Release Notes
Release Date: January 2026
Version: CCC 4.5
Welcome to CCC 4.5. This release focuses on improved reliability, smoother onboarding, better performance visibility, and stronger operational control. The sections below cover what is new, key changes, advisories, compatibility details, and issues still under review.
Release Highlights
The latest CCC release delivers major enhancements focused on reliability, security, and ease of adoption. From built-in PostgreSQL database clustering for high-availability deployments to strengthened security through non-root operation and UID/GID mapping, this version is designed to support more robust and compliant environments. Additionally, a new Quick Start Guide streamlines onboarding, helping administrators get CCC deployed, configured, and operational with greater speed and confidence.
Database Clustering Support
CCC now includes native support for PostgreSQL database clustering, enabling a fully high-availability (HA) deployment with automatic replication, built-in failover between database nodes, and seamless recovery during unexpected outages—all without requiring external clustering tools. This enhancement significantly improves reliability, scalability, and fault tolerance for production environments while simplifying overall configuration and operational management.
Security Enhancements
CCC introduces several security-focused improvements in this release, including the complete removal of sudo requirements during installation and runtime—ensuring all components operate under non-root permissions in line with least-privilege and container-hardening best practices—and support for UID/GID mapping from the host to the container environment, which enhances file permission consistency, improves auditing, maintains process isolation, and strengthens compatibility with hardened Kubernetes and Podman deployments. These enhancements collectively reduce the attack surface and provide a more secure, compliant, and controlled operational environment.
New Quick Start Guide
Getting started with CCC is now significantly easier thanks to the newly introduced Quick Start Guide, which provides a streamlined, step-by-step path from first-time login and license activation to device onboarding, service deployment, and operational monitoring. Designed to reduce setup time and eliminate guesswork, the guide consolidates all essential early-stage tasks into a clear, user-friendly format, enabling administrators to bring CCC online quickly and confidently without requiring additional assistance or prior experience.
Minimum Luna SA Firmware Requirements for CCC 4.5
CCC relies on specific Luna SA software and firmware versions to support various HSM management and monitoring capabilities. The table below outlines the minimum Luna SA versions required to use these operations within CCC.
| Capability | Minimum SA Version | Minimum SA Firmware |
|---|---|---|
| Device Monitoring (Full) | 7.3.0 | 7.3.0 |
| Apply Software Package | 7.3.0 | 7.3.0 |
| Update Firmware | 7.3.0 | 7.3.0 |
| Service Monitoring | 7.4.0 | 7.4.0 |
Advisories
These advisories highlight version-specific behaviors and conditions that may affect certain workflows in CCC 4.5.
Luna HSM 7.8.4 and Later — REST API Performance Degradation
Customers using Luna HSM firmware 7.8.4 or later may observe gradual performance degradation when running REST API calls on partition resources, which can also impact CCC operations. This issue does not occur on firmware 7.8.3 or earlier. Apply the appropriate REST API patch (KB0028956 for 7.8.5-20 or KB0028955 for 7.8.4-350), or temporarily downgrade or limit REST API calls until patched. For details, refer to Knowledge Base article KB0029000.
Luna HSM 7.1 — Incorrect CPU Usage Reporting
Luna Network HSM firmware 7.1 always reports HSM CPU usage as 99.9%, regardless of actual performance. This value is inaccurate and should not be used for operational assessment within CCC.
ccc_client — PED-Authenticated HA Group Deployment
If an incorrect challenge password is entered during deployment of a PED-authenticated HSM partition HA group using ccc_client, the service may appear as deployed but will remain non-operational. Relaunch ccc_client, revoke the service, and redeploy following the steps in the CCC User Guide.
Luna Appliance Software 7.3.3 and 7.3.4 — Feature Limitations
Devices running Luna appliance software 7.3.3 or 7.3.4 may experience restricted CCC functionality, as certain features are not supported on these firmware versions.
Security & Operational Guidance
These recommendations help maintain a secure, stable, and resilient CCC deployment.
Security Guidelines
Refer to the Security Guidelines for detailed recommendations on protecting your deployment against threats such as code injection, MITM attacks, and DoS attacks.
Server Monitoring
CCC cannot notify users if the CCC server becomes unavailable. We recommend using an external server monitoring system to track availability, health, and continuity of your CCC deployment.
Compatibility Information
The Hardware and Software Requirements page of the CCC User Guide provides complete compatibility details for supported platforms, operating systems, and managed devices. Reviewing this page ensures your environment meets the certified requirements for a stable and fully supported CCC deployment.
Supported Versions of CCC
We support the three most recent released versions of CCC. Security patches and bug fixes are applied on an ongoing basis to the latest versions. If a critical issue arises, we may recommend upgrading to the latest version to ensure optimal stability and security. While older versions may not receive regular updates, our support teams remain available to help you get the most value from your existing deployment.
Upgrade Instructions
Upgrading to CCC 4.5 follows a structured, data-preserving process, and some older versions require an intermediate upgrade before moving to 4.5. To ensure a smooth transition and retain all existing configurations, logs, and database content, review the upgrade prerequisites and follow the version-specific steps outlined in the official Upgrading CCC guide.
Resolved Issues
The following issues reported in earlier versions have been resolved in this release, resulting in a smoother, more reliable, and more predictable CCC experience:
| Issue ID | Severity | Resolution Summary |
|---|---|---|
| CCC-8303 | Medium | Fixed an issue where an idle timeout during password change could result in a blank page. The workflow now behaves consistently without requiring a browser refresh or re-login. |
| CCC-9208 | Medium | Monitoring data now refreshes automatically as expected, eliminating the need for manual refresh. |
| CCC-10174 | Low | Corrected UI layering behavior so the sort menu displays properly and no longer appears behind other interface elements. |
| CCC-13948 | Medium | Addressed a rare scenario where the migration progress bar displayed null values when handling extremely large key sets; it now reflects accurate progress throughout migration. |
| CCC-13980 | Medium | Fixed an issue where the Migrate Service button briefly appeared enabled when the partition limit had already been reached; the button state now accurately reflects system limits at all times. |
| CCC-14306 | Medium | Resolved a failure that prevented firmware upgrades to 7.7.0 or 7.7.1 via CCC. Firmware updates now complete successfully without requiring LUSH. |
| RAPI-4205 | Medium | Fixed a REST API bug that prevented adding devices when admin passwords contained spaces. Devices now add correctly, and the issue is fully resolved in software 7.9.0 and above. |
| CCC-16426 | Medium | Resolved an issue with the Import Partitions functionality where the operation failed if a device had two clients that did not have hostnames configured and shared more than one common partition. In earlier versions, this combination caused the import process to fail. This issue has been fixed in CCC, and partitions can now be imported successfully in this scenario. |
| CCC-16524 | High | Fixed an issue where newly created local or LDAP users were unable to complete first-time login when MFA using OTP was required. After entering a valid OTP during MFA setup, the Authenticate button now becomes active, allowing users to successfully complete the login process. |
Known Issues
These are the issues currently being tracked that may affect specific workflows. Where possible, recommended workarounds or operational guidance are provided.
| Issue ID | Severity | Description & Workaround |
|---|---|---|
| CCC-8819 | Medium | In some cases, deregistration does not complete after an organization change, leaving the service in an inconsistent state. Workaround: Manually detach the service, re-import the device, redeploy, and then revoke the old configuration to restore normal operation. |
| CCC-12639 | Medium | When using ccc_client.jar, exiting the certificate validation prompt may result in an unexpected error message. Workaround: This error is harmless and has no impact on subsequent executions. Simply re-run ccc_client.jar and accept the certificate validation prompt. |
| CCC-14667 | Medium | Entering an incorrect Crypto Officer (CO) password may cause CCC to display an invalid Log Off button instead of the correct error feedback. Workaround: Simply ignore the button state and retry with the correct CO password; normal behavior resumes once a valid password is supplied. |
| CCC-16025 | Medium | Migration of V1 services from 7.8.x partitions may fail due to underlying compatibility limitations. Workaround: There is no workaround available at this time; affected migrations cannot proceed until engineering releases a fix. |
Contacting Thales Support
If you need assistance at any stage, you can refer to the CCC documentation, explore knowledge base articles on the Customer Support Portal, open a support case for more in-depth help, or reach out by phone if your service plan includes telephone support.
