Revision History

This section describes enhancements implemented and issues resolved in the last three major releases of Sentinel Run-time Environment.

The revision history for earlier versions of Sentinel Run-time Environment is available at: https://docs.sentinel.thalesgroup.com/ldk/LDKdocs/RTE_History/Default.htm

Enhancements in Version 8.23

Reference Description
SM-17686

A customer can now detach one or more seats with concurrency from a cloud license server and install them on a machine with a client identity. Applications on remote machines in the same LAN can then consume seats from this machine. This enables customers to:

> Set up second-level license servers.

> Control the number of local hardware resources used by an application.

SM-99835 The Admin License Manager now supports Internet Protocol version 6 (IPv6).

Issues Resolved in Version 8.23

Reference Description
SM-98723 The License Manager would log each individual Feature request from other License Managers. This resulted in an excessive number of entries in the License Manager log file.
SM-99308

When connecting with port 80, Login/Logout/Encrypt API calls to cloud SL keys installed on a cloud license server would cause repeated WSAECONNREFUSED and ESELECTTIMEDOUT errors on the client machine.

Enhancements in Version 8.21

Reference Description
  Admin Control Center has been updated to keep it consistent with changes in the appearance of Sentinel LDK user interfaces and documents to match other Thales products.
SM-89762 The Run-time Environment now supports protected applications executing in LXC Linux containers.

Issues Resolved in Version 8.21

Reference Description
SM-91083 A user of Admin Control Center was not able to clear the password for accessing or configuring the License Manager once a password has been set.
SM-93806 Sentinel Admin API would return invalid XML when the Issue To field of client identities contains some special characters.
SM-93811 When a user would attempt to rehost a license from RTE 8.1x to an RTE version lower than 8.11, the error 30 HASP_INV_SIG was returned.
SM-94573

With cloud licensing, when opening a remote session, the session would be closed after 15 minutes if no hasp call was made on the session. This resolution fixes the keep-alive timeout.

SM-96073 The License Manager would fail under certain circumstance when working with client identities.
SM-96715 Memory leak while using identity sessions have been resolved.
SM-97123 Firewall compatibility for identity communications has been improved.

Enhancements in Version 8.15

Reference Description
 

The documentation for the Sentinel Run-time Environment (RTE) is now provided in HTML5 format. As a result, the documentation is modular and easier to navigate.

Because of this change, the path for accessing the documents online has changed. If you created shortcuts to access RTE documentation from the Thales web site, you must modify your shortcuts accordingly.

The paths for accessing the online RTE Readme files can be taken from: https://docs.sentinel.thalesgroup.com/ldk/rte.htm

SM-13165

Admin Control Center enables a customer to specify which users can access a license on a license server machine.

You can now include domain names as part of the restrictions that they specify for this purpose. For example, you can now specify:

allow=username@hostname.domainname,...
allow=khsingh@noi-2n39623.thaesgroup.com

For more information, see the description of the User Restrictions parameter on the Configuration > Users page of Admin Control Center.

SM-82156

Network licenses will be accessible even if port 1947 is not open in the firewall. To enable this enhancement, you must select the option Listen for clients also on port 80 in the Admin Control Center configuration.

SM-83530

When setting or changing the password for making changes in the Admin License Manager (using Admin Control Center or Sentinel Admin API), you must now specify a strong password. The password must satisfy the following requirements:

>At least eight characters long

>At least one uppercase letter (A-Z) and one lowercase letter (a-z)

>At least one number (0-9) OR one special character (for example: ! @ # $ % ^ & * " ( ) . , - +)

These requirements are enforced when a password is added or changed. There is no warning or action required if the existing password does not satisfy these requirements.

SM-83532 When you enable remote access to Admin Control Center, you must enable password protection for accessing the configuration pages for Admin Control Center. You have the option of requiring a password to access any part of Admin Control Center.
SM-85983 Sentinel LDK Run-time Environment now supports the ability for Sentinel EMS to push produced entitlements directly to a license server machine without need to exchange C2V and V2C files. This simplifies the process for software vendors to maintain cloud licenses on their license server machine.
SM-86109

Sentinel LDK Run-time Environment now supports a new method for detaching licenses: Automatic Detach.

This method is especially useful when working with cloud licenses.

When Automatic Detach is enabled, a protected application automatically detaches a network seat from an SL key (that supports concurrency) when the application requires a license. As a result, the application can continue to operate even if the connection to the SL key is interrupted. The application retains the license for a predefined number of hours.

For more information, see the description of detaching licenses in the Admin Control Center help system.

SM-88183

When creating a client identity for cloud licensing and specifying the Limit to Key ID parameter, you can now specify multiple key IDs for a given client identity.

Issues Resolved in Version 8.15

Reference Description
SM-85071 An internal API error would occur when applying a v2c in a machine where haspvlib 8.13 and Runtime 8.11 were installed.
SM-85074 The Run-time Environment was not able to support multiple monitors in Ubuntu for Terminal Server detection
SM-86348

Under rare circumstances, the following error was logged:

log_error("Failed udp accept() call " SYS_ERROR_FORMAT "\n", SYS_ERROR_ARGS).

This was caused by a read_UDP with a wait. This issue has been resolved.

SM-89156 When generating a C2V file with a fingerprint, the Run-time Environment or Licensing API would not detect that the customer's machine is an Amazon EC2 platform.
SM-89355 SM-89307 A security issue regarding certain protection keys has been resolved.

Enhancements in Version 8.13

Reference Description
SM-50563 Enhancements to clone protection scheme VMType3 are now supported by the Admin License Manager. This scheme now supports the Amazon EC2 cloud computing service in addition to Microsoft Azure. This provides enhanced clone protection for protected applications that execute on these platforms.
SM-66926 You can now generate a C2V file for a Master key or Developer key using the Sentinel Keys page in Admin Control Center.
SM-70231 Disk serial number is now included in the fingerprint of the end user's machine, regardless of third party driver versions (for example: Intel RAID).
SM-80982 Sentinel Run-time Environment now supports the cloud licensing functionality that was added to Sentinel Admin API. Using this new functionality, you can now use Admin API to automate the management of identity clients instead of performing manual operations in Sentinel Admin Control Center.
SM-81994 The field "Issued to Client" on the configuration page for client identities has been renamed "Issued to".

Issues Resolved in Version 8.13

Reference Description
SM-80253 Certain security vulnerabilities have been resolved. Thales would like to acknowledge Positive Technologies for responsible disclosure of these vulnerabilities.
SM-80941

Given the following circumstances:

>RTE version 8.11 is installed on a license server machine.

>A license with multiple products (SL or HL) is installed.

>User restrictions are defined. For example:
deny=USER_A@all,product:1
allow=USER_A@all,product:2

>USER_A attempts to consume a license from Product 1. The request is denied.

> Using the same login scope, USER_A then attempts to consume a license from Product 2.

The second attempt would also fail, even though the user is authorized to consume a license from Product 2.

SM-81033

The following issues were resolved:

>When performing an offline license detach, the expiration date field in the H2R file did not contain a value for the year. For example: <tr><td>expiration</td><td><b>Sun Jul 12, 15:59:30 UTC</b></td></tr>

>When using Admin API for .NET: If you call the API “AdminApi.Get” (any scope, element :ExpirationDate) the expiration date information did not contain a value for the year.

SM-81658

Given the following circumstances:

>RTE version 8.11 is installed on a license server machine.

>User restrictions on the license server are set to: deny=all@all

A client attempting to consume a license from the server would get the return status code 40/HASP_REMOTE_COMM_ERR instead of the expected status code 53/USER_ACCESS_DENIED.

Enhancements in Version 8.11

Reference Description

SM-7201

This release of Sentinel LDK Run-time Environment introduces cloud licensing to serve network license seats to remote machines over the Internet. A remote machine with the required identity information will be able to consume a network seat or detach a license from the license server machine. The license server machine can be hosted on a cloud server either by the software vendor (for all customers) or by the individual customers for users in their organizations.

Issues Resolved in Version 8.11

Reference Description
SM-63276 Allocation of network seats from a remote License Manager with duplicate Features has been optimized.
SM-71776 When an update to a 6.x Firmware key contains a large number of Features, a timeout would occur.
SM-73072
SM-73074
"Denial of Service" vulnerabilities were resolved.

Enhancements in Version 7.103

Reference Description

SM-51158

Admin API now supports the use of HTTPS for communication with a remote Admin License Manager.

SM-12702

A local or remote user can now use the "Sentinel Keys Available" page of Admin Control Center (instead of the RUS utility) to generate a fingerprint.

Note: For Linux or Mac (where Admin Control Center is available), only SL AdminMode fingerprints can be generated.

Issues Resolved in Version 7.103

Reference Description

SM-66308

Certain important security issues were resolved. For more information, see the reference to article KB0020564 in the Gemalto Security Updates page: https://sentinel.gemalto.com/technical-support/security-updates-sm/

Gemalto acknowledges and thanks Vladimir Dashchenko from Kaspersky Lab ICS CERT for responsible disclosure of these vulnerabilities.

Issues Resolved in Version 7.102

Reference Description

SM-26322

Certain important security issues were resolved. For more information, see the reference to article KB0020199 in the Gemalto Security Updates page: https://sentinel.gemalto.com/technical-support/security-updates-sm/

Gemalto acknowledges and thanks Artem Zinenko from Kaspersky Lab ICS CERT for responsible disclosure of these vulnerabilities.

SM-62256 Under certain circumstances, it was possible to misuse detached licenses.

Enhancements in Version 7.101

Reference Description
SM-61960

The Run-time Environment now supports controlling the generation of the License Manager ID files. This is done using the Enable Detaching of Licenses configuration check box in Admin Control Center. When selected, the License Manager generates ID files. When cleared, the License Manager stops generating any new ID files. However, the existing ID files are retained.

By default, the Enable Detaching of Licenses check box is cleared.

Enhancements in Version 7.100

Reference Description
SM-47546 The Run-time Environment now supports the ability of the Licensing API to check remaining idle time before a protection key login session is terminated. Checking the remaining idle time does not reset the session.
SM-7269 SM-54601 The Run-time Environment now supports protecting applications that run in a Docker container. The scheme VMType4 is supported for clone protection.

Issues Resolved in Version 7.100

Reference Description
SM-56397

Given the following circumstances:

>A license for a Product is detached from a customer's license server and applied on a different machine

>In Sentinel EMS, the original entitlement for the Product is copied and used to create an update to the Product. The update is applied to the license server machine.

>The detached license is canceled and returned to the license server.

The number of available seats of the Product on the license server would not reflect that the license had been returned.

SM-57376 In certain situations, an SL license would disappear after system reboot.
SM-57569 Under certain circumstances, the License Manager clock would freeze during hibernation or in stand-by mode.