Info: 23.3.5 Patch Is Released



To download this patch, visit >Trust Protection Platform>Previous>23.3.5

Instructions for patching can be found in the product documentation here: 




  • Certificate chain order while pushing to AKV (via the REST API Calls) (VEN-80453, @101249)
  • ACME server is reporting an "ACME - Account Key In Use" error (VEN-80462, @104798)
  • Discrepancies in Registered Agent count in Aperture UI (VEN-80533, @104946)
  • Onboard Discovery Doesn't Update Cert Name if Cert Found is Not a New Object (VEN-80684, @104415)
  • TPP server CPU utilization high after upgrade to 22.4 (VEN-80731, @102839)
  • Making changes to custom field (error message) does not apply until restart of IIS (VEN-80761, @105296)
  • The SSL/TLS page shows "Common Name" "Common Name" - seems it might be related to localization (VEN-80794)
  • CAPI Onboard Discovery creates an obsolete application object each time it runs against Windows 2012 MSCA Server (VEN-80906, @105483)
  • AWS Onboard Discovery does not create an application object for Cloudfront Distributions that share the same certificate. (VEN-80909, @105270)
  • The Host name is NOT provided and no SNI checked - server 2022 (VEN-80909, @105270)
  • Filtering in Aperture with Status “Pending Someone Else’s Approval” results in timeout (VEN-80965, @103941)
  • Entrust revocation is requiring reason code when docs say its optional (VEN-81201, @106310)
  • Issue with Entrust + Venafi relating to FLEX unlimited inventory (VEN-81293, @102649)
  • Delete obsolete store_associations for certificate vault ids is deleting CA specific associations (VEN-81308)
  • Certificate History Checking for Expired Certs, Not Certs That Are Expiring (VEN-81504, @107373)
  • Daylight Saving changes Scheduled Jobs time in TPP (Reports) (VEN-81627, @97183)
  • Not all Custom Reports are running in 24.1 - using TimeZones (VEN-81632)
  • Could not load file or assembly System.Web.Http.dll (500 Errors) (VEN-81723, @105023)
  • Domain Whitelist - Field is limited in 23.3.1, (VEN-81734, @106062)
  • SSH Certificate Request API method returns Pending Issue quicker than ProcessingTimeout specified. (VEN-81761)
  • [Kubernetes Discovery] Selecting inactive clusters from the clusters list and saving the job, saves the job with only the inactive cluster's name and without their id (VEN-81921)
  • Stage 1200 End Certificate Processing (VEN-81926, @107795)
  • Client  Subsystem throws InvalidOperationException in Venafi.ClientRest.ClientAuth.HandleRegister (VEN-81934)
  • Rule Editor - Invalid Syntax Error (VEN-81939, @109184)
  • Self-Signed P256 Renewals Don't Scale Horizontally (VEN-81993)
  • DB deadlocks SCEP (VEN-82243, @106492)
  • Entrust enrollments not providing correct Org in returned cert with EV template(VEN-82325, @102479)
  • Message Bus bridge is reconfiguring when it should not be. (VEN-82333)
  • "Allow user to specify end date" is missing from Aperture when using an MSCA Pool (VEN-82401, @106612)
  • Workflow - Ticket Pending Resolution not logged nightly (VEN-82490, @110446)
  • CyberArk Username Credential Objects are not selectable/usable in CA Import Job (VEN-82495, @105706)
  • View tab not showing Extended Latin alphabets correctl (VEN-82511, @106849)
  • MMC Crashes when selecting Roles inside Code Signing Node (VEN-82535)
  • Store_Entry cascade deletes are taking a long time (VEN-82598)
  • Bulk Provisioning job only succeeds when run Manually (VEN-82729, @91592)
  • Low risk security issues resolved (VEN-82552)
  • Medium risk security issues resolved (VEN-82618)


  • [Kubernetes Discovery] Backport TLSPK-TLSPDC integration changes to 23.3 (VEN-81694)
  •  Error saving Certificates and device placement rules job (VEN-80746, @104532)
  • Merge recovery processors to the mainline and backport it to all the supported versions (VEN-80818)
  • Disabling/Enabling notification rule in Webadmin in 23.3 breaks the notifiation rule (VEN-80819, @106138)
  • Error messages when logging in/looking up teams or users after upgrading to 23.3.1 (VEN-81044, @106639)
  • View > Certificates tab missing CN, Country, State, City values for some certificates (VEN-81072, @106361)
  • Provide a way to fully disable archiving in a performant manner (VEN-81115)
  • Double hover-over message on unknown passphrase keysets (VEN-81437)
  •  Intermittent Message Bus communication failure in Mesh mode (VEN-81518, @107237)
  • Standby Status is not properly reflected in the Aperture System Status Dashboard (VEN-81580)
  • Querying stats tags when many values exist in the live table is slow (VEN-81581)
  • JWT Mapping - Issuer URI Verification not Utilizing Proxy Configuration (VEN-81608, @107590)
  • Intermittent CSP Getobject/Listobjects errors (VEN-81609, @105572)
  • Upgrades are failing due to an error in db schema setup (VEN-81635)
  • Low risk security issues resolved (VEN-81444, VEN-81615)
  • 23.3 Scheduled Reports not running (VEN-80883, @105407)
  • Recycle Bin Does Not Purge When Using API to Delete (VEN-80951, @105925)
  • During dual-node TPP upgrade, the second engine to upgrade reported "Cannot insert duplicate key in object" (VEN-80454)
  • Making changes to custom field does not apply until restart of IIS (VEN-80545, @105296)
  • Cannot link codesign environment to HSM - "No keys available" (200+ private keys) (VEN-80548, @105146)
  • Provisioning to CloudFront updates the Distribution behaviours and clears out the Security headers that include ContentSecurityPolicy (VEN-80556, @103605)
  • HSM: Support linking GPG key retrieval from HSM (VEN-80561)
  • Authentication and encryption keys are being issued for a GPG env that has been marked as an issuer (VEN-80567)


Resolved issues in Code Signing Clients version 24.1.2

  • Decrypt operations fail for RSA with OAEP SHA-256 padding (VEN-82539, @97159)
  • CodeSign Client not setting csc, timestamp, or pks server urls if pq is enabled (VEN-82549)
  • Code signing error "Problem with the digital certificate The VBA project could not be signed. The signature will be discarded" (VEN-82592, @108773)
  • The code signing clients installer fails on arm64 Windows installs (VEN-82607)
  • Copyright for some binaries installed with CodeSign Client is missing or out of date (VEN-82613)
  • (Client side) Client Distribution - Clicking on Linux>Intel>Portable package downloads the same file as for macOS > Portable package (VEN-82683)
  • Linux CSP 23.3 appears to have a regression bug in regards to our PKCS11+jarsigner integration (VEN-80829, @106116)
  • VCC GPG env template "Authentication Keys" and "Encryption Keys" tabs "Project owner may
Was this article helpful?
0 out of 0 found this helpful