In the upcoming release of FW 3.0 for Luna Cloud HSM, CPv1 will be removed from FIPS firmware support as it is no longer compliant with 140-3. As this only affects FIPS mode, all affected users should use CPv4 or transition service to non-FIPS mode. If Luna Network HSM users want to clone to Luna Cloud HSM with a FIPS partition they will have to use Luna 7.8 or higher. See Universal Cloning for more information.
FW 2.0.5 has been released to all production environments. This release resolves the issue with restoring Luna Cloud HSM backups from a Luna USB Backup HSM.
The new firmware versions based on region and FIPS mode are as follows:
Added
The issue with restoring Luna Cloud HSM backups from a Luna USB Backup HSM has been rectified with FW 2.0.5.
An issue was found with the Luna Cloud HSM Support Tool version 1.0.0 where incorrect data was reported for datacentre connectivity in some cases.
This issue has been fixed with the Luna Cloud HSM Support Tool version 1.0.2.
Luna Cloud HSM Support Tool version 1.0.2 addresses the following bug:
FW 2.0.2 has been released to all production environments. This release resolves an issue that prevented cloning objects between two Luna Cloud HSM partitions when using the 10.5 client.
The new firmware versions based on region and FIPS mode are as follows:
FW 2.0.2 includes the following bug fixes:
Cloning keys between two Luna Cloud HSM partitions fails when using the 10.5 client. There are currently two possible workaround scenarios.
-> Workaround #1 - If there is a Luna SA7 (or any other separate device to use as an intermediary for the cloning) then clone to and from that device.
-> Workaround #2 - If there is no separate device then completely uninstall the 10.5 client and install the 10.4 client from scratch. For this option please raise a support ticket to the Thales Customer Support portal to request to join the 2 partitions together as the 10.4 client does not support dynamic partition loading.
The Service Provider Tenant Usage Report and the associated tenants/usageReport, tenants/usageDetails, and service_instances/usageDetails endpoints are deprecated and will be removed from the platform by the end of 2023.
As an alternative use the Service Report in the DPoD service provider tenant or the /v1/service_instances/usageBillingReport endpoint, and the /v1/backoffice/serviceAgreements{tenantId} endpoint to compile tenant usage information.
In UC 10.4, a bug was found when using CKLog in Linux with a Luna Cloud HSM client package. The output was spammed with "LunaNamedSystemMutex: open() failed: No such file or directory".
In the UC 10.5 client, the new mutex folder will use the /lock directory which solves this issue.
The DPoD Platform API has deprecated the tileId parameter on the POST /serviceAgreements endpoint and the tileName parameter on the GET /serviceAgreements{tenantId} endpoint.
The tileId parameter on the POST /serviceAgreements and tileName parameter on the GET /serviceAgreements{tenantId} endpoint will be removed from the platform in a future update.
See the Subscriptions API for more information about available endpoints, fields and scopes.
The firmware versions for Luna Cloud HSM Services operating in NA environments have been updated. The current firmware version based on region and FIPS mode are as follows:
FW 1.5 includes improvements to the Point to Point encryption service. FW 1.5 also includes the following bug fixes:
The authentication method used by the 10.0 and 10.1 version of the Luna Cloud HSM client is being deprecated. Clients using this authentication will no longer be supported by the Luna Cloud HSM service after December 31, 2021.
We recommend you upgrade your client to the latest version at your earliest convenience. See Upgrading your client for more information.
Deprecated
The authentication method used by the 10.0 and 10.1 version of the Luna Cloud HSM client is being deprecated. We recommend you upgrade your Luna Cloud HSM service clients to the latest version at your earliest convenience. Clients using this authentication mechanism will no longer connect to the service after December 31, 2021. Instructions for upgrading the client can be found in our documentation here.
