Oct 27, 2022
11:45 AM
Starting on November 3rd, 2022, at 09:00 PM (EDT), our cloud service providers are performing a maintenance, this maintenance window will remain open for six hours (until 03:00 AM EDT). Revenera Usage Intelligence services (Dashboard, APIs, SDK, etc..) are expected to experience less than 10 minutes of down time during this window.
You can follow the status of the maintenance via the Revenera Status Dashboard.
If you experience any issues or witness any abnormalities that last beyond the expected maintenance window, please raise a support ticket.
... View more
Labels
Oct 24, 2022
01:25 PM
Summary
A critical vulnerability potentially allowing remote code execution in Apache Commons Text impacting versions 1.5 through 1.9 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2022-42889, and is also commonly referred to as “Text4Shell”.
This article provides currently available information about the potential impact of the vulnerability on Revenera products.
NOTE: This is an ongoing assessment. Updates will be made to this advisory as further information becomes available.
As had been mentioned within the announcement of the maintainer of Apache Commons Text, while the vulnerability allows remote code execution, the vulnerability requires the use of an insecure configuration of Apache Commons Text. Such configurations are not expected to be common, but Revenera is nevertheless committed to assess its products based on any potential exposure.
Revenera Product Assessment
Product
Potential Exposure to CVE-2022-42889
Potentially Exposed Components or Versions
Fixed Version
Mitigation
Installation
InstallAnywhere
No, impacted module not used.
None
N/A
N/A
InstallShield
No, Apache Commons Text not used.
None
N/A
N/A
Software Composition Analysis
Code Aware
No, Apache Commons Text not used.
None
N/A
N/A
Code Insight
No, Apache Commons Text not used.
None
N/A
N/A
SBOM Insights
No, Apache Commons Text not used.
None
N/A
N/A
Software Monetization
Cloud Licensing (CLS)
No, impacted module not used.
None
2022.12
Upgrading to Apache Commons Text 1.10.0
Compliance Intelligence (RCI)
No, impacted module not used.
None
[Remediated]
Compliance Intelligence Gateway 6.4.1.25003
Upgraded to Apache Commons Text 1.10.0
FlexNet Connect
No, Apache Commons Text not used.
None
N/A
N/A
FlexNet Embedded - License Server Manager (FLSM)
No, Apache Commons Text not used.
None
N/A
N/A
FlexNet Embedded - Local License Server (LLS)
No, impacted module not used.
None
2022.12
Upgrading to Apache Commons Text 1.10.0
FlexNet Embedded SDK
No, Apache Commons Text not used.
None
N/A
N/A
FlexNet Operations - ALM
No, Apache Commons Text not used.
None
N/A
N/A
FlexNet Operations - LLM
No, Apache Commons Text not used.
None
N/A
N/A
FlexNet Operations On-Premise
No, Apache Commons Text not used.
None
N/A
N/A
FlexNet Publisher
No, Apache Commons Text not used.
None
N/A
N/A
Usage Intelligence (RUI)
No, Apache Commons Text not used.
None
N/A
N/A
The information on this page reflects:
The assessed status of Revenera’s SaaS systems.
The assessed status of all versions of Revenera’s products that are still supported (that is, they have not yet reached their End of Life). Product lifecycle dates can be found at https://docs.revenera.com/eol/default.htm.
Related Information
Information about Flexera products: https://community.flexera.com/t5/Community-Notices/Security-Advisory-Assessment-of-Flexera-s-products-exposure-to/ba-p/253503#M200
CVE definitions
CVE-2022-42889
Expanded CVE definitions:
https://www.cve.org/CVERecord?id=CVE-2022-42889
Apache Commons Text
Apache Commons Text CVE-2022-42889 Announcement
Change Log
2022-10-24 13:25 CDT : Initial notice posted
2022-10-25 09:25 CDT : Updated assessment for FlexNet Embedded - License Server Manager (FLSM)and Fixed Version information for FlexNet Embedded Local License Server (LLS) and Cloud Licensing Service (CLS).
2022-10-26 10:00 CDT : Updated assessment for FlexNet Embedded - SDK.
2022-10-28 12:35 CDT : Updated assessment for FlexNet Operations Cloud ALM and FlexNet Operations On-Premise.
2022-11-01 15:45 CDT : Updated assessment for FlexNet Operations Cloud LLM.
... View more
Labels
Oct 20, 2022
07:35 PM
Starting October 24, 2022, we are making it easier for customers to look up the status of their product issues filed through support cases.
Once this change is rolled out, customers will see the following changes in the case portal:
New tabs to filter the support case view by: Open Cases, Bugs, All Cases
Ability to see the product issue status under the new Bugs tab
Ability to filter cases by the product issue status, making it easier to see any issues that have been fixed in a new release
Ability to see the JIRA ticket associated with the product issue and cross-reference this again product release notes
For more information, please refer to the How-To articles below:
How to View Your Support Cases
How to View Product Issue Status
... View more
Labels:
Oct 20, 2022
07:20 PM
To view the status of your product issues submitted through a support case:
Log into the Revenera Community (Note: requires customer-level community access)
Navigate to Get Support -> Case Portal
Click the Bugs tab
This new display option lists all support cases where a product issue has been filed. The Status column displays the current status of the product issue.
The product issue status values include:
Status
Description
Under Assessment
The product team is currently triaging the product issue for validity. They may ask for additional information to better under the conditions upon with the issue occurs and its impact to your product.
Accepted
The product issue was found to be valid and will be considered for a future release.
Planned For: <target_release>
The product issue is targeted for the release specified. NOTE: Target releases are subject to change.
Fixed In: <fixed_release_version>
The product issue has been address in the product release specified. Please validate this with fixed version of the product and consider closing the support case if this addresses your original issue.
Will Not Fix
There are a variety of reasons a product issue will not be fixed e.g. not a invalid issue, considered an enhancement, etc. Please contact the Technical Support agent working your case for more details.
Other
This status is used for any support case where there are multiple product issues associated, and a single status cannot be displayed. To view the product issue status for such cases, click the case number. The JIRA Tickets section of the Case Summary page will display the status of each product issue associated with the case.
To filter cases by the product issue status:
Click Filter
Select the desired product issue status using the Status drop-down menu
... View more
Labels:
Oct 20, 2022
06:33 PM
To view support cases you've submitted:
Log into the Revenera Community (Note: requires customer-level community access)
Navigate to Get Support -> Case Portal
NOTE: To view all support cases belonging to your organization, you need to enable the All Company Cases filter. Please see the How to View All Cases from your Company article for details.
The case portal divides your support cases into three tabs:
Open Cases: Displays new or actively being worked on cases.
Bugs: Displays any support cases associated with a product issue.
All Cases: Displays all support cases which is not associated with a product issue. This includes closed cases and product enhancements.
Click on the tab to display the desired list of support cases.
... View more
Labels:
Oct 14, 2022
02:50 PM
Summary
An elevate privilege vulnerability was discovered in the FlexNet Publisher License Server. This article provides details about the vulnerability as well as mitigation and remediation options.
Description
This elevated privilege vulnerability, if exploited, may allow bypassing the lmgrd -2 -p -local option used to restrict license server administration to a local license administrator. The impact of this could result in license server disruption by an unauthorized user. All versions of FlexNet Publisher are susceptible to this issue.
Workaround
Producers may use the -x license server option to mitigate the issue. The -x option disables certain commands to be executed on the lmgrd/vendor daemon. It can only be applied to lmdown and lmremove commands:
-x lmdown option disables lmdown command on the lmgrd, preventing unauthorized license server shutdowns.
-x lmremove option disables lmremove command on the vendor daemon.
We recommend users review the License Server Manager “lmgrd” section of the FlexNet Publisher License Administration Guide for details about the -x option. This document is available for download from the Product and License Center.
Resolution
This vulnerability is remediated in FlexNet Publisher 2022 R3 (11.19.2.0) or greater. Users will need to upgrade their lmgrd to this version or higher.
Additional Information
Revenera knows of no exploits of this vulnerability in production deployments.
For identifying this vulnerability and disclosing it to Revenera under a responsible disclosure process, we'd like to thank the team members at Rapid7.
... View more
Labels:
Oct 14, 2022
02:50 PM
1 Kudo
The FlexNet Publisher 2022 R3 (11.19.2.0) is available for download from the Product and License Center.
This release includes product issue fixes . For information about these changes, please refer to the FlexNet Publisher 2022 R3 (11.19.2.0) Release Notes.
Note: To access the Product and License Center, be sure to register for the Revenera Community and provide the Account ID and Product ID information included in the Order Confirmation email sent by Revenera. If you are unable to access the Product and License Center, or have not been granted access, please contact our Revenera Technical Support.
... View more
Labels
Oct 14, 2022
09:00 AM
Revenera has completed the FlexNet Operations and FlexNet Connect SOC 2 Type 2 Report for 2022. The report is available to FlexNet Operations and FlexNet Connect customers only. To obtain a copy of the report you may send your request to SOC-Compliance@revenera.com.
Please note that the SOC 2 Type 2 Report is a confidential document, subject to the explicit terms stated in the Non-Disclosure Agreement or customer contract required for release of the report. As a recipient of this report you are subject to the restrictions of disclosure.
... View more
Labels
Oct 14, 2022
09:00 AM
Revenera has completed the FlexNet Operations SOC 2 Type 2 Report for 2022. The report is available to FlexNet Operations customers only. To obtain a copy of the report you may send your request to SOC-Compliance@revenera.com.
Please note that the SOC 2 Type 2 Report is a confidential document, subject to the explicit terms stated in the Non-Disclosure Agreement or customer contract required for release of the report. As a recipient of this report you are subject to the restrictions of disclosure.
... View more
Labels
Sep 29, 2022
10:45 AM
UPDATE: The FlexNet Operations Cloud 2022.10 release is now on the Production environment.
Original Post: Sep 29, 2022 08:45 AM
Here are the highlights and key dates for the upcoming Software Monetization 2022.10 release:
FlexNet Operations Cloud 2022.10 ALM
FlexNet Operations Cloud 2022.10 ALM in UAT (Sept 29th – no outage required)
FlexNet Operations Cloud 2022.10 ALM in Production (Oct 13th – no outage required)
The release includes enhancements to the Download Packaging Service APIs and other issue fixes.
For more details about these changes, please refer to the FlexNet Operations 2022.10 Release Notes which is available on the Documentation site.
FlexNet Operations Cloud 2022.10 LLM
FlexNet Operations Cloud 2022.10 LLM in UAT (Sept 29th – no outage required)
FlexNet Operations Cloud 2022.10 LLM in Production (Oct 13th – no outage required)
The FlexNet Operations Cloud 2022.10 LLM release includes customer-specific changes. There are no release notes for this release.
FlexNet Embedded 2022.10
Cloud Licensing Service 2022.10 in UAT (Sept 29th – no outage required)
Cloud Licensing Service 2022.10 in Production (Oct 13th – no outage required)
FlexNet Embedded Local License Server 2022.10 GA (Oct 13th)
The FlexNet Embedded 2022.10 release includes an enhancement that allows the Producer to define the order in which a license server’s host type is selected. No client changes in this release.
For more information, please refer to the FlexNet Embedded 2022.10 Release Notes available for download on the Product and License Center upon GA.
... View more
Labels
Sep 20, 2022
04:45 PM
The FlexNet Embedded Client 2022.09 release is now available for download from the Product and License Center.
For more information about the release, please refer to the FlexNet Embedded Client 2022.09 Release Notes available for download on the Product and License Center.
... View more
Labels
Sep 14, 2022
06:09 PM
Update:
The recording for this event is available on the Learning Center. Note: A customer-level community login is required to access this. Please contact Revenera Technical Support if you have any issues.
Join us on October 25, 2022 at 08:00 AM PDT (03:00 PM GMT) for an office hours session covering the FlexNet Operations Cloud Data Access and Sharing features. This session will include discussion about:
Revenera Data Strategy
New Access APIs
Roadmap highlights
Data Sharing
Be sure to save your spot by registering on the event page below:
Event Registration
NOTE: We have moved to a new event platform. Please see the "How to join Customer Events" article for assistance or post your questions here and we will respond as soon as possible.
We look forward to having you join us!
Team Revenera
... View more
Labels
Sep 13, 2022
11:04 AM
The FlexNet Embedded local license server 2022.09 release includes issue fixes to the license server functionality. Reminder the FlexNet Embedded SDK 2022.09 is scheduled for GA on September 20th.
For more information, please refer to the FlexNet Embedded license server 2022.09 Release Notes available for download on the Product and License Center.
... View more
Labels
Sep 13, 2022
09:15 AM
1 Kudo
We are excited to announce the launch of a new SaaS offering to our suite of Software Composition Analysis (SCA) solutions – SBOM Insights.
Modern software development stretches beyond your walls. A single application includes various parts from multiple developers and components from external partners—all delivered via different systems from both inside and outside of your organization.
SBOM Insights ingests data from a wide range of sources and then unifies all internal and external SBOMs into a single, actionable view.
CHECK IT OUT
This brand-new SaaS technology identifies outdated components, security vulnerabilities, and open-source license compliance issues. It expands the level of transparency into your products beyond the code under your control.
We invite you to a webinar on September 27 th for a SBOM Insights introduction.
For more information about SBOM Insights, contact us or reach out to your Revenera sales representative.
... View more
Labels
Aug 30, 2022
01:39 PM
1 Kudo
UPDATE: The FlexNet Operations Cloud 2022.09 release is now on the Production environment.
Here are the highlights and key dates for the upcoming Software Monetization 2022.09 release:
FlexNet Operations Cloud 2022.09 ALM
FlexNet Operations Cloud 2022.09 ALM in UAT (August 30th – no outage required)
FlexNet Operations Cloud 2022.09 ALM in Production (Sept 13th – no outage required)
The FlexNet Operations Cloud 2022.09 ALM release includes the following enhancements:
Enhanced Helm Charts user interface on the Producer Portal makes it easier to obtain the registry URL to add a new local chart repository
New optional parameter and endpoint for SOAP Web Services and REST APIs, respectively, to improve usability
There are also several issue fixes and customer-specific changes.
For more details about these changes, please refer to the FlexNet Operations 2022.09 Release Notes which is available on the Documentation site.
FlexNet Operations Cloud 2022.09 LLM
FlexNet Operations Cloud 2022.09 LLM in UAT (August 30th – no outage required)
FlexNet Operations Cloud 2022.09 LLM in Production (Sept 13th – no outage required)
The FlexNet Operations Cloud 2022.09 LLM release includes customer-specific changes and issue fixes. There are no release notes for this release.
FlexNet Embedded 2022.09
Cloud Licensing Service 2022.09 in UAT (August 30th – no outage required)
Cloud Licensing Service 2022.09 in Production (Sept 13th – no outage required)
FlexNet Embedded Local License Server 2022.09 GA (Sept 13th)
FlexNet Embedded SDK 2022.09 GA (Sept 20th)
The FlexNet Embedded 2022.09 release includes issue fixes to the license server functionality. The client changes include expanded platform support.
For more information, please refer to the FlexNet Embedded 2022.09 Release Notes available for download on the Product and License Center upon GA.
... View more
Labels
Latest posts by cvirata
Subject | Views | Posted |
---|---|---|
17 | Feb 07, 2023 09:53 AM | |
27 | Feb 06, 2023 06:17 PM | |
36 | Feb 03, 2023 05:27 PM | |
270 | Feb 01, 2023 12:04 PM | |
50 | Feb 01, 2023 11:26 AM | |
56 | Jan 30, 2023 02:03 PM | |
252 | Jan 25, 2023 11:15 PM | |
125 | Jan 17, 2023 12:18 PM | |
121 | Jan 06, 2023 05:02 PM | |
90 | Jan 05, 2023 06:59 PM |
Activity Feed
- Posted Software Monetization Office Hours: FlexNet Operations Roadmap Review on FlexNet Operations News. Feb 07, 2023 09:53 AM
- Posted Software Monetization Office Hours: FlexNet Licensing Roadmap Review on FlexNet Publisher News. Feb 06, 2023 06:17 PM
- Posted SCA Customer Office Hours #31 - February 23, 2023 (SCA Updates and Release Overviews) on SCA Customer Office Hours. Feb 03, 2023 05:27 PM
- Posted Incident: Case Portal Fails to Load on Community Information. Feb 01, 2023 12:04 PM
- Posted [Completed]: FlexNet Operations Cloud Production Copy Service (PCS) Maintenance on FlexNet Operations News. Feb 01, 2023 11:26 AM
- Posted Product News: Software Monetization 2023.02 Release on FlexNet Operations News. Jan 30, 2023 02:03 PM
- Posted Scheduled Maintenance: FlexNet Operations SSL Certificate Update – Compliance Endpoints (may require action) on FlexNet Operations News. Jan 25, 2023 11:15 PM
- Got a Kudo for Schedule Update: FlexNet Operations Cloud Production-Copy Service (PCS) environment data refresh. Jan 18, 2023 12:04 AM
- Posted Schedule Update: FlexNet Operations Cloud Production-Copy Service (PCS) environment data refresh on FlexNet Operations News. Jan 17, 2023 12:18 PM
- Posted Change to FlexNet Operations Cloud ALM ETL Job Schedule on FlexNet Operations News. Jan 06, 2023 05:02 PM
- Posted [Recording Available]: SCA Customer Office Hours #30 - January 19, 2023 (Manual Analysis Practices by Services) on SCA Customer Office Hours. Jan 05, 2023 06:59 PM
- Posted Product News: Software Monetization 2023.01 Release on FlexNet Operations News. Jan 04, 2023 12:19 PM
- Posted SBOM Insights 2022.12.1 Release Now Available on Product News. Dec 22, 2022 11:00 AM
- Posted SBOM Insights 2022.12.1 Release Now Available on SBOM Insights News. Dec 22, 2022 09:00 AM
- Got a Kudo for Happy Holidays from Revenera!. Dec 21, 2022 10:18 PM
- Posted Happy Holidays from Revenera! on Revenera Company News. Dec 21, 2022 11:00 AM
- Posted Announcing InstallAnywhere 2022 R2 on InstallAnywhere News. Dec 21, 2022 10:00 AM
- Posted FlexNet Operations Cloud 2023.01 Release Schedule Change on FlexNet Operations News. Dec 19, 2022 01:29 PM
- Got a Kudo for Scheduled Maintenance: FlexNet Operations Cloud SSL Certificate Update (may require action). Dec 16, 2022 12:26 PM
- Posted Product News: FlexNet Embedded license server 2022.12 release is now available on FlexNet Embedded News. Dec 15, 2022 09:50 AM