We have released a maintenance update to RLM v15.1BL1. This release primarily addresses a critical security vulnerability in the Mongoose web server:
- Upgraded Mongoose to 7.11 addressing 2 critical vulnerabilities. (The CVE for these vulnerabilities will not be published publicly until August 25th.)
If you have already updated to v15.1BL1, we strongly recommend updating to v15.1BL2. In addition to addressing this vulnerability we have fixed a number of regressions in v15.1 related to the web interface, as well as closing memory leaks in the client library:
- Fixed OpenSSL memory leaks in client library.
- Fixed empty password causing shutdown when using -nows.
- Fixed issue where password licenses were not shown when entering password in web server.
- Fixed wrong license being checked out when checking out token licenses with a password.
- Fixed modification of transfer definitions in web server.
- Fixed issue where user couldn’t remove checked out license using web server in certain cases.
Important note: Starting in 15.1, passwords for the web interface are now case sensitive. The rlm.pw file will need to be regenerated after updating from v15.0 or earlier.
If you have not already updated to 15.1, some of the new features include:
- The embedded web server has been changed from GoAhead to Mongoose.
- The RLM web server now requires login to access.
- Running RLM as root/administrator is no longer restricted.
- The web interface now supports HTTPS.
Bug fixes include:
- License checkout now obeys single license count on Linux when using multiple checkouts in single process.
- RLMCloud users are no longer able to view all license file names via the logs.
- The -l switch now works correctly on Linux systems with upper-case computer names.
- Version 9 settings files now work with version 14.2 and later.
- Mitigated 4 vulnerabilities.
Note: All RLM kits contain both the machine-independent and the machine-dependent part (including the Reference manual).
RLM Activation Pro
- Unix/Mac: download, gunzip the kit, tar xf, then run INSTALL. See README above. (If your browser gunzipped the file during transfer, you should skip the gunzip step). Note arm64_m2 does not have Java support.
- Windows: download, execute the installer, then run “nmake” in the binary directory (x86_w4, x64_w4, x86_w3, or x64_w3).
- Java for Unix (java_unix.tar.gz) (RLM has java support only on the following Unix platforms: x86_l2, x64_l1, x86_m1, and x64_m1. Windows kits include the Java interface.) (1023 kb)
For general questions, please send email to support@reprisesoftware.com.