Follow

Info: 23.3.6 Patch Is Released

You can access product documentation through the Venafi Documentation Portal. To access the documentation portal:

·    Visit https://docs.venafi.com.

·    Log in using your Venafi training or download credentials. Visit https://success.venafi.com for our single-sign on page if you need to modify your account.

·    Choose the version of the documentation that you want to view.

 

Additionally, you can also find product documentation in the following locations:

·    From the Help link in Aperture, Web Admin, Code Signing, and VCC.

·    On Windows Server where you’ve installed Trust Protection Platform, click the Start menu, and then type Venafi.

·    From the Installation Guide.lnk file included in the zip package, launch the HTML Help version of the Installation Guide.

·    The PDF versions of the documentation are now in the Documentation Portal at https://docs.venafi.com/current/pdf

·    From the Trust Protection Platform Web SDK documentation appears in the following location: \Program Files\Venafi\Documentation\WebSDK\Default.htm.

  • On your test instance of Trust Protection Platform. For testing REST API calls, Swagger documentation is only available in your own instance of Trust Protection Platform. For more information, see the "Getting started" section of the Web SDK Developers Guide.

 

Resolved issues in TPP version 23.3.6

  • SSH Key Algorithm Query (VEN-82733, @109287)
  • SSH Device Inventory Name field no longer handles CSV entry (VEN-82783, @111323)
  • Code Signing Projects Page shows incorrect number of signing <24 hrs (VEN-82830, @105381)
  • F5 failing workflow command injection. (VEN-82876, @110139)
  • Key Use Approval Rejected SMTP Channel Returns Null Data References (VEN-82883, @109863)
  • Entrust CA Gateway ignoring profile (VEN-82951, @111837)
  • DigiCert driver returning "this certificate type does not allow organization" for Class 1/SMIME after CA/B changes (VEN-82968, @105052)
  • HTTP 400: unauthorized_client: Token not valid yet, issuedAt... is in the future (VEN-83012, @112234)
  • Rapid Requests Results in InternalError (VEN-83044, @97491)
  • Question #108575 || Log server service hangs  during DB fail overs tests and patching (VEN-83049, @108575)
  • CertificateChain Macro is attaching binary data when it should be text (VEN-83121)
  • VPlatform crashes when the connection to the DB is lost instead of going into recovery mode (VEN-83129)
  • Redirecting to wrong port number when saving in Policy Tree (VEN-83135, @104133)
  • Private Key Vault Ownership Mismatch when Reusing Private Key and Historical Certificate is in Recycle Bin (VEN-83156, @103007)
  • Initialization Failure when OAuth settings not used on 1 out of 2 adaptable workflows (VEN-83184, @112095)
  • Agent p12 provisioning shows encoded GUID in place of readable text for Friendly Name (VEN-83199, @111779)
  • Wrong local Message Bus port bound when using a Central MQTT server on a non-standard port (VEN-83220)
  • JKS – Removing Certificate from Trust Store Failed after upgrading to 23.3 (VEN-83226, @112875)
  • Connection to an nShield HSM does not recover if the nFast Service is stopped and restarted (VEN-83320)
  • Certificate Expiration date is UTC time, but Valid To is local server time (VEN-83321, @106447)
  • Unable to create AWS Private CA Import job (VEN-83327, @108532)
  • SAN Values missing in Aperture certificate view (VEN-83375, @111816)
  • Exporting custom notification rules results in unhandled exception error (VEN-83447, @113972)
  • File Permissions: User 0600 is missing on newly created JKS applications (VEN-83567, @113152)
  • Editing PlainText SMTP channels in 23.3 requires log service restart if channel existed prior to 23.3 (VEN-83590, @113945)
  • Entitlements report times out after upgrade to 22.4.6 (VEN-83654, @110140)
  • JKS Keystores downloaded in WebAdmin, Aperture, or WebSDK contain the root certs first (VEN-83809, @106461)
  • OpenSSH Private Keys are not being parsed correctly (VEN-83814)
  • Adaptable discovery job runs are creating “Obsolete” applications for the same application and same certificate (VEN-84107, @113838)
  • "Admin UI - Object Updated" event not being logged initially for new certs (VEN-84139, @114137)
  • Citrix Netscaler Onboard Discovery is obsoleting every app object and creating new app object each time the job is run (VEN-84228, @114714)
  • Truncated date stamp on revocation status (VEN-84233, @115650)
  • Duplicated SAN entries using OpenTrust CA (VEN-84345, @113974)
  • Pushing a certificate to an existing remote keystore using GSK fails (VEN-84393, @113034)
  • Switch Aperture and Reporter code to throwOnError = true (IQueryable) and ReadUncommitted = true for Aperture Inventory (round 3) (VEN-84584)
  • JKS format is unavailable in Aperture for ECC certificates (VEN-84588, @113316)
  • 'System Protection Key Rotation' will leave the system in a bad state if new key has not been synchronized (VEN-84597)
  • vPlatform service continually stopping (VEN-84682, @112552)
  • Adaptable CA Import job uses transaction ID from expired cert when reconciling (VEN-84685, @113719)
  • Low risk security issues resolved (VEN-84147, VEN-84197)

 

RESOLVED ISSUES IN TPP VERSION 23.3.5

 

  • Certificate chain order while pushing to AKV (via the REST API Calls) (VEN-80453, @101249)
  • ACME server is reporting an "ACME - Account Key In Use" error (VEN-80462, @104798)
  • Discrepancies in Registered Agent count in Aperture UI (VEN-80533, @104946)
  • Onboard Discovery Doesn't Update Cert Name if Cert Found is Not a New Object (VEN-80684, @104415)
  • TPP server CPU utilization high after upgrade to 22.4 (VEN-80731, @102839)
  • Making changes to custom field (error message) does not apply until restart of IIS (VEN-80761, @105296)
  • The SSL/TLS page shows "Common Name" "Common Name" - seems it might be related to localization (VEN-80794)
  • CAPI Onboard Discovery creates an obsolete application object each time it runs against Windows 2012 MSCA Server (VEN-80906, @105483)
  • AWS Onboard Discovery does not create an application object for Cloudfront Distributions that share the same certificate. (VEN-80909, @105270)
  • The Host name is NOT provided and no SNI checked - server 2022 (VEN-80909, @105270)
  • Filtering in Aperture with Status “Pending Someone Else’s Approval” results in timeout (VEN-80965, @103941)
  • Entrust revocation is requiring reason code when docs say its optional (VEN-81201, @106310)
  • Issue with Entrust + Venafi relating to FLEX unlimited inventory (VEN-81293, @102649)
  • Delete obsolete store_associations for certificate vault ids is deleting CA specific associations (VEN-81308)
  • Certificate History Checking for Expired Certs, Not Certs That Are Expiring (VEN-81504, @107373)
  • Daylight Saving changes Scheduled Jobs time in TPP (Reports) (VEN-81627, @97183)
  • Not all Custom Reports are running in 24.1 - using TimeZones (VEN-81632)
  • Could not load file or assembly System.Web.Http.dll (500 Errors) (VEN-81723, @105023)
  • Domain Whitelist - Field is limited in 23.3.1, (VEN-81734, @106062)
  • SSH Certificate Request API method returns Pending Issue quicker than ProcessingTimeout specified. (VEN-81761)
  • [Kubernetes Discovery] Selecting inactive clusters from the clusters list and saving the job, saves the job with only the inactive cluster's name and without their id (VEN-81921)
  • Stage 1200 End Certificate Processing (VEN-81926, @107795)
  • Client  Subsystem throws InvalidOperationException in Venafi.ClientRest.ClientAuth.HandleRegister (VEN-81934)
  • Rule Editor - Invalid Syntax Error (VEN-81939, @109184)
  • Self-Signed P256 Renewals Don't Scale Horizontally (VEN-81993)
  • DB deadlocks SCEP (VEN-82243, @106492)
  • Entrust enrollments not providing correct Org in returned cert with EV template(VEN-82325, @102479)
  • Message Bus bridge is reconfiguring when it should not be. (VEN-82333)
  • "Allow user to specify end date" is missing from Aperture when using an MSCA Pool (VEN-82401, @106612)
  • Workflow - Ticket Pending Resolution not logged nightly (VEN-82490, @110446)
  • CyberArk Username Credential Objects are not selectable/usable in CA Import Job (VEN-82495, @105706)
  • View tab not showing Extended Latin alphabets correctl (VEN-82511, @106849)
  • MMC Crashes when selecting Roles inside Code Signing Node (VEN-82535)
  • Store_Entry cascade deletes are taking a long time (VEN-82598)
  • Bulk Provisioning job only succeeds when run Manually (VEN-82729, @91592)
  • Low risk security issues resolved (VEN-82552)
  • Medium risk security issues resolved (VEN-82618)

OTHER ISSUES RESOLVED INCLUDED IN THIS PATCH (23.3.1-23.3.4)

  • [Kubernetes Discovery] Backport TLSPK-TLSPDC integration changes to 23.3 (VEN-81694)
  •  Error saving Certificates and device placement rules job (VEN-80746, @104532)
  • Merge recovery processors to the mainline and backport it to all the supported versions (VEN-80818)
  • Disabling/Enabling notification rule in Webadmin in 23.3 breaks the notifiation rule (VEN-80819, @106138)
  • Error messages when logging in/looking up teams or users after upgrading to 23.3.1 (VEN-81044, @106639)
  • View > Certificates tab missing CN, Country, State, City values for some certificates (VEN-81072, @106361)
  • Provide a way to fully disable archiving in a performant manner (VEN-81115)
  • Double hover-over message on unknown passphrase keysets (VEN-81437)
  •  Intermittent Message Bus communication failure in Mesh mode (VEN-81518, @107237)
  • Standby Status is not properly reflected in the Aperture System Status Dashboard (VEN-81580)
  • Querying stats tags when many values exist in the live table is slow (VEN-81581)
  • JWT Mapping - Issuer URI Verification not Utilizing Proxy Configuration (VEN-81608, @107590)
  • Intermittent CSP Getobject/Listobjects errors (VEN-81609, @105572)
  • Upgrades are failing due to an error in db schema setup (VEN-81635)
  • Low risk security issues resolved (VEN-81444, VEN-81615)
  • 23.3 Scheduled Reports not running (VEN-80883, @105407)
  • Recycle Bin Does Not Purge When Using API to Delete (VEN-80951, @105925)
  • During dual-node TPP upgrade, the second engine to upgrade reported "Cannot insert duplicate key in object" (VEN-80454)
  • Making changes to custom field does not apply until restart of IIS (VEN-80545, @105296)
  • Cannot link codesign environment to HSM - "No keys available" (200+ private keys) (VEN-80548, @105146)
  • Provisioning to CloudFront updates the Distribution behaviours and clears out the Security headers that include ContentSecurityPolicy (VEN-80556, @103605)
  • HSM: Support linking GPG key retrieval from HSM (VEN-80561)
  • Authentication and encryption keys are being issued for a GPG env that has been marked as an issuer (VEN-80567)

 

What's new in Code Signing Clients version 24.3.0

  • Code Signing client usability enhancements - Many of the code signing client commands have been enhanced to improve usability. The more complex configuration and usage commands now include an interactive mode that guides users through setup and usage. Additional enhancements, such as improved error messaging and help documentation, are included throughout the clients. For more information, see pkcs11config, gpgconfig, cspconfig, and tkdriverconfig.
  • unsync option for gpgconfig - The unsync option has been added to gpgconfig. This option removes all data that has been synchronized between CodeSign Protect and the local GPG keyring. See the gpgconfig command reference for more information.

Resolved issues in Code Signing Clients version 24.3.0

  • Error when attempting to sign VBA code using CSP/KSP on Windows. (VEN-81706, @108773)
  • Remove GPGConfig from machine settings in MMC. (VEN-78802)

Resolved issues in Code Signing Clients version 24.1.3

  • Enhance CodeSign Client to interpret mbedtls certificate verification flags for better error messages (VEN-82860)
  • New environment “Encipher RSA4096-Software” should not be included in customer-facing SampleObjects.xml (VEN-82867)

 

Resolved issues in Code Signing Clients version 24.1.2

  • Decrypt operations fail for RSA with OAEP SHA-256 padding (VEN-82539, @97159)
  • CodeSign Client not setting csc, timestamp, or pks server urls if pq is enabled (VEN-82549)
  • Code signing error "Problem with the digital certificate The VBA project could not be signed. The signature will be discarded" (VEN-82592, @108773)
  • The code signing clients installer fails on arm64 Windows installs (VEN-82607)
  • Copyright for some binaries installed with CodeSign Client is missing or out of date (VEN-82613)
  • (Client side) Client Distribution - Clicking on Linux>Intel>Portable package downloads the same file as for macOS > Portable package (VEN-82683)

 

Resolved issues in Code Signing Clients version 24.1.1

  • Decrypt operations fail for RSA with OAEP SHA-256 padding (VEN-82539, @97159)
  • CodeSign Client not setting csc, timestamp, or pks server urls if pq is enabled (VEN-82549)
  • Code signing error "Problem with the digital certificate The VBA project could not be signed. The signature will be discarded" (VEN-82592, @108773)
  • The code signing clients installer fails on arm64 Windows installs (VEN-82607)
  • Copyright for some binaries installed with CodeSign Client is missing or out of date (VEN-82613)

 

Resolved issues in Code Signing Clients version 23.3.1

  • Linux CSP 23.3 appears to have a regression bug in regards to our PKCS11+jarsigner integration (VEN-80829, @106116)
Was this article helpful?
0 out of 0 found this helpful

Comments