients created in the North America (NA) environment can connect to a service on Windows Server 2012r2 operating systems. 

Release 1.17

Added

  • The CipherTrust Key Broker for Google Cloud EKM service is now available. Register for the service through the Google Marketplace to gain access to an HSM secured key encryption key for use as a wrapping key in Google Cloud EKM. Access the service documentation for more information about the CipherTrust Key Broker for Google Cloud EKM service.

Bugs Found

  • EKMS-652 - The Add Key Ring button is disabled in the CipherTrust Key Broker for Google Cloud EKM service if you attempt to create a Key Ring without first adding an EKM Policy. Create an EKM Policy before adding a Key Ring.
  • EKMS-659 - The CipherTrust Key Broker for Google Cloud EKM dashboard URL shows a 404.  Access the CipherTrust Key Broker for Google Cloud EKM log in page and enter the FQDN of your CipherTrust Key Broker for Google Cloud EKM dashboard to log in.
  • DPS-5823 - New service clients created in the North America (NA) environment cannot connect to a service on Windows Server 2012r2 operating systems.

Release 1.16.1

Bugs Fixed
  • DPS-5433 - Administrator users can now reset their own password using the Actions column in the User Details table. When changing your own password, the option displays as Change Password. When changing another users password, the option displays as Reset User Password.
  • DPS-5493 - The Rotation Policies section of the Salesforce Key Broker service displays.
Show Previous EntriesShow Previous Entries