Major new release GT.M V6.3-000 available

V6.3-000 brings significant enhancements to GT.M's use of encryption. One defensive technique is to reduce the "surface" available to an attacker. V6.3-000 reduces the surface in several ways.

An attacker with the wherewithal for a brute-force attack on encryption can in theory benefit from the voluminous, long-lived, and structurally similar data in a typical application database, such as financial transactions and medical records. One component of a traditional layered defense-in-depth is to change the actual encryption keys periodically. By enabling encryption keys for database files to be changed "on the fly" while a database is in use (GTM-6310), V6.3-000 operationally simplifies changing the keys, and makes key changes less prone to human error. The prior technique required database regions to be extracted and loaded into newly created database files with keys different from those of their predecessors. Context-sensitive initialization vectors (IVs) in database, journal, extract and bytestream backup files (GTM-8117) further reduce the surface for a brute-force attack.

A properly configured Transport Layer Security (TLS; formerly known as SSL) session is required to secure a TCP connection. However, an attacker that can record a TCP session, and with the wherewithal for a brute force attack, or with more affordable future computing power, can in theory retroactively break into and eavesdrop on the recorded session. Periodically renegotiating the session key (GTM-8302) means that an attacker who succeeds in breaking a key can only eavesdrop on that part of the session - every renegotiation generates a new key that must be separately broken.

V6.3-000 also brings a number of useful enhancements, as well as other improvements. For example:

• Parallelization speeds MUPIP JOURNAL RECOVER/ROLLBACK operations (GTM-5007).
• For a replicated database even of an application that does not use transaction processing, MUPIP JOURNAL -ROLLBACK -FORWARD applies updates from a set of journal files to the restored backup of a multi-region database, bringing it to the same state that MUPIP JOURNAL -ROLLBACK -BACKWARD would when performed on the original database, providing the same consistency across regions that the MUPIP JOURNAL -ROLLBACK provides (GTM-7291).
• Faster database exit, especially with large numbers of processes and databases with many regions (GTM-6301).
• Evaluation of certain string literal operations during compilation rather than execution (GTM-7762 and GTM-8404).
• Concurrent access by more than 32,767 processes to a database file (GTM-8137).
• Significant performance improvements for certain UTF-8 mode use cases (GTM-8352).

As always, the release bring numerous smaller enhancements, and fixes. Details are in the release notes (for all GT.M user documentation, go to http://fis-gtm.com and click on the User Documentation tag).

Please use V6.3-000 and tell us what you think. Thank you for using GT.M.