Starting on November 3rd, 2022, at 09:00 PM (EDT), our cloud service providers are performing a maintenance, this maintenance window will remain open for six hours (until 03:00 AM EDT). Revenera Usage Intelligence services (Dashboard, APIs, SDK, etc..) are expected to experience less than 10 minutes of down time during this window. You can follow the status of the maintenance via the Revenera Status Dashboard. If you experience any issues or witness any abnormalities that last beyond the expected maintenance window, please raise a support ticket. ... View more

Summary A critical vulnerability potentially allowing remote code execution in Apache Commons Text impacting versions 1.5 through 1.9 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2022-42889, and is also commonly referred to as “Text4Shell”. This article provides currently available information about the potential impact of the vulnerability on Revenera products. NOTE: This is an ongoing assessment. Updates will be made to this advisory as further information becomes available. As had been mentioned within the announcement of the maintainer of Apache Commons Text, while the vulnerability allows remote code execution, the vulnerability requires the use of an insecure configuration of Apache Commons Text. Such configurations are not expected to be common, but Revenera is nevertheless committed to assess its products based on any potential exposure. Revenera Product Assessment Product Potential Exposure to CVE-2022-42889 Potentially Exposed Components or Versions Fixed Version Mitigation Installation InstallAnywhere No, impacted module not used. None N/A N/A InstallShield No, Apache Commons Text not used. None N/A N/A   Software Composition Analysis Code Aware No, Apache Commons Text not used. None N/A N/A Code Insight No, Apache Commons Text not used. None N/A N/A SBOM Insights No, Apache Commons Text not used. None N/A N/A   Software Monetization Cloud Licensing (CLS) No, impacted module not used. None 2022.12 Upgrading to Apache Commons Text 1.10.0  Compliance Intelligence (RCI) No, impacted module not used. None [Remediated] Compliance Intelligence Gateway 6.4.1.25003 Upgraded to Apache Commons Text 1.10.0  FlexNet Connect No, Apache Commons Text not used. None N/A N/A FlexNet Embedded - License Server Manager (FLSM) No, Apache Commons Text not used. None N/A N/A FlexNet Embedded - Local License Server (LLS) No, impacted module not used. None 2022.12 Upgrading to Apache Commons Text 1.10.0  FlexNet Embedded SDK No, Apache Commons Text not used. None N/A N/A FlexNet Operations - ALM No, Apache Commons Text not used. None N/A N/A FlexNet Operations - LLM No, Apache Commons Text not used. None N/A N/A FlexNet Operations On-Premise No, Apache Commons Text not used. None N/A N/A FlexNet Publisher No, Apache Commons Text not used. None N/A N/A Usage Intelligence (RUI) No, Apache Commons Text not used. None N/A N/A   The information on this page reflects: The assessed status of Revenera’s SaaS systems. The assessed status of all versions of Revenera’s products that are still supported (that is, they have not yet reached their End of Life). Product lifecycle dates can be found at https://docs.revenera.com/eol/default.htm. Related Information Information about Flexera products: https://community.flexera.com/t5/Community-Notices/Security-Advisory-Assessment-of-Flexera-s-products-exposure-to/ba-p/253503#M200 CVE definitions CVE-2022-42889 Expanded CVE definitions: https://www.cve.org/CVERecord?id=CVE-2022-42889 Apache Commons Text Apache Commons Text CVE-2022-42889 Announcement Change Log 2022-10-24 13:25 CDT : Initial notice posted 2022-10-25 09:25 CDT : Updated assessment for FlexNet Embedded - License Server Manager (FLSM)and Fixed Version information for FlexNet Embedded Local License Server (LLS) and Cloud Licensing Service (CLS).  2022-10-26 10:00 CDT : Updated assessment for FlexNet Embedded - SDK. 2022-10-28 12:35 CDT : Updated assessment for FlexNet Operations Cloud ALM and FlexNet Operations On-Premise. 2022-11-01 15:45 CDT : Updated assessment for FlexNet Operations Cloud LLM. ... View more

Starting October 24, 2022, we are making it easier for customers to look up the status of their product issues filed through support cases.  Once this change is rolled out, customers will see the following changes in the case portal: New tabs to filter the support case view by: Open Cases, Bugs, All Cases Ability to see the product issue status under the new Bugs tab Ability to filter cases by the product issue status, making it easier to see any issues that have been fixed in a new release Ability to see the JIRA ticket associated with the product issue and cross-reference this again product release notes  For more information, please refer to the How-To articles below: How to View Your Support Cases How to View Product Issue Status ... View more

To view the status of your product issues submitted through a support case: Log into the Revenera Community   (Note: requires customer-level community access) Navigate to Get Support -> Case Portal Click the Bugs tab This new display option lists all support cases where a product issue has been filed. The Status column displays the current status of the product issue. The product issue status values include: Status Description Under Assessment The product team is currently triaging the product issue for validity. They may ask for additional information to better under the conditions upon with the issue occurs and its impact to your product. Accepted The product issue was found to be valid and will be considered for a future release. Planned For: <target_release> The product issue is targeted for the release specified. NOTE: Target releases are subject to change. Fixed In: <fixed_release_version> The product issue has been address in the product release specified. Please validate this with fixed version of the product and consider closing the support case if this addresses your original issue. Will Not Fix There are a variety of reasons a product issue will not be fixed e.g. not a invalid issue, considered an enhancement, etc. Please contact the Technical Support agent working your case for more details. Other This status is used for any support case where there are multiple product issues associated, and a single status cannot be displayed. To view the product issue status for such cases, click the case number. The JIRA Tickets section of the Case Summary page will display the status of each product issue associated with the case.     To filter cases by the product issue status: Click Filter Select the desired product issue status using the Status drop-down menu  ... View more

To view support cases you've submitted: Log into the Revenera Community (Note: requires customer-level community access) Navigate to Get Support -> Case Portal NOTE: To view all support cases belonging to your organization, you need to enable the All Company Cases filter. Please see the How to View All Cases from your Company article for details. The case portal divides your support cases into three tabs: Open Cases: Displays new or actively being worked on cases. Bugs: Displays any support cases associated with a product issue.  All Cases: Displays all support cases which is not associated with a product issue. This includes closed cases and product enhancements.  Click on the tab to display the desired list of support cases. ... View more

Summary An elevate privilege vulnerability was discovered in the FlexNet Publisher License Server. This article provides details about the vulnerability as well as mitigation and remediation options. Description This elevated privilege vulnerability, if exploited, may allow bypassing the lmgrd -2 -p -local option used to restrict license server administration to a local license administrator. The impact of this could result in license server disruption by an unauthorized user. All versions of FlexNet Publisher are susceptible to this issue. Workaround Producers may use the -x license server option to mitigate the issue. The -x option disables certain commands to be executed on the lmgrd/vendor daemon. It can only be applied to lmdown and lmremove commands: -x lmdown option disables lmdown command on the lmgrd, preventing unauthorized license server shutdowns. -x lmremove option disables lmremove command on the vendor daemon. We recommend users review the License Server Manager “lmgrd” section of the FlexNet Publisher License Administration Guide for details about the -x option. This document is available for download from the Product and License Center. Resolution This vulnerability is remediated in FlexNet Publisher 2022 R3 (11.19.2.0) or greater.  Users will need to upgrade their lmgrd to this version or higher. Additional Information Revenera knows of no exploits of this vulnerability in production deployments. For identifying this vulnerability and disclosing it to Revenera under a responsible disclosure process, we'd like to thank the team members at Rapid7. ... View more

The FlexNet Publisher 2022 R3 (11.19.2.0) is available for download from the Product and License Center. This release includes product issue fixes .  For information about these changes, please refer to the FlexNet Publisher 2022 R3 (11.19.2.0) Release Notes. Note: To access the Product and License Center, be sure to register for the Revenera Community and provide the Account ID and Product ID information included in the Order Confirmation email sent by Revenera.  If you are unable to access the Product and License Center, or have not been granted access, please contact our Revenera Technical Support. ... View more

Revenera has completed the FlexNet Operations and FlexNet Connect SOC 2 Type 2 Report for 2022. The report is available to FlexNet Operations and FlexNet Connect customers only. To obtain a copy of the report you may send your request to   SOC-Compliance@revenera.com. Please note that the SOC 2 Type 2 Report is a confidential document, subject to the explicit terms stated in the Non-Disclosure Agreement or customer contract required for release of the report. As a recipient of this report you are subject to the restrictions of disclosure. ... View more

Revenera has completed the FlexNet Operations SOC 2 Type 2 Report for 2022. The report is available to FlexNet Operations customers only. To obtain a copy of the report you may send your request to   SOC-Compliance@revenera.com. Please note that the SOC 2 Type 2 Report is a confidential document, subject to the explicit terms stated in the Non-Disclosure Agreement or customer contract required for release of the report. As a recipient of this report you are subject to the restrictions of disclosure. ... View more

UPDATE:  The FlexNet Operations Cloud 2022.10 release is now on the Production environment. Original Post:  Sep 29, 2022   08:45 AM   Here are the highlights and key dates for the upcoming Software Monetization 2022.10 release:   FlexNet Operations Cloud 2022.10 ALM   FlexNet Operations Cloud 2022.10 ALM in UAT (Sept 29th – no outage required) FlexNet Operations Cloud 2022.10 ALM in Production (Oct 13th – no outage required) The release includes enhancements to the Download Packaging Service APIs and other issue fixes.   For more details about these changes, please refer to the FlexNet Operations 2022.10 Release Notes which is available on the Documentation site. FlexNet Operations Cloud 2022.10 LLM   FlexNet Operations Cloud 2022.10 LLM in UAT (Sept 29th – no outage required) FlexNet Operations Cloud 2022.10 LLM in Production (Oct 13th – no outage required) The FlexNet Operations Cloud 2022.10 LLM release includes customer-specific changes. There are no release notes for this release. FlexNet Embedded 2022.10   Cloud Licensing Service 2022.10 in UAT (Sept 29th – no outage required) Cloud Licensing Service 2022.10 in Production (Oct 13th – no outage required) FlexNet Embedded Local License Server 2022.10 GA (Oct 13th) The FlexNet Embedded 2022.10 release includes an enhancement that allows the Producer to define the order in which a license server’s host type is selected. No client changes in this release.   For more information, please refer to the FlexNet Embedded 2022.10 Release Notes available for download on the Product and License Center upon GA.   ... View more

The FlexNet Embedded Client 2022.09 release is now available for download from the Product and License Center. For more information about the release, please refer to the FlexNet Embedded Client 2022.09 Release Notes available for download on the   Product and License Center. ... View more

Update:  The recording for this event is available on the Learning Center. Note: A customer-level community login is required to access this. Please contact Revenera Technical Support if you have any issues. Join us on October 25, 2022 at 08:00 AM PDT (03:00 PM GMT) for an office hours session covering the FlexNet Operations Cloud Data Access and Sharing features. This session will include discussion about: Revenera Data Strategy New Access APIs Roadmap highlights Data Sharing Be sure to save your spot by registering on the event page below: Event Registration NOTE: We have moved to a new event platform. Please see the "How to join Customer Events" article for assistance or post your questions here and we will respond as soon as possible. We look forward to having you join us! Team Revenera ... View more

The FlexNet Embedded local license server 2022.09 release includes issue fixes to the license server functionality. Reminder the FlexNet Embedded SDK 2022.09 is scheduled for GA on September 20th. For more information, please refer to the FlexNet Embedded license server 2022.09 Release Notes available for download on the Product and License Center. ... View more

We are excited to announce the launch of a new SaaS offering to our suite of Software Composition Analysis (SCA) solutions – SBOM Insights. Modern software development stretches beyond your walls. A single application includes various parts from multiple developers and components from external partners—all delivered via different systems from both inside and outside of your organization.    SBOM Insights ingests data from a wide range of sources and then unifies all internal and external SBOMs into a single, actionable view.    CHECK IT OUT This brand-new SaaS technology identifies outdated components, security vulnerabilities, and open-source license compliance issues. It expands the level of transparency into your products beyond the code under your control. We invite you to a webinar on September 27 th for a SBOM Insights introduction. For more information about SBOM Insights, contact us or reach out to your Revenera sales representative.   ... View more

UPDATE:  The FlexNet Operations Cloud 2022.09 release is now on the Production environment. Here are the highlights and key dates for the upcoming Software Monetization 2022.09 release: FlexNet Operations Cloud 2022.09 ALM FlexNet Operations Cloud 2022.09 ALM in UAT (August 30th – no outage required) FlexNet Operations Cloud 2022.09 ALM in Production (Sept 13th – no outage required) The FlexNet Operations Cloud 2022.09 ALM release includes the following enhancements: Enhanced Helm Charts user interface on the Producer Portal makes it easier to obtain the registry URL to add a new local chart repository New optional parameter and endpoint for SOAP Web Services and REST APIs, respectively, to improve usability There are also several issue fixes and customer-specific changes. For more details about these changes, please refer to the FlexNet Operations 2022.09 Release Notes which is available on the Documentation site. FlexNet Operations Cloud 2022.09 LLM FlexNet Operations Cloud 2022.09 LLM in UAT (August 30th – no outage required) FlexNet Operations Cloud 2022.09 LLM in Production (Sept 13th – no outage required) The FlexNet Operations Cloud 2022.09 LLM release includes customer-specific changes and issue fixes. There are no release notes for this release. FlexNet Embedded 2022.09 Cloud Licensing Service 2022.09 in UAT (August 30th – no outage required) Cloud Licensing Service 2022.09 in Production (Sept 13th – no outage required) FlexNet Embedded Local License Server 2022.09 GA (Sept 13th) FlexNet Embedded SDK 2022.09 GA (Sept 20th) The FlexNet Embedded 2022.09 release includes issue fixes to the license server functionality. The client changes include expanded platform support. For more information, please refer to the FlexNet Embedded 2022.09 Release Notes available for download on the Product and License Center upon GA. ... View more