IBM Support

Release of Guardium Data Protection 12.2.2

Release Notes


Abstract

This technical note provides guidance for installing IBM Guardium Data Protection 12.2.2, including any new features or enhancements, resolved or known issues, or associated notices.

Content

Download Guardium 12.2.2
 
IBM Passport Advantage

On Passport Advantage, you can find the Guardium Product Image - ISO file, licenses, product keys, and manuals. You can download only the products that your site is entitled. If you need assistance to find or download a product from the Passport Advantage site, contact the Passport Advantage team at 800-978-2246 (8:00 AM - 8:00 PM ET) or by email at paonline@us.ibm.com.

 
IBM Support Fix Central

On Fix Central, you can find upgrades, Guardium Patch Update (GPU) files, individual patches, and the current versions of database agents, such as Software TAP (S-TAP) and Guardium Installation Manager (GIM). If you need assistance to find a product on Fix Central, contact IBM Support.
 

Install Guardium 12.2.2
Guardium 12.2.2 is available as an ISO product image on Passport Advantage. If the downloaded package is in .zip format, extract it outside of the Guardium appliance before you upload or install it. Review the latest version of these release notes just before you install. Install Guardium across all the appliances, such as the central manager, aggregators, and collectors. For detailed steps, see Installing your Guardium Data Protection system.

 
Upgrade to Guardium 12.2.2

Before you upgrade, confirm that your appliance meets the minimum requirements. Upgrade your firmware to the latest versions provided by your vendor. If you use a Guardium appliance, check Fix Central for the latest firmware. 

You can upgrade to Guardium 12.2.2 (GPU 12.0p220) from Guardium systems that are running on version 12.2.0 (GPU 12.0p200, see release notes). The best approach for upgrading Guardium depends on the version you are upgrading from, the hardware of your system, and any special partitioning requirements you might have. See Identifying the correct upgrade path to review upgrade scenarios and identify the correct upgrade path for your Guardium systems. Review the latest version of these release notes just before you install.

Note: The Guardium system will restart during the upgrade process for all of the patch installations, so schedule the upgrades in batches during low database traffic times to minimize audit gaps. Do not reboot the appliance while the patch installations are in progress. Contact IBM Support if there is an issue with patch installation.

 
Prerequisites
  • Guardium Data Protection 12.2.0 (GPU 12.0p200, see release notes)
  • The latest Guardium Data Protection health check patch 12.0p9997
 
Attention
 

Feature licenses process

Starting with version 12.2.1, Guardium uses a single-stream release model with quarterly feature updates. Previously, the Fix Central website provided only fixes, while Passport Advantage delivered new features. Now, updates are delivered both through the Passport Advantage and Fix Central websites. 

Features downloaded through Passport Advantage are automatically unlocked. However, new features downloaded from Fix Central sometimes must be manually unlocked. Regardless of where they are downloaded from, all features controlled by feature flags must be explicitly enabled in your environment before you can use them. For more information, see Applying feature flags.

For Guardium 12.2.2, the following feature patches are available for download/installation:

  • Edge patch 12.0p15001
  • GenAI patch 12.0p80003
  • Data lake patch 12.0p80102 


In Guardium 12.2.2, the Edge Gateway 2.1 feature must be manually unlocked.

Note: The TICKET_PROXY and TICKET_OAUTH feature flags are visible in 12.2.2. However, they are disabled by default and not supported in this version. These flags are reserved for future functionality and should not be unlocked or enabled. Support for these capabilities is planned for a later release.

 

Single stream agent releases

Starting with 12.2.1, most of the Linux-UNIX and Windows agents for Guardium Data Protection versions 12.0 and later are now released in a single stream. This simplifies maintenance, reduces version divergence, and ensures consistent feature and fix availability across all supported 12.x environments. For more information, see Single-stream agent releases.

 
 
New features and enhancements


Active threat detection and case triage acceleration


Redesigned Active Threat Analytics and case investigation interfaces are more intuitive, with clearer threat detection case explanations and a side panel for quick triage and resolution. AI-automated, real-time case summaries provide threat detection case insights faster.

 

Automated deployment and virtual appliance support

  • Automatic filesystem expansion for Guardium cloud images using Terraform.
  • Automated provisioning and configuration of new Linux virtual machines available with cloud-init.
  • Support for Oracle Linux Virtualization Manager.

 

Edge Gateway 2.1 


A scalable, Kubernetes-based service architecture, Edge Gateway now has faster deployment options, including private container image registry support and Terraform modules for automated deployment across AWS Elastic Kubernetes Service (EKS), Red Hat OpenShift, and K3s. 

In addition to Linux-UNIX Software TAP (S-TAP) traffic sources, Edge Gateway now directly streams Windows and External S-TAP agent traffic and processes database streaming traffic from AWS and Azure cloud services.

 

Executive dashboard


Several usability and insight-driven improvements were added to the executive dashboard. The updates make it more actionable, financially relevant, and easier to interpret, aligning technical data with executive decision‑making needs. Enhancements include flexible date filters, transparent ROI calculations, trend indicators, and clearer asset and health insights.

 

Long-term retention reports and API configuration


Easily manage and monitor long-term storage with one-time or recurring, scheduled Data Lake Reports that can be enriched with custom tables data. 

A new CLI command, configure_complete_cold_storage, is available for full long-term retention configuration.

 

 

Storage support for upgrade  

Amazon Simple Storage Service (S3) is now supported as a protocol for upgrade workflows. However, upgrade using S3 through the Identity and Access Management (IAM) instance profiles option is not supported. 

 

Universal connector


Integration of universal connector (UC) credential handling with HashiCorp Vault enables credential rotation and reduced operational overhead. Any UC profile plug-in that supports external credentials can select this credential type. 

Additional UC plug-ins for configuration through the central manager workflow are available for Azure SQL over JDBC, CockroachDB over Syslog, DynamoDB over S3SQS, GCP MSSQL over JDBC, MongoDB over Syslog, MySQL over S3SQS, MySQL over Syslog, OUA over Pipe with Wallet, and PostgreSQL over S3SQS. 

For UC 2.0, additional Java Database Connectivity (JDBC), Azure Event Hub, CloudWatch, and PubSub-based connectors are available.

  • Azure Event Hub connectors for Databricks, MySQL, and PostgreSQL
  • CloudWatch connectors for Amazon RDS for MySql, Amazon RDS for Oracle, Amazon S3, Aurora MySQL, DocumentDB. DynamoDB, MariaDB, and OpenSearch.
  • Java Database Connectivity (JDBC) connectors for Autonomous OUA with Wallet, Microsoft SQL Server on prem, and Snowflake.
  • Kafka connector for IBM watsonx.
  • PubSub connectors for AlloyDB, Apache Solr, Google BigQuery, Google BigTable, Google Spanner. MySQL, and PostgreSQL.

 

Note: UC fixes are delivered in cumulative patches separate from Guardium Data Protection appliance bundle patches. When you install Guardium 12.2.2 (GPU 12.0p220), your UC will upgrade to what is included in the GPU only if the UC on the system where you are installing GPU 12.0p220 is older than the UC that is included in GPU 12.0p220. 

 

Vulnerability Assessment

  • Support for new data sources: MongoDB Atlas 8.0.16 and MarkLogic 11.3.3, 12.0.0
  • Data source currency updates: EDB PostgreSQL 17.5, IBM Db2 (LUW) 12.1, and Oracle MySQL 8.4
  • Microsoft Entra ID authentication support for Azure SQL Database
  • Modifiable severity and threshold values for Assessment Tests reports
  • Support for running VA Scanner on AWS EKS
 
 
Linux-UNIX and Windows Agents
 

For more information about new features and enhancements to the Configuration Auditing System (CAS), Guardium Installation Manager (GIM), File Activity Monitor (FAM) for Windows (FamMonitor), and Software TAP (S-TAP) agents, see their corresponding release notes: 

 

Sniffer updates
 

The latest sniffer patch that is included in Guardium 12.2.2 is version 12.0p4016 (see release notes). Sniffer patches are cumulative; they contain all previous sniffer patches for that major version.

 
New supported platforms and databases
 

Linux-UNIX S-TAP

  • Cloudera 7.3.1
  • Greenplum 7.5.2
  • Milvus 2.6.7
  • Neo4j 2025.10.1
  • OpenSearch 3.4.0
  • Oracle AI Database 26ai

 

Windows S-TAP

  • Neo4j 2025.11.2
  • Microsoft SQL Server 2025

 

Universal connector

  • Amazon Relational Database (RDS) for Oracle
  • CockroachDB
  • IBM watsonx.data (Presto engine only)
  • Oracle Autonomous Data Warehouse

 

Vulnerability Assessment

  • IBM Db2 (LUW) 12.1
  • EDB PostgreSQL 17.5
  • Oracle MySQL 8.4
  • MongoDB Atlas 8.0.16
  • MarkLogic (on prem) 11.3.3, 12.0.0

 

Most supported platforms information is available in the Guardium Supported Datasources matrix. For all other supported platforms and system requirements information, including Vulnerability Assessment, platforms that are supported by External S-TAP, information about IBM i, and hardware or virtual machine requirements, see System Requirements for Guardium 12.2.x.

 
Deprecated commands, platforms, and functionality
 

Guardium version 11.4 end of support
On 30 April 2026, Guardium Data Protection 11.4 reaches completion of Extended Support. For more information, see IBM Support Product lifecycle overview.
 
Guardium version 11.5 support transition
On 30 April 2026, Guardium Data Protection 11.5 reaches completion of Base Support and transitions to Extended Support. For more information, see IBM Support Product lifecycle overview.

 

Resolved issues 
 
VersionIssue keySummaryAPAR
12.2.1 
See release notes for Guardium 12.2.1
 
12.2.2 GRD-102626Fixed an issue where kernel crash by K-TAP on Solaris 5.11DT448727
 GRD-104577DB sentences missing after installing patch p120DT456975
 GRD-104789Guardium Active Threat Analytics exclude list didn't workDT463572
 GRD-106013Delimiter fields cannot be moved up or down in the reportDT449749
 GRD-106949Unable to login to the GUI on appliance configured to authenticate via SSO SAMLDT448715
 GRD-108524Option to configure rsyslogd to bypass writing to syslogDT455404
 GRD-108948VA DM stats have mismatch between number of extracted and ingested records. 
 GRD-109374xvu11dbm05 via vae1cmrv0008; missing DB_USER for guardium_gis and gcib_mnpi indexes in Splunk - OracleDT457531
 GRD-109498Added a new guard parameter, EVAL_RULE_APP_USER_PER_SQL, to control enabling the app user rule criteria evaluation for the Oracle Unified Audit (OUA) database protocol.DT454346
 GRD-110627Oracle Enterprise User Security issueDT455188
 GRD-110653DB2 on z/OS VA scan results show "Unsupported Security PTF patch detected" for DB2 z/OS APAR PTFs starting with 'UO' prefixDT454625
 GRD-110947Changing some parameters in S-TAP Control disables Dynamic Ring Buffers if it was enabledDT457820
 GRD-111204Data Import fails with error "Failed decrypting file (suffix=decrypt_failed)"DT460220
 GRD-111999Collector does not receive any traffic from all UNIX S-TAPs with snif p4012 and laterDT454959
 GRD-112241Output of command "show system custom_db_usage" is wrong for "TOTAL SIZE_OF_INNODB_TABLES" and that is causing errror "custom DB reached it's quota"DT463496
 GRD-112291MongoDB A-TAP activation fails with "Database instance is running, please stop it first" message when MongoDB MMS Automation Agent is runningDT458302
 GRD-112333Executing a CLI command "show csr wildcard" returns error "Error in converting privatekey to decrypted form for tomcat" in GuardiumDT457503
 GRD-112921Error for non-admin users "You do not have sufficient privilege to access the query" when selecting Query and Alert definitions imported from another applianceDT458388
 GRD-113361PostgreSQL datasource connection requires a valid client certificateDT460711
 GRD-113562UC Health Alert Triggered on Deployment Dashboard without using universal connectorDT463585
 GRD-113697Error connecting to IBM COS: "Make sure your credentials are valid"DT461206
 GRD-114795Add ability to export Test Exceptions from a Vulnerability AssessmentDT458122
 GRD-114872S-TAP "Fail to save Priority Packet" and "drop messages due to rate-limiting "on Guardium 12.2 (Database: OceanBase)DT460044
 GRD-115058After upgrading Guardium to 12.2, the Risk Spotter policy disappearsDT457592
 GRD-115152Datastreams Eventhub config disappeared from GUI but record not removed from the databaseDT458319
 GRD-115456Incorrect "Version" for some appliances in the "Deployment Health Table" on CMDT458723
 GRD-115545Unable to change SCP port from the default 22DT458241
 GRD-115706With A-TAP activated, Oracle DB is not getting discovered 
 GRD-115800Error while running "import scanner_agent scp <agent>". Cannot open rpmkeys file. 
 GRD-115876Custom sniffer certificate from an appliance where a backup was taken is not restored to a second appliance where the backup was restoredDT458239
 GRD-115975Errors in Couchbase Datasource Config - Missing "Use LDAP" checkbox and "Database" parameter in GUI 
 GRD-116344Guardium Central Manager - reset-managed-cli command fails to reset the CLI password on all managed unitsDT458396
 GRD-116567Non-admin users can access details about users using API callsDT460790
 GRD-116745Windows S-TAP not capturing Database Name User, application user on MSSQL using Kerberos. 
 GRD-117204Fixed an S-TAP instability following an upgrade with protocol 7 by clearing leftover registry entries.DT460464
 GRD-117234Deploymend Health Table Alert: Threshold Alerter AlerterMessage 
 GRD-117245Freshly built Guardium 12.2 appliance running on an HPE server shows high space consumption for the efivar file-system partitionDT463455
 GRD-117260Unable to harden ciphers for 12.2 using GuardAPIDT463691
 GRD-117278Vulnerability Assessment Test 205: SQL OLEDB disabled (DisallowAdhocAccess registry key) fails with: Pre Test Check Failed. Test not executed. User need to have setupadmin privilege to run this testDT461236
 GRD-117279Large logs with S-TAP buffer overflow messages generated after capturing 'guard_diag' onceDT464261
 GRD-117472OpenSSH ssh Function Vulnerability (CVE-2025-61984) in Guardium version 12.1DT463011
 GRD-117480IBM Guardium generate large dump files and fill up database space 
 GRD-117559VA Test - OS Error - Cassandra Default PasswordDT463688
 GRD-117571Improved S-TAP robustness to avoid S-TAP instability even when memory resources are critically low.DT465036
 GRD-117890Fixed Microsoft SQL parser issues.DT463744
 GRD-118200CLI password reset is not logged into audit trailDT463581
 GRD-118214If there are any missing NETWORKS parameters for inspection engines in guard_tap.ini, restarting the Windows S-TAP service will update the file with default NETWORKS parameters (1.1.1.1/0.0.0.0,::1/0). DT463953
 GRD-118586Database server goes in hung state due to K-TAP 
 GRD-118769

Datasource test connection issue using Azure Cosmos DB

DT464820
 GRD-118849Fixed IBM Db2 parser errors. 
 GRD-118871Installation of Patch SqlGuard-12.0p135_Bundle_Jan_16_2026 failedDT463570
 GRD-119286Enterprise S-TAP report Encrypted column have value 9801 for Windows S-TAP, which is not expected. Expected values are TLS or Unencrypted.DT464684
 GRD-119317Archive s3 port setting not saved when using GRDAPI commandDT463958
 GRD-119651Windows GIM upgrade 11.5  to 12.2 issue ERR=1305 Error obtaining client authentication info module = GIMDT465440
 GRD-119815Guardium MFA with RSA doesn't work 
 GRD-120045S-TAP generates core randomlyDT454959
 GRD-120066Sgate Terminate not working when adding fields as field and object and dbnameDT464028
 GRD-120622FamMonitor might report a wrong IP as Client IP. 
 GRD-120647GIM service status message "write error: Broken pipe" 
 GRD-120832Increased maximum value for LOAD_BALANCER_NUM_MUS to 300 and the buffer size to 64 KB.DT465008
 GRD-120975

Fixed an issue that might cause kernel memory leaks leading to instability on database servers. For more information, see Linux-UNIX S-TAP 12.1.3.0_r122091_1 and 12.2.1.0_r122289 might cause kernel memory leaks.

Important post-upgrade requirement

Installing this S-TAP update will stop all new memory leaks, but it will not release memory that was already leaked under the affected versions. Therefore, IBM strongly recommends rebooting the server after upgrading to ensure all previously leaked and unrecoverable kernel memory is cleared. A full reboot is required at your earliest convenience to return the system to a known-good state.

DT465441
 GRD-121332Datasource definition operations slowed post-upgrade to 12.2DT465514
 GRD-121348A-TAP correlation issue 
 GRD-97936Create grdapi of store cli_userauth command 
 
 
Security fixes
Issue keySummaryCVE
GRD-76923PSIRT: PVR0474268 - SE - Pen Testing On-prem 2024 & 2023 - Various key materials are checked into git repositories - YWDFW-0003, TZAVW-0015 
GRD-81251PSIRT: PVR0498203 & PVR0498442 - zookeepeer - WebappsCVE-2017-5637, CVE-2019-0201, CVE-2018-8012, CVE-2023-44981, CVE-2024-23944
GRD-81253PSIRT: PVR0498306 - Apache commons-dbcpCVE: 217222
GRD-81258PSIRT: PVR0498337, PVR0501176 - Netty - kafkaCVE-2019-20444, CVE-2014-0193, CVE-2014-3488, CVE-2015-2156
GRD-92035PSIRT: PVR0557444 - jetty-http-9.4.53.v20231009.jar (Publicly disclosed vulnerability found by Mend) - solr - used in zookeeper - dependency delay needed 7/30/2025CVE-2024-6763
GRD-100242PSIRT: PVR0642761 IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447CVE-2025-4447
GRD-102088PSIRT: PVR0668193 - commons-beanutils-1.9.2.jar (Publicly disclosed vulnerability found by Mend) - spectrum protect (tivoli)CVE-2025-48734
GRD-112135PSIRT: PVR0669678, PVR0669059, PVR0696387 - netty-codec-4.1.125.Final.jarCVE-2025-58057, CVE-2025-67735
GRD-113257PSIRT: PVR0683789 - vertx-web-4.5.8.jar (Publicly disclosed vulnerability found by Scanner)CVE-2025-11965, CVE-2025-11966, CVE-2026-1002
GRD-114008PSIRT: PVR0685130 - IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPUCVE-2025-53066, CVE-2025-53057
GRD-115901PSIRT: PVR0688473 - js-yaml-4.1.0.tgz (Publicly disclosed vulnerability found by Scanner)CVE-2025-64718
GRD-116333PSIRT: PVR0693126 - struts2-core-2.5.33.jar (Publicly disclosed vulnerability found by Scanner)CVE-2025-64775
GRD-116955PSIRT: PVR0702018, PVR0702017 - SE - Pen Testing GDP - 2025 - 3 issues found (2 high, 1 medium) 
GRD-117035PSIRT: PVR0695586 - struts2-core-2.5.33.jar (Publicly disclosed vulnerability found by Scanner)CVE-2025-66675
GRD-117324PSIRT: PVR0694349 - lz4-1.3.0.jar (Publicly disclosed vulnerability found by Scanner) - Outlier 
CVE-2025-66566
GRD-117724PSIRT : PVR0697335 log4j-core-2.17.1.jar (Publicly disclosed vulnerability found by Scanner)CVE-2025-68161
GRD-117728PSIRT : PVR0697669 okhttp-3.12.2.jar (Publicly disclosed vulnerability found by Scanner) -- kuberneticsCVE-2021-0341
GRD-118868PSIRT; PVR0709814 : Openssl rpmCVE-2025-15467, CVE-2025-69419
GRD-119052PSIRT : PVR0705854 lodash-4.17.21.tgz and lodash-es-4.17.21.tgz (Publicly disclosed vulnerability found by Scanner)CVE-2025-13465
GRD-119053PSIRT : PVR0706446 seroval-1.4.0.tgz (Publicly disclosed vulnerability found by Scanner)CVE-2026-23956, CVE-2026-23957,CVE-2026-24006, CVE-2026-23736, CVE-2026-23737
GRD-119114PSIRT : PVR0707166 protobuf-3.18.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Publicly disclosed vulnerability found by Scanner)CVE-2026-0994
GRD-119194PSIRT : PVR0707575 IBM Java (Publicly disclosed vulnerability found by Scanner)CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925
GRD-119195PSIRT : PVR0708238 hibernate-core-3.6.10.Final.jar (Publicly disclosed vulnerability found by Scanner)CVE-2026-0603
GRD-119199PSIRT : PVR0709664 GH_WinstapSpp Unmatched Source Files (Publicly disclosed vulnerability found by Scanner)CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2026-22795, CVE-2026-22796
GRD-119200PSIRT : PVR0710436 IBM Java (Publicly disclosed vulnerability found by Scanner)CVE-2026-1188
GRD-119266PSIRT: PVR0701916 - struts2-core-2.5.33.jar (Publicly disclosed vulnerability found by Scanner) CVE-2025-68493
GRD-119306PSIRT: PVR0646930 - commons-beanutils-1.9.2.jar (Publicly disclosed vulnerability found by Mend)CVE-2025-48734
GRD-119470PSIRT: PVR0667170 - http2-common-10.0.22.jar (Publicly disclosed vulnerability found by Mend) - SOLRCVE-2025-5115 
GRD-119482PSIRT: PVR0463239 - d3-color-1.4.1.tgz (Publicly disclosed vulnerability found by Mend) WS-2022-0322
GRD-119519PSIRT: PVR0711424 - aircompressor-0.27.jar (Publicly disclosed vulnerability found by Scanner) CVE-2025-67721
GRD-119521PSIRT: PVR0712254 - azure-eventhubs-2.3.2.jar (Publicly disclosed vulnerability found by Scanner) CVE-2020-16971
GRD-119946PSIRT: PVR0714760, PVR0713720 - ajv-6.12.6.tgz, axios-1.13.2.tgz (Publicly disclosed vulnerability found by Scanner)CVE-2025-69873
CVE-2026-25639
GRD-119953PSIRT: PVR0715128 - kotlin-stdlib-1.4.10.jar (Publicly disclosed vulnerability found by Scanner) CVE-2020-29582, CVE-2022-24329
 
 
Known limitations and workarounds
 
ComponentIssue keySummary
BackupGRD-120315When running a system backup job from the CLI by using the backup system command, if the user selects CONFIGURED DESTINATION during the questionnaire, the word DEFAULT is displayed as the protocol in the Aggregation/Archive Log report within the UI.
BackupGRD-122028

When running a system backup job from the CLI by using the backup system command, the word DEFAULT is displayed in the Aggregation/Archive Log report within the UI under the Comment column if the job failed.

A fix will be available in an upcoming release.

Backup and restoreGRD-121311

The following CLI commands cannot be restored if taking a backup from version 12.2.2 and restoring to version 12.2.2.

  • store pdf-config multilanguage_support
  • store ciphers java secure disable cbc
  • store ciphers java secure disable dhe
  • store password expiration cli 59
  • store password expiration guardcli3 59
  • store monitor custom_db_usage
  • store stap network_latency
  • store timeout fileserver_session
  • store timeout db_connection
  • pdf-config multilanguage_support
  • store maximum query duration

 

The following CLI commands cannot be restored if taking a backup from version 12.2.2 and restoring to version 12.2.2. A fix will be available in an upcoming release.

  • store allow_reinstall
  • store system snmp version v3
  • store remotelog max_message_size
  • store system classifier profile
  • store system service disable cas
  • store system service disable guard-insights
  • store system service enable guard-insights
  • store system snif-thread-number
  • store system sshd-max-connection
  • store system time_server
  • support store snif-debug
  • store system snif-alerts-facility
  • support store tcpdump
Edge GatewayGRD-121428

In the case that a critical secret is updated, manual intervention will be required to keep edges healthy.

Workaround: 

  1. After the critical secret is updated and fully applied on the central manager, such as the Tomcat certificate in the keystore, redownload each edge bundle from the Central Management UI.
  2. Extract each edge bundle on the machine which the Edge cluster resides.
  3. Instead of running the edge installer like a typical Edge Gateway bundle installation, use kubectl directly to apply just the secrets yaml to the edge’s namespace: kubectl apply -f 02-edge-imagepull-secret.yaml -n <edge-namespace>
  4. Restart the edge-controller-client with the following command: kubectl rollout restart deployment/edge-controller-client -n edge-staging
Edge GatewayGRD-121484

Within the GDM_CONSTRUCT_TEXT and GDM_EXCEPTION table columns, some data value discrepancies exist between collectors and Edge Gateway streaming traffic sources. 

A fix will be available in an upcoming release.

Edge GatewayGRD-121783

Must gather from the central manager is not available for datastreams when working with Edge Gateway. 

A fix will be available in an upcoming release.

Edge GatewayGRD-122037

Immediately after installing Edge, it is not possible to apply a previously created policy because the Install option is disabled and not clickable.

Workaround: Refresh the browser page. After refreshing, the Install option becomes clickable, allowing the policy to be installed.

Edge GatewayGRD-122143

When Windows S-TAP is configured to point to an Edge cluster: After introducing an invalid value for a parameter in guard_tap.ini and restarting the Windows S-TAP service, an inconsistency is observed in the SYNCH_FLAG value that causes incorrect status information about S-TAP in GUI on the central manager. 

A fix will be available in an upcoming release.

Edge GatewayGRD-122185

In the case of switching an AWS stream shard from On‑Demand mode to Provisioned mode, error entries (such as shard application exceptions) may appear in the datastream pod logs. After the mode change, traffic logging may remain disrupted.

Workaround: After completing the mode switch, re‑enable AWS streaming by configuring and using a new consumer group. This restores normal traffic processing and logging.

External S-TAPGRD-122144

The External S-TAP GUI can only display the initial health count. If the group container is scaled up or down, the health count will not change.

A fix will be available in an upcoming release.

Long-term retentionGRD-122188

The download link for a scheduled Data Lake Reports implementation report expires after 7 days.

Workaround: Rerun the report.

Universal connectorGRD-121551As of version 12.2.2, the Postgres over Kafka and Yugabyte over Kafka universal connectors are deprecated and will no longer be supported.
Universal connectorGRD-122321If you encounter an issue importing a profile while running Terraform scripts, edit the existing {pluginName}.tpl file in the Terraform repo and match the {{profile_definition_name}} to the plug-in name in the UI.
UpgradeGRD-114277

After upgrading to version 12.2.2 from version 12.2.1, the following CLI commands are not retained. A fix will be available in an upcoming release.

  • show maximum query duration
  • show system classifier profile
  • show aggregator static_data

 

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"12.2.0"}]

Document Information

Modified date:
01 April 2026

UID

ibm17266258

Page Feedback