Revenera Community Knowledge Base

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Knowledge Base Articles
After reconnection attempts fails, the client tries to exit the application. The default behavior in Windows will be Pop-up dialog box with update about the error. The application will exit once the dialog box is closed. In case, you want to change the exit behavior, you can write your own callback under the attribute: ( void ) lc_set_attr ( lm_job , LM_A_USER_EXITCALL_EX , ( LM_A_VAL_TYPE ) quit ) ;   The callback can be written as static int quit ( LM_HANDLE * lm_job , char * feat , void * itr ) { printf ( "LM_A_USER_EXITCALL_EX is called for %s \n" , feat ) ; exit ( 0 ) ; }
View full article
Summary This article discusses how to perform major upgrades on installs built with an older version of InstallShield. Synopsis For major upgrades of older installations created with older versions of InstallShield, the best practice is to call the the cached setup.exe or .msi to uninstall itself completely before continuing with the new install. The new project should contain a completely new GUID apart from the previous version. Ideally, the name should be different as well. However, if the name is the same, then the version number should be increased accordingly.   Discussion For old InstallShield installations (created with Professional 5, 6, & 7, Developer 7 & 8, DevStudio 9, or InstallShield X, 10.5), there will be a registry key in the location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ that contains either the name of the program or the GUID number in brackets. This key should contain a value called "UninstallString". This is the command line that Add/Remove Programs executes for any given installation, and location that contains the path to the setup or MSI that needs to be uninstalled.   Once the path to the setup is determined from the UninstallString, it can be launched using LaunchAppAndWait. If the registry key value contains a path to a .exe file, the LaunchAppAndWait can be launched with an uninstall parameter similar to the following example (which should be called early in the installation, such as in the OnBegin event handler):   LaunchAppAndWait ( "C:\\Program Files\InstallShield Installation Information\\{YOUROLDPRODUCTGUIDHERE}\\Setup.exe", "/uninst", LAAW_OPTION_WAIT);   If the old installer was an MSI-based installation, then msiexec.exe should be launched with /x and the GUID as parameters:   LaunchAppAndWait ( "msiexec.exe", "/x {YOUROLDPRODUCTGUIDHERE}", LAAW_OPTION_WAIT);     Additional Information Uninstallations can also be run silently, with no user interface. Please view the following articles for uninstalling each kind of project type. The results can also be applied through LaunchAppAndWait.   Silent MSI   Silent Installscript MSI   Silent Installscript LaunchAppAndWait   Major Upgrades   Creating Major Upgrades
View full article
Summary How do you remove InstallShield branding from dialogs? Question How do you remove InstallShield branding from dialogs? Answer The removal of InstallShield branding is not supported by Flexera. Information regarding this topic can be found in the License Restrictions Section of the InstallShield End-User License Agreement (EULA): "Licensee shall not (and shall not allow any third party to): iv. remove any product identification, proprietary, copyright or other notices contained in the Software, including but not limited to any such notices contained in the physical and/or electronic media or Documentation, in the Setup Wizard dialog or about boxes, in any of the runtime resources and/or in any web-presence or web-enabled notices, code or other embodiments originally contained in or otherwise created by the Software, or in any archival or back-up copies, if applicable" Related Documents InstallShield 2016 EULA
View full article
Running FNO on a Linux-based Docker Hosts like RHEL or Debian is supported as long as the Host is Linux Standard Base (LSB) compliant. Note: Make sure the FNO on-prem is installed in a support Operation System (OS) like Red Hat Enterprise Linux 8.4 or as per the product release notes. 
View full article
Summary FLEXnet Connect is a solution that Flexera sells to software vendors that is designed to help you stay connected with your customers after they install your applications. Synopsis FLEXnet Connect is a solution that Flexera Software sells to software vendors that is designed to help you stay connected with your customers after they install your applications. Keeping software updated is one of the many benefits of FLEXnet Connect, but Flexera also recommends that software vendors build in an option to disable automatic update checking. If you are using an application that uses FLEXnet Connect, your application may have a configuration option to disable update checking. Please check your application's menu options. If your application does not have this option, Flexera has created a tool called the Software Manager that can disable automatic update checking. The Software Manager utility lists all applications currently using FLEXnet Connect on your computer and the FLEXnet Connect's status with that application.     Discussion You may already have the Software Manager installed. If the Software Updates or Program Updates shortcut is listed in your Start menu, then the Software Manager is installed. If you do not have the Software Manager installed, follow these instructions to download and install it: Download and install the Software Manager: Download the latest FLEXnet Connect 6.1 Software Manager and save it to your Desktop. The latest FLEXnet Connect Software Manager can be downloaded here. 2. Double-click on the FLEXnet Connect executable and follow the instructions to install the Software Manager. Once installed, you can run the Software Updates shortcut to start the Software Manager. We provide 3 options for disabling the Software Manager: Option# 1 Download and disable the Software Manager with the uninstaller: Download the Software Manager uninstaller and save it to your Desktop. 2. Double-click SoftwareManagerUninstall.exe and follow the instructions to disable the Software Manager.   Note: The SoftwareManagerUninstall.exe only removes Windows Registry entries which are responsible for starting the common software manager after a reboot. No files are removed. Option# 2 Disable the Software Manager by following the following steps: 1. Open the Task Manager by running Task Manager as an Administrator. 2. Navigate to the Startup Tab. 3. Right-click Common Software Manager. 4. Select Disable. Option# 3 Disable the Software Manager by following the following steps: 1. Open the Windows Registry Editor (regedit.exe) by running the Windows Registry Editor as an Administrator. 2. Navigate to the following Windows Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 3. Back up the Windows Registry entry by exporting it to a Windows Registry (.reg) file. 4. Delete the ISUSPM Value Name along with its Value Data by right-clicking ISUSPM and selecting Delete. We suggest using the option, out of the 3 options, to disable the Software Manager that matches your preferences. Or if a particular option does not work for you, you can move on to the other options.
View full article
Issue If the server is running and the system goes into hibernate mode automatically , when the system is brought back up the server might throw the below error 16:13:06 (DEMO) Wrong hostid on SERVER line for license file: 16:13:06 (DEMO)) C:\Program Files\FLEXlm\licenses\DEMO).lic 16:13:06 (DEMO)) SERVER line says 0290837ec0211, hostid is "6c6914b445e9 c8763fbe7b98 6ce14b446e9 6c7814b446e8 3c971ab940fa" 16:13:06 (DEMO)) Invalid hostid on SERVER line This causes the license server to shut down. The problem seems to be caused by a delay in the waking of the network card that the license server is tied to. In this instance if the license server is restarted manually a few moments later then it works. Solution You can use the ls_daemon_periodic callback in lsvendor.c. This callback is called approximately once every minute, including shortly after the VD wakes up from hibernate. We have tested this by disabling the network adapter, waiting a few seconds, then re-enabling it. Sample lsvendor.c pseudocode follows: static void user_periodic_func(); void (*ls_daemon_periodic)() = user_periodic_func; static void user_periodic_func() { char host_value[buffer] = ""; const int num_tries = 3; unsigned attempts = 0; lc_hostid(lm_job, HOSTID_ETHER, host_value); while (string_contains(host_value, "ffffffff") && attempts < num_tries) { /* some message to stdout here, if you want to see attempts in the VD debug log */ sleep (2000); attempts++; lc_hostid(lm_job, HOSTID_ETHER, host_value); } }
View full article
The FlexNet Publisher Documentation Library (FNP_<version>_doclib.pdf) is provided as an Adobe PDF portfolio. Note that Adobe PDF portfolios are not supported in Chrome or Edge. The Adobe PDF extension for Chrome cannot handle Adobe PDF portfolios. Instead of opening the FlexNet Publisher Documentation Library in your browser, download the portfolio, then open it in Adobe Reader.
View full article
Available Release Notes The following are the Release Notes available for FlexNet Code Insight Electronic Update releases: Changes in Update Released on 23-September-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-43521 Fixed false positives in license detection and license evidence mechanism for licenses like 0BSD, ISC and MIT. SCA-42852 Updated version information for NPMJS components like @aws-sdk/client-dynamodb and @aws-sdk/client-dynamodb-streams   Addition of missing vulnerability mappings for the following components : atomic crypto-utils fedmsg fedora-arm-installer python-fedora sectool coolkey sssd anaconda newsx rpmdevtools cronie Collector Status : Name Date of Last Successful Run gitlab 8/5/2022 crates 9/1/2022 clojars 9/15/2022 maven2-ibiblio 9/15/2022 cpan 9/15/2022 rubygems 9/15/2022 maven-google 9/16/2022 cran 9/17/2022 nuget gallery 9/18/2022 hackage 9/18/2022 packagist 9/18/2022 npm 9/20/2022 go 9/21/2022 pypi 9/21/2022 github 9/21/2022 fedora-koji 9/21/2022 Changes in Mini Update Released on 13-September-2022 This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE. This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Updates to commons_configuration2 component : Added vulnerability information to the commons_configuration2 maven component (https://mvnrepository.com/artifact/org.apache.commons/commons-configuration2 ) related to vulnerability cves,  CVE-2022-33980 (https://nvd.nist.gov/vuln/detail/CVE-2022-33980 ) CVE-2020-1953 (https://nvd.nist.gov/vuln/detail/CVE-2020-1953) Issue ID  Issue Summary SCA-43592 Missing vulnerabilityCVE-2022-33980  for the component commons_configuration2 SCA-43114 Updating component information for components like entityframework,  mailbee.net and microsoft.sqlserver.sqlmanagementobjects. Changes in Update Released on 09-September-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-43115 Addition of new licenses to reflib like  AfterLogic Software License Agreement , Entity Framework 5.0 For Microsoft Windows Operating System and Microsoft SQL SERVER 2017 Shared Management Objects. Updated/Added license detection capability and license evidence mechanism for: EPICS.txt etalab-2.0.txt copyleft-next-0.3.0.txt copyleft-next-0.3.1.txt GD.txt GLWTPL.txt Hippocratic-2.1.txt HPND-sell-variant.txt HTMLTIDY.txt JPNIC.txt libpng-2.0.txt libselinux-1.0.txt Linux-OpenIB.txt Collector Status : Name Date of Last Successful Run gitlab 8/5/2022 maven2-ibiblio 8/22/2022 clojars 9/1/2022 crates 9/1/2022 cpan 9/1/2022 rubygems 9/1/2022 maven-google 9/2/2022 hackage 9/4/2022 nuget gallery 9/5/2022 packagist 9/5/2022 go 9/6/2022 pypi 9/6/2022 cran 9/7/2022 github 9/7/2022 fedora-koji 9/7/2022 npm 9/7/2022 Changes in Update Released on 29-August-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-42217 BSD 3-Clause license text not detected SCA-43300 Fixed license detection and license evidence mechanism for   dvipdfm license to avoid false positives  Updated/Added license detection capability and license evidence mechanism for: 0BSD BSD-1-Clause BSD-3-Clause-Modification BSD-3-Clause-No-Military-License BSD-3-Clause-Open-MPI.txt New/Update Component Requests jridgewell/gen-mapping jridgewell/set-array jridgewell/sourcemap-codec CPUID CPU-Z get-image-file-type-programmatically-in-swift swift-5-4-hex-to-nscolor SNMP++ API supports-preserve-symlinks-flag Addition of missing vulnerability mappings for the following components : bwm-ng mattermost_server snipe-it cgal caldera-forms Collector Status : Name Date of Last Successful Run fedora-koji 8/2/2022 gitlab 8/5/2022 cpan 8/18/2022 rubygems 8/18/2022 maven-google 8/19/2022 cran 8/20/2022 nuget gallery 8/21/2022 hackage 8/21/2022 maven2-ibiblio 8/22/2022 packagist 8/22/2022 go 8/23/2022 github 8/24/2022 crates 8/24/2022 npm 8/24/2022 clojars 8/25/2022 pypi 8/26/2022 Changes in Update Released on 12-August-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-42725 Fixed  False positive vulnerabilities related to SQL Lite SCA-31133 Addition of Nuget vulnerability mapper to the list of vulnerability mappers SCA-42767 Updated license information for the components datatables-fixedcolumns and datatables-tabletools in our data library SCA-43007 GNU Library General Public License v2 or later (LGPL-2.0-or-later) License Evidence is not being detected for gettext.c file Updated/Added license detection capability and license evidence mechanism for: LGPL-2.0-or-later SPDX licenses with additional clauses App-s2p Baekmuk blessing BlueOak-1.0.0 C-UDA-1.0 New/Update Component Requests FixedColumns Autofill Tabletools New Component Detection Rules: Tabletools.js and Tabletools.min.js FixedColumns.js and FixedColumns.min.js Collector Status : Name Date of Last Successful Run maven2-ibiblio 7/28/2022 fedora-koji 8/2/2022 clojars 8/4/2022 cpan 8/4/2022 rubygems 8/4/2022 maven-google 8/5/2022 gitlab 8/5/2022 cran 8/6/2022 nuget gallery 8/6/2022 hackage 8/7/2022 packagist 8/8/2022 go 8/9/2022 pypi 8/10/2022 github 8/10/2022 crates 8/10/2022 npm 8/10/2022 Changes in Update Released on 18-July-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: GPL-AGPL-LGPL  License Cleanup There are three issues we are addressing as part of this GPL-AGPL-LGPL License data cleanup project: Example: jquery 6.2.0 (GPL-1.0) Here GPL-1.0 is the license with the short name associated with the component jquery. 1. Short Name Change When a particular license short name is changed and released as part of an electronic update, the short name is not automatically propagated to the inventory items with that selected license. For example, when we change the short name of license id 343 from "GPL-1.0” to “GPL-1.0-only” in an electronic update, the existing inventory items names with that selected license will not be updated. 2. Component to License Mapping Change When the component to license mapping is changed, let’s say jquery is mapped with "Apache-2.0" in the electronic update, then this new mapping wouldn’t be propagated to existing inventory items. This results in inconsistency between the license mapping, existing inventory items, and future inventory items using the new license mapping. 3. Duplicate entry cleanup After running the cleanup scripts, there are possibility of having duplicate entries for the licenses which had mappings in component table and versions table. In our case, we have mappings for 3 licenses, i.e LGPL-2.1-or-later(License_id=704), AGPL-1.0-only(License_id=1654) and AGPL-3.0-only(License_id=229). Note : Around 16 GPL-AGPL-LGPL related licenses are updated and workaround has been provided for necessary scenarios. Please refer the article on GPL-LGPL-AGPL License Cleanup for detailed information and workarounds: https://community.flexera.com/t5/Code-Insight-Knowledge-Base/Code-Insight-GPL-LGPL-AGPL-License-Data-Cleanup-Project/ta-p/240679  Issue ID  Issue Summary SCA-40135 Updating the GPL related licenses in the data library according to SPDX SCA-40180, SCA-41672 Preparation of  scripts related to changes made to GPL, LGPL and AGPL licenses. SCA-42149 Updated version information for the component minimist. Updated/Added license detection capability and license evidence mechanism for GPL-LGPL-AGPL related licenses (part of GPL-AGPL-LGPL license cleanup activity): AGPL-1.0-only AGPL-1.0-or-later AGPL-3.0-only AGPL-3.0-or-later GPL-1.0-only GPL-1.0-or-later GPL-2.0-only GPL-2.0-or-later GPL-3.0-only GPL-3.0-or-later LGPL-2.0-only LGPL-2.0-or-later LGPL-2.1-only LGPL-2.1-or-later LGPL-3.0-only LGPL-3.0-or-later Collector Status : Name Date of Last Successful Run gitlab 5/13/2022 maven2-ibiblio 6/30/2022 nuget gallery 7/4/2022 clojars 7/7/2022 cpan 7/7/2022 rubygems 7/7/2022 cran 7/9/2022 maven-google 7/9/2022 hackage 7/10/2022 packagist 7/11/2022 go 7/12/2022 pypi 7/13/2022 github 7/13/2022 crates 7/13/2022 fedora-koji 7/13/2022 npm 1/30/2022 Changes in Update Released on 07-July-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-42146 Addition of the license   EDL 1.0 to PDL. Collector Status : Name Date of Last Successful Run gitlab 5/13/2022 npm 1/30/2022 pypi 6/29/2022 crates 6/29/2022 clojars 6/30/2022 maven2-ibiblio 6/30/2022 cpan 6/30/2022 rubygems 6/30/2022 maven-google 7/1/2022 go 7/1/2022 cran 7/2/2022 fedora-koji 7/2/2022 hackage 7/3/2022 github 7/4/2022 nuget gallery 7/4/2022 packagist 7/4/2022 Changes in Mini Update Released on 28-June-2022 This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE. This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Updates to jenkins component : Added the latest vulnerability information for jenkins component (Component id : 191327) related to vulnerability CVE-2022-34175 (https://nvd.nist.gov/vuln/detail/CVE-2022-34175) Issue ID  Issue Summary SCA-39993 Miniature PDL package creation and processing in product Changes in Update Released on 15-June-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-40437 Addition of Go Collector to the list of collectors Collected Batch 1- 50000 packages. SCA-42001 Fixed license information for the component 'setuptools'. SCA-42030 Fixed license information for the component 'react-leaflet'. SCA-42040  Fixed license information for the component 'pillow'. SCA-42108 Updated component-version information for the component 'url-parse'. Collector Status : Name Date of Last Successful Run gitlab 5/13/2022 crates 5/28/2022 npm 1/30/2022 pypi 6/8/2022 clojars 6/9/2022 cpan 6/9/2022 rubygems 6/10/2022 cran 6/11/2022 maven2-ibiblio 6/11/2022 maven-google 6/11/2022 hackage 6/12/2022 nuget gallery 6/12/2022 packagist 6/13/2022 github 6/14/2022 fedora-koji 6/14/2022 go 6/14/2022 Changes in Update Released on 13-May-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-41730 Addition of vulnerability mappings to zlib component ( CVE-2018-25032) . Collector Status : Name Date of Last Successful Run hackage 5/8/2022 npm 1/30/2022 crates 4/26/2022 clojars 5/5/2022 cpan 5/5/2022 rubygems 5/6/2022 maven-google 5/6/2022 cran 5/7/2022 nuget gallery 5/8/2022 maven2-ibiblio 5/9/2022 packagist 5/10/2022 github 5/11/2022 gitlab 5/11/2022 pypi 5/11/2022 fedora-koji 5/11/2022 Changes in Update Released on 28-Apr-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-41430 Addition and Updating components and license information for components like JakartaFtpWrapper, nsftools.com Standard Disclaimer etc. SCA-41268 Fixed the incorrect license mapping for hibernate-core component. Addition of license detection capability and license evidence mechanism for the following licenses : FreeImage freertos-exception-2.0 FSFAP FSFULLR Collector Status : Name Date of Last Successful Run hackage 4/24/2022 npm 1/30/2022 maven2-ibiblio 4/12/2022 cpan 4/14/2022 fedora-koji 4/19/2022 rubygems 4/21/2022 cran 4/22/2022 maven-google 4/22/2022 nuget gallery 4/23/2022 crates 4/26/2022 clojars 4/27/2022 github 4/27/2022 packagist 4/27/2022 gitlab 4/27/2022 pypi 4/27/2022 Changes in Update Released on 13-Apr-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Updates to spring-framework component : Added vulnerability information for spring-framework component ( CVE-2022-22950 and CVE-2022-22965). Issue ID  Issue Summary SCA-41311 Fix incorrect vulnerability mapping to the component POI. SCA-41305 Addition of vulnerabilities to xmlbeans 2.6.0 component. SCA-41141 Enhancement to collect missing licenses for Pypi components. SCA-40144 Addition of Components from https://gitlab.xiph.org/xiph Changes in Update Released on 25-Mar-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-40941 Update license information for npm component-  pixrem. SCA-40777 Map Fair license to "Assert" component. SCA-40872 License information for  jquery 1.12.4 - MIT or GPL-2.0 license? Addition of missing vulnerability mappings for the following components : jhuisi-charm pear-archive_tar zopefoundation-accesscontrol nextcloud-richdocuments pear-archive_tar 3xxx-engineercms isomorphic-git-isomorphic-git justarchinet-archisteamfarm matanui159-replaysorcery xmldom-xmldom util-linux-util-linux Addition of license detection capability and license evidence mechanism for the following licenses : dvipdfm mif-exception eCos-exception-2.0 eGenix EPL-2.0 EUPL-1.2 FLTK-exception Collector Status : Name Date of Last Successful Run packagist 2/27/2022 maven2-ibiblio 3/7/2022 npm 1/30/2022 gitlab 3/8/2022 clojars 3/16/2022 rubygems 3/17/2022 cpan 3/17/2022 cran 3/18/2022 maven-google 3/18/2022 nuget gallery 3/19/2022 hackage 3/20/2022 github 3/22/2022 crates 3/23/2022 pypi 3/23/2022 fedora-koji 3/23/2022   Changes in Update Released on 14-Mar-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary   SCA-32308  Pypi forge vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. SCA-40984 Fix false positive vulnerabilities for Mono.Cecil Addition of missing vulnerability mappings for the following components : glances video.js nukeviet lavalite-cms evolution-cms-evolution flatpress yzmcms elfinder.aspnet Collector Status : Name Date of Last Successful Run packagist 2/27/2022 cran 3/4/2022 maven-google 3/5/2022 hackage 3/6/2022 maven2-ibiblio 3/7/2022 nuget gallery 3/7/2022 crates 3/8/2022 npm 1/30/2022 gitlab 3/8/2022 clojars 3/9/2022 pypi 3/9/2022 rubygems 3/10/2022 github 3/10/2022 cpan 3/10/2022 fedora-koji 3/10/2022 Changes in Update Released on 24-Feb-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary  SCA-40339 Fixed license mappings for hangfire.core nuget component .  SCA-40332 Fixed license mappings for  microsoft.net.workload.emscripten.manifest nuget component SCA-40215 Fixed false positive CVE for system.threading.tasks.extensions 4.5.4 component Addition of missing vulnerability mappings for the following components : stuk-jszip firefly-iii pjsip-pjproject oisf-suricata gitlogplus velociraptor contour stmicroelectronics-stm32cubeh7 mod_auth_openidc New/Update Component Requests Microsoft Infographic Designer Microsoft Advance Card Collector Status : Name Date of Last Successful Run npm 12/3/2021 gitlab 1/13/2022 maven2-ibiblio 2/15/2022 rubygems 2/17/2022 cran 2/18/2022 maven-google 2/18/2022 nuget gallery 2/19/2022 hackage 2/20/2022 packagist 2/20/2022 crates 2/22/2022 clojars 2/23/2022 github 2/23/2022 pypi 2/23/2022 fedora-koji 2/23/2022 cpan 2/24/2022 Changes in Update Released on 10-Feb-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-40131 Fixing  false positive component_cpe mappings SCA-40004 Fix for "Unable to load or add component version libssh 0.7.3" SCA-39146 GPL 3.0 or later and GPL 3.0 Only - both licenses are reported when the source clearly has only one SPDX ID SCA-38096 Fixing redirecting urls for clojars collector  Addition of missing vulnerability mappings for the following components : mosquitto lwip folly matio libheif manageiq redis Addition of license detection capability and license evidence mechanism for the following licenses : D-FSL-1.0 diffmark DigiRule-FOSS-exception Dotseqn DSDP New/Update Component Requests windowsazure.servicebus microsoft.azure.servicebus.eventprocessorhost mesa sharpmimetools Changes in Update Released on 28-Jan-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: MIT License Cleanup There are two licenses in Code Insight for MIT – MIT License and MIT-Style License. While most licenses declared by open-source developers fall into the MIT License, the MIT-Style License is more of a template license consisting of various ways of how MIT license can be declared. We noticed that the license mapping to majority of components are mapped incorrectly to the MIT-Style License. This is being resolved via an electronic update where the mappings are corrected and for existing projects that need mappings change a script will be provided. Note: Please refer the article on MIT License Cleanup for detailed information and workarounds: https://community.flexera.com/t5/Code-Insight-Knowledge-Base/Code-Insight-MIT-License-Data-Cleanup-Project/ta-p/214451/jump-to/first-unread-message Known issue: A script " MIT-CleanupQueries.sql" is provided which has to be run after the PDL update. This script updates the license names and the incorrect license mappings in the existing system-generated inventories with the updated data changes as mentioned above. There is a known issue for a particular set of inventories which have comma separated license names. This is observed in the inventories generated by AutoWriteup. Ex: jQuery (MIT, MIT License) In this case, the script provided to update the existing inventory names would not work. This causes a duplicate inventory on rescan. The detailed issue description and workaround are provided in the jira: https://jira.flexera.com/browse/SCA-40194    Issue ID  Issue Summary SCA-39812 Map vulnerabilities for gnu components SCA-39748 Update version information for pilotmoon-scroll-reverser SCA-38553 License detection XML detects both MIT and MIT-Style as evidence for MIT License SCA-28851 MIT License cleanup: Enhancement to collector level license mappings mechanism to update invalid mappings for MIT and MIT-Style licenses. SCA-28766 Perform entire sequence of MIT License Cleanup-License short_name changes and license remapping at component and version level. Addition of missing vulnerability mappings for the following components : Itop Mupdf Anchrome Addition of license detection capability and license evidence mechanism for the following licenses : CNRI-Jython CNRI-Python CNRI-Python-GPL-Compatible Crossword CrystalStacker PSF-2.0 Python-2.0 Changes in Update Released on 13-Jan-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Updates to log4j component: Added component detection capabilities to identify log4j components in "ivy.xml". Issue ID  Issue Summary SCA-39360 Fixed the license evidence mechanism to eliminate false positive findings. SCA-39579 Addition of gnu vulnerable components to the data library SCA-38160 GNU vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. SCA-38159 Jenkins vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. Addition of missing vulnerability mappings for the following components : xml_database graphhopper Openvswitch-ovs osgeo-gdal unicorn-engine-unicorn open62541-open62541 racket-racket mozilla-geckodriver gnuaspell-aspell libsndfile-libsndfile libarchive matio Addition of license detection capability and license evidence mechanism for the following licenses : CC-BY-NC-ND-1.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-4.0 CC-BY-NC-4.0 CC-BY-ND-4.0 CC-BY-SA-4.0 CC-BY-4.0 Cube curl CDLA-Permissive-1.0 CDLA-Sharing-1.0 CECILL-2.1 CLISP-exception-2.0 New Component Requests Windows SDK for Windows Server 2008 and .NET Framework 3.5 Strictly Software htmlencode Changes in Update Released on 23-Dec-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Updates to Apache log4j2 component: Updated vulnerability information for log4j2 component (CVE-2021-44228,CVE-2021-45046,CVE-2021-4104). Updated versions for the log4j2 components. Issue ID  Issue Summary SCA-38791 Updated missing vulnerabilities for nuget top 100 component SCA-35846 Enhancements to Nuget Collector for Version-Level License Collection Addition of missing vulnerability mappings for the following components : consul uri.js chatwoot bat cgm-remote-monitor connect muwire containerd discourse micronaut gatsby-source-wordpress venus_os Updated Components List : world-clock-and-the-timezoneinformation-class Changes in Update Released on 16-Dec-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Updates to Apache log4j2 component: Updated versions for the log4j2 components from different forges like github, maven and fedora. Updated vulnerabilities for log4j2 component (CVE-2021-44228). Issue ID  Issue Summary SCA-38864 Analysis & update license for jaxen component. SCA-38669 AutoWriteup Rules : Map licenses to AutoWriteup Rules with no licenses. SCA-38521 Increasing Component CPE mappings in Data Library. SCA-38479 Updated version information for  27208706. SCA-38791 Update missing license for top 100 Nuget components. Addition of missing vulnerability mappings for the following components : falco manageengine_admanager_plus esp32_firmware libvips-libvips junos rancher sheetjs etherpad stealth Addition of license detection capability and license evidence mechanism for the following licenses : bzip2-1.0 bzip2-1.0.5 Caldera BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause-No-Nuclear-License-2014 BSD-3-Clause-No-Nuclear-License BSD-3-Clause-No-Nuclear-Warranty BSD-4-Clause-UC BSD-Protection BSD-1-Clause BSD-Source-Code BSD-2-Clause-Patent BSD-2-Clause-NetBSD BSD-2-Clause-FreeBSD Update Release on 26-Nov-2021 has been postponed This update has been postponed to 9 Dec 2021 due to some technical issues. Changes in Update Released on 11-Nov-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-38476 Add component GenericDataExchangeFrameworkwithAJAX and ASP.NET Outlook-like Time Field to PDL library SCA-38352 Enhancement to license mapping mechanism for Nuget Collector based on License Expression provided by Nuget Rest API SCA-38223  Add missing vulnerability mappings to components like umeditor, thinkcmf, xuperchain, ok-file-formats, radare2-extras, polipo, gthumb. Changes in Update Released on 28-Oct-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-38246 Add missing versions for openssl, net-snmp and system.data.sqlite components. SCA-38221  Add missing vulnerability mappings to components like varnish_cache, elfinder.net. core, ectouch, is-email, booking_core, wolfssl. SCA-37996 Invalid license for highcharts - npmjs component. SCA-37673 Added license evidence and detection capability for licenses like Bahyph, Barr, Borceux, BSD-1-Clause, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause-Patent, BSD-Source-Code etc. SCA-37671 Added license evidence and detection capability for licenses like 0BSD, 389-exception, Abstyles, Adobe-Glyph, Afmparse, AGPL-1.0, Aladdin, AMDPLPA, AML, AMPAS etc. SCA-37461 Add missing vulnerability mappings to components like delta, xo-server, putil-merge, harmonyos, ant etc. SCA-37459 Add missing vulnerability mappings to components like yop-poll, restsharp, event_streams, sshd, talk, nextcloud_mail, nextcloud, icinga etc. SCA-37348 Github Vulnerabilities mapped to Java components.   Changes in Update Released on 18-Oct-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-38185 Fixing invalid versions of lm_sensors. SCA-38030 Update reference to component_mapping.csv to new github.com from git.palamida.com in update service. SCA-37884 Missing vulnerabilities for Valeo. SCA-37758 Adding spdx-license-identifier to the license-detection.xml and license-finder.json. SCA-37658 Update license-names in the license evidence mechanism. SCA-37447 Add missing vulnerabilty mappings to components like retty, everything, brave, node.js, total.js, total4, prismatic. SCA-37442 Add missing vulnerabilty mappings to components like halo, pfsense, exiv2, caldera, jsish, moddable, mujs. SCA-38254 Add license evidence capability for licenses like LLVM-exception,APAFML,Artistic-1.0-cl8,Artistic-1.0-Perl. Changes in Update Released on 01-Oct-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-37896 Validate and update Maven forge details in PDL library. SCA-37837 Add new component ms-intune-app-sdk-android and  Microsoft Intune App Software Development Kit For iOS license. SCA-37651 Add Microsoft Windows Driver Kit For Windows 8.1 License and Updated versions for Microsoft windows driver kit. SCA-37604 Update manually maintained component versions. Please refer list below SCA-37376 Add the missing vulnerability mappings for components like cszcms, switch, fortimail, putty, emissary-ingress-emissary. SCA-29724 Enhance License detection for Nuget forge components. SCA-37544 Update versions and vulnerability mappings for oracle-jre component SCA-37449 Add CWEs to PDL library. SCA-38018 Update versions for Google Maven repository components. Updated Components List : glibmm24 libsm wpa_supplicant cairo dmidecode chrony libxrandr libice networkmanager gobject-introspection glib-networking dnsmasq mesa elfutils dbus sudo libsoup libtalloc rpm-package-manager PowerTop libldb libxft openssl pygobject3 gnutls libx11 libnl3 tzdata alsa-lib atk libxcb binutils ethtool libfontenc Changes in Update Released on 13-Sep-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary  SCA-37290 Validate and update invalid versions for kong-insomnia component. SCA-36444 License Finder rules for OGC-1.0,OFL-1.1-RFN. SCA-35816 Addition of Gitlab forge to the list of forge collection. SCA-33593 Enhance license mapping capability for Nuget collector. SCA-31981 Add new non-spdx licenses like Parity Public Licence 3.0,Server Side Public License,Yoctopuce-License,Prosperity Public License,MS-ASP.NET-Web-Pages-2 License,MS-ASP.NET-WOF License to the library . SCA-37371 Mapping the missing vulnerabilty-CVE's for various components like Tinydtls, Misp, Libxml2, Vapor, Grpc_swift, Linuxptp.  New Component Detection Rules   liblouis Changes in Update Released on 30-Aug-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update: Issue ID  Issue Summary SCA-35866 Grafana License changed from Apache License 2.0 to AGPL 3.0 from version 8.0. SCA-35970 Data - Vulnerability Dates update. "Publication Date" and 'Modified Date". SCA-36442 License-Finder.json rules for PSF-2.0,Parity-7.0.0,OGL-UK-3.0 etc. SCA-36894 License Mappings for "pylouis" component. SCA-36946 Data : Forge detail is incorrect for log4php component. SCA-37030 False Positive Vulnerabilities for "file - npmjs" component. SCA-37147 Handle URL discrepancies & case sensitive titles for FSF forge. SCA-36815 Mapping of missing CVE's for components like thinksaas, routeros, alpinelinux-aports, gu, sansanyun-mipcms, hnaoyun-pbootcms. SCA-37171 Mapping of missing CVE's for components like wp-plugins-wp-downloadmanager, benmonro-android, johnhaldeman-guarddetap, wp-plugins-cm-download-manager, just-safe-set, members, tizen, webclient, prusa3d-prusaslicer, webclient, webkitgtk. SCA-37176 Mapping of missing CVE's for components like sanos, hyper, server, storage-manager, password-manager, ninjarmm, xevo. SCA-37200 Update right URLs and title for code.google forge components. SCA-37206 Mapping Vulnerability for json-smart-v1 and json-smart-v2. SCA-35877 Updated components having URL discrepancies.    Changes in Update Released on 27-Jul-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update:    Issue ID  Issue Summary SCA-35948 ​ NPMJS: Project Discovery is not Up to date with respect to NPMJS Forge ​ SCA-35924 License mapping for the   Pypi   component "louis" SCA-27819 Fixing nongnu.org 404 URL's SCA- 36610  Minio version license mapping SCA- 36607 ​ Grafana version license mapping SCA-36110 Update matplotlib license text SCA-36128 Manual Collector: Kernel : lvm2 versions are wrongly added SCA-35933 False Positive vulnerabilities in mariadb-java-client SCA-35908 Invalid versions for microsoft-azuredatastudio component Changes in Update Released on 24-Jun-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update:    Issue ID  Issue Summary SCA-34531  Update Matplotlib license text to version 3.4.1. SCA-35177  New requests. SCA-34953  Add components & license to reflib. SCA-33894  CVE-2020-11971 associated with wrong components. SCA-29232  Request to add component: logrotate. SCA-30698  License Finder Rules for Matplotlib License. SCA-35286  Unicode Terms of Use license not found in file. SCA-35680  False positive GPL license detected for LGPL license text SCA-25368  Request for identifying SPDX IDs. Changes in Update Released on 11-Jun-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed  The following issues were addressed in the Update:    Issue ID  Issue Summary SCA-35178 Add OTN license and map missing license for oracle.manageddataaccess - NuGet Gallery component. SCA-35087 Deprecating invalid versions of Apache projects on github. SCA-35022 SPDX license collection. (Around 87 new licenses). SCA-33894 License Name and SPDX License Name should be the same. SCA-33805 Elastic Kibana: Add License Finder Rules for Elastic License 2.0 SCA-30698 License Finder Rules for Matplotlib License Changes in Update Released on 28-May-2021 This Update includes the changes described in the following sections.  Issues/Bugs Addressed  The following issues were addressed in the Update:    Issue ID  Issue Summary SCA-34581 Add component Microsoft JDBC Driver for SQL Server and licenses. SCA-34431 Deprecating invalid version vulnerability Mapping which are protected SCA-33541 Vulnerabilities for Netmask and PHP git server SCA-33251 Vulnerability Dates : Addition/correction of columns for publication date and last modified date. SCA-30785 SPDX license collection to staging db. (Not yet released). Changes in Update Released on 14-May-2021 This Update includes the changes described in the following sections.  Issues/Bugs Addressed  The following issues were addressed in the Update:    Issue ID  Issue Summary SCA-34508  PYPI URL's format are not consistent throughout in PDL_Component . SCA-34395  False positive vulnerabilities for tomcat components -  False PDL Mappings in PDL_COMP_VER_VULNERABILITY  SCA-34213  Deprecating the version for Apache project invalid versions-Set2  SCA-33485  The "Visual C++ Redistributable for Visual Studio" component name contains spaces making keyword search difficult SCA-32592  Deprecating the version for Apache project invalid versions. SCA-30879  Linux Kernel versions release which was obsolete by an year and a half. SCA-34289  Libstdcpp component  SCA-34183  Add new licenses to license seed and schema. Changes in Update Released on 22-Apr-2021 This Update includes the changes described in the following sections.  Issues/Bugs Addressed  The following issues were addressed in the Update:    Issue ID  Issue Summary SCA-32074 License mismatch for popular components. SCA-31667 License Acronym Data Changes for auto writeup rules.. SCA-29799 Inventory created with auto-writeup rules don't create with SPDX license ID SCA-26931 Missing vulnerabilities (CPES with *) and wrong mappings for CPEs with *. New Component Requests lsof(Component ID: 27350567) ntp(Component ID: 207771) libtiff(Component ID:27350365) gtk(Component ID: 27350362) gnome-shell-extensions(Component ID: 27350363) libgpg-error(Component ID: 27350364) dracut(Component ID: 123809) openssl-fips(Component ID: 27350368) lvm2(Component ID: 27350367) kbd(Component ID: 27350366) lzo(Component ID: 63041) treeview-with-columns(Component ID: 27350359) replace-a-windows-internal-scrollbar-with-a-customdraw-scrollbar-control(Component ID: 27350360) step-by-step-calling-c-dlls-from-vc-and-vb-part-1(Component ID: 27350361) strawberry-perl - 27344198) run-postinsts - 27344199) packagegroup-core-boot - 27344200) sha-1-in-C-by-steve-reID: - 27344201) zlib - 27344202) watchdog(Component ID: 5403203) perfmon2(Component ID: 53555) ust(Component ID: 186075) newmat(Component ID: 129995) netbase(Component ID: 207639) xml-pull-parser3(Component ID: 226748) shadow-utils(Component ID: 5403445) lipro-libftdi(Component ID: 7872851) csha1(Component ID: 27341784) timezonemap(Component ID: 27344433) Changes in Update Released on 10-Apr-2021   This Update includes the changes described in the following sections.  Issues/Bugs Addressed  The following issues were addressed in the Update:    Issue ID  Issue Summary SCA-33801 License detection.xml changes for  PDL-2021-04-R1 SCA-31855 AutoWriteUp rules having outdated URLs SCA-33557 Adding License - Purdue BSD-Style License SCA-32649 Wrong (and hence fix) DOC Software License name and url SCA-32983 Missing Elastic License for Elastic Kibana New Component Requests File-file (component ID: 3102572) Cquicklist (component ID: 27337962) Nfs-utils (component ID: 27336321) Eglibc (component ID: 27337963) Lcms (component ID: 7597) Ti-rtos-mcu (component ID: 27336320) High-speed-charting-control (component ID: 27330960) Progress-control-with-text (component ID: 27330961) Oscilloscope-stripchart-control (component ID: 27330962) Skinx (component ID: 27330963) Keymaps (component ID: 27333199) Getprimarymacaddress (component ID: 27333200) Sampleds (component ID: 27333201) Microsoft Windows SDK for Windows 7 and .NET Framework 4 (component ID: 27334733) Csha1-a-c-class-implementation-of-the-sha-1-hash-a (component ID: 27334779) Trafficwatcher (component ID: 27334780) Using-colors-in-cedit-and-cstatic (component ID: 27335822) Gnu-which (component ID: 705519) Eclipse-aspectj (component ID: 55748) Changes in Update Released on 25-Mar-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update:   Issue ID Issue Summary SCA-32971  URL fix for DOC License SCA-32253  Map MICROSOFT SQL SERVER DATA-TIER APPLICATION FRAMEWORK to SQLpackage.commandline SCA-31926  Update the missing license mappings for components-Phase1. SCA-31800  Exception looking up rules' in FNCI Logs New Component Requests mph-2b-damase simpleping twain-developer-toolkit texas-instruments-msp-430-lib-files CppSQLite CStdioFile CTrayIcon CXml CXPGroupBox A class to combine Slider Control and Progress Bar A very simple solution for partial bitmap encryption Adobe InDesign CC SDK libcomposite pango Microsoft Windows Driver Kit - WDK Changes in Update Released between 20-Oct-2020 to 11-Mar-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update:  Issue ID Issue Summary SCA-27739  False Positives when scanned Oracle OpenJDK SCA-28603  Unable to find a component that is identified as first level dependency SCA-26834  Sun (Restricted) and Sun-IP Licenses not detected SCA-29523  License discrepancy for CURL component SCA-27024  Gnutls component missing vulnerabilities, versions and wrong url SCA-30866  Hdf5 license (ID: 1224) is not correct SCA-30797  Incorrect Licensing Detection for Microsoft .Net SCA-30525  Component gpg-gnupg missing encryption flag SCA-27722  Incorrect vulnerabilities matched with component versions for Rust  SCA-32271  PDL_VULNERABILITY table is empty in the latest PDL update SCA-33031  BOM: Discrepancies due to search term rule basics-vector  New Component Detection Rules   Setup.js MD% algorithm class library PhantomJs Cefsharp Virtual-dom v2.1.1 Named-js-regexp MarkupSafe OCHamcrest OCMockito Libsrtp Ans_up HockeySDK Aimage Ua-parser-js v0.7.10. Autofac.Wcf Vector.js Untildify v3.0.2 Post-robot v7.0.15. Axios JSONTestSuite Rpc-server.js New Features incorporated. Issue ID Issue Summary SCA-26848 CVSS 3.1 - Data Collection SCA-26808 Add Vulnerability dates to PDL tables SCA-26181 Component CPE Mapping New Component Requests released.  Isc bind Canvas-toblob.js Newrelic.opentracing.amazonlambda.tracer Libepoxy Tags Json.net Jquery-menu-aim-fw Microsoft.appcenter for macos Microsoft.appcenter.analytics for macos Apache-apr Cyan4973-lz4 Gnu-screen Jamesflorentino-nanoscrollerjs Mtd-utils Npth Pam Eeepc-acpi-scripts Sharpziplib Mahapps.metro.simplechildwindow - nuget gallery Wpfnotification - nuget gallery Microsoft-windowsapicodepack-shellextensions - nuget gallery Controlzex/controlzex - github Mahapps.metro.iconpacks - nuget gallery Mvvmlight - nuget gallery Ini-parser - nuget gallery Mahapps/mahapps.metro - github Angular/angular-cli - github System.data.sqlite.core - nuget gallery System.data.sqlite.ef6.migrations - nuget gallery Microsoft asp.net mvc 4 (***deprecated***) Wxwindows library license Wxwidgets Karma-runner karma Openssh - in c Base-passwd Init-ifupdown Procps Binutils 7-zip Kmod Matplotlib Scons - a software construction tool - scons Tagish library Qos-ch-slf4j Flex - lexical scanner generator Application insights persisted http channel Cairo-pixman Flat_hash_map Fontconfig Free type Gnutls library Tianmajs/libm - github Libsoup Microsoft.applicationinsights - nuget gallery Slodge/mvvmcross - github Pdfsharp - nuget gallery Sharppdf Twain data source manager Twain sample data source and application - twain 2.0 sample data source Windows driver kit (wdk) 8.0 samples for visual studio 2012 Microsoft/windows-universal-samples - github Html agility pack Microsoft.extensions.caching.abstractions Microsoft.extensions.caching.memory Microsoft.extensions.dependencyinjection.abstractions Microsoft.extensions.options Microsoft.extensions.primitives Microsoft.netcore.platforms System.componentmodel.annotations System.runtime.compilerservices.unsafe System.security.cryptography.xml Microsoft.owin Microsoft.owin.host.systemweb Microsoft.owin.security Mimemapping Nconfiguration Nlog Nuget.commandline Nunit Restsharp Closedxml Apache cxf buildtools Apache neethi Weblinc-matchmedia Twain/twain-dsm Twain-twain-samples Windows driver kit (wdk) 8.0 samples for visual studio 2012 Changes in Update Released on 20-Oct-2020 This Update includes the changes described in the following sections. Issues Addressed in the 20-Oct-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-28504  Components information SCA-28691  NVD Feed : Upgrading NVD CVE-Feeds APIs (1.0) to NVD CVE-Feeds APIs (1.1) SCA-27621  Difference in vulnerability information for 'expat' and 'libexpat-libexpat' component SCA-28970  NVD-Feed Fix and client release to Codeaware SCA-17974  Duplicate Inventory found for "gettext" and for the duplicate inventory as found license text is wrong SCA-28740  With fresh scan, name of inventory item zlib is changed to madler-zlib in codeinsight 2020R4. SCA-27773  Search terms need to be improved for few components SCA-28288  False Positives for zlib and libjpeg SCA-28508  Components information SCA-22072  Stunnel support in DL SCA-27119  Missing versions SCA-29156  Pycryptodomex missing encryption flag New Component Detection Rules in the 20-Oct-2020 Release This Update introduces new Automated Analysis rules for the following components: Retry.js Jquery-mobile for react Expat (version released 2.2.6) Novell.Directory.ldap Spawn.js Jquery-vsdoc.js CodeMirror NUnit.Framework.dll Rsvp.js Twbs-bootstrap and Mathiasbynens-jquery-placeholder Libwebsockets Globalize 1.1.1 CPU Topology JSON v3.3.0 Pyomo v5.0.1 CPU Topology 1.2.8 Class library Text-markdown Json v2.1.1 V8 Libuv Changes in Update Released on 11-Sep-2020 This Update includes the changes described in the following sections. Issues Addressed in the 11-Sep-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-27585  Add component " History-event"(JQuery.history.js) SCA-27738  URL not working for freetype (Id: 1149) component New Component Detection Rules in the 11-Sep-2020 Release This Update introduces new Automated Analysis rules for the following components: 7za.exe Jazzy D3.js JSQR Doube-conversion HistoryEvent Bind Punycode.js Gaearon-Redux Changes in Update Released on 28-Aug-2020 This Update includes the changes described in the following sections. Issues Addressed in the 28-Aug-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-27456  Missing OSS component-udev SCA-27203  Missing components – bind and jsqr New Component Detection Rules in the 28-Aug-2020 Release This Update introduces new Automated Analysis rules for the following components: Whiskas.py ProtectedData Dmidecode Libsmbios Changes in Update Released on 14-Aug-2020 This Update includes the changes described in the following sections. Issues Addressed in the 14-Aug-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-27191  Add tungsten fabric components to Data Library SCA-27024   Gnutls component missing vulnerabilities, versions and wrong url. SCA-27084  Libtiff license url needs to be updated New Component Detection Rules in the 14-Aug-2020 Release This Update introduces new Automated Analysis rules for the following components: SWIG v3.0.2 VC Redistributable Apple Installer Plugin Appcenter-sdk-apple-3.0.0.tar.gz Code Project - WSE 3 Deployment: MSI and ClickOnce Wdksetup.exe MobileNumericUpDown Apple/cups Mhook GridAnimationDemo Changes in Update Released on 03-Aug-2020 This Update includes the changes described in the following sections. Issues Addressed in the 03-Aug-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-26931  Missing vulnerabilities. SCA-26666   Missing Vulnerabilities for Apache Thrift 0.7.0 New Component Detection Rules in the 03-Aug-2020 Release This Update introduces new Automated Analysis rules for the following components: JQuery Mobile JortSort CLR Security Class library BrockAllenCookieBasedTempdata.dll StackExchange.Redis Readline.js Changes in Update Released on 17-Jul-2020 This Update includes the changes described in the following sections. Issues Addressed in the 17-Jul-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-25108  Detection of xmlbeans 2.6.0 occurs twice SCA-25905  Component system.diagnostics.diagnosticsource has had its license changed for version 4.4 and later SCA-25907  New components added SCA-26134  The component "app.min.js" is incorrectly mapped to the component "App( 62839)"   New Component Detection Rules in the 17-Jul-2020 Release This Update introduces new Automated Analysis rules for the following components: Console.js LowPriorityWarning.js Nameddefine.js Prettier.js SQLite DLL Pacman Unicode D3 DES algorithm 5.09 Class library JCanvas Libxslt Node-tmp Libxml2 Changes in Update Released on 30-Jun-2020 This Update includes the changes described in the following sections. Issues Addressed in the 30-Jun-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-25608  component "jodaorg-joda-time" has invalid license in list SCA-25587  Review licenses for timescale DB GitHub components SCA-23003  Collectors for  bouncycastle,curl,gnu,haproxy,jquery,kernel,libarchive,libssh,         openbsd,openflow,openssl.   New Component Detection Rules in the 30-Jun-2020 Release This Update introduces new Automated Analysis rules for the following components: Node-Semver Speex Node-Static node-tree-kill node-winreg node-xml2js Changes in Update Released on 15-Jun-2020 This Update includes the changes described in the following sections. Issues Addressed in the 15-Jun-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-24724  Haproxy component missing 2.0.x versions SCA-25348  Add missing vulnerabilities to u-boot component SCA-25416  Errors in Oracle db during PDL Update SCA-24986  UltrVNC - Missing latest versions and some versions are invalid SCA-20156  Update component 302760 to important = true SCA-22232  Missing component versions SCA-24984  Component versions out of date   New Component Detection Rules in the 15-Jun-2020 Release This Update introduces new Automated Analysis rules for the following components: Cross-BrowserSplit. Chromium-Breakpad. Request.js Sauce.js IsEventSupported.js Pubsuffix.js Node-ssl-root-cas(test-tunnel.js) Changes in Update Released on 01-Jun-2020 This Update includes the changes described in the following sections. Issues Addressed in the 01-Jun-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-24867 [Juniper Networks, Inc.] gnu-gcc component is showing invalid versions SCA-25010 AMD: CodeAware Improper Identification of License for JQUERY Component.   New Component Detection Rules in the 01-Jun-2020 Release This Update introduces new Automated Analysis rules for the following components: Connect-nocache. typescript.js aphrodite.js Newtonsoft.Json.dll tipsy v1.0.0a(jquery.tipsy.js,tipsy.css). prism.js systemjs Microsoft Ajax Minifier Changes in Update Released on 18-May-2020 This Update includes the changes described in the following sections. Issues Addressed in the 18-May-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-23316 OGIS: License detection is different in CodeAware and Auto-Analysis SCA-22382 OGIS: Request to Add New Components and Versions SCA-24622 Harmonic: stuk-jszip has MIT/GPL Dual License but "Possible Licenses" only show GPL SCA-24711 Citrix: False positives CVEs   New Component Detection Rules in the 18-May-2020 Release This Update introduces new Automated Analysis rules for the following components: bootstrap-select.js bootstrap-toggle.min.js React-pull-to-referesh rx.all.js narwhal.js bootstrap-checkbox v1.4.0 IKVM.NET(IKVM.Reflection.dll). Changes in Update Released on 04-May-2020 This Update includes the changes described in the following sections. Issues Addressed in the 04-May-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-22381 Component 'ring' from crates.io forge  missing license and encryption flag SCA-22542 Encryption flag not set for 'rust-openssl' component SCA-24708 Incorrect discovery of ' Primefaces-PrimeNG' component   New Component Detection Rules in the 04-May-2020 Release This Update introduces new Automated Analysis rules for the following components: jquery.scrollTo-min.js, MatrixMath.js,  jQuery.tmpl.js, lws-common.js React Router jsDump Reflect-Metadata NDesk.Options(.dll) MSBuild Community Tasks(.dll) Changes in Update Released on 17-Apr-2020 This Update includes the changes described in the following sections. Issues Addressed in the 17-Apr-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-23823 Few vulnerabilities not reported SCA-24365 Invalid URL for 'lyceum' component SCA-20305 Component 'apache-cordova-plugin-inappbrowser' has incorrect versions SCA-18198 Incorrect vulnerability mapping for 'Docker' component SCA-23837 Added rdklib (pypi) to the library   New Component Detection Rules in the 17-Apr-2020 Release This Update introduces new Automated Analysis rules for the following components: webperftest jquery.color.js knockout Irrlicht(.dll file) jQuery(build_markdown.js) React Developer Tools(getReactData.js) moment.js,regex.js, moment-with-locales.js Changes in Update Released on 3-Apr-2020 This Update includes the changes described in the following sections. Issues Addressed in the 3-Apr-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-22116 Invalid version specified for 'tpm2-tss-engine' SCA-23712 Added 'SunPro' license to the library SCA-22982 Incorrect URLs for few Ibiblio Maven2 components SCA-20314 Licenses are not mapped for latest versions of 'pygresql' component (22014048) SCA-21928 Component 'pycountry-convert' needs to be updated with latest details SCA-19891 Invalid versions associated to the component 'c-ares' SCA-15411 Incorrect details for component 'systemd-systemd'   New Component Detection Rules in the 13-Mar-2020 Release This Update introduces new Automated Analysis rules for the following components: vector.js webcomponent.js globalize.js OCMock Bezier-Easing Punycode(.js File) Sphinx StructureMap cors jQuery validation plug-in v1.6 jQuery Easing v1.3    
View full article
We welcome all types of support cases! Bugs, Features, Enhancements, Questions, Ideas Cases provide an audit trail, tracking mechanism and assessment across entire customer base Not sure if it’s case worthy? Ask your CSM/Services/PM but don’t hesitate to submit a case of type “Question” Have multiple issues to report? Break them down into multiple cases if possible Issue is too complex / too broad / not reproduceable? We still want to hear about it and can often tell you if others are impacted Prioritize in context of other issues submitted by your organization Customers usually know best which issues are most critical for their organization but Revenera may not always have this knowledge. It removes a lot of ambiguity when customers help us with prioritization. Remember, you can view all suppport cases filed by your organization by using the 'All Cases' filter. We will take care of prioritizing your case in context of our entire customer base and strategic initiatives. Remember Priority = Urgency + Business Impact These are not pre-defined case fields, but this is critical information for our PMs. Urgency is all about time. Help us identify issues that may not be blockers today but you expect them to turn into blockers in a week, a month, a year. Advise us of any known deadlines this bug will affect. Business Impact is the effect of the issue on your business Here are some examples of business impact to consider: Business activity is affected Potential operational loss Potential financial loss Reputation shattering Inability or length of time to recover Don't forget to update the case if circumstances change Perhaps you found an acceptable workaround or moved to a different release alltogether. Please don't forget to update us on the changes so that we can better apply our valuable time and resources.
View full article
Description When a client app loses a network connection, but then regains it, a socket is still open on the license server, and the license is unavailable to other users after the app reconnects (and consumes additional license) and then later exits cleanly. Replication Scenario - Set a Client / Server system (on separate machines) and check out a license - Using lmstat on the server confirm that a license is checked out - Unplug the network cable on the client - Wait at least the period of one heartbeat (normally two minutes) - Plug the cable back in and note (from the vendor log) that a second license is checked out. - Confirm using lmstat that two licenses are checked out - Exit the client app and confirm that only one license is checked in. - Confirm using lmstat that one license is left checked out, even 1 hour later. Root Cause: During the time when the network is disconnected, clients heartbeat to the server fails with the network error. So, client disconnects the connection with the daemon and when the network is back, it creates a new connection and sends again the checkout request for that feature. Since this is a different connection, server does the additional checkout for the feature. This additional license of the feature is never re-claimed by the client as it does not know about it and when the client exits, license lingers forever. In case, If client had checked out n licenses before the network disconnect, all the n licenses will be held in the server. Workaround >> The first workaround reduces the LM_A_TCP_TIMEOUT value (set by the client, the time the server waits before deciding the client is disconnected and checks licenses back in). We suggested this formula to calculate the timeout based on heartbeat settings: LM_A_TCP_TIMEOUT = (LM_A_CHECK_INTERVAL x 2) + LM_A_RETRY_COUNT x LM_A_RETRY_INTERVAL + one-minute-buffer. As an example,: 1.) Setting LM_A_CHECK_INTERVAL to 30 seconds, 2.) LM_A_RETRY_COUNT to 2 and 3.) LM_A_RETRY_INTERVAL to 30 seconds would result in LM_A_TCP_TIMEOUT of 3 minutes. Since default LM_A_TCP_TIMEOUT is 2 hours, this significantly reduces the probability of the license server holding back licenses – for that to occur, the client would have to reconnect within 3 minutes. The disadvantages of this workaround are: 1. Does not completely solve this issue (but does drastically reduce occurence) 2. Client updates needed A consequence of the workaround is that clients reconnecting after 3 minutes, (using above example) would have to check out licenses again, even if they managed to reconnect on the same socket. >> A second workaround is to edit the server OS TCP properties: Edit/create the KeepAliveTime, KeepAliveInterval & TcpMaxDataRetransmission registry values, as set in HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters (refer  http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/usingkeepalive.html  for equivalents on Linux).   So if we set KeepAliveTime to 600 seconds, KeepAliveInterval to 60 seconds and TcpMaxDataRetransmission to 3, the server will wait 600 seconds then for every 60 seconds sends heartbeat probes to the client for three times. After that, the server considers the connection to be broken. The disadvantage of the second workaround is that this configures TCP properties for all processes running on the server. This should be OK if the license server is the only production process running on the server, for example if the server is isolated by running it in a VM  .    Version Fix  The above issue has been fixed in FNP 11.18.3.0 (2021 R4) so you could run a quick test in our latest version .(FNP-18904) As part of this fix we introduced a Vendor variable 'ls_server_override_client_tcp_timeout' to override LM_A_TCP_TIMEOUT value at the Server side. Broken client connections are cleared at server end after ''ls_server_override_client_tcp_timeout' timeout period and licenses are checked in back. We also enable TCP keepalive, so that TCP stack also clear broken connections if the application fails to close it after a certain period. So for the fix to work you need to set the value of this variable say ls_server_override_client_tcp_timeout=300 in lsvendor.c and rebuild the server .  
View full article
  VendorLicenseServerMsgs.dll   // present in x64 folder  It does not use any Cryptography/Encryption algorithms/functions. libcrypto-1_1.dll   //present in x64/lmadmin folder  It is library of OpenSSL. libssl-1_1.dll   // present in x64/lmadmin folder  It is the library of OpenSSL. demo_libFNP.dll  //present in x64 folder It uses few crypto functions for internal implementation. Xalan-C_1_11.dd  // present in x64/lmadmin folder It’s a third party library and is used only for transforming XML documents into HTML. XalanMessages_1_11.dll  //present in x64/lmadmin folder It’s a third party library and is used only for transforming XML documents into HTML. xerces-c_3_2.dll  //present in x64/lmadmin folder It’s a third party library.  It is used for XSL transformation FnplmLicenseServerMsgs.dll  // present in x64 folder It does not use any Cryptography/Encryption algorithms/functions.
View full article
What is SBOM Insights? Revenera SBOM Insights is a SaaS inventory management solution that gives organizations the ability to manage security and legal risk by maintaining a complete and accurate SBOM in the cloud. It aggregates the SBOM from multiple data sources—both inside and outside your organization from upstream supply chain partners—and provides full visibility to security and legal teams as well as supply chain partners. With SBOM Insights, you not only have the ability to identify and record all third-party IP through a complete and accurate SBOM, but to collect your SBOM parts from multiple sources—in industry standard SBOM formats (SPDX and CycloneDX). This inventory management solution provides full visibility to all third-party components to designated users within your organization and externally for your customers and downstream supply chain partners at any time. SBOM Insights creates an active repository—with actionable data—of the ingredients withing your software applications.   Will SBOM Insights integrate with other SCA tools or does it require Code Insight? SBOM Insights can ingest data directly from Code Insight via the project data export JSON file. However, it can also import SBOM data from any other SCA tools and SBOM generators in SDPX and/or CycloneDX formats. SBOM Insights is designed to work stand-alone and does not require Code Insight to be installed.   How is Revenera different than other vendors? SBOM Insights is a commercially backed application that comes with the full weight of Revenera’s experienced team of engineers, product managers, services, and support staff. With SBOM Insights you get maintenance and support built into your purchase with a guarantee of security fixes. SBOM Insights goes beyond being a document storage system. It enables you to ingest SBOM data from partners, vendors and suppliers in SPDX and CycloneDX formats, reconcile and normalize the data for a unified view. Furthermore, this advanced technology provides you with insights into the components you use. With everything coming from your enterprise catalogued, when the next high-profile vulnerability hits, you have the unified data at your fingertips to quickly uncover your exposure and expediently fix problems—not just in the code you scanned, but also in all of the software components coming from outside your organization.   Does SBOM Insights replace Code Insight? SBOM Insights is not a replacement for Code Insight. Code Insight (or your designated code scanning solution) is used for the discovery of open source and third-party components for the code under your control. In order to address industry maturity, Revenera is extending our SCA capabilities with SBOM Insights—a SaaS SBOM management solution which unifies and reconciles all SBOM parts coming from both within and outside your organization and gives complete SBOM visibility to whoever in your organization needs to know. SBOMs created from Code Insight (or your code scanning solutions of choice) can be ingested into SBOM Insights. With everything coming from your enterprise catalogued, when the next high-profile vulnerability hits, you have the unified data at your fingertips to quickly uncover your exposure and expediently fix problems—not just in the code you scanned, but also in all of the software components coming from outside your organization.   What is the difference between SBOM Insights and Code Insight? Code Insight is an on-premises software composition analysis solution that helps you discover, assess and manage your license and security risk across your portfolio of applications for the code under your control. It allows you to seamlessly fit compliance checks into your existing Engineering process during component selection, coding, code check-in, and the build. It is an open source and third-party component discovery tool and allows for the continuous scanning, discovery and identification of compliance and security issues. SBOM Insights is your SBOM source of truth, supporting your need to deliver a complete and accurate SBOM regardless of the origin of the SBOM parts—internally or externally from outside vendors and partners. With SBOM insights you get inventory, and the generation of compliance artifacts.   Is there any difference in the users who use SBOM Insights and Code Insight? Not a lot. Typical users of both tools include legal, security, and software development teams. SBOM Insights might also be of interest to your product teams, asset managers, software procurement teams, and partners/third-party vendors. Given SBOM Insights’ roadmap and the potential to deliver on trends and insights, we feel business executives will have interest in the reporting capabilities of the solution to make better business decisions. Customers are also becoming much more savvy about the software supply chain. They want to know more about what solutions they are purchasing and what they are bringing into the organization to support infrastructure needs or what’s being passed on to their customers. Your customers may have an interest in reporting coming from both Code Insight for the codebases under your control and SBOM Insights to extend visibility to SBOM parts coming from outside your organization.
View full article
New to SBOM Insights and not sure where to start? Then this article is for you! In this guide, we outline your next steps in order to have a successful journey with SBOM Insights.  Access the Product and Other Product Resources Register for the Revenera Community Using the Account ID and Product ID details from the order confirmation email, sign up for the Revenera Community. Check out our Welcome to the Revenera Community help article for more information. Create your SBOM Insights account and logging in for the first time If you are the original recipient of the order confirmation email, you were automatically sent an invitation to complete creating your SBOM Insights account. If you were not, then your organization administrator can invite you to create a login. Follow the steps outlined in https://docs.revenera.com/sbom_insights/Content/helplibrary/Accepting_Invitations_to_SBOM_Insights.htm to accept the invitation, and https://docs.revenera.com/sbom_insights/Content/helplibrary/Logging_in_to_SBOM_Insights_or_Resetting_Your_Password.htm to log into the application. Get access to the Product and License Center If you are the original recipient of the order confirmation email, you were automatically designated your organization's Product and License Center Administrator (PLC Admin). With the PLC Admin role, you can manage Product and License Center access for your team members once they sign up for the community. This can be done using the Product and License Center User Administration page. If you were not the original recipient of the order confirmation email, you will need to sign up for the community and request access from your PLC Admin. If you do not know who in your organization has the PLC Admin role, please contact Revenera Technical Support for assistance. Download the SBOM Insight reports For the initial release of SBOM Insights, reports are generated outside the product using Python scripts. To download the reports, you need access to the Product and License Center. Once you have gained access to the Product and License Center, navigate to SBOM Insights. From here you can download the SBOM Insights reports. Refer to https://docs.revenera.com/sbom_insights/Content/helplibrary/Generating_SBOM_Insights_Reports.htm for pre-requisites and installation instructions. Access product documentation SBOM Insights documentation can be accessed via https://docs.revenera.com/sbom_insights/Content/helplibrary/SBOM_Insights_root.htm. You can also find it by following the product selector on the Revenera Documentation Site. Stay Up to Date Be sure to subscribe to the SCA News blog to receive product release and other important notifications. Learn More or Get Help The Revenera Community offers a variety of resources to learn about SBOM Insights: Search the SCA Knowledge Base for how-to, FAQs, and problem type articles. The Revenera Learning Center* current hosts several recordings from our live customer events along with several training videos.   If you run into a problem or have questions, you can use the following resources: Open a new case online using the Get Support -> Open New Case* form.  *Note: Requires community login
View full article
This article documents the FlexNet Embedded release highlights introduced each year, starting from 2020 R3 (2020.07) to present: 2022.09: CLS + LLS Licensing Server Preview requests no longer include orphans Resolved an issue where unsynced usages were deleted during synchronization LLS Linux install now honors an externally-specified JAVA_HOME or JRE_HOME variable Self-contained server is no longer supported and will no longer be shipped with the license server 2022.08: CLS + LLS Licensing Server The Cloud Monetization API (CMAPI) responses for the /access_request and /signed_access_request endpoints can now include the renewInterval field. Updated open-source component Spring Boot A new -restore-service-database command restores trusted storage at the service mode installation location (Linux). Resolved an issue with incorrect feature counts which could occur after a license server update. 2022.07: CLS + LLS Licensing Server Model definitions can now include partitions that have a feature count of 0. This enables producers to upload a model definition that functions as a template, which can be updated with feature counts at a later date. A new -restore-service-database command restores trusted storage at the service mode installation location (Windows only). 2022.06: CLS + LLS Cloud Licensing Service Cloud Monetization API enhancement: Capability requests sent to the /access_request or /signed_access_request endpoint support passing multiple values per key. This enables producers who use feature partitions to allocate licenses to users who belong to multiple groups.  Updated open-source components Spring Boot and Liquibase Resolved issue with flexnetlsadmin’s -licenses command Resolved issue with /clients REST endpoint, which now correctly returns all current clients after synchronizing licensing information with the back office Local License Server Updated open-source components Liquibase and jackson-databind 2022.05: LLS Licensing Server Cloud Monetization API enhancement: Capability requests sent to the /access_request or /signed_access_request endpoint support passing multiple values per key. This enables producers who use feature partitions to allocate licenses to users who belong to multiple groups.  Updated open-source component Spring Boot Resolved issue with flexnetlsadmin’s -licenses command Resolved issue with /clients REST endpoint, which now correctly returns all current clients after synchronizing licensing information with the back office 2022.04: CLS + LLS Licensing Server Support for Windows 11 2022.03: CLS + LLS Licensing Server Resolved an issue with preview requests using the RequestAll flag. The issue occurred when the license server was provisioned with multiple line items that had different expiry dates, where one of the line items had expired. Minimized blackout time during synchronization with back office Improved error message wording when --service-shutdown option is used for a license server running in a console window 2022.02: CLS + LLS + Client Kits Licensing Server Logging in the license server is now done with Logback, not log4j Added a new configuration property for cipher choice mechanism Resolved flexnetlsadmin communication issue with local license server when a .local URL is used Counts are now updated correctly when a client sends parallel requests to a Cloud Licensing Service instance Client Kits FlexNet Embedded Client kits now offer support for Microsoft Windows 11 platform Java XT TRA: Log4j 1 no longer bundled with tra-run.jar and tra-gen.jar .Net XT SDKs: Optimized GetFeatureCollection call to enable more efficient handling of capability responses containing large quantities of features C XT SDK: Optimized virtualization detection (Linux only) Identity update utility now includes container_id in types list Updated third-party components (OpenSSL, LibCurl) 2022.01: CLS + LLS Licensing Server FlexNet License Server Manager now available in the Product and License Center as a separate package Enhanced logic of distributing used feature counts in feature partitions Customers can now pass vendor dictionary values using the /preview_request API Resolved issue where used counts were not updated correctly if a client tried to renew licenses when the corresponding feature is part of a reactivated line item “rate-limit” setting no longer causes flexnetlsadmin command -licenses -verbose to fail Resolved issue where local license server could crash on installation 2021.12: CLS + LLS Licensing Server Allowed size of model definition for partitions has been increased to 900KB Increased performance of POST requests on /rules endpoint New /features/summaries endpoint returns a summary of available features, grouped by feature name Remodeled logic for returning used license counts to resolve issue of incorrectly calculated counts Resolved issue where preview requests and capability requests for features with overdraft counts were not working as expected Resolved issue with flexnetlsadmin’s -licenses option for uncapped metered features Resolved issue affecting the sorting of checkout filter features 2021.11: CLS + LLS Licensing Server A new directive “vendor string matches” enables license administrators to allocate feature counts to partitions based on variables specified in the vendor string. After use, feature counts are returned to their original partition.  The /clients API no longer returns inconsistent results when queried with and without the hostid parameter 2021.10: CLS + LLS Licensing Server User-based reservations are now working as expected 2021.09: LLS + Client Kits Licensing Server New support for Ubuntu 20.04 LTS Reservations are no longer automatically converted to partitions, resolving a compatibility issue where the conversion of reservations into rules could lead to incorrect license counts in the resulting partitions References to Jackson-databind 2.2.3 have been removed from OfflineSync tools Resolved issue where licenses could be available for checkout from a cloned local license server Capability response utility capresponseutil now supports the optional parameter enterpriseId Client Kits References to Jackson-databind 2.2.3 have been removed from OfflineSync tools Resolved false-positive tamper detection issue 2021.07: CLS + LLS Licensing Server Producers can now disable the creation of access logs by setting server.accessLogPattern=none in producer-settings.xml. The wording of log entries for rejected capability requests has been improved. Entries now indicate when a request has been denied due to a feature partitions rule rejection. The response to a call of the /health endpoint now includes a new trustStatus property, which indicates whether a trust break has occurred. Resolved an issue where license counts in partitions were not correctly re-allocated after an updated model definition was uploaded to the license server. 2021.06: CLS + LLS Licensing Server New licensing.defaultTimeZone setting to configure the timezone the server uses to determine feature expiry date, start date, and issue dates  Resolved license count handling when the reservation group or partition is deleted while the count is in use  Resolved license count handling when reservation groups are deleted and recreated with different feature counts Fixed license leakage issue when feature counts change  while features are checked out 2021.05: CLS + LLS + Client Kits Licensing Server Fixed OptimisticLockRefreshException error when adding a new reservation entry Failover synchronization issues have been resolved Increase in failover database size issue is fixed Third-party software modules have been upgraded Client Kits New support for macOS ARM Resolved calendar issues for Java XT kits C-XT kit no longer crashes if year exceeds 3001 on Windows platform Vulnerability CWE-327 addressed 2021.04: CLS + LLS Licensing Server Conditional operator support added to Feature Partitioning rules Resolved issue preventing reserved counts from being automatically renewed Fixed license count issue caused by reservations groups repeatedly being deleted/created  Changed mechanism for local license server-FlexNet Operations HTTPS communciation 2021.03: CLS + LLS Licensing Server New streaming interface /clients and /features endpoints to query large client tables, hence improving the performance Resolved VMUUID detection issue on Google Compute Cloud (Windows only) for LLS The REST API /clients endpoint now returns the served clients when the borrow interval was set to 0s on both CLS and LLS Resolved time zone conversion issue for feature expiry on both CLS and LLS The issue with borrow granularity unit is now fixed 2021.02: CLS + LLS Licensing Server Support for JSON-format Logging on the Local License Server (LLS) Integration of LLS Logging with External Systems like Graylog, Elastic Stack Fixed the synchronization issue in failover scenario Improved performance for querying /clients endpoint for both LLS and CLS Fixed the trailing slash in JAVA_HOME system environment variable in LLS Correct version of OpenSSL reported in the LLS A number of third-party software modules used in the FlexNet License Server Manager have been upgraded. 2021.01: CLS + LLS Licensing Server New activeOnly query parameter has been introduced for /features endpoint for both CLS and LLS Return of counts for multiple activation IDs with identical expiry date issue has been fixed on CLS Resolved client expiry issues on CLS Support for PKCS #12 keystores in LLS Resolved VM_UUID detection issue on Google Compute Cloud for LLS Resolved MAC address issue related to hostid case sensitivity. 2020 R3 SP3(2020.12): CLS + LLS + Client Kits Licensing Server License activation using REST API and .NET on both LLS and CLS Usage reports could show duplicate rows with a feature count value of zero for every checked in feature is fixed on CLS Enhanced the model definition upload using the /rules API for long list of hostids—containing 10,000 hostids on both LLS and CLS Used feature counts correctly returned to license pool after effective borrow interval expired Updated open source third party components and dependencies have been removed Resolved flexnetlsadmin to CLS communication issue Fixed the issue that caused error while running local license server(LLS) in console mode Client Kits Improved Cloud Platform detection which fixes the that occasionally detect and return an incorrect hostid value for VM_UUID Resolved VM_UUID detection issue on Google Compute Cloud Releasing of system resource 2020 R3 SP2(2020.10): CLS + LLS + Client Kits Licensing Server Springfox-Swagger has been upgraded to version 2.9.2 in both LLS and CLS. This upgrade addresses potential security issues. Spring Boot has been upgraded to version 2.1.2 in both LLS and CLS to address potential security issues. Enhanced Logging Functionality on the Local License Server. A new logging style configuration parameter has been introduced for the LLS, to configure timestamp behaviour. Resolved below FlexNet License Server Administrator Issues “-reset” command resets the security.enabled policy back to its original default value set by the producer. “-licenses” command now returns correct feature count “-licenses -verbose” command now returns correct value for available counts A number of third-party software modules used in the FlexNet License Server Manager have been upgraded Client Kits Fix for potential memory leak (Linux XT only) 2020 R3 SP1 Hotfix(2020.07.1): CLS only Licensing Server Feature counts are now consumed from correct activation id. For metered features, counts could be consumed from an incorrect activation ID. This issue was due to a change in the sequence of returning used counts. Resolved Client Expiry Timer issue Fixed incorrect expiry date 2020 R3(2020.07): CLS + LLS + Client Kits Licensing Server Feature Partitions The maxCount field now indicates how many counts of a feature are available, regardless of how many counts have been requested. The active hostid set using FlexNet License Server Manager or using the REST APIs now persists in the database. It is no longer necessary to reset it after a server reboot Improved FlexNet License Server Administrator Output Resolved REST API pagination issue CLS performance improvement Resolved server borrow interval issue Updated open source component Jackson Databind in FlexNet License Server Manager In the FlexNet License Server Manager user interface added new Start Date column and New Device Alias column Client Kits Identical Correlation ID generation issue has been addressed (C XT SDKs only) Resolved issue related to connecting to server via proxy (C XT SDKs on macOS only). Resolved issues with redirected URLs (.NET XT SDKs only). Amazon AWS EC2 detection no longer causes XT client crashes (XT SDKs only)
View full article
Summary This is the InstallAnywhere Hotfix public hotfix A for an issue where a Project migrated to IA 2022 from IA 2020 skips a panel in the Pre-Install sequence issue. Symptoms This Hotfix addresses the following issue: IOK-884964 Project migrated to IA 2022 from IA 2020 is skipping a panel in the Pre-Install sequence   Resolution The hotfix is provided through a patch installer for InstallAnywhere 2022 and can be obtained by checking for updates from the InstallAnywhere IDE. You can perform this action by selecting "Tools --> Check For Updates" in the IDE Note: The patch installer for the Hotfix will only patch one instance of InstallAnywhere at a time. That is, if you have multiple InstallAnywhere versions installed, you can choose to patch only one version/instance at a time. The installer will install the patch for that chosen instance of InstallAnywhere 2022 and exit. To patch another version/instance of the product, please run the installer again. To verify that the Hotfix was applied, navigate to the : <IA_HOME>/isus/ productconfig.xml  and check <Attribute name="Public Hotfix">A</Attribute> updated Or in IA IDE, Help | About InstallAnywhere and check Public Hotfix A is updated. Below are the direct download links for the Hotfix installers: Platform MD5 Checksum Windows (32-bit) 35ef15464a00b94ade806dfb66e775f9 Windows (64-bit) 35ef15464a00b94ade806dfb66e775f9 Apple OS X 33a9950242d435c0929673cc9911bf60 Linux (32-bit) c7862aefc100cb786c0e9a53f17b8210 Linux (64-bit) 416f0cca85ffd7de030a5c8d2617d295 Additional Information - Hotfix-A will find installed InstallAnywhere 2022 on system and apply patch on it. - Hotfix can be installed in console and silent mode using IA2022-Public-Hotfix-A.exe -i console and IA2022-Public-Hotfix-A.exe -i silent. Applicable for Linux and MAC as well - In case of multiple InstallAnywhere 2022 installation, Choose Instance panel will list all location. - In case there is no match found for InstallAnywhere 2022 instance, then Choose folder panel provide option to select manually. - Hotfix patches replace files in IA_HOME, take backup of IAClasses.zip from IA_HOME and IA_HOME/resources. - Hotfix does not changes any system configurations, versions or ARP entries. - Uninstallation of InstallAnywhere will remove hotfix files as well, hotfix can not be uninstalled separately.
View full article
Summary: This article shows how to automate passing the license information to a silent install of the InstallShield Standalone Build (SAB). Resolution: Download the InstallShield Standalone Build. For example: InstallShield2021R2StandaloneBuild.exe Open an Administrator command prompt. Run the following command: InstallShield2021R2StandaloneBuild.exe /S /v/qn /VSERVERNAME=<IPADDRESS OR LICENSE_SERVER_NAME> /VPORTNUMBER=<LICENSE_SERVER_PORT> /VLICENSETYPE=2 /VADDLOCAL=ALL The following tasks will be completed and the install will be done silently without displaying any wizard: 1. Specifying of concurrent license options 2. Specifying of the license server name 3. Installing of all the features In the aforementioned command (see above): The value of 1 for the LICENSETYPE property indicates that you are using a node-locked license of the InstallShield SAB. The value of 2 for the LICENSETYPE property indicates that you are using a concurrent license of the InstallShield SAB. The value of 3 for the LICENSETYPE property indicates that you are using a Cloud License Server (CLS) concurrent license of the InstallShield SAB. Additional Information: Click here for the documentation about the command line parameters that the InstallShield SAB (ISCmdBld.exe) takes.
View full article
Summary: The driver package from the driver store is not removed during uninstall. Synopsis: This article will provide steps for removing the driver package from the driver store during uninstall. Discussion: 1. Set Permanent to No for the component to which the driver is associated. If Yes is selected, none of the component's data (such as files, registry entries, and shortcuts) are removed from the target system when the component's parent feature is uninstalled. As the name Permanent indicates, a component marked Permanent is permanent, meaning that it is not removed during uninstall. 2. For the component that contains the file or folder, right-click the file and click Add Removal. Make sure there is an entry created in the Direct Editor in the RemoveFile MSI Table. 3. Change the General Information > Template Summary to "x64;1033" (the value for a 64-bit installer). 4. On a 64-bit machine, [System64Folder] needs to be used to target the C:\Windows\System32 folder, because this is the 64-bit location. The C:\Windows\SysWOW64 folder is the 32-bit location for the System folder. Example: 1. Create a Basic MSI Project. 2. Add a feature and a component. 3. Set General Information > Template Summary to "x64;1033". 4. Go to the Property Manager and create a new property named "XXXXBUS" with a value of "C:\Windows\System32\xxxxbus". 5. Go to the RemoveFile MSI Table and add the following values: FileKey = Removexxxxbus, Component = xxxbus, FileName = xxxxbus.inf, DirProperty = XXXXBUS, InstallMode=3 6. Build the project. 7. Run the installer. 8. Go to the target machine and create the following folder: C:\Windows\System32\xxxxbus 9. Make sure that the xxxxbus.inf file is in the C:\Windows\System32\xxxxbus folder. 10. Run the installer on the target machine. 11. Run the uninstaller on the target machine. During uninstall the driver package will be removed from driver store at the following location: C:\Windows\System32\DriverStore\FileRepository
View full article
Question: While trying to start LLS services windows reported the error "Error 1067: The process terminated unexpectedly". What does this error mean and how to fix it? Answer: The  error 1067 is windows error and   occurs mainly due to faulty windows services, or corrupted settings of that particular service.  There can be many possible reason of service corruption, and the solution may vary based on the cause, but its always good to check the following points for possible solution: 1. Check the Windows environment variables  are in line with what is needed for LLS and properly set. For example in the following scenario the given error was reported. At LLS JVM default -Xms and -Xmx value is 2GB set and these values can be found in flexnetlsw.xml file present under server directory of LLS. It was found that in the LLS machine there was a system environment variable  _JAVA_OPTIONS: -Xmx1g was set which was overriding the -Xmx value set at flexnetlsw.xml. Since the override value 1gb is less than -Xms value of LLS, the LLS was not starting and reporting the error. For JVM  Xmx value should not be less than Xms value. 2.  Check the windows event logs for more information on the probable cause of the error. 3.  Rebuild the services Delete the existing LLS service from windows registry after taking its backup from the location " HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services".                  NOTE: Backup is nothing but export of the service. Reboot the machine  Export the service from a machine where the services are working fine, and then import it in non working machine.    
View full article
  NVD: 2022/08/05 - CVSS v3.1 Base Score: 9.8: Description: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference) The zlib third party is not directly used by FNP. It comes with Thales dongle support . CVE-2022-37434  does not impact FNP directly . The zlib will be upgraded to latest in Thales 8.5 LDK version which is planned for release in Oct 2022.
View full article
Code Insight Reports Code Insight offers standard reports that are packaged with the release contents, as well as a number of other useful reports available for download from our GitHub SCA report repositories. With our flexible Custom Reports Framework, these reports can easily be modified to report only on information most critical to you or you can create your own custom report from scratch. Listing of Available Reports The following is a list of reports currently available for use with Code Insight. This list will be updated as additional reports become available. Standard Reports (part of application codebase) Project Report Audit Report Notices Report Other Available Reports (source code available via GitHub) Project Vulnerabilities Report Project Compliance Report Project Comparison Report Project Inventory Report with Hierarchy SBOM Report (SPDX) SBOM Report (CycloneDX) SBOM Report (HTML & Excel) Claimed Files Report Third-Party Evidence Report Third-Party Notices Report (with optional inventory item notices text updates) Standard Reports Project Report The Project Report provides a summary and comprehensive view into a given project. This is one of our most popular reports - executives appreciate it for its high-level summary and operational risk assessment; development teams use it for archiving, backup and comparison of projects; legal uses it for a quick view of file-level copyrights and license information. The Project Report shows all project inventory organized by inventory priority, security vulnerabilities organized by severity, remaining scan evidence, and review and remediation tasks for the project. In addition, it provides an operational risk index to indicate overall project risk and lists all scanned files and their respective scan evidence. It also benchmarks the project against other known OSS projects that we see in the business. The report is available in JSON and Excel format. The calculations for operational risk index can be customized to suit the needs of your organization. The Excel version of the report includes the following tabs: Project Report: Summary Tab Project Report: Benchmarks Tab Things to Note About the Project Report The metrics and statistics in this report are based on the results of the most recent server scan and remote scan(s) associated with the project. Currently, Code Insight is able to report license evidence found in remote files scanned by a scan agent. This evidence is reflected (along with evidence detected by the Scan Server) in the charts and data in the following locations: Additional Evidence section of the Summary sheet Files with License sheet (with an Alias column to help you determine which files are remote) All Scanned Files sheet When the report lists codebase files, an alias and file path can be included with each file name in the format <alias>:<filePath> (or as separate properties). The alias is a unique descriptive name representing the scan-root path for the Scan Server or remote scan agent, and the file path is relative to scan root. (The actual absolute scan-root path for each scanner associated with the project is available on the project’s Summary sheet.) • The security vulnerability information in the report is based on the CVSS version (v3.x or v2.0) currently used by your Code Insight system for reporting purposes. If CVSS 3.x is used, vulnerability counts and information in the report are based on data from all CVSS v3 systems supported by Code Insight, currently v3.1 and v3.0. (A given vulnerability can have only one v3 score—either a v3.1 or v3.0 score, not both.) Audit Report The Audit Report provides another way to distribute your research and findings to others in your organization. Only published inventory items appear in the Audit reports so that items that are ready to be shared with the broader team can be presented in a clean manner while analysts continue their reviews on in-progress items. Audit Report: Summary View Things to Note about the Audit Report The metrics and statistics in this report are based on the results of the most recent server scan and remote scan(s) associated with the project. When the report lists codebase files, an alias and file path can be included with each file name in the format <alias>:<filePath>. The alias is a unique, descriptive name representing the scan-root path for the Scan Server or remote scan agent, and the file path is relative to scan root. (The actual scan root for each scanner associated with a project is available on the project’s Summary sheet.) The total lines of code listed on the Summary sheet is based on the server-side codebase only; the total does not include lines of code in the remote codebase(s). The security vulnerability information in the report is based on the CVSS version (v3.x or v2.0) currently used by your Code Insight system for reporting purposes. If CVSS 3.x is used, vulnerability counts and information in the report are based on data from all CVSS v3 systems supported by Code Insight, currently v3.1 and v3.0. (A given vulnerability can have only one v3 score—either a v3.1 or v3.0 score, not both.) Notices Report Code Insight provides the ability to produce a Notices report to satisfy the attribution requirements of most open source licenses. The report is created in text format. After Engineering has completed the remediation plan, resolving all rejected inventory items, the codebase is rescanned until it is approved for release. When the codebase is approved for release, you need to generate a Notices report to accompany the software application. This report is a compilation of all the open source/third-party components contained in the product and their license content (notices). The Notices report shows only published inventory. The inventory can be system-generated or custom and of any type—Work in Progress, Component, or License. The following items can appear in the Notices report for each inventory item: Inventory name—The entry in this field is based on naming conventions, which is usually the component name, version, and governing license name. Inventory URL—If the inventory URL is not available, Code Insight uses the associated component URL. If both are unavailable, no URL will appear in the report. Inventory Notices Text— The final “notices” text associated with the inventory item. It is pulled from the Notices Text field on the Notices Text tab for a selected inventory item in the Analysis Workbench or in Project Inventory. If this field is empty, Code Insight uses the content in the As-Found License Text field (also on the Notices Text tab), which shows the verbatim text license text found in the codebase by the system. If no As-Found License Text or Notices Text information is available, the text pulled from the Code Insight data library for the selected license is used in the Notices report. For more information, see Finalizing the Notices Text for the Notices Report Notices Report View Other Available Reports In Code Insight 2020 R1, we released a Custom Reports Framework which enables anyone with coding skills to create custom reports for Code Insight and register them for direct access in the product. The framework provides flexibility not only for our customers, but also for the Revenera team in order to bring you reports outside of our regular release schedule. Here are a few of our most popular reports: Project Vulnerabilities Report This is a security-focused report that calls out all vulnerable project inventory and lists of associated vulnerabilities. Use this report to quickly review security issues or to share data with your Security team. The report supports search and click-through to the vulnerable inventory in Code Insight for additional review. Vulnerabilities Report: Summary View Project Compliance Report This report lets you visualize inventory items for a project along with their current compliance issues. Compliance issues listed in this report are P1 licenses, rejected inventory items, unreviewed items, the presence of security vulnerabilities and outdated (old) versions but the report can be modified to report on compliance issues of interest to your organization. For example, if you are not working with products that are shipped and want to create a security-centric report, this is possible with a few modifications to the report code.   Project Comparison Report This report compares the inventory between two projects (e.g. two different products or two releases of the same product). Project Inventory Report with Hierarchy If you have designated a parent/child hierarchy for your projects in order to better represent your company offerings, the Project Inventory Report can be used to easily report across multiple projects. Running the report for the parent project will pull in all child projects. This is useful for keeping track of your software bill of materials (SBOM) and can be further customized to report on other inventory attributes, such as third-party notices to generate notices across projects. Compliance Report: Summary View Project SBOM Report (SPDX) This report produces a project Software Bill of Materials (SBOM) report in SPDX v2.2 format (.spdx). Project SBOM Report (CycloneDX) This report produces a project Software Bill of Materials (SBOM) report in CycloneDX v1.4 format (.xml). Project SBOM Report (Human Readable) This report produces a project Software Bill of Materials (SBOM) report in a human-readable format (HTML and Excel). Claimed Files Report This report allows users to show files they can claim based on evidence. It created a new inventory item and adds all files matching the provided criteria to this inventory items. The user can then ignore these files during manual analysis. Third-Party Evidence Report This report produces a table of evidence found during the last project scan. Third-Party Notices Report This is a new version of the standard third-party notices report. This report uses data from inventory items' third-party notices text field to generate a third-party notices report to satisfy the attribution requirement of open source licenses. This report will also optionally fetch licenses text associated with the component version for a given inventory item (where available) and update the third-party notices text field with this value.  HTML Report Functionality The majority of Code Insight reports are available in HTML format and can be loaded directly in the browser with the following functionality: The columns in the report can be sorted by clicking on the column header A search box is available for quickly locating specific parts of the report. The search is performed across all columns in the report. You can use the page numbers at the bottom to jump to a specific location Reports link back to the project(s) where the report originated to show you a live view of your inventory and evidence
View full article