The Luna Cloud HSM client bundle is updated to include the 10.9.0 Universal Client. Users are encouraged to upgrade to this latest client version and ensure it is supported in accordance with the Universal Client Supported Versions with Luna Cloud HSM table.

See Upgrade Client for more information about upgrading your client.

Bugs fixed 

Resolved an Invalid memory access issue when running on a Windows Cloud Plugin. 

Thales is announcing End-of-Support for Windows Server 2012 and 2012 R2 Operating Systems with the Luna Cloud HSM Service by September 30, 2025.

We recommend that customers upgrade to a supported OS to maintain full support and enjoy access to new features.

Additional detials in KB0029608

Fixed Issue: Resolved a problem that prevented some users from viewing  Luna Cloud HSM snapshots. This fix enhances the user experience and ensures that all snapshots are accessible as intended.

As part of our ongoing infrastructure improvements, the One Welcome Identity Platform, which is used for authenticating users and Luna Clients, will be transitioning to use a new Certificate Authority (CA) in the upcoming weeks. The exact timing for this change will be posted in a maintenance window on the DPoD status page.

This change will be largely transparent to the majority of users. However, we would like to draw particular attention to users of the Luna Cloud HSM service. It is imperative to ensure that the Certificate Revocation List (CRL) distribution points for the Globalsign CA (http://crl.globalsign.com/) are accessible to your client to maintain uninterrupted service.

For a detailed overview of the network requirements for the Luna Cloud HSM service, please refer to the Client Network Connectivity documentation available on thalesdocs.com

Should you have any questions or require further clarification regarding this change, please do not hesitate to contact our support team.

The new Luna Cloud HSM Snapshot feature is now available to all users. Service snapshots allow Luna Cloud HSM users to restore their service partition to a previous snapshot to recover from zeroization or accidental deletion of keys. A snapshot is a complete capture of the state of the partition that includes all partition objects, (e.g keys and certificates), as well as the current state of credentials for partition users. 

Luna Cloud HSM Service snapshots are introduced with the following supported items:

• Snapshots in the Management UI: 
  • You can now create, view and manage service snapshots directly through the UI (User Interface).
• Daily Automatic Snapshots:
  • Snapshots automatically created every day.
  • Retained for 7 days.
• User-Generated Snapshots:
  • Create up to 3 snapshots per partition.
  • Each user-generated snapshot is retained for 3 months.
• Audit Log Integration:
  • All snapshot events are recorded in the Audit Log for full traceability.

See Service Snapshots for creating, deleting and restoring information.

The public endpoints  GET /v1/backoffice/accountStatuses and  GET /v1/backoffice/accountStatuses/{id}are deprecated and will be removed in a future release.
If you rely on them to know the status of a Tenant under your Service Provider, or for your own Tenant regarding the existence of an initial Service Election, you can use GET /v1/backoffice/serviceAgreements/{tenantId}to get the same information to determine if an initial Service Election has been submitted, approved or expired.

NOTE: The GET /v1/backoffice/subscriptions endpoint returns a list of existing subscriptions for:

• The current tenant, or
• A specified tenant (if one is provided),

…but not for any particular requested subscription.

The Luna Cloud HSM Client Deprecation List has been updated to reflect the latest versions that are available for continued support. It is recommended  to update to the latest supported client as soon as possible to avoid service disruptions.

This is the link to the updated Deprecated List.

The Thales Data Protection on Demand Terms of Service has been updated and is now included in the Thales Cyber Security Products End User Agreement. 

Please review the updated terms at its new location, https://cpl.thalesgroup.com/legal, for more information.

In addition to the list at https://thalesdocs.com/dpod/resources/client_resources/network_connectivity/index.html#certificate-authority-crls-and-ocsps users of the Luna Cloud HSM service are advised to whitelist the following URLs for the Google Certificate Authority CRL and OCSP instead of the specific URL.

http://c.pki.goog/
http://o.pki.goog/

Recent changes to the certificates mean the previous specific crl url in the documentation is no longer correct however the documentation has now been updated to reflect the correct crl url. If the client is unable to download the Certificate Revocation List, the client will return an error: "The revocation function was unable to check revocation because the revocation server was offline."

The Luna Cloud HSM client bundle is updated to include the 10.8.0 Universal Client. Users are encouraged to upgrade to this latest client version and ensure it is supported in accordance with the Universal Client Supported Versions with Luna Cloud HSM table.

See Upgrade Client for more information about upgrading your client.

Changed 

The `AuthTokenConfigURI` parameter in the Chrystoki.conf and crystoki.ini configuration file is updated to directly reference the updated endpoint that comes as the result of the migration to the One Welcome Identity Platform.

Client version 10.8.0 will be required for hybrid HA group operations between Luna Network HSM and Luna Cloud HSM when the Luna Cloud HSM service is upgraded to FW 3.0.

Bugs fixed 

Resolved an issue in the 10.7.2 client where the command cmu verifyhsm fails. 

Resolved an issue with previous versions of the support tool "lch-support-linux-64bit" and "lch-support-win-64bit" that generated false failures as a result of differences with the One Welcome Identity Platform.