Release Notes
Abstract
This technical note provides guidance for installing IBM Guardium Data Protection Windows Agents 12.2.1.205, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
| Product: | IBM Guardium |
|---|---|
| Release version: | Guardium 12.2 Windows Software TAP (S-TAP) |
| Completion date: | 19 December 2025 |
Guardium_12.2.1.205_S-TAP_Windows |
- Select the following options to download this patch on the IBM Fix Central website and click Continue.
- Product selector: IBM Security Guardium
- Installed Version: 12.2
- Platform: Windows
- On the "Identify fixes" page, select Browse for fixes and click Continue.
- On the "Select fixes" page, select Database Agent (STAP, GIM and CAS). Then, enter the patch information in the Filter fix details field to locate the patch.
- A fresh install of Guardium 12.2 does not require a reboot.
- IBM strongly recommends that you do not use the following builds as they contain instabilities that can lead to system failure. Uninstall these builds and reboot before you install S-TAP 12.2. For all other builds, you can upgrade as usual.
- 11.4.0.168 through 11.4.0.204
- 11.3.0.257 through 11.3.0.287
Database instance stop and server reboot required for patch upgrade
- Stop all database instances.
- Upgrade Windows S-TAP to version 12.2.1.205.
- Reboot your database server immediately after you upgrade Windows S-TAP.
- Start your database instances.
Single-stream agent releases
Starting with Guardium Data Protection 12.2.1.0, most of the Linux-UNIX and Windows agents for Guardium Data Protection versions 12.0 and later are now released in a "single stream". Previously, each Guardium 12.x release (12.0, 12.1, and 12.2) had its own separate agent installers and patch packages. With the move to single-stream packaging, the agent binaries are unified into one continuous release line, so the same installation and upgrade package applies across multiple Guardium 12.x versions. This simplifies maintenance, reduces version divergence, and ensures consistent feature and fix availability across all supported 12.x environments.
File names starting with 12.x are now applicable to all current Guardium 12.x versions (12.0, 12.1, and 12.2), and future releases within the Guardium 12.x family. The single-stream packaging currently applies to the following agents:
- Guardium Configuration Auditing System (CAS)
- Guardium File Activity Monitor (FAM) for Windows
- Guardium Installation Manager (GIM)
- Guardium Software TAP (S-TAP)
With this change, customers no longer need to locate version-specific agent packages for each 12.x release. Installing the latest 12.x agent package will be supported across all 12.x collector and aggregator versions that meet the documented compatibility requirements.
Note: The single-stream packaging does not currently apply to External S-TAP agents.
- PostgreSQL 18
- EDB Postgres 17.6
- MariaDB 12.0
- Mongo 8.2
Issue key | Description |
|---|---|
| GRD-115376 | An S-TAP agent using protocol 7 does not request a new managed unit (MU) when enterprise load balancing is enabled and uses a proxy MU. Workaround: If a proxy MU is required for your configuration, use protocol 8 for the S-TAP agent. |
| GRD-115865 | An S-TAP agent upgrade might fail when the agent is configured for IBM Informix SSL or IBM Db2 SSL traffic capture due to an issue in the DLL. Workaround: To upgrade an S-TAP agent that is configured for Informix SSL or Db2 SSL traffic capture, you must stop the database before the upgrade, then start it again after the S-TAP agent upgrade is complete. |
Patch | Issue key | Summary | Known issue (APAR) |
|---|---|---|---|
12.2.0.158 | |||
| 12.2.1.205 | GRD-109007 | Fixed an issue in S-TAP Named Pipes proxy driver potentially causing Remote Procedure Calls failures. For more information, see Guardium Windows S-TAP 12.1.19.195, 12.0.1.295, 11.5.10.478 might cause Windows OS server unavailability with RDP access. | DT454370 |
GRD-110688 | Removed vulnerable OpenSSL binaries from S-TAP installation subject to CVE-2022-1292, CVE-2022-2068, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-4807, CVE-2023-5363, CVE-2024-4741, CVE-2024-5535, and CVE-2024-6119. | DT454221 | |
GRD-112085 | Added safeguards to prevent adding invalid appliances to S-TAP by limiting the number of appliances (max number 10), the length of appliance hostname (max 255 characters), and running basic validation of appliance names by checking invalid characters. | DT454070 | |
GRD-112239 | Removed vulnerable OpenSSL ssleay32.dll binary to address CVE-2024-5535 and CVE-2023-0464. | DT454210 | |
GRD-113649 | Upgraded OpenSSL to version 3.5.4 to remove vulnerability subject to CVE-2025-9230. | DT457505 | |
GRD-115230 | Fixed an issue in WfpMonitor that may lead to an instability in the database server. For more information, see Windows S-TAP 12.2.0.x, 12.1.x, 12.0.x, and 11.5.x might cause MSSQL server instability when S-TAP process partial or malformed TDS PDUs. | DT457509 |
| MD5Sum | File Name |
|---|---|
| 583d262d61a2ec7f4ac78f55795bd9b3 | Windows-STAP-120201205.zip |
| f0a040044842a9c2e08b61375af59850 | conf.reload.WINSTAP |
| 127fdea8226b0ce389e600fc892b9497 | guard-WINSTAP-12.2_r120201205_1-x86_x64.gim |
| 669ddf4da7da8bc07ff895dbe7bb0863 | guard-WINSTAP-guardium_12.2_r120201205_1-Windows-Server-Windows-x86_x64.exe.signed |
- Guardium Data Protection 12.2.1.0 (see release note)
- Guardium Data Protection Windows CAS 12.2.1.205 (see release note)
- Guardium Data Protection Windows FamMonitor 12.2.1.205 (see release note)
- Guardium Data Protection Windows GIM 12.2.1.205 (see release note)
Was this topic helpful?
Document Information
Modified date:
05 February 2026
UID
ibm17254607