Revision History
This section describes enhancements implemented and issues resolved in the last three major releases of Sentinel Run-time Environment.
The revision history for earlier versions of Sentinel Run-time Environment is available at: https://docs.sentinel.thalesgroup.com/ldk/LDKdocs/RTE_History/Default.htm
Enhancements in Version 8.41
Reference | Description |
---|---|
SM-97094 |
You can now set an expiration date for client identities. This enables vendors to: >Easily manage trial by providing users with expiring identities that consume the same license. This removes the need to generate a new key and a new license for each trial. >Manage which users can access a concurrency license and for how long. |
SM-111379 |
The License Manager now supports the use of dynamic memory for SL AdminMode keys . To support this functionality, VLIB 8.41 or later must be deployed with the Run-time Environment. |
Issues Resolved in Version 8.41
Reference | Description |
---|---|
SM-119586 |
After connecting to a VPN, when you click Submit on the Access to Remote ACC panel, a false-positive warning similar to the following was sometimes displayed: "A duplicate License Manager ID exists on this server and on the server at address 10.42.49.253. This is typically caused by cloning a VM. Licenses on these two servers may be inaccessible" |
SM-119327 |
If no host is specified, AdminAPI uses "localhost" to connect to the License Manager. But in modern machines, localhost is resolved to "::1". This may not work because the IPv6 option may be disabled in the License Manager. AdminAPI now uses "127.0.0.1" instead of "::1". |
SM-115393 |
When the client identity is installed in Admin Control Center, and the License Manger received a detached license from a remote machine, a local API was affected by the local License Manager detachable configuration. However, the local License Manager should have only acted as the forwarder in this case. |
Enhancements in Version 8.31
Reference | Description |
---|---|
SM-108300 |
Admin Control Center help system now describes how to set a user name for the ACC administrator. Setting a user name helps to improve security for Admin Control Center. For details, open the Admin Control Center help. From the list of links at the bottom of the pages, click Configuration > Managing User Access to Admin License Manager Information > Setting a User Name for the ACC Administrator. |
Issues Resolved in Version 8.31
Reference | Description |
---|---|
SM-104739 |
When the Windows user names includes non-unicode characters as in Korean and Chinese names, installing a rebranded RTE returns "EMSUrl.properties processing" error. |
SM-102367 | In some cases, RTE installation would fail with error -536870329. |
Enhancements in Version 8.23
Reference | Description |
---|---|
SM-17686 |
A customer can now detach one or more seats with concurrency from a cloud license server and install them on a machine with a client identity. Applications on remote machines in the same LAN can then consume seats from this machine. This enables customers to: > Set up second-level license servers. > Control the number of local hardware resources used by an application. |
Issues Resolved in Version 8.23
Reference | Description |
---|---|
SM-98723 | The License Manager would log each individual Feature request from other License Managers. This resulted in an excessive number of entries in the License Manager log file. |
SM-99308 |
When connecting with port 80, Login/Logout/Encrypt API calls to cloud SL keys installed on a cloud license server would cause repeated WSAECONNREFUSED and ESELECTTIMEDOUT errors on the client machine. |
Enhancements in Version 8.21
Reference | Description |
---|---|
By default, the Run-time Environment is now installed without legacy drivers whenever possible. As a result, the RTE installation is more stable and reliable. For more information, see the description of legacy drivers in this document. |
|
Admin Control Center has been updated to keep it consistent with changes in the appearance of Sentinel LDK user interfaces and documents to match other Thales products. | |
The Run-time Environment installer has been improved. Previously, completion of the upgrade of the Run-time Environment (hasplms.exe) was sometimes blocked if the existing Sentinel License Manager was locked by another process. With the installer for RTE 8.21, if this situation occurs, the user can now select one of these options: > Stop the process that is locking the Sentinel License Manager and then continue the Run-time Environment upgrade. >Restart the machine. The Run-time Environment upgrade continues immediately after the restart. > Cancel the upgrade. |
|
SM-86274 |
The License Manager now supports releasing an identity-based license on a remote machine. An end user who is assigned an identity-based license is typically granted the right to access that license from two or more machines, but only from a single machine at any given time. The user may face a situation in which they access their license from one machine (for example, their office machine) but fail to close the application's session. If they later attempt to access their license from a different machine (for example, their home machine), the login to the license will fail and return the status code HASP_IDENTITY_SHARING_VIOLATION. The protected application can provide users with the option to release their license from the original session and assign it to the new session. |
Issues Resolved in Version 8.21
Reference | Description |
---|---|
SM-91083 | A user of Admin Control Center was not able to clear the password for accessing or configuring the License Manager once a password has been set. |
SM-93806 | Sentinel Admin API would return invalid XML when the Issue To field of client identities contains some special characters. |
SM-93811 | When a user would attempt to rehost a license from RTE 8.1x to an RTE version lower than 8.11, the error 30 HASP_INV_SIG was returned. |
SM-94573 |
With cloud licensing, when opening a remote session, the session would be closed after 15 minutes if no hasp call was made on the session. This resolution fixes the keep-alive timeout. |
SM-96073 | The License Manager would fail under certain circumstance when working with client identities. |
SM-96715 | Memory leak while using identity sessions have been resolved. |
SM-97123 | Firewall compatibility for identity communications has been improved. |
Enhancements in Version 8.15
Reference | Description |
---|---|
The documentation for the Sentinel Run-time Environment (RTE) is now provided in HTML5 format. As a result, the documentation is modular and easier to navigate. Because of this change, the path for accessing the documents online has changed. If you created shortcuts to access RTE documentation from the Thales web site, you must modify your shortcuts accordingly. The paths for accessing the online RTE Readme files can be taken from: https://docs.sentinel.thalesgroup.com/ldk/rte.htm |
|
SM-13165 |
Admin Control Center enables a customer to specify which users can access a license on a license server machine. You can now include domain names as part of the restrictions that they specify for this purpose. For example, you can now specify: allow=username@hostname.domainname,... For more information, see the description of the User Restrictions parameter on the Configuration > Users page of Admin Control Center. |
SM-82156 |
Network licenses will be accessible even if port 1947 is not open in the firewall. To enable this enhancement, you must select the option Listen for clients also on port 80 in the Admin Control Center configuration. |
SM-83530 |
When setting or changing the password for making changes in the Admin License Manager (using Admin Control Center or Sentinel Admin API), you must now specify a strong password. The password must satisfy the following requirements: >At least eight characters long >At least one uppercase letter (A-Z) and one lowercase letter (a-z) >At least one number (0-9) OR one special character (for example: ! @ # $ % ^ & * " ( ) . , - +) These requirements are enforced when a password is added or changed. There is no warning or action required if the existing password does not satisfy these requirements. |
SM-83532 | When you enable remote access to Admin Control Center, you must enable password protection for accessing the configuration pages for Admin Control Center. You have the option of requiring a password to access any part of Admin Control Center. |
SM-85983 | Sentinel LDK Run-time Environment now supports the ability for Sentinel EMS to push produced entitlements directly to a license server machine without need to exchange C2V and V2C files. This simplifies the process for software vendors to maintain cloud licenses on their license server machine. |
SM-86109 |
Sentinel LDK Run-time Environment now supports a new method for detaching licenses: Automatic Detach. This method is especially useful when working with cloud licenses. When Automatic Detach is enabled, a protected application automatically detaches a network seat from an SL key (that supports concurrency) when the application requires a license. As a result, the application can continue to operate even if the connection to the SL key is interrupted. The application retains the license for a predefined number of hours. For more information, see the description of detaching licenses in the Admin Control Center help system. |
SM-88183 |
When creating a client identity for cloud licensing and specifying the Limit to Key ID parameter, you can now specify multiple key IDs for a given client identity. |
SM-88905 |
If the installed Run-time Environment is version 7.101 or later, it will not be uninstalled before installing the new Run-time Environment. This is because the driver binary has not been updated in the new version. As a result, the installation time for the new Run-time Environment will be reduced if the same version of the driver binary is already installed in the system. |
Issues Resolved in Version 8.15
Reference | Description |
---|---|
SM-85071 | An internal API error would occur when applying a v2c in a machine where haspvlib 8.13 and Runtime 8.11 were installed. |
SM-86348 |
Under rare circumstances, the following error was logged: log_error("Failed udp accept() call " SYS_ERROR_FORMAT "\n", SYS_ERROR_ARGS). This was caused by a read_UDP with a wait. This issue has been resolved. |
SM-89355 SM-89307 | A security issue regarding certain protection keys has been resolved. |
Enhancements in Version 8.13
Reference | Description |
---|---|
SM-50563 | Enhancements to clone protection scheme VMType3 are now supported by the Admin License Manager. This scheme now supports the Amazon EC2 cloud computing service in addition to Microsoft Azure. This provides enhanced clone protection for protected applications that execute on these platforms. |
SM-66926 | You can now generate a C2V file for a Master key or Developer key using the Sentinel Keys page in Admin Control Center. |
SM-70231 | Disk serial number is now included in the fingerprint of the end user's machine, regardless of third party driver versions (for example: Intel RAID). |
SM-80982 | Sentinel Run-time Environment now supports the cloud licensing functionality that was added to Sentinel Admin API. Using this new functionality, you can now use Admin API to automate the management of identity clients instead of performing manual operations in Sentinel Admin Control Center. |
SM-81994 | The field "Issued to Client" on the configuration page for client identities has been renamed "Issued to". |
SM-82620 | Documentation has been updated to better describe the behavior of the Run-time Environment command line installer when a V2C file is present in the directory. See the description of installing the Run-time Environment in this document. |
Issues Resolved in Version 8.13
Reference | Description |
---|---|
SM-78964 |
haspdinst.exe would fail if a vendor library is present on the machine but it is not signed or if the signature is not correct. The behavior of haspdinst.exe has been changed so that in these situations: >The installation of the Run-time Environment succeeds, but the vendor library is not copied to the destination path. > An entry is added to the log file stating that the full path of the vendor library is not signed or its signature is not correct, and that it was not copied to the destination path. |
SM-80253 | Certain security vulnerabilities have been resolved. Thales would like to acknowledge Positive Technologies for responsible disclosure of these vulnerabilities. |
SM-80941 |
Given the following circumstances: >RTE version 8.11 is installed on a license server machine. >A license with multiple products (SL or HL) is installed. >User restrictions are defined. For example: >USER_A attempts to consume a license from Product 1. The request is denied. > Using the same login scope, USER_A then attempts to consume a license from Product 2. The second attempt would also fail, even though the user is authorized to consume a license from Product 2. |
SM-81033 |
The following issues were resolved: >When performing an offline license detach, the expiration date field in the H2R file did not contain a value for the year. For example: <tr><td>expiration</td><td><b>Sun Jul 12, 15:59:30 UTC</b></td></tr> >When using Admin API for .NET: If you call the API “AdminApi.Get” (any scope, element :ExpirationDate) the expiration date information did not contain a value for the year. |
SM-81658 |
Given the following circumstances: >RTE version 8.11 is installed on a license server machine. >User restrictions on the license server are set to: A client attempting to consume a license from the server would get the return status code 40/HASP_REMOTE_COMM_ERR instead of the expected status code 53/USER_ACCESS_DENIED. |
Enhancements in Version 8.11
Reference | Description |
---|---|
SM-7201 |
This release of Sentinel LDK Run-time Environment introduces cloud licensing to serve network license seats to remote machines over the Internet. A remote machine with the required identity information will be able to consume a network seat or detach a license from the license server machine. The license server machine can be hosted on a cloud server either by the software vendor (for all customers) or by the individual customers for users in their organizations. |
Issues Resolved in Version 8.11
Reference | Description |
---|---|
SM-63276 | Allocation of network seats from a remote License Manager with duplicate Features has been optimized. |
SM-60133 |
A guest on Hyper-V was recognized by Admin Control Center as a virtual PC rather than as a Hyper-V guest. |
SM-71776 | When an update to a 6.x Firmware key contains a large number of Features, a timeout would occur. |
SM-73072 SM-73074 |
"Denial of Service" vulnerabilities were resolved. |