Views:

By design, on-premise Deep Security users will not see 20.0.1 DSA/KSP on management console until upgrading DSM version to 20.0.883 or higher. If user manually imports 20.0.1 DSA/ KSP to DSM (20.0.854/20.0.864/20.0.879), the following situation will be encountered:

  • For existing Cloud One - Workload Security users using DSA 20.0.0
    DSA version
    < 20.0.0-8453
    DSA version
    = 20.0.0-8453+
    (including 20.0.1)
    NO IMPACT till August, 2024 when KSP 20.0.0 support ends (*)NO IMPACT by using KSP 20.0.1 auto-switched from KSP 20.0.0

     
  • For existing Deep Security On-Premise users who did not manually import KSP 20.0.1 build package to DSM
                              DSA version
    < 20.0.0-8453
    DSA version
    = 20.0.0-8453+

    DSM version
    < 20.0.854

    NO IMPACT till August, 2024 when KSP 20.0.0 support ends(*)

    NO IMPACT till August, 2024 when KSP 20.0.0 support ends*

    DSM version
    = 20.0.854, 20.0.864 or
    20.0.879

    NO IMPACT till August, 2024 when KSP 20.0.0 support ends(*)

    NO IMPACT till August, 2024 when KSP 20.0.0 support ends*

    DSM version
    = 20.0.883+
    (since Feb release)

    NO IMPACT till August, 2024 when KSP 20.0.0 support ends(*)

    NO IMPACT till August, 2024 when KSP 20.0.0 support ends*


     
  • For existing Deep Security On-Premise users who manually imported KSP 20.0.1 build package to DSM
                              DSA version
    < 20.0.0-7943
    DSA version
    20.0.0-7943 -
    20.0.0-8453
    DSA version
    = 20.0.0-8453+

    DSM version
    < 20.0.854

    NO IMPACT till August, 2024 when KSP 20.0.0 support ends(*)

    NO IMPACT till August, 2024 when KSP 20.0.0 support ends(*)

    NO IMPACT till August, 2024 when KSP 20.0.0 support ends(*)

    DSM version
    = 20.0.854,
    20.0.864 or

    20.0.879

    NO IMPACT till August, 2024 when KSP 20.0.0 support ends(*)

    IMPACT: Failure to install or upgrade to Deep Security Agent version 20.0.0-7943 to 20.0.0-8438 for Linux when Network Modules are enabled. Please see this article for details

     NO IMPACT

    DSM version
    = 20.0.883+
    (since Feb
    release)

    IMPACT: Require manually import KSP 20.0.0 and send policy in Deep Security. Please see this article for details.

    IMPACT: Require manually import KSP 20.0.0 and send policy in Deep Security. Please see this article for details.

     NO IMPACT

 
* After May 2024, KSP 20.0.0 release frequency will be on a weekly basis until August when it stops release.
 

Because DSM 20.0.883 or above will support KSP 20.0.1 as the future main stream kernel support package in 2024, if your environment has DSAs under 20.0.0-8453, you will need to manually import KSP 20.0.0. To mitigate this manual effort, we recommend following upgrade steps.

  1. Upgrade ALL DSAs to 20.0.0-8453 or above.
  2. Upgrade DSM to 20.0.883 or above.


DSVA stays with 20.0.0.* build

The DSM (20 LTS Update December 2023) release build limits DSVA upgrades to version 20.0.1 and maintains support for DSVA upgrades to 20.0.0 following critical bug fixes or vulnerability patch releases. Note that, starting from RHEL7 DSA version 20.0.1, the feature plugin required for DSVA is no longer supported, resulting in expected DSVA upgrade failures.

Upgrade scenarios:

  • Once the DSM server upgrades to "20 LTS Update December 2023" build, the upgrade available list of DSVA will no longer display the DSA version 20.0.1.
  • Once the DSA version 20.0.1 is released but the DSM is not yet upgraded to "20 LTS Update December 2023" build, the DSVA upgrade to version 20.0.1 will show failure.
  • The DSVA appliance only allows upgrade to version 20.0.0, and does not support the version 20.0.1


Standalone Notifier Install Package

The DS Notifier (Windows x86 package) stay on DS version 20.0.0.8438 build and will not release signal Notifier package on DS Software Download Center.

Upgrade scenarios:

  • For current supported Windows OS (like as Windows 11 or Windows Server 2022), install the DS 20.0.0.8438 build still supported.
  • For future new Windows release, it is recommended to install DSA 20.0.1 full package or above that support Notifier function.


Upgrade may fail on Cloud One - Workload Security Relay

Please refer to the KB article, Failed remote upgrade of self-deployed Cloud One - Workload Security relay from 20.0.0-3445+ to version revision 20.0.1 for details.


For more information, refer to the KB article, Platform support updates for Deep Security Agent (DSA) version revision in January 2024 Update Release.