The following fields are being made mandatory for tenant registration:

• Address
• City
• ZIP or postal code

If you have automation using the API for tenant registration and tenant updating you should modify your automation to account for these new mandatory fields. 

See the Data Protection on Demand (DPoD) Public API for more information about available endpoints and fields.

Changed

The following Luna Cloud HSM service names have been changed:

• HSM on Demand is now Luna Cloud HSM
• HSM on Demand for CyberArk is now Luna Cloud HSM for CyberArk
• HSM on Demand for Digital Signing is now Luna Cloud HSM for Digital Signing
• HSM on Demand for Hyperledger is now Luna Cloud HSM for Hyperledger 
• HSM on Demand for Java Code Signer is now Luna Cloud HSM for Java Code Signer 
• HSM on Demand for Microsoft ADCS is now Luna Cloud HSM for Microsoft ADCS 
• HSM on Demand for Microsoft Authenticode is now Luna Cloud HSM for Microsoft Authenticode
• HSM on Demand for Microsoft SQL Server is now Luna Cloud HSM for Microsoft SQL Server 
• HSM on Demand for PKI Private Key Protection is now Luna Cloud HSM for PKI Private Key Protection 
• HSMoD for Oracle TDE is now Luna Cloud HSM for Oracle TDE 
• HSM on Demand with Key Export is now Luna Cloud HSM with Key Export

CipherTrust Key Broker for Google Cloud EKM service users can now access their DPoD platform tenant. Users can log in to their tenant hostname URL to access DPoD platform features such as User Management, Tenant Management, and Reporting.

CipherTrust Key Broker for Google Cloud EKM service tenants do not have access to tenant features such as Subscriber Groups or Adding Services.

Removed

The PATCH /tenants/{id}/admin/reset and POST /tenants/{id}/admin/resetMfaToken operations have been removed from the DPoD Platform API.

Service provider administrators can no longer reset the password or MFA token of a user inside of a child tenant.  Users can use the self-service resources in the DPoD platform or submit requests to an available administrator. See User Management for more information.

Under Development

If you are using an IP address in your HTTP Network Connection between your DPoD service and the DPoD platform we recommend you update your configuration to use the fully qualified domain name as described in Network Connectivity.

If your network configuration uses any hard coded IP addresses, be aware that upcoming changes to the DPoD platform will disrupt your connection to the service.

Changed

• Non-FIPS Luna Cloud HSM service firmware has been updated to version 1.4.2. Firmware version 1.4.2 provides various performance improvements and is an enabler for future marketplace services. See Luna Cloud HSM Services for more information about FIPS and non-FIPS services.

Deprecated

• The DPoD platform will remove the ability for a service provider administrator to reset a tenant administrators account password. Tenant administrators can use the self-service password reset from the DPoD tenant login screen or request that a sibling tenant administrator reset their password.

Bugs Fixed

• SH-4366 - Firmware version 1.4.2 for non-FIPS Luna Cloud HSM services disallows the creation of a key with both the "public" and "sensitive" attribute combination.  

Added

• Service Provider Administrator Platform Credentials. Platform credentials allow Service Provider Administrators to access and mange tenants, users, and reports using the DPoD API.

Changed

• "HSM on Demand Services" are now "Luna Cloud HSM Services"
• "Key Management on Demand Services" are now "CipherTrust Key Management Services"

Added

• Version 10.2 of the HSM service client is now available for download from Thales Data Protection on Demand. This client supports hybrid usage of both HSMoD services and the Luna HSM product line, as detailed in the HSM on Demand Client User Guide. Refer to the HSM Client 10.2 Customer Release Notes document for more information. See Upgrading your HSMoD Service Client for more information about updating your HSMoD service client. 
• HSM on Demand service clients now use JWT authentication. 
• The HSMoD service client is now supported on the following operating systems:
  • RHEL8/CentOS8
  • Windows Server 2019 (standard and core)
• You can configure additional logs (Application Error Logs and Curl Logs) in the application console. See the HSM on Demand Troubleshooting section for more information. 

Changed

• The new HSMoD service has updated entries in the REST and XTC sections of the crystoki.ini (Windows) and the Chrystoki.conf (Linux) configuration files. Refer to the Configuration File Summary for a description of the default options and additional settings. 
• Deleting a client from a JWT authenticated HSMoD service now revokes the client ID and client secret associated with that client. Create a new HSMoD service client for the service to resume access. See Managing HSMoD Services for more information about deleting a service client and revoking the service credentials. 

Removed

• Older Java versions are no longer supported. See the HSM Client 10.2 Customer Release Notes document for more information.
• If your application relies on Oracle Java 7 or Java 8, you must update the advanced version provided by Oracle. You require (at minimum) version 7u131 or 82u121. Please refer to the Oracle website for more information.
• If your application relies on IBM Java 7 or 8, do not update your service client.If you want to update your client software, consider adopting OpenJDK or another supported Java version See Supported Cryptographic APIs.

Bugs Found

• DPS-5531 - If you exit the Suggest An Edit feature, in the DPoD Platform documentation, using the Close button, you can no longer scroll the documentation page. Refresh the page to continue scrolling.
• DPS-5493 - The Rotation Policies section of the Salesforce Key Broker service do not display. There is no workaround at this time.
• DPS-5433 - Tenant administrator users cannot reset their password using the Actions column in the User Details table. Change your Tenant Administrator password by clicking Change password in the upper right corner of the DPoD UI. 
• SH-4987 - When creating a self-signed certificate with cmu selfsigncertificate, additional characters are added to the specified serial number. Use cmu getattribute to list the actual serial number assigned to the certificate.

Bugs Fixed

• Luna-11616 - LunaCM displays available slots if the client fails to resolve the DPoD service's hostname. Restart LunaCM to re-attempt the connection to the service.
• Luna-11447 - Resolved a segmentation fault stopping HA members from failing over to an HSMoD service.
• HOD-957 - The default log level in the client was updated to provide improved details. 

Changed

• Enforcing restriction of 100 token objects (or 50 RSA-2048 key pairs) per service. We recommend you remove any unused keys to comply with the 100 token object limit and improve HSM performance.

Changed

• The DPoD Platform Customer Release Notes (CRN) has been removed from distribution. Please refer to the Platform Changelog to stay up-to-date on the DPoD platform and its available services.
• Please refer to the Universal Client Customer Release Notes (CRN) for more information about the Universal Client used by HSM on Demand services. 

Bugs Fixed

• SH-5169 - Resolved an issue where clients with a very high session version could fail when connecting to the service.