In UC 10.4, a bug was found when using CKLog in Linux with a Luna Cloud HSM client package. The output was spammed with "LunaNamedSystemMutex: open() failed: No such file or directory".

In the UC 10.5 client, the new mutex folder will use the /lock directory which solves this issue.

As of UC 10.5, the configuration of multiple users will be supported which allows multiple partition slots to be accessed from a single client instance. This allows customers to add multiple UserID's (a combination of unique AuthTokenClientID, AuthTokenClientSecret, AuthTokenConfigURI) without the need to restart the application after the addition of a new UserID. This will enable a service provider to configure multiple UserID's without impacting the service any of the other users in the same UC instance.

The ability to load multiple partitions to the same UserID without impacting service to other users will also be supported. If an attempt is made to add the same partition ID to a different user that will be ignored and a Warning log will be generated.

More info can be found here: "Dynamic Partition Loading for Luna Cloud HSM Services"

A new certificate issuer will be used in the European data center for Luna Cloud HSM clients starting in August 2022.

A knowledge base article with a full description of the change is available here. The article contains important information on mandatory changes for users on 10.0 or 10.1 client versions.

This change introduces a new endpoint for validating the certificate status. Please ensure that operating systems hosting the client are able to validate the server certificate status (OCSP/CRL) using port 80. 

Ensure that these certificate revocation lists (CRLs) are accessible from the client machine prior to the planned change in August 2022 to guarantee continuity of service.

Current CRL: http://crl.godaddy.com/gdig2s1-3235.crl
New CRL: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl
Platform CRL: http://crl3.digicert.com/ssca-sha2-g7.crl

The input fields for tenant registration, excluding the password field, will be trimmed. Leading and trailing spaces on input fields, excluding the password field, will be removed by the platform during registration. 

If you have automation using the API for tenant registration and tenant updating you should modify your automation to account for this behavior. 

See the Data Protection on Demand (DPoD) API for more information.

The following fields are being made mandatory for tenant registration when Country is set to United States, Canada, or Australia:

• State/Province/Region

If you have automation using the API for tenant registration and tenant updating you should modify your automation to account for these new mandatory fields. 

See the Data Protection on Demand (DPoD) API for more information about available endpoints and fields.

This change has been rescheduled to Tuesday February 8th 14:00 UTC to give customers more time to adjust their environments.

A knowledge base article with a full description of the change is available here. The article contains important information on mandatory changes for users on 10.0 or 10.1 client versions in North America.

This change introduces a new endpoint for validating the certificate status. Please ensure that operating systems hosting the client are able to validate the server certificate status (OCSP/CRL) using port 80. 

Ensure that these certificate revocation lists (CRLs) are accessible from the client machine prior to the planned change on Tuesday February 8th 14:00 UTC  to guarantee continuity of service.

Current CRL: http://crl.godaddy.com/gdig2s1-3235.crl
New CRL: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl
Platform CRL: http://crl3.digicert.com/ssca-sha2-g7.crl

The following fields are being made mandatory for tenant registration:

• Address
• City
• ZIP or postal code

If you have automation using the API for tenant registration and tenant updating you should modify your automation to account for these new mandatory fields. 

See the Data Protection on Demand (DPoD) Public API for more information about available endpoints and fields.

Removed

The PATCH /tenants/{id}/admin/reset and POST /tenants/{id}/admin/resetMfaToken operations have been removed from the DPoD Platform API.

Service provider administrators can no longer reset the password or MFA token of a user inside of a child tenant.  Users can use the self-service resources in the DPoD platform or submit requests to an available administrator. See User Management for more information.

Under Development

If you are using an IP address in your HTTP Network Connection between your DPoD service and the DPoD platform we recommend you update your configuration to use the fully qualified domain name as described in Network Connectivity.

If your network configuration uses any hard coded IP addresses, be aware that upcoming changes to the DPoD platform will disrupt your connection to the service.