VENAFI TRUST PROTECTION PLATFORM 23.3.5
To download this patch, visit https://download.venafi.com >Trust Protection Platform>Previous>23.3.5
Instructions for patching can be found in the product documentation here: https://docs.venafi.com/
RESOLVED ISSUES IN TPP VERSION 23.3.5
- Certificate chain order while pushing to AKV (via the REST API Calls) (VEN-80453, @101249)
- ACME server is reporting an "ACME - Account Key In Use" error (VEN-80462, @104798)
- Discrepancies in Registered Agent count in Aperture UI (VEN-80533, @104946)
- Onboard Discovery Doesn't Update Cert Name if Cert Found is Not a New Object (VEN-80684, @104415)
- TPP server CPU utilization high after upgrade to 22.4 (VEN-80731, @102839)
- Making changes to custom field (error message) does not apply until restart of IIS (VEN-80761, @105296)
- The SSL/TLS page shows "Common Name" "Common Name" - seems it might be related to localization (VEN-80794)
- CAPI Onboard Discovery creates an obsolete application object each time it runs against Windows 2012 MSCA Server (VEN-80906, @105483)
- AWS Onboard Discovery does not create an application object for Cloudfront Distributions that share the same certificate. (VEN-80909, @105270)
- The Host name is NOT provided and no SNI checked - server 2022 (VEN-80909, @105270)
- Filtering in Aperture with Status “Pending Someone Else’s Approval” results in timeout (VEN-80965, @103941)
- Entrust revocation is requiring reason code when docs say its optional (VEN-81201, @106310)
- Issue with Entrust + Venafi relating to FLEX unlimited inventory (VEN-81293, @102649)
- Delete obsolete store_associations for certificate vault ids is deleting CA specific associations (VEN-81308)
- Certificate History Checking for Expired Certs, Not Certs That Are Expiring (VEN-81504, @107373)
- Daylight Saving changes Scheduled Jobs time in TPP (Reports) (VEN-81627, @97183)
- Not all Custom Reports are running in 24.1 - using TimeZones (VEN-81632)
- Could not load file or assembly System.Web.Http.dll (500 Errors) (VEN-81723, @105023)
- Domain Whitelist - Field is limited in 23.3.1, (VEN-81734, @106062)
- SSH Certificate Request API method returns Pending Issue quicker than ProcessingTimeout specified. (VEN-81761)
- [Kubernetes Discovery] Selecting inactive clusters from the clusters list and saving the job, saves the job with only the inactive cluster's name and without their id (VEN-81921)
- Stage 1200 End Certificate Processing (VEN-81926, @107795)
- Client Subsystem throws InvalidOperationException in Venafi.ClientRest.ClientAuth.HandleRegister (VEN-81934)
- Rule Editor - Invalid Syntax Error (VEN-81939, @109184)
- Self-Signed P256 Renewals Don't Scale Horizontally (VEN-81993)
- DB deadlocks SCEP (VEN-82243, @106492)
- Entrust enrollments not providing correct Org in returned cert with EV template(VEN-82325, @102479)
- Message Bus bridge is reconfiguring when it should not be. (VEN-82333)
- "Allow user to specify end date" is missing from Aperture when using an MSCA Pool (VEN-82401, @106612)
- Workflow - Ticket Pending Resolution not logged nightly (VEN-82490, @110446)
- CyberArk Username Credential Objects are not selectable/usable in CA Import Job (VEN-82495, @105706)
- View tab not showing Extended Latin alphabets correctl (VEN-82511, @106849)
- MMC Crashes when selecting Roles inside Code Signing Node (VEN-82535)
- Store_Entry cascade deletes are taking a long time (VEN-82598)
- Bulk Provisioning job only succeeds when run Manually (VEN-82729, @91592)
- Low risk security issues resolved (VEN-82552)
- Medium risk security issues resolved (VEN-82618)
OTHER ISSUES RESOLVED INCLUDED IN THIS PATCH (23.3.1-23.3.4)
- [Kubernetes Discovery] Backport TLSPK-TLSPDC integration changes to 23.3 (VEN-81694)
- Error saving Certificates and device placement rules job (VEN-80746, @104532)
- Merge recovery processors to the mainline and backport it to all the supported versions (VEN-80818)
- Disabling/Enabling notification rule in Webadmin in 23.3 breaks the notifiation rule (VEN-80819, @106138)
- Error messages when logging in/looking up teams or users after upgrading to 23.3.1 (VEN-81044, @106639)
- View > Certificates tab missing CN, Country, State, City values for some certificates (VEN-81072, @106361)
- Provide a way to fully disable archiving in a performant manner (VEN-81115)
- Double hover-over message on unknown passphrase keysets (VEN-81437)
- Intermittent Message Bus communication failure in Mesh mode (VEN-81518, @107237)
- Standby Status is not properly reflected in the Aperture System Status Dashboard (VEN-81580)
- Querying stats tags when many values exist in the live table is slow (VEN-81581)
- JWT Mapping - Issuer URI Verification not Utilizing Proxy Configuration (VEN-81608, @107590)
- Intermittent CSP Getobject/Listobjects errors (VEN-81609, @105572)
- Upgrades are failing due to an error in db schema setup (VEN-81635)
- Low risk security issues resolved (VEN-81444, VEN-81615)
- 23.3 Scheduled Reports not running (VEN-80883, @105407)
- Recycle Bin Does Not Purge When Using API to Delete (VEN-80951, @105925)
- During dual-node TPP upgrade, the second engine to upgrade reported "Cannot insert duplicate key in object" (VEN-80454)
- Making changes to custom field does not apply until restart of IIS (VEN-80545, @105296)
- Cannot link codesign environment to HSM - "No keys available" (200+ private keys) (VEN-80548, @105146)
- Provisioning to CloudFront updates the Distribution behaviours and clears out the Security headers that include ContentSecurityPolicy (VEN-80556, @103605)
- HSM: Support linking GPG key retrieval from HSM (VEN-80561)
- Authentication and encryption keys are being issued for a GPG env that has been marked as an issuer (VEN-80567)
Resolved issues in Code Signing Clients version 24.1.2
- Decrypt operations fail for RSA with OAEP SHA-256 padding (VEN-82539, @97159)
- CodeSign Client not setting csc, timestamp, or pks server urls if pq is enabled (VEN-82549)
- Code signing error "Problem with the digital certificate The VBA project could not be signed. The signature will be discarded" (VEN-82592, @108773)
- The code signing clients installer fails on arm64 Windows installs (VEN-82607)
- Copyright for some binaries installed with CodeSign Client is missing or out of date (VEN-82613)
- (Client side) Client Distribution - Clicking on Linux>Intel>Portable package downloads the same file as for macOS > Portable package (VEN-82683)
- Linux CSP 23.3 appears to have a regression bug in regards to our PKCS11+jarsigner integration (VEN-80829, @106116)
- VCC GPG env template "Authentication Keys" and "Encryption Keys" tabs "Project owner may
Comments