Known Issues and Workarounds
The known issues in Sentinel LDK 10.0 that are likely to have the most significant impact on users are listed below, according to component.
Additional, less-common issues can be found here.
In this section:
>Sentinel LDK Installation and Software Manager
>End Users, Sentinel LDK Run-time Environment, License Manager, and Customer Tools
>Sentinel LDK Envelope and Data Encryption for Windows Platforms
>Sentinel LDK Envelope and Data Encryption for Linux
>Sentinel LDK Envelope, Data Encryption, and Licensing API for macOS
Sentinel LDK Installation and Software Manager
Ref | Issue |
---|---|
SM-35287 |
When upgrading from Sentinel LDK v.7.3 through v.7.8 to Sentinel LDK v.7.10, all non-English locales of Customer contacts and Channel Partner contacts in Sentinel LDK-EMS are converted to the English locale. Note: You can ignore this issue if all of your Customer and Channel Partner contacts are set up to use the English locale or if you are not upgrading Sentinel LDK-EMS. Workaround: A solution for this issue is provided in the technical note available here. |
SM-109765 |
Under Windows 11, notifications from Sentinel LDK regarding software updates are not being delivered to vendors by the software manager (Sentinel Up). Workaround: Monitor the Sentinel LDK download page and see when updates are published. You can also subscribe to this page (article KB0021845 ) to receive notifications: |
Sentinel LDK-EMS
End Users, Sentinel LDK Run-time Environment, License Manager, and Customer Tools
Sentinel LDK Envelope and Data Encryption for Windows Platforms
General
Java
Ref | Issue |
---|---|
LDK-11195 |
When protecting a Java application, Envelope fails with the message "Serious Internal Error (12)". Workaround: If this error occurs, protect the Java application using either of the following techniques: > If the application contains JARs within a JAR/WAR executable, remove those JARs when protecting the executable with Envelope. You can add the JARs to the JAR/WAR executable after protection is complete. > Create a JAR/WAR executable using only those classes that you want to protect. After applying protection, you can add other classes or JARs, or any other dependencies in the protected JAR/WAR executable. |
SM-10890 |
Given the following circumstances: > An Envelope project was created with Envelope version 7.3 or earlier. >The project contains settings for a Java application. >On the Protection Settings tabbed page for the Java application, you select the option to overwrite default protection settings. The Allows grace period after failed license check check box should be modifiable. However, the check box cannot be changed. Workaround: On the Advanced tabbed page, make any change to the MESSAGE_OUTPUT_MODE property, and then change it back. This forces Envelope to load an internal data structure that then makes the Allows grace period after failed license check check box modifiable. Note: This grace period is not supported for Web applications. |
SM-10969 |
Due to a known limitation in Java, if a background check thread becomes non-EDT, the background check (Abort/Retry/Ignore) dialog box may not appear. Envelope has been modified so that the error dialog prompted by the protected method in the protected application takes precedence. This has reduced the occurrence of the problem, but it has not eliminated the problem entirely. |
SM-98384 | A protected WAR does not run successfully on WildFly Server 23. |
SM-110174 | Java class level protection and Data File protection in Windows Envelope for 64-bit applications are not supported under Wine. |
.NET
Ref | Issue |
---|---|
SM-554 |
For apps that target the .NET Framework version 4.6 and later, CultureInfo.CurrentCulture and CultureInfo.CurrentUICulture are stored in a thread's ExecutionContext, which flows across asynchronous operations. As a result, changes to the CultureInfo.CurrentCulture and CultureInfo.CurrentUICulture properties are reflected in asynchronous tasks that are launched subsequently. If the current culture or current UI culture differs from the system culture, the current culture crosses thread boundaries and becomes the current culture of the thread pool thread that is executing an asynchronous operation. When protecting a sample application implementing above behavior with protection type as "Dot Net Only", then the application behaves as expected. However, with protection type "Dot Net and Windows Shell" or "Windows Shell Only", the thread uses the system's culture to define behavior. Workaround: Do the following: 1.Use .NET Framework 4.5. 2.Use
instead of
|
SM-25875 |
Given the following circumstances: 1.A .NET application is protected with Envelope. 2.The protection type includes Windows Shell (with or without the method level). 3.The application attempts to get a module handle using the following method:
The handle returned may not be correct, and as a result, an error will be generated. Workaround: You can call the GetModuleHandle system API of the Kernel32.dll to get the module handle. For example:
|
SM-26578 |
If a .NET application protected with Windows Shell sets the exit code to ExitEventArgs such as "e.ApplicationExitCode = 1" when the application exits, the exit code cannot be retrieved by an external process. Workaround: Call "Environment.Exit(1)" to exit the process. |
Sentinel LDK Envelope and Data Encryption for Linux
Ref | Issue |
---|---|
SM-28403 |
Given the following circumstances: >A Linux application is protected with Envelope, with protection against debugging. >The application calls the wait(&status) system call. This is equivalent to: The application may hang. Workaround 1: Call waitpid for a specific child process pid (pid > 0). Workaround 2: Disable the anti-debugging feature in Envelope. Note: This workaround significantly reduces the security of the protected application. Thales recommends that you consult with Technical Support before choosing this workaround. |
SM-69080 |
A protected application may not handle signals properly when: >Background check is enabled, and > Signal handlers are registered by a thread created by the application. Workaround: Do one of the following: >Disable both background check and anti-debugging. (You can do this by specifying the following line command flags:
>(Preferred workaround) Register the signal handler in a main thread instead of a thread function. Thread function is one of the following: •A function passed to pthread_create as start_routine •A function called from start_routine. |
Sentinel LDK Envelope, Data Encryption, and Licensing API for macOS
Ref | Issue |
---|---|
LDK-11655 |
>When running Envelope in a VMware Fusion 7.1.1 virtual machine on a Mac machine, if you save the protected application to an HGFS (Host Guest File System) volume, the application file is corrupted. > When you run a protected application on a VMware Fusion virtual machine from an HGFS share, if the application requires write access, the error "unable to write to file" is generated. |
SM-57838 |
The command line Envelope tool (envelope_darwin) now only works if Envelope.app (UI bundle) is in the same folder. To use the command line tool, copy Envelope.app to the folder that contains the command line tool. |
SM-57024 | Dark Mode has been introduced by Apple in macOS 10.14 but is not supported yet by the Envelope GUI. You should disable Dark Mode to have a proper user experience. |
SM-51456 |
Due to reliability enhancements in Sentinel LDK under macOS, there is some performance impact in protected applications under macOS 10.13. A technical note will be issued that describes this issue and the option to disable these enhancements in favor of higher performance. |
SM-171417 |
The supported Minimum target version (defined at compilation time) of macOS binaries must be lower than 12.0. |