IBM Support

Release of Guardium Data Protection sniffer patch 12.0p4012

Release Notes


Abstract

This technical note provides guidance for installing IBM Guardium Data Protection sniffer patch 12.0p4012, including any new features or enhancements, resolved or known issues, or notices associated with the patch.

Content

Patch information
  • Patch file name: SqlGuard-12.0p4012_Snif_Aug_09_2025.tgz.enc.sig
  • MD5 checksum: e5461df02fd8d4b864f0bc1114f16399
Finding the patch 
  1. Select the following options to download this patch on the IBM Fix Central website and click Continue.
    1. Product selector: IBM Security Guardium
    2. Installed Version: 12.0 or 12.1
    3. Platform: All
  2. On the "Identify fixes" page, select Browse for fixes and click Continue.
  3. On the "Select fixes" page, select Appliance Sniffer Patch. Then, enter the patch information in the Filter fix details field to locate the patch.
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
Installation
Notes:
  • This universal sniffer patch can be installed on releases of Guardium 12.0 and 12.1.
  • Sniffer patches are cumulative, they contain all previous sniffer patches for that major version.
  • This patch restarts the sniffer process.
Overview:
  1. Download the patch and extract the compressed package outside the Guardium system.
  2. Be sure to check the latest version of these patch release notes online just before you install this patch.
  3. Pick a "quiet" or low-traffic time  to install the patch on the Guardium system.
  4. Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors.  This sniffer patch must be installed across all the appliances such as the central manager, aggregators, and collectors.
For more information, see How to install patches in the Guardium documentation.
New currency items
This patch provides the following new currency items.
Issue key Summary
GRD-72817
Apache Iceberg
GRD-94847
OceanBase
GRD-99949
SAP ASE 16.1 (formerly known as Sybase ASE)
GRD-99496
Teradata 20
GRD-71905
TigerGraph
GRD-99937
Vertica 25.2 (three servers ; not on Windows)
Resolved issues
This patch resolves the following issues.
Patch Issue key Summary Known issue (APAR)
12.0p4011
 See release notes for patch 12.0p4011
12.0p4012
GRD-94549
PARSER_ERROR errors for some valid Redis SQL statements.
DT426398
GRD-94865
Improved support for Neo4j 2025.01.0 bind variables.
GRD-97520
In alert messages, %%receiptTime and %%SQLTimestamp are different:
  • %%receiptTime now represents the timestamp when the alert is issued by sniffer. 
  • %%SQLTimestamp remains the same as before. For example, the SQL traffic's timestamp sent from S-TAP. 
  • %%receiptTimeMills is the integer number value representing the UNIX timestamp in milliseconds when the alert is issued by sniffer.
DT437122
GRD-98405
Adopted an internal change to the Sybase protocol.
DT446543
GRD-99557
Missing database username when using Oracle 23 SQL*Plus client.
DT444018
GRD-99795
Records affected for Oracle Kerberos.
DT443466
GRD-99996
Support use of "Alert Only" policy action in the session-level policy to alert either on the request (SQL) or the exception of that request.
GRD-100945
Fixed regular expression as group entry.
DT448260
GRD-102851
Fixed Parser errors for Teradata.
DT446335
GRD-105413
Fixed Parser errors for Netezza.
DT448685
Bug fixes
This patch provides the following bug fixes.
Issue key Summary
GRD-92279
When processing use statements from a universal connector, the database columns in reports now show the database name logged in the audit logs of the server instead of the one in the use statements.
GRD-99314
Fixed parser errors that caused Oracle Unified Audit queries to not be captured in full SQL reports.
GRD-99912
Fixed Milvus parser to support Milvus getFlushState operation.
GRD-100496
Missing remote traffic data when using Oracle 23 SQL*Plus clients.
GRD-103682
When processing Cloudera Data Platform ranger audits, sniffer will truncate atlas internal statements at the null character. Everything that follows the null character is random characters and can be safely discarded.
GRD-106051 Cassandra S-TAP failover does not send traffic to failover managed unit from the same sessions.
Known limitations
This patch provides the following known limitations.
Issue key Summary
GRD-107835
Teradata client stops responding with query rewrite. No workaround is available; this issue will be fixed in an upcoming release.
GRD-108208
For session-level policies only, the Database Type criteria for OceanBase will be fixed in 4Q 2025.
Workaround: Specify the value as "OCENABASE%" without double quotation marks.

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"},{"code":"a8m0z000000Gp0SAAS","label":"SNIFFER"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"12.0.0;12.1.0"}]

Document Information

Modified date:
20 August 2025

UID

ibm17242483

Page Feedback