CodeMeter 8.40a $$$Release Date $$$2025-Oct-06 $$$Operating systems $$$Windows; Linux; macOS $$$Info $$$Remote programming of CmActLicense Firm Codes is now also supported in $$$containerized environments such as Kubernetes (CmRt-101862). $$$Features: $$$CmRt-100936: CodeMeter License Server: If the corresponding file is missing on a $$$CmCard/uSD or another CmContainer with data exchange via ‘codemtr.io’; it is now $$$automatically restored - like the manual repair mechanisms. The prerequisite is that the $$$CmContainer was already known to this computer and that the entry $$$FileIoAutoRecoveryEntries bigger than 0 is set in CodeMeter Profiling (recommendation $$$FileIoAutoRecoveryEntries=10). $$$CmRt-101835: cmu: An additional configuration option for CmDongles with additional $$$memory now allows Link Power Management to be disabled via ‘cmu --set-config-disk’. $$$The disabling must either be confirmed by the user or accepted in advance via the new $$$parameter ‘--yes’. $$$Bugfixes: $$$CmRt-101864: CodeMeter License Server: Due to a dependency; the verification function $$$for country-specific licenses prevented the CodeMeter Service from starting on Windows $$$10 2016 LTSB. This behavior has been corrected. $$$CmRt-101819: CodeMeter License Server: CmActLicense: License Transfer: When calling $$$the API CmCrypt2(); the decrementing of the Firm Access Counter in a CmActLicense $$$had not persisted in certain cases. This issue has been fixed. $$$CmRt-101759: CodeMeter License Server: For CmSticks with additional memory $$$(CmStick/M) as a composite device; the CodeMeter chip is accessed via HID. Under $$$Windows; the drive letters of the additional memory could no longer be determined. This $$$problem has been fixed.$$$CmRt-101341: CodeMeter License Server: During cryptographic operations; a borrowed $$$but expired license previously returned an inappropriate error message. This behavior has $$$been corrected. $$$CmRt-100440: CodeMeter License Server: On 64-bit Windows systems that ran for more $$$than 776 days without restarting; 32-bit applications were subsequently unable to $$$communicate with CodeMeter because a bug confirmed by Microsoft prematurely resets a $$$32-bit time counter; the 64-bit version is not affected. This behavior became apparent after $$$the CodeMeter License Server was converted to 64-bit in version 8.0 and is now $$$intercepted by special handling in the License Server so that communication is still $$$possible. $$$CmRt-101717: CodeMeter License Server: Java: When creating a Context File using the $$$Java API; very large data contents could result in a large but empty Context File. This $$$issue has been resolved. $$$CmRt-100791; CmRt-101883: CodeMeter Control Center: Certain Update Files were not $$$transferred when imported via CmFAS wizard in CodeMeter Control Center. The $$$alternatives via the menu or drag & drop were not affected. $$$CmRt-101854: cmu: The user output of cmu for creating Context files now outputs the $$$serial number in the same form (with or without extended serial number) that was used for $$$input.

CodeMeter 8.40$$$Release Date$$$2025-Aug-07$$$Operating systems$$$Windows; Linux; macOS$$$Info$$$Note on security vulnerabilities$$$Under certain conditions; installing CodeMeter on Windows could result in an unintended $$$privilege escalation. In such cases; CodeMeter Control Center could be launched with $$$System privileges instead of the permissions of the user account (CVE-2025-47809).$$$This vulnerability has been fixed in version 8.30a.$$$As of this version; CodeMeter Control Center is only launched at the end of the installation $$$if it is clearly determined that only user-level privileges are present.$$$A detailed classification is published in Security Advisory WIBU-100120 at $$$https://www.wibu.com/en/support/security-advisories.html$$$CodeMeter Control Center$$$The notification message before updating the CodeMeter firmware has been extended to $$$explicitly state that the licenses are not available during the update (CmRt-79992).$$$New $$$CodeMeter WebAdmin License Monitoring for CmCloudContainer licenses$$$On the page License Monitoring Details in CodeMeter WebAdmin accesses to $$$CmCloudContainer licenses from other systems are also displayed. These license $$$allocations can be removed by clicking the respective symbol. A prerequisite for the $$$removal operation is license access on the other system via CodeMeter Runtime version$$$8.40 or higher. The functionality for displaying and removing a CmCloudContainer license $$$allocation is only available if it has been explicitly enabled by the software vendor for this $$$CmCloudContainer.$$$Accesses to CmCloudContainer licenses from other systems are also listed via the $$$CodeMeter API function CmGetInfo(CM_GEI_NETINFOCLUSTER) and the command $$$line tool cmu -n (CmRt-73897).$$$Features:$$$CmRt-100987: CodeMeter License Server: Due to the switch of integrity protection in $$$CodeMeter to the mechanisms of AxProtector CTP; the previous option of checking $$$integrity via cmu --check-cm-integrity is no longer possible and no longer necessary. This $$$command is therefore no longer available as of this version.$$$CmRt-101416: CodeMeter License Server: In the Core API the operating systems output $$$was extended by the Windows Server 2025 operating system.$$$CmRt-101292: CodeMeter License Server: As with a CmCloudContainer; the serial $$$number of a CmActLicense for Universal Firm Code consists of a MaskByte (130); a $$$SerialNumber (4536271) and an ExtendedSerialNumber (91827364). So far; only the first $$$two are visible in most cases; which is also sufficient for clear identification on a system. $$$However; the extended part may be necessary for differentiation on the manufacturer side. $$$Therefore; for example; this extended part can now be queried via API and also used for a $$$CmAccess2. The extended part is now also displayed in some places in various programs $$$(CodeMeter Control Center; cmu; CmDust).$$$CmRt-100983: CodeMeter License Server: The new command line option -v for $$$CodeMeter License Server can be used to provide additional detailed information and $$$details on the console.$$$CmRt-101510: CodeMeter License Server: The new command line option $$$-f:\<CmCloudCredentials.wbc\>’ allows CodeMeter to import CmCloud credentials directly $$$at startup. This parameter can be set multiple times and is used in particular for containers $$$such as Docker and Kubernetes.$$$CmRt-100813: CodeMeter WebAdmin: It is now possible to display only license-relevant $$$accesses when displaying the allocated licenses. Handles that were opened with $$$NoUserLimit are then not listed. This allows you to quickly filter the relevant accesses in $$$CodeMeter WebAdmin.$$$CmRt-101274: cmu: If CodeMeter License Server uses profiling from an *.ini file; the *.ini $$$file actually used is now issued in CmDust; regardless of the storage location. If $$$CodeMeter License Server is not running; the *.ini file is issued in the default location.$$$CmRt-101145: cmu: The command ‘cmu --set-diagnose-level’ can now be used to adjus

CodeMeter 8.40$$$Release Date$$$2025-Aug-07$$$Operating systems$$$Windows; Linux; macOS$$$Info$$$Note on security vulnerabilities$$$Under certain conditions; installing CodeMeter on Windows could result in an unintended $$$privilege escalation. In such cases; CodeMeter Control Center could be launched with $$$System privileges instead of the permissions of the user account (CVE-2025-47809).$$$This vulnerability has been fixed in version 8.30a.$$$As of this version; CodeMeter Control Center is only launched at the end of the installation $$$if it is clearly determined that only user-level privileges are present.$$$A detailed classification is published in Security Advisory WIBU-100120 at $$$https://www.wibu.com/en/support/security-advisories.html$$$CodeMeter Control Center$$$The notification message before updating the CodeMeter firmware has been extended to $$$explicitly state that the licenses are not available during the update (CmRt-79992).$$$New $$$CodeMeter WebAdmin License Monitoring for CmCloudContainer licenses$$$On the page License Monitoring Details in CodeMeter WebAdmin accesses to $$$CmCloudContainer licenses from other systems are also displayed. These license $$$allocations can be removed by clicking the respective symbol. A prerequisite for the $$$removal operation is license access on the other system via CodeMeter Runtime version$$$8.40 or higher. The functionality for displaying and removing a CmCloudContainer license $$$allocation is only available if it has been explicitly enabled by the software vendor for this $$$CmCloudContainer.$$$Accesses to CmCloudContainer licenses from other systems are also listed via the $$$CodeMeter API function CmGetInfo(CM_GEI_NETINFOCLUSTER) and the command $$$line tool cmu -n (CmRt-73897).$$$Features:$$$CmRt-100987: CodeMeter License Server: Due to the switch of integrity protection in $$$CodeMeter to the mechanisms of AxProtector CTP; the previous option of checking $$$integrity via cmu --check-cm-integrity is no longer possible and no longer necessary. This $$$command is therefore no longer available as of this version.$$$CmRt-101416: CodeMeter License Server: In the Core API the operating systems output $$$was extended by the Windows Server 2025 operating system.$$$CmRt-101292: CodeMeter License Server: As with a CmCloudContainer; the serial $$$number of a CmActLicense for Universal Firm Code consists of a MaskByte (130); a $$$SerialNumber (4536271) and an ExtendedSerialNumber (91827364). So far; only the first $$$two are visible in most cases; which is also sufficient for clear identification on a system. $$$However; the extended part may be necessary for differentiation on the manufacturer side. $$$Therefore; for example; this extended part can now be queried via API and also used for a $$$CmAccess2. The extended part is now also displayed in some places in various programs $$$(CodeMeter Control Center; cmu; CmDust).$$$CmRt-100983: CodeMeter License Server: The new command line option -v for $$$CodeMeter License Server can be used to provide additional detailed information and $$$details on the console.$$$CmRt-101510: CodeMeter License Server: The new command line option $$$-f:\<CmCloudCredentials.wbc\>’ allows CodeMeter to import CmCloud credentials directly $$$at startup. This parameter can be set multiple times and is used in particular for containers $$$such as Docker and Kubernetes.$$$CmRt-100813: CodeMeter WebAdmin: It is now possible to display only license-relevant $$$accesses when displaying the allocated licenses. Handles that were opened with $$$NoUserLimit are then not listed. This allows you to quickly filter the relevant accesses in $$$CodeMeter WebAdmin.$$$CmRt-101274: cmu: If CodeMeter License Server uses profiling from an *.ini file; the *.ini $$$file actually used is now issued in CmDust; regardless of the storage location. If $$$CodeMeter License Server is not running; the *.ini file is issued in the default location.$$$CmRt-101145: cmu: The command ‘cmu --set-diagnose-level’ can now be used to adjus

Release Date$$$2025-May-08$$$Operating systems$$$Windows; Linux; macOS$$$Info$$$Note on security vulnerabilities$$$Under certain conditions; installing CodeMeter on Windows could result in an unintended $$$privilege escalation. In such cases; the CodeMeter Control Center could be launched with $$$System privileges instead of the permissions of the user account.$$$This vulnerability has been fixed in version 8.30a.$$$As of this version; the CodeMeter Control Center is only launched at the end of the $$$installation if it is clearly determined that only user-level privileges are present.$$$A detailed classification will soon be published in Security Advisory WIBU-100120 at $$$https://www.wibu.com/en/support/security-advisories.html$$$Bugfixes:$$$CmRt-86031: WibuCmNET.dll: The NuGet package of the CodeMeter runtime library $$$for .NET had a manually entered dependency on a library (RoslynCodeTaskFactory) that $$$was not (or no longer) required. This dependency has been removed.$$$CmRt-101358: CodeMeter License Server: The curl library statically integrated in $$$CodeMeter 8.30 suffers from a vulnerability (CVE-2025-0665). This vulnerability is very $$$difficult to exploit within or via CodeMeter and has therefore been rated as “low” in this $$$environment. The library has been updated to a version that no longer contains this $$$vulnerability.$$$CmRt-101394: CodeMeter License Server: When programming CmDongles with Universal $$$Firm Code; the explicit setting of the Firm Update Counter was not applied by the $$$reprogramming if the Firm Item contained one or more Module Items. This type of $$$programming process can occur; for example; during the recycle operation in CodeMeter $$$License Central; this led to discrepancies between the actual CmDongle content and the $$$status in the database.$$$CmRt-101258: CodeMeter License Server: Linux: On Linux; the automatic start of the new $$$CodeMeter Start Center for the various distributions did not work reliably. The autostart $$$functionality was therefore deactivated.$$$Changelog CodeMeter Runtime Revision: 2025-May-12$$$Page: 2 of 180$$$CmRt-101173: CodeMeter WebAdmin: The option integrated in CodeMeter WebAdmin to $$$switch to a WebAdmin of another license server did not take into account that other license $$$servers can now also run on ports other than the own. Now the port details are appended $$$if they differ from the own port.$$$CmRt-101308: CodeMeter WebAdmin: In version 8.30; the check for the License Access $$$Control Lists (ACL) was made stricter so that mixed operation of rules with domain users $$$and non-domain users was no longer configurable. As a result; previously existing rules $$$could be deleted when the License Access Control Lists were saved again in CodeMeter $$$WebAdmin. The previous behavior has now been restored and both domain and nonu0002domain users can be configured in the lists.

Release Date$$$2025-May-08$$$Operating systems$$$Windows; Linux; macOS$$$Info$$$Note on security vulnerabilities$$$Under certain conditions; installing CodeMeter on Windows could result in an unintended $$$privilege escalation. In such cases; the CodeMeter Control Center could be launched with $$$System privileges instead of the permissions of the user account.$$$This vulnerability has been fixed in version 8.30a.$$$As of this version; the CodeMeter Control Center is only launched at the end of the $$$installation if it is clearly determined that only user-level privileges are present.$$$A detailed classification will soon be published in Security Advisory WIBU-100120 at $$$https://www.wibu.com/en/support/security-advisories.html$$$Bugfixes:$$$CmRt-86031: WibuCmNET.dll: The NuGet package of the CodeMeter runtime library $$$for .NET had a manually entered dependency on a library (RoslynCodeTaskFactory) that $$$was not (or no longer) required. This dependency has been removed.$$$CmRt-101358: CodeMeter License Server: The curl library statically integrated in $$$CodeMeter 8.30 suffers from a vulnerability (CVE-2025-0665). This vulnerability is very $$$difficult to exploit within or via CodeMeter and has therefore been rated as “low” in this $$$environment. The library has been updated to a version that no longer contains this $$$vulnerability.$$$CmRt-101394: CodeMeter License Server: When programming CmDongles with Universal $$$Firm Code; the explicit setting of the Firm Update Counter was not applied by the $$$reprogramming if the Firm Item contained one or more Module Items. This type of $$$programming process can occur; for example; during the recycle operation in CodeMeter $$$License Central; this led to discrepancies between the actual CmDongle content and the $$$status in the database.$$$CmRt-101258: CodeMeter License Server: Linux: On Linux; the automatic start of the new $$$CodeMeter Start Center for the various distributions did not work reliably. The autostart $$$functionality was therefore deactivated.$$$Changelog CodeMeter Runtime Revision: 2025-May-12$$$Page: 2 of 180$$$CmRt-101173: CodeMeter WebAdmin: The option integrated in CodeMeter WebAdmin to $$$switch to a WebAdmin of another license server did not take into account that other license $$$servers can now also run on ports other than the own. Now the port details are appended $$$if they differ from the own port.$$$CmRt-101308: CodeMeter WebAdmin: In version 8.30; the check for the License Access $$$Control Lists (ACL) was made stricter so that mixed operation of rules with domain users $$$and non-domain users was no longer configurable. As a result; previously existing rules $$$could be deleted when the License Access Control Lists were saved again in CodeMeter $$$WebAdmin. The previous behavior has now been restored and both domain and nonu0002domain users can be configured in the lists.

Release Date$$$2025-May-08$$$Operating systems$$$Windows; Linux; macOS$$$Info$$$Note on security vulnerabilities$$$Under certain conditions; installing CodeMeter on Windows could result in an unintended $$$privilege escalation. In such cases; the CodeMeter Control Center could be launched with $$$System privileges instead of the permissions of the user account.$$$This vulnerability has been fixed in version 8.30a.$$$As of this version; the CodeMeter Control Center is only launched at the end of the $$$installation if it is clearly determined that only user-level privileges are present.$$$A detailed classification will soon be published in Security Advisory WIBU-100120 at $$$https://www.wibu.com/en/support/security-advisories.html$$$Bugfixes:$$$CmRt-86031: WibuCmNET.dll: The NuGet package of the CodeMeter runtime library $$$for .NET had a manually entered dependency on a library (RoslynCodeTaskFactory) that $$$was not (or no longer) required. This dependency has been removed.$$$CmRt-101358: CodeMeter License Server: The curl library statically integrated in $$$CodeMeter 8.30 suffers from a vulnerability (CVE-2025-0665). This vulnerability is very $$$difficult to exploit within or via CodeMeter and has therefore been rated as “low” in this $$$environment. The library has been updated to a version that no longer contains this $$$vulnerability.$$$CmRt-101394: CodeMeter License Server: When programming CmDongles with Universal $$$Firm Code; the explicit setting of the Firm Update Counter was not applied by the $$$reprogramming if the Firm Item contained one or more Module Items. This type of $$$programming process can occur; for example; during the recycle operation in CodeMeter $$$License Central; this led to discrepancies between the actual CmDongle content and the $$$status in the database.$$$CmRt-101258: CodeMeter License Server: Linux: On Linux; the automatic start of the new $$$CodeMeter Start Center for the various distributions did not work reliably. The autostart $$$functionality was therefore deactivated.$$$Changelog CodeMeter Runtime Revision: 2025-May-12$$$Page: 2 of 180$$$CmRt-101173: CodeMeter WebAdmin: The option integrated in CodeMeter WebAdmin to $$$switch to a WebAdmin of another license server did not take into account that other license $$$servers can now also run on ports other than the own. Now the port details are appended $$$if they differ from the own port.$$$CmRt-101308: CodeMeter WebAdmin: In version 8.30; the check for the License Access $$$Control Lists (ACL) was made stricter so that mixed operation of rules with domain users $$$and non-domain users was no longer configurable. As a result; previously existing rules $$$could be deleted when the License Access Control Lists were saved again in CodeMeter $$$WebAdmin. The previous behavior has now been restored and both domain and nonu0002domain users can be configured in the lists.