New Features, Enhancements, and Changes
>Service Pack: 8.3.100 | December 2021
>Service Pack: 8.3.001 | November 2021
NOTE The Sentinel LDK 8.3 release includes all features and enhancements from earlier releases. Details on patches that were released between Sentinel LDK 8.2 and Sentinel LDK 8.3 are also included in this document.
If you are upgrading from a version of Sentinel LDK that is earlier than 8.2, be sure to review the release notes for all intervening versions. Significant enhancements and changes are introduced in each version of Sentinel LDK. You can download a zip file that contains all Sentinel LDK release notes.
Service Pack: 8.3.100 | December 2021
>Enhancements to Sentinel LDK Envelope
>Enhancement to Sentinel Licensing API
>Resolve log4j Security Vulnerability
Enhancements to Sentinel LDK Envelope
>Support for .NET 6
Sentinel LDK Envelope can now be used to protect .NET 6 applications.
>Releasing an Identity-based License
The enhancement describe below applies to:
•.NET applications
•Applications protected using the Windows default engine
Users now have the option to release their license for an application in a remote session and apply the license to an application in a local session.
An end user who is assigned an identity-based license is typically granted the right to access that license from two or more machines, but only from a single machine at any given time.
The user may face a situation in which they access their license from one machine (for example, their office machine) but fail to close the application's session. If they later attempt to access their license from a different machine (for example, their home machine), the login to the license would fail.
An application protected with Envelope now gives the user the option to release their license from the original session and assign it to the new session. Until now, this option was only available programmatically using Sentinel Licensing API. However, after installing this service pack, for applications protected with Envelope, this functionality is now provided automatically. No coding is required by the developer.
>Disabling the anti-debugging feature with Windows V3 engine
The protection parameter User Debugger Detection is now supported by the Windows V3 engine. As a result, you can now disable the anti-debugging feature when you protect an application using the Windows V3 engine.
Enhancement to Sentinel Licensing API
Sentinel Licensing API is now compatible with .NET 6 applications.
Resolve log4j Security Vulnerability
This service pack resolves an Apache log4j security vulnerability. For details, see Resolved Issues.
Service Pack: 8.3.001 | November 2021
>Issue with Vendor-Specific APIs and the Vendor Library 8.31 has Been Resolved
>Documentation Has Been Updated
Issue with Vendor-Specific APIs and the Vendor Library 8.31 has Been Resolved
The issue below was discovered shortly after the release of Sentinel LDK 8.3.
After the vendor used the Master Wizard to download vendor-specific APIs and the vendor library version 8.31, updates to SL licenses were reapplied to the license each time the License Manager Service (for SL Admin-mode) or the protected application (for SL User-mode) was started. As a result, each time the License Manager Service or the protected application was restarted:
>If the license update contained a number of executions, the execution counter in the license was reset to the value in the license update.
>If the license update contained a value to write to the license memory, the memory content was restored to the value introduced in the license update, overwriting any subsequent changes to the license memory.
Resolution:
All issues have now been fully resolved. An updated version (8.32) of the vendor-specific APIs and the vendor library are available for download using the Master Wizard.
Important!
You should:
1. Reintroduce your Master or Developer key using the Master Wizard to generate the updated DLL and vendor library
and install this service pack (the order is not important).
2.Protect your applications again using Envelope.
Be sure to use this updated version when you distribute your vendor library (haspvlib.dll) and your protected applications.
Documentation Has Been Updated
>The Sentinel LDK Software Protection and Licensing Guide is now available. This guide provides extensive descriptions of concepts and facilities for Sentinel EMS when working with the Sentinel LDK enforcement type. The guide also provides an appendix that describes the differences between Sentinel EMS and Sentinel LDK-EMS.
>A new version of the Sentinel LDK Installation Guide with minor improvements is provided.
Release: 8.3 | October 2021
>Support for High Availability for Cloud Licensing
>Release of Sentinel LDK with Sentinel EMS
>Sentinel License Manager Service Supports Kubernetes Environment
>Envelope Now Provides Class-Level Protection for Java Applications Under Linux
>Sentinel LDK Envelope Now Supports AppOnChip for .NET
>Support for Oracle Java 11 and Open JDK 16
>Envelope Now Supports Intel CET
>Improved Performance for Envelope for Linux
>Customized RTE Installers Now Generated By Master Wizard
>New Features, Enhancements, and Changes
>Maximum Expiration Date for the Expiration Date License Type has been Extended
>Sentinel LDK Envelope Protects AutoCAD Plugin
>"Aggressive Search" Setting Removed from Admin Control Center
Support for High Availability for Cloud Licensing
Sentinel LDK now supports configuring a vendor-hosted cloud license server for high availability.
Sentinel LDK License Managers in the vendor's data center can be configured to store licenses in a common external trusted license storage (a MySQL database cluster).
You can set up License Managers on two license server machines (active and passive). In the event the active License Manager stops responding, an application manager can handle failover from the active License Manager to the passive one. Only one License Manager will serve licenses at any point in time.
For information on setting up high availability for cloud licensing, see the Sentinel LDK High Availability for Cloud Licensing Configuration Guide.
Release of Sentinel LDK with Sentinel EMS
Until now, Sentinel LDK has always been integrated and released with a dedicated version of Sentinel EMS (now referred to as Sentinel LDK-EMS). Sentinel LDK-EMS is available either for installation on the vendor's server (on-premises) or as a service (hosted on a Thales server).
Starting with this release, Sentinel LDK is available for integration with a new, enterprise-level version of Sentinel EMS, hosted on Thales servers. This improved version of Sentinel EMS provides an advanced user interface and REST API to manage resources. Sentinel EMS supports multiple methods of enforcement, including custom and third-party enforcement types.
For this edition of Sentinel LDK, only Sentinel LDK Vendor Suite is installed on the vendor's machine. The advanced version Sentinel EMS is hosted on Thales servers, where it is enhanced continuously with improvements and updates.
For vendors who are currently using Sentinel LDK and Sentinel LDK-EMS, the differences between Sentinel EMS and Sentinel LDK-EMS are summarized in the appendix "Comparison Between Sentinel EMS and Sentinel LDK-EMS" in the Sentinel LDK Software Protection and Licensing Guide.
NOTE For this release of Sentinel LDK, the Sentinel LDK Software Protection and Licensing Guide has not yet been updated to reflect the differences between Sentinel EMS and Sentinel LDK-EMS. An updated version of the guide will be released soon.
Sentinel License Manager Service Supports Kubernetes Environment
A Docker image is now available for vendors to host cloud licensing. Hosting of cloud licenses in Kubernetes environments with the Docker image has been tested.
Envelope Now Provides Class-Level Protection for Java Applications Under Linux
You can now use Sentinel LDK Envelope under Windows to provide class-level protection for Java applications that run on a 64-bit Linux Intel machine. (Class-level protection for Java applications that run on a Windows machine was introduced in Sentinel LDK 8.2.)
To provide class-level protection (or class-level and method level protection) for a Java application, protect the application using Envelope on a Windows machine. Envelope generates runtime files for both Windows and Linux machines to the specified output folder.
Copy the entire output folder to the target location (whether Windows or Linux).
Sentinel LDK Envelope Now Supports AppOnChip for .NET
Sentinel LDK Envelope now supports the use of AppOnChip to protect .NET applications. The applications must be protected using Method level or Method level & Windows Shell as the protection type.
For this release of Envelope, the support for AppOnChip for .NET does not include the integrated performance profiling mode that is provided when protecting a native Windows application with AppOnChip. Performance profiling must be performed using an external 3rd-party utility. Thales plans to include an integrated performance profiler in one of the coming releases.
The AppOnChip module for the Sentinel LDK Master license is not required for applications that are licensed using Sentinel HL Max, Time, NetTime, Net, and Drive keys. For applications that are licensed using Sentinel HL Basic keys or Sentinel HL Pro keys, an annual or perpetual AppOnChip module must be obtained from Thales.
For more information regarding AppOnChip protection for .NET applications, see the Envelope help system.
Support for Oracle Java 11 and Open JDK 16
Sentinel LDK Envelope under Windows now supports the protection of Oracle JDK 11 and Open JDK 16 applications for Windows, Linux, and Mac. This includes applications that use the Java Platform Module System (JPMS).
As part of the protection process, Envelope generates files that contain the command required to execute module-based applications on different platforms. You must modify these files before using them to execute the protected application.
For details, see the help system for Sentinel LDK Envelope.
Envelope Now Supports Intel CET
Sentinel LDK Envelope for Linux now support ELF binaries that are compiled with Intel Control-Flow Enforcement Technology enabled.
Improved Performance for Envelope for Linux
The performance of Envelope for Linux applications has been significantly improved. Envelope now require much less time to protect applications that have a large number of relocations.
Customized RTE Installers Now Generated By Master Wizard
The Master Wizard can now be used to generate customized Run-time Environment installers for Windows, Linux, and Mac. The Master Wizard downloads the latest Run-time Environment installer for each platform and inserts the current Vendor library into each installer. The installer for Windows is also configured to insert the URL for accessing Sentinel EMS. For more information, see the description of introducing Vendor keys in the Sentinel LDK Installation Guide.
Maximum Expiration Date for the Expiration Date License Type has been Extended
The maximum allowed expiration date for a license with the Expiration Date license type has been extended from 2038 to 2091.
Sentinel LDK Envelope Protects AutoCAD Plugin
Sentinel LDK Envelope can now protect an AutoCAD plugin (versions 2020, 2021, and 2022).
To protect an AutoCAD plugin, you must select the engine option Use Windows V3 engine on the Advanced tab in the Sentinel LDK Envelope Settings window. After you change the selected engine, stop and then restart Envelope before you continue working.
"Aggressive Search" Setting Removed from Admin Control Center
The setting Aggressive Search for Remote Licenses has been removed from Admin Control Center. The aggressive search functionality is now always enabled, as this provides benefit with no negative impact.