Release Notes
Abstract
This technical note provides guidance for installing IBM Guardium Data Protection patch 12.0p30, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
- Patch file name: SqlGuard-12.0p30_Bundle_Dec_09_2024.tgz.enc.sig
- MD5 checksum: 3f2c638d13c0480093e9034efc3a90e4
Finding the patch
- Select the following options to download this patch on the IBM Fix Central website and click Continue.
- Product selector: IBM Security Guardium
- Installed Version: 12.0
- Platform: All
- On the "Identify fixes" page, select Browse for fixes and click Continue.
- On the "Select fixes" page, select Appliance patch (GPU and Ad-Hoc). Then, enter the patch information in the Filter fix details field to locate the patch.
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
Prerequisites
The latest Guardium Data Protection health check patch 12.0p9997
Installation
Notes:
- This patch is an appliance bundle that includes all fixes for 12.0 except sniffer fixes.
- This patch restarts the Guardium system.
- Do not reboot the appliance while the patch install is in progress. Contact IBM Support if there is an issue with patch installation.
- When changing the password of CLI and guardcli users in the Guardium command line interface, a password strength warning appears even when strong passwords are not enabled. To remove the strong password checks, execute the CLI command store user strong_password disable.
Overview:
- Download the patch and extract the compressed package outside the Guardium system.
- Review the latest version of the patch release notes just before you install the patch.
- Pick a "quiet" or low-traffic time to install the patch on the Guardium system.
- Apply the latest health check patch.
- Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors.
- Apply the latest quarterly DPS patch and rapid response DPS patch even if these patches were applied before the upgrade.
For information about installing Guardium Data protection patches, see How to install patches in the Guardium documentation.
Attention
Guardium appliance bundle upgrade time extended due to MySQL tables conversion
Following MySQL support requirements, most tables are converted from MyISAM to InnoDB starting with Guardium appliance bundle versions 11.0p550 and later, and versions 12.0p25 and later. Due to the large size of some tables, which are mostly static tables, the conversion might consume more time than usual during an appliance bundle upgrade. Note: Do not cancel the patch installation process. If you have any concerns, contact IBM Support.
For more information, see Guardium appliance bundle upgrade time extended due to MySQL tables conversion.
Renewed Guardium patch signing certificate
Guardium appliance patches are signed by an internal certificate to validate that the patch is created by Guardium. Unsigned patch files cannot be installed. This patch is signed by a new patch signing certificate. Therefore, to install this patch, the patch signing certificate on your Guardium appliance must first be updated by installing ad hoc patch 12.0p1012 (see release note) or an appropriate appliance bundle listed in the IBM Guardium - Patch signing certificate set to expire in March 2025 support document.
Enhancements
This patch includes the following enhancements:
| Issue key | Summary |
|---|---|
|
GRD-84073
|
Upgrade IBM Storage Protect client to latest revision (formerly IBM Spectrum Protect, Tivoli Storage Manager)
|
|
GRD-84954
|
Updates Guardium 12.0 to Red Hat Enterprise Linux (RHEL) 9.4 Extended Update Support (EUS) since EUS 9.2 will reach end of life in April 2025
|
|
GRD-86443
|
Adds Milvus as new database type in GUI Policy Builder for Data
|
|
GRD-86447
|
Adds Milvus database support in S-TAP Control Inspection Engine to perform create, read, update, and delete (CRUD) operations
|
|
GRD-88128
|
CVE test support for for MongoDB on Windows
|
Resolved issues
This patch resolves the following issues:
| Patch | Issue key | Summary | APAR |
|---|---|---|---|
| 12.0p25 | This patch includes resolved issues from 12.0p25 (see release notes) | ||
| 12.0p30 | GRD-81990 | support get_gdp_cluster_info cli command missing in GDP V12 | DT409092 |
| GRD-82250 | Guardium cannot classify tables with function-based index on Sybase database [Error Code: 11738] | DT396797 | |
| GRD-83221 | Vulnerability Assessment: Unable to connect Apache Cassandra with SSL | DT409021 | |
| GRD-83759 | Version 11.5 aggregator MySQL occasionally crashed during data archive | DT392751 | |
| GRD-83801 | GIM bundles show status not available on Guardium system and missing version data | DT393161 | |
| GRD-84215 | GIM modules not being able to be uploaded again | DT395912 | |
| GRD-84548 | Version 12 grdapi command with --help=true hangs | DT409020 | |
| GRD-85175 | Initial start updated from the central manager is not updating all of the managed units correctly | DT396812 | |
| GRD-85220 | logrotate configuration reverts to default after installing bundle patch 11.0p540 or 11.0p545 | DT399828 | |
| GRD-85278 | Audit process builder's reordering receivers not taking effect | DT393991 | |
| GRD-86991 | When creating tuple group, unable to add tuple parameters on a Simplified Chinese appliance | DT399735 | |
| GRD-87097 | Guardium 12 appliance vulnerability detected: Squid Proxy 5.x detected on port: 3129 | DT416648 | |
| GRD-87282 | EMEA GUI showing v2 SNMP but cli and traffic in SNMPv3 | DT400637 | |
| GRD-87951 | EMEA Guardium SYSLOG issue encountered as everything in wait status | DT409085 | |
| GRD-88193 | Syslog (messages) backup files created and not purged from version 12 appliances | DT409035 | |
| GRD-88205 | Universal connector ICD Postgres connections exceeded max limit 30 | DT408991 | |
| GRD-88775 | Error: Machine information not found | DT409174 | |
| GRD-89105 | syslog daemon service (rsyslogd) keeps crashing and stops logging to the messages syslog file | DT409033 | |
| GRD-89290 | support reset_managed_cli command does not set chage for CLI user | DT409177 | |
| GRD-89693 | Change how rsyslogd is started | N/A |
Security fixes
This patch resolves the following issues:
| Patch | Issue key | Summary | CVE |
|---|---|---|---|
|
12.0p26
|
This patch includes fixes from 12.0p26 (see release notes) | ||
|
12.0p30
|
GRD-76365
|
PSIRT: PVR0468745 - http2-common-9.4.44.v20210927.jar (Publicly disclosed vulnerability found by Mend) - webapps
|
CVE-2023-44487
|
|
GRD-76925
|
SE - Pen Testing On-prem - October 2023 - Using component with known vulnerabilities
|
CVE-2021-3695 CVE-2021-3696 CVE-2021-3697
CVE-2022-3287
CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28737 CVE-2022-34301 CVE-2022-34302 CVE-2022-34303
CVE-2023-3341
CVE-2023-3899
CVE-2023-4911
CVE-2023-38633
CVE-2023-40217
|
|
|
GRD-82532
|
PSIRT: PVR0509682 - IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264
|
CVE-2023-38264
|
|
|
GRD-84182
|
Tenable Nessus scan
|
CVE-2020-36558
CVE-2023-2002
CVE-2023-4408
CVE-2023-4622
CVE-2023-4623
CVE-2023-4921
CVE-2023-25775
CVE-2022-42896
CVE-2022-43552
CVE-2023-45871
CVE-2023-38409
CVE-2023-50387
CVE-2023-50868
CVE-2024-1086
CVE-2024-2961
CVE-2024-26602
CVE-2024-33599
CVE-2024-33601
CVE-2024-33600
CVE-2024-33602
|
|
|
GRD-84339
|
PSIRT: PVR0461564 - [All] Python (Publicly disclosed vulnerability)
|
CVE-2023-40217
|
|
|
GRD-86777
|
python3 rpm - RHEL 9 CVEs for version 12.0
|
CVE-2007-4559
CVE-2023-6597
CVE-2024-0450
CVE-2024-3651
|
|
|
GRD-87382
|
PSIRT: PVR0523390 krb5 - CVE-2024-37370, CVE-2024-37371- 12.0 and 12.1
|
CVE-2024-37370
|
|
|
GRD-88395
|
PSIRT: PVR0546593, PVR0533719, PVR0546701 - multiple spring vulnerabilities
|
CVE-2024-38816
CVE-2024-38808
CVE-2024-38809
|
|
|
GRD-88399
|
PSIRT: PVR0541067 - [USE THIS] OpenSSL (Publicly disclosed vulnerability)
|
CVE-2024-6119
|
|
|
GRD-88409
|
PSIRT: PVR0544554, PVR0536941, PVR0536210, PVR0539466, PVR0539642 - RHEL9 Kernel
|
CVE-2023-52817
CVE-2024-26662
CVE-2024-26663
CVE-2024-26668
CVE-2024-26700
CVE-2024-26707
CVE-2024-26940
CVE-2024-26958
CVE-2024-26961
CVE-2024-26962
CVE-2024-27010
CVE-2024-27011
CVE-2024-27019
CVE-2024-27020
CVE-2024-27025
CVE-2024-35947
CVE-2024-36010
CVE-2024-36016
CVE-2024-36017
CVE-2024-36020
CVE-2024-36025
CVE-2024-36270
CVE-2024-36489
CVE-2024-36896
CVE-2024-36904
CVE-2024-36905
CVE-2024-36917
CVE-2024-36921
CVE-2024-36927
CVE-2024-36929
CVE-2024-36933
CVE-2024-36940
CVE-2024-36941
CVE-2024-36945
CVE-2024-36960 CVE-2024-36971
CVE-2024-36978
CVE-2024-36979
CVE-2024-38538
CVE-2024-38555
CVE-2024-38573
CVE-2024-38575
CVE-2024-38596
CVE-2024-38598
CVE-2024-38615
CVE-2024-38627
CVE-2024-39276
CVE-2024-39472
CVE-2024-39476
CVE-2024-39487
CVE-2024-39502
CVE-2024-40927
CVE-2024-41042
CVE-2024-41071
CVE-2024-41096
CVE-2024-42238
CVE-2024-42244
CVE-2024-42258
|
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"12.0.0"}]
Was this topic helpful?
Document Information
Modified date:
27 May 2025
UID
ibm17178757