Revenera Community Knowledge Base

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Knowledge Base Articles
Summary After installing FlexNet Publisher (FNP) using the lmadmin installer and conducting a security scan, vulnerability QID-86728 - Web Server Uses Plain-Text Form Based Authentication is being flagged  What is QID-86728 :- Web Server Uses Plain-Text Form-Based Authentication vulnerability The vulnerability indicates that data is being transmitted over an unencrypted port, such as port 80. The solution is to switch the communication port to HTTPS for secure transmission. Recommendation We recommend the license administrator configure the web server in secure mode based on their requirements. This can be done by selecting the checkboxes for "Enable HTTPS" and "Redirect Non-Secure Web Access to Secure Web Access" in the lmadmin web UI. To do this, navigate to Administration > Server Configuration > Secure Web Server Configuration, then click Save to apply the changes. Further, the admin can recommend the lmadmin web users connect over HTTPS only by specifying the URL  like "https://<lmadminHost>:<lmadminHttpsPort> . The HTTPS port can be chosen as per the license administrator’s convenience.
View full article
Summary LLS in Linux/Windows listening to the 8080 port as well as the configured port. This lets LLS respond on both the configured port and the 8080 port.  Symptoms LLS also listens to the 8080 Port along with the configured port. The 8080 port is opened by Springboot/undertow. This also blocks running multiple instances of LLS on a single machine. Steps to Reproduce Install LLS on the Linux/Unix operating system. Start LLS and check for the open port for the LLS process ID.  netstat -anp | grep PID Workaround No Workaround as of now. Fix Version and Resolution The fix will be released in the 2024.09 LLS release. 
View full article
The new FlexNet License Server Manager enables license administrators to manage the FlexNet Embedded local license server and its license distribution using a browser-based interface. This new administration tool replaces the previous License Server Manager, which was deprecated in the 2022.11 release. This tool is provided as a separate package, called: FlexnetLicenseServerManager-<version>.zip The package is a Docker container which holds the image: revenera/flsm:<version> Producers can download the FlexNet License Server Manager, along with the FlexNet Embedded Local License Server, from the Flexera/Revenera Product and License Center. Producers can then make the FlexNet License Server Manager available to their customers. End users can download the latest version of FlexNet License Server Manager here: FlexNet License Server Manager IMPORTANT:  This ZIP file is for Docker consumption only, and is not to be extracted using other extraction tools. For information on how to install the FlexNet License Server Manager Docker container, see the FlexNet License Server Manager Guide on docs.revenera.com. NOTE: Only the latest version of the FlexNet License Server Manager will be available for download. For prior versions, you must contact your software producer. NOTE: If you require any assistance with the FlexNet License Server Manager, you must contact your software producer. Revenera does not provide end user support for this utility.  To view documentation for FlexNet License Server Manager, see the FlexNet License Server Manager Guide on docs.revenera.com.  
View full article
We are excited to announce the upcoming launch of a new Revenera Community, redesigned to make it easier to find valuable resources, connect with product experts, and stay up-to-date with the latest product news. We look forward to unveiling the new Revenera Community later this year. Please stay tuned to the Community Notices board for future announcements as we share our progress and provide details about the launch timeline and any instructions. We strive to deliver the best community experience for our customers. Thank you for joining us on this journey and for your continued support.
View full article
This article explains how to Usage Intelligence Reporting APIs to create reports using Microsoft Power BI. NOTE: Information on Usage Intelligence Reporting APIs can be found at Usage Intelligence Reporting API v3.0.0 Authentication Before being able to request any data, you need to authenticate with the Usage Intelligence API. The Usage Intelligence Authentication APIs cannot be integrated with Power BI directly, as they do not provide basic cookie handling functionality as of now, so you need to authenticate using Postman or another similar tool. Refer to the Authenticate section of the Usage Intelligence Reporting API v3.0.0 documentation for more details. The following is an example from Postman:   NOTE: In the response headers of this API, look for Set-Cookie with a session token and copy the value (you will need it later). Create a Query in Power BI Perform the following steps to create a query in Power BI. To create a query in Power BI: Open the Power BI Desktop. Go to Home > Transform Data > Transform Data to open the Power Query Editor. In the Power Query Editor, select New Source > Blank Query. In the Advanced Editor, replace the existing code with the Power Query M code example provided here: Example Code The following is example code: let // session cookie token got from earlier step preObtainedCookie = "RUI-Session-Token=xx; HttpOnly; Max-Age=39600; Path=/; SameSite=Strict; Secure", // Common headers for the API call commonHeaders = [ #"Content-Type" = "application/json", #"RUI-Client" = "PowerBI", #"RUI-Client-Version" = "1.0", #"Origin" = "https://analytics.revenera.com", #"Cookie" = preObtainedCookie ], // Reporting API URL apiUrl = "https://analytics-api.revenera.com/v3/reporting/eventTracking/lifetime/dataTable/2376158762", // JSON payload content as required by the specific API used here, for other APIs, refer the documentation, make sure it is formatted as shown below reportPayload = "{ ""startDate"": ""2024-07-07"", ""stopDate"": ""2024-09-04"", ""globalFilters"": {}, ""events"": null, ""sorting"": { ""events"": ""uniqueUsersUsedAtLeastOnce"", ""eventsDirection"": ""desc"" }, ""categorizeEvents"": false, ""paging"": { ""startAt"": 0, ""limit"": 25 }, ""groupBy"": ""clientId"" }", // Convert report payload to binary reportContent = Text.ToBinary(reportPayload), // Make the API call and handle the response, change ManualStatusHandling as required reportResponse = Web.Contents( apiUrl, [ Headers = commonHeaders, Content = reportContent, ManualStatusHandling = {200} ] ), // Parse the JSON response finalResult = Json.Document(reportResponse), result = finalResult[result] in result The example provided above is for POST API. For GET API, just omit the following steps: Providing JSON payload content. Convert report payload to binary. Passing JSON content while calling API. You will see the response as shown below: The response from API is always in JSON format. Parse it as required by expanding the nested data, flatten hierarchies, pivot/unpivot data, and then load into Power BI to visualize the data.
View full article
Usage Intelligence now offers a new Custom Event Tracking report. If you choose to track an event with numeric data in your application, you will now be able to generate a custom report on that event. Enabling Custom Numeric Event Tracking In Your Application Depending on the SDK used to integrate with Usage Intelligence, refer the corresponding document for instructions for Logging a Custom Event as name/value string pairs: C++ for Windows SDK C++ for macOS SDK C++ for Linux SDK Objective-C for macOS SDK Java SDK .NET SDK .NET Multiplatform SDK Viewing Custom Events Custom events (sent / pushed / logged) will be visible on the Recent Custom Events tab of the Features & Event Tracking > Custom Event Tracking page in the format as shown below. Example: ReportLoad Report The following is an example of creating a Custom Events Report for an event named ReportLoad. Requirements To generate this report, the following items must be true: For example, suppose you have an event with a category of ApplicationRuntime and an event name of ReportLoad.  That event has data such as file size, duration and CPU usage to report. Format the name in a name/value string pair, such as File_Size_KB, as shown below: A unit should be mentioned at the end of the name such as KB, ms, or %, preceded by an underline "_". If there is no unit, use “none” at the end. Here are examples of custom event names: File_Size_KB visible in report as File Size (KB). Duration_ms visible in report as Duration (ms). CPU_Usage_% visible in report as CPU Usage (%). Prediction_none visible in report as Prediction. Values are considered only if they are numeric; everything else is ignored. NOTE: In SDK API code, values are sent as strings, but the value represented as string should be numeric. Numeric values should be greater than or equal to 1. Code Snippet Example to Send Custom Numeric Events  The following is an example code snippet for the Windows C++ SDK to push an event to the Usage Intelligence platform.  bool AddDictionary(RUIINSTANCE* myInstance) { std::vector<RUINameValuePair> dictionary(3); dictionary[0] = {"CPU_Usage_%", "85"}; dictionary[1] = {"File_Size_KB", "1062"}; dictionary[2] = {"Duration_ms", "7801"}; RUIRESULT rc = ruiTrackEventCustom(myInstance, "ApplicationRunTime", "ReportLoad", dictionary.data(), 3, nullptr); return true; } Call AddDictionary function Setting Up the Custom Event Tracking Report Ensure that the event is set as Tracking on the Event Tracking Management tab of the Admin > Product page. Once such events are sent, verify if they seem correct on the Recent Custom Events tab of the Feature & Event Tracking > Custom Event Tracking page. If required, make changes and send it again. If the events are pushed correctly, such events will be visible on the Custom Event Tracking Management tab of the Admin > Product page. They will be in an untracked state initially. After verifying details displayed, select the Tracking checkbox for each of the events to be tracked. After the event is set to Tracking, subsequent data sent in for that event will be collected and will be ready to be viewed in reports on the Custom Event Reporting tab of the Feature & Event Tracking > Custom Event Tracking page. Viewing a Custom Event Tracking Report To view a Custom Event Tracking report, perform the following steps.  To view the Custom Event Tracking report: Open the Feature & Event Tracking > Custom Events page, and select the Custom Event Reporting tab. The page opens with the Custom Events Report Settings dialog box open. On the Custom Events Report Settings dialog box, choose any event from the Event drop down menu. Choose one or more items from the Event Data menu (maximum of 10). Select a Date Range (within the last 90 days). Click Save. The Custom Events Report Settings dialog box closes. Click Apply. The report is generated.  If there is no data to display, the report is blank. Recommendations Revenera recommends the following regarding Custom Numeric Event Tracking reporting: It is recommended to keep the raw data feature enabled for reference. You can enable raw data export by contacting Revenera Support.  It is recommended to try this feature on your test or development accounts. Coverage of Functionalities Note the following regarding the range of capabilities of Custom Numeric Event Tracking reporting: This feature is available for all products on production which meet the requirements. You will be able to send custom events as name-value pairs with numeric values adhering to feature requirements documented under Requirements above. You will be able to track/untrack the custom events on the Custom Event Tracking Management tab of the Admin > Product page. You can see histogram reports for such tracked events, with specific date ranges (within the last 90 days) for selected sub data points. You can apply supported filters for the report. Data collected for these reports will also be available with raw data for download and a custom events archive for download.
View full article
The following are the Release Notes available for FlexNet Code Insight Electronic Update releases: 2024 2023 2022 2021 2020 29-Aug-2024 12-Aug-2024 25-July-2024 11-July-2024 21-June-2024 14-June-2024 17-May-2024 11-Apr-2024 28-Mar-2024 13-Mar-2024 01-Mar-2024 05-Feb-2024 03-Jan-2024 28-Nov-2023 10-Nov-2023 27-Oct-2023 13-Oct-2023 14-Sep-2023 10-Aug-2023 23-Jun-2023 31-May-2023 04-May-2023 17-Apr-2023 24-Mar-2023 10-Mar-2023 24-Feb-2023 20-Feb-2023 30-Jan-2023 12-Jan-2023 22-Dec-2022 08-Dec-2022 29-Nov-2022 11-Nov-2022 02-Nov-2022 21-Oct-2022 18-Oct-2022 23-Sep-2022 13-Sep-2022 09-Sep-2022 29-Aug-2022 12-Aug-2022 18-Jul-2022 07-Jul-2022 28-Jun-2022 15-Jun-2022 13-May-2022 28-Apr-2022 13-Apr-2022 25-Mar-2022 14-Mar-2022 24-Feb-2022 10-Feb-2022 28-Jan-2022 13-Jan-2022 23-Dec-2021 16-Dec-2021 26-Nov-2021 11-Nov-2021 28-Oct-2021 18-Oct-2021 01-Oct-2021 13-Sep-2021 30-Aug-2021 27-Jul-2021 24-Jun-2021 11-Jun-2021 28-May-2021 14-May-2021 22-Apr-2021 10-Apr-2021 25-Mar-2021 11-Mar-2021 20-Oct-2020 11-Sep-2020 28-Aug-2020 14-Aug-2020 03-Aug-2020 17-Jul-2020 30-Jun-2020 15-Jun-2020 01-Jun-2020 18-May-2020 04-May-2020 17-Apr-2020 03-Apr-2020 Changes in Update Released on 29-August-2024 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-54501 Fixed False positive vulnerability mappings to multiple maven components added by the legacy Maven Mapper. SCA-53350 Fixed license detection capability for CDDL-1.1 and GPL-2.0-with-classpath-exception licenses to remove false positive inventories SCA-54217 Deprecated the incorrect version (1.0.0.0) and added the correct license mappings to microsoft.web.infrastructure component. SCA-54532 Fixed the False positive license for freemarker 2.3.8.   New/Update license mappings requests: Added component and version level license mappings to the component " microsoft.web.infrastructure" (componentId: 3529708). New/Update component_version requests: Deprecated the incorrect version (1.0.0.0) of microsoft.web.infrastructure component. (versionId: 9997221). New/Update license requests: Updated license URL of FreeMarker License (licenseid: 1482) Enhanced License Detection Capability for licenses License detection capability and license evidence mechanism for the following licenses was updated/added: CDDL-1.1 GPL-2.0-with-classpath-exception Collector Status Name Date of Last Successful Run Alpine 08/22/2024 Clojars 08/22/2024 Cocoapods 08/22/2024 Conan 08/22/2024 Cpan 08/22/2024 Cran 08/24/2024 Crates 08/25/2022 Debian 08/26/2024 fedora-koji 08/22/2024 Github 08/26/2024 Gitlab 06/06/2023 Go 08/05/2024 Hackage 08/25/2024 maven2-ibiblio 08/05/2024 maven-google 08/23/2024 Npm 08/27/2024 nuget gallery 08/16/2024 packagist 08/25/2024 Pypi 08/19/2024 rubygems 08/22/2024 Changes in Update Released on 12-August-2024 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-53760 Fixed False positive inventories being generated due to incorrect URL match by RPM Analyzer. As a part of this we have updated few legacy invalid/incorrect components. Please refer to details in below sections. SCA-53994 Added component and version level license mappings to the component "perl-mozilla-ldap (Id: 27183535)". SCA-54247 Enhancement of Github Advisory Feed to handle updated and deprecated vulnerability data. SCA-54428 Enhancing the GHSA mapper to handle deprecation of affected versions records.   New/Update component requests: Deprecated the legacy invalid component typyahoo2-testproject (componentid: 10518835) Updated component url of malbers-mp (componentid: 11092024) Updated component url of amoldjoshi-likh (componentid: 11892667) New/Update license mappings requests: Added component and version level license mappings to the component "perl-mozilla-ldap" (componentId: 27183535). Collector Status Name Date of Last Successful Run alpine 08/07/2024 clojars 08/08/2024 cocoapods 08/06/2024 Conan 08/08/2024 cpan 08/08/2024 cran 08/10/2024 crates 08/25/2022 debian 08/05/2024 fedora-koji 08/09/2024 github 08/10/2024 gitlab 06/06/2023 go 08/05/2024 hackage 08/11/2024 maven2-ibiblio 07/28/2024 maven-google 08/09/2024 npm 08/09/2024 nuget gallery 08/01/2024 packagist 07/28/2024 pypi 08/05/2024 rubygems 08/08/2024 Changes in Update Released on 25-July-2024 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-53928 Fixed False Positive vulnerability (CVE-2022-25758) reported on scss-tokenizer 0.4.3 (component id: 13388895) SCA-53168 Addition of vulnerability mappings to the component moment.js (component id: 3530129) (CVE-2022-24785 ,CVE-2022-31129) SCA-53075 Addition/Updating components, versions, licenses. Details are in the sections below   New/Update component requests: SNMP++ API (component id : 32304497) ata-project (component id : 32304498) foundation-icon-fonts-3 (component id : 32304496) vistadb (component id :  32304499) Updated component URL for jquery-validation (component id: 247443) New/Update component_version requests: SNMP++ API (component id : 32304497) - Versions from 3.0 to 3.5.2 ata-project (component id : 32304498) - Version 1.0 foundation-icon-fonts-3 (component id : 32304496) - Version 3 vistadb (component id :  32304499) - Version 5.0 to 6.5 nsis (component id: 6422) - Version 2.47 to 3.10 New/Update license requests: Rebex General License(license-id: 2304) SNMP++ License(license-id: 2302)  VistaDB License(license-id: 2303) New/Update license mappings requests: Added Rebex General License for rebex.ftp (component id: 22421074) Added OpenSSL License for openssl (component id: 58316) versions 0.9.0 to 1.1.1w and added Apache-2.0 for openssl versions 3.0.0 and above Collector Status Name Date of Last Successful Run alpine 7/24/2024 clojars 7/18/2024 cocoapods 7/23/2024 Conan 7/18/2024 cpan 7/18/2024 cran 7/20/2024 crates 8/25/2022 debian 7/22/2024 fedora-koji 7/18/2024 github 7/22/2024 gitlab 6/6/2023 go 7/24/2024 hackage 7/21/2024 maven2-ibiblio 7/3/2024 maven-google 7/19/2024 npm 7/23/2024 nuget gallery 7/11/2024 packagist 7/21/2024 pypi 7/15/2024 rubygems 7/18/2024 Changes in Update Released on 11-July-2024 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-54193 Updated the forge search criteria for forges like Conan, Debian, Cocoapods, Alpine etc  SCA-54188 Enhancement to the Github Adbisory Feed to collect the accurate GHSA url. SCA-53761,  SCA-53649  Updated license mappings for the component asciidoc-py3 (Id: 29955909), grpcio etc SCA-53760 Fixed False positive inventories detected due to incorrect URL match (RPM Analyzer). SCA-53393,  SCA-53350,  SCA-53349 License detection capability and license evidence mechanism was added/updated for licenses like BSD, Dom4j, CDDL-1.1 etc SCA-53184 Added/updated licenses like "Aspose End User License Agreement (2017)", "ABCpdf license" etc SCA-52723 Fixed False negative vulnerability mappings for components like tomcat-embed-core for CVE-2023-44487 New Vulnerability mappings: CVE -2024-6387 (https://nvd.nist.gov/vuln/detail/CVE-2024-6387) for below Components. openbsd-openssh (componentID: 58168) openssh-openssh-portable (componentId: 684672) redhat-enterprise-linux (componentId: 23215031) openssh (componentId: 29970186) openssh (componentId : 32188020) New/Update component_version requests: Saxon XSLT and XQuery Processor:(compoent-id: 8657) New/Update license requests: ABCPDF License : License-id 2298 Accusoft Software License: License-id 2301 Aspose License 2017:  License-id 2299 Aspose License 2024:  License-id 2300 SelectPDF HTML to PDF Converter License: License-id 2297 New/Update license mappings requests: added Accusoft Software License to Accusoft ImageGear component (Id: 13512007) added GPL-2.0-or-later license to asciidoc-py3 (Id: 29955909)] added SelectPDF HTML to PDF Converter License to select.htmltopdf - NuGet Gallery (Id: 3537714)  added ABCPDF License to abcpdf - NuGet Gallery (Id: 3512350) added Aspose License 2017 and Aspose License 2024 License to groupdocs.conversion (Id: 22358106) added Accusoft Software License to Accusoft ImageGear component (Id: 13512007) added GPL-2.0-or-later license to asciidoc-py3 (Id: 29955909)] added SelectPDF HTML to PDF Converter License to select.htmltopdf - NuGet Gallery (Id: 3537714)  added ABCPDF License to abcpdf - NuGet Gallery (Id: 3512350) added Aspose License 2017 and Aspose License 2024 License to groupdocs.conversion (Id: 22358106) Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: Dom4j license BSD License CDDL-1.1 License Collector Status Name Date of Last Successful Run alpine 7/10/2024 clojars 7/4/2024 cocoapods 7/9/2024 Conan 7/4/2024 cpan 7/4/2024 cran 7/6/2024 crates 8/25/2022 debian 7/8/2024 fedora-koji 7/4/2024 github 7/9/2024 gitlab 6/6/2023 go 7/10/2024 hackage 7/7/2024 maven2-ibiblio 6/12/2024 maven-google 7/5/2024 npm 6/21/2024 nuget gallery 7/4/2024 packagist 7/7/2024 pypi 7/8/2024 rubygems 7/4/2024 Changes in Update Released on 21-June-2024 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary FLEX-1845 Collection of components from Conan Package Manager - This is an addition to the set of forge collections. FLEX-7421 Enhancement to Go collection Gaps for components with versions v2,v3..vX SCA-53291 Updated component and license mappings for the component pmezard-go-difflib FLEX-7607 Data - Mapping of GHSA advisories to component-versions New/Update component requests: pmezard-go-difflib (component-id: 8881995) Collector Status Name Date of Last Successful Run npm 6/17/2024 crates 8/25/2022 cpan 6/20/2024 cocoapods 6/18/2024 Conan 6/20/2024 clojars 6/20/2024 rubygems 6/14/2024 maven-google 6/14/2024 cran 6/15/2024 hackage 6/16/2024 packagist 6/16/2024 go 6/14/2024 pypi 6/17/2024 nuget gallery 6/6/2024 maven2-ibiblio 6/5/2024 github 6/20/2024 fedora-koji 5/2/2024 alpine 6/15/2024 gitlab 6/6/2023 debian 6/17/2024 Changes in Update Released on 14-June-2024 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-53076 Addition or update component, version, licenses and license mapping details for requested components. Details are mentioned in below sections New/Update component requests: adoptium-temurin-openjdk (component-id: 32084809) pclbox (component-id: 32084808) New/Update component_version requests: adoptium-temurin-openjdk (component-id: 32084809) from 8.0.302+8 to 22.0.1+8 pclbox (component-id: 32084808) 1.0 and 2.0 jqueryui - (component-id: 122113) from 1.0 to 1.13.3 New/Update license mappings requests: adoptium-temurin-openjdk (component-id: 32084809) pclbox (component-id: 32084808) jqueryui  (component-id: 122113) Collector Status Name Date of Last Successful Run npm 6/12/2024 crates 8/25/2022 cpan 6/6/2024 cocoapods 6/11/2024 clojars 6/6/2024 rubygems 6/6/2024 maven-google 6/7/2024 cran 6/8/2024 hackage 6/9/2024 packagist 6/9/2024 go 6/12/2024 pypi 6/10/2024 nuget gallery 6/6/2024 maven2-ibiblio 6/5/2024 github 6/12/2024 fedora-koji 5/2/2024 alpine 6/12/2024 gitlab 6/6/2023 debian 6/10/2024 Changes in Update Released on 17-May-2024 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-52995 Fixed False Negative Vulnerability for the nuget component Microsoft.IdentityModel SCA-52933 Fixed False positive vulnerabilities for commons-compress 1.26.0 SCA-52724 Fixed False Negative Vulnerability for the component commons-text   Collector Status Name Date of Last Successful Run npm 4/28/2024 crates 8/25/2022 cpan 5/9/2024 cocoapods 4/30/2024 clojars 5/9/2024 rubygems 5/9/2024 maven-google 4/26/2024 cran 5/11/2024 hackage 5/12/2024 packagist 5/12/2024 go 5/13/2024 pypi 5/7/2024 nuget gallery 5/7/2024 maven2-ibiblio 5/01/2024 github 5/13/2024 fedora-koji 4/5/2024 alpine 5/8/2024 gitlab 6/6/2023 debian 5/13/2024 Changes in Update Released on 11-April-2024 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-52738 Fixed False Positive vulnerability for openbsd-openssh component for CVE-2002-0639 for version '2.5.1' SCA-52947, SCA-53074,  SCA-52305 Addition or update component, version, licenses and license mapping details for requested components. Details are mentioned in below sections New/Update component requests: xcurveballx-tablesorter - 31937493 artifexsoftware-jbig2dec - 31937495 artifexsoftware-urw-base35-fonts - 31937496 azure-macro-utils-c - 31937497 stleary-json-java - 12684762 editd-jquery-menu-aim - 31686788 initscripts-ipv6 - 31935720 cstring-clone-using-standard-c - 31935721 wixtoolset-visualstudioextension - 31937494 Updated URL for rillke-libogg Updated URL for jboss-logging-jboss-logging Updated URL for stleary-json-java New/Update component_version requests: Apache Xerces Java XML Parser (component-id: 33071) Added missing versions 2.12.0 and higher. versions id for 2.12.0 is 267185709. ub-mannheim/tesseract (component-id: 14721072) version- 4.1 (184251962) jboss-logging/jboss-logging (component-id: 294410) versions are up-to-date till 3.5.3, version-id for 3.4.3 is 267185974. New/Update license requests:  SelectPDF EULA(license-id: 2296) - https://selectpdf.com/eula/  New/Update license mappings requests:  Updated public domain license to stleary-json-java(12684762) Updated Apache-2.0 license to krzyzanowskim-openssl(12973107) Updated MIT license to jQuery-menu-aim(31686788) Updated MIT to azure-azure-uamqp-c(18246106) Updated MIT to azure-azure-umqtt-c(17219194) Updated MIT to azure-azure-c-shared-utility(17219172) Collector Status Name Date of Last Successful Run npm 3/27/2024 crates 8/25/2022 cpan 4/4/2024 cocoapods 4/09/2024 clojars 4/4/2024 rubygems 4/4/2024 maven-google 4/5/2024 cran 4/6/2024 hackage 4/7/2024 packagist 4/7/2024 go 4/10/2024 pypi 4/1/2024 nuget gallery 4/10/2024 maven2-ibiblio 3/21/2024 github 4/9/2024 fedora-koji 4/5/2024 alpine 4/10/2024 gitlab 6/6/2023 debian 4/8/2024 Changes in Update Released on 28-March-2024 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary FLEX-4584 Github Security Advisory is an addition to our list of vulnerability feeds. SCA-52359 Update license mappings for GNU GCC component SCA-51961 License detection automation for licenses like Simple Public License 2.0, SleepyCat License etc SCA-52405 Updated incorrect Apache licenses for components in Pypi forge SCA-52301,  SCA-52623 Addition/Update component, version and license details for below mentioned components New/Update component requests: JustMock PDFjet for Java - https://github.com/edragoev1/pdfjet  Mozilla LDAP C SDK - https://github.com/dogtagpki/ldap-sdk X Library - https://www.cross-browser.com/x/lib  Jigsaw W3Cs server - https://www.w3.org/Jigsaw  New/Update license requests:  W3C IPR SOFTWARE NOTICE https://www.w3.org/Consortium/Legal/copyright-software-19980519.html Collector Status Name Date of Last Successful Run npm 3/27/2024 crates 8/25/2022 cpan 3/21/2024 cocoapods 3/26/2024 clojars 3/21/2024 rubygems 3/21/2024 maven-google 3/22/2024 cran 3/23/2024 hackage 3/24/2024 packagist 3/24/2024 go 3/25/2024 pypi 3/25/2024 nuget gallery 3/21/2024 maven2-ibiblio 3/21/2024 github 3/26/2024 fedora-koji 3/21/2024 alpine 3/27/2024 gitlab 6/6/2023 debian 3/25/2024 Changes in Update Released on 13-March-2024 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-52086 Fixed false positive vulnerability for the component snappy-java. SCA-51389 Publishing EPSS scores to PDL update package Collector Status Name Date of Last Successful Run npm 3/08/2024 crates 8/25/2022 cpan 3/07/2024 cocoapods 3/05/2024 clojars 3/07/2024 rubygems 3/07/2024 maven-google 3/08/2024 cran 3/09/2024 hackage 3/10/2024 packagist 3/03/2024 go 3/06/2024 pypi 3/04/2024 nuget gallery 2/29/2024 maven2-ibiblio 2/27/2024 github 3/11/2024 fedora-koji 3/08/2024 alpine 3/06/2024 gitlab 6/6/2023 debian 3/11/2024 Changes in Update Released on 01-March-2024 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-52077 Fixed False Negative Vulnerability for PostGres SQL driver  SCA-51813,  SCA-51823, SCA-51828 Updated license detection and license evidence mechanism for licenses like CDDL , Public Domain, BSD, GPL-2.0 SCA-51814 Updated component detection mechanism for libtommath component SCA-51907 Added/Updated components, versions and license mappings for components like Json in Java, async etc SCA-52018 Fixed license mappings for component "justmock" from Nuget forge Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: CDDL-1.0 CDDL-1.1 GPL-2.0 BSD-Style Public Domain New/Update component requests: libtommath async Json in Java New/Update license requests:  Added a new license from https://www.telerik.com/purchase/license-agreement/kendo-ui - Telerik Kendo End User License Agreement Collector Status Name Date of Last Successful Run npm 2/26/2024 crates 8/25/2022 cpan 2/22/2024 clojars 2/22/2024 rubygems 2/22/2024 maven-google 2/23/2024 cran 2/24/2024 hackage 2/25/2024 packagist 2/25/2024 go 2/26/2024 pypi 2/26/2024 nuget gallery 2/22/2024 maven2-ibiblio 2/14/2024 github 2/27/2024 fedora-koji 2/23/2024 alpine 2/28/2024 gitlab 6/6/2023 debian 2/26/2024 Changes in Update Released on 05-February-2024 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-51559 Fix to handle "rejected" cves from NVD in data library. SCA-38151,  SCA-51747,  SCA-51959 Addition/update license evidence mechanism and license detection capability for licenses like Yahoo! Public License, Open Software License, NASA Open Source Agreement, Sleepycat License etc SCA-51269,  SCA-51036,  SCA-51858   Added/updated component, version, license or license mappings in data library for the requested components, details are in the separate sections below. Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: SIL Open Font License 1.1 Yahoo! Public License v1.0 Yahoo! Public License v1.1 Open Software License 1.0 Open Software License 1.1 Open Software License 2.0 Open Software License 2.1 Open Software License 3.0 Multics License NASA Open Source Agreement 1.3 Naumen Public License Apple Public Source License 1.0 CUA Office Public License v1.0 Simple Public License 2.0 Sleepycat License SugarCRM Public License v1.1.3 Independent JPEG Group License New/Update component requests: ljharb-define-data-property (Component_id:31686787) editd-jquery-menu-aim (Component_id:31686788) ljharb-set-function-length (Component_id:31686789) imagegear-net-samples (Component_id: 31490027) The-Ultimate-Toolbox-Application-Skins (Component_id: 31490026) SNMP4j (Component_id: 31490028) OpenSSL Project (Component_id: 58316) Bouncy Castle Crypto Csharp (Component_id: 11253334) New/Update license requests:  ANTLR 3 License - Updated the license url to https://www.antlr3.org/license.html (license_id: ) Collector Status Name Date of Last Successful Run npm 1/24/2024 crates 8/25/2022 cpan 1/18/2024 clojars 1/18/2024 rubygems 1/18/2024 maven-google 1/19/2024 cran 1/20/2024 hackage 1/21/2024 packagist 1/21/2024 go 1/22/2024 pypi 1/08/2024 nuget gallery 1/11/2024 maven2-ibiblio 1/10/2024 github 1/23/2024 fedora-koji 1/17/2024 alpine 1/24/2024 gitlab 6/6/2023 debian 1/22/2024 Changes in Update Released on 03-January-2024 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to Apache Struts Components Added vulnerability information to the following apache-struts components: Component ID Name URL 33042 apache-struts http://struts.apache.org 565248 struts2-core https://repo1.maven.org/maven2/org/apache/struts/struts2-core 738786 apache-struts https://github.com/apache/struts 5398957 struts http://struts.apache.org/ Related to Vulnerability CVEs CVE-2023-50164 (https://nvd.nist.gov/vuln/detail/CVE-2023-50164). Issues/Bugs Addressed Issue ID Issue Summary SCA-51793 Addition of vulnerability mappings for Apache struts component for CVE-2023-50164 (https://nvd.nist.gov/vuln/detail/CVE-2023-50164). Updated component/version info for the below components SCA-51532 Addition of new licenses to data library MICROSOFT.WEB.XDT and MICROSOFT ASP.NET SIGNALR and also updating component/version information for Nuget components SCA-51265,  SCA-51033 Updating component/version information for Npmjs/Pypi components. Collector Status Name Date of Last Successful Run npm 12/28/2023 crates 8/25/2022 cpan 12/28/2023 clojars 12/28/2023 rubygems 12/21/2023 maven-google 12/22/2023 cran 12/23/2023 hackage 12/24/2023 packagist 12/24/2023 go 12/27/2023 pypi 12/27/2023 nuget gallery 12/21/2023 maven2-ibiblio 12/06/2023 github 12/27/2023 fedora-koji 12/13/2023 alpine 12/27/2023 gitlab 6/6/2023 debian 12/25/2023 Changes in Update Released on 28-November-2023 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-48882 Addition of Cocoapods forge to our list of forge collection SCA-51152 Addition of new component detection capability for the component NTAP/Quant New Component Detection Rules NTAP/Quant Collector Status Name Date of Last Successful Run npm 8/15/2023 crates 8/25/2022 cpan 11/16/2023 clojars 11/16/2023 rubygems 11/16/2023 maven-google 11/17/2023 cran 11/18/2023 hackage 11/19/2023 packagist 11/19/2023 go 11/17/2023 pypi 11/13/2023 nuget gallery 11/09/2023 maven2-ibiblio 11/23/2023 github 11/24/2023 fedora-koji 11/26/2023 alpine 11/15/2023 gitlab 6/6/2023 debian 11/20/2023 Changes in Update Released on 10-November-2023 This update includes the changes described in the following sections. Updates to Apache Activemq Components Added vulnerability information to the following activemq components: Component ID Component Name URL 58129 apache-activemq http://activemq.apache.org/  173954 apache-activemq https://github.com/apache/activemq  573649 activemq-all https://repo1.maven.org/maven2/org/apache/activemq/activemq-all  581532 apache-activemq https://repo1.maven.org/maven2/org/apache/activemq/apache-activemq  596014 activemq-openwire-legacy https://repo1.maven.org/maven2/org/apache/activemq/activemq-openwire-legacy  30391285 activemq https://tracker.debian.org/pkg/activemq  Related to Vulnerability CVEs CVE-2023-46604 (https://nvd.nist.gov/vuln/detail/CVE-2023-46604) Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-50558 License Evidence - "OpenSSL License" Evidence is missing on scanning "attribution-file.zip" file. SCA-38149 Addition of License evidence mechanism and license detection capabilities to licenses like "Sax Public Domain Notice", "The unlicense" etc SCA-50018 Updated license evidence mechanism and license detection capability for "IBM Public License v1.0" as the License evidence was missing on scanning "autoglyph.c" file Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: Sax Public Domain Notice University of Illinois/NCSA Open Source License The Unlicense Vovida Software License v1.0 W3C Software Notice and License (2002-12-31) X.Net  License XFree86 License 1.1 Zend License v2.0 Zope Public License 1.1 Zope Public License 2.0 Zope Public License 2.1 Collector Status Name Date of Last Successful Run npm 8/15/2023 crates 8/25/2022 cpan 11/02/2023 clojars 11/09/2023 rubygems 11/02/2023 maven-google 11/03/2023 cran 11/04/2023 hackage 11/05/2023 packagist 11/05/2023 go 11/06/2023 pypi 11/06/2023 nuget gallery 11/02/2023 maven2-ibiblio 11/01/2023 github 11/08/2023 fedora-koji 11/03/2023 alpine 11/08/2023 gitlab 6/6/2023 debian 11/06/2023 Changes in Update Released on 27-October-2023 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-50609 Resolved False Positive vulnerabilities being detected for Component ckan (Id: 21948217) with version 0.6 (Id: 117793043). SCA-49864 Addition of vulnerability mappings to Chart.js 1.0.2 for CVE-2020-7746 SCA-49752 Enhanced the Debian collector to collect more packages from different folders like non-free, non-free-firmware, contrib SCA-48039 Resolved False Positive vulnerabilities for components like "bootstrap" and "commons-collections" Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: Reciprocal Public License 1.1 Reciprocal Public License 1.5 Red Hat eCos Public License v1.1 SGI Free Software License B v1.0 SGI Free Software License B v1.1 SGI Free Software License B v2.0 SHL-2.0 SHL-2.1 SWI-exception Swift-exception Universal-FOSS-exception-1.0 vsftpd-openssl-exception Autoconf-exception-generic Autoconf-exception-macro Asterisk-exception cryptsetup-OpenSSL-exception LLGPL OCaml-LGPL-linking-exception PS-or-PDF-font-exception-20170817 QPL-1.0-INRIA-2004-exception GNAT-exception x11vnc-openssl-exception Qt-GPL-exception-1.0 Qt-LGPL-exception-1.1 Collector Status Name Date of Last Successful Run npm 8/15/2023 crates 8/25/2022 cpan 10/19/2023 clojars 10/19/2023 rubygems 10/19/2023 maven-google 10/13/2023 cran 10/21/2023 hackage 10/22/2023 packagist 10/22/2023 go 10/23/2023 pypi 10/16/2023 nuget gallery 10/15/2023 maven2-ibiblio 9/27/2023 github 10/23/2023 fedora-koji 10/20/2023 alpine 10/18/2023 gitlab 6/6/2023 debian 10/23/2023 Changes in Mini Update Released on 13-October-2023 This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE. This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-50859 Addition of vulnerabilities "CVE-2023-38545" and "CVE-2023-38546" to curl/libcurl and related components Updates to Curl and Libcurl Components Added vulnerability information to the following Curl/Libcurl components: Component ID Component Name URL 372 curl https://sourceforge.net/projects/curl 63745 libcurl https://directory.fsf.org/wiki?title=Libcurl&oldid=416  5400074 libcurl http://curl.haxx.se/ 5406656 curl http://curl.haxx.se/  7466892 curl http://curl.haxx.se  12395199 curl-curl https://github.com/curl/curl 12960352 curl https://directory.fsf.org/wiki?title=Curl&oldid=17934 27213212 curl https://koji.fedoraproject.org/koji/packageinfo?packageID=curl 29960949 libcurl https://pkgs.alpinelinux.org/package/v3.18/main/x86_64/libcurl  29968624 curl https://pkgs.alpinelinux.org/package/v3.18/main/x86_64/curl 30362751 curl https://tracker.debian.org/pkg/curl 22012687 pycurl https://pypi.org/pypi/pycurl  4595372 pycurl-pycurl https://github.com/pycurl/pycurl  8180 pycurl https://sourceforge.net/projects/pycurl  21868341 pycurl https://directory.fsf.org/wiki?title=PycURL&oldid=2278  3518205 curl https://www.nuget.org/packages/curl 22329315 curl-vc140-static-32_64 https://www.nuget.org/packages/curl-vc140-static-32_64    Related to vulnerability CVEs: CVE - 2023-38545 (https://nvd.nist.gov/vuln/detail/CVE-2023-38545) CVE - 2023-38546 (https://nvd.nist.gov/vuln/detail/CVE-2023-38546) Issue ID Issue Summary SCA-50859 Addition of vulnerabilities "CVE-2023-38545" and "CVE-2023-38546" to curl/libcurl and related components Changes in Update Released on 14-September-2023 This update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-49924 Enhanced the SPDX collector to collect license exceptions from spdx.org and add to our data library. SCA-49081, SCA-49078 Added License detection capability and license evidence mechanism (licenses mentioned below) SCA-48734 Updated version for Npm component content-type (https://www.npmjs.com/package/content-type) and license information for nuget component castle.core (https://www.nuget.org/packages/Castle.Core) Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: i2p-gpl-java-exception u-boot-exception-2.0 Qwt-exception-1.0 Linux-syscall-note LLVM-exception LZMA-exception mif-exception OCCT-exception-1.0 OpenJDK-assembly-exception-1.0 openvpn-openssl-exception WxWindows-exception-3.1 DigiRule-FOSS-exception eCos-exception-2.0 Fawkes-Runtime-exception FLTK-exception< Font-exception-2.0 freertos-exception-2.0 GCC-exception-2.0 GCC-exception-3.1 gnu-javamail-exception Libtool Exception GPL-3.0-interface-exception GPL-3.0-linking-exception GPL-3.0-linking-source-exception GPL-CC-1.0 GStreamer-exception-2005 GStreamer-exception-2008 KiCad-libraries-exception LGPL-3.0-linking-exception libpri-OpenH323-exception SHL-2.0 SHL-2.1 SWI-exception Swift-exception Universal-FOSS-exception-1.0 vsftpd-openssl-exception Autoconf-exception-generic Autoconf-exception-macro Asterisk-exception cryptsetup-OpenSSL-exception Collector Status Name Date of Last Successful Run npm 8/15/2023 crates 8/25/2022 cpan 9/07/2023 clojars 9/07/2023 rubygems 9/07/2023 maven-google 9/08/2023 cran 9/09/2023 hackage 9/10/2023 packagist 9/10/2023 go 9/11/2023 pypi 9/11/2023 nuget gallery 9/07/2023 maven2-ibiblio 8/30/2023 github 8/25/2023 fedora-koji 9/11/2023 alpine 9/13/2023 gitlab 6/6/2023 debian 9/11/2023 Changes in Update Released on 10-August-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-49244 Detection of OpenSC component. SCA-49077, SCA-49076, SCA-49074, SCA-49072 Added License detection capability and license evidence mechanism. SCA-48974 Alpine Zlib Missing Vulnerability Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: AdaCore-doc Bitstream-Charter Brian-Gladman-3-Clause BSD-4.3RENO BSD-4.3TAHOE CFITSIO checkmk CMU-Mach Cornell-Lossless-JPEG DRL-1.0 FSFULLRWD Graphics-Gems HPND-Markus-Kuhn HPND-export-US IEC-Code-Components-EULA IJG-short JPL-image Kazlib Knuth-CTAN libutil-David-Nugent Linux-syscall-note snprintf Symlinks TPDL TTWL w3m xlock Loop Martin-Birgmeier Minpack MIT-Wu mpi-permissive NICTA-1.0 OFFIS 389-exception Autoconf-exception-2.0 Autoconf-exception-3.0 Bison-exception-2.2 Bootloader-exception Classpath-exception-2.0 CLISP-exception-2.0 New Component Detection Rules OpenSC Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: Zlib (Alpine) Collector Status Name Date of Last Successful Run npm 8/7/2023 crates 8/25/2022 cpan 8/3/2023 clojars 8/3/2023 rubygems 8/3/2023 maven-google 8/4/2023 cran 8/5/2023 hackage 8/6/2023 packagist 8/6/2023 go 8/7/2023 pypi 7/31/2023 nuget gallery 8/1/2023 maven2-ibiblio 6/14/2023 github 7/14/2023 fedora-koji 8/8/2023 alpine 8/2/2023 gitlab 6/6/2023 debian 8/7/2023 Changes in Update Released on 23-June-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44211 Enhancements for License text extraction to improve the Third Party Notices text reports SCA-48496 Fixed the false positive vulnerability CVE-2017-15288 for scala-java8-compat_2.12 SCA-48430 Updated vulnerability information for 7-zip component SCA-44156 License cleanup for Bitstream license in our data library Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: Apache-2.0 Apache-1.0 Nethack General Public License Netizen Open Source License Nokia Open Source License Non-Profit Open Software License 3.0 OCLC Research Public License 2.0 Open Data Commons Open Database License v1.0 Open Data Commons Public Domain Dedication & License 1.0 Open Group Test Suite License Open Public License v1.0 OpenSSL License New Component Detection Rules Lua Linux Kernel Collector Status Name Date of Last Successful Run npm 6/19/2023 crates 8/25/2022 cpan 6/22/2023 clojars 6/15/2023 rubygems 6/15/2023 maven-google 6/15/2023 cran 6/17/2023 hackage 6/18/2023 packagist 6/18/2023 go 6/21/2023 pypi 2/13/2023 nuget gallery 6/1/2023 maven2-ibiblio 6/14/2023 github 6/3/2023 fedora-koji 6/21/2023 alpine 6/21/2023 gitlab 6/6/2023 debian 6/19/2023 Changes in Update Released on 31-May-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-41334 Addition of Debian Packages Collection to our list of forge collections SCA-47928 Extracting License Text from .py files SCA-46100 Adding the missing priority to licenses and updating the incorrect ones in data library SCA-47100 Updated vulnerabilities and versiosn for openssh component Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: libpng License Lucent Public License Version 1.0 Lucent Public License v1.02 Microsoft Public License Microsoft Reciprocal License The MirOS Licence Motosoto License Eurosym License Fair License Frameworx Open License 1.0 FreeBSD Documentation License Freetype Project License gSOAP Public License v1.3b Historical Permission Notice and Disclaimer IBM Public License v1.0 iMatix Standard Function Library Agreement Imlib2 License Collector Status Name Date of Last Successful Run npm 1/31/2023 crates 8/25/2022 cpan 5/25/2023 clojars 5/25/2023 rubygems 5/25/2023 maven-google 5/26/2023 cran 5/27/2023 hackage 5/28/2023 packagist 5/28/2023 go 5/29/2023 pypi 2/13/2023 nuget gallery 4/6/2023 maven2-ibiblio 1/18/2023 github 5/29/2023 fedora-koji 5/25/2023 alpine 5/4/2023 gitlab 5/30/2023 debian 5/4/2023 Changes in Update Released on 04-May-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-47510 Enhancement to Nuget Collector to extract Notices Text from .cpp and .h files. SCA-47790 Updated license mappings, license evidence and license detection capabilities for iText Commercial License related to the component itext7. Collector Status Name Date of Last Successful Run npm 1/31/2023 crates 8/25/2022 cpan 4/6/2023 clojars 2/9/2023 rubygems 4/6/2023 maven-google 4/7/2023 cran 4/8/2023 hackage 4/9/2023 packagist 2/13/2023 go 4/10/2023 pypi 2/13/2023 nuget gallery 4/6/2023 maven2-ibiblio 1/18/2023 github 2/14/2023 fedora-koji 2/13/2023 alpine 4/5/2023 gitlab 11/19/2022 Changes in Update Released on 17-April-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44500 Integration of PURL to collector - Github SCA-46813 Enhancement to Npmjs to extract Notices Text from .mkd file. SCA-47062 Updated vulnerabilities for the component Xstream 1.4.19. SCA-47493 Fixed the false positive license evidences related to Baekmuk License Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: Clarified Artistic License Code Project Open License 1.02 Common Development and Distribution License 1.0 Common Development and Distribution License 1.1 Common Public Attribution License 1.0 Common Public License 1.0 Computer Associates Trusted Open Source License 1.1 Condor Public License v1.1 LaTeX Project Public License v1.0 LaTeX Project Public License v1.1 LaTeX Project Public License v1.2 LaTeX Project Public License v1.3a LaTeX Project Public License v1.3c New/Update Component Requests microsoft-sql-server-2017-reporting-services microsoft-sql-server-2019-reporting-services microsoft-sql-server-2022-reporting-services Windows 10 SDK Collector Status Name Date of Last Successful Run crates 8/25/2022 gitlab 11/19/2022 maven2-ibiblio 01/10/2022 go 04/10/2023 cpan 04/06/2023 fedora-koji 02/13/2023 clojars 02/09/2023 rubygems 04/06/2023 maven-google 04/07/2023 cran 04/08/2023 hackage 04/09/2023 packagist 02/05/2023 npm 1/31/2023 nuget gallery 04/06/2023 alpine 04/05/2023 pypi 02/13/2023 github 02/14/2023 Changes in Update Released on 24-March-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44498, SCA-44503, SCA-45457 Integration of PURL to Alpine, Rubygems, Go in the data library SCA-46214 Generic Mapper is an addition to our vulnerability mappers . This is an enhancement to the existing NPMJS mapper to include Maven and Packagist and make it a generic one. Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: 3dfx Glide License Academic Free License v1.1 Academic Free License v1.2 Academic Free License v2.0 Academic Free License v2.1 Academic Free License v3.0 Adaptive Public License 1.0 Adobe Systems Incorporated Source Code License Agreement Giftware License Adobe Glyph List License Apple Public Source License 1.0 Apple Public Source License 1.1 Apple Public Source License 1.2 Apple Public Source License 2.0 Artistic License 1.0 Artistic License 2.0 Beerware License eCos license version 2.0 Educational Community License v1.0 Educational Community License v2.0 Educational Community License v2.0 Attribution Assurance License Apache License 1.0 Apache License 1.1 Apache License 2.0 Eiffel Forum License v1.0 Eiffel Forum License v2.0 Amazon Digital Services License ANTLR Software Rights Notice ANTLR Software Rights Notice with license fallback Adobe Postscript AFM License Collector Status Name Date of Last Successful Run npm 1/31/2023 crates 8/25/2022 cpan 3/23/2023 clojars 2/9/2023 rubygems 3/23/2023 maven-google 2/10/2023 cran 3/18/2023 hackage 2/12/2023 packagist 2/5/2023 go 3/24/2023 pypi 2/13/2023 nuget gallery 3/16/2023 maven2-ibiblio 1/18/2023 github 2/14/2023 fedora-koji 2/13/2023 alpine 3/22/2023 gitlab 11/19/2022 Changes in Update Released on 10-March-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44820 NPM Notices Text: Fixing the Missing release_license_text mappings for Npm components SCA-46203, SCA-44502 Integration of PURL to the collectors Npmjs and Nuget SCA-47061 Addition of cocoapods forge to our data library SCA-46161, SCA-46144, SCA-42593, SCA-46477 Fixed false positive vulnerabilities for components like android-json, prometheus_client 0.15.0, jqueryui, Microsoft Reportviewer and Microsoft vcruntime etc. Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: Sendmail SISSL SISSL-1.2 SMLNJ SMPPL SNIA Spencer-86 Spencer-94 Spencer-99 TCL TCP-wrappers TORQUE-1.1 TOSL u-boot-exception-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 VOSTROM W3C-20150513 W3C-19980720 Wsuipa WTFPL X11 Xerox Xpp XSkat Zed Zimbra-1.4 Zimbra-1.3 zlib-acknowledgement zlib UCL-1.0 SSPL-1.0 SHL-0.5 SHL-0.51 Sendmail-8.23 PSF-2.0 TAPR-OHL-1.0 PolyForm-Small-Business-1.0.0 PolyForm-Noncommercial-1.0.0 Parity-7.0.0 Parity-6.0.0 OGL-UK-1.0 OGL-UK-2.0 OGL-UK-3.0 OGL-Canada-2.0 OGDL-Taiwan-1.0 TU-Berlin-1.0 TU-Berlin-2.0 SSH-OpenSSH SSH-short Collector Status Name Date of Last Successful Run npm 1/31/2023 crates 8/25/2022 cpan 2/9/2023 clojars 2/9/2023 rubygems 2/10/2023 maven-google 2/10/2023 cran 2/11/2023 hackage 2/12/2023 packagist 2/13/2023 go 2/14/2023 pypi 2/15/2023 nuget gallery 2/15/2023 maven2-ibiblio 1/18/2023 github 2/15/2023 fedora-koji 2/15/2023 alpine 2/15/2023 gitlab 11/19/2022 Changes in Update Released on 24-February-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-46545 Update License URL of OpenPBS License v2.3 in the data library SCA-44499 Integration of Purl to Cran collector Collector Status Name Date of Last Successful Run gitlab 11/19/2022 npm 1/31/2023 crates 8/25/2022 cpan 2/9/2023 clojars 2/9/2023 rubygems 2/10/2023 maven-google 2/10/2023 cran 2/11/2023 hackage 2/12/2023 packagist 2/13/2023 go 2/14/2023 alpine 2/15/2023 fedora-koji 2/15/2023 pypi 2/15/2023 github 2/15/2023 nuget gallery 2/15/2023 maven2-ibiblio 1/18/2023 Changes in Update Released on 20-February-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to OpenSSL Component Added vulnerability information to the following openSSL components: openssl(id: 58316) - https://www.openssl.org openssl-openssl (id: 416271) - https://github.com/openssl/openssl openssl (id: 27181269) - https://koji.fedoraproject.org/koji/packageinfo?packageID=openssl Related to Vulnerability CVEs: CVE-2023-0286 (https://nvd.nist.gov/vuln/detail/CVE-2023-0286) CVE-2022-4304 (https://nvd.nist.gov/vuln/detail/CVE-2022-4304) CVE-2023-0215 (https://nvd.nist.gov/vuln/detail/CVE-2023-0215) CVE-2022-4450 (https://nvd.nist.gov/vuln/detail/CVE-2022-4450) CVE-2023-0216 (https://nvd.nist.gov/vuln/detail/CVE-2023-0216) CVE-2023-0217 (https://nvd.nist.gov/vuln/detail/CVE-2023-0217) CVE-2023-0401 (https://nvd.nist.gov/vuln/detail/CVE-2023-0401)   Issue ID Issue Summary SCA-45980 Review and add the license priority for "commercial license" in licenses table Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: PostgreSQL psfrag psutils Qhull QPL-1.0 Rdisc RSA-MD Saxpath SCEA New/Update Component Requests krig-parallax inuitcss-generic.normalize Collector Status Name Date of Last Successful Run gitlab 11/19/2022 maven2-ibiblio 1/18/2023 alpine 2/8/2023 npm 1/31/2023 crates 8/25/2022 cpan 2/9/2023 clojars 2/9/2023 rubygems 2/10/2023 maven-google 2/10/2023 cran 2/11/2023 hackage 2/12/2023 fedora-koji 2/12/2023 packagist 2/13/2023 go 2/14/2023 pypi 2/15/2023 github 2/15/2023 nuget gallery 2/15/2023 Changes in Update Released on 30-January-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-45333 SPDX Collector: Populate license_attribute values for all the licenses Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: NetCDF Newsletr NLOD-1.0 NLOD-2.0 NLPL OLDAP-1.1 OLDAP-1.2 OLDAP-1.3 OLDAP-1.4 OLDAP-2.0 OLDAP-2.0.1 OLDAP-2.1 OLDAP-2.2 OLDAP-2.2.1 OLDAP-2.2.2 OLDAP-2.4 OLDAP-2.5 OLDAP-2.6 OLDAP-2.7 Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: Tcexam Collector Status Name Date of Last Successful Run crates 8/25/2022 gitlab 11/19/2022 maven2-ibiblio 1/18/2023 go 1/23/2023 cpan 1/19/2023 fedora-koji 1/23/2023 clojars 1/19/2023 rubygems 1/20/2023 maven-google 1/20/2023 cran 1/21/2023 hackage 1/22/2023 packagist 1/23/2023 npm 1/23/2023 nuget gallery 1/18/2023 alpine 1/18/2023 pypi 1/18/2023 github 1/23/2023 Changes in Update Released on 12-January-2023 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-45214 Fixed missing vulnerability issue for component dom4j SCA-44820 Fixed the missing release_license_text mappings for Npm components Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: MITNFA mpich2 MTLL Mup NBPL-1.0 OSET-PL-2.1 Plexus Artistic-1.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-2.0 Noweb NRL Nunit OCCT-PL OML New/Update Component Requests Microsoft Capicom Microsoft Enterprise Library 5 Microsoft .NET Framework Collector Status Name Date of Last Successful Run crates 8/25/2022 gitlab 11/19/2022 maven2-ibiblio 12/22/2022 go 1/4/2023 cpan 1/5/2023 fedora-koji 1/5/2023 clojars 1/5/2023 rubygems 1/6/2023 maven-google 1/6/2023 cran 1/7/2023 hackage 1/8/2023 packagist 1/9/2023 npm 1/10/2023 nuget gallery 1/10/2023 alpine 1/11/2023 pypi 1/11/2023 github 1/11/2023 Changes in Update Released on 22-December-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44946 Nuget version level licenses - Support for new licenses SCA-44702 Update the Component versions for nvuillam-npm-groovy-lint Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: Leptonica LGPLLR libtiff LiLiQ-P-1.1 LiLiQ-Rplus-1.1 LiLiQ-R-1.1 MakeIndex Net-SNMP Collector Status Name Date of Last Successful Run crates 8/25/2022 gitlab 11/19/2022 cpan 12/15/2022 clojars 12/15/2022 rubygems 12/16/2022 maven-google 12/16/2022 cran 12/17/2022 hackage 12/18/2022 packagist 12/19/2022 alpine 12/21/2022 fedora-koji 12/21/2022 npm 12/21/2022 pypi 12/21/2022 nuget gallery 12/21/2022 go 12/22/2022 github 12/22/2022 maven2-ibiblio 12/22/2022 Changes in Update Released on 08-December-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44052 Added Spice Software License and detection rules. SCA-43599 Nuget Collector: Enhancement to collect version level licenses. SCA-44396 Invalid URL's in the description for some of the components. SCA-44439 Alpine Collector Enhancements - Version Level Date Enhancements. SCA-44438 Alpine Collector Enhancements - RepoURL Enhancements. Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: ICU ImageMagick Intel-ACPI Interbase-1.0 JasPer-2.0 LAL-1.2 LAL-1.3 GL2PS Glulxe Gnuplot FSFUL HaskellReport IBM-pibs Latex2e New/Update Component Requests None Collector Status Name Date of Last Successful Run crates 8/25/2022 npm 12/08/2022 pypi 10/18/2022 alpine 11/30/2022 gitlab 11/19/2022 cpan 12/08/2022 rubygems 12/08/2022 clojars 12/08/2022 github 12/07/2022 maven-google 12/02/2022 fedora-koji 12/07/2022 cran 12/03/2022 nuget gallery 12/01/2022 hackage 12/04/2022 packagist 12/04/2022 go 12/07/2022 maven2-ibiblio 11/28/2022 Changes in Update Released on 29-November-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44021 Addition of Go vulnerability mapper to the list of our automated vulnerability mappers SCA-44283 Added the license Microsoft .Net Compiler Platform Redistributable Packages Preview to the data library SCA-44290 Updated the invalid urls of few Go forge components like Alamofire/AlamofireImage, BoltsFramework/Bolts-Swift and bitstadium/hockeykit. SCA-44376 Updating license information for the components jquery (id: 3526090) SCA-44397, SCA-43635 Fixed false positive vulnerability for the components like system.threading.tasks nuget package and MySQL NPM module. Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: Qt-GPL-exception-1.0.txt SchemeReport.txt SWL.txt Universal-FOSS-exception-1.0.txt X11-distribute-modifications-variant.txt XSkat.txt CECILL-1.0 CECILL-1.1 CECILL-2.0 CECILL-2.1 CECILL-B CECILL-C MPL-1.0 MPL-1.1 MPL-2.0 MPL-2.0-no-copyleft-exception NPL-1.0 NPL-1.1 MIT License MIT-open-group X11 X11-distribute-modifications-variant XSkat SWL SchemeReport New/Update Component Requests XIPH Flac XORG XServer Collector Status Name Date of Last Successful Run crates 8/25/2022 npm 10/11/2022 pypi 10/18/2022 alpine 11/8/2022 gitlab 11/19/2022 cpan 11/24/2022 rubygems 11/24/2022 clojars 11/24/2022 github 11/24/2022 maven-google 11/25/2022 fedora-koji 11/26/2022 cran 11/26/2022 nuget gallery 11/26/2022 hackage 11/27/2022 packagist 11/28/2022 go 11/28/2022 maven2-ibiblio 11/28/2022 Changes in Update Released on 11-November-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-44237 Addition of missing vulnerabilities for junit(componentId: 437385) SCA-44183 Addition of missing vulnerabilities for xercesimpl and spring-data-mongodb SCA-44075 Update license text for the license Microsoft .NET Library License SCA-44065 Fixing license evidences for net-tools component SCA-41333 Addition of Alpine forge to list of our forge data collection Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: mplus.txt MulanPSL-1.0.txt MulanPSL-2.0.txt NAIST-2003.txt NCGL-UK-2.0.txt NIST-PD-fallback.txt NIST-PD.txt NTP-0.txt O-UDA-1.0.txt ODC-By-1.0.txt OpenJDK-assembly-exception-1.0.txt OPUBL-1.0.txt MIT-0 MIT-CMU MIT-enna MIT-feh MIT-Modern-Variant.txt MIT-open-group.txt New/Update Component Requests Google Play Services Android android-support-library-v13 TrafficWatcher ata-project Telerik UI for ASP.NET MVC Components Microsoft.Data.SqlClient.SNI.runtime microsoft.aspnet.webapi.tracing Microsoft SQL Server Compact 3.5 Service Pack 2 Collector Status Name Date of Last Successful Run alpine 11/8/2022 crates 8/25/2022 npm 10/11/2022 pypi 10/18/2022 cran 10/22/2022 maven2-ibiblio 10/27/2022 clojars 11/3/2022 rubygems 11/3/2022 maven-google 11/4/2022 cpan 11/4/2022 nuget gallery 11/5/2022 hackage 11/6/2022 packagist 11/7/2022 go 11/9/2022 github 11/9/2022 gitlab 11/9/2022 fedora-koji 11/10/2022 Changes in Mini Update Released on 02-November-2022 This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE. This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to OpenSSL Component Added vulnerability information to the following openSSL components: openssl(id: 58316) - https://www.openssl.org openssl-openssl (id: 416271) - https://github.com/openssl/openssl openssl (id: 27181269) - https://koji.fedoraproject.org/koji/packageinfo?packageID=openssl Related to vulnerability CVEs: CVE - 2022-3786 (https://nvd.nist.gov/vuln/detail/CVE-2022-3786 ) CVE - 2022-3602 (https://nvd.nist.gov/vuln/detail/CVE-2022-3602 )   Issue ID Issue Summary SCA-44311 Addition of new vulnerabilities related to OpenSSL component Changes in Mini Update Released on 21-October-2022 This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE. This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to Apache Commons Text Component Added vulnerability information to the apache-commons-text component (https://github.com/apache/commons-text ) related to vulnerability cve CVE-2022-42889 (https://nvd.nist.gov/vuln/detail/CVE-2022-42889 ) Issue ID Issue Summary SCA-44223 Mapping new vulnerability CVE-2022-42889 to the component apache-commons-text Changes in Update Released on 18-October-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-43662 Addition of latest versions for the component Akka SCA-43253 Fixing the version information for the component https://github.com/Sequel-Ace/Sequel-Ace. SCA-42544 Fixing false positive vulnerabilities for the component jquery UI Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: CERN-OHL-1.1.txt CERN-OHL-1.2.txt CERN-OHL-P-2.0.txt CERN-OHL-S-2.0.txt CERN-OHL-W-2.0.txt CC-BY-3.0-AT.txt CC-BY-3.0-DE.txt CC-BY-3.0-NL.txt CC-BY-NC-3.0-DE.txt CC-BY-NC-ND-3.0-DE.txt CC-BY-NC-SA-2.0-FR.txt CC-BY-NC-SA-3.0-DE.txt CC-BY-ND-3.0-DE.txt CC-BY-SA-2.1-JP.txt CC-BY-SA-3.0-AT.txt CC-BY-SA-3.0-DE.txt CDLA-Permissive-2.0.txt COIL-1.0.txt DL-DE-BY-2.0.txt FDK-AAC.txt Jam.txt Linux-man-pages-copyleft.txt KiCad-libraries-exception.txt New/Update Component Requests zyantific/zycore-c New Component Detection Rules aide/aide Collector Status Name Date of Last Successful Run gitlab 8/5/2022 crates 8/25/2022 hackage 10/9/2022 maven2-ibiblio 10/10/2022 npm 10/11/2022 pypi 10/12/2022 clojars 10/13/2022 cpan 10/13/2022 rubygems 10/13/2022 maven-google 10/14/2022 fedora-koji 10/14/2022 cran 10/15/2022 go 10/17/2022 github 10/17/2022 nuget gallery 10/17/2022 packagist 10/17/2022 Changes in Update Released on 23-September-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-43521 Fixed false positives in license detection and license evidence mechanism for licenses like 0BSD, ISC and MIT. SCA-42852 Updated version information for NPMJS components like @aws-sdk/client-dynamodb and @aws-sdk/client-dynamodb-streams Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: atomic crypto-utils fedmsg fedora-arm-installer python-fedora sectool coolkey sssd anaconda newsx rpmdevtools cronie Collector Status Name Date of Last Successful Run gitlab 8/5/2022 crates 8/25/2022 clojars 9/15/2022 maven2-ibiblio 9/15/2022 cpan 9/15/2022 rubygems 9/15/2022 maven-google 9/16/2022 cran 9/17/2022 nuget gallery 9/18/2022 hackage 9/18/2022 packagist 9/18/2022 npm 9/20/2022 go 9/21/2022 pypi 9/21/2022 github 9/21/2022 fedora-koji 9/21/2022 Changes in Mini Update Released on 13-September-2022 This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE. This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to commons_configuration2 Component Added vulnerability information to the commons_configuration2 maven component (https://mvnrepository.com/artifact/org.apache.commons/commons-configuration2 ) related to vulnerability cves, CVE-2022-33980 (https://nvd.nist.gov/vuln/detail/CVE-2022-33980 ) CVE-2020-1953 (https://nvd.nist.gov/vuln/detail/CVE-2020-1953) Issue ID Issue Summary SCA-43592 Missing vulnerability CVE-2022-33980 for the component commons_configuration2 SCA-43114 Updating component information for components like entityframework, mailbee.net and microsoft.sqlserver.sqlmanagementobjects. Changes in Update Released on 09-September-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-43115 Addition of new licenses to reflib like AfterLogic Software License Agreement , Entity Framework 5.0 For Microsoft Windows Operating System and Microsoft SQL SERVER 2017 Shared Management Objects. Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: EPICS.txt etalab-2.0.txt copyleft-next-0.3.0.txt copyleft-next-0.3.1.txt GD.txt GLWTPL.txt Hippocratic-2.1.txt HPND-sell-variant.txt HTMLTIDY.txt JPNIC.txt libpng-2.0.txt libselinux-1.0.txt Linux-OpenIB.txt Collector Status < Name Date of Last Successful Run gitlab 8/5/2022 maven2-ibiblio 8/22/2022 clojars 9/1/2022 crates 8/25/2022 cpan 9/1/2022 rubygems 9/1/2022 maven-google 9/2/2022 hackage 9/4/2022 nuget gallery 9/5/2022 packagist 9/5/2022 go 9/6/2022 pypi 9/6/2022 cran 9/7/2022 github 9/7/2022 fedora-koji 9/7/2022 npm 9/7/2022 Changes in Update Released on 29-August-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-42217 BSD 3-Clause license text not detected SCA-43300 Fixed license detection and license evidence mechanism for dvipdfm license to avoid false positives Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: 0BSD BSD-1-Clause BSD-3-Clause-Modification BSD-3-Clause-No-Military-License BSD-3-Clause-Open-MPI.txt New/Update Component Requests jridgewell/gen-mapping jridgewell/set-array jridgewell/sourcemap-codec CPUID CPU-Z get-image-file-type-programmatically-in-swift swift-5-4-hex-to-nscolor SNMP++ API supports-preserve-symlinks-flag Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: bwm-ng mattermost_server snipe-it cgal caldera-forms Collector Status < Name Date of Last Successful Run fedora-koji 8/2/2022 gitlab 8/5/2022 cpan 8/18/2022 rubygems 8/18/2022 maven-google 8/19/2022 cran 8/20/2022 nuget gallery 8/21/2022 hackage 8/21/2022 maven2-ibiblio 8/22/2022 packagist 8/22/2022 go 8/23/2022 github 8/24/2022 crates 8/24/2022 npm 8/24/2022 clojars 8/25/2022 pypi 8/26/2022 Changes in Update Released on 12-August-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-42725 Fixed False positive vulnerabilities related to SQL Lite SCA-31133 Addition of Nuget vulnerability mapper to the list of vulnerability mappers SCA-42767 Updated license information for the components datatables-fixedcolumns and datatables-tabletools in our data library SCA-43007 GNU Library General Public License v2 or later (LGPL-2.0-or-later) License Evidence is not being detected for gettext.c file Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for the following components was updated/added: LGPL-2.0-or-later SPDX licenses with additional clauses App-s2p Baekmuk blessing BlueOak-1.0.0 C-UDA-1.0 New/Update Component Requests FixedColumns Autofill Tabletools New Component Detection Rules Tabletools.js and Tabletools.min.js FixedColumns.js and FixedColumns.min.js Collector Status Name Date of Last Successful Run maven2-ibiblio 7/28/2022 fedora-koji 8/2/2022 clojars 8/4/2022 cpan 8/4/2022 rubygems 8/4/2022 maven-google 8/5/2022 gitlab 8/5/2022 cran 8/6/2022 nuget gallery 8/6/2022 hackage 8/7/2022 packagist 8/8/2022 go 8/9/2022 pypi 8/10/2022 github 8/10/2022 crates 8/10/2022 npm 8/10/2022 Changes in Update Released on 18-July-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: GPL-AGPL-LGPL License Cleanup There are three issues we are addressing as part of this GPL-AGPL-LGPL License data cleanup project: Example: jquery 6.2.0 (GPL-1.0) Here GPL-1.0 is the license with the short name associated with the component jquery. 1. Short Name Change When a particular license short name is changed and released as part of an electronic update, the short name is not automatically propagated to the inventory items with that selected license. For example, when we change the short name of license id 343 from "GPL-1.0” to “GPL-1.0-only” in an electronic update, the existing inventory items names with that selected license will not be updated. 2. Component to License Mapping Change When the component to license mapping is changed, let’s say jquery is mapped with "Apache-2.0" in the electronic update, then this new mapping wouldn’t be propagated to existing inventory items. This results in inconsistency between the license mapping, existing inventory items, and future inventory items using the new license mapping. 3. Duplicate entry cleanup After running the cleanup scripts, there are possibility of having duplicate entries for the licenses which had mappings in component table and versions table. In our case, we have mappings for 3 licenses, i.e LGPL-2.1-or-later(License_id=704), AGPL-1.0-only(License_id=1654) and AGPL-3.0-only(License_id=229). Note: Around 16 GPL-AGPL-LGPL related licenses are updated and workaround has been provided for necessary scenarios. Please refer the article on GPL-LGPL-AGPL License Cleanup for detailed information and workarounds: https://community.flexera.com/t5/Code-Insight-Knowledge-Base/Code-Insight-GPL-LGPL-AGPL-License-Data-Cleanup-Project/ta-p/240679 Issue ID Issue Summary SCA-40135 Updating the GPL related licenses in the data library according to SPDX SCA-40180, SCA-41672 Preparation of scripts related to changes made to GPL, LGPL and AGPL licenses. SCA-42149 Updated version information for the component minimist. Enhanced License Detection Capability for Components License detection capability and license evidence mechanism for GPL-LGPL-AGPL related licenses (part of GPL-AGPL-LGPL license cleanup activity) was updated/added for the following components: AGPL-1.0-only AGPL-1.0-or-later AGPL-3.0-only AGPL-3.0-or-later GPL-1.0-only GPL-1.0-or-later GPL-2.0-only GPL-2.0-or-later GPL-3.0-only GPL-3.0-or-later LGPL-2.0-only LGPL-2.0-or-later LGPL-2.1-only LGPL-2.1-or-later LGPL-3.0-only LGPL-3.0-or-later Collector Status Name Date of Last Successful Run gitlab 5/13/2022 maven2-ibiblio 6/30/2022 nuget gallery 7/4/2022 clojars 7/7/2022 cpan 7/7/2022 rubygems 7/7/2022 cran 7/9/2022 maven-google 7/9/2022 hackage 7/10/2022 packagist 7/11/2022 go 7/12/2022 pypi 7/13/2022 github 7/13/2022 crates 7/13/2022 fedora-koji 7/13/2022 npm 1/30/2022 Changes in Update Released on 07-July-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-42146 Addition of the license EDL 1.0 to PDL. Collector Status Name Date of Last Successful Run gitlab 5/13/2022 npm 1/30/2022 pypi 6/29/2022 crates 6/29/2022 clojars 6/30/2022 maven2-ibiblio 6/30/2022 cpan 6/30/2022 rubygems 6/30/2022 maven-google 7/1/2022 go 7/1/2022 cran 7/2/2022 fedora-koji 7/2/2022 hackage 7/3/2022 github 7/4/2022 nuget gallery 7/4/2022 packagist 7/4/2022 Changes in Mini Update Released on 28-June-2022 This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE. This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to jenkins Component Added the latest vulnerability information for jenkins component (Component id: 191327) related to vulnerability CVE-2022-34175 (https://nvd.nist.gov/vuln/detail/CVE-2022-34175) Issue ID Issue Summary SCA-39993 Miniature PDL package creation and processing in product Changes in Update Released on 15-June-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-40437 Addition of Go Collector to the list of collectors Collected Batch 1- 50000 packages. SCA-42001 Fixed license information for the component 'setuptools'. SCA-42030 Fixed license information for the component 'react-leaflet'. SCA-42040 Fixed license information for the component 'pillow'. SCA-42108 Updated component-version information for the component 'url-parse'. Collector Status Name Date of Last Successful Run gitlab 5/13/2022 crates 5/28/2022 npm 1/30/2022 pypi 6/8/2022 clojars 6/9/2022 cpan 6/9/2022 rubygems 6/10/2022 cran 6/11/2022 maven2-ibiblio 6/11/2022 maven-google 6/11/2022 hackage 6/12/2022 nuget gallery 6/12/2022 packagist 6/13/2022 github 6/14/2022 fedora-koji 6/14/2022 go 6/14/2022 Changes in Update Released on 13-May-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-41730 Addition of vulnerability mappings to zlib component (CVE-2018-25032). Collector Status Name Date of Last Successful Run hackage 5/8/2022 npm 1/30/2022 crates 4/26/2022 clojars 5/5/2022 cpan 5/5/2022 rubygems 5/6/2022 maven-google 5/6/2022 cran 5/7/2022 nuget gallery 5/8/2022 maven2-ibiblio 5/9/2022 packagist 5/10/2022 github 5/11/2022 gitlab 5/11/2022 pypi 5/11/2022 fedora-koji 5/11/2022 Changes in Update Released on 28-Apr-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-41430 Addition and Updating components and license information for components like JakartaFtpWrapper, nsftools.com Standard Disclaimer etc. SCA-41268 Fixed the incorrect license mapping for hibernate-core component. Addition of License Detection Capability and License Evidence Mechanism License detection capability and license evidence mechanism was added for the following licenses: FreeImage freertos-exception-2.0 FSFAP FSFULLR Collector Status Name Date of Last Successful Run hackage 4/24/2022 npm 1/30/2022 maven2-ibiblio 4/12/2022 cpan 4/14/2022 fedora-koji 4/19/2022 rubygems 4/21/2022 cran 4/22/2022 maven-google 4/22/2022 nuget gallery 4/23/2022 crates 4/26/2022 clojars 4/27/2022 github 4/27/2022 packagist 4/27/2022 gitlab 4/27/2022 pypi 4/27/2022 Changes in Update Released on 13-Apr-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to spring-framework Component Added vulnerability information for spring-framework component ( CVE-2022-22950 and CVE-2022-22965). Issue ID Issue Summary SCA-41311 Fix incorrect vulnerability mapping to the component POI. SCA-41305 Addition of vulnerabilities to xmlbeans 2.6.0 component. SCA-41141 Enhancement to collect missing licenses for Pypi components. SCA-40144 Addition of Components from https://gitlab.xiph.org/xiph Changes in Update Released on 25-Mar-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-40941 Update license information for npm component- pixrem. SCA-40777 Map Fair license to "Assert" component. SCA-40872 License information for jquery 1.12.4 - MIT or GPL-2.0 license? Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: jhuisi-charm pear-archive_tar zopefoundation-accesscontrol nextcloud-richdocuments pear-archive_tar 3xxx-engineercms isomorphic-git-isomorphic-git justarchinet-archisteamfarm matanui159-replaysorcery xmldom-xmldom util-linux-util-linux Addition of License Detection Capability and License Evidence Mechanism License detection capability and license evidence mechanism was added for the following licenses: dvipdfm mif-exception eCos-exception-2.0 eGenix EPL-2.0 EUPL-1.2 FLTK-exception Collector Status < Name Date of Last Successful Run packagist 2/27/2022 maven2-ibiblio 3/7/2022 npm 1/30/2022 gitlab 3/8/2022 clojars 3/16/2022 rubygems 3/17/2022 cpan 3/17/2022 cran 3/18/2022 maven-google 3/18/2022 nuget gallery 3/19/2022 hackage 3/20/2022 github 3/22/2022 crates 3/23/2022 pypi 3/23/2022 fedora-koji 3/23/2022 Changes in Update Released on 14-Mar-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-32308 Pypi forge vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. SCA-40984 Fix false positive vulnerabilities for Mono.Cecil Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: glances video.js nukeviet lavalite-cms evolution-cms-evolution flatpress yzmcms elfinder.aspnet Collector Status Name Date of Last Successful Run packagist 2/27/2022 cran 3/4/2022 maven-google 3/5/2022 hackage 3/6/2022 maven2-ibiblio 3/7/2022 nuget gallery 3/7/2022 crates 3/8/2022 npm 1/30/2022 gitlab 3/8/2022 clojars 3/9/2022 pypi 3/9/2022 rubygems 3/10/2022 github 3/10/2022 cpan 3/10/2022 fedora-koji 3/10/2022 Changes in Update Released on 24-Feb-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-40339 Fixed license mappings for hangfire.core nuget component . SCA-40332 Fixed license mappings for microsoft.net.workload.emscripten.manifest nuget component SCA-40215 Fixed false positive CVE for system.threading.tasks.extensions 4.5.4 component Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: stuk-jszip firefly-iii pjsip-pjproject oisf-suricata gitlogplus velociraptor contour stmicroelectronics-stm32cubeh7 mod_auth_openidc New/Update Component Requests Microsoft Infographic Designer Microsoft Advance Card Collector Status Name Date of Last Successful Run npm 12/3/2021 gitlab 1/13/2022 maven2-ibiblio 2/15/2022 rubygems 2/17/2022 cran 2/18/2022 maven-google 2/18/2022 nuget gallery 2/19/2022 hackage 2/20/2022 packagist 2/20/2022 crates 2/22/2022 clojars 2/23/2022 github 2/23/2022 pypi 2/23/2022 fedora-koji 2/23/2022 cpan 2/24/2022 Changes in Update Released on 10-Feb-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-40131 Fixing false positive component_cpe mappings SCA-40004 Fix for "Unable to load or add component version libssh 0.7.3" SCA-39146 GPL 3.0 or later and GPL 3.0 Only - both licenses are reported when the source clearly has only one SPDX ID SCA-38096 Fixing redirecting urls for clojars collector Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: mosquitto lwip folly matio libheif manageiq redis Addition of License Detection Capability and License Evidence Mechanism License detection capability and license evidence mechanism was added for the following licenses: D-FSL-1.0 diffmark DigiRule-FOSS-exception Dotseqn DSDP New/Update Component Requests windowsazure.servicebus microsoft.azure.servicebus.eventprocessorhost mesa sharpmimetools Changes in Update Released on 28-Jan-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: MIT License Cleanup There are two licenses in Code Insight for MIT – MIT License and MIT-Style License. While most licenses declared by open-source developers fall into the MIT License, the MIT-Style License is more of a template license consisting of various ways of how MIT license can be declared. We noticed that the license mapping to majority of components are mapped incorrectly to the MIT-Style License. This is being resolved via an electronic update where the mappings are corrected and for existing projects that need mappings change a script will be provided. Note: Please refer the article on MIT License Cleanup for detailed information and workarounds: https://community.flexera.com/t5/Code-Insight-Knowledge-Base/Code-Insight-MIT-License-Data-Cleanup-Project/ta-p/214451/jump-to/first-unread-message Known issue: A script "MIT-CleanupQueries.sql" is provided which has to be run after the PDL update. This script updates the license names and the incorrect license mappings in the existing system-generated inventories with the updated data changes as mentioned above. There is a known issue for a particular set of inventories which have comma separated license names. This is observed in the inventories generated by AutoWriteup. Ex: jQuery (MIT, MIT License) In this case, the script provided to update the existing inventory names would not work. This causes a duplicate inventory on rescan. The detailed issue description and workaround are provided in the jira: https://jira.flexera.com/browse/SCA-40194 Issue ID Issue Summary SCA-39812 Map vulnerabilities for gnu components SCA-39748 Update version information for pilotmoon-scroll-reverser SCA-38553 License detection XML detects both MIT and MIT-Style as evidence for MIT License SCA-28851 MIT License cleanup: Enhancement to collector level license mappings mechanism to update invalid mappings for MIT and MIT-Style licenses. SCA-28766 Perform entire sequence of MIT License Cleanup-License short_name changes and license remapping at component and version level. Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: Itop Mupdf Anchrome Addition of License Detection Capability and License Evidence Mechanism License detection capability and license evidence mechanism was added for the following licenses: CNRI-Jython CNRI-Python CNRI-Python-GPL-Compatible Crossword CrystalStacker PSF-2.0 Python-2.0 Changes in Update Released on 13-Jan-2022 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to log4j Component Added component detection capabilities to identify log4j components in "ivy.xml". Issue ID Issue Summary SCA-39360 Fixed the license evidence mechanism to eliminate false positive findings. SCA-39579 Addition of gnu vulnerable components to the data library SCA-38160 GNU vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. SCA-38159 Jenkins vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. < Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: xml_database graphhopper Openvswitch-ovs osgeo-gdal unicorn-engine-unicorn open62541-open62541 racket-racket mozilla-geckodriver gnuaspell-aspell libsndfile-libsndfile libarchive matio Addition of License Detection Capability and License Evidence Mechanism License detection capability and license evidence mechanism was added for the following licenses: CC-BY-NC-ND-1.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-4.0 CC-BY-NC-4.0 CC-BY-ND-4.0 CC-BY-SA-4.0 CC-BY-4.0 Cube curl CDLA-Permissive-1.0 CDLA-Sharing-1.0 CECILL-2.1 CLISP-exception-2.0 New Component Requests Windows SDK for Windows Server 2008 and .NET Framework 3.5 Strictly Software htmlencode Changes in Update Released on 23-Dec-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to Apache log4j2 Component Updated vulnerability information for log4j2 component (CVE-2021-44228,CVE-2021-45046,CVE-2021-4104). Updated versions for the log4j2 components. Issue ID Issue Summary SCA-38791 Updated missing vulnerabilities for nuget top 100 component SCA-35846 Enhancements to Nuget Collector for Version-Level License Collection Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: consul uri.js chatwoot bat cgm-remote-monitor connect muwire containerd discourse micronaut gatsby-source-wordpress venus_os Updated Components List world-clock-and-the-timezoneinformation-class Changes in Update Released on 16-Dec-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Updates to Apache log4j2 Component Updated versions for the log4j2 components from different forges like github, maven and fedora. Updated vulnerabilities for log4j2 component (CVE-2021-44228). Issue ID Issue Summary SCA-38864 Analysis & update license for jaxen component. SCA-38669 AutoWriteup Rules: Map licenses to AutoWriteup Rules with no licenses. SCA-38521 Increasing Component CPE mappings in Data Library. SCA-38479 Updated version information for 27208706. SCA-38791 Update missing license for top 100 Nuget components. Addition of Missing Vulnerability Mappings Missing vulnerability mappings for the following components were added: falco manageengine_admanager_plus esp32_firmware libvips-libvips junos rancher sheetjs etherpad stealth Addition of License Detection Capability and License Evidence Mechanism License detection capability and license evidence mechanism was added for the following licenses: bzip2-1.0 bzip2-1.0.5 Caldera BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause-No-Nuclear-License-2014 BSD-3-Clause-No-Nuclear-License BSD-3-Clause-No-Nuclear-Warranty BSD-4-Clause-UC BSD-Protection BSD-1-Clause BSD-Source-Code BSD-2-Clause-Patent BSD-2-Clause-NetBSD BSD-2-Clause-FreeBSD Update Release on 26-Nov-2021 has been postponed This update has been postponed to 9 Dec 2021 due to some technical issues. Changes in Update Released on 11-Nov-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-38476 Add component GenericDataExchangeFrameworkwithAJAX and ASP.NET Outlook-like Time Field to PDL library SCA-38352 Enhancement to license mapping mechanism for Nuget Collector based on License Expression provided by Nuget Rest API SCA-38223 Add missing vulnerability mappings to components like umeditor, thinkcmf, xuperchain, ok-file-formats, radare2-extras, polipo, gthumb. Changes in Update Released on 28-Oct-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: < Issue ID Issue Summary SCA-38246 Add missing versions for openssl, net-snmp and system.data.sqlite components. SCA-38221 Add missing vulnerability mappings to components like varnish_cache, elfinder.net. core, ectouch, is-email, booking_core, wolfssl. SCA-37996 Invalid license for highcharts - npmjs component. SCA-37673 Added license evidence and detection capability for licenses like Bahyph, Barr, Borceux, BSD-1-Clause, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause-Patent, BSD-Source-Code etc. SCA-37671 Added license evidence and detection capability for licenses like 0BSD, 389-exception, Abstyles, Adobe-Glyph, Afmparse, AGPL-1.0, Aladdin, AMDPLPA, AML, AMPAS etc. SCA-37461 Add missing vulnerability mappings to components like delta, xo-server, putil-merge, harmonyos, ant etc. SCA-37459 Add missing vulnerability mappings to components like yop-poll, restsharp, event_streams, sshd, talk, nextcloud_mail, nextcloud, icinga etc. SCA-37348 Github Vulnerabilities mapped to Java components. Changes in Update Released on 18-Oct-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-38185 Fixing invalid versions of lm_sensors. SCA-38030 Update reference to component_mapping.csv to new github.com from git.palamida.com in update service. SCA-37884 Missing vulnerabilities for Valeo. SCA-37758 Adding spdx-license-identifier to the license-detection.xml and license-finder.json. SCA-37658 Update license-names in the license evidence mechanism. SCA-37447 Add missing vulnerabilty mappings to components like retty, everything, brave, node.js, total.js, total4, prismatic. SCA-37442 Add missing vulnerabilty mappings to components like halo, pfsense, exiv2, caldera, jsish, moddable, mujs. SCA-38254 Add license evidence capability for licenses like LLVM-exception,APAFML,Artistic-1.0-cl8,Artistic-1.0-Perl. Changes in Update Released on 01-Oct-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-37896 Validate and update Maven forge details in PDL library. SCA-37837 Add new component ms-intune-app-sdk-android and Microsoft Intune App Software Development Kit For iOS license. SCA-37651 Add Microsoft Windows Driver Kit For Windows 8.1 License and Updated versions for Microsoft windows driver kit. SCA-37604 Update manually maintained component versions. Please refer list below SCA-37376 Add the missing vulnerability mappings for components like cszcms, switch, fortimail, putty, emissary-ingress-emissary. SCA-29724 Enhance License detection for Nuget forge components. SCA-37544 Update versions and vulnerability mappings for oracle-jre component SCA-37449 Add CWEs to PDL library. SCA-38018 Update versions for Google Maven repository components. Updated Components List glibmm24 libsm wpa_supplicant cairo dmidecode chrony libxrandr libice networkmanager gobject-introspection glib-networking dnsmasq mesa elfutils dbus sudo libsoup libtalloc rpm-package-manager PowerTop libldb libxft openssl pygobject3 gnutls libx11 libnl3 tzdata alsa-lib atk libxcb binutils ethtool libfontenc Changes in Update Released on 13-Sep-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-37290 Validate and update invalid versions for kong-insomnia component. SCA-36444 License Finder rules for OGC-1.0,OFL-1.1-RFN. SCA-35816 Addition of Gitlab forge to the list of forge collection. SCA-33593 Enhance license mapping capability for Nuget collector. SCA-31981 Add new non-spdx licenses like Parity Public Licence 3.0,Server Side Public License,Yoctopuce-License,Prosperity Public License,MS-ASP.NET-Web-Pages-2 License,MS-ASP.NET-WOF License to the library . SCA-37371 Mapping the missing vulnerabilty-CVE's for various components like Tinydtls, Misp, Libxml2, Vapor, Grpc_swift, Linuxptp. New Component Detection Rules liblouis Changes in Update Released on 30-Aug-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-35866 Grafana License changed from Apache License 2.0 to AGPL 3.0 from version 8.0. SCA-35970 Data - Vulnerability Dates update. "Publication Date" and 'Modified Date". SCA-36442 License-Finder.json rules for PSF-2.0,Parity-7.0.0,OGL-UK-3.0 etc. SCA-36894 License Mappings for "pylouis" component. SCA-36946 Data: Forge detail is incorrect for log4php component. SCA-37030 False Positive Vulnerabilities for "file - npmjs" component. SCA-37147 Handle URL discrepancies & case sensitive titles for FSF forge. SCA-36815 Mapping of missing CVE's for components like thinksaas, routeros, alpinelinux-aports, gu, sansanyun-mipcms, hnaoyun-pbootcms. SCA-37171 Mapping of missing CVE's for components like wp-plugins-wp-downloadmanager, benmonro-android, johnhaldeman-guarddetap, wp-plugins-cm-download-manager, just-safe-set, members, tizen, webclient, prusa3d-prusaslicer, webclient, webkitgtk. SCA-37176 Mapping of missing CVE's for components like sanos, hyper, server, storage-manager, password-manager, ninjarmm, xevo. SCA-37200 Update right URLs and title for code.google forge components. SCA-37206 Mapping Vulnerability for json-smart-v1 and json-smart-v2. SCA-35877 Updated components having URL discrepancies. Changes in Update Released on 27-Jul-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-35948​ NPMJS: Project Discovery is not Up to date with respect to NPMJS Forge​ SCA-35924 License mapping for the Pypi component "louis" SCA-27819 Fixing nongnu.org 404 URL's SCA-36610 Minio version license mapping SCA-36607​ Grafana version license mapping SCA-36110 Update matplotlib license text SCA-36128 Manual Collector: Kernel: lvm2 versions are wrongly added SCA-35933 False Positive vulnerabilities in mariadb-java-client SCA-35908 Invalid versions for microsoft-azuredatastudio component Changes in Update Released on 24-Jun-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-34531 Update Matplotlib license text to version 3.4.1. SCA-35177 New requests. SCA-34953 Add components & license to reflib. SCA-33894 CVE-2020-11971 associated with wrong components. SCA-29232 Request to add component: logrotate. SCA-30698 License Finder Rules for Matplotlib License. SCA-35286 Unicode Terms of Use license not found in file. SCA-35680 False positive GPL license detected for LGPL license text SCA-25368 Request for identifying SPDX IDs. Changes in Update Released on 11-Jun-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-35178 Add OTN license and map missing license for oracle.manageddataaccess - NuGet Gallery component. SCA-35087 Deprecating invalid versions of Apache projects on github. SCA-35022 SPDX license collection. (Around 87 new licenses). SCA-33894 License Name and SPDX License Name should be the same. SCA-33805 Elastic Kibana: Add License Finder Rules for Elastic License 2.0 SCA-30698 License Finder Rules for Matplotlib License Changes in Update Released on 28-May-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-34581 Add component Microsoft JDBC Driver for SQL Server and licenses. SCA-34431 Deprecating invalid version vulnerability Mapping which are protected SCA-33541 Vulnerabilities for Netmask and PHP git server SCA-33251 Vulnerability Dates: Addition/correction of columns for publication date and last modified date. SCA-30785 SPDX license collection to staging db. (Not yet released). Changes in Update Released on 14-May-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-34508 PYPI URL's format are not consistent throughout in PDL_Component . SCA-34395 False positive vulnerabilities for tomcat components - False PDL Mappings in PDL_COMP_VER_VULNERABILITY SCA-34213 Deprecating the version for Apache project invalid versions-Set2 SCA-33485 The "Visual C++ Redistributable for Visual Studio" component name contains spaces making keyword search difficult SCA-32592 Deprecating the version for Apache project invalid versions. SCA-30879 Linux Kernel versions release which was obsolete by an year and a half. SCA-34289 Libstdcpp component SCA-34183 Add new licenses to license seed and schema. Changes in Update Released on 22-Apr-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-32074 License mismatch for popular components. SCA-31667 License Acronym Data Changes for auto writeup rules. SCA-29799 Inventory created with auto-writeup rules don't create with SPDX license ID SCA-26931 Missing vulnerabilities (CPES with *) and wrong mappings for CPEs with *. New Component Requests lsof(Component ID: 27350567) ntp(Component ID: 207771) libtiff(Component ID:27350365) gtk(Component ID: 27350362) gnome-shell-extensions(Component ID: 27350363) libgpg-error(Component ID: 27350364) dracut(Component ID: 123809) openssl-fips(Component ID: 27350368) lvm2(Component ID: 27350367) kbd(Component ID: 27350366) lzo(Component ID: 63041) treeview-with-columns(Component ID: 27350359) replace-a-windows-internal-scrollbar-with-a-customdraw-scrollbar-control(Component ID: 27350360) step-by-step-calling-c-dlls-from-vc-and-vb-part-1(Component ID: 27350361) strawberry-perl - 27344198) run-postinsts - 27344199) packagegroup-core-boot - 27344200) sha-1-in-C-by-steve-reID: - 27344201) zlib - 27344202) watchdog(Component ID: 5403203) perfmon2(Component ID: 53555) ust(Component ID: 186075) newmat(Component ID: 129995) netbase(Component ID: 207639) xml-pull-parser3(Component ID: 226748) shadow-utils(Component ID: 5403445) lipro-libftdi(Component ID: 7872851) csha1(Component ID: 27341784) timezonemap(Component ID: 27344433) Changes in Update Released on 10-Apr-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-33801 License detection.xml changes for PDL-2021-04-R1 SCA-31855 AutoWriteUp rules having outdated URLs SCA-33557 Adding License - Purdue BSD-Style License SCA-32649 Wrong (and hence fix) DOC Software License name and url SCA-32983 Missing Elastic License for Elastic Kibana New Component Requests File-file (component ID: 3102572) Cquicklist (component ID: 27337962) Nfs-utils (component ID: 27336321) Eglibc (component ID: 27337963) Lcms (component ID: 7597) Ti-rtos-mcu (component ID: 27336320) High-speed-charting-control (component ID: 27330960) Progress-control-with-text (component ID: 27330961) Oscilloscope-stripchart-control (component ID: 27330962) Skinx (component ID: 27330963) Keymaps (component ID: 27333199) Getprimarymacaddress (component ID: 27333200) Sampleds (component ID: 27333201) Microsoft Windows SDK for Windows 7 and .NET Framework 4 (component ID: 27334733) Csha1-a-c-class-implementation-of-the-sha-1-hash-a (component ID: 27334779) Trafficwatcher (component ID: 27334780) Using-colors-in-cedit-and-cstatic (component ID: 27335822) Gnu-which (component ID: 705519) Eclipse-aspectj (component ID: 55748) Changes in Update Released on 25-Mar-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-32971 URL fix for DOC License SCA-32253 Map MICROSOFT SQL SERVER DATA-TIER APPLICATION FRAMEWORK to SQLpackage.commandline SCA-31926 Update the missing license mappings for components-Phase1. SCA-31800 Exception looking up rules' in FNCI Logs New Component Requests mph-2b-damase simpleping twain-developer-toolkit texas-instruments-msp-430-lib-files CppSQLite CStdioFile CTrayIcon CXml CXPGroupBox A class to combine Slider Control and Progress Bar A very simple solution for partial bitmap encryption Adobe InDesign CC SDK libcomposite pango Microsoft Windows Driver Kit - WDK Changes in Update Released between 20-Oct-2020 to 11-Mar-2021 This Update includes the changes described in the following sections. Issues/Bugs Addressed The following issues were addressed in the Update: Issue ID Issue Summary SCA-27739 False Positives when scanned Oracle OpenJDK SCA-28603 Unable to find a component that is identified as first level dependency SCA-26834 Sun (Restricted) and Sun-IP Licenses not detected SCA-29523 License discrepancy for CURL component SCA-27024 Gnutls component missing vulnerabilities, versions and wrong url SCA-30866 Hdf5 license (ID: 1224) is not correct SCA-30797 Incorrect Licensing Detection for Microsoft .Net SCA-30525 Component gpg-gnupg missing encryption flag SCA-27722 Incorrect vulnerabilities matched with component versions for Rust SCA-32271 PDL_VULNERABILITY table is empty in the latest PDL update SCA-33031 BOM: Discrepancies due to search term rule basics-vector New Component Detection Rules Setup.js MD% algorithm class library PhantomJs Cefsharp Virtual-dom v2.1.1 Named-js-regexp MarkupSafe OCHamcrest OCMockito Libsrtp Ans_up HockeySDK Aimage Ua-parser-js v0.7.10. Autofac.Wcf Vector.js Untildify v3.0.2 Post-robot v7.0.15. Axios JSONTestSuite Rpc-server.js New Features incorporated. Issue ID Issue Summary SCA-26848 CVSS 3.1 - Data Collection SCA-26808 Add Vulnerability dates to PDL tables SCA-26181 Component CPE Mapping New Component Requests released. Isc bind Canvas-toblob.js Newrelic.opentracing.amazonlambda.tracer Libepoxy Tags Json.net Jquery-menu-aim-fw Microsoft.appcenter for macos Microsoft.appcenter.analytics for macos Apache-apr Cyan4973-lz4 Gnu-screen Jamesflorentino-nanoscrollerjs Mtd-utils Npth Pam Eeepc-acpi-scripts Sharpziplib Mahapps.metro.simplechildwindow - nuget gallery Wpfnotification - nuget gallery Microsoft-windowsapicodepack-shellextensions - nuget gallery Controlzex/controlzex - github Mahapps.metro.iconpacks - nuget gallery Mvvmlight - nuget gallery Ini-parser - nuget gallery Mahapps/mahapps.metro - github Angular/angular-cli - github System.data.sqlite.core - nuget gallery System.data.sqlite.ef6.migrations - nuget gallery Microsoft asp.net mvc 4 (***deprecated***) Wxwindows library license Wxwidgets Karma-runner karma Openssh - in c Base-passwd Init-ifupdown Procps Binutils 7-zip Kmod Matplotlib Scons - a software construction tool - scons Tagish library Qos-ch-slf4j Flex - lexical scanner generator Application insights persisted http channel Cairo-pixman Flat_hash_map Fontconfig Free type Gnutls library Tianmajs/libm - github Libsoup Microsoft.applicationinsights - nuget gallery Slodge/mvvmcross - github Pdfsharp - nuget gallery Sharppdf Twain data source manager Twain sample data source and application - twain 2.0 sample data source Windows driver kit (wdk) 8.0 samples for visual studio 2012 Microsoft/windows-universal-samples - github Html agility pack Microsoft.extensions.caching.abstractions Microsoft.extensions.caching.memory Microsoft.extensions.dependencyinjection.abstractions Microsoft.extensions.options Microsoft.extensions.primitives Microsoft.netcore.platforms System.componentmodel.annotations System.runtime.compilerservices.unsafe System.security.cryptography.xml Microsoft.owin Microsoft.owin.host.systemweb Microsoft.owin.security Mimemapping Nconfiguration Nlog Nuget.commandline Nunit Restsharp Closedxml Apache cxf buildtools Apache neethi Weblinc-matchmedia Twain/twain-dsm Twain-twain-samples Windows driver kit (wdk) 8.0 samples for visual studio 2012 Changes in Update Released on 20-Oct-2020 This Update includes the changes described in the following sections. Issues Addressed in the 20-Oct-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-28504 Components information SCA-28691 NVD Feed: Upgrading NVD CVE-Feeds APIs (1.0) to NVD CVE-Feeds APIs (1.1) SCA-27621 Difference in vulnerability information for 'expat' and 'libexpat-libexpat' component SCA-28970 NVD-Feed Fix and client release to Codeaware SCA-17974 Duplicate Inventory found for "gettext" and for the duplicate inventory as found license text is wrong SCA-28740 With fresh scan, name of inventory item zlib is changed to madler-zlib in codeinsight 2020R4. SCA-27773 Search terms need to be improved for few components SCA-28288 False Positives for zlib and libjpeg SCA-28508 Components information SCA-22072 Stunnel support in DL SCA-27119 Missing versions SCA-29156 Pycryptodomex missing encryption flag New Component Detection Rules in the 20-Oct-2020 Release This Update introduces new Automated Analysis rules for the following components: Retry.js Jquery-mobile for react Expat (version released 2.2.6) Novell.Directory.ldap Spawn.js Jquery-vsdoc.js CodeMirror NUnit.Framework.dll Rsvp.js Twbs-bootstrap and Mathiasbynens-jquery-placeholder Libwebsockets Globalize 1.1.1 CPU Topology JSON v3.3.0 Pyomo v5.0.1 CPU Topology 1.2.8 Class library Text-markdown Json v2.1.1 V8 Libuv Changes in Update Released on 11-Sep-2020 This Update includes the changes described in the following sections. Issues Addressed in the 11-Sep-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-27585 Add component " History-event"(JQuery.history.js) SCA-27738 URL not working for freetype (Id: 1149) component New Component Detection Rules in the 11-Sep-2020 Release This Update introduces new Automated Analysis rules for the following components: 7za.exe Jazzy D3.js JSQR Doube-conversion HistoryEvent Bind Punycode.js Gaearon-Redux Changes in Update Released on 28-Aug-2020 This Update includes the changes described in the following sections. Issues Addressed in the 28-Aug-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-27456 Missing OSS component-udev SCA-27203 Missing components – bind and jsqr New Component Detection Rules in the 28-Aug-2020 Release This Update introduces new Automated Analysis rules for the following components: Whiskas.py ProtectedData Dmidecode Libsmbios Changes in Update Released on 14-Aug-2020 This Update includes the changes described in the following sections. Issues Addressed in the 14-Aug-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-27191 Add tungsten fabric components to Data Library SCA-27024 Gnutls component missing vulnerabilities, versions and wrong url. SCA-27084 Libtiff license url needs to be updated New Component Detection Rules in the 14-Aug-2020 Release This Update introduces new Automated Analysis rules for the following components: SWIG v3.0.2 VC Redistributable Apple Installer Plugin Appcenter-sdk-apple-3.0.0.tar.gz Code Project - WSE 3 Deployment: MSI and ClickOnce Wdksetup.exe MobileNumericUpDown Apple/cups Mhook GridAnimationDemo Changes in Update Released on 03-Aug-2020 This Update includes the changes described in the following sections. Issues Addressed in the 03-Aug-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-26931 Missing vulnerabilities. SCA-26666 Missing Vulnerabilities for Apache Thrift 0.7.0 New Component Detection Rules in the 03-Aug-2020 Release This Update introduces new Automated Analysis rules for the following components: JQuery Mobile JortSort CLR Security Class library BrockAllenCookieBasedTempdata.dll StackExchange.Redis Readline.js Changes in Update Released on 17-Jul-2020 This Update includes the changes described in the following sections. Issues Addressed in the 17-Jul-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-25108 Detection of xmlbeans 2.6.0 occurs twice SCA-25905 Component system.diagnostics.diagnosticsource has had its license changed for version 4.4 and later SCA-25907 New components added SCA-26134 The component "app.min.js" is incorrectly mapped to the component "App( 62839)" New Component Detection Rules in the 17-Jul-2020 Release This Update introduces new Automated Analysis rules for the following components: Console.js LowPriorityWarning.js Nameddefine.js Prettier.js SQLite DLL Pacman Unicode D3 DES algorithm 5.09 Class library JCanvas Libxslt Node-tmp Libxml2 Changes in Update Released on 30-Jun-2020 This Update includes the changes described in the following sections. Issues Addressed in the 30-Jun-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-25608 component "jodaorg-joda-time" has invalid license in list SCA-25587 Review licenses for timescale DB GitHub components SCA-23003 Collectors for bouncycastle,curl,gnu,haproxy,jquery,kernel,libarchive,libssh, openbsd,openflow,openssl. New Component Detection Rules in the 30-Jun-2020 Release This Update introduces new Automated Analysis rules for the following components: Node-Semver Speex Node-Static node-tree-kill node-winreg node-xml2js Changes in Update Released on 15-Jun-2020 This Update includes the changes described in the following sections. Issues Addressed in the 15-Jun-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-24724 Haproxy component missing 2.0.x versions SCA-25348 Add missing vulnerabilities to u-boot component SCA-25416 Errors in Oracle db during PDL Update SCA-24986 UltrVNC - Missing latest versions and some versions are invalid SCA-20156 Update component 302760 to important = true SCA-22232 Missing component versions SCA-24984 Component versions out of date New Component Detection Rules in the 15-Jun-2020 Release This Update introduces new Automated Analysis rules for the following components: Cross-BrowserSplit. Chromium-Breakpad. Request.js Sauce.js IsEventSupported.js Pubsuffix.js Node-ssl-root-cas(test-tunnel.js) Changes in Update Released on 01-Jun-2020 This Update includes the changes described in the following sections. Issues Addressed in the 01-Jun-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-24867 [Juniper Networks, Inc.] gnu-gcc component is showing invalid versions SCA-25010 AMD: CodeAware Improper Identification of License for JQUERY Component. New Component Detection Rules in the 01-Jun-2020 Release This Update introduces new Automated Analysis rules for the following components: Connect-nocache. typescript.js aphrodite.js Newtonsoft.Json.dll tipsy v1.0.0a(jquery.tipsy.js,tipsy.css). prism.js systemjs Microsoft Ajax Minifier Changes in Update Released on 18-May-2020 This Update includes the changes described in the following sections. Issues Addressed in the 18-May-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-23316 OGIS: License detection is different in CodeAware and Auto-Analysis SCA-22382 OGIS: Request to Add New Components and Versions SCA-24622 Harmonic: stuk-jszip has MIT/GPL Dual License but "Possible Licenses" only show GPL SCA-24711 Citrix: False positives CVEs New Component Detection Rules in the 18-May-2020 Release This Update introduces new Automated Analysis rules for the following components: bootstrap-select.js bootstrap-toggle.min.js React-pull-to-referesh rx.all.js narwhal.js bootstrap-checkbox v1.4.0 IKVM.NET(IKVM.Reflection.dll). Changes in Update Released on 04-May-2020 This Update includes the changes described in the following sections. Issues Addressed in the 04-May-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-22381 Component 'ring' from crates.io forge missing license and encryption flag SCA-22542 Encryption flag not set for 'rust-openssl' component SCA-24708 Incorrect discovery of 'Primefaces-PrimeNG' component New Component Detection Rules in the 04-May-2020 Release This Update introduces new Automated Analysis rules for the following components: jquery.scrollTo-min.js, MatrixMath.js, jQuery.tmpl.js, lws-common.js React Router jsDump Reflect-Metadata NDesk.Options(.dll) MSBuild Community Tasks(.dll) Changes in Update Released on 17-Apr-2020 This Update includes the changes described in the following sections. Issues Addressed in the 17-Apr-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-23823 Few vulnerabilities not reported SCA-24365 Invalid URL for 'lyceum' component SCA-20305 Component 'apache-cordova-plugin-inappbrowser' has incorrect versions SCA-18198 Incorrect vulnerability mapping for 'Docker' component SCA-23837 Added rdklib (pypi) to the library New Component Detection Rules in the 17-Apr-2020 Release This Update introduces new Automated Analysis rules for the following components: webperftest jquery.color.js knockout Irrlicht(.dll file) jQuery(build_markdown.js) React Developer Tools(getReactData.js) moment.js,regex.js, moment-with-locales.js Changes in Update Released on 3-Apr-2020 This Update includes the changes described in the following sections. Issues Addressed in the 3-Apr-2020 Release The following issues were addressed in the Update: Issue ID Issue Summary SCA-22116 Invalid version specified for 'tpm2-tss-engine' SCA-23712 Added 'SunPro' license to the library SCA-22982 Incorrect URLs for few Ibiblio Maven2 components SCA-20314 Licenses are not mapped for latest versions of 'pygresql' component (22014048) SCA-21928 Component 'pycountry-convert' needs to be updated with latest details SCA-19891 Invalid versions associated to the component 'c-ares' SCA-15411 Incorrect details for component 'systemd-systemd' New Component Detection Rules in the 13-Mar-2020 Release This Update introduces new Automated Analysis rules for the following components: vector.js webcomponent.js globalize.js OCMock Bezier-Easing Punycode(.js File) Sphinx StructureMap cors jQuery validation plug-in v1.6 jQuery Easing v1.3
View full article
Summary LLS set up in HTTPS mode is unable to start when an obfuscated keystore password is used in local-configuration.yaml configuration file.  The issue is being observed in LLS 2024.06 version onwards. Symptoms When LLS is configured to run in HTTPS mode with a certificate , the keystore password needs to be passed on to the local configuration.yaml config file. The keystore password can be obfuscated/hashed using the below  java -jar flexnetls.jar -password <password> If the obfuscated keystone password is used on the local-configuration.yaml , the LLS is unable to start or install as a service. The issue occurs in both console mode and running as a service.  Below error is thrown by LLS :  2024-08-06T07:54:55,974Z WARN  - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'undertowServletWebServerFactory' defined in com.flexnet.glservice.UllsConfiguration: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate Steps to Reproduce Produce producer-settings.xml and configure local-configuration.yaml to run LLS in HTTPs mode. Obfuscate the keystore password using java -jar flexnetls.jar -password <password> Use the obfuscated password as the keystore password in the local-configuration.yaml HTTPS in section. Attaching a screenshot of the configuration.   local-configuration.yaml HTTPS-in configuration  Start LLS in console mode or install it as a service. LLS will throw an error of "Unable to start web server"     Workaround Currently workaround for running LLS in HTTPS mode is to use the keystore-password as plaintext and not obfuscated in the local-configuration.yaml config file. example :  keystore-password: keystorepassword start the LLS in console mode or installs as a service.  Otherwise, LLS 2024.05 can be used. Fix Version and Resolution The bug is fixed in the 2024.08 release of LLS. 
View full article
Summary There is an issue where using the LM_A_LINGER attribute on the client side, combined with the TIMEOUT/TIMEOUTALL option in the OPTIONS file on the server side, causes the Vendor Daemon to crash when the server reclaims the license due to the client's inactivity. This issue affects producers using FlexNet Publisher versions 11.19.4.1 up to 11.19.6.0. The article below provides details about the known issue and the available resolution. Symptoms End users may experience frequent license server crashes and attempts to restart if the vendor daemon is configured with the TIMEOUT/TIMEOUTALL option in the OPTIONS file and the client uses the LM_A_LINGER attribute to create a client-side linger. Steps to Reproduce The issue can be observed by following the steps below: 1. Update the value ls_minimum_user_timeout to 90 in lsvendor.c file and build the kit. 2. Create an options file and add TIMEOUTALL=130. 3. Start the server with below license file: SERVER this_host ANY VENDOR <vendor> USE_SERVER #a counted license FEATURE f1 <vendor>1.0 permanent 4 SIGN="CCCCCC" 4. Edit the default lmflex.c file shared in the kit with the below config to create 3 different client applications:  #Client 1: (void)lc_set_attr(lm_job, LM_A_LINGER, (LM_A_VAL_TYPE)700); lc_set_attr(lm_job, LM_A_CHECK_INTERVAL, (LM_A_VAL_TYPE) -1); lc_set_attr(lm_job, LM_A_RETRY_INTERVAL, (LM_A_VAL_TYPE) -1); lc_set_attr(lm_job, LM_A_RETRY_COUNT, (LM_A_VAL_TYPE) -1); #Client 2: (void)lc_set_attr(lm_job, LM_A_LINGER, (LM_A_VAL_TYPE)600); lc_set_attr(lm_job, LM_A_CHECK_INTERVAL, (LM_A_VAL_TYPE) -1); lc_set_attr(lm_job, LM_A_RETRY_INTERVAL, (LM_A_VAL_TYPE) -1); lc_set_attr(lm_job, LM_A_RETRY_COUNT, (LM_A_VAL_TYPE) -1); #Client 3: lc_set_attr(lm_job, LM_A_CHECK_INTERVAL, (LM_A_VAL_TYPE) -1); lc_set_attr(lm_job, LM_A_RETRY_INTERVAL, (LM_A_VAL_TYPE) -1); lc_set_attr(lm_job, LM_A_RETRY_COUNT, (LM_A_VAL_TYPE) -1); #...(Other code here)... sleep(150); getchar(); lc_checkin(lm_job, feature, 0); 5. When the clients are created, run the clients in the following order a -> b -> c and maintain a 1-minute gap between each client checkout. 6. A crash will occur when the server reclaims the license due to client inactivity: 21:52:58 (YYYY) OUT: "f1" zzzz@aaaa 21:53:34 (YYYY) OUT: "f1" zzzz@aaaa 21:53:54 (YYYY) OUT: "f1" zzzz@aaaa 21:56:58 (YYYY) IN: "f1" zzzz@aaaa (INACTIVE) 21:56:58 (lmgrd) YYYY exited with status 5 signal = bbbb 21:56:58 (lmgrd) Since this is an unknown status, license server 21:56:58 (lmgrd) manager (lmgrd) will attempt to re-start the vendor daemon. 21:56:58 (lmgrd) REStarted YYYY (pid XXXX) 21:56:58 (YYYY) FlexNet Licensing version v11.19.6.0 x64_n6 Fix Version and Resolution A fix for this issue is available as a hotfix in FlexNet Publisher 11.19.6.1. If the issue is being observed, please contact Revenera Technical Support for assistance with accessing the hotfix. The fix will be incorporated in the FlexNet Publisher 2024 R2 (11.19.7.0) GA release targeted for December 2024. 
View full article
Summary A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. Note: All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue. This article provides details about this potential vulnerability and the remediation steps available. Description InstallShield MSI setup requires the ISBEW64.exe utility, launched as _isxxxx.exe where xxxx is an arbitrary hex number, to handle 64-bit redirections. For every InstallScript custom action in a standalone MSI setup, a new _isxxxx.exe with random hex number is extracted to a secured random temporary directory which will be cleared once the execution is completed. During the execution, the new _isxxxx.exe process may refer to the already deleted temporary directory due to incorrect DLL search order. Since this previously deleted temporary folder path is below C:\Windows\Temp, a non-admin user can track the folder paths, recreate the directory with the same random name and place a malicious system DLL file. The new _isxxxx.exe process then loads the tampered DLL placed in older directory which would lead to a local privilege escalation. Workaround There is no workaround available for this issue. Fix Version and Resolution The issue is addressed in InstallShield 2024 R1 which is available for download in the Product and License Center. The fix enables safe DLL search mode in EXEs, where applicable. Additional Information Thank you to Sandro Poppi for disclosing this issue to Revenera PSIRT.
View full article
This article documents the FlexNet Embedded release highlights introduced each year, starting from 2020 R3 (2020.07) to present: Release Description 2024.08: CLS + LLS Cloud Licensing Service + Local License Server PowerShell scripts provided with the local license server are now digitally signed. Updated open source components.  2024.07: CLS + LLS Cloud Licensing Service + Local License Server New setting in local-configuration.yaml enables producers to switch off x-forwarding. Updated open source components  Resolved issue on CLS for features with date-based versions  Resolved limitation for configuration property licensing.enableBuiltinHostId  Attributes for /hostid endpoint are now available through FlexNet License Server Administrator (flexnetlsadmin) 2024.06: CLS + LLS + Client Kits Cloud Licensing Service + Local License Server FlexNet License Server Manager now also supports monitoring and configuring Cloud License Service (CLS) instances in addition to local license servers. The -port option for the /install-systemd.sh command now works as expected and can be used to specify the port with an optional network interface IP address that the license server is to use. Client Kits Support for multiple signature strengths for standalone devices. Maximum size of capability responses that can be processed by FlexNet Embedded clients has been increased from 200 KB to 2 MB. Updated open source components (commons-codec, OpenSSL, curl). XT SDKs are no longer retrieving incorrect dongle hostids. SafeNet dongle hostids are now retrieved regardless of the library version that is in use. 2024.05: CLS + LLS Cloud Licensing Service + Local License Server A new property called licensing.enablebuiltinhostId has been introduced for the local license server. It enables producers to set the built-in Ethernet address as hostid, thereby increasing hostid stability.  The /features and /partitions endpoints in the license server REST APIs have been enhanced to include additional query parameters. Resolved an issue with the usage record field reserved. Capability responses for renewal requests are no longer missing features. 2024.04: CLS + LLS Cloud Licensing Service + Local License Server When a partial request is not successful due to insufficient feature counts on the server, the response now includes the status “FEATURE_COUNT_INSUFFICIENT”. A new default cipher suite called SECURE_COMPATIBLE was introduced, which does not contain two ciphers which are now considered vulnerable. 2024.03: CLS + LLS Cloud Licensing Service + Local License Server When a client holds licenses for multiple features with differing expiration dates, the server now immediately releases the licenses when a feature’s expiration date is reached, instead of holding all licenses until the feature with the longest expiration date expires. Enhancement for user-based licensing: If licensing.allowDuplicateClients=true, instead of ignoring capability requests for metered features, the license server now serves metered features as per conventional capability request logic. Producers can now have their organization’s logo displayed in the FlexNet License Server Manager user interface. Early Notification: 32-bit local license server will be deprecated in a future release. 2024.02: CLS + LLS Cloud Licensing Service + Local License Server Removed check for java.exe in flexnet.ls  Resolved issue: local license server can now detect FLEXID9 and FLEXID10 dongle IDs Updated third-party components to address potential security issues Resolved issue in FlexNet License Server Manager, which now accepts a count of 0 for returning licenses Uploading a response file in FlexNet License Server  Manager no longer results in incorrect feature counts 2024.01: CLS + LLS Cloud Licensing Service + Local License Server Client hostids of type USER are now case insensitive. If the borrow interval for a feature is set to 0 in the license model, it is now correctly considered as  unlimited.  2023.11: CLS + LLS Cloud Licensing Service + Local License Server Output for the /hostid endpoint for the local license server now includes attribute information such as Physical, Builtin, and Removable, which can help license administrators identify and select the appropriate hostid for scenarios where they want to manually specify a hostid. Dongle libraries required for flexid9 and flexid10 hostids are no longer statically linked in the local license server. Resolved error with failover server. 2023.10: CLS + LLS Cloud Licensing Service + Local License Server Resolved issue that occurred when the preview response included the requestAll option Linux install script now creates flexnetsas directory under /var/tmp LLS no longer creates lock files in /tmp directory (Linux only) License Server Producer Guide now correctly lists flxBinary.jar (required to run the command-line tool backofficeofflinesynctool) as redistributable 2023.09: CLS + LLS + Client Kits Cloud Licensing Service + Local License Server New Help button in FlexNet License Server Manager to open documentation from within the application Resolved synchronization issue with failover server Client Kits Dongle libraries for flexid9 hostids no longer statically linked 2023.09 .NET Core client kit is now .NET Standard 2.0 compliant  FlexNet Embedded Client kits now offer support for the following platforms: Windows Server 2022 macOS 12 and 13 Nutanix AHV EverRun Resolved .Net Core 2.0 assembly issue Linking against virtualization detection add-on or VM UUI contrib no longer fails Incorrect system time no longer causing internal error  2023.08: CLS + LLS Cloud Licensing Service + Local License Server The new user role ROLE_OFFLINE enables producers to grant rights for handling offline endpoint activities to users who should not have full administrative privileges. Resolved pagination issue in License Server REST API for /users endpoint Offline request file no longer corrupted when empty JSON body is sent Resolved an issue with flexnetlsadmin.sh 2023.07: CLS + LLS Cloud Licensing Service + Local License Server Changes to feature overrides for a product can now be reflected on the relevant instance of the FlexNet Cloud Licensing Service. On Windows, producers can now customize the display name and description of the FlexNet Embedded local license server service.  An issue was resolved where a paginated REST query for usage records caused an exception if more than one page was available. 2023.06: CLS + LLS Cloud Licensing Service + Local License Server The new FlexNet License Server Manager enables license administrators to manage the FlexNet Embedded local license server and its license distribution using a browser-based interface. This new administration tool replaces the previous License Server Manager, which was deprecated in the 2022.11 release. 2023.05: CLS + LLS Cloud Licensing Service + Local License Server Introduced user-based licensing for producers who want to license software applications or services based on the number of users that can access or use them. Producers who use FlexNet Embedded in combination with FlexNet Operations as their back office can now limit or prohibit binding-break repairs on the local license server. Resolved issue around badly formatted hostids. 2023.03.01: LLS Local License Server Resolved issue with service shutdown mechanism 2023.03: CLS + LLS Cloud Licensing Service + Local License Server License server administrators can now use regular expressions when creating rules of access for license pools (previously referred to as “partitions”). Resolved time zone conversion issue for /features endpoint Posting model definition using flexnetlsadmin no longer fails Local License Server The performance of the local license server has been increased, which results in faster processing of capability requests. 2023.02: CLS + LLS Licensing Server The open source component Spring Boot has been updated to version 2.7.7.  The LatencyUtils package has been removed from the Micrometer component. Sending a capability request after mapping add-ons or features no longer results in a 503 error. 2023.01: CLS + LLS Licensing Server The response to the /access_request and /signed_access_request endpoints of the Cloud Monetization API (CMAPI) now includes the value of the Notice field.  In the license server REST API, a new query parameter includeUsageExpiry can return the date and time when a feature expires on the client.  The naming pattern for the access log file has changed. Using the max keyword in a partition which contains features of the same name but of different versions no longer results in unpredictable behavior. 2022.12: CLS + LLS Licensing Server If several features are available for checkout that only differ in their expiry date, the license server now serves the feature with the shortest expiry which also satisfies the borrow period. The install-systemd.sh install script can now be used to install a server certificate. The License Server Producer Guide includes a new appendix “Workflow Example for Producer-Defined Binding”, with step-by-step instructions to help producers set up binding on a local license server. Updated open-source components: commons-text Jackson databind logback Spring Boot Updated Swagger documentation 2022.11: CLS + LLS Licensing Server New keyword for feature partitions: Producers and license administrators can use the max keyword to limit the number of feature counts that a single user or device can consume. The API documentation for the local license server is now generated using SpringDoc (OpenAPI 3). 2022.10: CLS + LLS Licensing Server Calling the /partitions endpoint using GET now also returns partitions that contain no feature counts. A new property server.hostType.order enables producers to specify the order in which the local license server picks the hostid type. Client information returned by the flexnetlsadmin command -licenses -verbose is no longer truncated. 2022.09: CLS + LLS + Client Kits Licensing Server Preview requests no longer include orphans Resolved an issue where unsynced usages were deleted during synchronization LLS Linux install now honors an externally-specified JAVA_HOME or JRE_HOME variable Self-contained server is no longer supported and will no longer be shipped with the license server Client Kits Resolved an issue affecting secure anchoring on certain platforms Resolved an issue with calls to retrieve last server update time 2022.08: CLS + LLS Licensing Server The Cloud Monetization API (CMAPI) responses for the /access_request and /signed_access_request endpoints can now include the renewInterval field. Updated open-source component Spring Boot A new -restore-service-database command restores trusted storage at the service mode installation location (Linux). Resolved an issue with incorrect feature counts which could occur after a license server update. 2022.07: CLS + LLS Licensing Server Model definitions can now include partitions that have a feature count of 0. This enables producers to upload a model definition that functions as a template, which can be updated with feature counts at a later date. A new -restore-service-database command restores trusted storage at the service mode installation location (Windows only). 2022.06: CLS + LLS Cloud Licensing Service Cloud Monetization API enhancement: Capability requests sent to the /access_request or /signed_access_request endpoint support passing multiple values per key. This enables producers who use feature partitions to allocate licenses to users who belong to multiple groups. Updated open-source components Spring Boot and Liquibase Resolved issue with flexnetlsadmin’s -licenses command Resolved issue with /clients REST endpoint, which now correctly returns all current clients after synchronizing licensing information with the back office Local License Server Updated open-source components Liquibase and jackson-databind 2022.05: LLS Licensing Server Cloud Monetization API enhancement: Capability requests sent to the /access_request or /signed_access_request endpoint support passing multiple values per key. This enables producers who use feature partitions to allocate licenses to users who belong to multiple groups. Updated open-source component Spring Boot Resolved issue with flexnetlsadmin’s -licenses command Resolved issue with /clients REST endpoint, which now correctly returns all current clients after synchronizing licensing information with the back office 2022.04: CLS + LLS Licensing Server Support for Windows 11 2022.03: CLS + LLS Licensing Server Resolved an issue with preview requests using the RequestAll flag. The issue occurred when the license server was provisioned with multiple line items that had different expiry dates, where one of the line items had expired. Minimized blackout time during synchronization with back office Improved error message wording when --service-shutdown option is used for a license server running in a console window 2022.02: CLS + LLS + Client Kits Licensing Server Logging in the license server is now done with Logback, not log4j Added a new configuration property for cipher choice mechanism Resolved flexnetlsadmin communication issue with local license server when a .local URL is used Counts are now updated correctly when a client sends parallel requests to a Cloud Licensing Service instance Client Kits FlexNet Embedded Client kits now offer support for Microsoft Windows 11 platform Java XT TRA: Log4j 1 no longer bundled with tra-run.jar and tra-gen.jar .Net XT SDKs: Optimized GetFeatureCollection call to enable more efficient handling of capability responses containing large quantities of features C XT SDK: Optimized virtualization detection (Linux only) Identity update utility now includes container_id in types list Updated third-party components (OpenSSL, LibCurl) 2022.01: CLS + LLS Licensing Server FlexNet License Server Manager now available in the Product and License Center as a separate package Enhanced logic of distributing used feature counts in feature partitions Customers can now pass vendor dictionary values using the /preview_request API Resolved issue where used counts were not updated correctly if a client tried to renew licenses when the corresponding feature is part of a reactivated line item “rate-limit” setting no longer causes flexnetlsadmin command -licenses -verbose to fail Resolved issue where local license server could crash on installation 2021.12: CLS + LLS Licensing Server Allowed size of model definition for partitions has been increased to 900KB Increased performance of POST requests on /rules endpoint New /features/summaries endpoint returns a summary of available features, grouped by feature name Remodeled logic for returning used license counts to resolve issue of incorrectly calculated counts Resolved issue where preview requests and capability requests for features with overdraft counts were not working as expected Resolved issue with flexnetlsadmin’s -licenses option for uncapped metered features Resolved issue affecting the sorting of checkout filter features 2021.11: CLS + LLS Licensing Server A new directive “vendor string matches” enables license administrators to allocate feature counts to partitions based on variables specified in the vendor string. After use, feature counts are returned to their original partition. The /clients API no longer returns inconsistent results when queried with and without the hostid parameter 2021.10: CLS + LLS Licensing Server User-based reservations are now working as expected 2021.09: LLS + Client Kits Licensing Server New support for Ubuntu 20.04 LTS Reservations are no longer automatically converted to partitions, resolving a compatibility issue where the conversion of reservations into rules could lead to incorrect license counts in the resulting partitions References to Jackson-databind 2.2.3 have been removed from OfflineSync tools Resolved issue where licenses could be available for checkout from a cloned local license server Capability response utility capresponseutil now supports the optional parameter enterpriseId Client Kits References to Jackson-databind 2.2.3 have been removed from OfflineSync tools Resolved false-positive tamper detection issue 2021.07: CLS + LLS Licensing Server Producers can now disable the creation of access logs by setting server.accessLogPattern=none in producer-settings.xml. The wording of log entries for rejected capability requests has been improved. Entries now indicate when a request has been denied due to a feature partitions rule rejection. The response to a call of the /health endpoint now includes a new trustStatus property, which indicates whether a trust break has occurred. Resolved an issue where license counts in partitions were not correctly re-allocated after an updated model definition was uploaded to the license server. 2021.06: CLS + LLS Licensing Server New licensing.defaultTimeZone setting to configure the timezone the server uses to determine feature expiry date, start date, and issue dates Resolved license count handling when the reservation group or partition is deleted while the count is in use Resolved license count handling when reservation groups are deleted and recreated with different feature counts Fixed license leakage issue when feature counts change while features are checked out 2021.05: CLS + LLS + Client Kits Licensing Server Fixed OptimisticLockRefreshException error when adding a new reservation entry Failover synchronization issues have been resolved Increase in failover database size issue is fixed Third-party software modules have been upgraded Client Kits New support for macOS ARM Resolved calendar issues for Java XT kits C-XT kit no longer crashes if year exceeds 3001 on Windows platform Vulnerability CWE-327 addressed 2021.04: CLS + LLS Licensing Server Conditional operator support added to Feature Partitioning rules Resolved issue preventing reserved counts from being automatically renewed Fixed license count issue caused by reservations groups repeatedly being deleted/created Changed mechanism for local license server-FlexNet Operations HTTPS communciation 2021.03: CLS + LLS Licensing Server New streaming interface /clients and /features endpoints to query large client tables, hence improving the performance Resolved VMUUID detection issue on Google Compute Cloud (Windows only) for LLS The REST API /clients endpoint now returns the served clients when the borrow interval was set to 0s on both CLS and LLS Resolved time zone conversion issue for feature expiry on both CLS and LLS The issue with borrow granularity unit is now fixed 2021.02: CLS + LLS Licensing Server Support for JSON-format Logging on the Local License Server (LLS) Integration of LLS Logging with External Systems like Graylog, Elastic Stack Fixed the synchronization issue in failover scenario Improved performance for querying /clients endpoint for both LLS and CLS Fixed the trailing slash in JAVA_HOME system environment variable in LLS Correct version of OpenSSL reported in the LLS A number of third-party software modules used in the FlexNet License Server Manager have been upgraded. 2021.01: CLS + LLS Licensing Server New activeOnly query parameter has been introduced for /features endpoint for both CLS and LLS Return of counts for multiple activation IDs with identical expiry date issue has been fixed on CLS Resolved client expiry issues on CLS Support for PKCS #12 keystores in LLS Resolved VM_UUID detection issue on Google Compute Cloud for LLS Resolved MAC address issue related to hostid case sensitivity. 2020 R3 SP3 (2020.12): CLS + LLS + Client Kits Licensing Server License activation using REST API and .NET on both LLS and CLS Usage reports could show duplicate rows with a feature count value of zero for every checked in feature is fixed on CLS Enhanced the model definition upload using the /rules API for long list of hostids—containing 10,000 hostids on both LLS and CLS Used feature counts correctly returned to license pool after effective borrow interval expired Updated open source third party components and dependencies have been removed Resolved flexnetlsadmin to CLS communication issue Fixed the issue that caused error while running local license server(LLS) in console mode Client Kits Improved Cloud Platform detection which fixes the that occasionally detect and return an incorrect hostid value for VM_UUID Resolved VM_UUID detection issue on Google Compute Cloud Releasing of system resource 2020 R3 SP2 (2020.10): CLS + LLS + Client Kits Licensing Server Springfox-Swagger has been upgraded to version 2.9.2 in both LLS and CLS. This upgrade addresses potential security issues. Spring Boot has been upgraded to version 2.1.2 in both LLS and CLS to address potential security issues. Enhanced Logging Functionality on the Local License Server. A new logging style configuration parameter has been introduced for the LLS, to configure timestamp behaviour. Resolved below FlexNet License Server Administrator Issues “-reset” command resets the security.enabled policy back to its original default value set by the producer. “-licenses” command now returns correct feature count “-licenses -verbose” command now returns correct value for available counts A number of third-party software modules used in the FlexNet License Server Manager have been upgraded Client Kits Fix for potential memory leak (Linux XT only) 2020 R3 SP1 Hotfix (2020.07.1): CLS only Licensing Server Feature counts are now consumed from correct activation id. For metered features, counts could be consumed from an incorrect activation ID. This issue was due to a change in the sequence of returning used counts. Resolved Client Expiry Timer issue Fixed incorrect expiry date 2020 R3 (2020.07): CLS + LLS + Client Kits Licensing Server Feature Partitions The maxCount field now indicates how many counts of a feature are available, regardless of how many counts have been requested. The active hostid set using FlexNet License Server Manager or using the REST APIs now persists in the database. It is no longer necessary to reset it after a server reboot Improved FlexNet License Server Administrator Output Resolved REST API pagination issue CLS performance improvement Resolved server borrow interval issue Updated open source component Jackson Databind in FlexNet License Server Manager In the FlexNet License Server Manager user interface added new Start Date column and New Device Alias column Client Kits Identical Correlation ID generation issue has been addressed (C XT SDKs only) Resolved issue related to connecting to server via proxy (C XT SDKs on macOS only). Resolved issues with redirected URLs (.NET XT SDKs only). Amazon AWS EC2 detection no longer causes XT client crashes (XT SDKs only)
View full article
Summary This article will discuss the conditions and sequence position to use to launch a custom action when uninstall is selected through Add/Remove Programs (ARP). Synopsis This article will discuss which conditions to use to launch a custom action when uninstall is selected through Add/Remove Programs (ARP). The purpose of this would be to not launch the same custom action if uninstall was performed through maintenance mode. Discussion We must first understand the difference between an uninstall that occurs from ARP as opposed to through Maintenance Mode. When an uninstall occurs through ARP, Windows Installer will automatically set the property UILevel=3 . This is a basic User Interface which will only handle simple progress and error handling. When an uninstall occurs through maintenance mode the Windows Installer will set the property to UILevel=5. This is a full User Interface. With this in mind we must be careful not to place the custom action in the User Interface Sequence, as this will not be launched during an ARP uninstall. Additional conditions that we can use are REMOVE="ALL". This option will work in the execute sequence after InstallValidate to detect a complete uninstallation. Mind the capitalization and quotation marks. Finally to prevent a silent uninstall caused by a Major Upgrade meeting the above 2 conditions we can also use "NOT UPGRADINGPRODUCTCODE" Therefore the custom action should be placed after Installvalidate in the Execute Sequence and its full condition would be: REMOVE="ALL" AND UILevel=3 AND NOT UPGRADINGPRODUCTCODE Additional Information UILevel Property http://msdn.microsoft.com/en-us/library/aa372096(v=vs.85).aspx REMOVE Property http://msdn.microsoft.com/en-us/library/aa371194(v=vs.85).aspx UPGRADINGPRODUCTCODE Property http://msdn.microsoft.com/en-gb/library/aa372380(v=vs.85).aspx Further details on REMOVE="All" Property: http://www.robertdickau.com/msi_tips.html
View full article
Introduction This article will help you understand the steps to sign the installer through custom signing option Instructions With the release of InstallAnywhere2024R1, you can select between two signing options: one is standard, and the other is custom. The standard option is what you used previously by either selecting a certificate (.pfx) path or selecting one from the certificate store. InstallAnywhere2024R1 introduces a custom signing option, which will enable two new fields: "Custom Sign Tool Location" and "Sign Tool Arguments." With the help of Custom Sign Tool Location, you will be able to configure any external signing tool to take care of signing. For example, you will be able to select Microsoft Sign Tool from the Windows SDK folder or even use AzureSignTool via a batch file. 1) Using Custom Signing option to specify tool location and arguments directly. Configuring signing fields in InstallAnywhere :   2) Using Custom Signing option to execute batch file. Configuring batch file to sign installer in InstallAnywhere Digital Sign options under                           Projects->Platforms Sample Signing.bat file contents. Use %2 variable as a place holder for the full file path to be signed.   3) Using Custom Signing option to execute VB script. Configuring VB script in InstallAnywhere: Sample Signing.vbs file contents.   ERROR HANDLING  If signing fails, you will be able to see the relevant message and error code in build log  Error Code 1 returned by signtool Error Code 80070057 returned by AzureSignTool which indicates One or more arguments are invalid    
View full article
Here you will find some notable releases that appear in your Usage Intelligence reports.  July 2024 Fixes Quota & Billing page updates: The Quota & Usage menu item in the Administration menu has been renamed to Quota & Billing, and Quota & Usage is now the default tab on the Quota & Billing page. JSON export filtering bug fixed: The Generate JSON export feature on the Client Profile report has been updated to apply filters when exporting. Previously, if an export was performed after applying filters, all of the Client IDs were exported, ignoring the filters.  June 2024 Enhancement Custom numeric event report for DEMO Product: The DEMO Product now includes a functional custom numeric event report. Fixes Updated CPU types: New CPUs in the market have been incorporated into the CPU Type filter properties and will also be visible in reports that display CPU types. May 2024 Usage Intelligence v2 Decommissioned Usage Intelligence v2 is officially decommissioned. Users can access their data using Usage Intelligence v3. For more information, please refer to the "Legacy Usage Intelligence v2.0 Site Will Be Discontinued on May 31, 2024" news post. General Enhancements Filters added for custom numeric event report Ability to produce a JSON export of custom numeric event report Redocly site is fixed with Auth related documentation Fixes Number values accepting filters are modified to accept default value as '1' June 2023 Usage Intelligence v3 (Beta available now) User Interface Performance Usage Intelligence v3 user interface utilizes single page application (SPA) framework that loads and renders content dynamically without needing to refresh the page. The SPA framework provides faster load times and a more fluid, app-like user experience. The component-based architecture makes it easier to scale and maintain. REST APIs REST APIs have been added and updated in Usage Intelligence v3. Security has been improved with the new REST APIs. Application maintenance and ability to add new features is made easier with the modular programming approach. Transition from Usage Intelligence v2 and v3 With the release of Usage Intelligence v3 (Beta), we advise users to be aware of the following: You may observe data sync issues when you create or save data in either v2 or v3. Please refer to the Data Sync Limitations section of the Transition from Usage Intelligence v2 and v3 article for more details. Some changes are synchronized between both versions. We advise caution when executing create, update, or delete operations to avoid data loss. Please refer to the Synchronized Data Changes section of the Transition from Usage Intelligence v2 and v3 article for more details. When Usage Intelligence v3 is fully released, these edits can only be operated in this version. Usage Intelligence v2 will be read-only and no further edits can be made using that portal. Due to these data sync limitations, if you plan to register a new product on v3, please do it for testing purpose as you will lose that product and data collected once v3 is fully live.  General Contact Sales The 'Contact Sales' option is now available under Help in the top navigation bar instead of the Admin -> Quota and Billing section. Copy Functionality The copy functionality on the Event Tracking Management page has been removed. Users can export to CSV or Excel instead. January 2021 Core Analytics Added Cross-Product Reporting. Cross-Product Report provides insight into how many unique machines have installed products for a given date range that are part of product groups that you create. Up to three groups of products can be utilized in the creation of the report. Read More.  November 2020 General Under Product Management, the menu Item Event Tracking Whitelist Management was renamed to Event Tracking Management Under Event Tracking Management the selectable field Auto-Whitelist was renamed to Auto-Approve Client IP Blacklist was renamed to Blocked Client IPs Updated all nomenclature for Whitelist and Blacklist across the dashboard to use Approve/Block terminology. These changes affect Event Tracking Management, Licensing, Blocked Client IPs, and Delete & Block Clients. Core Analytics Added Data Retention Months and License Key Registry statistics to the Quota Usage Page. Added ability to view aggregate quota usage for products that are part of a quota pool. Added new functionality for string-based properties in report filtering: Support for filtering by regular expression Added ability to load filter values from a file Added ability to copy selected filter value to clipboard October 2020 General Updated user interface with the rebranding to Revenera Core Analytics Added Group By functionality in distribution and Lifetime Event Usage reports, which gives you the ability to change the property used to identify an installation. Read More  September 2020 Core Analytics Added ability to switch data between installation count and % of active installations in distribution reports. Added cross-product data export, to be able to see the number of users making use of multiple products. August 2020 ReachOut Added Lifetime Event Count variables in ReachOut campaigns, to be able to send event usage counts to client installations. Updated automatic ReachOut campaigns delivery chart to show statistics for messages delivered vs messages that were clicked and interacted with by users. April 2019 Core Analytics User Flow Reporting The User Flow report provides you with a picture of the journey your users take when interacting with your product. By specifying a hotspot event, you can analyze everything that happens around it, how users reach that event, and which steps they take following it. Read More December 2018 Core Analytics Export Property Values Users can select any property (as visible in the filters list), including Custom Properties and it will generate a full list of metadata for a particular property. Available as a JSON or plain text file. Read More Support for Multiple Billing Email Addresses Users can now add multiple email addresses as their billing contacts, who would each receive a copy of any invoices or billing notifications. Data Table Export for Lifetime Event Tracking and Churn Lifetime Event Usage Users can now export a JSON file with all the data in the Event Usage tables. IP Blacklist Users can add a list of IPs or IP ranges that will be blocked from the server. These can be used to block internal users from submitting data to the RUI server (say during QA) or to block any unwanted users or domains. Read More ReachOut ReachOut Archiving Users can move any ReachOut campaign from the “Active” tab to an archive. This is especially useful for users having a large list of ReachOut messages that they do not want to permanently delete. All archived campaigns are accessible from the “Archived” tab inside the ReachOut page. An archived campaign is automatically disabled but stored for historical or reporting purposes. It can be made “Active” again at any point or can still be used to clone new campaigns from it. Read More ReachOut ID Display Users can see the unique ReachOut Campaign ID displayed in each of the ReachOut tables. This helps for reporting purposes and referencing with raw data exports or Client Profile data, all of which show the ReachOut IDs that a client has been delivered. November 2018 Core Analytics Client Profile Report Users have the ability to drill down into product usage data for a particular client, look at data for sets of ClientIDs that match specific criteria, and do full exports of the data by ClientID for further analysis, joining with third-party data sets, or historical archiving of all your usage data. Capabilities include: Export data for further analysis in third-party analytics systems View all ReachOut in-application campaigns that any client has received Identify specific ClientIDs of user segments by properties and usage Manage GDPR requests for data access Download data for archiving Use JSON format of data exports for maximum portability Read More Raw Data Export Users can collect, upon request, all the raw data from their application in addition to the standard data collected and processed by Usage Intelligence. This needs to be configured with an account manager to be enabled and collect the data specific to each user case. Read More August 2018 Helpdesk Knowledgebase and ticketing system updated for enhanced searchability, ticket tracking and user experience. View Support Center June 2018 Core Analytics Virtual Machine Architecture Report Users can now report and analyze installations running on Virtual Machines across Windows, Mac, and Linux platforms. It also allows other reports to be filtered by usage on specific Virtual Machines only with installations running for deeper analytics. Read More Sunburst Visualizations in Usage Intelligence The new Sunburst diagram lets you illustrate and analyze hierarchical or segmented data through an interactive Sunburst chart with drilldown functionality. You can visualize three properties and click on any segment to drill down into it and explore the relationships. March 2018 Core Analytics Support for Facebook Login Discontinued Due to the lack of usage, account creation, and login via Facebook is no longer supported by Usage Intelligence. Null Value Reporting Reports now support <NULL> values (where no information is collected) and users can choose to include or not include these values in their reporting and visualizations. This distinction provides greater insight into total usage numbers. Read More Export Data to CSV In addition to image formats, table data and timeline data can now be exported by users in a CSV format for any report in Usage Intelligence. ReachOut Clone ReachOut Campaigns Users can now create copies or clones of their existing campaigns to repurpose in launching new campaigns to different audiences or with other modifications. Filter ReachOut Recipients by Previous Campaigns In-application messages can now be targeted to users based on whether or not they have received other messages previously via ReachOut. This allows for a message series to be created via sequenced messages. February 2018 Core Analytics Regular Expressions (“Regex”) Added All filters for reporting and ReachOut now take advantage of regular expressions to provide greater flexibility and time savings. From the Filters UI you can choose “Exact Match,” “Starts with” or “Contains” to filter any string property. Like other filters, Regex-based filters can also be saved as templates and shared with your team. Lifetime Event Usage Filter This powerful addition allows you to ask and get answers to more complicated questions by filtering any report or ReachOut campaign based on the user’s actual usage of the product functionality. For example, how many users have launched the configuration wizard at least once, but never finished the wizard completely? Or, how many users used the product for at least 10 hours but have not yet discovered Feature X? Or, how many users who have used heavily Feature X but made little to no use of Feature Y. Date Installed Filter This new filter enables you to report on usage by people who installed during a specific time period (for example, during a campaign or following an event). You can easily see how many users who installed during the Q4 promo that are still active today and what are they doing with the software. You can also run churn analysis reports only on those users who installed before a specific time period. Date Last Seen Filter This enhancement allows you to filter in/out users that were last seen before or after a specific date. For example, you might want to run a report of how many users abandoned a specific version/edition of your software in the days after you announced that you will be terminating its support. When used in combination with the Date Installed Filter, you can get more accurate data on product and feature usage by filtering out anyone who was not fully active during the whole reporting period (e.g., the average runtime and feature usage metrics will not include users who installed or uninstalled the product in the middle of that reported date range). ReachOut ReachOut Delivery Caps If you want to send a promotion to a limited number of users, send upgrade notifications in batches, or run A/B testing with a random user sample, you can now easily achieve this by setting a Maximum Delivery Cap on any ReachOut campaign to limit the number of messages delivered. December 2017 Core Analytics Java SDK Released Usage Intelligence adds a software usage analytics solution designed for distributed native Java applications on Windows, Macintosh, and Linux. Read More Reporting Filters Added Filtering for specific Usage Intelligence Client ID and Machine ID for customers also using Revenera Compliance Intelligence, providing deeper insight into feature usage within unlicensed software to accelerate settlement and conversion discussions Opt-In/Opt-Out Status, making it easier to calculate sample size and measure the effectiveness of software usage analytics programs Lifetime Product & Feature Usage, providing deeper insight into specific user groups and their engagement with various product functionality October 2017 Core Analytics Updates to User Permission Controls Users can now easily manage user permissions for their entire team. Admins can grant Full, Read-Only, or Deny access for different aspects of Usage Intelligence from User Management, Reporting, ReachOut, Developer, License Key Management or Filtering, Quota Usage, Billing and Subscription, or Reporting API access. For each user, you can quickly preview all their access levels, edit their permissions, clone them for other users that have the same organizational role or revoke their permissions.
View full article
Explanation:  When a user is assigned to an account with a role that does not have the "View Devices" permission and when the System configuration option "Enforce device management permissions across accounts" is enabled in the FNO for "End-User Portal Setup", and the user accesses the device in the end user portal, this error message is displayed. Use Case 1: [Accessing the device in the End User portal for two different accounts linked to the same user when the system configuration is enabled] 1. Customer User details. Customer Username Account Id Role name Permission Device ID shreyashs1073@gmail.com TestAc-3 INF-portal admin user role has 'View Devices' permission TestSA01 shreyashs1073@gmail.com TestAc-4 INF-portal user role doesn't have 'View Devices' permission TestSA02 Reference images :  2. In the FNO -> System Configuration -> End-User Portal Setup -> Select the checkbox for this option "Enforce device management permissions across accounts". This controls the capabilities available on the Device Details page. When a user with multiple accounts select a device, their permissions to view or manage devices, will be applied based on the ownership of the device within that selected account.   3. Then, in the end user portal device page, the user can access 'TestSA01' device without any issues. But, when the same user tries to click on 'TestSA02' device which is linked to 'TestAc-4' account id, encounters an error message- "Insufficient permissions to view the device within the account."     Use Case 2: [Accessing the device in the End User portal for two different accounts linked to the same user when the system configuration is disabled] 1. When the system configuration "Enforce device management permissions across accounts" is disabled, then the same user with the account 'TestAc-4' can access the 2nd device 'TestSA02' without any issues.   
View full article
This article lists the current year's past releases for FlexNet Operations Cloud. For upcoming releases, please see the Software Monetization Release Schedule. (NOTE: This requires you to log into the community as a Revenera customer. ) 2024 Releases -  FlexNet Operations Cloud ALM Release ALM Deployment Environment Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2024.06 AWS NAM/EU   May 23, 2024 June 6, 2024   2024.05 AWS NAM/EU   April 22, 2024 May 10, 2024   2024.04 AWS NAM/EU   March 19, 2024 April 4, 2024   2024.03 Legacy AWS NAM   February 28, 2024 March 16, 2024     Legacy AWS EU   February 21, 2024 March 6, 2024     AWS NAM/EU February 27, 2024 - February 29, 2024  February 22, 2024 March 7, 2024   2024.02 Legacy AWS NAM/EU   January 30, 2024 Deferred     AWS NAM/EU   January 31, 2023 February 15, 2024   2024.01 Legacy AWS NAM/EU   January 3, 2024 January 16, 2024     AWS NAM/EU   January 4, 2024 January 17, 2024     FlexNet Operations Cloud LLM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2024.06   May 23, 2024 June 6, 2024   2024.05   April 22, 2024 May 10, 2024   2024.04   March 18, 2024 April 3, 2024   2024.03 February 27, 2024 - February 29, 2024  February 21, 2024 March 6, 2024   2024.02   January 30, 2024 February 15, 2024   2024.01   January 3, 2024 January 16, 2024     2023 Releases -  FlexNet Operations Cloud ALM Release ALM Deployment Environment Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2023.09 Data Center Legacy AWS NAM AWS EU   Wednesday, Aug 30, 2023 Tuesday, Sep 12, 2023     AWS Migrated (CLS & UAS)   Thursday, Aug 31, 2023 Wednesday, Sep 13, 2023   2023.08 Data Center Legacy AWS NAM AWS EU   Wednesday, Jul 26, 2023 Wednesday, Aug 9, 2023     AWS Migrated (CLS & UAS)   Thursday, Jul 27, 2023 Thursday, Aug 10, 2023   2023.07 Data Center Legacy AWS NAM AWS EU Monday, Jun 12, 2023 Tuesday, Jun 27, 2023 Tuesday, Jul 11, 2023     AWS Migrated (CLS & UAS)   Wednesday, Jun 28, 2023 Wednesday, Jul 12, 2023   2023.06     Thursday, May 25, 2023 Thursday, Jun 8, 2023   2023.06 (CLS)     Friday, Jun 2, 2023 Friday, Jun 9, 2023   2023.05     Saturday, Apr 29, 2023 Tuesday, May 9, 2023   2023.04     Thursday, Mar 16, 2023 Monday, Apr 3, 2023   2023.03     Wednesday, Feb 22, 2023 Wednesday, Mar 8, 2023   2023.03 (CLS)     Thursday, Feb 23, 2023 Data Center | AWS EMEA | AWS NAM: Wednesday, Mar 8, 2023 AWS Migrated: Thursday, Mar 9, 2023   2023.02     Monday, Jan 30, 2023 Monday, Feb 13, 2023   2023.02 (CLS)     Tuesday, Jan 31, 2023 Monday, Feb 13, 2023   2023.01   Tuesday, Jan 17, 2023 Data Center: Wednesday, Jan 4, 2023 AWS EMEA/NAM: Thursday, Jan 5, 2023 Data Center: Wednesday, Jan 18, 2023 AWS EMEA/NAM: Thursday, Jan 19, 2023   2023.01 (CLS)     Thursday, Jan 5, 2023 Data Center: Thursday, Jan 19, 2023 AWS EMEA/NAM: Friday, Jan 20, 2023     FlexNet Operations Cloud LLM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2023.09   Wednesday, Aug 30, 2023 Tuesday, Sep 12, 2023   2023.09 (CLS & UAS)   Thursday, Aug 21, 2023 Wednesday, Sep 13, 2023   2023.08   Wednesday, Jul 26, 2023 Wednesday, Aug 9, 2023   2023.08 (CLS & UAS)   Thursday, Jul 27, 2023 Thursday, Aug 10, 2023   2023.07   Tuesday, Jun 27, 2023 Tuesday, Jul 11, 2023   2023.07 (CLS & UAS)   Wednesday, Jun 28, 2023 Wednesday, Jul 12, 2023   2023.06 Wednesday, May 24, 2023 Thursday, May 25, 2023 Thursday, Jun 8, 2023   2023.06 (CLS)   Friday, Jun 2, 2023   Friday, Jun 9, 2023   2023.05   Tuesday, Apr 25, 2023 Tuesday, May 9, 2023   2023.04   Thursday, Mar 16, 2023 Monday, Apr 3, 2023   2023.03   Wednesday, Feb 22, 2023 Wednesday, Mar 8, 2023   2023.03 (CLS)   Thursday, Feb 23, 2023 Data Center | AWS EMEA | AWS NAM: Wednesday, Mar 8, 2023 AWS Migrated: Thursday, Mar 9, 2023   2023.02   Monday, Jan 30, 2023 Monday, Feb 13, 2023   2023.02 (CLS)   Tuesday, Jan 31, 2023 Monday, Feb 13, 2023   2023.01 Tuesday, Jan 17, 2023 Wednesday, Jan 4, 2023 Wednesday, Jan 18, 2023   2023.01 (CLS)   Thursday, Jan 5 2023 Thursday, Jan 19, 2023    *May include system changes only and no release changes. Please see FlexNet Operations News for confirmation.   2022 Releases -  FlexNet Operations Cloud ALM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2022.12 Wednesday, Nov 30, 2022 Thursday, Dec 1, 2022 Thursday, Dec 15, 2022   2022.12 (CLS)   Friday, Dec 2, 2022 Thursday, Dec 15, 2022   2022.11   Wednesday, Nov 2, 2022 Thursday, Nov 17, 2022   2022.10 Monday, Nov 7, 2022 Thursday, Sep 29, 2022 Thursday, Oct 13, 2022   2022.09   Tuesday, Aug 30, 2022 Tuesday, Sep 13, 2022   2022.08   Thursday, Jul 28, 2022 Thursday, Aug 11, 2022   2022.07   Tuesday, Jun 28, 2022 Tuesday, Jul 12, 2022   2022.07 (CLS only)   Tuesday, Jun 28, 2022 Monday, Jul 4, 2022   2022.06   Thursday, May 26, 2022 Thursday, Jun 9, 2022   2022.05 Monday, May 2, 2022 Wednesday, May 4, 2022 No production release   2022.04   Thursday, Mar 31, 2022 Thursday, Apr 14, 2022   2022.03 (CLS)   Friday, Feb 18, 2022 Thursday, Feb 24, 2022 No 2022.03   Wednesday, Mar 2, 2022 Tuesday, Mar 15, 2022 No 2022.02 Tuesday, Jan 25, 2022 Thursday, Jan 27, 2022 Saturday, Feb 12, 2022 Yes 2022.01   Tuesday, Dec 21, 2021 Tuesday, Jan 11, 2022 No   FlexNet Operations Cloud LLM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2022.12 Wednesday, Nov 30, 2022 Thursday, Dec 1, 2022 Thursday, Dec 15, 2022   2022.12 (CLS)   Friday, Dec 2, 2022 Thursday, Dec 15, 2022   2022.11   Wednesday, Nov 2, 2022 Thursday, Nov 17, 2022   2022.10 Monday, Nov 7, 2022 Thursday, Sep 29, 2022 Thursday, Oct 13, 2022   2022.09   Tuesday, Aug 30, 2022 Tuesday, Sep 13, 2022   2022.08   Thursday, Jul 28, 2022 Thursday, Aug 11, 2022   2022.07   Tuesday, Jun 28, 2022 Tuesday, Jul 12, 2022   2022.06   Thursday, May 26, 2022 Thursday, Jun 9, 2022   2022.05 Monday, May 2, 2022 Wednesday, May 4, 2022 No production release   2022.04   Thursday, Mar 31, 2022 Thursday, Apr 14, 2022   2022.03 (CLS)   Friday, Feb 18, 2022 Thursday, Feb 24, 2022 No 2022.03   Wednesday, Mar 2, 2022 Tuesday, Mar 15, 2022 No 2022.02 Tuesday, Jan 25, 2022 Thursday, Jan 27, 2022 Saturday, Feb 12, 2022 Yes 2022.01   Tuesday, Dec 21, 2021 Tuesday, Jan 11, 2022 No *May include system changes only and no release changes. Please see FlexNet Operations News for confirmation.   2021 Releases -  FlexNet Operations Cloud ALM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2021.12   Friday, Dec 3, 2021 Thursday, Dec 16, 2021 No 2021.12 (CLS)   Friday, Dec 3, 2021 Thursday, Dec 9, 2021 No 2021.11 Monday, Nov 1, 2021 Tuesday, Nov 2, 2021 Tuesday, Nov 16, 2021 No 2021.11 (CLS)   Thursday, Nov 4, 2021 Tuesday, Nov 16, 2021 No 2021.10   Thursday, Sep 30, 2021 Wednesday, Oct 13, 2021 No 2021.10 (CLS)   Thursday, Oct 7, 2021 Saturday, Oct 23, 2021 Yes 2021.09 Monday, Aug 30, 2021 Tuesday, Aug 31, 2021 Tuesday, Sep 14, 2021 No 2021.08   Thursday, Jul 29, 2021 Thursday, Aug 12, 2021 No 2021.07   Tuesday, Jun 29, 2021 Thursday, Jul 15, 2021 No 2021.06   Thursday, Jun 3, 2021 Thursday, Jun 17, 2021 No 2021.06 (CLS)   Friday, Jun 11, 2021 Tuesday, Jun 22, 2021 No 2021.05 Tuesday, Apr 20, 2021 - Wednesday, Apr 21, 2021 Thursday, Apr 22, 2021 Saturday, May 15, 2021 Yes 2021.05 (CLS)   Thursday, Apr 22, 2021 Tuesday, May 11, 2021 No 2021.04   Wednesday, Apr 7, 2021 Tuesday, Apr 13, 2021 No 2021.03   Tuesday, Mar 2, 2021 Tuesday, Mar 16, 2021 No 2021.02 Wednesday, Jan 27, 2021 Thursday, Jan 28, 2021 Thursday, Feb 11, 2021 No 2021.01   Thursday, Dec 17, 2020 Tuesday, Jan 12, 2021 No 2021.01 (CLS)   Thursday, Dec 17, 2020 Saturday, Jan 16, 2021 Yes   FlexNet Operations Cloud LLM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2021.12   Friday, Dec 3, 2021 Thursday, Dec 16, 2021 No 2021.12 (CLS)   Friday, Dec 3, 2021 Thursday, Dec 9, 2021 No 2021.11 Monday, Nov 1, 2021 Tuesday, Nov 2, 2021 Tuesday, Nov 16, 2021 No 2021.11 (CLS)   Thursday, Nov 4, 2021 Tuesday, Nov 16, 2021 No 2021.10   Thursday, Sep 30, 2021 Wednesday, Oct 13, 2021 No 2021.10 (CLS)   Thursday, Oct 7, 2021 Saturday, Oct 23, 2021 Yes 2021.09* Monday, Aug 30, 2021 Tuesday, Aug 31, 2021 Tuesday, Sep 14, 2021 No 2021.08   Thursday, Jul 29, 2021 Thursday, Aug 12, 2021 No 2021.07 (CLS only)   Tuesday, Jun 29, 2021 Thursday, Jul 15, 2021 No 2021.06   Thursday, Jun 3, 2021 Thursday, Jun 17, 2021 No 2021.06 (CLS)   Friday, Jun 11, 2021 Tuesday, Jun 22, 2021 No 2021.05 Tuesday, Apr 20, 2021 - Wednesday, Apr 21, 2021 Thursday, Apr 22, 2021 Saturday, May 15, 2021 Yes 2021.05 (CLS)   Thursday, Apr 22, 2021 Tuesday, May 11, 2021 No 2021.04   Wednesday, Apr 7, 2021 Tuesday, Apr 13, 2021 No 2021.03   Tuesday, Mar 2, 2021 Tuesday, Mar 16, 2021 No 2021.02 Wednesday, Jan 27, 2021 Thursday, Jan 28, 2021 Thursday, Feb 11, 2021 No 2021.01   Thursday, Dec 17, 2020 Tuesday, Jan 12, 2021 No 2021.01 (CLS)   Thursday, Dec 17, 2020 Saturday, Jan 16, 2021 Yes *May include system changes only and no release changes. Please see FlexNet Operations News for confirmation. 2020 Releases -  FlexNet Operations Cloud ALM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2020 R1 Wednesday, Jan 8, 2020 Thursday, Jan 9, 2020 Thursday, Feb 6, 2020 No 2020 R1 SP1   Monday, Feb 24, 2020 Monday, Mar 09, 2020 No 2020 R1 SP2   Thursday, Mar 26, 2020 Thursday, Apr 09, 2020 No 2020 R2 Wednesday, Apr 13, 2020 Tuesday, Apr 14, 2020 Wednesday, May 20, 2020 No 2020 R2 SP1   Thursday, Jun 4, 2020 Thursday, Jul 2, 2020 No 2020 R3 Friday, Jul 10, 2020 PCS: Wednesday, Jul 15, 2020 UAT: Monday, Jul 27, 2020 Thursday, Aug 13, 2020 No 2020 R3 (CLS)     Saturday, Aug 15, 2020 Yes 2020 R3 SP1   Thursday, Sep 3, 2020 Tuesday, Sep 22, 2020 No 2020 R3 SP1 Hotfix (CLS)   Thursday, Sep 17, 2020 Thursday, Oct 1, 2020 No 2020 R3 SP2   Wednesday, Sep 30, 2020 Wednesday, Oct 14, 2020 No 2020 R3 SP2 (CLS)   Wednesday, Sep 30, 2020 Wednesday, Nov 4, 2020 No 2020 R3 SP3 Friday, Oct 30, 2020 - Monday, Nov 2, 2020 Tuesday, Nov 3, 2020 Thursday, Dec 3, 2020 No 2020 R3 SP3 (CLS only)   Monday, Nov 23, 2020 Thursday, Dec 3, 2020 No   FlexNet Operations Cloud LLM Release Production Copy Service (PCS) Data Refresh Date PCS / UAT Date Production Date Production Outage? 2020 R1 Wednesday, Jan 8, 2020 Thursday, Jan 9, 2020 Thursday, Feb 6, 2020 No 2020 R1 SP1   Monday, Feb 24, 2020 Monday, Mar 09, 2020 No 2020 R1 SP2   Thursday, Mar 26, 2020 Thursday, Apr 09, 2020 No 2020 R2 Wednesday, Apr 13, 2020 Tuesday, Apr 14, 2020 Wednesday, May 20, 2020 No 2020 R2 SP1   Thursday, Jun 4, 2020 Thursday, Jun 18, 2020 No 2020 R3 Friday, Jul 10, 2020 PCS: Wednesday, Jul 15, 2020 UAT: Monday, Jul 27, 2020 Thursday, Aug 13, 2020 No 2020 R3 (CLS)     Saturday, Aug 15, 2020 Yes 2020 R3 SP1   Thursday, Sep 3, 2020 Tuesday, Sep 22, 2020 No 2020 R3 SP1 Hotfix (CLS)   Thursday, Sep 17, 2020 Thursday, Oct 1, 2020 No 2020 R3 SP2   Wednesday, Sep 30, 2020 Wednesday, Oct 14, 2020 No 2020 R3 SP2 (CLS)   Wednesday, Sep 30, 2020 Wednesday, Nov 4, 2020 No 2020 R3 SP3 Friday, Oct 30, 2020 - Monday, Nov 2, 2020 Tuesday, Nov 3, 2020 Thursday, Dec 3, 2020 No 2020 R3 SP3 (CLS only)   Monday, Nov 23, 2020 Thursday, Dec 3, 2020 No  
View full article
Introduction This article is intended to offer some hints as to why there may be a crash in the LLS. It is not an exhaustive list of reasons but it may give some indication as to why there is a crash. Use Case 1: JVM out of memory. The local license server uses a JVM. It is possible that with a high volume of requests to the server, the JVM memory allocation is exhausted and there is the possibility that the server crashes. This is an unlikely scenario as the JVM will usually perform garbage collection and free up memory. Ideally, the server should be used on a machine that has a high allocation of memory that is available to the JVM through JVM settings. Use Case 2: LLS Database grows significantly large It has been seen that in certain situations the LLS can consume large amounts of disk space. This may be when usage is collected on the server but not synced to the back office. If the DB grows sufficiently large and there is not enough room on the disk, the server could crash. Again this is an unlikely occurrence and is mitigated by synching the usage records with the back office or by using a sufficiently large disk. Use Case 3: DB corruption This is an issue that occurs when there is a hard power event on the server machine. It is possible that the server is writing information to the database and power is lost on the machine. IT has been seen that this can result in a corruption of the database and a crash when the server starts up again. This can be mitigated by enabling the database backup functionality of the server. This will take regular backups of the database and allow you to restore the DB in the event of corruption. Use Case 4: Virus scanner or endpoint scanner It is sometimes possible that a virus scanner or security endpoint scanner could interpret some of the functionality of the LLS as a potential cause for alarm and prompt the user to allow or disallow. Disallowing could, potentially, cause the LLS to stop working as it is not able to perform some of its tasks correctly. It is advised to allow the LLS in virus scans or endpoint scans. More Information As mentioned this is not an exhaustive list and more use cases will be added to this as more are reported
View full article
Introduction: This article will help you understand how to modify a Text file present inside an archive. Instructions: Step1 : Create a new project. Step2 : Go to the sequence tab and add Modify Text File—In Archive Action in your desired install phase. Step3 : After that, you can select either an installed archive (can’t be used in the pre-install phase) or an existing archive. Step4 : We will be using Existing Archive, so we will have to add the location of the archive in the Existing Archive text field. Step5 : In the archive path, we will be adding the path to the text file inside the zip file. Here my archive is named TestArchive and contains a folder called Sample, which in turn contains a text file called greeting. Step6 : Next, we will append the string "world" inside the text file. Step7 : Select the Append radio button and enter the text "world" inside the TextArea provided. Step8 : Build and run the installer, navigate to your selected archive, and check the text file inside. It now should contain the string "world!" on a new line.
View full article
Introduction: This article will help you understand how to use Generic JDBC connection to use a custom string for establishing connections. This helps us in using custom strings when you need to use additional attributes for you connection string. Instructions: Step1 : Create a new project. Step2 : Navigate to Organization->Hosts and click on Add host and then select Database server.   Step3 : Got to Server Type Drop down and select generic JDBC connection. Step4 : Fill out Data Host Name, JDBC Driver Class and Dependencies for the Database and host you want to connect to Step5 : Use the Custom Connection String text field to use your own connection string and connect.  
View full article
Introduction : This Article will helps you to understand the steps required to Check whether the current user is admin or not through Evaluate custom rule. Instructions : To Create/Evaluate custom rule follow these simple steps Step1 : Open your InstallAnywhere project. Step2 : Go to "Rules" -> "Code Rules". Step3 : Click on "Add" to create a new code rule. Step4 : Give your rule a name (e.g., "Check if current user is admin"). Step5 : Paste the following code into the code editor: import com.zerog.ia.api.pub.CustomCodeRule; import java.io.IOException; public class AdminCheckRule implements CustomCodeRule { @Override public String getDefaultValue() { return null; } @Override public String execute() { if (isAdmin()) { return "User is admin"; } else { return "User is not admin"; } } private boolean isAdmin() { String osName = System.getProperty("os.name").toLowerCase(); if (osName.contains("windows")) { try { Process process = Runtime.getRuntime().exec("cmd.exe /c net session"); int resultCode = process.waitFor(); return resultCode == 0; } catch (IOException | InterruptedException e) { e.printStackTrace(); } } return false; // For non-Windows systems or if an exception occurs } } Step6 : Click on "OK" to save the rule. Step7 : Now, you can use this rule in your InstallAnywhere project. When you use it, a message box will only appear if the current user is an admin. To use this rule: Go to the location where you want to use this rule in your InstallAnywhere project. Right-click on that location and choose "Add Action". Select "Run custom code" from the list of actions. In the properties for this action, select your custom code rule ("Check if current user is admin"). Configure any additional properties for your message box, such as the message to display. Build and run your InstallAnywhere project. The message box will only appear if the current user is an admin.  
View full article