Release Notes
Abstract
This technical note provides guidance for installing IBM Guardium Data Protection sniffer patch 12.0p4008, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
- Patch file name: SqlGuard-12.0p4008_Snif_Mar_11_2025.tgz.enc.sig
- MD5 checksum: 1fbe70749744deae6b944d94c18edbeb
Finding the patch
- Select the following options to download this patch on the IBM Fix Central website and click Continue.
- Product selector: IBM Security Guardium
- Installed Version: 12.0
- Platform: All
- On the "Identify fixes" page, select Browse for fixes and click Continue.
- On the "Select fixes" page, select Appliance patch (GPU and ad hoc). Then, enter the patch information in the Filter fix details field to locate the patch.
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
Installation
Notes:
- This universal sniffer patch can be installed on all releases of Guardium 12.x
- This patch restarts the sniffer process.
Overview:
- Download the patch and extract the compressed package outside the Guardium system.
- Be sure to check the latest version of these patch release notes online just before you install this patch.
- Pick a "quiet" or low-traffic time to install the patch on the Guardium system.
- Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors. This sniffer patch must be installed across all the appliances such as the central manager, aggregators, and collectors.
For more information, see How to install patches in the Guardium documentation.
New currency items
This patch provides the following new currency items.
| Issue key | Summary |
|---|---|
|
GRD-85245
|
Support for PostgreSQL 17
|
|
GRD-85967
|
Support for Elasticsearch
|
|
GRD-86565
|
Support for multiple vector databases:
|
|
GRD-89251
|
Support for MariaDB 11.5.2
|
|
GRD-91228
|
Support for IBM Db2 12.1
|
|
GRD-91300
|
Support for MongoDB 8.0
|
|
GRD-94716
|
Support for Redis 7.8
|
Enhancements
This patch provides the following enhancements.
| Issue key | Summary |
|---|---|
|
GRD-93423
|
New session-level policy rule criteria that allows use of LOGIN_FAILED as a condition of the session criteria. The action defined in the rule can be triggered when the condition is true.
|
Resolved issues
This patch resolves the following issues.
| Patch | Issue key | Summary | Known issue (APAR) |
|---|---|---|---|
| 12.0p4007 |
See release notes for patch 12.0p4007
|
||
| 12.0p4008 |
GRD-87414
|
The query rewrite policy might cause instability with an MySQL connection. This issue is addressed with snif patch 12.0p4008 and S-TAP patches with the following estimated release dates:
Please contact IBM Support if you need ad hoc S-TAP patches.
|
|
|
GRD-87489
|
Weak default snif ciphers (TLS_RSA)
|
DT396934
|
|
| GRD-88251 |
To identify users for IBM Db2 for z/OS traffic, add a slash star comment enclosing 'GuardAppUser:user_name' inside the SQL query. Learn more in product documentation.
|
DT421712
|
|
| GRD-88996 | Parser error for some Postgres insert statements on collector | DT406772 | |
| GRD-89072 |
For alert messages, the %%BindVarVal is now available for IBM Db2 z/OS and IBM Db2 for IBM i systems.
|
DT421655 | |
| GRD-89103 | MySQL failed login | DT401013 | |
| GRD-89785 | Addressed situation where sniffer logged extra SQL cursors when DataStage job started. | DT417620 | |
| GRD-89835 | Redis traffic causing parser errors and sniffer crashes | DT417680 | |
| GRD-89890 | Adds the option PROCEDURE_OBJECT_FIELD (that can be enabled through the following grdapi command: modify_guard_param) to change sniffer parsing behavior to not explicitly associate non-literal function arguments with function or procedure objects when evaluating object+field policy rule tuple groups and logging. | DT418983 | |
| GRD-89984 | Redis traffic causing parser errors | DT421656 | |
| GRD-90198 | Sybase parser error | DT417954 | |
| GRD-91392 | Sniffer restart with MongoDB traffic | DT421648 | |
| GRD-91728 | Sniffer restarting repeatedly | DT422154 | |
| GRD-91814 | Sybase error handling | DT424948 | |
|
GRD-87427
GRD-92078
|
Improve External S-TAP and sniffer communication by changing the proxy key handling to allow multiple External S-TAPs to connect to the same managed unit
|
DT399990
|
|
|
GRD-91931
GRD-92078
|
Sniffer not collecting data from External S-TAP. Implemented changing proxy key handling.
|
||
| GRD-92701 | Logged instance points to not logged construct ID | ||
| GRD-92889 | Parser error on IBM Db2/z | ||
|
GRD-94549
|
Redis traffic parser errors
|
DT426398
|
Bug fixes
This patch provides the following bug fixes.
| Issue key | Summary |
|---|---|
|
GRD-88750
|
Returned_data not logged when using LOG_FULL_DETAILS and REDACT for extrusion rule
|
|
GRD-92915
|
Policy pushdown behavior changed for z/OS S-TAP so that if policy installation is in a failed state on the collector, an empty policy will be pushed down to z/OS S-TAP, which stops z/OS S-TAP audit data capture. After policy installation succeeds on the collector, the corresponding pushdown policy is sent to z/OS S-TAP.
|
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"},{"code":"a8m0z000000Gp0SAAS","label":"SNIFFER"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"12.0.0;12.1.0"}]
Was this topic helpful?
Document Information
Modified date:
24 March 2025
UID
ibm17184587