Revenera Community Knowledge Base

Summary  Adding an InstallScript custom action to a Basic MSI or InstallScript MSI project extracts few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability. Revenera has issued a security patch to correct this flaw.  Resolution This security fix avoids using known folders and only extracts to a new random secured folder every time the setup is launched. These secured folders have proper access controls so that the standard user cannot access them in all possible scenarios.  Patch for InstallShield 2021 R2  To apply the fix, download the InstallShield 2021 R2 Security Patch.exe and run it on the machine that has either InstallShield 2021 R2 or Standalone Build (SAB) products installed.  Patch for InstallShield 2022 R2  To apply the fix, download the InstallShield 2022 R2 Security Patch.exe and run it on the machine that has either InstallShield 2022 R2 or Standalone Build (SAB) products installed.    To run the patch installation silently:  Download the security patch setup to a temporary folder on the machine on which you want to apply the fix.  Download the  ISSecurityPatchSilentResponseFile.zip file, extract the ISSecurityPatchSilentResponseFile.iss file from the .zip file, and place the ISSecurityPatchSilentResponseFile.iss file in the same folder as the ‘InstallShield 2022 R2 Security Patch.exe’ or ‘InstallShield 2021 R2 Security Patch.exe’ patch file.  Open a Command Prompt window with elevated privileges. (To do so, right-click the shortcut for the Command Prompt window, and then click Run as administrator.)  Run the following command:  "C:\Path\InstallShield <Version> R2 Security Patch.exe" /s /f1"C:\Path\ISSecurityPatchSilentResponseFile.iss"  where the path (C:\Path\) is replaced with the appropriate location and the <Version> is replaced with either 2022 or 2021. When the patch is run, it will correct all the identified security flaws in the above products that are installed on the machine.    To determine if the InstallShield Hotfix has been installed, verify the version of the following files:  The following files will be updated to version 28.0.0.763 (InstallShield 2022 R2) and version 27.0.0.126 (InstallShield 2021 R2):    <ISInstallLocation>\Redist\Language Independent\i386  ISSetup.dll  setup.exe  setupPreReq.exe  SFHelper.dll    <ISInstallLocation>\Redist\Language Independent\x64  setup.exe  setupPreReq.exe  SFHelper.dll     <ISInstallLocation>\Redist\Language Independent\i386\ISP  ISSetup.dll setup.exe  Setup.ocx    <ISInstallLocation>\System  ISSetup.dll 

Question What are all the versions of lmadmin that were impacted and mitigation details related to Log4j vulnerabilities that surfaced in 2021? Answer All FlexNet Publisher lmadmin versions between 2020 R3 (11.17.1.0) to 2021 R4 (11.18.3.0) have log4j vulnerability and hence should not use or download from Revenera PLC. Start to use the lmadmin version later than FlexNet Publisher version 2021 R4. More Information Still want to use the lmadmin versions between 2020 R3 to 2021 R4 and then follow the workaround 

Introduction This article covers the steps to change the Local License Server (LLS) default windows "Service name" and  "Display name" partially without impacting other functionalities of LLS.  Using these steps customer can change the service name of LLS as per their company policy. The default LLS "Service name" is "FNLS-<publisher_name>" and default "Display name" is "FlexNet License Server - <publisher_name>.  Instructions To rename the LLS Windows Service name and Display name, the two files pre-install.vbs and flexnetls.bat present in server folder  of LLS package needs to be modified as mentioned in following steps before doing installation: Open the file pre-install.vbs  and update the  value of "idNode.text" as desired Service name and nameNode.text value as desired Service Display name. In this use case  default Service name will be modified to "ReveneraTest-<publisher_name>" and Display Name to "Test LicenseServer Modified_DispName - <publisher_name>"  by updating values of idNode.text and nameNode.text respectively as shown in below screenshot. Open the file flexnetls.bat and update the value of tag "SET SERVICE_NAME=" to the same name which was set in Step 1 for iNode.text. For example, see below screenshot.   After performing above two steps, now one can use flexnetls.bat to install the LLS service with modified Service name and Display name and then can verify the changes from Windows services. More Information The <publisher_name> gets replaced with the publisher value present in producer-settings.xml using substitution variables and it is not recommended to  modify the publisher name as impacts are unknown. This is not documented officially in LLS help guide as of today as this name change is not tested end to end at our end. And if customer choses to modify the service, an end to end test is needed at customer end with the their own use cases.

Available Release Notes The following are the Release Notes available for FlexNet Code Insight Electronic Update releases: Changes in Update Released on 24-March-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44498,  SCA-44503,  SCA-45457 Integration of PURL to Alpine, Rubygems, Go in the data library SCA-46214 Generic Mapper is an addition to our vulnerability mappers . This is an enhancement to the existing NPMJS mapper to include Maven and Packagist and make it a generic one. Updated/Added license detection capability and license evidence mechanism for: 3dfx Glide License Academic Free License v1.1 Academic Free License v1.2 Academic Free License v2.0 Academic Free License v2.1 Academic Free License v3.0 Adaptive Public License 1.0 Adobe Systems Incorporated Source Code License Agreement Giftware License Adobe Glyph List License Apple Public Source License 1.0 Apple Public Source License 1.1 Apple Public Source License 1.2 Apple Public Source License 2.0 Artistic License 1.0 Artistic License 2.0 Beerware License eCos license version 2.0 Educational Community License v1.0 Educational Community License v2.0 Educational Community License v2.0 Attribution Assurance License Apache License 1.0 Apache License 1.1 Apache License 2.0 Eiffel Forum License v1.0 Eiffel Forum License v2.0 Amazon Digital Services License ANTLR Software Rights Notice ANTLR Software Rights Notice with license fallback Adobe Postscript AFM License  Collector Status : Name Date of Last Successful Run npm 1/31/2023 crates 8/25/2022 cpan 3/23/2023 clojars 2/9/2023 rubygems 3/23/2023 maven-google 2/10/2023 cran 3/18/2023 hackage 2/12/2023 packagist 2/5/2023 go 3/24/2023 pypi 2/13/2023 nuget gallery 3/16/2023 maven2-ibiblio 1/18/2023 github 2/14/2023 fedora-koji 2/13/2023 alpine 3/22/2023 gitlab 11/19/2022 Changes in Update Released on 10-March-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44820 NPM Notices Text : Fixing the Missing release_license_text mappings for Npm components SCA-46203, SCA-44502 Integration of PURL to the collectors Npmjs and Nuget SCA-47061 Addition of cocoapods forge to our data library SCA-46161,  SCA-46144,  SCA-42593,  SCA-46477 Fixed false positive vulnerabilities for components like android-json, prometheus_client 0.15.0, jqueryui , Microsoft Reportviewer and Microsoft vcruntime etc Updated/Added license detection capability and license evidence mechanism for: Sendmail SISSL SISSL-1.2 SMLNJ SMPPL SNIA Spencer-86 Spencer-94 Spencer-99 TCL TCP-wrappers TORQUE-1.1 TOSL u-boot-exception-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 VOSTROM W3C-20150513 W3C-19980720 Wsuipa WTFPL X11 Xerox Xpp XSkat Zed Zimbra-1.4 Zimbra-1.3 zlib-acknowledgement zlib UCL-1.0 SSPL-1.0 SHL-0.5 SHL-0.51 Sendmail-8.23 PSF-2.0 TAPR-OHL-1.0 PolyForm-Small-Business-1.0.0 PolyForm-Noncommercial-1.0.0 Parity-7.0.0 Parity-6.0.0 OGL-UK-1.0 OGL-UK-2.0 OGL-UK-3.0 OGL-Canada-2.0 OGDL-Taiwan-1.0 TU-Berlin-1.0 TU-Berlin-2.0 SSH-OpenSSH SSH-short Collector Status : Name Date of Last Successful Run npm 1/31/2023 crates 8/25/2022 cpan 2/9/2023 clojars 2/9/2023 rubygems 2/10/2023 maven-google 2/10/2023 cran 2/11/2023 hackage 2/12/2023 packagist 2/13/2023 go 2/14/2023 pypi 2/15/2023 nuget gallery 2/15/2023 maven2-ibiblio 1/18/2023 github 2/15/2023 fedora-koji 2/15/2023 alpine 2/15/2023 gitlab 11/19/2022 Changes in Update Released on 24-February-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-46545 Update License URL of OpenPBS License v2.3 in the data library SCA-44499 Integration of Purl to Cran collector Collector Status : Name Date of Last Successful Run gitlab 11/19/2022 npm 1/31/2023 crates 8/25/2022 cpan 2/9/2023 clojars 2/9/2023 rubygems 2/10/2023 maven-google 2/10/2023 cran 2/11/2023 hackage 2/12/2023 packagist 2/13/2023 go 2/14/2023 alpine 2/15/2023 fedora-koji 2/15/2023 pypi 2/15/2023 github 2/15/2023 nuget gallery 2/15/2023 maven2-ibiblio 1/18/2023 Changes in Update Released on 20-February-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to OpenSSL component: Added vulnerability information to the following openSSL components openssl(id: 58316) - https://www.openssl.org openssl-openssl (id: 416271) - https://github.com/openssl/openssl openssl (id: 27181269) - https://koji.fedoraproject.org/koji/packageinfo?packageID=openssl related to vulnerability CVEs CVE-2023-0286 (https://nvd.nist.gov/vuln/detail/CVE-2023-0286) CVE-2022-4304 (https://nvd.nist.gov/vuln/detail/CVE-2022-4304) CVE-2023-0215 (https://nvd.nist.gov/vuln/detail/CVE-2023-0215) CVE-2022-4450 (https://nvd.nist.gov/vuln/detail/CVE-2022-4450) CVE-2023-0216 (https://nvd.nist.gov/vuln/detail/CVE-2023-0216) CVE-2023-0217 (https://nvd.nist.gov/vuln/detail/CVE-2023-0217) CVE-2023-0401 (https://nvd.nist.gov/vuln/detail/CVE-2023-0401) Issue ID Issue Summary SCA-45980 Review and add the license priority for "commercial license" in licenses table Updated/Added license detection capability and license evidence mechanism for: PostgreSQL psfrag psutils Qhull QPL-1.0 Rdisc RSA-MD Saxpath SCEA New/Update Component Requests: krig-parallax inuitcss-generic.normalize Collector Status : Name Date of Last Successful Run gitlab 11/19/2022 maven2-ibiblio 1/18/2023 alpine 2/8/2023 npm 1/31/2023 crates 8/25/2022 cpan 2/9/2023 clojars 2/9/2023 rubygems 2/10/2023 maven-google 2/10/2023 cran 2/11/2023 hackage 2/12/2023 fedora-koji 2/12/2023 packagist 2/13/2023 go 2/14/2023 pypi 2/15/2023 github 2/15/2023 nuget gallery 2/15/2023 Changes in Update Released on 30-January-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-45333 SPDX Collector: Populate license_attribute values for all the licenses   Updated/Added license detection capability and license evidence mechanism for: NetCDF Newsletr NLOD-1.0 NLOD-2.0 NLPL OLDAP-1.1 OLDAP-1.2 OLDAP-1.3 OLDAP-1.4 OLDAP-2.0 OLDAP-2.0.1 OLDAP-2.1 OLDAP-2.2 OLDAP-2.2.1 OLDAP-2.2.2 OLDAP-2.4 OLDAP-2.5 OLDAP-2.6 OLDAP-2.7 Addition of missing vulnerability mappings for the following components: Tcexam Collector Status : Name Date of Last Successful Run crates 8/25/2022 gitlab 11/19/2022 maven2-ibiblio 1/18/2023 go 1/23/2023 cpan 1/19/2023 fedora-koji 1/23/2023 clojars 1/19/2023 rubygems 1/20/2023 maven-google 1/20/2023 cran 1/21/2023 hackage 1/22/2023 packagist 1/23/2023 npm 1/23/2023 nuget gallery 1/18/2023 alpine 1/18/2023 pypi 1/18/2023 github 1/23/2023 Changes in Update Released on 12-January-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-45214 Fixed missing vulnerability issue for component dom4j SCA-44820 Fixed the missing release_license_text mappings for Npm components Updated/Added license detection capability and license evidence mechanism for: MITNFA mpich2 MTLL Mup NBPL-1.0 OSET-PL-2.1 Plexus Artistic-1.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-2.0 Noweb NRL Nunit OCCT-PL OML New/Update Component Requests: Microsoft Capicom Microsoft Enterprise Library 5 Microsoft .NET Framework Collector Status : Name Date of Last Successful Run crates 8/25/2022 gitlab 11/19/2022 maven2-ibiblio 12/22/2022 go 1/4/2023 cpan 1/5/2023 fedora-koji 1/5/2023 clojars 1/5/2023 rubygems 1/6/2023 maven-google 1/6/2023 cran 1/7/2023 hackage 1/8/2023 packagist 1/9/2023 npm 1/10/2023 nuget gallery 1/10/2023 alpine 1/11/2023 pypi 1/11/2023 github 1/11/2023 Changes in Update Released on 22-December-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44946 Nuget version level licenses - Support for new licenses SCA-44702 Update the Component versions for nvuillam-npm-groovy-lint  Updated/Added license detection capability and license evidence mechanism for: Leptonica LGPLLR libtiff LiLiQ-P-1.1 LiLiQ-Rplus-1.1 LiLiQ-R-1.1 MakeIndex Net-SNMP Collector Status : Name Date of Last Successful Run crates 8/25/2022 gitlab 11/19/2022 cpan 12/15/2022 clojars 12/15/2022 rubygems 12/16/2022 maven-google 12/16/2022 cran 12/17/2022 hackage 12/18/2022 packagist 12/19/2022 alpine 12/21/2022 fedora-koji 12/21/2022 npm 12/21/2022 pypi 12/21/2022 nuget gallery 12/21/2022 go 12/22/2022 github 12/22/2022 maven2-ibiblio 12/22/2022  Changes in Update Released on 08-December-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44052 Added Spice Software License and detection rules. SCA-43599 Nuget Collector: Enhancement to collect version level licenses. SCA-44396 Invalid URL's in the description for some of the components. SCA-44439 Alpine Collector Enhancements - Version Level Date Enhancements. SCA-44438 Alpine Collector Enhancements - RepoURL Enhancements. Updated/Added license detection capability and license evidence mechanism for: ICU ImageMagick Intel-ACPI Interbase-1.0 JasPer-2.0 LAL-1.2 LAL-1.3 GL2PS Glulxe Gnuplot FSFUL HaskellReport IBM-pibs Latex2e New/Update Component Requests None Collector Status : Name Date of Last Successful Run crates 8/25/2022 npm 12/08/2022 pypi 10/18/2022 alpine 11/30/2022 gitlab 11/19/2022 cpan 12/08/2022 rubygems 12/08/2022 clojars 12/08/2022 github 12/07/2022 maven-google 12/02/2022 fedora-koji 12/07/2022 cran 12/03/2022 nuget gallery 12/01/2022 hackage 12/04/2022 packagist 12/04/2022 go 12/07/2022 maven2-ibiblio 11/28/2022 Changes in Update Released on 29-November-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44021 Addition of Go vulnerability mapper to the list of our automated vulnerability mappers SCA-44283 Added the license Microsoft .Net Compiler Platform Redistributable Packages Preview to the data library SCA-44290 Updated the invalid urls of few Go forge components like Alamofire/AlamofireImage, BoltsFramework/Bolts-Swift and bitstadium/hockeykit. SCA-44376 Updating license information for the components jquery (id: 3526090) SCA-44397, SCA-43635 Fixed false positive vulnerability for the components like system.threading.tasks nuget package and MySQL NPM module. Updated/Added license detection capability and license evidence mechanism for: Qt-GPL-exception-1.0.txt SchemeReport.txt SWL.txt Universal-FOSS-exception-1.0.txt X11-distribute-modifications-variant.txt XSkat.txt CECILL-1.0 CECILL-1.1 CECILL-2.0 CECILL-2.1 CECILL-B CECILL-C MPL-1.0 MPL-1.1 MPL-2.0 MPL-2.0-no-copyleft-exception NPL-1.0 NPL-1.1 MIT License MIT-open-group X11 X11-distribute-modifications-variant XSkat SWL SchemeReport New/Update Component Requests XIPH Flac XORG XServer Collector Status : Name Date of Last Successful Run crates 8/25/2022 npm 10/11/2022 pypi 10/18/2022 alpine 11/8/2022 gitlab 11/19/2022 cpan 11/24/2022 rubygems 11/24/2022 clojars 11/24/2022 github 11/24/2022 maven-google 11/25/2022 fedora-koji 11/26/2022 cran 11/26/2022 nuget gallery 11/26/2022 hackage 11/27/2022 packagist 11/28/2022 go 11/28/2022 maven2-ibiblio 11/28/2022 Changes in Update Released on 11-November-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44237 Addition of missing vulnerabilities for junit(componentId: 437385) SCA-44183 Addition of missing vulnerabilities for xercesimpl and spring-data-mongodb SCA-44075 Update license text for the license Microsoft .NET Library License SCA-44065 Fixing license evidences for net-tools component SCA-41333 Addition of Alpine forge to list of our forge data collection Updated/Added license detection capability and license evidence mechanism for: mplus.txt MulanPSL-1.0.txt MulanPSL-2.0.txt NAIST-2003.txt NCGL-UK-2.0.txt NIST-PD-fallback.txt NIST-PD.txt NTP-0.txt O-UDA-1.0.txt ODC-By-1.0.txt OpenJDK-assembly-exception-1.0.txt OPUBL-1.0.txt MIT-0 MIT-CMU MIT-enna MIT-feh MIT-Modern-Variant.txt MIT-open-group.txt New/Update Component Requests Google Play Services Android android-support-library-v13 TrafficWatcher ata-project Telerik UI for ASP.NET MVC Components Microsoft.Data.SqlClient.SNI.runtime microsoft.aspnet.webapi.tracing Microsoft SQL Server Compact 3.5 Service Pack 2 Collector Status : Name Date of Last Successful Run alpine 11/8/2022 crates 8/25/2022 npm 10/11/2022 pypi 10/18/2022 cran 10/22/2022 maven2-ibiblio 10/27/2022 clojars 11/3/2022 rubygems 11/3/2022 maven-google 11/4/2022 cpan 11/4/2022 nuget gallery 11/5/2022 hackage 11/6/2022 packagist 11/7/2022 go 11/9/2022 github 11/9/2022 gitlab 11/9/2022 fedora-koji 11/10/2022 Changes in Mini Update Released on 02-November-2022 This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE. This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to OpenSSL component: Added vulnerability information to the following openSSL components openssl(id: 58316) - https://www.openssl.org openssl-openssl (id: 416271) - https://github.com/openssl/openssl openssl (id: 27181269) - https://koji.fedoraproject.org/koji/packageinfo?packageID=openssl related to vulnerability CVEs CVE - 2022-3786 (https://nvd.nist.gov/vuln/detail/CVE-2022-3786 ) CVE - 2022-3602 (https://nvd.nist.gov/vuln/detail/CVE-2022-3602 ) Issue ID Issue Summary SCA-44311 Addition of new vulnerabilities related to OpenSSL component Changes in Mini Update Released on 21-October-2022 This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE. This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to Apache Commons Text component: Added vulnerability information to the apache-commons-text component (https://github.com/apache/commons-text ) related to vulnerability cve CVE-2022-42889 (https://nvd.nist.gov/vuln/detail/CVE-2022-42889 ) Issue ID Issue Summary SCA-44223 Mapping new vulnerability CVE-2022-42889 to the component apache-commons-text Changes in Update Released on 18-October-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-43662 Addition of latest versions for the component Akka SCA-43253 Fixing the version information for the component https://github.com/Sequel-Ace/Sequel-Ace. SCA-42544 Fixing false positive vulnerabilities for the component jquery UI Updated/Added license detection capability and license evidence mechanism for: CERN-OHL-1.1.txt CERN-OHL-1.2.txt CERN-OHL-P-2.0.txt CERN-OHL-S-2.0.txt CERN-OHL-W-2.0.txt CC-BY-3.0-AT.txt CC-BY-3.0-DE.txt CC-BY-3.0-NL.txt CC-BY-NC-3.0-DE.txt CC-BY-NC-ND-3.0-DE.txt CC-BY-NC-SA-2.0-FR.txt CC-BY-NC-SA-3.0-DE.txt CC-BY-ND-3.0-DE.txt CC-BY-SA-2.1-JP.txt CC-BY-SA-3.0-AT.txt CC-BY-SA-3.0-DE.txt CDLA-Permissive-2.0.txt COIL-1.0.txt DL-DE-BY-2.0.txt FDK-AAC.txt Jam.txt Linux-man-pages-copyleft.txt KiCad-libraries-exception.txt New/Update Component Requests zyantific/zycore-c New Component Detection Rules aide/aide Collector Status : Name Date of Last Successful Run gitlab 8/5/2022 crates 8/25/2022 hackage 10/9/2022 maven2-ibiblio 10/10/2022 npm 10/11/2022 pypi 10/12/2022 clojars 10/13/2022 cpan 10/13/2022 rubygems 10/13/2022 maven-google 10/14/2022 fedora-koji 10/14/2022 cran 10/15/2022 go 10/17/2022 github 10/17/2022 nuget gallery 10/17/2022 packagist 10/17/2022 Changes in Update Released on 23-September-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-43521 Fixed false positives in license detection and license evidence mechanism for licenses like 0BSD, ISC and MIT. SCA-42852 Updated version information for NPMJS components like @aws-sdk/client-dynamodb and @aws-sdk/client-dynamodb-streams   Addition of missing vulnerability mappings for the following components : atomic crypto-utils fedmsg fedora-arm-installer python-fedora sectool coolkey sssd anaconda newsx rpmdevtools cronie Collector Status : Name Date of Last Successful Run gitlab 8/5/2022 crates 8/25/2022 clojars 9/15/2022 maven2-ibiblio 9/15/2022 cpan 9/15/2022 rubygems 9/15/2022 maven-google 9/16/2022 cran 9/17/2022 nuget gallery 9/18/2022 hackage 9/18/2022 packagist 9/18/2022 npm 9/20/2022 go 9/21/2022 pypi 9/21/2022 github 9/21/2022 fedora-koji 9/21/2022 Changes in Mini Update Released on 13-September-2022 This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE. This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to commons_configuration2 component: Added vulnerability information to the commons_configuration2 maven component (https://mvnrepository.com/artifact/org.apache.commons/commons-configuration2 ) related to vulnerability cves, CVE-2022-33980 (https://nvd.nist.gov/vuln/detail/CVE-2022-33980 ) CVE-2020-1953 (https://nvd.nist.gov/vuln/detail/CVE-2020-1953) Issue ID Issue Summary SCA-43592 Missing vulnerabilityCVE-2022-33980 for the component commons_configuration2 SCA-43114 Updating component information for components like entityframework, mailbee.net and microsoft.sqlserver.sqlmanagementobjects. Changes in Update Released on 09-September-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-43115 Addition of new licenses to reflib like AfterLogic Software License Agreement , Entity Framework 5.0 For Microsoft Windows Operating System and Microsoft SQL SERVER 2017 Shared Management Objects. Updated/Added license detection capability and license evidence mechanism for: EPICS.txt etalab-2.0.txt copyleft-next-0.3.0.txt copyleft-next-0.3.1.txt GD.txt GLWTPL.txt Hippocratic-2.1.txt HPND-sell-variant.txt HTMLTIDY.txt JPNIC.txt libpng-2.0.txt libselinux-1.0.txt Linux-OpenIB.txt Collector Status : Name Date of Last Successful Run gitlab 8/5/2022 maven2-ibiblio 8/22/2022 clojars 9/1/2022 crates 8/25/2022 cpan 9/1/2022 rubygems 9/1/2022 maven-google 9/2/2022 hackage 9/4/2022 nuget gallery 9/5/2022 packagist 9/5/2022 go 9/6/2022 pypi 9/6/2022 cran 9/7/2022 github 9/7/2022 fedora-koji 9/7/2022 npm 9/7/2022 Changes in Update Released on 29-August-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-42217 BSD 3-Clause license text not detected SCA-43300 Fixed license detection and license evidence mechanism for dvipdfm license to avoid false positives Updated/Added license detection capability and license evidence mechanism for: 0BSD BSD-1-Clause BSD-3-Clause-Modification BSD-3-Clause-No-Military-License BSD-3-Clause-Open-MPI.txt New/Update Component Requests jridgewell/gen-mapping jridgewell/set-array jridgewell/sourcemap-codec CPUID CPU-Z get-image-file-type-programmatically-in-swift swift-5-4-hex-to-nscolor SNMP++ API supports-preserve-symlinks-flag Addition of missing vulnerability mappings for the following components : bwm-ng mattermost_server snipe-it cgal caldera-forms Collector Status : Name Date of Last Successful Run fedora-koji 8/2/2022 gitlab 8/5/2022 cpan 8/18/2022 rubygems 8/18/2022 maven-google 8/19/2022 cran 8/20/2022 nuget gallery 8/21/2022 hackage 8/21/2022 maven2-ibiblio 8/22/2022 packagist 8/22/2022 go 8/23/2022 github 8/24/2022 crates 8/24/2022 npm 8/24/2022 clojars 8/25/2022 pypi 8/26/2022 Changes in Update Released on 12-August-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-42725 Fixed False positive vulnerabilities related to SQL Lite SCA-31133 Addition of Nuget vulnerability mapper to the list of vulnerability mappers SCA-42767 Updated license information for the components datatables-fixedcolumns and datatables-tabletools in our data library SCA-43007 GNU Library General Public License v2 or later (LGPL-2.0-or-later) License Evidence is not being detected for gettext.c file Updated/Added license detection capability and license evidence mechanism for: LGPL-2.0-or-later SPDX licenses with additional clauses App-s2p Baekmuk blessing BlueOak-1.0.0 C-UDA-1.0 New/Update Component Requests FixedColumns Autofill Tabletools New Component Detection Rules: Tabletools.js and Tabletools.min.js FixedColumns.js and FixedColumns.min.js Collector Status : Name Date of Last Successful Run maven2-ibiblio 7/28/2022 fedora-koji 8/2/2022 clojars 8/4/2022 cpan 8/4/2022 rubygems 8/4/2022 maven-google 8/5/2022 gitlab 8/5/2022 cran 8/6/2022 nuget gallery 8/6/2022 hackage 8/7/2022 packagist 8/8/2022 go 8/9/2022 pypi 8/10/2022 github 8/10/2022 crates 8/10/2022 npm 8/10/2022 Changes in Update Released on 18-July-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: GPL-AGPL-LGPL License Cleanup There are three issues we are addressing as part of this GPL-AGPL-LGPL License data cleanup project: Example: jquery 6.2.0 (GPL-1.0) Here GPL-1.0 is the license with the short name associated with the component jquery. 1. Short Name Change When a particular license short name is changed and released as part of an electronic update, the short name is not automatically propagated to the inventory items with that selected license. For example, when we change the short name of license id 343 from "GPL-1.0” to “GPL-1.0-only” in an electronic update, the existing inventory items names with that selected license will not be updated. 2. Component to License Mapping Change When the component to license mapping is changed, let’s say jquery is mapped with "Apache-2.0" in the electronic update, then this new mapping wouldn’t be propagated to existing inventory items. This results in inconsistency between the license mapping, existing inventory items, and future inventory items using the new license mapping. 3. Duplicate entry cleanup After running the cleanup scripts, there are possibility of having duplicate entries for the licenses which had mappings in component table and versions table. In our case, we have mappings for 3 licenses, i.e LGPL-2.1-or-later(License_id=704), AGPL-1.0-only(License_id=1654) and AGPL-3.0-only(License_id=229). Note : Around 16 GPL-AGPL-LGPL related licenses are updated and workaround has been provided for necessary scenarios. Please refer the article on GPL-LGPL-AGPL License Cleanup for detailed information and workarounds: https://community.flexera.com/t5/Code-Insight-Knowledge-Base/Code-Insight-GPL-LGPL-AGPL-License-Data-Cleanup-Project/ta-p/240679 Issue ID Issue Summary SCA-40135 Updating the GPL related licenses in the data library according to SPDX SCA-40180, SCA-41672 Preparation of scripts related to changes made to GPL, LGPL and AGPL licenses. SCA-42149 Updated version information for the component minimist. Updated/Added license detection capability and license evidence mechanism for GPL-LGPL-AGPL related licenses (part of GPL-AGPL-LGPL license cleanup activity): AGPL-1.0-only AGPL-1.0-or-later AGPL-3.0-only AGPL-3.0-or-later GPL-1.0-only GPL-1.0-or-later GPL-2.0-only GPL-2.0-or-later GPL-3.0-only GPL-3.0-or-later LGPL-2.0-only LGPL-2.0-or-later LGPL-2.1-only LGPL-2.1-or-later LGPL-3.0-only LGPL-3.0-or-later Collector Status : Name Date of Last Successful Run gitlab 5/13/2022 maven2-ibiblio 6/30/2022 nuget gallery 7/4/2022 clojars 7/7/2022 cpan 7/7/2022 rubygems 7/7/2022 cran 7/9/2022 maven-google 7/9/2022 hackage 7/10/2022 packagist 7/11/2022 go 7/12/2022 pypi 7/13/2022 github 7/13/2022 crates 7/13/2022 fedora-koji 7/13/2022 npm 1/30/2022 Changes in Update Released on 07-July-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-42146 Addition of the license EDL 1.0 to PDL. Collector Status : Name Date of Last Successful Run gitlab 5/13/2022 npm 1/30/2022 pypi 6/29/2022 crates 6/29/2022 clojars 6/30/2022 maven2-ibiblio 6/30/2022 cpan 6/30/2022 rubygems 6/30/2022 maven-google 7/1/2022 go 7/1/2022 cran 7/2/2022 fedora-koji 7/2/2022 hackage 7/3/2022 github 7/4/2022 nuget gallery 7/4/2022 packagist 7/4/2022 Changes in Mini Update Released on 28-June-2022 This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE. This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to jenkins component: Added the latest vulnerability information for jenkins component (Component id : 191327) related to vulnerability CVE-2022-34175 (https://nvd.nist.gov/vuln/detail/CVE-2022-34175) Issue ID Issue Summary SCA-39993 Miniature PDL package creation and processing in product Changes in Update Released on 15-June-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-40437 Addition of Go Collector to the list of collectors Collected Batch 1- 50000 packages. SCA-42001 Fixed license information for the component 'setuptools'. SCA-42030 Fixed license information for the component 'react-leaflet'. SCA-42040 Fixed license information for the component 'pillow'. SCA-42108 Updated component-version information for the component 'url-parse'. Collector Status : Name Date of Last Successful Run gitlab 5/13/2022 crates 5/28/2022 npm 1/30/2022 pypi 6/8/2022 clojars 6/9/2022 cpan 6/9/2022 rubygems 6/10/2022 cran 6/11/2022 maven2-ibiblio 6/11/2022 maven-google 6/11/2022 hackage 6/12/2022 nuget gallery 6/12/2022 packagist 6/13/2022 github 6/14/2022 fedora-koji 6/14/2022 go 6/14/2022 Changes in Update Released on 13-May-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-41730 Addition of vulnerability mappings to zlib component (CVE-2018-25032). Collector Status : Name Date of Last Successful Run hackage 5/8/2022 npm 1/30/2022 crates 4/26/2022 clojars 5/5/2022 cpan 5/5/2022 rubygems 5/6/2022 maven-google 5/6/2022 cran 5/7/2022 nuget gallery 5/8/2022 maven2-ibiblio 5/9/2022 packagist 5/10/2022 github 5/11/2022 gitlab 5/11/2022 pypi 5/11/2022 fedora-koji 5/11/2022 Changes in Update Released on 28-Apr-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-41430 Addition and Updating components and license information for components like JakartaFtpWrapper, nsftools.com Standard Disclaimer etc. SCA-41268 Fixed the incorrect license mapping for hibernate-core component. Addition of license detection capability and license evidence mechanism for the following licenses : FreeImage freertos-exception-2.0 FSFAP FSFULLR Collector Status : Name Date of Last Successful Run hackage 4/24/2022 npm 1/30/2022 maven2-ibiblio 4/12/2022 cpan 4/14/2022 fedora-koji 4/19/2022 rubygems 4/21/2022 cran 4/22/2022 maven-google 4/22/2022 nuget gallery 4/23/2022 crates 4/26/2022 clojars 4/27/2022 github 4/27/2022 packagist 4/27/2022 gitlab 4/27/2022 pypi 4/27/2022 Changes in Update Released on 13-Apr-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to spring-framework component: Added vulnerability information for spring-framework component ( CVE-2022-22950 and CVE-2022-22965). Issue ID Issue Summary SCA-41311 Fix incorrect vulnerability mapping to the component POI. SCA-41305 Addition of vulnerabilities to xmlbeans 2.6.0 component. SCA-41141 Enhancement to collect missing licenses for Pypi components. SCA-40144 Addition of Components from https://gitlab.xiph.org/xiph Changes in Update Released on 25-Mar-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-40941 Update license information for npm component- pixrem. SCA-40777 Map Fair license to "Assert" component. SCA-40872 License information for jquery 1.12.4 - MIT or GPL-2.0 license? Addition of missing vulnerability mappings for the following components : jhuisi-charm pear-archive_tar zopefoundation-accesscontrol nextcloud-richdocuments pear-archive_tar 3xxx-engineercms isomorphic-git-isomorphic-git justarchinet-archisteamfarm matanui159-replaysorcery xmldom-xmldom util-linux-util-linux Addition of license detection capability and license evidence mechanism for the following licenses : dvipdfm mif-exception eCos-exception-2.0 eGenix EPL-2.0 EUPL-1.2 FLTK-exception Collector Status : Name Date of Last Successful Run packagist 2/27/2022 maven2-ibiblio 3/7/2022 npm 1/30/2022 gitlab 3/8/2022 clojars 3/16/2022 rubygems 3/17/2022 cpan 3/17/2022 cran 3/18/2022 maven-google 3/18/2022 nuget gallery 3/19/2022 hackage 3/20/2022 github 3/22/2022 crates 3/23/2022 pypi 3/23/2022 fedora-koji 3/23/2022 Changes in Update Released on 14-Mar-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-32308 Pypi forge vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. SCA-40984 Fix false positive vulnerabilities for Mono.Cecil Addition of missing vulnerability mappings for the following components : glances video.js nukeviet lavalite-cms evolution-cms-evolution flatpress yzmcms elfinder.aspnet Collector Status : Name Date of Last Successful Run packagist 2/27/2022 cran 3/4/2022 maven-google 3/5/2022 hackage 3/6/2022 maven2-ibiblio 3/7/2022 nuget gallery 3/7/2022 crates 3/8/2022 npm 1/30/2022 gitlab 3/8/2022 clojars 3/9/2022 pypi 3/9/2022 rubygems 3/10/2022 github 3/10/2022 cpan 3/10/2022 fedora-koji 3/10/2022 Changes in Update Released on 24-Feb-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-40339 Fixed license mappings for hangfire.core nuget component . SCA-40332 Fixed license mappings for microsoft.net.workload.emscripten.manifest nuget component SCA-40215 Fixed false positive CVE for system.threading.tasks.extensions 4.5.4 component Addition of missing vulnerability mappings for the following components : stuk-jszip firefly-iii pjsip-pjproject oisf-suricata gitlogplus velociraptor contour stmicroelectronics-stm32cubeh7 mod_auth_openidc New/Update Component Requests Microsoft Infographic Designer Microsoft Advance Card Collector Status : Name Date of Last Successful Run npm 12/3/2021 gitlab 1/13/2022 maven2-ibiblio 2/15/2022 rubygems 2/17/2022 cran 2/18/2022 maven-google 2/18/2022 nuget gallery 2/19/2022 hackage 2/20/2022 packagist 2/20/2022 crates 2/22/2022 clojars 2/23/2022 github 2/23/2022 pypi 2/23/2022 fedora-koji 2/23/2022 cpan 2/24/2022 Changes in Update Released on 10-Feb-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-40131 Fixing false positive component_cpe mappings SCA-40004 Fix for "Unable to load or add component version libssh 0.7.3" SCA-39146 GPL 3.0 or later and GPL 3.0 Only - both licenses are reported when the source clearly has only one SPDX ID SCA-38096 Fixing redirecting urls for clojars collector Addition of missing vulnerability mappings for the following components : mosquitto lwip folly matio libheif manageiq redis Addition of license detection capability and license evidence mechanism for the following licenses : D-FSL-1.0 diffmark DigiRule-FOSS-exception Dotseqn DSDP New/Update Component Requests windowsazure.servicebus microsoft.azure.servicebus.eventprocessorhost mesa sharpmimetools Changes in Update Released on 28-Jan-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: MIT License Cleanup There are two licenses in Code Insight for MIT – MIT License and MIT-Style License. While most licenses declared by open-source developers fall into the MIT License, the MIT-Style License is more of a template license consisting of various ways of how MIT license can be declared. We noticed that the license mapping to majority of components are mapped incorrectly to the MIT-Style License. This is being resolved via an electronic update where the mappings are corrected and for existing projects that need mappings change a script will be provided. Note: Please refer the article on MIT License Cleanup for detailed information and workarounds: https://community.flexera.com/t5/Code-Insight-Knowledge-Base/Code-Insight-MIT-License-Data-Cleanup-Project/ta-p/214451/jump-to/first-unread-message Known issue: A script "MIT-CleanupQueries.sql" is provided which has to be run after the PDL update. This script updates the license names and the incorrect license mappings in the existing system-generated inventories with the updated data changes as mentioned above. There is a known issue for a particular set of inventories which have comma separated license names. This is observed in the inventories generated by AutoWriteup. Ex: jQuery (MIT, MIT License) In this case, the script provided to update the existing inventory names would not work. This causes a duplicate inventory on rescan. The detailed issue description and workaround are provided in the jira: https://jira.flexera.com/browse/SCA-40194   Issue ID Issue Summary SCA-39812 Map vulnerabilities for gnu components SCA-39748 Update version information for pilotmoon-scroll-reverser SCA-38553 License detection XML detects both MIT and MIT-Style as evidence for MIT License SCA-28851 MIT License cleanup: Enhancement to collector level license mappings mechanism to update invalid mappings for MIT and MIT-Style licenses. SCA-28766 Perform entire sequence of MIT License Cleanup-License short_name changes and license remapping at component and version level. Addition of missing vulnerability mappings for the following components : Itop Mupdf Anchrome Addition of license detection capability and license evidence mechanism for the following licenses : CNRI-Jython CNRI-Python CNRI-Python-GPL-Compatible Crossword CrystalStacker PSF-2.0 Python-2.0 Changes in Update Released on 13-Jan-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to log4j component: Added component detection capabilities to identify log4j components in "ivy.xml". Issue ID Issue Summary SCA-39360 Fixed the license evidence mechanism to eliminate false positive findings. SCA-39579 Addition of gnu vulnerable components to the data library SCA-38160 GNU vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. SCA-38159 Jenkins vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. Addition of missing vulnerability mappings for the following components : xml_database graphhopper Openvswitch-ovs osgeo-gdal unicorn-engine-unicorn open62541-open62541 racket-racket mozilla-geckodriver gnuaspell-aspell libsndfile-libsndfile libarchive matio Addition of license detection capability and license evidence mechanism for the following licenses : CC-BY-NC-ND-1.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-4.0 CC-BY-NC-4.0 CC-BY-ND-4.0 CC-BY-SA-4.0 CC-BY-4.0 Cube curl CDLA-Permissive-1.0 CDLA-Sharing-1.0 CECILL-2.1 CLISP-exception-2.0 New Component Requests Windows SDK for Windows Server 2008 and .NET Framework 3.5 Strictly Software htmlencode Changes in Update Released on 23-Dec-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to Apache log4j2 component: Updated vulnerability information for log4j2 component (CVE-2021-44228,CVE-2021-45046,CVE-2021-4104). Updated versions for the log4j2 components. Issue ID Issue Summary SCA-38791 Updated missing vulnerabilities for nuget top 100 component SCA-35846 Enhancements to Nuget Collector for Version-Level License Collection Addition of missing vulnerability mappings for the following components : consul uri.js chatwoot bat cgm-remote-monitor connect muwire containerd discourse micronaut gatsby-source-wordpress venus_os Updated Components List : world-clock-and-the-timezoneinformation-class Changes in Update Released on 16-Dec-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to Apache log4j2 component: Updated versions for the log4j2 components from different forges like github, maven and fedora. Updated vulnerabilities for log4j2 component (CVE-2021-44228). Issue ID Issue Summary SCA-38864 Analysis & update license for jaxen component. SCA-38669 AutoWriteup Rules : Map licenses to AutoWriteup Rules with no licenses. SCA-38521 Increasing Component CPE mappings in Data Library. SCA-38479 Updated version information for 27208706. SCA-38791 Update missing license for top 100 Nuget components. Addition of missing vulnerability mappings for the following components : falco manageengine_admanager_plus esp32_firmware libvips-libvips junos rancher sheetjs etherpad stealth Addition of license detection capability and license evidence mechanism for the following licenses : bzip2-1.0 bzip2-1.0.5 Caldera BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause-No-Nuclear-License-2014 BSD-3-Clause-No-Nuclear-License BSD-3-Clause-No-Nuclear-Warranty BSD-4-Clause-UC BSD-Protection BSD-1-Clause BSD-Source-Code BSD-2-Clause-Patent BSD-2-Clause-NetBSD BSD-2-Clause-FreeBSD Update Release on 26-Nov-2021 has been postponed This update has been postponed to 9 Dec 2021 due to some technical issues. Changes in Update Released on 11-Nov-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-38476 Add component GenericDataExchangeFrameworkwithAJAX and ASP.NET Outlook-like Time Field to PDL library SCA-38352 Enhancement to license mapping mechanism for Nuget Collector based on License Expression provided by Nuget Rest API SCA-38223 Add missing vulnerability mappings to components like umeditor, thinkcmf, xuperchain, ok-file-formats, radare2-extras, polipo, gthumb. Changes in Update Released on 28-Oct-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-38246 Add missing versions for openssl, net-snmp and system.data.sqlite components. SCA-38221 Add missing vulnerability mappings to components like varnish_cache, elfinder.net. core, ectouch, is-email, booking_core, wolfssl. SCA-37996 Invalid license for highcharts - npmjs component. SCA-37673 Added license evidence and detection capability for licenses like Bahyph, Barr, Borceux, BSD-1-Clause, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause-Patent, BSD-Source-Code etc. SCA-37671 Added license evidence and detection capability for licenses like 0BSD, 389-exception, Abstyles, Adobe-Glyph, Afmparse, AGPL-1.0, Aladdin, AMDPLPA, AML, AMPAS etc. SCA-37461 Add missing vulnerability mappings to components like delta, xo-server, putil-merge, harmonyos, ant etc. SCA-37459 Add missing vulnerability mappings to components like yop-poll, restsharp, event_streams, sshd, talk, nextcloud_mail, nextcloud, icinga etc. SCA-37348 Github Vulnerabilities mapped to Java components.   Changes in Update Released on 18-Oct-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-38185 Fixing invalid versions of lm_sensors. SCA-38030 Update reference to component_mapping.csv to new github.com from git.palamida.com in update service. SCA-37884 Missing vulnerabilities for Valeo. SCA-37758 Adding spdx-license-identifier to the license-detection.xml and license-finder.json. SCA-37658 Update license-names in the license evidence mechanism. SCA-37447 Add missing vulnerabilty mappings to components like retty, everything, brave, node.js, total.js, total4, prismatic. SCA-37442 Add missing vulnerabilty mappings to components like halo, pfsense, exiv2, caldera, jsish, moddable, mujs. SCA-38254 Add license evidence capability for licenses like LLVM-exception,APAFML,Artistic-1.0-cl8,Artistic-1.0-Perl. Changes in Update Released on 01-Oct-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-37896 Validate and update Maven forge details in PDL library. SCA-37837 Add new component ms-intune-app-sdk-android and Microsoft Intune App Software Development Kit For iOS license. SCA-37651 Add Microsoft Windows Driver Kit For Windows 8.1 License and Updated versions for Microsoft windows driver kit. SCA-37604 Update manually maintained component versions. Please refer list below SCA-37376 Add the missing vulnerability mappings for components like cszcms, switch, fortimail, putty, emissary-ingress-emissary. SCA-29724 Enhance License detection for Nuget forge components. SCA-37544 Update versions and vulnerability mappings for oracle-jre component SCA-37449 Add CWEs to PDL library. SCA-38018 Update versions for Google Maven repository components. Updated Components List : glibmm24 libsm wpa_supplicant cairo dmidecode chrony libxrandr libice networkmanager gobject-introspection glib-networking dnsmasq mesa elfutils dbus sudo libsoup libtalloc rpm-package-manager PowerTop libldb libxft openssl pygobject3 gnutls libx11 libnl3 tzdata alsa-lib atk libxcb binutils ethtool libfontenc Changes in Update Released on 13-Sep-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-37290 Validate and update invalid versions for kong-insomnia component. SCA-36444 License Finder rules for OGC-1.0,OFL-1.1-RFN. SCA-35816 Addition of Gitlab forge to the list of forge collection. SCA-33593 Enhance license mapping capability for Nuget collector. SCA-31981 Add new non-spdx licenses like Parity Public Licence 3.0,Server Side Public License,Yoctopuce-License,Prosperity Public License,MS-ASP.NET-Web-Pages-2 License,MS-ASP.NET-WOF License to the library . SCA-37371 Mapping the missing vulnerabilty-CVE's for various components like Tinydtls, Misp, Libxml2, Vapor, Grpc_swift, Linuxptp. New Component Detection Rules liblouis Changes in Update Released on 30-Aug-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-35866 Grafana License changed from Apache License 2.0 to AGPL 3.0 from version 8.0. SCA-35970 Data - Vulnerability Dates update. "Publication Date" and 'Modified Date". SCA-36442 License-Finder.json rules for PSF-2.0,Parity-7.0.0,OGL-UK-3.0 etc. SCA-36894 License Mappings for "pylouis" component. SCA-36946 Data : Forge detail is incorrect for log4php component. SCA-37030 False Positive Vulnerabilities for "file - npmjs" component. SCA-37147 Handle URL discrepancies & case sensitive titles for FSF forge. SCA-36815 Mapping of missing CVE's for components like thinksaas, routeros, alpinelinux-aports, gu, sansanyun-mipcms, hnaoyun-pbootcms. SCA-37171 Mapping of missing CVE's for components like wp-plugins-wp-downloadmanager, benmonro-android, johnhaldeman-guarddetap, wp-plugins-cm-download-manager, just-safe-set, members, tizen, webclient, prusa3d-prusaslicer, webclient, webkitgtk. SCA-37176 Mapping of missing CVE's for components like sanos, hyper, server, storage-manager, password-manager, ninjarmm, xevo. SCA-37200 Update right URLs and title for code.google forge components. SCA-37206 Mapping Vulnerability for json-smart-v1 and json-smart-v2. SCA-35877 Updated components having URL discrepancies.   Changes in Update Released on 27-Jul-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-35948​ NPMJS: Project Discovery is not Up to date with respect to NPMJS Forge​ SCA-35924 License mapping for the Pypi component "louis" SCA-27819 Fixing nongnu.org 404 URL's SCA-36610 Minio version license mapping SCA-36607​ Grafana version license mapping SCA-36110 Update matplotlib license text SCA-36128 Manual Collector: Kernel : lvm2 versions are wrongly added SCA-35933 False Positive vulnerabilities in mariadb-java-client SCA-35908 Invalid versions for microsoft-azuredatastudio component Changes in Update Released on 24-Jun-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-34531 Update Matplotlib license text to version 3.4.1. SCA-35177 New requests. SCA-34953 Add components & license to reflib. SCA-33894 CVE-2020-11971 associated with wrong components. SCA-29232 Request to add component: logrotate. SCA-30698 License Finder Rules for Matplotlib License. SCA-35286 Unicode Terms of Use license not found in file. SCA-35680 False positive GPL license detected for LGPL license text SCA-25368 Request for identifying SPDX IDs. Changes in Update Released on 11-Jun-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-35178 Add OTN license and map missing license for oracle.manageddataaccess - NuGet Gallery component. SCA-35087 Deprecating invalid versions of Apache projects on github. SCA-35022 SPDX license collection. (Around 87 new licenses). SCA-33894 License Name and SPDX License Name should be the same. SCA-33805 Elastic Kibana: Add License Finder Rules for Elastic License 2.0 SCA-30698 License Finder Rules for Matplotlib License Changes in Update Released on 28-May-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-34581 Add component Microsoft JDBC Driver for SQL Server and licenses. SCA-34431 Deprecating invalid version vulnerability Mapping which are protected SCA-33541 Vulnerabilities for Netmask and PHP git server SCA-33251 Vulnerability Dates : Addition/correction of columns for publication date and last modified date. SCA-30785 SPDX license collection to staging db. (Not yet released). Changes in Update Released on 14-May-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-34508 PYPI URL's format are not consistent throughout in PDL_Component . SCA-34395 False positive vulnerabilities for tomcat components - False PDL Mappings in PDL_COMP_VER_VULNERABILITY SCA-34213 Deprecating the version for Apache project invalid versions-Set2 SCA-33485 The "Visual C++ Redistributable for Visual Studio" component name contains spaces making keyword search difficult SCA-32592 Deprecating the version for Apache project invalid versions. SCA-30879 Linux Kernel versions release which was obsolete by an year and a half. SCA-34289 Libstdcpp component SCA-34183 Add new licenses to license seed and schema. Changes in Update Released on 22-Apr-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-32074 License mismatch for popular components. SCA-31667 License Acronym Data Changes for auto writeup rules.. SCA-29799 Inventory created with auto-writeup rules don't create with SPDX license ID SCA-26931 Missing vulnerabilities (CPES with *) and wrong mappings for CPEs with *. New Component Requests lsof(Component ID: 27350567) ntp(Component ID: 207771) libtiff(Component ID:27350365) gtk(Component ID: 27350362) gnome-shell-extensions(Component ID: 27350363) libgpg-error(Component ID: 27350364) dracut(Component ID: 123809) openssl-fips(Component ID: 27350368) lvm2(Component ID: 27350367) kbd(Component ID: 27350366) lzo(Component ID: 63041) treeview-with-columns(Component ID: 27350359) replace-a-windows-internal-scrollbar-with-a-customdraw-scrollbar-control(Component ID: 27350360) step-by-step-calling-c-dlls-from-vc-and-vb-part-1(Component ID: 27350361) strawberry-perl - 27344198) run-postinsts - 27344199) packagegroup-core-boot - 27344200) sha-1-in-C-by-steve-reID: - 27344201) zlib - 27344202) watchdog(Component ID: 5403203) perfmon2(Component ID: 53555) ust(Component ID: 186075) newmat(Component ID: 129995) netbase(Component ID: 207639) xml-pull-parser3(Component ID: 226748) shadow-utils(Component ID: 5403445) lipro-libftdi(Component ID: 7872851) csha1(Component ID: 27341784) timezonemap(Component ID: 27344433) Changes in Update Released on 10-Apr-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-33801 License detection.xml changes for PDL-2021-04-R1 SCA-31855 AutoWriteUp rules having outdated URLs SCA-33557 Adding License - Purdue BSD-Style License SCA-32649 Wrong (and hence fix) DOC Software License name and url SCA-32983 Missing Elastic License for Elastic Kibana New Component Requests File-file (component ID: 3102572) Cquicklist (component ID: 27337962) Nfs-utils (component ID: 27336321) Eglibc (component ID: 27337963) Lcms (component ID: 7597) Ti-rtos-mcu (component ID: 27336320) High-speed-charting-control (component ID: 27330960) Progress-control-with-text (component ID: 27330961) Oscilloscope-stripchart-control (component ID: 27330962) Skinx (component ID: 27330963) Keymaps (component ID: 27333199) Getprimarymacaddress (component ID: 27333200) Sampleds (component ID: 27333201) Microsoft Windows SDK for Windows 7 and .NET Framework 4 (component ID: 27334733) Csha1-a-c-class-implementation-of-the-sha-1-hash-a (component ID: 27334779) Trafficwatcher (component ID: 27334780) Using-colors-in-cedit-and-cstatic (component ID: 27335822) Gnu-which (component ID: 705519) Eclipse-aspectj (component ID: 55748) Changes in Update Released on 25-Mar-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-32971 URL fix for DOC License SCA-32253 Map MICROSOFT SQL SERVER DATA-TIER APPLICATION FRAMEWORK to SQLpackage.commandline SCA-31926 Update the missing license mappings for components-Phase1. SCA-31800 Exception looking up rules' in FNCI Logs New Component Requests mph-2b-damase simpleping twain-developer-toolkit texas-instruments-msp-430-lib-files CppSQLite CStdioFile CTrayIcon CXml CXPGroupBox A class to combine Slider Control and Progress Bar A very simple solution for partial bitmap encryption Adobe InDesign CC SDK libcomposite pango Microsoft Windows Driver Kit - WDK Changes in Update Released between 20-Oct-2020 to 11-Mar-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-27739 False Positives when scanned Oracle OpenJDK SCA-28603 Unable to find a component that is identified as first level dependency SCA-26834 Sun (Restricted) and Sun-IP Licenses not detected SCA-29523 License discrepancy for CURL component SCA-27024 Gnutls component missing vulnerabilities, versions and wrong url SCA-30866 Hdf5 license (ID: 1224) is not correct SCA-30797 Incorrect Licensing Detection for Microsoft .Net SCA-30525 Component gpg-gnupg missing encryption flag SCA-27722 Incorrect vulnerabilities matched with component versions for Rust SCA-32271 PDL_VULNERABILITY table is empty in the latest PDL update SCA-33031 BOM: Discrepancies due to search term rule basics-vector New Component Detection Rules Setup.js MD% algorithm class library PhantomJs Cefsharp Virtual-dom v2.1.1 Named-js-regexp MarkupSafe OCHamcrest OCMockito Libsrtp Ans_up HockeySDK Aimage Ua-parser-js v0.7.10. Autofac.Wcf Vector.js Untildify v3.0.2 Post-robot v7.0.15. Axios JSONTestSuite Rpc-server.js New Features incorporated. Issue ID Issue Summary SCA-26848 CVSS 3.1 - Data Collection SCA-26808 Add Vulnerability dates to PDL tables SCA-26181 Component CPE Mapping New Component Requests released. Isc bind Canvas-toblob.js Newrelic.opentracing.amazonlambda.tracer Libepoxy Tags Json.net Jquery-menu-aim-fw Microsoft.appcenter for macos Microsoft.appcenter.analytics for macos Apache-apr Cyan4973-lz4 Gnu-screen Jamesflorentino-nanoscrollerjs Mtd-utils Npth Pam Eeepc-acpi-scripts Sharpziplib Mahapps.metro.simplechildwindow - nuget gallery Wpfnotification - nuget gallery Microsoft-windowsapicodepack-shellextensions - nuget gallery Controlzex/controlzex - github Mahapps.metro.iconpacks - nuget gallery Mvvmlight - nuget gallery Ini-parser - nuget gallery Mahapps/mahapps.metro - github Angular/angular-cli - github System.data.sqlite.core - nuget gallery System.data.sqlite.ef6.migrations - nuget gallery Microsoft asp.net mvc 4 (***deprecated***) Wxwindows library license Wxwidgets Karma-runner karma Openssh - in c Base-passwd Init-ifupdown Procps Binutils 7-zip Kmod Matplotlib Scons - a software construction tool - scons Tagish library Qos-ch-slf4j Flex - lexical scanner generator Application insights persisted http channel Cairo-pixman Flat_hash_map Fontconfig Free type Gnutls library Tianmajs/libm - github Libsoup Microsoft.applicationinsights - nuget gallery Slodge/mvvmcross - github Pdfsharp - nuget gallery Sharppdf Twain data source manager Twain sample data source and application - twain 2.0 sample data source Windows driver kit (wdk) 8.0 samples for visual studio 2012 Microsoft/windows-universal-samples - github Html agility pack Microsoft.extensions.caching.abstractions Microsoft.extensions.caching.memory Microsoft.extensions.dependencyinjection.abstractions Microsoft.extensions.options Microsoft.extensions.primitives Microsoft.netcore.platforms System.componentmodel.annotations System.runtime.compilerservices.unsafe System.security.cryptography.xml Microsoft.owin Microsoft.owin.host.systemweb Microsoft.owin.security Mimemapping Nconfiguration Nlog Nuget.commandline Nunit Restsharp Closedxml Apache cxf buildtools Apache neethi Weblinc-matchmedia Twain/twain-dsm Twain-twain-samples Windows driver kit (wdk) 8.0 samples for visual studio 2012 Changes in Update Released on 20-Oct-2020 This Update includes the changes described in the following sections. Issues Addressed in the 20-Oct-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-28504 Components information SCA-28691 NVD Feed : Upgrading NVD CVE-Feeds APIs (1.0) to NVD CVE-Feeds APIs (1.1) SCA-27621 Difference in vulnerability information for 'expat' and 'libexpat-libexpat' component SCA-28970 NVD-Feed Fix and client release to Codeaware SCA-17974 Duplicate Inventory found for "gettext" and for the duplicate inventory as found license text is wrong SCA-28740 With fresh scan, name of inventory item zlib is changed to madler-zlib in codeinsight 2020R4. SCA-27773 Search terms need to be improved for few components SCA-28288 False Positives for zlib and libjpeg SCA-28508 Components information SCA-22072 Stunnel support in DL SCA-27119 Missing versions SCA-29156 Pycryptodomex missing encryption flag New Component Detection Rules in the 20-Oct-2020 Release This Update introduces new Automated Analysis rules for the following components: Retry.js Jquery-mobile for react Expat (version released 2.2.6) Novell.Directory.ldap Spawn.js Jquery-vsdoc.js CodeMirror NUnit.Framework.dll Rsvp.js Twbs-bootstrap and Mathiasbynens-jquery-placeholder Libwebsockets Globalize 1.1.1 CPU Topology JSON v3.3.0 Pyomo v5.0.1 CPU Topology 1.2.8 Class library Text-markdown Json v2.1.1 V8 Libuv Changes in Update Released on 11-Sep-2020 This Update includes the changes described in the following sections. Issues Addressed in the 11-Sep-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-27585 Add component " History-event"(JQuery.history.js) SCA-27738 URL not working for freetype (Id: 1149) component New Component Detection Rules in the 11-Sep-2020 Release This Update introduces new Automated Analysis rules for the following components: 7za.exe Jazzy D3.js JSQR Doube-conversion HistoryEvent Bind Punycode.js Gaearon-Redux Changes in Update Released on 28-Aug-2020 This Update includes the changes described in the following sections. Issues Addressed in the 28-Aug-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-27456 Missing OSS component-udev SCA-27203 Missing components – bind and jsqr New Component Detection Rules in the 28-Aug-2020 Release This Update introduces new Automated Analysis rules for the following components: Whiskas.py ProtectedData Dmidecode Libsmbios Changes in Update Released on 14-Aug-2020 This Update includes the changes described in the following sections. Issues Addressed in the 14-Aug-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-27191 Add tungsten fabric components to Data Library SCA-27024 Gnutls component missing vulnerabilities, versions and wrong url. SCA-27084 Libtiff license url needs to be updated New Component Detection Rules in the 14-Aug-2020 Release This Update introduces new Automated Analysis rules for the following components: SWIG v3.0.2 VC Redistributable Apple Installer Plugin Appcenter-sdk-apple-3.0.0.tar.gz Code Project - WSE 3 Deployment: MSI and ClickOnce Wdksetup.exe MobileNumericUpDown Apple/cups Mhook GridAnimationDemo Changes in Update Released on 03-Aug-2020 This Update includes the changes described in the following sections. Issues Addressed in the 03-Aug-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-26931 Missing vulnerabilities. SCA-26666   Missing Vulnerabilities for Apache Thrift 0.7.0 New Component Detection Rules in the 03-Aug-2020 Release This Update introduces new Automated Analysis rules for the following components: JQuery Mobile JortSort CLR Security Class library BrockAllenCookieBasedTempdata.dll StackExchange.Redis Readline.js Changes in Update Released on 17-Jul-2020 This Update includes the changes described in the following sections. Issues Addressed in the 17-Jul-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-25108 Detection of xmlbeans 2.6.0 occurs twice SCA-25905 Component system.diagnostics.diagnosticsource has had its license changed for version 4.4 and later SCA-25907 New components added SCA-26134 The component "app.min.js" is incorrectly mapped to the component "App( 62839)"   New Component Detection Rules in the 17-Jul-2020 Release This Update introduces new Automated Analysis rules for the following components: Console.js LowPriorityWarning.js Nameddefine.js Prettier.js SQLite DLL Pacman Unicode D3 DES algorithm 5.09 Class library JCanvas Libxslt Node-tmp Libxml2 Changes in Update Released on 30-Jun-2020 This Update includes the changes described in the following sections. Issues Addressed in the 30-Jun-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-25608 component "jodaorg-joda-time" has invalid license in list SCA-25587 Review licenses for timescale DB GitHub components SCA-23003 Collectors for bouncycastle,curl,gnu,haproxy,jquery,kernel,libarchive,libssh, openbsd,openflow,openssl.   New Component Detection Rules in the 30-Jun-2020 Release This Update introduces new Automated Analysis rules for the following components: Node-Semver Speex Node-Static node-tree-kill node-winreg node-xml2js Changes in Update Released on 15-Jun-2020 This Update includes the changes described in the following sections. Issues Addressed in the 15-Jun-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-24724 Haproxy component missing 2.0.x versions SCA-25348 Add missing vulnerabilities to u-boot component SCA-25416 Errors in Oracle db during PDL Update SCA-24986 UltrVNC - Missing latest versions and some versions are invalid SCA-20156 Update component 302760 to important = true SCA-22232 Missing component versions SCA-24984 Component versions out of date   New Component Detection Rules in the 15-Jun-2020 Release This Update introduces new Automated Analysis rules for the following components: Cross-BrowserSplit. Chromium-Breakpad. Request.js Sauce.js IsEventSupported.js Pubsuffix.js Node-ssl-root-cas(test-tunnel.js) Changes in Update Released on 01-Jun-2020 This Update includes the changes described in the following sections. Issues Addressed in the 01-Jun-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-24867 [Juniper Networks, Inc.] gnu-gcc component is showing invalid versions SCA-25010 AMD: CodeAware Improper Identification of License for JQUERY Component.   New Component Detection Rules in the 01-Jun-2020 Release This Update introduces new Automated Analysis rules for the following components: Connect-nocache. typescript.js aphrodite.js Newtonsoft.Json.dll tipsy v1.0.0a(jquery.tipsy.js,tipsy.css). prism.js systemjs Microsoft Ajax Minifier Changes in Update Released on 18-May-2020 This Update includes the changes described in the following sections. Issues Addressed in the 18-May-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-23316 OGIS: License detection is different in CodeAware and Auto-Analysis SCA-22382 OGIS: Request to Add New Components and Versions SCA-24622 Harmonic: stuk-jszip has MIT/GPL Dual License but "Possible Licenses" only show GPL SCA-24711 Citrix: False positives CVEs   New Component Detection Rules in the 18-May-2020 Release This Update introduces new Automated Analysis rules for the following components: bootstrap-select.js bootstrap-toggle.min.js React-pull-to-referesh rx.all.js narwhal.js bootstrap-checkbox v1.4.0 IKVM.NET(IKVM.Reflection.dll). Changes in Update Released on 04-May-2020 This Update includes the changes described in the following sections. Issues Addressed in the 04-May-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-22381 Component 'ring' from crates.io forge missing license and encryption flag SCA-22542 Encryption flag not set for 'rust-openssl' component SCA-24708 Incorrect discovery of 'Primefaces-PrimeNG' component   New Component Detection Rules in the 04-May-2020 Release This Update introduces new Automated Analysis rules for the following components: jquery.scrollTo-min.js, MatrixMath.js, jQuery.tmpl.js, lws-common.js React Router jsDump Reflect-Metadata NDesk.Options(.dll) MSBuild Community Tasks(.dll) Changes in Update Released on 17-Apr-2020 This Update includes the changes described in the following sections. Issues Addressed in the 17-Apr-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-23823 Few vulnerabilities not reported SCA-24365 Invalid URL for 'lyceum' component SCA-20305 Component 'apache-cordova-plugin-inappbrowser' has incorrect versions SCA-18198 Incorrect vulnerability mapping for 'Docker' component SCA-23837 Added rdklib (pypi) to the library   New Component Detection Rules in the 17-Apr-2020 Release This Update introduces new Automated Analysis rules for the following components: webperftest jquery.color.js knockout Irrlicht(.dll file) jQuery(build_markdown.js) React Developer Tools(getReactData.js) moment.js,regex.js, moment-with-locales.js Changes in Update Released on 3-Apr-2020 This Update includes the changes described in the following sections. Issues Addressed in the 3-Apr-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-22116 Invalid version specified for 'tpm2-tss-engine' SCA-23712 Added 'SunPro' license to the library SCA-22982 Incorrect URLs for few Ibiblio Maven2 components SCA-20314 Licenses are not mapped for latest versions of 'pygresql' component (22014048) SCA-21928 Component 'pycountry-convert' needs to be updated with latest details SCA-19891 Invalid versions associated to the component 'c-ares' SCA-15411 Incorrect details for component 'systemd-systemd'   New Component Detection Rules in the 13-Mar-2020 Release This Update introduces new Automated Analysis rules for the following components: vector.js webcomponent.js globalize.js OCMock Bezier-Easing Punycode(.js File) Sphinx StructureMap cors jQuery validation plug-in v1.6 jQuery Easing v1.3    

Introduction Here I will be covering a use case which will help to get a better understanding on GROUPCASEINSENSITIVE attribute that is set in the Options File . Feature  Sets case sensitivity for user lists. GROUPCASEINSENSITIVE OFF|ON If set to ON, user names specified with the GROUP keyword are treated as case-insensitive. By default, GROUPCASEINSENSITIVE is OFF, and user names are treated as case-sensitive. Use Case  1. There are 2 users (usera and USERA) , GROUPCASEINSENSITIVE is set to ON and DUP_GROUP is set to U , what will be the behavior of GROUPCASEINSENSITIVE with DUP_GROUP Enabled ? Results: The usernames usera and USERA will be treated the same in the options file (as to what permissions are set), but as different usernames by the license server for license checkouts (when  the DUP_GROUP is set to U so that it only checks the username).    More Information By default DUP_GROUP is case sensitive and is not controlled by GROUPCASEINSENSITIVE ON .

Title: Reidentifying members in LLM for existing multiple Member IDs Introduction: Reidentifying members gives the below error (LLM): Cannot add Member ID <> to Member with Email address <> since this member already has a Member ID. The issue is with the existing multiple Member IDs. Solution: 1. You need to delete one or both before you can add/update with the new ID. 2. To delete, go to the Reidentify page, select one of the IDs in the dropdown, leave the new Member ID field blank and hit submit. 3. You should now only have 1 Member ID. 4. The normal reidentifying process should normally work now. 5. If not, also delete the second old ID and then go back and add the new one. Outcome: Only one Member ID is present for the member.

Purpose This article describes the "best practice" for preventing the rejection of emails that are sent by FlexNet Operations on behalf of an email server belonging to a FlexNet Operations tenant. Without proper authorization by the tenant's domain, these emails can be considered as a form of "spoofing" and are subsequently blocked by the recipient. This best practice is applicable to only FlexNet Operations deployments in the Revenera-hosted Data Center. FlexNet Operations deployments in Amazon Web Services (AWS) use an internal AWS facility to prevent such emails from being blocked, as described in the user documentation: https://docs.revenera.com/fno_CURRENT/producer/Content/helplibrary/opsVerifyingEmailAddressesandDomainsAWSOnly.htm#fno_admin_admintasks_3708619498_2479080 Audience The audience for this article is a Producer acting on behalf a FlexNet Operations tenant. The use of “you” and “your” refer to the Producer and tenant interchangeably. Need to Know The Producer Portal enables you to configure and manage email messages that are sent to end users to notify them about new entitlements and other events. These email messages can be generated automatically based on certain event triggers or generated manually as needed. By default, the emails are sent directly from the FlexNet Operations email server, with the sender identified as belonging to the flexnetoperations.com domain and having an email alias specific to your organization (for example, abc@flexnetoperations.com). The following shows an excerpt from an example email template in FlexNet Operations ALM:   However, you might prefer that FlexNet Operations send these emails of behalf of your (that is, the tenant’s) own email server. If you attempt to simply update the email template to specify your email server address as the sender (the From value), the resulting emails can be blocked by the recipient because the From address appears to be masking the originating sender—in this case, FlexNet Operations. To avoid rejected emails, the domain to which your email server belongs must recognize the domain of the FlexNet Operations email server as authorized to send mail on your behalf. The next sections describe how to authorize and configure FlexNet Operations so that it can successfully send emails on behalf of your email server: Authorizing FlexNet Operations to Send Email on Behalf of the Your Email Server Configuring Email Template Authorizing FlexNet Operations to Send Email on Behalf of the Your Email Server To authorize FlexNet Operations to send email on behalf of your email server, you must set up an SPF (Send Policy Framework) record. About the SPF Record The SPF record is a public record that anyone can access. It lists the authorized IP address of each email server belonging to your domain. It also identifies the domain of the FlexNet Operations email server so that it can send email as a third party on behalf of the listed IP addresses. Once the SPF record is created, it published as a DNS record in the DNS registry. Then, whenever FlexNet Operations sends an email on your behalf, SPF authenticates the IP address of the "sending" email server (belonging to you) to an authorized IP address in your DNS record. SPF also verifies the originating sender's domain (that is, flexnetoperations.com) against the DNS record to verify that FlexNet Operations is indeed authorized as third-party email sender on your behalf. Once all checks clear, the email can reach the recipient. Setting Up the SPF Record The following procedure describes how to set up the necessary SPF record. The record authorizes the FlexNet Operations email server to be a third-party server that can send emails on the behalf the email servers in your domain.  To set up the SPF record: Obtain the IP address for each email server on whose behalf FlexNet Operations will send emails to your end users. These email servers must belong to the same domain. Contact your IT department to set up an SPF record for your domain. Once the contents are created (see the next steps), the IT department will publish the record to the DNS registry. To create the file contents, enter the v=spf1 tag followed by the IP address for an email server: v=spf1 ip4:1.2.3.4 To list more than one email server belonging to the same domain, leave a space between each address: v=spf1 ip4:1.2.3.4 ip4:5.6.7.8 Add an include statement (in the format include:<domain>) to identify the FlexNet Operations domain. This statement identifies the FlexNet Operations email server as a third party that can send emails on behalf of any of the listed IP addresses. v=spf1 ip4:1.2.3.4 include:flexnetoperations.com End the record with an - all tag: v=spf1 ip4:1.2.3.4 include:flexnetoperations.com -all SPF records cannot be over 255 characters in length (and cannot have more than ten include statements). Configuring the Email Template As a final step in configuring FlexNet Operations to send emails on your behalf, you must configure the email template to specify your email address. NOTE: The following section describes the process of updating an email template in FlexNet Operations ALM. For LLM producers, contact Revenera Support to assist you with this process. To configure the email template with your email address: In the Producer Portal, click Administer and then select Templates in the Email section to open the list of available email templates. Click the link for the email template that will be used to generate the email sent to the end user. The View Email Template page is displayed showing details for the selected template. Select Edit > Edit Definition to open the Edit Email Template Definition page. In the From field, enter your email address (ensuring the email server used by this address is identified by an IP address in the SPF file). (Optional) In the Reply To field, enter the same email address provided in the previous step (or an email address belonging to the same domain). Save the edits. Now when an email generated from this template is sent by FlexNet Operations on behalf your email server, the email will successfully reach the recipient. The recipient will see the sender address as your email address.

Purpose As part of implementation planning, FlexNet Operations tenants who will host FlexNet Embedded CLS instances on the Revenera Cloud need to be aware that a pre-defined threshold for concurrent connections to CLS instances is enforced per tenant. This same threshold applies to every tenant. If the threshold is too restrictive for  those tenants who deal with large numbers of CLS connections, Revenera provides some best practices to help these tenants still successfully operate. Need to Know The following information defines the term "connection" and identifies the current threshold value for connections to CLS instances.   Definition of "connection" A connection is defined as a single request-response exchange of data between a FlexNet Embedded client (belonging to a licensed customer of the tenant) and the CLS instance set up for that customer. As an example, suppose the client instance performs the following: Previews the features currently available to the client. Obtains the available features from the CLS through a capability request. Views a list of all the features currently installed on the client instance. Each task in the above list represents a single connection, involving a request sent to the CLS from a client and a response sent from the CLS back to the client. Thresholds Enforced for Concurrent Connections A given FlexNet Operations tenant can have one or more CLS instances per customer. Historically, the customer implementations for any tenant can experience surges of connection activity that result in feature contention on the License Server database in the Revenera Cloud. Unfortunately, these surges can impact other tenants.  To help avoid the potential for contention among the CLS instances across tenants, Revenera has applied a mod_qos control at the Web Server level on the Revenera Cloud. This control—enforced for very tenant—allows a maximum number of 60 concurrent connections across all CLS instances for a given tenant.  (For more information about mod_qos controls, see https://en.wikipedia.org/wiki/Mod_qos.) Whenever the total number of concurrent connections for a tenant surpasses this threshold, subsequent requests are immediately dropped until more connections open up. Note that CapRequest, the most-used license server call, has an average response time of only 57 milliseconds. If a single connection can respond in 57 milliseconds, then new connections can be added fairly rapidly as others end. From another perspective, if a tenant reaches the 60-connection threshold, a new connection can be added in 57 milliseconds or less.  Best Practices for Working Within the Threshold The following are best practices that a tenant or SRE can put in place for the tenant's customers should the maximum number of 60 concurrent connections at any given time be too restrictive: Limit the rate at which checkouts arrive at the CLS. For example, you could impose a longer checkout period—or have FlexNet Embedded clients borrow licenses—rather than use a rapid checkout-checkin cycle Allow retries whenever a request fails, especially if a site is making a series of requests within one flow. Without retries, if one request fails, the entire flow must be repeated. However, if retries are allowed, the remaining successful requests in the flow can proceed without having to be repeated.  If retries of failed requests are permitted, pause before retrying to send a request. (Perhaps apply a back-off policy to increase the pause between retries of a request.)

Summary The error Version of vendor daemon is too old. (-83,21049:104 "Connection reset by peer") is seen after upgrading the Flex Enabled Client. Symptoms Errors similar to: 9:35:08 (flexera) Request denied: Client (11.14) newer than Vendor Daemon (11.13). (Version of vendor daemon is too old. (-83,21049:104 "Connection reset by peer")) are seen after upgrading the FlexNet Publisher version of the client application. Cause The version compatibility rules regarding FlexNet Publisher elements are defined in the Version Compatibility Between Components section of the FlexNet Publisher License Administration Guide. Version Compatibility Between Components In general, always use the latest version of lmadmin, lmgrd, lmutil, and lmtools, all of which are available from Revenera, to exploit the enhancements available in the most recent versions of FlexNet Licensing. However, some enhancements require a vendor daemon built with a newer version of FlexNet Publisher, and yet others require a FlexEnabled application built with a newer version of FlexNet Publisher. Contact your software publisher for the latest version of their vendor daemon. The rules about FlexNet Licensing component version compatibility are summarized as: Version of lmutil/lmtools must be >= Version of lmadmin (or lmgrd), which must be >= Note: lmadmin can only be used with components with a version of 9.2 or later. Version of vendor daemon, which must be >= Version of the client library linked to the FlexEnabled application, which must be >= Activation utility, which must be >= Version of license file format Except for the license file, use lmver to discover the version of all these components. For the vendor daemon, lmgrd, and lmutil, you can also use the -v argument to print the version. The 'error' message reported was introduced in version 11.12.1.2 when FlexNet Publisher was upgraded to enforce this rule. This is an extract from the release notes: Version Compatibility The FlexNet Publisher support statement is: version (vendor daemon) >= version (client) . Previously, the license server did not verify the version of FlexNet Publisher client during checkout process, when the client version was greater than the server version. This could result in misleading errors, making it difficult to determine that the root cause was that the vendor daemon had not been upgraded. Now, when a checkout request is sent by a client that has FlexNet Publisher version greater than vendor daemon then error -83 (LM_SERVOLDVER) will be returned. Resolution Upgrade the license server elements to at least the same version as the client application

Summary A vulnerability identified as CVE-2021-44228 and CVE-2021-45105 has been reported in the Apache Log4j library. This vulnerability may allow for remote code execution in susceptible products. Problem Description Upon analysis, CVE-2021-44228 and CVE-2021-45105 has been determined to impact the optional part of alerter module under examples with the (FlexNet Publisher 64-bit License Server Manager) lmadmin. Resolution IMPORTANT: FNP is not vulnerable to log4j vulnerability. It is just used in the example. Customers can also modify on their own. Log4j version has been upgraded to 2.17.0 and an updated version of FNP 11.18.3.1 is now available in the Product and License Center. Workaround For older versions of FNP other than 11.18.3.1, you can follow the below workaround. Download the latest version of log Log4j like 2.15 or 2.16 or 2.17, and then replace each of the files in this path with its corresponding updated file: C:\Program Files\FlexNet Publisher 64-bit License Server Manager\examples\alerter\lib Replace these files: log4j-1.2-api-2.13.3.jar log4j-api-2.13.3.jar log4j-core-2.13.3.jar With these files: log4j-1.2-api-2.16.0.jar log4j-api-2.16.0.jar log4j-core-2.16.0.jar or  log4j-1.2-api-2.17.0.jar log4j-api-2.17.0.jar log4j-core-2.17.0.jar

The SSL (Secure Sockets Layer) certificate for FlexNet Operations Cloud is updated annually. Additionally, the intermediate certificate is updated about every 10 years, and the root certificate is updated about every 20 years. FlexNet Embedded Cloud License Service (CLS) instances rely on the intermediate and root certificate chain to communicate with FlexNet Operations Cloud. In early 2023, FlexNet Operations will update its SSL certificate, and this update will include a new intermediate certificate. Best Practice The FlexNet Operations back office handles any task required to ensure that your CLS instance runs seamlessly once an old certificate expires and the new one officially goes into effect. However, as a best practice, ensure that you periodically ask your producer about the schedule of upcoming certificate upgrades and expirations so that you are aware of the timeframe for testing out a new certificate. Should you run into issues with the certificate during the test phase, these can be reported and resolved before the certificate goes officially goes into effect.  What Not To Do Because the FlexNet Operations Cloud SSL certificate is updated annually and intermediate and root certificate updates occur periodically, do not hardcode the hash of this certificate in your client code. With each certificate update, the hash value changes. If you have hard-coded the certificate hash in your client application, a change in the certificate can either result in a communication break between your CLS instance and its clients or involve an ongoing effort to keep the hash current in the client code.  

This article lists the current year's past releases for FlexNet Operations Cloud. For upcoming releases, please see the Software Monetization Release Schedule. (NOTE: This requires you to log into the community as a Revenera customer. ) 2023 Releases -  FlexNet Operations Cloud ALM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2023.02   Monday, Jan 30, 2023 Monday, Feb 13, 2023   2023.02 (CLS)   Tuesday, Jan 31, 2023 Monday, Feb 13, 2023   2023.01 Tuesday, Jan 17, 2023 Data Center: Wednesday, Jan 4, 2023 AWS EMEA/NAM: Thursday, Jan 5, 2023 Data Center: Wednesday, Jan 18, 2023 AWS EMEA/NAM: Thursday, Jan 19, 2023   2023.01 (CLS)   Thursday, Jan 5, 2023 Data Center: Thursday, Jan 19, 2023 AWS EMEA/NAM: Friday, Jan 20, 2023     FlexNet Operations Cloud LLM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2023.02   Monday, Jan 30, 2023 Monday, Feb 13, 2023   2023.02 (CLS)   Tuesday, Jan 31, 2023 Monday, Feb 13, 2023   2023.01 Tuesday, Jan 17, 2023 Wednesday, Jan 4, 2023 Wednesday, Jan 18, 2023   2023.01 (CLS)   Thursday, Jan 5 2023 Thursday, Jan 19, 2023    *May include system changes only and no release changes. Please see FlexNet Operations News for confirmation.   2022 Releases -  FlexNet Operations Cloud ALM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2022.12 Wednesday, Nov 30, 2022 Thursday, Dec 1, 2022 Thursday, Dec 15, 2022   2022.12 (CLS)   Friday, Dec 2, 2022 Thursday, Dec 15, 2022   2022.11   Wednesday, Nov 2, 2022 Thursday, Nov 17, 2022   2022.10 Monday, Nov 7, 2022 Thursday, Sep 29, 2022 Thursday, Oct 13, 2022   2022.09   Tuesday, Aug 30, 2022 Tuesday, Sep 13, 2022   2022.08   Thursday, Jul 28, 2022 Thursday, Aug 11, 2022   2022.07   Tuesday, Jun 28, 2022 Tuesday, Jul 12, 2022   2022.07 (CLS only)   Tuesday, Jun 28, 2022 Monday, Jul 4, 2022   2022.06   Thursday, May 26, 2022 Thursday, Jun 9, 2022   2022.05 Monday, May 2, 2022 Wednesday, May 4, 2022 No production release   2022.04   Thursday, Mar 31, 2022 Thursday, Apr 14, 2022   2022.03 (CLS)   Friday, Feb 18, 2022 Thursday, Feb 24, 2022 No 2022.03   Wednesday, Mar 2, 2022 Tuesday, Mar 15, 2022 No 2022.02 Tuesday, Jan 25, 2022 Thursday, Jan 27, 2022 Saturday, Feb 12, 2022 Yes 2022.01   Tuesday, Dec 21, 2021 Tuesday, Jan 11, 2022 No   FlexNet Operations Cloud LLM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2022.12 Wednesday, Nov 30, 2022 Thursday, Dec 1, 2022 Thursday, Dec 15, 2022   2022.12 (CLS)   Friday, Dec 2, 2022 Thursday, Dec 15, 2022   2022.11   Wednesday, Nov 2, 2022 Thursday, Nov 17, 2022   2022.10 Monday, Nov 7, 2022 Thursday, Sep 29, 2022 Thursday, Oct 13, 2022   2022.09   Tuesday, Aug 30, 2022 Tuesday, Sep 13, 2022   2022.08   Thursday, Jul 28, 2022 Thursday, Aug 11, 2022   2022.07   Tuesday, Jun 28, 2022 Tuesday, Jul 12, 2022   2022.06   Thursday, May 26, 2022 Thursday, Jun 9, 2022   2022.05 Monday, May 2, 2022 Wednesday, May 4, 2022 No production release   2022.04   Thursday, Mar 31, 2022 Thursday, Apr 14, 2022   2022.03 (CLS)   Friday, Feb 18, 2022 Thursday, Feb 24, 2022 No 2022.03   Wednesday, Mar 2, 2022 Tuesday, Mar 15, 2022 No 2022.02 Tuesday, Jan 25, 2022 Thursday, Jan 27, 2022 Saturday, Feb 12, 2022 Yes 2022.01   Tuesday, Dec 21, 2021 Tuesday, Jan 11, 2022 No *May include system changes only and no release changes. Please see FlexNet Operations News for confirmation.   2021 Releases -  FlexNet Operations Cloud ALM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2021.12   Friday, Dec 3, 2021 Thursday, Dec 16, 2021 No 2021.12 (CLS)   Friday, Dec 3, 2021 Thursday, Dec 9, 2021 No 2021.11 Monday, Nov 1, 2021 Tuesday, Nov 2, 2021 Tuesday, Nov 16, 2021 No 2021.11 (CLS)   Thursday, Nov 4, 2021 Tuesday, Nov 16, 2021 No 2021.10   Thursday, Sep 30, 2021 Wednesday, Oct 13, 2021 No 2021.10 (CLS)   Thursday, Oct 7, 2021 Saturday, Oct 23, 2021 Yes 2021.09 Monday, Aug 30, 2021 Tuesday, Aug 31, 2021 Tuesday, Sep 14, 2021 No 2021.08   Thursday, Jul 29, 2021 Thursday, Aug 12, 2021 No 2021.07   Tuesday, Jun 29, 2021 Thursday, Jul 15, 2021 No 2021.06   Thursday, Jun 3, 2021 Thursday, Jun 17, 2021 No 2021.06 (CLS)   Friday, Jun 11, 2021 Tuesday, Jun 22, 2021 No 2021.05 Tuesday, Apr 20, 2021 - Wednesday, Apr 21, 2021 Thursday, Apr 22, 2021 Saturday, May 15, 2021 Yes 2021.05 (CLS)   Thursday, Apr 22, 2021 Tuesday, May 11, 2021 No 2021.04   Wednesday, Apr 7, 2021 Tuesday, Apr 13, 2021 No 2021.03   Tuesday, Mar 2, 2021 Tuesday, Mar 16, 2021 No 2021.02 Wednesday, Jan 27, 2021 Thursday, Jan 28, 2021 Thursday, Feb 11, 2021 No 2021.01   Thursday, Dec 17, 2020 Tuesday, Jan 12, 2021 No 2021.01 (CLS)   Thursday, Dec 17, 2020 Saturday, Jan 16, 2021 Yes   FlexNet Operations Cloud LLM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2021.12   Friday, Dec 3, 2021 Thursday, Dec 16, 2021 No 2021.12 (CLS)   Friday, Dec 3, 2021 Thursday, Dec 9, 2021 No 2021.11 Monday, Nov 1, 2021 Tuesday, Nov 2, 2021 Tuesday, Nov 16, 2021 No 2021.11 (CLS)   Thursday, Nov 4, 2021 Tuesday, Nov 16, 2021 No 2021.10   Thursday, Sep 30, 2021 Wednesday, Oct 13, 2021 No 2021.10 (CLS)   Thursday, Oct 7, 2021 Saturday, Oct 23, 2021 Yes 2021.09* Monday, Aug 30, 2021 Tuesday, Aug 31, 2021 Tuesday, Sep 14, 2021 No 2021.08   Thursday, Jul 29, 2021 Thursday, Aug 12, 2021 No 2021.07 (CLS only)   Tuesday, Jun 29, 2021 Thursday, Jul 15, 2021 No 2021.06   Thursday, Jun 3, 2021 Thursday, Jun 17, 2021 No 2021.06 (CLS)   Friday, Jun 11, 2021 Tuesday, Jun 22, 2021 No 2021.05 Tuesday, Apr 20, 2021 - Wednesday, Apr 21, 2021 Thursday, Apr 22, 2021 Saturday, May 15, 2021 Yes 2021.05 (CLS)   Thursday, Apr 22, 2021 Tuesday, May 11, 2021 No 2021.04   Wednesday, Apr 7, 2021 Tuesday, Apr 13, 2021 No 2021.03   Tuesday, Mar 2, 2021 Tuesday, Mar 16, 2021 No 2021.02 Wednesday, Jan 27, 2021 Thursday, Jan 28, 2021 Thursday, Feb 11, 2021 No 2021.01   Thursday, Dec 17, 2020 Tuesday, Jan 12, 2021 No 2021.01 (CLS)   Thursday, Dec 17, 2020 Saturday, Jan 16, 2021 Yes *May include system changes only and no release changes. Please see FlexNet Operations News for confirmation. 2020 Releases -  FlexNet Operations Cloud ALM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2020 R1 Wednesday, Jan 8, 2020 Thursday, Jan 9, 2020 Thursday, Feb 6, 2020 No 2020 R1 SP1   Monday, Feb 24, 2020 Monday, Mar 09, 2020 No 2020 R1 SP2   Thursday, Mar 26, 2020 Thursday, Apr 09, 2020 No 2020 R2 Wednesday, Apr 13, 2020 Tuesday, Apr 14, 2020 Wednesday, May 20, 2020 No 2020 R2 SP1   Thursday, Jun 4, 2020 Thursday, Jul 2, 2020 No 2020 R3 Friday, Jul 10, 2020 PCS: Wednesday, Jul 15, 2020 UAT: Monday, Jul 27, 2020 Thursday, Aug 13, 2020 No 2020 R3 (CLS)     Saturday, Aug 15, 2020 Yes 2020 R3 SP1   Thursday, Sep 3, 2020 Tuesday, Sep 22, 2020 No 2020 R3 SP1 Hotfix (CLS)   Thursday, Sep 17, 2020 Thursday, Oct 1, 2020 No 2020 R3 SP2   Wednesday, Sep 30, 2020 Wednesday, Oct 14, 2020 No 2020 R3 SP2 (CLS)   Wednesday, Sep 30, 2020 Wednesday, Nov 4, 2020 No 2020 R3 SP3 Friday, Oct 30, 2020 - Monday, Nov 2, 2020 Tuesday, Nov 3, 2020 Thursday, Dec 3, 2020 No 2020 R3 SP3 (CLS only)   Monday, Nov 23, 2020 Thursday, Dec 3, 2020 No   FlexNet Operations Cloud LLM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2020 R1 Wednesday, Jan 8, 2020 Thursday, Jan 9, 2020 Thursday, Feb 6, 2020 No 2020 R1 SP1   Monday, Feb 24, 2020 Monday, Mar 09, 2020 No 2020 R1 SP2   Thursday, Mar 26, 2020 Thursday, Apr 09, 2020 No 2020 R2 Wednesday, Apr 13, 2020 Tuesday, Apr 14, 2020 Wednesday, May 20, 2020 No 2020 R2 SP1   Thursday, Jun 4, 2020 Thursday, Jun 18, 2020 No 2020 R3 Friday, Jul 10, 2020 PCS: Wednesday, Jul 15, 2020 UAT: Monday, Jul 27, 2020 Thursday, Aug 13, 2020 No 2020 R3 (CLS)     Saturday, Aug 15, 2020 Yes 2020 R3 SP1   Thursday, Sep 3, 2020 Tuesday, Sep 22, 2020 No 2020 R3 SP1 Hotfix (CLS)   Thursday, Sep 17, 2020 Thursday, Oct 1, 2020 No 2020 R3 SP2   Wednesday, Sep 30, 2020 Wednesday, Oct 14, 2020 No 2020 R3 SP2 (CLS)   Wednesday, Sep 30, 2020 Wednesday, Nov 4, 2020 No 2020 R3 SP3 Friday, Oct 30, 2020 - Monday, Nov 2, 2020 Tuesday, Nov 3, 2020 Thursday, Dec 3, 2020 No 2020 R3 SP3 (CLS only)   Monday, Nov 23, 2020 Thursday, Dec 3, 2020 No  

This article documents the FlexNet Embedded release highlights introduced each year, starting from 2020 R3 (2020.07) to present: 2023.03: CLS + LLS Cloud Licensing Service + Local License Server License server administrators can now use regular expressions when creating rules of access for license pools (previously referred to as “partitions”). Resolved time zone conversion issue for /features endpoint Posting model definition using flexnetlsadmin no longer fails Local License Server The performance of the local license server has been increased, which results in faster processing of capability requests. 2023.02: CLS + LLS Licensing Server The open source component Spring Boot has been updated to version 2.7.7.  The LatencyUtils package has been removed from the Micrometer component. Sending a capability request after mapping add-ons or features no longer results in a 503 error. 2023.01: CLS + LLS Licensing Server The response to the /access_request and /signed_access_request endpoints of the Cloud Monetization API (CMAPI) now includes the value of the Notice field.  In the license server REST API, a new query parameter includeUsageExpiry can return the date and time when a feature expires on the client.  The naming pattern for the access log file has changed. Using the max keyword in a partition which contains features of the same name but of different versions no longer results in unpredictable behavior. 2022.12: CLS + LLS Licensing Server If several features are available for checkout that only differ in their expiry date, the license server now serves the feature with the shortest expiry which also satisfies the borrow period. The install-systemd.sh install script can now be used to install a server certificate. The License Server Producer Guide includes a new appendix “Workflow Example for Producer-Defined Binding”, with step-by-step instructions to help producers set up binding on a local license server. Updated open-source components: commons-text Jackson databind logback Spring Boot Updated Swagger documentation 2022.11: CLS + LLS Licensing Server New keyword for feature partitions: Producers and license administrators can use the max keyword to limit the number of feature counts that a single user or device can consume. The API documentation for the local license server is now generated using SpringDoc (OpenAPI 3). 2022.10: CLS + LLS Licensing Server Calling the /partitions endpoint using GET now also returns partitions that contain no feature counts. A new property server.hostType.order enables producers to specify the order in which the local license server picks the hostid type. Client information returned by the flexnetlsadmin command -licenses -verbose is no longer truncated. 2022.09: CLS + LLS Licensing Server Preview requests no longer include orphans Resolved an issue where unsynced usages were deleted during synchronization LLS Linux install now honors an externally-specified JAVA_HOME or JRE_HOME variable Self-contained server is no longer supported and will no longer be shipped with the license server 2022.08: CLS + LLS Licensing Server The Cloud Monetization API (CMAPI) responses for the /access_request and /signed_access_request endpoints can now include the renewInterval field. Updated open-source component Spring Boot A new -restore-service-database command restores trusted storage at the service mode installation location (Linux). Resolved an issue with incorrect feature counts which could occur after a license server update. 2022.07: CLS + LLS Licensing Server Model definitions can now include partitions that have a feature count of 0. This enables producers to upload a model definition that functions as a template, which can be updated with feature counts at a later date. A new -restore-service-database command restores trusted storage at the service mode installation location (Windows only). 2022.06: CLS + LLS Cloud Licensing Service Cloud Monetization API enhancement: Capability requests sent to the /access_request or /signed_access_request endpoint support passing multiple values per key. This enables producers who use feature partitions to allocate licenses to users who belong to multiple groups. Updated open-source components Spring Boot and Liquibase Resolved issue with flexnetlsadmin’s -licenses command Resolved issue with /clients REST endpoint, which now correctly returns all current clients after synchronizing licensing information with the back office Local License Server Updated open-source components Liquibase and jackson-databind 2022.05: LLS Licensing Server Cloud Monetization API enhancement: Capability requests sent to the /access_request or /signed_access_request endpoint support passing multiple values per key. This enables producers who use feature partitions to allocate licenses to users who belong to multiple groups. Updated open-source component Spring Boot Resolved issue with flexnetlsadmin’s -licenses command Resolved issue with /clients REST endpoint, which now correctly returns all current clients after synchronizing licensing information with the back office 2022.04: CLS + LLS Licensing Server Support for Windows 11 2022.03: CLS + LLS Licensing Server Resolved an issue with preview requests using the RequestAll flag. The issue occurred when the license server was provisioned with multiple line items that had different expiry dates, where one of the line items had expired. Minimized blackout time during synchronization with back office Improved error message wording when --service-shutdown option is used for a license server running in a console window 2022.02: CLS + LLS + Client Kits Licensing Server Logging in the license server is now done with Logback, not log4j Added a new configuration property for cipher choice mechanism Resolved flexnetlsadmin communication issue with local license server when a .local URL is used Counts are now updated correctly when a client sends parallel requests to a Cloud Licensing Service instance Client Kits FlexNet Embedded Client kits now offer support for Microsoft Windows 11 platform Java XT TRA: Log4j 1 no longer bundled with tra-run.jar and tra-gen.jar .Net XT SDKs: Optimized GetFeatureCollection call to enable more efficient handling of capability responses containing large quantities of features C XT SDK: Optimized virtualization detection (Linux only) Identity update utility now includes container_id in types list Updated third-party components (OpenSSL, LibCurl) 2022.01: CLS + LLS Licensing Server FlexNet License Server Manager now available in the Product and License Center as a separate package Enhanced logic of distributing used feature counts in feature partitions Customers can now pass vendor dictionary values using the /preview_request API Resolved issue where used counts were not updated correctly if a client tried to renew licenses when the corresponding feature is part of a reactivated line item “rate-limit” setting no longer causes flexnetlsadmin command -licenses -verbose to fail Resolved issue where local license server could crash on installation 2021.12: CLS + LLS Licensing Server Allowed size of model definition for partitions has been increased to 900KB Increased performance of POST requests on /rules endpoint New /features/summaries endpoint returns a summary of available features, grouped by feature name Remodeled logic for returning used license counts to resolve issue of incorrectly calculated counts Resolved issue where preview requests and capability requests for features with overdraft counts were not working as expected Resolved issue with flexnetlsadmin’s -licenses option for uncapped metered features Resolved issue affecting the sorting of checkout filter features 2021.11: CLS + LLS Licensing Server A new directive “vendor string matches” enables license administrators to allocate feature counts to partitions based on variables specified in the vendor string. After use, feature counts are returned to their original partition. The /clients API no longer returns inconsistent results when queried with and without the hostid parameter 2021.10: CLS + LLS Licensing Server User-based reservations are now working as expected 2021.09: LLS + Client Kits Licensing Server New support for Ubuntu 20.04 LTS Reservations are no longer automatically converted to partitions, resolving a compatibility issue where the conversion of reservations into rules could lead to incorrect license counts in the resulting partitions References to Jackson-databind 2.2.3 have been removed from OfflineSync tools Resolved issue where licenses could be available for checkout from a cloned local license server Capability response utility capresponseutil now supports the optional parameter enterpriseId Client Kits References to Jackson-databind 2.2.3 have been removed from OfflineSync tools Resolved false-positive tamper detection issue 2021.07: CLS + LLS Licensing Server Producers can now disable the creation of access logs by setting server.accessLogPattern=none in producer-settings.xml. The wording of log entries for rejected capability requests has been improved. Entries now indicate when a request has been denied due to a feature partitions rule rejection. The response to a call of the /health endpoint now includes a new trustStatus property, which indicates whether a trust break has occurred. Resolved an issue where license counts in partitions were not correctly re-allocated after an updated model definition was uploaded to the license server. 2021.06: CLS + LLS Licensing Server New licensing.defaultTimeZone setting to configure the timezone the server uses to determine feature expiry date, start date, and issue dates Resolved license count handling when the reservation group or partition is deleted while the count is in use Resolved license count handling when reservation groups are deleted and recreated with different feature counts Fixed license leakage issue when feature counts change while features are checked out 2021.05: CLS + LLS + Client Kits Licensing Server Fixed OptimisticLockRefreshException error when adding a new reservation entry Failover synchronization issues have been resolved Increase in failover database size issue is fixed Third-party software modules have been upgraded Client Kits New support for macOS ARM Resolved calendar issues for Java XT kits C-XT kit no longer crashes if year exceeds 3001 on Windows platform Vulnerability CWE-327 addressed 2021.04: CLS + LLS Licensing Server Conditional operator support added to Feature Partitioning rules Resolved issue preventing reserved counts from being automatically renewed Fixed license count issue caused by reservations groups repeatedly being deleted/created Changed mechanism for local license server-FlexNet Operations HTTPS communciation 2021.03: CLS + LLS Licensing Server New streaming interface /clients and /features endpoints to query large client tables, hence improving the performance Resolved VMUUID detection issue on Google Compute Cloud (Windows only) for LLS The REST API /clients endpoint now returns the served clients when the borrow interval was set to 0s on both CLS and LLS Resolved time zone conversion issue for feature expiry on both CLS and LLS The issue with borrow granularity unit is now fixed 2021.02: CLS + LLS Licensing Server Support for JSON-format Logging on the Local License Server (LLS) Integration of LLS Logging with External Systems like Graylog, Elastic Stack Fixed the synchronization issue in failover scenario Improved performance for querying /clients endpoint for both LLS and CLS Fixed the trailing slash in JAVA_HOME system environment variable in LLS Correct version of OpenSSL reported in the LLS A number of third-party software modules used in the FlexNet License Server Manager have been upgraded. 2021.01: CLS + LLS Licensing Server New activeOnly query parameter has been introduced for /features endpoint for both CLS and LLS Return of counts for multiple activation IDs with identical expiry date issue has been fixed on CLS Resolved client expiry issues on CLS Support for PKCS #12 keystores in LLS Resolved VM_UUID detection issue on Google Compute Cloud for LLS Resolved MAC address issue related to hostid case sensitivity. 2020 R3 SP3(2020.12): CLS + LLS + Client Kits Licensing Server License activation using REST API and .NET on both LLS and CLS Usage reports could show duplicate rows with a feature count value of zero for every checked in feature is fixed on CLS Enhanced the model definition upload using the /rules API for long list of hostids—containing 10,000 hostids on both LLS and CLS Used feature counts correctly returned to license pool after effective borrow interval expired Updated open source third party components and dependencies have been removed Resolved flexnetlsadmin to CLS communication issue Fixed the issue that caused error while running local license server(LLS) in console mode Client Kits Improved Cloud Platform detection which fixes the that occasionally detect and return an incorrect hostid value for VM_UUID Resolved VM_UUID detection issue on Google Compute Cloud Releasing of system resource 2020 R3 SP2(2020.10): CLS + LLS + Client Kits Licensing Server Springfox-Swagger has been upgraded to version 2.9.2 in both LLS and CLS. This upgrade addresses potential security issues. Spring Boot has been upgraded to version 2.1.2 in both LLS and CLS to address potential security issues. Enhanced Logging Functionality on the Local License Server. A new logging style configuration parameter has been introduced for the LLS, to configure timestamp behaviour. Resolved below FlexNet License Server Administrator Issues “-reset” command resets the security.enabled policy back to its original default value set by the producer. “-licenses” command now returns correct feature count “-licenses -verbose” command now returns correct value for available counts A number of third-party software modules used in the FlexNet License Server Manager have been upgraded Client Kits Fix for potential memory leak (Linux XT only) 2020 R3 SP1 Hotfix(2020.07.1): CLS only Licensing Server Feature counts are now consumed from correct activation id. For metered features, counts could be consumed from an incorrect activation ID. This issue was due to a change in the sequence of returning used counts. Resolved Client Expiry Timer issue Fixed incorrect expiry date 2020 R3(2020.07): CLS + LLS + Client Kits Licensing Server Feature Partitions The maxCount field now indicates how many counts of a feature are available, regardless of how many counts have been requested. The active hostid set using FlexNet License Server Manager or using the REST APIs now persists in the database. It is no longer necessary to reset it after a server reboot Improved FlexNet License Server Administrator Output Resolved REST API pagination issue CLS performance improvement Resolved server borrow interval issue Updated open source component Jackson Databind in FlexNet License Server Manager In the FlexNet License Server Manager user interface added new Start Date column and New Device Alias column Client Kits Identical Correlation ID generation issue has been addressed (C XT SDKs only) Resolved issue related to connecting to server via proxy (C XT SDKs on macOS only). Resolved issues with redirected URLs (.NET XT SDKs only). Amazon AWS EC2 detection no longer causes XT client crashes (XT SDKs only)

Introduction:  When trying to install FlexNet Operation 2022.R1 on Windows Server 2022 the installation failed with the latest Java JDK 8u351  Flexeraaxf$aaa: C:\Users\Administrator\AppData\Local\Temp\2\I1677784313\Windows_Pure_64_Bit\resource\iawin32.dll not found at Flexeraaxf.af(Unknown Source) at Flexeraaxf.aa(Unknown Source) at com.zerog.ia.installer.LifeCycleManager.init(Unknown Source) at com.zerog.ia.installer.LifeCycleManager.executeApplication(Unknown Source) at com.zerog.ia.installer.Main.main(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.zerog.lax.LAX.launch(Unknown Source) at com.zerog.lax.LAX.main(Unknown Source) Solution: 1. Make sure the Java KDK or JRE is a 64bit version only. 2. If using jdk-8u351-windows-x64.exe which has issues with the FNO installer (InstallShield did not support the latest version of JDK), can you downgrade to Java 64-bit 8u301 or earlier as a temporary fix until the latest JDK tested with FNO installer.  3. Or still want to use the same JDK then here is the workaround for Windows Server 2022 Report an older OS by setting a system variable; PowerShell example:[System.Environment]::SetEnvironmentVariable("JAVA_TOOL_OPTIONS", '-Dos.name="Windows Server 2016"', "Machine") -> Proceed with FNO installation -> Delete the system variable [System.Environment]::SetEnvironmentVariable("JAVA_TOOL_OPTIONS", ", $null ,"Machine") Outcome: Downgrading to use jdk-8u301-windows-x64.exe fixed the issue. 

Introduction: Rocky Linux is an open source Linux distribution that supports the Red Hat Enterprise Linux (RHEL) operating system source code. It offers a downstream, binary-compatible release for production-grade RHEL with community support. Officially FNP does not support it . Details: FNP generates the lsb compliant kit that is expected to work on all the Linux flavors that are lsb compliant. Internally, FNP test this kit on RHEL, SUSE and ubuntu. Since Rocky Linux is lsb compliant , it is binary compatible with RHEL . Rocky Linux is designed to be the ‘new’ Centos. i.e. built directly from the version-equivalent RHEL sources and hence FNP is expected to work fine on rocky Linux . 

Title: Enable the access logs for FlexNet Operations Introduction:  This article shows how a user having admin access to FNO (FlexNet Operations) deployment/machine can enable the WildFly access logs in addition to existing FNO logs to print all the incoming traffic. Instructions: 1) Open the standalone-full.xml located at <INSTALL_DIRECTORY>\FlexNet Operations\components\wildfly\standalone\configuration 2) Look for <host> tag and add a new tag <access-log\> between host tags as shown in attached screenshot below. 3. Restart the WildFly (FNO). 4. Look for logs under <INSTALL_DIRECTORY>\FlexNet Operations\components\wildfly\standalone\log\access-log.log NOTE: Please enable this as per need basis as we don't provide this feature out of the box and if you enable this, you need to take care of archiving and purging of access logs.

Introduction: 11.19.3 FlexNet Publisher supports a new hypervisor, Nutanix AHV, in its virtualization support stack. Feature details: • The following details of support for the Nutanix AHV: • Guest operating systems supported are Windows and Linux. • Supported hostids are VMID and ETHERNET. • No support for GenerationID. Tested Hypervisor -Nutanix AHV (Version 2020.09.16 Community Edition) Nutanix is one of two leaders(VMWare, Nutanix), in the Gartner magic quadrant of Hyperconverged infrastructure software.

This article includes links to download the latest version of the FlexNet Publisher lmadmin. NOTE:  Only the latest version of the lmadmin will be available for download. For prior versions, you must contact your software producer. If you require any assistance with the lmadmin, you must contact your software producer. Revenera does not provide end user support for this utility.    Platform Description Release File Windows Windows x86-64 2023 R1 (11.19.3) lmadmin-x64_n6-11.19.3.0.zip Installer for Windows x86-64 2023 R1 (11.19.3) lmadmin-x64_n6-11_19_3_0.exe Linux Linux x86-64 2023 R1 (11.19.3) lmadmin-x64_lsb-11.19.3.0.tgz Installer for Linux x86-64 2023 R1 (11.19.3) lmadmin-x64_lsb-11_19_3_0.bin Linux x86-32 2023 R1 (11.19.3) lmadmin-i86_lsb-11.19.3.0.tgz Installer for Linux x86-32 2023 R1 (11.19.3) lmadmin-i86_lsb-11_19_3_0.bin macOS macOS Universal2 2023 R1 (11.19.3) lmadmin-universal2_mac11-11.19.3.0.tgz Installer for macOS Universal2 2023 R1 (11.19.3) lmadmin-universal2_mac11-11_19_3_0.zip macOS 10.14 2023 R1 (11.19.3) lmadmin-x64_mac10-11.19.3.0.tgz Installer for macOS 10.14 2023 R1 (11.19.3) lmadmin-x64_mac10-11_19_3_0.zip Solaris (SPARC) Solaris SPARC 64 2023 R1 (11.19.3) lmadmin-sun64_u10-11.19.3.0.tgz Installer for Solaris SPARC 64 2023 R1 (11.19.3) lmadmin-sun64_u10-11_19_3_0.bin Solaris SPARC 32 2023 R1 (11.19.3) lmadmin-sun4_u10-11.19.3.0.tgz Installer for Solaris SPARC 32 2023 R1 (11.19.3) lmadmin-sun4_u10-11_19_3_0.bin Solaris (x86) Solaris x86-64 2023 R1 (11.19.3) lmadmin-x64_sun10-11.19.3.0.tgz Installer for Solaris x86-64 2023 R1 (11.19.3) lmadmin-x64_sun10-11_19_3_0.bin Solaris x86-32 2023 R1 (11.19.3) lmadmin-x86_sol10-11.19.3.0.tgz Installer for Solaris x86-32 2023 R1 (11.19.3) lmadmin-x86_sol10-11_19_3_0.bin AIX AIX Power PC 64 2023 R1 (11.19.3) lmadmin-rs64_u5-11.19.3.0.tgz Installer for AIX Power PC 64 2023 R1 (11.19.3) lmadmin-rs64_u5-11_19_3_0.bin AIX Power PC 32 2023 R1 (11.19.3) lmadmin-ppc_u5-11.19.3.0.tgz Installer for AIX Power PC 32 2023 R1 (11.19.3) lmadmin-ppc_u5-11_19_3_0.bin  

This article documents the FlexNet Publisher Licensing release highlights introduced each year, starting from 2008 to present: Release Description 2023 (11.19.X) Support for Nutanix AHV Enhanced the Amazon Web Service Instance Detection Resolved loss of User Checked Out Information During Time Out The ability of FlexNet Publisher to extract the serial number from the NVMe (Non-Volatile Memory Express) SSD Windows system disk has been improved Third-Party Library Updates 2022 (11.19.X) TLS-based encrypted communication between client and vendor daemon New Environment Variable for flexlm Diagnostics Log’s Path lmadmin safety: user-lockout for 10 mins after 3 unsuccessful password attempts Security updates The Wibu dongle drivers have been upgraded from v6.51 to v6.60 Support for Windows 11 OS Support for Visual Studio 2022 Enhancements for Secure Communication Added an optional command line option “-datestamp” Support for macOS 12.0 beta Monterey New API: lc_dupuserlist New Obfuscation Mechanism for Client and Server Communication Third-Party Library Updates SafeNet dongle drivers have been upgraded to version 8.43. Support for RHEL 9 Support for macOS 12.0 Monterey Support for Windows Server 2022 OS 2021 (11.18.X) Support for Windows Server 2022 OS Support for macOS 12.0 Monterey Batch Checkout Docker container (locking server/feature lines with Container_ID) Borrow Cache Improvements Support for lmadmin on macOS 11.0 Big Sur Support for macOS 11.0 Big Sur on Intel Architecture The Ubuntu platform is now supported for Safenet (FLEXID9) dongles Security updates New Vendor Variable for Detecting Licenses with Clients During Network Disconnect Introduced a New Error Message for FlexNet Licensing Service Change in Detection Technique Under Azure Cloud Environment The Safenet dongle drivers have been upgraded from v8.21 to v8.23. 2020 (11.17.X) Automatic rollover of server log Re-Introduction of Common Vendor Daemon APIs to support containerization/docker Efficient Reservations (API Based) Everrun Hypervisor Support LM_PROJECT Extension  lmstat to report on project lmswitch with rollOver option Utility to obfuscate username in server log (For GDPR) License validation utility Introduction of Asynchronous lc_vsend New Diagnostics - Client Message Based Diagnostics Examples for Server and Client - Automated Recovery of Trusted Storage Timezone message protocol simplification 2019 (11.16.x) Lmstat enhancements –no-user-info Reserved buffer for utilities MAX_CONN UMN1 Enhacements Connections limit by options file Relative path support for Vendor Daemon Server behavior changes on ReRead Support for macOS Notarization Protocol simplification for performance improvement TsActDiag with FNP publisher toolkit 2018 (11.15.x - 11.16.x) FNP support for ARM architecture Trusted Storage Diagnostics & Health Checks 64-bit lmadmin launchd compliance on macOS for lmadmin and lmgrd Position-Independent Executables (PIE) on Linux Security Fixes and Updates INCLUDE/EXCLUDE options for checkout from trusted storage Physical binding to TPM on Windows Username anonymity in REPORTLOG lc_feat_list enhancement Option to configure SOAP communication in lmadmin 2017 (11.14.x - 11.15) Security Updates New options file keywords INCLUDEALL ENTITLEMENT, EXCLUDEALL ENTITLEMENT TPM (Trusted Patform Module) host-id Virtualization detection for certificate based application without FNLS 2016 (11.13.x - 11.14.x) Partial Available Checkout Server shortcodes Borrow enhancements lmadmin Active Directory integration support Visual Studio 2015 support Improvements to Cloud support -2 -p -local option enhancement AMZN_EIP HostID VCG support on XFS filesystems FlexNet Licensing Service, Virtualization and Performance Improvements Extracting Client HostID from Vendor Daemon (VD) Callbacks 2015 (11.13.x) Security Fixes Improved Server Stability Performance fixes for java clients Vendor daemon callback for OVERDRAFT licenses Cloud and Virtualization Enhancements 2014 (11.11.x - 11.13) Activation borrow reclaim on trusted storage Improved virtualization support for trusted storage based licensing Options file keywords for activation borrow Determining license source of a feature Dongle updates PACKAGE support with trusted storage Trusted Storage license server automatic reread Vendor daemon hardening 2013 (11.1.1 - 11.12) Virtualization Support for Activation and Trusted Storage Elimination of cross version signature Enhanced license server diagnostics in the debug log Support for Windows 8 and Server 2012 Windows SafeSEH compatibility Local Activation for Server-Side Trusted Storage Scheduled checks on Updates in Trusted Storage Non-English Characters in Activations Software Tagging Now Supported for lmadmin and lmgrd Callback for Vendor Daemon Shutdown 2012 (11.10.1 - 11.11, 10.8.10) Support for Prepped Trusted Configuration Support for Xen Virtual Environments UMN4 for Linux Machine Identification Support for Mac OS X 10.8.x Purge Option for lmborrow Override Feature for IP Addresses Support for New Ethernet Device Names on Linux Support for Teamed Ethernet Interfaces Activations for License Servers in Bandwidth-Restricted Environments Retrieve Response XML From Online Activations Support for Mac OS X 10.7.x lmadmin Security Fixes 2011 (11.9.1 - 11.10) Support for Licensing in a Cloud Environment Support for Mac Lion Ability to Run lmbind Outside of a Hypervisor Console OS Virtualization Support for Activation and Trusted Storage Improved Support for Secure Data Types in License File-Based Licensing Support for Active Directory Users and Groups in lmadmin WhiteHat Certification for lmadmin Support for Flexid 9 Dongle with 2GB of Flash Memory Java Toolkit Supports Dongles from Wibu-Systems 2010 (11.8.0 - 11.9.0) Virtualization: Support for Hyper-V lmstrip Improvements Dongle support for WibuKey, from Wibu Systems AG, Support for Visual Studio 2010 Compiler C# Wrapper for Activation APIs Composite Transactions (for Trusted Storage Licensing) Virtualization: lmbind and UUID of an ESX Virtual Container 2009 (11.6.1 - 11.7, 10.8.8 - 10.8.9) Support for Microsoft Visual Studio 2008 Support for Windows Server 2008 Support for Hostids from Virtual Ethernet Adapters on Windows Platforms Improved UMN2 on Windows Trusted Storage Backup Installer for lmadmin Linux Standard Base (LSB) certification Time zone licensing Trial packs Automatic Re-Read in Options File 2008 (10.8.7 - 11.6) GUI-based License Server Manager - lmadmin Licensing Toolkit Supports Mac OS X 10.5 (Leopard) and 64-bit Intel Hardware Activation API Functions to ‘Cancel’ a Failed Return Request Support for Multiple Ethernet Hostids on Some Platforms Support for Machine Virtualization - VMware ESX Server  

Introduction The SSL (Secure Sockets Layer) certificate for FlexNet Operations Cloud is updated annually. Periodically the intermediate (about every 10 years) and root (about every 20 years) certificates are also updated. The FlexNet Embedded local license server relies on the intermediate and root certificate chain to communicate with FlexNet Operations Cloud. In early 2023, FlexNet Operations will update its SSL certificate, and this update will include a new intermediate certificate. The following instructions are best practices to have a local license server prepared for this and other future certificate updates in FlexNet Operations Cloud. Who Should Read This Article? The intended audience for this article includes FlexNet Embedded local license server administrators, who need to ensure that their license servers are properly configured for an SSL certificate update. (The "you" in this article is the local license server administrator.) Producers should also read this article to understand what the local license server administrator at each of their customer sites must do to prepare for an upcoming certificate update. Producers need to keep the license server administrators informed of announcements about upcoming certificate updates and expirations. With support from producers, license server administrators can have adequate time to prepare their license servers for certificate upgrades and test a new certificate in UAT before the old certificate actually expires. Local License Servers 2021.05 or Later In general, a certificate update is not a concern for FlexNet Embedded local license servers built with the 2021.05 or newer FlexNet Embedded kits as these servers default to using the “cacerts” file included with Java. The “cacerts” file is maintained and updated by Java. Certificate authorities start issuing new intermediate and root certificates 1-2 years before their actual expiration date. This allows time for the “cacerts” file to be updated well before the change occurs with certificates for FlexNet Operations Cloud. Keeping Java updated to the latest version supported by your local license server helps to ensure that the server's certificate information will be properly synchronized with the FlexNet Operations Cloud certificates whenever certificate updates go into effect. (Refer to the FlexNet Embedded License Server Release Notes for the latest versions of Java supported by the license server.) Local License Servers 2021.03 or Earlier If you are using a local license server built with FlexNet Embedded 2021.03 or earlier, check the truststore path in the server’s “local-configuration.yaml” file.  (On Linux, this file is found in the “/opt/flexnetls/producer” directory. On Windows, it is located in the same directory as “flexnetls.jar”.) If this file is configured to use the “cacerts” file as its truststore, no action is needed.  If the file is configured to use the “flexnet.certs” file, the license server administrator can perform one of these two options. Whichever option is used, the license server administrator should make sure that the Java version is kept up to date with the latest version supported by the local license server. (See the FlexNet Embedded License Server Release Notes for this information.)  Option 1 First, update the “local-configuration.yaml” so that it contains the path to the Java “cacerts” file, as shown in the following example: # Path to truststore containing server certificate. truststore-path: ${JAVA_HOME}/jre/lib/security/cacerts Then, for the “truststore-password” property, enter the password for the “cacerts” truststore. Note that, if the password was not previously changed from its default value, enter the default password “changeit”. However, if the password was previously changed, the current password must be entered. # Truststore password. You can obfuscate this with java -jar flexnetls.jar -password  your-password-here. truststore-password: changeit Alternatively, the administrator can first obfuscate the password by following the instructions included in the “yaml” file and then provide the obfuscated value, as shown is this example. truststore-password: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 Option 2 Install a version of the local license server built with FlexNet Embedded 2021.05 or later. Local Licenses Servers That Run Offline Except for Activations Some FlexNet Embedded local license servers run offline but occasionally go online to activate the latest licenses from the FlexNet Operations back office. To ensure that the certificate information on the license server is synchronized with FlexNet Operations before performing any activations, the license server administrator needs to do the following: Bring the offline device (containing the license server) online. Ensure that the device is upgraded with the latest version of Java supported by your license server installation. (See the FlexNet Embedded License Server Release Notes.) Ensure that the “local-configuration.yaml” file for the license server points to the “cacerts” file as its truststore. This step is especially important if your license server version is 2021.03 or earlier. For more information, see Local License Servers 2021.03 or Earlier. Perform the license activation operations. This step is important (as explained in The SSL Communication Process). Take the device offline. The SSL Communication Process During SSL communication between the server (FlexNet Operations) and a client (the local license server), an initial "handshake" occurs. During this handshake, the root certificate present in caecerts gives the client a public key to attempt validation. Once validation is successful, the connection is established and further communication can occur. For offline local license servers, bringing the license server temporarily online to perform activation operations once you have prepared it for a certificate upgrade is necessary to ensure that the initial SSL handshake using the new certificate takes place. Troubleshooting If your local license server has not been properly configured for a certificate upgrade, the license server receives the message "SSL is misconfigured" once the old certificate expires. At this point, to avoid any further license-server downtime, you must perform the steps outlined in this article to ensure that the license server is able to use the new certificate. However, because of this late configuration, you will have missed the UAT phase of the upgrade that allowed you to test the new certificate and resolve any issues before the old certificate expired.  Once you have configured your machine for a certificate upgrade, it should be able to handle future certificate upgrades (as long as you keep your Java installation version up to date). However, ensure that you periodically ask your producer about the schedule of upcoming certificate upgrades and expirations so that you are aware of the timeframe for testing out any new certificate. Keeping up to date on the schedule will help you avoid unnecessary license-server downtime when an old certificate expires. Practice To Avoid Because Revenera updates the FlexNet Operations Cloud SSL certificate annually, best practice is not to hard-code the hash of this certificate in your client code. With each certificate update, the hash changes. Additional Resource If you are using API to integrate your application with FlexNet Operations, see FlexNet Operations Cloud - Digital Certificates  for information about exporting and configuring SSL certificates from FlexNet Operations.