CodeMeter 8.40$$$Release Date$$$2025-Aug-07$$$Operating systems$$$Windows; Linux; macOS$$$Info$$$Note on security vulnerabilities$$$Under certain conditions; installing CodeMeter on Windows could result in an unintended $$$privilege escalation. In such cases; CodeMeter Control Center could be launched with $$$System privileges instead of the permissions of the user account (CVE-2025-47809).$$$This vulnerability has been fixed in version 8.30a.$$$As of this version; CodeMeter Control Center is only launched at the end of the installation $$$if it is clearly determined that only user-level privileges are present.$$$A detailed classification is published in Security Advisory WIBU-100120 at $$$https://www.wibu.com/en/support/security-advisories.html$$$CodeMeter Control Center$$$The notification message before updating the CodeMeter firmware has been extended to $$$explicitly state that the licenses are not available during the update (CmRt-79992).$$$New $$$CodeMeter WebAdmin License Monitoring for CmCloudContainer licenses$$$On the page License Monitoring Details in CodeMeter WebAdmin accesses to $$$CmCloudContainer licenses from other systems are also displayed. These license $$$allocations can be removed by clicking the respective symbol. A prerequisite for the $$$removal operation is license access on the other system via CodeMeter Runtime version$$$8.40 or higher. The functionality for displaying and removing a CmCloudContainer license $$$allocation is only available if it has been explicitly enabled by the software vendor for this $$$CmCloudContainer.$$$Accesses to CmCloudContainer licenses from other systems are also listed via the $$$CodeMeter API function CmGetInfo(CM_GEI_NETINFOCLUSTER) and the command $$$line tool cmu -n (CmRt-73897).$$$Features:$$$CmRt-100987: CodeMeter License Server: Due to the switch of integrity protection in $$$CodeMeter to the mechanisms of AxProtector CTP; the previous option of checking $$$integrity via cmu --check-cm-integrity is no longer possible and no longer necessary. This $$$command is therefore no longer available as of this version.$$$CmRt-101416: CodeMeter License Server: In the Core API the operating systems output $$$was extended by the Windows Server 2025 operating system.$$$CmRt-101292: CodeMeter License Server: As with a CmCloudContainer; the serial $$$number of a CmActLicense for Universal Firm Code consists of a MaskByte (130); a $$$SerialNumber (4536271) and an ExtendedSerialNumber (91827364). So far; only the first $$$two are visible in most cases; which is also sufficient for clear identification on a system. $$$However; the extended part may be necessary for differentiation on the manufacturer side. $$$Therefore; for example; this extended part can now be queried via API and also used for a $$$CmAccess2. The extended part is now also displayed in some places in various programs $$$(CodeMeter Control Center; cmu; CmDust).$$$CmRt-100983: CodeMeter License Server: The new command line option -v for $$$CodeMeter License Server can be used to provide additional detailed information and $$$details on the console.$$$CmRt-101510: CodeMeter License Server: The new command line option $$$-f:\<CmCloudCredentials.wbc\>’ allows CodeMeter to import CmCloud credentials directly $$$at startup. This parameter can be set multiple times and is used in particular for containers $$$such as Docker and Kubernetes.$$$CmRt-100813: CodeMeter WebAdmin: It is now possible to display only license-relevant $$$accesses when displaying the allocated licenses. Handles that were opened with $$$NoUserLimit are then not listed. This allows you to quickly filter the relevant accesses in $$$CodeMeter WebAdmin.$$$CmRt-101274: cmu: If CodeMeter License Server uses profiling from an *.ini file; the *.ini $$$file actually used is now issued in CmDust; regardless of the storage location. If $$$CodeMeter License Server is not running; the *.ini file is issued in the default location.$$$CmRt-101145: cmu: The command ‘cmu --set-diagnose-level’ can now be used to adjus

Release Date$$$2025-May-08$$$Operating systems$$$Windows; Linux; macOS$$$Info$$$Note on security vulnerabilities$$$Under certain conditions; installing CodeMeter on Windows could result in an unintended $$$privilege escalation. In such cases; the CodeMeter Control Center could be launched with $$$System privileges instead of the permissions of the user account.$$$This vulnerability has been fixed in version 8.30a.$$$As of this version; the CodeMeter Control Center is only launched at the end of the $$$installation if it is clearly determined that only user-level privileges are present.$$$A detailed classification will soon be published in Security Advisory WIBU-100120 at $$$https://www.wibu.com/en/support/security-advisories.html$$$Bugfixes:$$$CmRt-86031: WibuCmNET.dll: The NuGet package of the CodeMeter runtime library $$$for .NET had a manually entered dependency on a library (RoslynCodeTaskFactory) that $$$was not (or no longer) required. This dependency has been removed.$$$CmRt-101358: CodeMeter License Server: The curl library statically integrated in $$$CodeMeter 8.30 suffers from a vulnerability (CVE-2025-0665). This vulnerability is very $$$difficult to exploit within or via CodeMeter and has therefore been rated as “low” in this $$$environment. The library has been updated to a version that no longer contains this $$$vulnerability.$$$CmRt-101394: CodeMeter License Server: When programming CmDongles with Universal $$$Firm Code; the explicit setting of the Firm Update Counter was not applied by the $$$reprogramming if the Firm Item contained one or more Module Items. This type of $$$programming process can occur; for example; during the recycle operation in CodeMeter $$$License Central; this led to discrepancies between the actual CmDongle content and the $$$status in the database.$$$CmRt-101258: CodeMeter License Server: Linux: On Linux; the automatic start of the new $$$CodeMeter Start Center for the various distributions did not work reliably. The autostart $$$functionality was therefore deactivated.$$$Changelog CodeMeter Runtime Revision: 2025-May-12$$$Page: 2 of 180$$$CmRt-101173: CodeMeter WebAdmin: The option integrated in CodeMeter WebAdmin to $$$switch to a WebAdmin of another license server did not take into account that other license $$$servers can now also run on ports other than the own. Now the port details are appended $$$if they differ from the own port.$$$CmRt-101308: CodeMeter WebAdmin: In version 8.30; the check for the License Access $$$Control Lists (ACL) was made stricter so that mixed operation of rules with domain users $$$and non-domain users was no longer configurable. As a result; previously existing rules $$$could be deleted when the License Access Control Lists were saved again in CodeMeter $$$WebAdmin. The previous behavior has now been restored and both domain and nonu0002domain users can be configured in the lists.

Release Date$$$2025-May-08$$$Operating systems$$$Windows; Linux; macOS$$$Info$$$Note on security vulnerabilities$$$Under certain conditions; installing CodeMeter on Windows could result in an unintended $$$privilege escalation. In such cases; the CodeMeter Control Center could be launched with $$$System privileges instead of the permissions of the user account.$$$This vulnerability has been fixed in version 8.30a.$$$As of this version; the CodeMeter Control Center is only launched at the end of the $$$installation if it is clearly determined that only user-level privileges are present.$$$A detailed classification will soon be published in Security Advisory WIBU-100120 at $$$https://www.wibu.com/en/support/security-advisories.html$$$Bugfixes:$$$CmRt-86031: WibuCmNET.dll: The NuGet package of the CodeMeter runtime library $$$for .NET had a manually entered dependency on a library (RoslynCodeTaskFactory) that $$$was not (or no longer) required. This dependency has been removed.$$$CmRt-101358: CodeMeter License Server: The curl library statically integrated in $$$CodeMeter 8.30 suffers from a vulnerability (CVE-2025-0665). This vulnerability is very $$$difficult to exploit within or via CodeMeter and has therefore been rated as “low” in this $$$environment. The library has been updated to a version that no longer contains this $$$vulnerability.$$$CmRt-101394: CodeMeter License Server: When programming CmDongles with Universal $$$Firm Code; the explicit setting of the Firm Update Counter was not applied by the $$$reprogramming if the Firm Item contained one or more Module Items. This type of $$$programming process can occur; for example; during the recycle operation in CodeMeter $$$License Central; this led to discrepancies between the actual CmDongle content and the $$$status in the database.$$$CmRt-101258: CodeMeter License Server: Linux: On Linux; the automatic start of the new $$$CodeMeter Start Center for the various distributions did not work reliably. The autostart $$$functionality was therefore deactivated.$$$Changelog CodeMeter Runtime Revision: 2025-May-12$$$Page: 2 of 180$$$CmRt-101173: CodeMeter WebAdmin: The option integrated in CodeMeter WebAdmin to $$$switch to a WebAdmin of another license server did not take into account that other license $$$servers can now also run on ports other than the own. Now the port details are appended $$$if they differ from the own port.$$$CmRt-101308: CodeMeter WebAdmin: In version 8.30; the check for the License Access $$$Control Lists (ACL) was made stricter so that mixed operation of rules with domain users $$$and non-domain users was no longer configurable. As a result; previously existing rules $$$could be deleted when the License Access Control Lists were saved again in CodeMeter $$$WebAdmin. The previous behavior has now been restored and both domain and nonu0002domain users can be configured in the lists.

Release Date$$$2025-May-08$$$Operating systems$$$Windows; Linux; macOS$$$Info$$$Note on security vulnerabilities$$$Under certain conditions; installing CodeMeter on Windows could result in an unintended $$$privilege escalation. In such cases; the CodeMeter Control Center could be launched with $$$System privileges instead of the permissions of the user account.$$$This vulnerability has been fixed in version 8.30a.$$$As of this version; the CodeMeter Control Center is only launched at the end of the $$$installation if it is clearly determined that only user-level privileges are present.$$$A detailed classification will soon be published in Security Advisory WIBU-100120 at $$$https://www.wibu.com/en/support/security-advisories.html$$$Bugfixes:$$$CmRt-86031: WibuCmNET.dll: The NuGet package of the CodeMeter runtime library $$$for .NET had a manually entered dependency on a library (RoslynCodeTaskFactory) that $$$was not (or no longer) required. This dependency has been removed.$$$CmRt-101358: CodeMeter License Server: The curl library statically integrated in $$$CodeMeter 8.30 suffers from a vulnerability (CVE-2025-0665). This vulnerability is very $$$difficult to exploit within or via CodeMeter and has therefore been rated as “low” in this $$$environment. The library has been updated to a version that no longer contains this $$$vulnerability.$$$CmRt-101394: CodeMeter License Server: When programming CmDongles with Universal $$$Firm Code; the explicit setting of the Firm Update Counter was not applied by the $$$reprogramming if the Firm Item contained one or more Module Items. This type of $$$programming process can occur; for example; during the recycle operation in CodeMeter $$$License Central; this led to discrepancies between the actual CmDongle content and the $$$status in the database.$$$CmRt-101258: CodeMeter License Server: Linux: On Linux; the automatic start of the new $$$CodeMeter Start Center for the various distributions did not work reliably. The autostart $$$functionality was therefore deactivated.$$$Changelog CodeMeter Runtime Revision: 2025-May-12$$$Page: 2 of 180$$$CmRt-101173: CodeMeter WebAdmin: The option integrated in CodeMeter WebAdmin to $$$switch to a WebAdmin of another license server did not take into account that other license $$$servers can now also run on ports other than the own. Now the port details are appended $$$if they differ from the own port.$$$CmRt-101308: CodeMeter WebAdmin: In version 8.30; the check for the License Access $$$Control Lists (ACL) was made stricter so that mixed operation of rules with domain users $$$and non-domain users was no longer configurable. As a result; previously existing rules $$$could be deleted when the License Access Control Lists were saved again in CodeMeter $$$WebAdmin. The previous behavior has now been restored and both domain and nonu0002domain users can be configured in the lists.